When you see three Command Prompt (CMD) windows related to system32 opening upon logging into Windows 10, it typically indicates that there are tasks scheduled to run at login which execute commands using the Command Prompt.
These tasks could be part of a legitimate software’s operations, updates, or maintenance scripts. However, they could also be indicative of unwanted software or malware that has set itself to run at startup.
This post explains how you can investigate and potentially resolve this issue.
Check Startup Programs
Log in using an administrator account and press ‘Ctrl + Shift + Esc‘ to open the Task Manager.
Click on the ‘Startup‘ tab to see if any programs listed there might be responsible for opening these CMD windows.
You can disable any suspicious or unnecessary items by right-clicking them and selecting ‘Disable‘.
Task Scheduler
Click on the Start ‘Menu‘, then type ‘Task Scheduler‘, and press Enter.
In the Task Scheduler, look through the library of tasks for any that might open a Command Prompt window. Pay special attention to the Task Scheduler Library and any tasks that are set to run at user login.
Check for Malware
It’s a good idea to run a thorough malware scan using your antivirus software. You can also use Windows Defender, which is built into Windows 10, or another reputable third-party antivirus program.
If you suspect something nefarious going on, you will need to use an online virus and malware scanner. Google “online virus malware scanner” and select ESET, Malwarebytes and HitmanPro and scan your hard drive. All have one-time, free scanner options (no credit card necessary).
Examine Group Policy Scripts (for advanced users)
This step is primarily for users with company networking.
Open the Run dialog (Windows Key + R), type ‘gpedit.msc‘, and press Enter to open the Group Policy Editor. This is only available in Professional and Enterprise editions of Windows.
Navigate to User Configuration -> Windows Settings -> Scripts (Logon/Logoff). Check if any scripts are configured to run at logon.
Similarly, check Computer Configuration for system-wide settings.
Registry for Startup Commands
Important: Be cautious when disabling startup items, editing tasks, or modifying the registry.
If you’re unsure about the impact of changing or disabling a specific item, it’s best to seek additional information or consult with someone knowledgeable.
Open the Run dialog, type regedit, and press Enter to open the Registry Editor.
Navigate to these two registries:
- ‘HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run’
- ‘HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run‘
Look for any suspicious entries that might be triggering the CMD windows.
Final Thoughts
If these steps don’t resolve the issue or you’re uncomfortable making these changes on your own, it might be helpful to consult with a professional IT support provider or a trusted tech-savvy friend.