Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.2.9200.16384 (win8_rtm.120725-1247) 0.21%
6.2.9200.16384 (win8_rtm.120725-1247) 0.21%
6.1.7600.16385 (win7_rtm.090713-1255) 0.82%
6.1.7600.16385 (win7_rtm.090713-1255) 0.82%
6.0.6000.16386 (vista_rtm.061101-2205) 0.21%
6.0.6000.16386 (vista_rtm.061101-2205) 0.21%
5.2.3790.1830 (srv03_sp1_rtm.050324-1447) 0.21%
5.1.2600.5512 (xpsp.080413-2105) 62.27%
5.1.2600.5512 (xpsp.080413-2105) 1.65%
5.1.2600.5512 (xpsp.080413-2105) 1.44%
5.1.2600.5512 (xpsp.080413-2105) 0.62%
5.1.2600.5512 (xpsp.080413-2105) 1.86%
5.1.2600.5512 (xpsp.080413-2105) 2.27%
5.1.2600.5512 (xpsp.080413-2105) 0.41%
5.1.2600.5512 (xpsp.080413-2105) 0.62%
5.1.2600.5512 (xpsp.080413-2105) 0.21%
5.1.2600.5512 (xpsp.080413-2105) 0.21%
5.1.2600.5512 (xpsp.080413-2105) 0.21%
5.1.2600.5512 (xpsp.080413-2105) 0.21%
5.1.2600.5512 (xpsp.080413-2105) 0.21%
5.1.2600.5512 (xpsp.080413-2105) 2.06%
5.1.2600.5512 (xpsp.080413-2105) 0.62%
5.1.2600.5512 (xpsp.080413-2105) 0.21%
5.1.2600.5512 (xpsp.080413-2105) 1.03%
5.1.2600.5512 (xpsp.080413-2105) 1.65%
View more

Relationships

Parent processes
Related files

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegDeleteValueA, RegOpenKeyExA, RegCloseKey, RegSetValueExA, RegCreateKeyA, RegCreateKeyExA
kernel32.dll
lstrcpynA, lstrlenA, GetSystemDirectoryA, GetSystemWindowsDirectoryA, GetVersionExA, GetACP, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, LocalFree, CloseHandle, ResetEvent, OpenEventA, CreateProcessA, lstrcatA, GetSystemInfo, lstrcmpiA, FreeLibrary, LoadLibraryA, CreateEventA, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, LocalAlloc, GetProcAddress, RegisterApplicationRestart, GetModuleHandleW, GetCommandLineW, GetStartupInfoW, InterlockedCompareExchange, Sleep, InterlockedExchange
msctf.dll
TF_InitSystem, TF_GetGlobalCompartment, TF_InvalidAssemblyListCacheIfExist, TF_InvalidAssemblyListCache, TF_PostAllThreadMsg, TF_CreateCicLoadMutex, TF_UninitSystem
msctfmonitor.dll
DoMsCtfMonitor
msutb.dll
ClosePopupTipbar, GetPopupTipbar
msvcrt.dll
DllMain
user32.dll
EnumWindows, GetClassNameA, FindWindowA, PostMessageA, SetTimer, KillTimer, MsgWaitForMultipleObjects, PeekMessageA, TranslateMessage, DispatchMessageA, GetMessageA, SetWindowPos, LoadCursorA, RegisterClassExA, DefWindowProcA, PostQuitMessage, CreateWindowExA, GetSystemMetrics

CTFMON.exe

CTF Loader by Microsoft

Remove CTFMON.exe
Version:   6.1.7600.16385 (win7_rtm.090713-1255)
MD5:   4a3cdcef8ed41b221f3dbef5792fb52d
SHA1:   6c04499f7406e270b590374ef813c4012530273e
This is a Windows system installed file with Windows File Protection (WFP) enabled.

What is CTFMON.exe?

CTF Loader, a Microsoft Windows process relating to the ctfmon.exe file, which monitors active windows and provides text support for speech and handwriting recognition, keyboard, translation, and other technologies.

Overview

ctfmon.exe executes as a process with the local user's privileges typically within the context of its parent avgui.exe (AVG Internet Security by AVG Technologies). It is set to be run when the PC boots and the user logs into Windows (added to the Run registry key for the current user). It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. This version is designed to run on Windows 7 and is compiled as a 64 bit program.

DetailsDetails

File name:ctfmon.exe
Publisher:Microsoft Corporation
Product name:CTF Loader
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\ctfmon.exe
File version:6.1.7600.16385 (win7_rtm.090713-1255)
Product version:6.1.7600.16385
Size:8.5 KB (8,704 bytes)
Digital DNA
PE subsystem:Windows GUI
Entropy:6.118468
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (user) run
Runs under the registry key 'HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'ctfmon.exe' → C:\WINDOWS\system32\ctfmon.exe
Windows firewall allowed programs
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\WINDOWS\system32\ctfmon.exe'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00040110%
0.028634%
Kernel CPU:0.00034496%
0.013761%
User CPU:0.00005614%
0.014873%
Kernel CPU time:728,036 ms/min
100,923,805ms/min
CPU cycles:1,256/sec
17,470,203/sec
Memory
Private memory:2.15 MB
21.59 MB
Private (maximum):4.75 MB
Private (minimum):4.1 MB
Non-paged memory:2.15 MB
21.59 MB
Virtual memory:48.71 MB
140.96 MB
Virtual memory (peak):50.37 MB
169.69 MB
Working set:4.21 MB
18.61 MB
Working set (peak):4.77 MB
37.95 MB
Page faults:1,777/min
2,039/min
I/O
I/O other transfer:0 Bytes/sec
448.09 KB/min
I/O other operations:1/sec
1,671/min
Resource allocations
Threads:3
12
Handles:108
600
GUI GDI count:19
103
GUI GDI peak:21
142
GUI USER count:6
49
GUI USER peak:7
71

BehaviorsProcess properties

Integrety level:Medium
Platform:64-bit
Command lines:
  • ctfmon.exe
  • "C:\Windows\System32\ctfmon.exe"
Owner:User
Parent processes:

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 97.00%
Windows 7 Home Premium 1.00%
Windows Vista Home Premium 1.00%
Windows 7 Home Basic 0.50%
Windows 8 Pro with Media Center 0.50%

Distribution by countryDistribution by country

United States installs about 29.23% of CTF Loader.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 30.33%
Intel 12.30%
Toshiba 10.66%
American Megatrends 9.84%
Hewlett-Packard 6.97%
GIGABYTE 6.56%
Compaq 6.56%
ASUS 4.92%
Sahara 3.69%
Lenovo 3.28%
Gateway 2.46%
Acer 1.64%
Sony 0.82%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE