PC Tools ThreatFire Tray App

You have clicked on

"PC Tools ThreatFire Tray App" that belongs to "ThreatFire" made by "PC Tools"

Measures you can take regarding this program:

	Click this button to terminate the program. The program will be stopped and the system tray icon will disappear.
	Click this button to uninstall the program. The program will be removed from your computer following the proper uninstallation procedure.
	Click this button to remove this program from startup, so it will NOT get started every time you turn on your computer.

Technical information:
Icon status	Visible
Icon setting	Hidden when inactive
Executable file	D:\1. SICHERHEIT\ThreatFire\TFTray.exe
Version	4.7.0.17
Parent process	C:\Windows\explorer.exe
Can be uninstalled	Yes
Autorun	Started form registry
Key	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value	ThreatFire
Encrypted	No
Size on disk	369.2 Kb
Minimum recorded memory usage	5.1 Mb
Average recorded memory usage	6.3 Mb
Maximum recorded memory usage	6.8 Mb
Date when maximum memory usage occured	20.02.2010 23:47:04
Minimum recorded CPU usage	0%
Average recorded CPU usage	0%
Maximum recorded CPU usage	33%
Date when maximum CPU usage occured	21.02.2010 08:54:38
Started at	21.02.2010 08:48:30
Total CPU time	1 seconds
Imported functions	[+] Imported from WININET.dll [-] Imported from WININET.dll InternetOpenUrlW HttpQueryInfoW InternetCloseHandle InternetOpenW [+] Imported from TFAPI.dll [-] Imported from TFAPI.dll _CHQueryProcessInformation@12 _CHQueryQuarantineInformation@12 _CHGetScanInfo@4 _CHGetUpdateOptions@4 _CHGetEngineState@4 _CHSetEngineState@4 _CHInitialize@16 _CHTerminate@0 _CHTriggerHeartBeat@4 _CHGetProtectionLevel@4 [+] Imported from PSAPI.DLL [-] Imported from PSAPI.DLL GetModuleFileNameExW GetModuleBaseNameW EnumProcessModules [+] Imported from gdiplus.dll [-] Imported from gdiplus.dll GdipGetImageEncodersSize GdipCreateBitmapFromHICON GdiplusStartup GdipGetImageEncoders GdipDisposeImage GdipSaveImageToFile [+] Imported from CRYPT32.dll [-] Imported from CRYPT32.dll CertFreeCertificateContext CryptVerifyMessageSignature CertGetNameStringW [+] Imported from imagehlp.dll [-] Imported from imagehlp.dll ImageGetCertificateData ImageEnumerateCertificates ImageGetCertificateHeader [+] Imported from WINTRUST.dll [-] Imported from WINTRUST.dll WinVerifyTrust [+] Imported from KERNEL32.dll [-] Imported from KERNEL32.dll lstrcmpiW FindResourceW GetModuleFileNameW SizeofResource LockResource LoadResource GetPrivateProfileStringW FindResourceExW EnterCriticalSection GetCurrentProcess GetLastError FlushInstructionCache lstrlenW LeaveCriticalSection SetLastError CompareStringW HeapFree InterlockedDecrement GetProcessHeap GetTickCount GetCurrentThreadId MultiByteToWideChar OpenProcess RaiseException LocalFree HeapDestroy FreeLibrary GetProcAddress CloseHandle CreateMutexW GetModuleHandleW InitializeCriticalSection DeleteCriticalSection CreateProcessW GetCurrentProcessId GetCommandLineW LoadLibraryW FormatMessageW lstrcpynW GetVersion VirtualQuery GetDateFormatW GetCurrentDirectoryW GetPrivateProfileIntW GetTimeFormatW MulDiv GetSystemTime SystemTimeToTzSpecificLocalTime GetFileAttributesW SetCurrentDirectoryW CreateToolhelp32Snapshot Process32FirstW Process32NextW GetLongPathNameW GetWindowsDirectoryW OpenEventW GetSystemDirectoryW OpenFileMappingW MapViewOfFile ReadProcessMemory UnmapViewOfFile WaitForSingleObject ExpandEnvironmentStringsW TerminateProcess FindFirstFileW SetFileAttributesW CreateFileW DeleteFileW FindNextFileW FindClose GetTempPathW CreateDirectoryW Sleep LoadLibraryA VirtualAlloc VirtualFree IsProcessorFeaturePresent HeapAlloc InterlockedCompareExchange GetVersionExA HeapReAlloc HeapSize InterlockedExchange GetACP GetLocaleInfoA GetThreadLocale lstrlenA GetStartupInfoW UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent QueryPerformanceCounter GetSystemTimeAsFileTime LocalAlloc SetEvent [+] Imported from USER32.dll [-] Imported from USER32.dll PostQuitMessage UpdateWindow SetCapture TrackPopupMenu EndPaint RedrawWindow GetWindowPlacement IsWindowVisible CreateDialogParamW GetDesktopWindow DrawEdge ExitWindowsEx BeginPaint ScreenToClient TranslateMessage PostMessageW DispatchMessageW RegisterWindowMessageW FindWindowW IsDialogMessageW GetActiveWindow SetCursor PtInRect PostThreadMessageW SetForegroundWindow GetWindowThreadProcessId SetRectEmpty SetRect MoveWindow DestroyIcon GetClientRect EndDialog MapWindowPoints SetWindowPos ReleaseCapture GetSystemMetrics LoadCursorW GetDC LoadImageW GetWindowLongW AdjustWindowRectEx SendMessageW ReleaseDC CharNextW DialogBoxParamW IsDlgButtonChecked SetWindowTextW KillTimer CopyRect EnableWindow DrawTextW GetWindowTextLengthW OffsetRect DrawIcon InvalidateRect GetParent SetDlgItemTextW CreateWindowExW GetClassInfoExW RegisterClassExW GetDlgCtrlID IsWindow SetTimer SendDlgItemMessageW GetWindowTextW SetWindowLongW GetWindow GetClassNameW SystemParametersInfoW GetDlgItem GetWindowRect UnregisterClassA CallWindowProcW DefWindowProcW DestroyWindow GetCursorPos ModifyMenuW DrawFocusRect GetMenuItemID GetFocus GetMenuItemCount LoadMenuW GetSysColor IsWindowEnabled GetSubMenu SetMenuItemInfoW DestroyMenu CheckMenuItem GetCapture GetKeyState FillRect ShowWindow DeleteMenu SetFocus GetMessageW [+] Imported from GDI32.dll [-] Imported from GDI32.dll GetStockObject CreateSolidBrush SelectObject CreateFontIndirectW GetObjectW SetBkMode SetTextColor CreateFontW DeleteObject [+] Imported from ADVAPI32.dll [-] Imported from ADVAPI32.dll LookupPrivilegeValueW RegOpenKeyExA RegQueryValueExA AdjustTokenPrivileges OpenProcessToken RegEnumKeyExW RegEnumValueW RegCreateKeyExW RegSetValueExW RegQueryValueExW RegQueryInfoKeyW RegOpenKeyExW RegCloseKey [+] Imported from SHELL32.dll [-] Imported from SHELL32.dll SHGetFileInfoW SHGetSpecialFolderPathW Shell_NotifyIconW ShellExecuteW [+] Imported from ole32.dll [-] Imported from ole32.dll CoCreateInstance CoUninitialize StringFromGUID2 CoFreeLibrary CoLoadLibrary CoInitialize CoCreateGuid [+] Imported from OLEAUT32.dll [-] Imported from OLEAUT32.dll Imported by ordinals: 2,4,6,7,8,9,12,146,161,162,200 [+] Imported from ATL80.DLL [-] Imported from ATL80.DLL Imported by ordinals: 10,31,40,42,43,44,47,48,54,58,64 [+] Imported from SHLWAPI.dll [-] Imported from SHLWAPI.dll PathStripPathW [+] Imported from COMCTL32.dll [-] Imported from COMCTL32.dll _TrackMouseEvent ImageList_LoadImageW [+] Imported from MSIMG32.dll [-] Imported from MSIMG32.dll GradientFill [+] Imported from MSVCP80.dll [-] Imported from MSVCP80.dll ??1?$basic_string@DU?$char_traits@D@std@... ??0?$basic_string@DU?$char_traits@D@std@... ??0?$basic_string@DU?$char_traits@D@std@... [+] Imported from VERSION.dll [-] Imported from VERSION.dll VerQueryValueW GetFileVersionInfoSizeW GetFileVersionInfoW [+] Imported from MSVCR80.dll [-] Imported from MSVCR80.dll _invalid_parameter_noinfo malloc _vscwprintf wcsstr ??_V@YAXPAX@Z swprintf_s _recalloc ??3@YAXPAX@Z _except_handler4_common _crt_debugger_hook ?_type_info_dtor_internal_method@type_in... vswprintf_s free wcscpy_s memcpy_s memmove_s wcsrchr _wsplitpath_s wcschr _wtoi ??2@YAPAXI@Z _wcsicmp _wcslwr_s iswspace wcspbrk ?what@exception@std@@UBEPBDXZ ??1exception@std@@UAE@XZ ??0exception@std@@QAE@XZ ??0exception@std@@QAE@ABQBD@Z ??0exception@std@@QAE@ABV01@@Z _heapmin srand rand __set_app_type _time64 _invoke_watson _controlfp_s _mktime64 _vsnwprintf_s wcsspn wcscspn _wcsnicmp _wcsupr_s wcstol memset __CxxFrameHandler3 _CxxThrowException _unlock __dllonexit _encode_pointer _lock _onexit _decode_pointer ?terminate@@YAXXZ _amsg_exit __wgetmainargs _cexit _exit _XcptFilter exit _wcmdln _initterm _initterm_e _configthreadlocale __setusermatherr _adjust_fdiv __p__commode __p__fmode memcpy
Some relevant texts from the exe file	[+] Click here for more details [-] Click here to hide details http://ocsp.verisign.com0? https://www.verisign.com/rpa0 /http://CSC3-2004-crl.verisign.com/CSC3-2004.crl0D http://crl.verisign.com/pca3.crl0 https://www.verisign.com/rpa01 0http://crl.verisign.com/ThawteTimestampingCA.crl0 http://ocsp.verisign.com0 ""http://crl.verisign.com/tss-ca.crl0 <html xmlns=""http://www.w3.org/1999/xhtml"" > <img src=""file://%s""> http://%s/ www.threatfire.com http://www.google.com/search?q= !This program cannot be run in DOS mode. InterlockedPopEntrySList InterlockedPushEntrySList kernel32.dll TFMisc.dll SOFTWARE\PCTools\ThreatFire Portuguese Brazilian Software\Microsoft\Internet Explorer\Settings Anchor Color Visited tooltips_class32 @PCToolsThreatFireTrayApp bad allocation SetProcessWorkingSetSize \Registry\User \Registry\Machine\SOFTWARE\Classes \Registry\Machine http\shell\open\command Local\916A4568AC864049BCFE8871C94D882C Mscoree.dll QuickStart.chm QuickStart-%s.chm ThreatDefault PUADefault MalwareDefault ReportCard UpgradeMsg UpgradeScan ShowNotice TFNotice.exe ATFGui.exe Software\Microsoft\Windows\CurrentVersion MachineGuid IsWow64Process SOFTWARE\PCTools\Spyware Doctor ThreatFire AHistoryFilter DllGetClassObject @AProductVersion ProductName OriginalFilename LegalCopyright CompanyName InternalName FileVersion FileDescription RUNDLL32.EXE Software\Microsoft\Windows\CurrentVersion\Run Software\Microsoft\Windows\CurrentVersion\RunOnce System\CurrentControlSet\Services SeDebugPrivilege WinTrust.dll CryptCATAdminAcquireContext CryptCATAdminReleaseContext CryptCATAdminCalcHashFromFileHandle CryptCATAdminEnumCatalogFromHash CryptCATCatalogInfoFromContext NtQueryInformationProcess Global\{1FE4A10B-9270-46f8-CDEF-8CF9795E2E8C} Global\{1FE4A10B-9270-46f8-BCDE-8CF9795E2E8C} Global\{1FE4A10B-9270-46f8-ABCD-8CF9795E2E8C} Global\{1FE4A10B-9270-46f8-CDEF-8CF9795E2E8B} Global\{1FE4A10B-9270-46f8-DEFG-8CF9795E2E8B} Global\{1FE4A10B-9270-46f8-ABCD-8CF9795E2E8B} ProcessList \VarFileInfo\Translation \StringFileInfo\%08lx\%s SVCHOST.EXE audiodg.exe <table><tr><td valign=""center""> </td><td valign=""center""> <table cellspacing=""0"" cellpadding=""2""> <tr><td style=""font-size: 12px""> <table cellpadding=""0"" cellspacing=""0""><tr><td> QuarantineDisplayWnd SeShutdownPrivilege SurveyTime SurveyCount InternetOpenW InternetOpenUrlW HttpQueryInfoW InternetCloseHandle WININET.dll _CHGetProtectionLevel@4 _CHTriggerHeartBeat@4 _CHTerminate@0 _CHInitialize@16 _CHSetEngineState@4 _CHGetEngineState@4 _CHGetUpdateOptions@4 _CHGetScanInfo@4 _CHQueryQuarantineInformation@12 _CHQueryProcessInformation@12 EnumProcessModules GetModuleBaseNameW GetModuleFileNameExW GdipCreateBitmapFromHICON GdipGetImageEncodersSize GdipGetImageEncoders GdiplusStartup GdipSaveImageToFile GdipDisposeImage gdiplus.dll CryptVerifyMessageSignature CertGetNameStringW CertFreeCertificateContext CRYPT32.dll ImageEnumerateCertificates ImageGetCertificateHeader ImageGetCertificateData imagehlp.dll WinVerifyTrust FindResourceW GetModuleFileNameW SizeofResource LockResource LoadResource GetPrivateProfileStringW FindResourceExW EnterCriticalSection GetCurrentProcess GetLastError FlushInstructionCache LeaveCriticalSection SetLastError CompareStringW InterlockedDecrement GetProcessHeap GetTickCount GetCurrentThreadId MultiByteToWideChar RaiseException FreeLibrary GetProcAddress CloseHandle CreateMutexW GetModuleHandleW InitializeCriticalSection DeleteCriticalSection CreateProcessW GetCurrentProcessId GetCommandLineW LoadLibraryW FormatMessageW GetVersion VirtualQuery GetDateFormatW GetCurrentDirectoryW GetPrivateProfileIntW GetTimeFormatW SystemTimeToTzSpecificLocalTime GetFileAttributesW SetCurrentDirectoryW CreateToolhelp32Snapshot Process32FirstW GetLongPathNameW GetWindowsDirectoryW GetSystemDirectoryW OpenFileMappingW MapViewOfFile ReadProcessMemory UnmapViewOfFile WaitForSingleObject ExpandEnvironmentStringsW TerminateProcess SetFileAttributesW CreateFileW CreateDirectoryW LoadLibraryA GetWindowRect SystemParametersInfoW SetWindowLongW GetWindowTextW SendDlgItemMessageW RegisterClassExW GetClassInfoExW CreateWindowExW InvalidateRect GetWindowTextLengthW EnableWindow SetWindowTextW IsDlgButtonChecked DialogBoxParamW AdjustWindowRectEx GetWindowLongW LoadImageW LoadCursorW ReleaseCapture SetWindowPos MapWindowPoints DestroyIcon MoveWindow GetWindowThreadProcessId SetForegroundWindow PostThreadMessageW GetActiveWindow IsDialogMessageW RegisterWindowMessageW DispatchMessageW PostMessageW ScreenToClient BeginPaint UpdateWindow PostQuitMessage CallWindowProcW DefWindowProcW DestroyWindow GetCursorPos ModifyMenuW DrawFocusRect GetMenuItemID GetMenuItemCount IsWindowEnabled SetMenuItemInfoW DestroyMenu CheckMenuItem GetCapture SetCapture TrackPopupMenu RedrawWindow GetWindowPlacement IsWindowVisible CreateDialogParamW GetDesktopWindow ExitWindowsEx USER32.dll CreateFontW CreateFontIndirectW CreateSolidBrush RegQueryInfoKeyW RegQueryValueExW RegSetValueExW RegEnumValueW LookupPrivilegeValueW AdjustTokenPrivileges RegQueryValueExA RegOpenKeyExA ADVAPI32.dll Shell_NotifyIconW SHGetSpecialFolderPathW SHGetFileInfoW SHELL32.dll CoCreateInstance CoUninitialize CoInitialize CoCreateGuid StringFromGUID2 CoFreeLibrary CoLoadLibrary OLEAUT32.dll SHLWAPI.dll _TrackMouseEvent ImageList_LoadImageW COMCTL32.dll GradientFill MSIMG32.dll MSVCP80.dll GetFileVersionInfoW GetFileVersionInfoSizeW VerQueryValueW VERSION.dll _invalid_parameter_noinfo ?what@exception@std@@UBEPBDXZ ??1exception@std@@UAE@XZ ??0exception@std@@QAE@XZ ??0exception@std@@QAE@ABQBD@Z ??0exception@std@@QAE@ABV01@@Z _CxxThrowException MSVCR80.dll __dllonexit _encode_pointer _decode_pointer ?terminate@@YAXXZ _amsg_exit __wgetmainargs _configthreadlocale __setusermatherr _adjust_fdiv _except_handler4_common _crt_debugger_hook ?_type_info_dtor_internal_method@type_info@@QAEXXZ _invoke_watson GetVersionExA InterlockedCompareExchange IsProcessorFeaturePresent VirtualFree VirtualAlloc HeapDestroy HeapReAlloc InterlockedExchange GetLocaleInfoA GetThreadLocale GetStartupInfoW UnhandledExceptionFilter SetUnhandledExceptionFilter IsDebuggerPresent QueryPerformanceCounter GetSystemTimeAsFileTime UnregisterClassA .?AVtype_info@@ .?AVCAtlException@ATL@@ .?AV_IDispEvent@ATL@@ .?AVCWindow@ATL@@ .?AV?$CWindowImplRoot@VCWindow@ATL@@@ATL@@ .?AV?$CDialogImplBaseT@VCWindow@ATL@@@ATL@@ .?AVCBrowserDlg@@ .?AV_com_error@@ .?AVCTimeoutControl@@ .?AV?$CAtlModuleT@VCModule@@@ATL@@ .?AV?$CAtlExeModuleT@VCModule@@@ATL@@ .?AVCModule@@ .?AVlength_error@std@@ .?AVlogic_error@std@@ .?AVexception@std@@ .?AVCAtlModule@ATL@@ .?AU_ATL_MODULE70@ATL@@ .?AVCHandButton@@ .?AVCHiddenWnd@@ .?AVCTriggerDlg@@ .?AVCRebootDlg@@ .?AV?$CStaticT@VCWindow@ATL@@@WTL@@ .?AVCToolTipStatic@@ .?AV?$CButtonT@VCWindow@ATL@@@WTL@@ .?AVCToolTipButton@@ .?AVCHyperLink@WTL@@ .?AV?$CDialogResize@VCHistoryDlg@@@WTL@@ .?AVCHistoryDlg@@ .?AVCMonitorHtml@@ .?AVCMonitorDetails@@ .?AVCMonitor@@ .?AV?$CWinDataExchange@VCQDisplayDlg@@@WTL@@ .?AV?$CDialogResize@VCQDisplayDlg@@@WTL@@ .?AVCSurveyDlg@@ :ehcLLQaikkklb: )0))))XBQHLQHHLQQIaOX ""''''a=rolmrru7U ""+)dODlEEEDAJ &Display Value &Learn more about this threat &ThreatFire Smart Update &Quick Start Guide Log Details ToolbarWindow32 ThreatFire Survey ThreatFire has detected a potential threat. File name: Suspicious action: File activity details Quarantine details Learn more about this threat Please select an action: Allow this process to continue Kill and quarantine this process Kill this process Remember this answer Description: SECURITY STATUS ThreatFire Protection Your Protection Programs Examined Suspicious Activities Detected Malware Blocked ThreatFire Secure Community Protection Learn More REBOOT REQUIRED Restart Now Rule Fired Custom Rule Fired File Created File Executed File Modified File Renamed Registry Key Created Registry Value Deleted Registry Value Set Description Windows Hook Set Program Launched File Downloaded Executable Modified Information Scanned Program Terminated Browser Launched File Quarantined Registry Key Quarantined ThreatFire - Initiating Rootkit This trojan is also known as %s. Automatic update completed Pending Quarantine Actions is not running. Vista Audio Driver System Idle Process Applications Program Windows Network Actions Network Connection Network Listen File Actions Registry Actions Value Deleted Program Actions Window Hook Set Private Information Scanned Process Terminated Process Data Process ID Parent PID Certificate File Description File Company Command Line Properties Global startup group Local startup group Run key in HKEY_LOCAL_MACHINE Program runs at startup from Item is hosted by Rundll32.exe VS_VERSION_INFO StringFileInfo PC Tools ThreatFire Tray App 2005-2009 PC Tools. All Rights Reserved. ThreatFire(tm) is a trademark of PC Tools TrayApp.exe ProductVersion VarFileInfo Translation var g_oNib; var g_nCursorX;; function FindPosX(o) while (o.offsetParent) o = o.offsetParent; function OnMoveNib(oNib) g_nNibX = g_oNib.style.pixelLeft; g_nCursorX = event.clientX; document.onmousemove = OnDragNib; document.onmouseup = OnDropNib; function OnDragNib() var x = g_nNibX + (event.clientX - g_nCursorX); g_oNib.style.left = x; return false; function OnDropNib() var x = parseInt(g_oNib.style.left) + 4; SnapSlider(x); document.onmousemove = null; document.onmouseup = null; function OnSliderClicked(oSlider) var x = event.clientX - FindPosX(oSlider); function SnapSlider(x) var oNib = document.getElementById(''Nib''); var oDetails = document.getElementById(''Details''); case 1: oNib.style.left = 0; break; case 2: oNib.style.left = 29; break; case 3: oNib.style.left = 59; break; case 4: oNib.style.left = 88; break; case 5: oNib.style.left = 118; break; location.href = 90 + x; function SelectAll(oCheckBox) for (var i = 0; i < oChecks.length; i++) oChecks[i].checked = oCheckBox.checked; function FixSelectAll(oCheckBox) if (!oCheckBox.checked) function SelectMe(nIndex) for (var i = 1; i <= nMax; i++) var e = document.getElementById(''Row'' + i); if (null == e) var e = document.getElementById(''Img'' + i); var e = document.getElementById(''Div'' + i); e.style.display = (i == nIndex) ? '''' : ''none''; function Show() for (var i = 0; i < arguments.length; i++) function Hide() function OnLogLoaded() document.getElementById(''List'').style.height = function ShowSubView(n) for (var i = 1; i < 10; i++) p { margin-bottom: 10px; } label { cursor: hand; } ol { margin: 0 0 0 24; } button { font-family: Arial; font-size: 100%; } strong { font-weight: bold; color: #CC0000; } select { font-family: Arial; font-size: 12px; } div.enabledbtn { margin: 0 0 10px 20px; } table.options tr { padding: 6px 2px; } table.options tr.unselected { cursor: hand; } table.options td.col1 { width: 18px; } table.options td.col2 { } div.info p { margin: 0px 0px 8px 0px; } ""VeriSign Time Stamping Services CA

Technical information: