Cmd

NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!

Page

If you're not finding what you're looking for please go to this forum and submit a new startup entry.

Key:

"Y" - Normally leave to run at start-up
"N" - Not required - typically infrequently used tasks that can be started manually if necessary
"U" - User's choice - depends whether a user deems it necessary
"X" - Definitely not required - typically viruses, spyware, adware and "resource hogs"
"?" - Unknown

	Startup Name	Process Name	Details
N	Alcohol Soft Development Team	axcmd.exe	"Part of Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
N	AlcoholAutomount	axcmd.exe	"Part of Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
X	Ass and titties	CMD32.EXE	"Added by the SDBOT-GG BACKDOOR!"
N	axcmd	axcmd.exe	"Part of Alcohol 120% - ""a powerful Windows CD and DVD burning software that makes it easy to create backups of DVDs and CDs. In addition
Y	BCMDMMSG	bcmdmmsg.exe	BCM voicemodem driver. Required for dial-up if you have one of these modems
U	Belgacom	sprtcmd.exe /P Belgacom	"Self-help support tool for Belgacom broadband users (provided by SupportSoft
X	C:WINDOWSsystem32SetupCmd.exe	SetupCmd.exe	"Detected by Kaspersky as the AGENT.AAW TROJAN!"
X	Cinnabd Prompt32	CmdPrompt32.pif	"Added by the ASSIRAL-B WORM!"
X	clean_service	clean_service.cmd	"Added by the REFAZ WORM!"
X	Cmd	cmd32.exe	"Added by the TANKED WORM!"
X	cmd32	configs.exe	"Hijacker
X	cmd64	cmd64.exe	"CoolWebSearch Msconfd parasite variant"
X	cmdbcs	cmdbcs.exe	"Added by the LINEAG-GKW TROJAN!"
X	cmdcon	cmdcon.exe	"Added by the CRYPTER.A TROJAN!"
X	cmds	vtsqn.dll	"Added by a variant of the VUNDO TROJAN!"
X	CmdShell.exe	CmdShell.exe	"Added by the BCKDR-QHY BACKDOOR!"
X	Command Prompt32	CmdPrompt32.pif	"Added by the ASSIRAL.B WORM!"
X	Compaq Service Drivers	wincmd.exe	"Added by the RBOT.ATV WORM!"
X	Configuration Loader	cmd32.exe	"Added by the LOADCFG or SDBOT TROJANS!"
X	ControlPanel	"cmd32.exe internat.dll	LoadKeyboardProfile"
X	CTFMON.CPL	CTFM0N.CMD	"Detected by Symantec as the SILLYFDC WORM! See here"
U	ddoctorv2	sprtcmd.exe /P ddoctorv2	"Comcast Desktop Doctor (provided by SupportSoft
U	DellSupportCenter	sprtcmd.exe /P DellSupportCenter	"Dell Support Center (provided by SupportSoft
X	directx	NTCmd.exe	"Added by the SDBOT.D TROJAN!"
X	directx	PipeCmd.exe	"Added by the SDBOT.D TROJAN!"
X	DriverDB	svcmdx32.exe	"Added by the BERPI TROJAN!"
X	Dynamic Dns Binary	CMD16.EXE	"Added by the RBOT-XM WORM!"
U	eFax 4.1	J2GDllCmd.exe	"DLL Command Utility for version 4.1 of eFax Messenger from j2 Global Communications
U	eFax 4.2	J2GDllCmd.exe	"DLL Command Utility for version 4.2 of eFax Messenger from j2 Global Communications
U	eFax 4.3	J2GDllCmd.exe	"DLL Command Utility for version 4.3 of eFax Messenger from j2 Global Communications
U	eFax 4.4	J2GDllCmd.exe	"DLL Command Utility for version 4.4 of eFax Messenger from j2 Global Communications
U	eFax DllCmd	J2GDllCmd.exe	"DLL Command Utility for eFax Messenger from j2 Global Communications
U	eFax DllCmd 3.5	J2GDllCmd.exe	"DLL Command Utility for version 3.5 of eFax Messenger from j2 Global Communications
U	eFax DllCmd 4.0	J2GDllCmd.exe	"DLL Command Utility for version 4.0 of eFax Messenger from j2 Global Communications
U	eFax Live Menu 3.3	J2GDllCmd.exe	"DLL Command Utility for version 3.3 of eFax Messenger from j2 Global Communications
?	eSupInit	eSupCmd.exe	"Related to SupportSoft (aka Support.com) ""Real-Time Service Management software"". What does it do and is it required?"
X	EventApplicationCmd	smschk.exe	"Added by the IRCBOT-AO TROJAN!"
U	hcenter	tgcmd.exe	"Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers
U	HelpCenter	sprtcmd.exe /P HelpCenter	"Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft
U	HelpCenter4.1	sprtcmd.exe /P HelpCenter4.1	"Self-help support tool for BellSouth's FastAccess® DSL (now owned by AT&T) broadband service (provided by SupportSoft
U	hkcmd	hkcmd.exe	"Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
X	hotdlll	remote.cmd	"Added by the BANKER-EHG TROJAN!"
U	HotKeysCmds	hkcmd.exe	"Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
X	HotKeysCmds	[path to worm]	"Added by the PAHATIA-A WORM!"
X	hpcmd	cmd.exe	"Added by the ADCLICK-DS TROJAN!"
U	igfxhkcmd	hkcmd.exe	"Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
U	Intel(R) Common User Interface	hkcmd.exe	"Hot Key handler for Intel desktop and mobile motherboard chipsets with integrated graphics. With this enabled
X	java	remote.cmd	"Added by the BANKER-EHG TROJAN!"
N	Live Menu	Dllcmd32.exe	"eFax Send button for eFax Messenger Plus. Available via Start -> Programs Disabling instructions available here"
U	MEDIC	sprtcmd.exe /P MEDIC	"Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft
U	medicsp2	sprtcmd.exe /P medicsp2	"Self-help support tool for an unidentified high-speed internet provider (provided by SupportSoft
X	Microsoft Command Line	wincmd.exe	"Added by a variant of the RBOT WORM!"
X	MooNlight	MySqld-nt.cmd	"Added by the BOBANDY-A WORM!"
X	MsgSvcMgr32	cmdzxdll.exe	"Added by the RBOT-AEK WORM!"
X	msnmsg.exe	mscmd32.exe	Added by a variant of the AGENT.AH TROJAN!
X	MyLife	CmdServ.exe	"Added by the HOLAR.A WORM!"
X	NC1565	winntsrv -l -p10001 -d -e cmd.exe -L	"Added by the NEWLEY-A WORM!"
X	nsdcmd services	nsdcmdav.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
X	nsdcmd vid process	nsdcmdwin.exe	"Added by a variant of the AGOBOT/GAOBOT WORM!"
U	nTuneCmd	nTuneCmd.exe	"Now part of NVIDIA System Tools under the ""Peformance"" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures
U	NVIDIA nTune	nTuneCmd.exe	"Now part of NVIDIA System Tools under the ""Peformance"" tag. NVIDIA nTune is utilty for monitoring and modifying the settings (such as temperatures
U	nxpclient	sprtcmd.exe /P nxpclient	"NetExpert - ""India's first ever automated Broadband care technology."" Identifies and automatically fixes typical problems that may occur with your high-speed internet service"
X	ObjectDock	Brico.cmd	"Added by the BOBANDY-A WORM!"
U	QUICKCARE	sprtcmd.exe /P QUICKCARE	"Qwest Broadband QuickCare (provided by SupportSoft
U	QuickCare2.2	sprtcmd.exe /P QuickCare2.2	"Qwest Broadband QuickCare (provided by SupportSoft
X	relinson	cmdno.exe	"Added by the DROPPER-PS TROJAN!"
U	sprtcmd	sprtcmd.exe	"Self-help support tool for a number of high-speed internet providers and computer suppliers such as Comcast
Y	SpybotDeleting*****	[cmd or command] /c del [path] [filename]	"Generated by Spybot Search & Destroy if it encounters files that cannot be deleted during runtime because they are locked by other processes. For example
U	Support.com Scheduler and Command Dispatcher	tgcmd.exe	"Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers
U	sys32cmd	sys32win.exe	"Active Keylogger keystroke logger/monitoring program - remove unless you installed it yourself!"
U	TalkTalk	sprtcmd.exe /P TalkTalk	"Self-help support tool for TalkTalk Broadband users (provided by SupportSoft
U	tgcmd	tgcmd.exe	"Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers
U	tgcmd	hcenter.exe	"Bellsouth help center. Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers
U	tgcmdprovidersbc	tgcmd.exe	"Part of software from SupportSoft (aka Support.com) provided to manufacturers and ISPs that allows them to offer on-line support - to update drivers
Y	TrueMobile 1150 Client Manager	cmdel.exe	"Client Manager for the Dell TrueMobile 1150 Series PC Card - ""a wireless network PC Card that fits into any standard PC Card Type II slot. It has two LED indicators and an integrated antenna"""
X	UCmd	fallfour.exe	"Added by the SDBOT-AZA WORM!"
U	wcmdmgr	wcmdmgrl.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
N	wcmdmgr.exe	wcmdmgr.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
U	wcmdmgrl	wcmdmgrl.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
U	WildTangent Web Driver updater	wcmdmgrl.exe	"Web Driver delivery system for WildTangent on-line games. Periodically checks for updates - can be disabled within the programs control panel. Note that WildTanget's privacy policy used to state that they also collect and share individuals information but this is no longer the case"
X	Win32 Console	cmd.exe	"Added by the ABI.C WORM! Note - this is not the legitimate cmd.exe process which is always located in %System% and should not normally figure in Msconfig/Startup! This one is located in %Windir%"
X	Windows Command	wincmd.exe	"Added by the RBOT.ANV WORM!"
X	WinTimer	msupdate.cmd	"Hijacker - detected by Kaspersky as the STARTPAGE.TJ TROJAN!"
X	WMSDOS-ServicePack2	cmd.exe /c C:WMSDOS.sys	"Detected by Bitdefender as the DELF.OFC TROJAN! See here. Note that cmd.exe is a legitimate Microsoft file normally located in %System% and shouldn't be deleted"
X	Woods Inc	wcmd.exe	"Added by the KILLFIL-O TROJAN!"

DISCLAIMER: It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. I will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. For a list of tasks/processes you should try WinTasks 5 Standard/Professional from LIUtilities or the list at AnswersThatWork. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.