Karl`s PC Help Forums

kmd.exe Good or Bad
victor - 5-2-2009 at 20:07

I have come across kmd.exe on C: .
searching the net has confused me some say its a baddie then again I found it listed as a driver, can anyone enlighten me as to its function?


Daz - 5-2-2009 at 23:51

The fact that it's on C: could be a concern, Kazaa gets mentioned a lot too, another concern.

I'd chuck Pancake a Hijack This log, just in case.

Has Kazaa been used...?

Does it delete?


Pancake - 6-2-2009 at 05:29

As well as a HJT log I suggest you do this...

download Malwarebytes' Anti-Malware from one of these places:

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

http://www.besttechie.net/tools/mbam-setup.exe


Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Please Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


victor - 8-2-2009 at 20:53

Hi Pancake
Thanks for the advice.I have not opened the kmd.exe file at all and never used kazaa, I didn't recognize it so thought it was worth checking out.

Here is my HJT for your perusal and I will set to and try to get the Malwarebytes' Anti-Malware done



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:48, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSDit.exe
C:Program FilesMedionPowerCinemaMy_TVAgent.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:WINDOWSDitExp.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesJavajre6binjucheck.exe
C:Program FilesMozilla Firefoxfirefox.exe
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://uk.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://uk.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://uk.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.aldi.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbarrealbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbarrealbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Dit] Dit.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [Agent] C:Program FilesMedionPowerCinemaMy_TVAgent.exe
O4 - HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:PROGRA~1Yahoo!Commonyhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:PROGRA~1Yahoo!Commonyhexbmesuk.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O17 - HKLMSystemCCSServicesTcpip..{37AE5662-C9A4-498D-931A-1B7BA84F4176}: NameServer = 192.168.0.1
O17 - HKLMSystemCS3ServicesTcpip..{37AE5662-C9A4-498D-931A-1B7BA84F4176}: NameServer = 192.168.0.1
O17 - HKLMSystemCS4ServicesTcpip..{37AE5662-C9A4-498D-931A-1B7BA84F4176}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopManager.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O24 - Desktop Component 0: (no name) - M:Irfanview Screen TakesAnnabel's Xmas Card _0003.gif

--
End of file - 10230 bytes


Pancake - 8-2-2009 at 21:42

That log looks fine.


Katzy - 8-2-2009 at 21:52

Victor...

Did you install XP over the top of an existing W2000 installation?

If so, it could be a left-over from W2K.

kmd.exe was a sort-of replacement for cmd.exe.


victor - 8-2-2009 at 22:24

mbam-log

Malwarebytes' Anti-Malware 1.33
Database version: 1739
Windows 5.1.2600 Service Pack 2

08/02/2009 22:02:12
mbam-log-2009-02-08 (22-02-12).txt

Scan type: Quick Scan
Objects scanned: 57722
Time elapsed: 10 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 15

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{f919fbd3-a96b-4679-af26-f551439bb5fd} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:Program Filesdynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBAR (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCache (Adware.2020search) -> Quarantined and deleted successfully.

Files Infected:
C:Program Filesdynamic toolbarREALBARCachebubble.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachebubble16.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachecelebs.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachegotb.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachehighlight.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachehotstuff.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachehotstuffsm.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachemovies.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachemusic.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachenews.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachengames.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCacheradio.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCacheREALBARTB0115.cfg (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCacherollingstone.bmp (Adware.2020search) -> Quarantined and deleted successfully.
C:Program Filesdynamic toolbarREALBARCachesports.bmp (Adware.2020search) -> Quarantined and deleted successfully.


victor - 8-2-2009 at 22:26

No Katzy this P/C came with XP.


victor - 8-2-2009 at 22:36

Second HJT log


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:33:02, on 08/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1AVGAVG8avgwdsvc.exe
C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSExplorer.EXE
C:Program FilesCommon FilesMicrosoft SharedVS7Debugmdm.exe
C:WINDOWSSystem32nvsvc32.exe
C:WINDOWSSystem32svchost.exe
C:PROGRA~1AVGAVG8avgemc.exe
C:PROGRA~1AVGAVG8avgrsx.exe
C:PROGRA~1AVGAVG8avgnsx.exe
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSDit.exe
C:Program FilesMedionPowerCinemaMy_TVAgent.exe
C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
C:WINDOWSDitExp.exe
C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe
C:WINDOWSsystem32rundll32.exe
C:Program FilesQuickTimeqttask.exe
C:PROGRA~1AVGAVG8avgtray.exe
C:Program FilesAVGAVG8avgcsrvx.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:WINDOWSsystem32RUNDLL32.EXE
C:Program FilesSpybot - Search & DestroyTeaTimer.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesJavajre6binjucheck.exe
C:Program FilesMalwarebytes' Anti-Malwarembam.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesMozilla Firefoxfirefox.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Program FilesTrend MicroHijackThisHijackThis.exe

R1 - HKCUSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://uk.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://uk.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://uk.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://uk.search.yahoo.com
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page = http://uk.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet ExplorerSearchURL,(Default) = http://uk.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://uk.search.yahoo.com
R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext = http://www.aldi.co.uk/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program FilesAVGAVG8avgssie.dll
O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbarrealbar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre6binssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:Program FilesGoogleGoogleToolbarNotifier4.1.805.4472swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:PROGRA~1COMMON~1RealToolbarrealbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:Program FilesYahoo!CompanionInstallscpn0yt.dll
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [Dit] Dit.exe
O4 - HKLM..Run: [NeroCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [Agent] C:Program FilesMedionPowerCinemaMy_TVAgent.exe
O4 - HKLM..Run: [LVCOMS] C:Program FilesCommon FilesLogitechQCDriverLVCOMS.EXE
O4 - HKLM..Run: [Microsoft Works Update Detection] C:Program FilesCommon FilesMicrosoft SharedWorks SharedWkUFind.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE C:WINDOWSSystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [nwiz] nwiz.exe /install
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesJavajre6binjusched.exe"
O4 - HKLM..Run: [Adobe Photo Downloader] "C:Program FilesAdobePhotoshop Album Starter Edition3.2Appsapdproxy.exe"
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeqttask.exe" -atboottime
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 8.0ReaderReader_sl.exe"
O4 - HKLM..Run: [AVG8_TRAY] C:PROGRA~1AVGAVG8avgtray.exe
O4 - HKLM..Run: [KernelFaultCheck] %systemroot%system32dumprep 0 -k
O4 - HKLM..Run: [TkBellExe] "C:Program FilesCommon FilesRealUpdate_OBrealsched.exe" -osboot
O4 - HKLM..RunOnce: [Malwarebytes' Anti-Malware] C:Program FilesMalwarebytes' Anti-Malwarembamgui.exe /install /silent
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [Yahoo! Pager] "C:Program FilesYahoo!MessengerYahooMessenger.exe" -quiet
O4 - HKCU..Run: [NvMediaCenter] RUNDLL32.EXE C:WINDOWSSystem32NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:PROGRA~1Yahoo!Commonyhexbmesuk.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:PROGRA~1Yahoo!Commonyhexbmesuk.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:Program FilesMicrosoft MoneySystemmnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:WINDOWSNetwork Diagnosticxpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra button: Medion-UK - {725E17C7-2B9A-42BA-AAE2-754FA08120BD} - http://www.medion.co.uk (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.co.uk
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Gin - http://download.games.yahoo.com/games/clients/y/nt1_x.cab
O16 - DPF: Yahoo! Pinochle - http://download.games.yahoo.com/games/clients/y/ut2_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:Program FilesYahoo!Commonyinsthelper.dll
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O17 - HKLMSystemCCSServicesTcpip..{37AE5662-C9A4-498D-931A-1B7BA84F4176}: NameServer = 192.168.0.1
O17 - HKLMSystemCS3ServicesTcpip..{37AE5662-C9A4-498D-931A-1B7BA84F4176}: NameServer = 192.168.0.1
O17 - HKLMSystemCS4ServicesTcpip..{37AE5662-C9A4-498D-931A-1B7BA84F4176}: NameServer = 192.168.0.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program FilesAVGAVG8avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:WINDOWSSYSTEM32avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:PROGRA~1AVGAVG8avgwdsvc.exe
O23 - Service: GoogleDesktopManager - Unknown owner - C:Program FilesGoogleGoogle Desktop SearchGoogleDesktopManager.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:Program FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:Program FilesJavajre6binjqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSSystem32nvsvc32.exe
O24 - Desktop Component 0: (no name) - M:Irfanview Screen TakesAnnabel's Xmas Card _0003.gif

--
End of file - 10475 bytes


Pancake - 8-2-2009 at 22:42

Thats cleaned out some rubbish.The other stuff looks as if they are standard files and not of any threat.


victor - 8-2-2009 at 23:43

Thanks Pancake.

Just a little more on the file Kmd.exe when I pause the mouse on it it comes up with.


Description Windows Command Processor.
Company Microsoft Corporation
File version 5.1.2600.2180
Created 26/2/2008
size. 379Kb

Googleing this info I can only tie it in with cmd and not Kmd


Edit


I have found it, I must have imported it from somewhere.


Pancake - 9-2-2009 at 00:07

Ok.No problem...all sorted.