johnmuoio
2009-09-02, 16:52
I just completed a clean installation of Windows XP Home -> XP Professional from the recovery disks and allowed it to go through the lengthy MS update process. Also installed iTunes and allowed the quicktime to update. I wanted to delete the quicktime presence in memory and on the task bar so I ran Spybot and am using the system startup tool.
There are four pairs of:
ctfmon.exe and C:\ProgramFiles\QuickTime\QTTask.exe" -atboottime
in the startup list, and a single instance of ctfmon.exe in memory. Virus or malware is VERY unlikely as all of the software I just installed came from manufacturers CDs and/or downloaded updates from the major software manufacturer.
Can anyone shed light on this for me? I have included the list copied from spybot for reference with the questionable instances in bold. Why are there so many ctfmon startups? Do I only need the one? Is this just sloppy cleanup from the multiple updates that were required for quicktime? I'm aware of the malware associated with this ctfmon.exe, but again, very unlikely this is a virus infection. I have disabled all the pairs for now.
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-08-25 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-08-25 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-08-04 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-07-30 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-08-19 Includes\Malware.sbi
2009-08-25 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-08-25 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-07-30 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-08-11 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi
2009-08-26 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88361
MD5: 46AB1D091C74D2FA4DF740FC704D3D32
Located: HK_LM:Run, ATIModeChange (DISABLED)
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: FAE95D6D7651B5629C4E19ADBC9A3863
Located: HK_LM:Run, ATIPTA (DISABLED)
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 2D24F0243BB32EBF3727361004677F6D
Located: HK_LM:Run, BJPD HID Control
command: C:\Program Files\Canon\BJPV\TVMon.exe
file: C:\Program Files\Canon\BJPV\TVMon.exe
size: 45056
MD5: C3D28733CFF9AB7C0CBE4E446B84C425
Located: HK_LM:Run, ezShieldProtector for Px
command: C:\WINDOWS\System32\ezSP_Px.exe
file: C:\WINDOWS\System32\ezSP_Px.exe
size: 40960
MD5: 2849ED071A0D83406BDA342AA767F24E
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: EE2AC08BE7024A781DF6F40870ED748D
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 095B56D71D4C6AF017712B0E59C66166
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
Located: HK_LM:Run, LogitechCommunicationsManager (DISABLED)
command: "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
size: 488984
MD5: 022DB38BECB5A44DA6F7E27923457624
Located: HK_LM:Run, LogitechGalleryRepair (DISABLED)
command: C:\Program Files\Logitech\ImageStudio\ISStart.exe
file: C:\Program Files\Logitech\ImageStudio\ISStart.exe
size: 155648
MD5: 948CAC717567BA865304846268D281B9
Located: HK_LM:Run, LogitechImageStudioTray (DISABLED)
command: C:\Program Files\Logitech\ImageStudio\LogiTray.exe
file: C:\Program Files\Logitech\ImageStudio\LogiTray.exe
size: 45056
MD5: 5A410B0E8BA5503321AAE02931A5F767
Located: HK_LM:Run, LogitechQuickCamRibbon (DISABLED)
command: "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
file: C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
size: 774168
MD5: 6B84B11CFAD4173733DD96C810D9BC6F
Located: HK_LM:Run, LVCOMS (DISABLED)
command: C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
file: C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
size: 90112
MD5: AE8DDA79FB82EB3100852A1DF8502551
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\System32\NvCpl.dll
size: 4841472
MD5: 6AD3C12BF304010471AF5D70DBA332E1
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, VAIO Recovery
command: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
file: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
size: 28672
MD5: 3EDF6F722C8CC022B6F51CEC19EA477B
Located: HK_LM:Run, WD Button Manager
command: WDBtnMgr.exe
file: C:\WINDOWS\system32\WDBtnMgr.exe
size: 364544
MD5: E71FEAE76F0A1131C1A63495C363F8A0
Located: HK_LM:Run, VAIOSurvey (DISABLED)
command: c:\program files\sony\vaio survey\surveysa.exe
file: c:\program files\sony\vaio survey\surveysa.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1656070224-3671241410-2476632156-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1656070224-3671241410-2476632156-1005...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1006...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1007...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1008...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1009...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1009...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Startup (common), HPAiODevice(hp officejet 7100 series) - 1.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
file: C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
size: 495682
MD5: 00B2647A3EEFFC116E329D6971AEB8C6
Located: Startup (common), Remocon Driver.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\sony\usbsircs\usbsircs.exe
file: C:\Program Files\sony\usbsircs\usbsircs.exe
size: 229376
MD5: 1C4942AC15FBA6EEEE45E711EF02B9AF
Located: Startup (common), WD Backup Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\My Book\WD Backup\uBBMonitor.exe
file: C:\Program Files\My Book\WD Backup\uBBMonitor.exe
size: 98304
MD5: 5D5FA0268F6E26CDEBFB99ECE6B067A9
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
There are four pairs of:
ctfmon.exe and C:\ProgramFiles\QuickTime\QTTask.exe" -atboottime
in the startup list, and a single instance of ctfmon.exe in memory. Virus or malware is VERY unlikely as all of the software I just installed came from manufacturers CDs and/or downloaded updates from the major software manufacturer.
Can anyone shed light on this for me? I have included the list copied from spybot for reference with the questionable instances in bold. Why are there so many ctfmon startups? Do I only need the one? Is this just sloppy cleanup from the multiple updates that were required for quicktime? I'm aware of the malware associated with this ctfmon.exe, but again, very unlikely this is a virus infection. I have disabled all the pairs for now.
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-09-01 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-07-28 advcheck.dll (1.6.3.17)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi
2009-08-25 Includes\AdwareC.sbi
2009-01-22 Includes\Cookies.sbi
2009-05-19 Includes\Dialer.sbi
2009-08-25 Includes\DialerC.sbi
2009-01-22 Includes\HeavyDuty.sbi
2009-05-26 Includes\Hijackers.sbi
2009-08-04 Includes\HijackersC.sbi
2009-06-23 Includes\Keyloggers.sbi
2009-07-30 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2009-08-19 Includes\Malware.sbi
2009-08-25 Includes\MalwareC.sbi
2009-03-25 Includes\PUPS.sbi
2009-08-25 Includes\PUPSC.sbi
2009-01-22 Includes\Revision.sbi
2009-01-13 Includes\Security.sbi
2009-07-30 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2009-04-07 Includes\Spyware.sbi
2009-08-11 Includes\SpywareC.sbi
2009-06-08 Includes\Tracks.uti
2009-08-25 Includes\Trojans.sbi
2009-08-26 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
size: 35696
MD5: 452FA961163EF4AEE4815796A13AB2CF
Located: HK_LM:Run, AGRSMMSG
command: AGRSMMSG.exe
file: C:\WINDOWS\AGRSMMSG.exe
size: 88361
MD5: 46AB1D091C74D2FA4DF740FC704D3D32
Located: HK_LM:Run, ATIModeChange (DISABLED)
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: FAE95D6D7651B5629C4E19ADBC9A3863
Located: HK_LM:Run, ATIPTA (DISABLED)
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 335872
MD5: 2D24F0243BB32EBF3727361004677F6D
Located: HK_LM:Run, BJPD HID Control
command: C:\Program Files\Canon\BJPV\TVMon.exe
file: C:\Program Files\Canon\BJPV\TVMon.exe
size: 45056
MD5: C3D28733CFF9AB7C0CBE4E446B84C425
Located: HK_LM:Run, ezShieldProtector for Px
command: C:\WINDOWS\System32\ezSP_Px.exe
file: C:\WINDOWS\System32\ezSP_Px.exe
size: 40960
MD5: 2849ED071A0D83406BDA342AA767F24E
Located: HK_LM:Run, HotKeysCmds
command: C:\WINDOWS\System32\hkcmd.exe
file: C:\WINDOWS\System32\hkcmd.exe
size: 114688
MD5: EE2AC08BE7024A781DF6F40870ED748D
Located: HK_LM:Run, IgfxTray
command: C:\WINDOWS\System32\igfxtray.exe
file: C:\WINDOWS\System32\igfxtray.exe
size: 155648
MD5: 095B56D71D4C6AF017712B0E59C66166
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
file: C:\Program Files\iTunes\iTunesHelper.exe
size: 292128
MD5: 741DCAEC21B5A9A1D068FE8692A30D68
Located: HK_LM:Run, LogitechCommunicationsManager (DISABLED)
command: "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
file: C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
size: 488984
MD5: 022DB38BECB5A44DA6F7E27923457624
Located: HK_LM:Run, LogitechGalleryRepair (DISABLED)
command: C:\Program Files\Logitech\ImageStudio\ISStart.exe
file: C:\Program Files\Logitech\ImageStudio\ISStart.exe
size: 155648
MD5: 948CAC717567BA865304846268D281B9
Located: HK_LM:Run, LogitechImageStudioTray (DISABLED)
command: C:\Program Files\Logitech\ImageStudio\LogiTray.exe
file: C:\Program Files\Logitech\ImageStudio\LogiTray.exe
size: 45056
MD5: 5A410B0E8BA5503321AAE02931A5F767
Located: HK_LM:Run, LogitechQuickCamRibbon (DISABLED)
command: "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
file: C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
size: 774168
MD5: 6B84B11CFAD4173733DD96C810D9BC6F
Located: HK_LM:Run, LVCOMS (DISABLED)
command: C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
file: C:\Program Files\Common Files\Logitech\QCDriver2\LVCOMS.EXE
size: 90112
MD5: AE8DDA79FB82EB3100852A1DF8502551
Located: HK_LM:Run, NvCplDaemon (DISABLED)
command: RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
file: C:\WINDOWS\System32\NvCpl.dll
size: 4841472
MD5: 6AD3C12BF304010471AF5D70DBA332E1
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_LM:Run, VAIO Recovery
command: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
file: C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
size: 28672
MD5: 3EDF6F722C8CC022B6F51CEC19EA477B
Located: HK_LM:Run, WD Button Manager
command: WDBtnMgr.exe
file: C:\WINDOWS\system32\WDBtnMgr.exe
size: 364544
MD5: E71FEAE76F0A1131C1A63495C363F8A0
Located: HK_LM:Run, VAIOSurvey (DISABLED)
command: c:\program files\sony\vaio survey\surveysa.exe
file: c:\program files\sony\vaio survey\surveysa.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-1656070224-3671241410-2476632156-1005...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, MSMSGS
where: S-1-5-21-1656070224-3671241410-2476632156-1005...
command: "C:\Program Files\Messenger\msmsgs.exe" /background
file: C:\Program Files\Messenger\msmsgs.exe
size: 1695232
MD5: 3E930C641079443D4DE036167A69CAA2
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1006...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1006...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1007...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1007...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1008...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1008...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1009...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3
Located: HK_CU:Run, QuickTime Task (DISABLED)
where: S-1-5-21-1656070224-3671241410-2476632156-1009...
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 413696
MD5: FABAD2BFD44661D8CC627E5485BFAFAF
Located: Startup (common), Adobe Gamma Loader.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
size: 113664
MD5: C2FF17734176CD15221C10044EF0BA1A
Located: Startup (common), HPAiODevice(hp officejet 7100 series) - 1.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
file: C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
size: 495682
MD5: 00B2647A3EEFFC116E329D6971AEB8C6
Located: Startup (common), Remocon Driver.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\sony\usbsircs\usbsircs.exe
file: C:\Program Files\sony\usbsircs\usbsircs.exe
size: 229376
MD5: 1C4942AC15FBA6EEEE45E711EF02B9AF
Located: Startup (common), WD Backup Monitor.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\My Book\WD Backup\uBBMonitor.exe
file: C:\Program Files\My Book\WD Backup\uBBMonitor.exe
size: 98304
MD5: 5D5FA0268F6E26CDEBFB99ECE6B067A9
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, dimsntfy
command: %SystemRoot%\System32\dimsntfy.dll
file: %SystemRoot%\System32\dimsntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, igfxcui
command: igfxsrvc.dll
file: igfxsrvc.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!