Powershell Process at Startup


mccnavy

Well-known member
Member
VIP
Local time
2:21 PM
Posts
260
OS
Windows 11
I have a desktop and laptop both running Windows 11. I've noticed that the laptop always has two Windows Powershell processes running at startup while the desktop does not. Is this normal? What would require the Powershell processes to run? I've run Microsoft Defender, including an offline scan, with no findings.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB
It wouldn’t be normal imo. I would run a scan with Malwarebytes free & also AdwCleaner.
I would check task manager>startup to see if there’s any disc cleaning software or even something unknown running at that time.
 

My Computer

System One

  • OS
    Windows 11 Pro 64bit
    Computer type
    Laptop
    Manufacturer/Model
    PC Specialist Optimus VII V17-960 Gaming Laptop.
    CPU
    6th Gen Intel Core i7-6700HQ Quad Core processor.
    Memory
    16GB HyperX IMPACT 1600MHz SODIMM DDR3 (2 x 8GB)
    Graphics Card(s)
    NVIDIA® GeForce® GTX 960M - 2.0GB DDR5 Video RAM - DirectX® 12
    Sound Card
    Intel 2 Channel High Def. Audio + SoundBlaster™ Cinema 2 & Realtek
    Monitor(s) Displays
    Optimus Series: 17.3" Matte Full HD IPS LED Widescreen (1920x1080)
    Screen Resolution
    Full HD IPS display (1920 x 1080).
    Hard Drives
    4TB SSD (internal).
    1x 1TB & 1x 5TB external HDDs.
    Cooling
    STANDARD THERMAL PASTE FOR SUFFICIENT COOLING
    Keyboard
    Logitech K800 wireless keyboard
    Mouse
    Logitech M705 wireless mouse
    Internet Speed
    Upto 100Mbps
    Browser
    Edge.
    Antivirus
    Windows Defender & MalwareBytes pro.
I have a desktop and laptop both running Windows 11. I've noticed that the laptop always has two Windows Powershell processes running at startup while the desktop does not. Is this normal? What would require the Powershell processes to run? I've run Microsoft Defender, including an offline scan, with no findings.
Also check to see if your laptop manufacturer might have included proprietary apps that run at startup, such as MSI Center (for MSI laptops, not all laptops). One or more of those OEM apps may be doing some sort of checking for updates for the software installed on the system.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
A couple of mins after startup are they still running? if not imo I guess it is part of the startup process and all is fine
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Alienware M18 R1
    CPU
    13th Gen Core i9 13900HX
    Memory
    32GB DDR5 @4800MHz 2x16GB
    Graphics Card(s)
    Geforce RTX 4090HX 16GB
    Sound Card
    Nvidia HD / Realtek ALC3254
    Monitor(s) Displays
    18" QHD+
    Screen Resolution
    25660 X 1600
    Hard Drives
    C: KIOXIA (Toshiba) 2TB KXG80ZNV2T04 NVMe PCIe M.2 SSD
    D: KIOXIA (Toshiba) 2TB KXG80ZNV2T04 NVMe PCIe M.2 SSD
    Case
    Dark Metallic Moon
    Keyboard
    Alienware M Series per-key AlienFX RGB
    Mouse
    Alienware AW610M
    Browser
    Chrome and Firefox
    Antivirus
    Norton
    Other Info
    Killer E3000 Ethernet Controller
    Killer Killer AX1690 Wi-Fi Network Adaptor Wi-Fi 6E
    Bluetooth 5.2
    Alienware Z01G Graphic Amplifier
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Alienware Area 51m R2
    CPU
    10th Gen i-9 10900 K
    Memory
    32Gb Dual Channel DDR4 @ 8843MHz
    Graphics card(s)
    Nvidia RTX 2080 Super
    Sound Card
    Nvidia
    Screen Resolution
    1920 x 1080
    Hard Drives
    Hard Drive C: Samsung 2TB SSD PM981a NVMe
    Hard Drive D:Samsung 2TB SSD 970 EVO Plus
    Mouse
    Alienware 610M
    Browser
    Chrome
    Antivirus
    Norton
Interesting...I will monitor but it looks like I did get infected. I recall reading something in the news about a Bitcoin scam that uses Windows Event Viewer and uses a log file. Malwarebytes found it and I quarantined (then deleted) it. As of last two Powershell isn't there...which is good. I also ran Adwcleaner and Defender, Malwarebytes, and Adwcleaner show nothing abnormal at this time.
 

My Computer

System One

  • OS
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel i7-7700K
    Motherboard
    Asus Prime Z-270A
    Memory
    32GB 2666Mhz (Kingston Hyper X Fury)
    Graphics Card(s)
    Asus Nvidia 1050Ti
    Sound Card
    N/A
    Monitor(s) Displays
    Samsung C27F390
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 850 Evo 512GB

Latest Support Threads

Back
Top Bottom