Crazy Startup Shiznit
November 12, 2006 5:12 PM   Subscribe

I'm checking over the health of a friend's Dell laptop. In System Information -> Software Environment -> Startup Programs, she has thousands of entries, consisting of all the files in the system32 folder. These entries are duplicated under the user names .DEFAULT and NTAUTHORITY\SYSTEM, and are in location "Startup". Is this a problem, why are the entries there, should I delete them, and how?
posted by Arcaz Ino to Computers & Internet (15 answers total)
Thats cool. I've never seen that happen.

Try using msconfig and disabling all of the applications (NOT SERVICES) under the startup tab. You can then enable the ones you need one by one.
posted by SirStan at 5:35 PM on November 12, 2006

Thanks. Unfortunately, none of these things are listed in MSCONFIG; all the startup programs there seem to be benign.
posted by Arcaz Ino at 5:44 PM on November 12, 2006

XP SP2 btw
posted by Arcaz Ino at 5:54 PM on November 12, 2006

posted by Arcaz Ino at 5:55 PM on November 12, 2006

If they are not in MSCONFIG under startup... I find it bizzare that they are showing up in Sys Info. Can you post a screenshot?
posted by SirStan at 6:07 PM on November 12, 2006


By the way, the C:\Documents and Settings\Default User\Start Menu\Programs\Startup folder is empty (except for desktop.ini).
posted by Arcaz Ino at 6:28 PM on November 12, 2006

Did you do a virus scan? It was pretty common for viruses, trojans, bot, etc. to install visible startup items with bizarre or random process names. These days most malware is probably too clever for this but it was quite common.

You can also google for the various process names to figure out what they are. If it's legitimate, someone somewhere has probably already written about it on the web.
posted by chairface at 7:14 PM on November 12, 2006

Can't say I've ever seen that happen before, but two tools that I find absolutely valuable for stuff like this are process explorer and autoruns, formerly by sysinternals, now free from Microsoft:


Process Explorer
posted by cheaily at 7:17 PM on November 12, 2006

The latest Symantec Antivirus is active and updated.

As I say, EVERY file in System32 is listed. Doesn't seem like typical virus behavior. Even things like calc.exe are listed, but they don't seem to load at startup. Or I'd see them.

This is very strange. Spread word unto your leetest friends.
posted by Arcaz Ino at 7:20 PM on November 12, 2006

AutoRuns doesn't list the stuff, nor does Process Explorer. AutoRuns has lots of System32 entries, but for file associations, not for system startup. Many of the things that System Information claims are startup programs, are not listed in AutoRuns.

Thanks though.
posted by Arcaz Ino at 7:31 PM on November 12, 2006

Under the circumstances as described, I'd be concerned about the health of the filesystem. NTFS doesn't succumb to crosslinked directories as easily as FAT did in the bad old days, but it's possible. Perhaps try tackling it from that angle rather than assuming the files are something you want to delete?
posted by majick at 9:10 PM on November 12, 2006

Which tool are you using in that screenshot? That's not a default XP tool...
posted by Dunwitty at 3:42 AM on November 13, 2006

Ah, the Microsoft Office System Info tool... hadn't seen that in a while. Never mind!
posted by Dunwitty at 3:44 AM on November 13, 2006

What's in C:\Documents and Settings\All Users\Start Menu\Programs\Startup?

Also, can you please run HijackThis and StartupList, save the scan logs, and post links to them?
posted by flabdablet at 4:11 AM on November 13, 2006

So there's this Dell desktop at work, and it has the same thing. It must be some strange Dell-specific bug. Doesn't seem to be a major problem.

Disk checks out fine.
posted by Arcaz Ino at 4:21 PM on November 14, 2006

« Older Are my classmates really that terrible?   |   Party place in DC for Birthday? Newer »
This thread is closed to new comments.