Boost Connect

Uncovering the DNA of programs.

Good programs

Fair programs

Bad programs

What is cmd.exe?

Part of Windows Command Processor by Microsoft

What is it?

Command processor in windows is the command prompt(cmd). To start Windows command processor use winkey + R this will open Run window.Just type in cmd and this will open command prompt of windows where you can run various commands.You can create,delete files and folders, list the directory contents and can perform many other functions in command prompt.

(cmd.exe is a system file that is installed with Windows)

Download Boost and enjoy your PC. Speed up Windows Command Processor and optimize your PC.

How does cmd.exe run?

Process - cmd.exe is an instance of a running program. This 32-bit program executes with the privileges as the currently logged in user account. cmd.exe is executed by the process explorer.exe (Windows Explorer by Microsoft).

How does cmd.exe start?

Startup files (all users) run once - cmd.exe is registered with the run identifier 'removeiMeshtoolbar' and the execution command 'cmd.exe /c RD /S /Q "C:\Program Files\iMesh Applications\MediaBar\Datamngr\ToolBar"' in the Windows registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. RunOnce keys are used to launch a service or background process whenever a user logs into Windows. Once the application is launched for the first time its entry will be removed from the Registry so it does not run again when the user logins again. Applications here are designed to be used primarily by Setup programs.

Startup files (user) run once - cmd.exe is registered with the run identifier 'Del4058325' and the execution command 'cmd.exe /c del "C:\users\user\appdata\Local\Temp\0.del"' in the Windows registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce. RunOnce keys are used to launch a service or background process whenever a any PC user logs into Windows. Once the application is launched for the first time its entry will be removed from the Registry so it does not run again when a user logins again. Applications here are designed to be used primarily by Setup programs.

Startup files (all users) run - cmd.exe is registered with the run identifier 'AMD AVT' and the execution command 'Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml' in the Windows registry HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when any Windows user logs into Windows.

Startup files (user) run - cmd.exe is registered with the run identifier 'Bomgar_Cleanup_ZD12543155818005' and the execution command 'cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-au" & reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Bomgar_Cleanup_ZD12543155818005 /f' in the Windows registry HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. Run keys are startup registry keys that are used to launch an application automatically when a user logs into Windows.

Scheduled task - cmd.exe is launched automatically by registering itself into the Windows Task Scheduler under the task name 'BoostApp'. Task Scheduler provides the ability to schedule the launch of programs or scripts at pre-defined times or after specified time intervals or even with event-based triggers.

Community

What is the community is seeing?	What is the community is doing?
About 0.1% of all Boost users have the cmd.exe process running.	Of the 0.1% of cmd.exe users, 25.0% have disabled it.

Typical file (disk image) location:

C:\Windows\System32\cmd.exe

Are there other versions of Windows Command Processor?

cmd.exe - version 6.3.9431.0 (winmain_bluemp.130615-1214)

cmd.exe - version 6.2.9200.16384 (win8_rtm.120725-1247)

cmd.exe - version 6.1.7601.17514 (win7sp1_rtm.101119-1850)

cmd.exe - version 6.1.7600.16385 (win7_rtm.090713-1255)

cmd.exe - version 6.1.7600.16385 (win7_rtm.090713-1255) (this)

cmd.exe - version 6.0.6000.16386 (vista_rtm.061101-2205)

cmd.exe - version 5.1.2600.5512 (xpsp.080413-2111)

What else is related?

msvcp60.dll (Microsoft (R) Visual C++ by Microsoft)

rstrui.exe (System Restore Application by Microsoft)

dismhost.exe (Dism Host Servicing Process by Microsoft)

bcmsqlstartupsvc.exe (Business Contact Manager for Microsoft Outlook 2010 by Microsoft)

msonsext.dll (Microsoft Office by Microsoft)

encwcbar.dll (Microsoft Encarta by Microsoft)

workfolderssvc.dll (Microsoft® Work Folders Service by Microsoft)

appreadiness.dll (AppReadiness by Microsoft)

ole32.dll (Microsoft OLE for Windows by Microsoft)

microsoft.biztalk.brmacontrols.dll (Microsoft (R) BizTalk (R) Server 2010 by Microsoft)

ssoconfig.exe (Microsoft® Enterprise Single Sign-On by Microsoft)

webfarmservice.exe (Microsoft IIS Extensions by Microsoft)

tfsjobagent.exe (Microsoft® Visual Studio® 2010 by Microsoft)

tfsbuildservicehost.exe (Microsoft® Visual Studio® 2010 by Microsoft)

ruleengineupdateservice.exe (Microsoft (R) BizTalk (R) Server 2010 by Microsoft)

entsso.exe (Microsoft® Enterprise Single Sign-On by Microsoft)

btsntsvc.exe (Microsoft (R) BizTalk (R) Server 2010 by Microsoft)

drmstor.dll (Microsoft® Windows Media Services by Microsoft)

themeui.dll (API de tema do Windows by Microsoft)

ntbackup.exe (Utilitário de cópia de segurança do Windows by Microsoft)

browseui.dll (Biblioteca da interface de utilizador do browser da shell by Microsoft)

shdocvw.dll (Objecto Doc da shell e biblioteca de controlos by Microsoft)

What Windows OS versions does this run on?

Windows 7 Home Premium (6.1.7600.0)

Windows 7 Ultimate (6.1.7600.0)

About Microsoft Corporation

Microsoft, founded in 1975 by Bill Gates and Paul Allen, is a veteran software company, best known for its Microsoft Windows operating system and the Microsoft More...

www.microsoft.com

Download Boost

File details

File name: cmd.exe

Publisher: Microsoft Corporation

Name: Windows Command Processor

Description: Microsoft® Windows® Operating System

Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product version: 6.1.7600.16385

Original file name: Cmd.Exe.MUI

Windows file protection: Yes

Resource utilization

CPU utilization averages

Total CPU: 0.0176916459%

Privileged CPU: 0.0157040779%

User CPU: 0.00198756798592%

Memory utilization averages

Min working set memory: 0 Bytes

Process details

Runs as (owner): User

Windows platform: 32-bit

Parent Process

explorer.exe (Windows Explorer by Microsoft)

Child Process

mplayer.exe (MPlayer - The Movie Player )

Process Commands

"C:\Windows\system32\cmd.exe"

cmd.exe /c ""C:\Any Video Converter\gnu\avc\mplayer.exe" -af volnorm -vf scale=480:-2,expand=:272:::,crop=480:272,harddup -ao pcC:file="\\.\pipe\wmvmplayerpcmdump" -format s16le -vo yuv4mpeC:file="\\.\pipe\wmvmplayeryuvdump" -nolirc -noframedrop "C:\STUDYM~1\Videos\SCIENC~1\INTROD~1.MP4""

Startup files (all users) run once details

Name: Del1203196625

Command: cmd.exe /Q /D /c del "C:\users\user\appdata\Local\Temp\0.del"

Startup files (user) run once details

Name: Uninstall C:\Users\Darlene\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112

Command: C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\users\user\appdata\Local\Microsoft\SkyDrive\17.0.2003.1112"

Startup files (all users) run details

Name: Adobe Flash Player SU

Command: C:\Windows\System32\cmd.exe /k start httC://3zz.info/ && exit

Startup files (user) run details

Name: Bomgar_Cleanup_ZD12543155818005

Command: cmd.exe /C rd /S /Q "C:\ProgramData\bomgar-au" & reg delete HKCU\Software\Microsoft\Windows\ CurrentVersion\Run /v Bomgar_Cleanup_ZD12543155818005 /f