Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found program / need info


  • Please log in to reply
13 replies to this topic

#1 jziggyp

jziggyp

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 27 February 2011 - 12:03 PM

I have come across a program on my computer I have never heard of. I need to know if it is suppose to be there??? What it does??? Is this safe ??? Is it a program that I can uninstall??? What I have been able to find out makes me think it is a keylogger or something that can be exploited... I am just unsure!!!! Help on this is appreciated ... Thanks..

Microsoft Problem Steps Recoder.
psr.exe.mui .
FeedBackTool.dll.mui

BC AdBot (Login to Remove)

 


#2 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:50 PM

Posted 27 February 2011 - 12:08 PM

This is for the first one:
http://technet.microsoft.com/en-us/windows/dd320286

This is for the second one and the last one:
http://support.microsoft.com/kb/2452648

sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat too! |


#3 jziggyp

jziggyp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 27 February 2011 - 12:49 PM

Thanks for the quick reply computerxpds.... The links tell me that this is a windows 7 program ??? Something to do with IE9 Beta and Live Essential.

I have a Vista 64 bit system. I do not have/use Live Essentials as far as I know. I do have the newest IE9 candidate installed but almost never use IE..(firefox is my default browser )

My ? now is why is this on my vista machine??? There is a log file , so I am guessing that feedback toll has run/logged ??? Still makes me wonder if this is Safe to have or something that does not belong....Can it be removed Safely???

#4 computerxpds

computerxpds

    Bleepin' Comp


  • Moderator
  • 4,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:50 PM

Posted 27 February 2011 - 12:53 PM

Some vista files can be the same but I would wait for another member to come along and tell you more about them as I really am not good with files like these. Give it a few min for another person to reply.

sigcomp.png 
If I have replied to a topic and you reply and I haven't gotten back to you within 48 hours (2 days) then send me a P.M.
Some important links: BC Forum Rules | Misplaced Malware Logs | BC Tutorials | BC Downloads |
Follow BleepingComputer on: Facebook! | Twitter! | Google+| Come join us on the BleepingComputer Live Chat too! |


#5 jziggyp

jziggyp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 27 February 2011 - 01:06 PM

Some vista files can be the same but I would wait for another member to come along and tell you more about them as I really am not good with files like these. Give it a few min for another person to reply.


Thanks, compuerxpds. :thumbsup:

#6 hamluis

hamluis

    Moderator


  • Moderator
  • 55,236 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:50 PM

Posted 27 February 2011 - 02:11 PM

Appears to be a tool installed in Win 7, but is downloadable for XP and Vista. Correction...a video covering it is downloadable as a .wmv file, but it installs no components on XP. I find no documetation for a downloadable version for either XP or Vista.

My Win 7 install has it reflected in the Windows Side By Side folder, 2 instances, 26 KB each.

It would help if you tell us where the information that you displayed...is found on your system.

Louis

#7 jziggyp

jziggyp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 27 February 2011 - 06:14 PM

Appears to be a tool installed in Win 7, but is downloadable for XP and Vista. Correction...a video covering it is downloadable as a .wmv file, but it installs no components on XP. I find no documetation for a downloadable version for either XP or Vista.

My Win 7 install has it reflected in the Windows Side By Side folder, 2 instances, 26 KB each.

It would help if you tell us where the information that you displayed...is found on your system.

Louis


Thanks Louis...

It's located on C:drive , program files(x86), FeedBack Tool folder contains ( en-us, FeedBackTool.dll , psr (exe)

Attached Files


Edited by jziggyp, 27 February 2011 - 06:30 PM.


#8 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:50 PM

Posted 27 February 2011 - 08:30 PM

It is a genuine Windows 7 program - nothing to worry about.
Here is how to use the problems steps recorder.

#9 jziggyp

jziggyp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 27 February 2011 - 09:16 PM

It is a genuine Windows 7 program - nothing to worry about.
Here is how to use the problems steps recorder.


Thanks Romeo29......That is a great site for Vista users......
Being that it is for windows 7 , Do you have any idea why it is on my Vista 64bit system??....I did not install it.

#10 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:50 PM

Posted 28 February 2011 - 01:03 PM


It is a genuine Windows 7 program - nothing to worry about.
Here is how to use the problems steps recorder.


Thanks Romeo29......That is a great site for Vista users......
Being that it is for windows 7 , Do you have any idea why it is on my Vista 64bit system??....I did not install it.


Yes, that is strange. PSR.exe by Microsoft is only a Windows 7 feature and it will not run in Windows Vista.
Upload the psr.exe file to http://www.virustotal.com/ and check what it tells you. Also post the results link here

Edit: VirusTotal site is not loading for me. If you get same problem, you can also try this http://virusscan.jotti.org/en

Edited by Romeo29, 28 February 2011 - 01:06 PM.


#11 jziggyp

jziggyp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 28 February 2011 - 04:29 PM

Romeo29 here is the VT scan for prs.exe-----Niether Jotti or VT shows anything bad on the scan results???

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
psr.exe
Submission date:
2010-12-07 16:27:02 (UTC)
Current status:
finished
Result:
0 /43 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.12.07.01 2010.12.07 -
AntiVir 7.10.14.216 2010.12.07 -
Antiy-AVL 2.0.3.7 2010.12.07 -
Avast 4.8.1351.0 2010.12.07 -
Avast5 5.0.677.0 2010.12.07 -
AVG 9.0.0.851 2010.12.07 -
BitDefender 7.2 2010.12.07 -
CAT-QuickHeal 11.00 2010.12.07 -
ClamAV 0.96.4.0 2010.12.07 -
Command 5.2.11.5 2010.12.07 -
Comodo 6980 2010.12.07 -
DrWeb 5.0.2.03300 2010.12.07 -
Emsisoft 5.1.0.1 2010.12.07 -
eSafe 7.0.17.0 2010.12.07 -
eTrust-Vet 36.1.8023 2010.12.07 -
F-Prot 4.6.2.117 2010.12.06 -
F-Secure 9.0.16160.0 2010.12.07 -
Fortinet 4.2.254.0 2010.12.07 -
GData 21 2010.12.07 -
Ikarus T3.1.1.90.0 2010.12.07 -
Jiangmin 13.0.900 2010.12.07 -
K7AntiVirus 9.71.3182 2010.12.07 -
Kaspersky 7.0.0.125 2010.12.07 -
McAfee 5.400.0.1158 2010.12.07 -
McAfee-GW-Edition 2010.1C 2010.12.07 -
Microsoft 1.6402 2010.12.07 -
NOD32 5682 2010.12.07 -
Norman 6.06.10 2010.12.07 -
nProtect 2010-12-07.01 2010.12.07 -
Panda 10.0.2.7 2010.12.07 -
PCTools 7.0.3.5 2010.12.07 -
Prevx 3.0 2010.12.07 -
Rising 22.77.01.04 2010.12.07 -
Sophos 4.60.0 2010.12.07 -
SUPERAntiSpyware 4.40.0.1006 2010.12.07 -
Symantec 20101.2.0.161 2010.12.07 -
TheHacker 6.7.0.1.096 2010.12.06 -
TrendMicro 9.120.0.1004 2010.12.07 -
TrendMicro-HouseCall 9.120.0.1004 2010.12.07 -
VBA32 3.12.14.2 2010.12.07 -
VIPRE 7546 2010.12.07 -
ViRobot 2010.12.8.4189 2010.12.07 -
VirusBuster 13.6.78.1 2010.12.07 -
Additional information
Show all
MD5 : 071ab3dc660f833e3d89043befbb6c77
SHA1 : cb454d5de284ea55f7094f02486797b8a247170f
SHA256: 7f25a4685deca10bad871244a629c4c8025a67e6ad0c4c0386d6157c355a3b67
ssdeep: 12288:/NnRbzoOnj+HnUnt3xqcD8pellpco/zENOeQiV1u5:lnRbz+HnA37ApeCoAYeXVE
File size : 731400 bytes
First seen: 2010-09-21 04:11:01
Last seen : 2010-12-07 16:27:02
Magic: PE32+ executable for MS Windows (GUI) Mono/.Net assembly
TrID:
Win64 Executable Generic (64.5%)
InstallShield setup (32.4%)
Generic Win/DOS Executable (1.5%)
DOS Executable Generic (1.5%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Problem Steps Recorder
original name: psr.exe
internal name: psr.exe
file version.: 6.1.7799.0 (fbl_esc_end_dat(rparsons).100520-1833)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x31870
timedatestamp....: 0x4C6F41CD (Sat Aug 21 03:02:37 2010)
machinetype......: 0x8664

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x36C8E, 0x36E00, 6.34, e36057e88c2bf75fc0190634dfb2c7ba
.data, 0x38000, 0x7C0C, 0x1800, 5.0, f8d881132fee1afb11f03cca091780ad
.pdata, 0x40000, 0x13F8, 0x1400, 5.52, 87166cd2334ccbf220dd7c10687bd4fc
.rsrc, 0x42000, 0x76458, 0x76600, 6.14, b1baac00ecb89790cce073f022b8e78c
.reloc, 0xB9000, 0x81C, 0xA00, 1.09, b870f5b9992765b95cacafb1a2533bc5

[[ 18 import(s) ]]
advapi32.dll: TraceMessage, EventRegister, EventUnregister, StartTraceW, EnableTrace, ControlTraceW, EventWriteString, OpenTraceW, ProcessTrace, CloseTrace, RegCloseKey, RegQueryInfoKeyW, RegEnumKeyExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, RegDeleteValueW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, RegGetValueW, SetEntriesInAclW, GetNamedSecurityInfoW, SetNamedSecurityInfoW, LookupAccountNameW, EqualSid, GetTokenInformation, OpenThreadToken, RegQueryValueExW, RegOpenKeyW, OpenProcessToken, RegGetValueA
comctl32.dll: ImageList_ReplaceIcon, ImageList_GetIcon, ImageList_Destroy, InitCommonControlsEx, ImageList_Create, HIMAGELIST_QueryInterface, -
gdi32.dll: CreateCompatibleBitmap, ExcludeClipRect, BitBlt, CreateSolidBrush, GetObjectW, StretchBlt, CreateCompatibleDC, CreateDIBSection, GetCurrentObject, DeleteDC, Rectangle, GetStockObject, SelectObject, CreatePen, DeleteObject, CreateDCW
gdiplus.dll: GdipAlloc, GdipFree, GdipDisposeImage, GdiplusShutdown, GdipGetImageEncodersSize, GdiplusStartup, GdipCreateBitmapFromHBITMAP, GdipCloneImage, GdipSaveImageToFile, GdipGetImageEncoders
kernel32.dll: LoadLibraryW, FreeLibrary, ExpandEnvironmentStringsW, DeleteFileW, GetModuleFileNameW, CreateDirectoryW, OpenEventW, SetEvent, RemoveDirectoryW, RegisterWaitForSingleObject, UnregisterWait, lstrlenW, lstrcmpiW, RaiseException, WideCharToMultiByte, LoadResource, FindResourceW, LoadLibraryExW, HeapSetInformation, IsWow64Process, GetCurrentProcess, Wow64DisableWow64FsRedirection, GetCommandLineW, GetSystemDirectoryW, CreateProcessW, GetCurrentThreadId, DeleteCriticalSection, CreateThread, GetSystemTimeAsFileTime, GetSystemTime, FindClose, FindNextFileW, FindFirstFileW, GetTimeFormatW, SystemTimeToTzSpecificLocalTime, FileTimeToSystemTime, GetProductInfo, GetVersionExW, MoveFileExW, MultiByteToWideChar, WaitForMultipleObjects, FileTimeToLocalFileTime, GetCurrentProcessId, QueryFullProcessImageNameW, SizeofResource, ReadProcessMemory, FindNextFileA, FindFirstFileA, GetDriveTypeA, GetFileAttributesExW, SetFileAttributesW, GetFileInformationByHandle, SetFilePointer, ReplaceFileW, GetFileAttributesExA, lstrcmpA, GlobalReAlloc, GlobalLock, FileTimeToDosDateTime, IsDBCSLeadByte, ReadFile, CreateFileA, TlsGetValue, TlsFree, GlobalFree, GlobalUnlock, GlobalHandle, TlsSetValue, GlobalAlloc, TlsAlloc, DeleteFileA, SetCurrentDirectoryW, GetCurrentDirectoryW, LockResource, CreateFileMappingW, WriteFile, UnmapViewOfFile, MapViewOfFile, GetFileSize, GetDateFormatW, DuplicateHandle, SetLastError, WakeConditionVariable, GetThreadPriority, WakeAllConditionVariable, ResetEvent, SetThreadPriority, InitializeConditionVariable, GetCurrentThread, SleepConditionVariableCS, LocalFree, CreateFileW, Sleep, CreateEventW, GetFileAttributesW, OpenProcess, GetModuleHandleW, CloseHandle, GetProcAddress, GetLastError, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, GetTickCount, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, OutputDebugStringA, UnhandledExceptionFilter, TerminateProcess, QueryPerformanceCounter, SetUnhandledExceptionFilter, GetStartupInfoW, lstrlenA, lstrcmpiA, GetVersionExA
msdrm.dll: DRMIsWindowProtected
msimg32.dll: AlphaBlend
msvcrt.dll: _vsnwprintf, _wcsicmp, _vsnprintf, _itow_s, wcstoul, _wcstoui64, wcstol, _wcsupr, wcsstr, wcsncpy_s, malloc, memcpy, _CxxThrowException, __CxxFrameHandler3, _onexit, _lock, __dllonexit, _unlock, _errno, realloc, __1type_info@@UEAA@XZ, _terminate@@YAXXZ, __set_app_type, _fmode, _commode, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _cexit, _exit, _XcptFilter, __wgetmainargs, calloc, __C_specific_handler, memset, _callnewh, _purecall, wcscat_s, wcscpy_s, _wtoi, memcpy_s, free, wcschr, _vscwprintf, strstr, _mktemp, qsort, memmove, time, gmtime, localtime, _getdrive, strncmp, memcmp
ntdll.dll: RtlVirtualUnwind, RtlLookupFunctionEntry, RtlCaptureContext, EtwEventRegister, EtwEventUnregister, EtwEventWrite, NtQueryInformationProcess
ole32.dll: CoCreateGuid, CoTaskMemRealloc, CoCreateInstance, StringFromGUID2, CoUninitialize, CoInitializeEx, CoTaskMemAlloc, CoRegisterClassObject, CoInitialize, CoRevokeClassObject, CoTaskMemFree
oleacc.dll: AccessibleObjectFromWindow, GetRoleTextW, WindowFromAccessibleObject, AccessibleObjectFromPoint
oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -
shell32.dll: -, -, CommandLineToArgvW, SHGetSpecialFolderPathW, ShellExecuteExW, ShellAboutW, SHCreateItemInKnownFolder, SHCreateItemFromParsingName, -
shlwapi.dll: PathFindExtensionA, PathGetArgsW, PathUnquoteSpacesW, PathRemoveArgsW, PathIsDirectoryW, PathAppendW, -, SHAutoComplete, PathFindFileNameA, PathRemoveBlanksW, PathRemoveBackslashW, SHCreateStreamOnFileEx, PathCombineW, PathAddExtensionW, PathRemoveExtensionW, PathFindFileNameW, PathFileExistsW, PathRemoveFileSpecW, PathFindExtensionW, -, -, PathMatchSpecExA, PathIsSameRootW
user32.dll: CharUpperW, IsRectEmpty, SetWindowLongPtrW, ReleaseCapture, SetProcessDefaultLayout, CreateDialogParamW, GetCursorPos, GetWindowTextW, InvalidateRect, IsDialogMessageW, BeginPaint, LoadCursorW, GetMessageW, TranslateMessage, DispatchMessageW, GetWindowRect, SetCapture, FillRect, GetCursorInfo, GetIconInfo, DrawIcon, GetDC, GetWindowTextLengthW, ClientToScreen, EndPaint, SetLayeredWindowAttributes, MsgWaitForMultipleObjectsEx, PostThreadMessageW, CharNextW, SetCursorPos, FindWindowW, SendInput, SetMenuItemInfoW, SetMenuInfo, TrackPopupMenu, GetClassNameW, InternalGetWindowText, GetParent, GetWindowLongPtrW, GetKeyState, GetKeyNameTextW, MapVirtualKeyW, GetWindowInfo, PtInRect, GetAsyncKeyState, LoadImageW, GetSystemMetrics, SetWindowTextW, MessageBoxW, LoadStringW, GetDesktopWindow, IsHungAppWindow, UnregisterClassA, CharLowerA, PeekMessageW, CopyImage, EnumChildWindows, PeekMessageA, DispatchMessageA, CharNextA, OemToCharBuffA, CharToOemBuffA, CharUpperBuffA, CharPrevA, GetProcessDefaultLayout, ReleaseDC, GetDoubleClickTime, UnhookWindowsHookEx, SetWindowsHookExW, CallNextHookEx, PostQuitMessage, GetGUIThreadInfo, WindowFromPoint, GetWindowThreadProcessId, DestroyWindow, GetSysColorBrush, RegisterClassExW, SystemParametersInfoW, CreateWindowExW, SendMessageW, ShowWindow, GetClientRect, MoveWindow, EnableMenuItem, DestroyMenu, GetSubMenu, LoadMenuW, MapWindowPoints, DestroyIcon, GetDlgItemTextW, GetDlgItemInt, EndDialog, SetFocus, SetDlgItemTextW, GetDlgItem, EnableWindow, SetDlgItemInt, SendDlgItemMessageW, DialogBoxParamW, LoadIconW, RedrawWindow, SetForegroundWindow, PostMessageW, DefWindowProcW, UnregisterClassW, UpdateWindow, KillTimer, SetTimer, IsWindowVisible, SetParent, AdjustWindowRect, SetWindowPos
version.dll: GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
wtsapi32.dll: WTSFreeMemory, WTSQuerySessionInformationW
xmllite.dll: CreateXmlWriter
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 224768
CompanyName: Microsoft Corporation
EntryPoint: 0x31870
FileDescription: Problem Steps Recorder
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 714 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.1.7799.0 (fbl_esc_end_dat(rparsons).100520-1833)
FileVersionNumber: 6.1.7799.0
ImageVersion: 6.1
InitializedDataSize: 524800
InternalName: psr.exe
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 10.0
MIMEType: application/octet-stream
MachineType: AMD AMD64
OSVersion: 6.1
ObjectFileType: Executable application
OriginalFilename: psr.exe
PEType: PE32+
ProductName: Microsoft Windows Operating System
ProductVersion: 6.1.7799.0
ProductVersionNumber: 6.1.7799.0
Subsystem: Windows GUI
SubsystemVersion: 6.0
TimeStamp: 2010:08:21 05:02:37+02:00
UninitializedDataSize: 0



This is what JOTTI gave me ---

Jotti's malware scan
Filename: psr.exe
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 28 Feb 2011 22:20:52 (CET) Permalink

Additional info
File size: 731400 bytes
Filetype: PE32+ executable for MS Windows (GUI) Mono/.Net assembly
MD5: 071ab3dc660f833e3d89043befbb6c77
SHA1: cb454d5de284ea55f7094f02486797b8a247170f




Scanners
[ArcaVir]
2011-02-28 Found nothing
[G DATA]
2011-02-28 Found nothing
[Avast! antivirus]
2011-02-28 Found nothing
[Ikarus]
2011-02-28 Found nothing
[Grisoft AVG Anti-Virus]
2011-02-28 Found nothing
[Kaspersky Anti-Virus]
2011-02-28 Found nothing
[Avira AntiVir]
2011-02-28 Found nothing
[ESET NOD32]
2011-02-28 Found nothing
[Softwin BitDefender]
2011-02-28 Found nothing
[Panda Antivirus]
2011-02-28 Found nothing
[ClamAV]
2011-02-28 Found nothing
[Quick Heal]
2011-02-28 Found nothing
[CPsecure]
2011-02-28 Found nothing
[Sophos]
2011-02-28 Found nothing
[Dr.Web]
2011-02-28 Found nothing
[VirusBlokAda VBA32]
2011-02-28 Found nothing
[Frisk F-Prot Antivirus]
2011-02-28 Found nothing
[VirusBuster]
2011-02-28 Found nothing
[F-Secure Anti-Virus]
2011-02-28 Found nothing

Edited by jziggyp, 28 February 2011 - 04:31 PM.


#12 jziggyp

jziggyp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 28 February 2011 - 04:42 PM

Romeo29 These are the result of FeedBacktool.dll from VT and Jotti ,,,Both appear to be clean ,,,at least to me LOL...

1 VT Community user(s) with a total of 1524 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
FeedbackTool.dll
Submission date:
2011-02-27 10:50:52 (UTC)
Current status:
finished
Result:
0 /43 (0.0%)

VT Community

goodware
Safety score: 100.0%
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.02.27.00 2011.02.26 -
AntiVir 7.11.3.240 2011.02.25 -
Antiy-AVL 2.0.3.7 2011.02.27 -
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.02.23 -
AVG 10.0.0.1190 2011.02.27 -
BitDefender 7.2 2011.02.27 -
CAT-QuickHeal 11.00 2011.02.27 -
ClamAV 0.96.4.0 2011.02.26 -
Commtouch 5.2.11.5 2011.02.27 -
Comodo 7819 2011.02.27 -
DrWeb 5.0.2.03300 2011.02.27 -
Emsisoft 5.1.0.2 2011.02.27 -
eSafe 7.0.17.0 2011.02.24 -
eTrust-Vet 36.1.8184 2011.02.25 -
F-Prot 4.6.2.117 2011.02.26 -
F-Secure 9.0.16160.0 2011.02.27 -
Fortinet 4.2.254.0 2011.02.27 -
GData 21 2011.02.27 -
Ikarus T3.1.1.97.0 2011.02.27 -
Jiangmin 13.0.900 2011.02.27 -
K7AntiVirus 9.90.3967 2011.02.25 -
Kaspersky 7.0.0.125 2011.02.27 -
McAfee 5.400.0.1158 2011.02.27 -
McAfee-GW-Edition 2010.1C 2011.02.26 -
Microsoft 1.6603 2011.02.27 -
NOD32 5910 2011.02.27 -
Norman 6.07.03 2011.02.26 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.26 -
PCTools 7.0.3.5 2011.02.25 -
Prevx 3.0 2011.02.27 -
Rising 23.46.05.03 2011.02.26 -
Sophos 4.61.0 2011.02.27 -
SUPERAntiSpyware 4.40.0.1006 2011.02.26 -
Symantec 20101.3.0.103 2011.02.27 -
TheHacker 6.7.0.1.140 2011.02.26 -
TrendMicro 9.200.0.1012 2011.02.27 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.27 -
VBA32 3.12.14.3 2011.02.25 -
VIPRE 8551 2011.02.27 -
ViRobot 2011.2.26.4331 2011.02.26 -
VirusBuster 13.6.223.2 2011.02.26 -
Additional information
Show all
MD5 : e876499512f87dc80f88d9a715ce459c
SHA1 : cb2c984c092ea8e6979d0cfc35e76746f4b3e622
SHA256: 78e5c32e67b070f21460fa90c49e37b7fbd586dbf04c3b2e62317ad2f993d65d
ssdeep: 24576:f4XAOYAZl85X6g6ZyIZMTNI/cFytbqoeCCNbmIm82Qj:f4X7Yw85X1QyIZUNslpqVCCYI
mcj
File size : 1618184 bytes
First seen: 2010-11-23 22:26:29
Last seen : 2011-02-27 10:50:52
Magic: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
TrID:
DirectShow filter (43.0%)
Windows OCX File (26.3%)
Win64 Executable Generic (18.2%)
Win32 Executable MS Visual C++ (generic) (8.0%)
Win32 Executable Generic (1.8%)
sigcheck:
-
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x4B91C
timedatestamp....: 0x4CC0D9C3 (Fri Oct 22 00:24:35 2010)
machinetype......: 0x14C (Intel I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x4E3F5, 0x4E400, 6.45, 6b9c88c7b5c7460df8eb62be209dfa72
.orpc, 0x50000, 0x33, 0x200, 0.81, 41592fa05266a8283a5a24fa7b957642
.data, 0x51000, 0x1210, 0xE00, 1.08, 3db7c19126274cdbb0d7abfb6debbfbc
.rsrc, 0x53000, 0x131ED0, 0x132000, 6.26, 05b0f8f7ecffc64eaa170e1aa4801e68
.reloc, 0x185000, 0x7DB6, 0x7E00, 5.98, 157ad9ad30ad772aa3983e4b5cd1c3d4

[[ 18 import(s) ]]
advapi32.dll: GetLengthSid, IsValidSid, RevertToSelf, SetEntriesInAclW, ConvertStringSecurityDescriptorToSecurityDescriptorW, ConvertSidToStringSidW, GetSecurityDescriptorDacl, OpenProcessToken, OpenThreadToken, GetTokenInformation, CopySid, TraceMessage, EventWrite, RegCreateKeyW, RegNotifyChangeKeyValue, RegCloseKey, RegCreateKeyExW, RegSetValueExW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegisterTraceGuidsW, UnregisterTraceGuids, EventRegister, EventUnregister, RegOpenKeyExW, RegEnumKeyExW, RegGetValueW, RegEnumValueW, ImpersonateLoggedOnUser, SetFileSecurityW, InitializeSecurityDescriptor, GetFileSecurityW, SetSecurityDescriptorDacl
cabinet.dll: -, -, -
gdi32.dll: DeleteDC, GetObjectW, DeleteObject, SelectObject, GetTextMetricsW, CreateFontIndirectW, SetBkColor, SetTextColor, CreatePen, MoveToEx, LineTo, CreateCompatibleDC, CreateCompatibleBitmap, GetPixel, GetDeviceCaps, BitBlt
gdiplus.dll: GdipCreateBitmapFromHBITMAP, GdipAlloc, GdipCloneImage, GdipFree, GdipDisposeImage, GdipCreateFromHDC, GdipDeleteGraphics, GdipGetImageEncoders, GdipGetImageEncodersSize, GdipSaveImageToFile, GdiplusShutdown, GdiplusStartup, GdipDrawImagePointsI, GdipDrawImageRectRectI, GdipSetInterpolationMode
iphlpapi.dll: GetAdaptersAddresses
kernel32.dll: InitializeCriticalSectionAndSpinCount, InitializeCriticalSection, DeleteCriticalSection, CloseHandle, SetLastError, GetModuleHandleA, GetModuleHandleW, GetProcAddress, GetVersion, GetFileAttributesW, GetLastError, LoadLibraryA, LoadLibraryW, GetModuleFileNameW, OutputDebugStringA, FreeLibrary, CloseThreadpoolWait, WaitForThreadpoolWaitCallbacks, SetThreadpoolWait, EnterCriticalSection, LeaveCriticalSection, MulDiv, CreateThreadpoolWait, DeleteFileW, InterlockedDecrement, CompareStringOrdinal, InterlockedIncrement, InterlockedExchange, ReadProcessMemory, WideCharToMultiByte, GetSystemDirectoryW, CompareStringW, MultiByteToWideChar, CreateThreadpool, SetThreadpoolThreadMaximum, CreateThreadpoolWork, SubmitThreadpoolWork, WaitForThreadpoolWorkCallbacks, CloseThreadpoolWork, CloseThreadpool, WaitForMultipleObjects, Wow64RevertWow64FsRedirection, Wow64DisableWow64FsRedirection, GetCurrentProcess, IsWow64Process, CreateFileW, GetFileTime, SetFileTime, GetSystemTimeAsFileTime, GetSystemWow64DirectoryW, SetFileAttributesW, FindClose, FindFirstFileW, FindNextFileW, InitOnceInitialize, InitOnceExecuteOnce, lstrlenW, GetCurrentProcessId, MoveFileW, GetEnvironmentVariableW, ExpandEnvironmentStringsW, FindResourceW, LoadResource, LockResource, SizeofResource, GetTickCount, CreateDirectoryW, CreateEventW, SetEvent, ResetEvent, CreateThread, CreateProcessW, TerminateProcess, OpenProcess, Sleep, DisableThreadLibraryCalls, GetCommandLineW, LocalFree, GetFileMUIPath, LoadLibraryExW, GetCurrentThreadId, GetVersionExW, GetSystemInfo, GetLocaleInfoW, GetUserDefaultUILanguage, InterlockedCompareExchange, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, QueryFullProcessImageNameW, GetCurrentThread, SetFilePointerEx, SystemTimeToFileTime, FileTimeToSystemTime, ReadFile, SetThreadPriority, GetTempPathW, GetFileSizeEx, GetLongPathNameW, CopyFileExW, GlobalFree, RemoveDirectoryW, GetThreadPriority, DuplicateHandle, GetWindowsDirectoryW, WaitForSingleObject, WriteFile, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, GetTempFileNameW, SearchPathW
msimg32.dll: TransparentBlt
msvcrt.dll: memcpy, __CxxFrameHandler3, _CxxThrowException, strrchr, wcschr, _except_handler4_common, _onexit, __dllonexit, _unlock, _lock, _initterm, _amsg_exit, _XcptFilter, _callnewh, free, malloc, _wcstoui64, wcstol, wcsrchr, _vsnwprintf, _vscwprintf, _wcsnicmp, wcspbrk, iswspace, srand, rand, memmove, qsort_s, wcstok_s, __1type_info@@UAE@XZ, memset
ntdll.dll: NtQueryInformationProcess
ole32.dll: CoImpersonateClient, CoUninitialize, CoInitializeEx, CoCreateInstance, CoTaskMemFree, CoGetObject, StringFromGUID2, IIDFromString, CoSetProxyBlanket, CoRevertToSelf
oleaut32.dll: -, -, -, -, -, -, -, -, -, -, -
rpcrt4.dll: CStdStubBuffer_AddRef, IUnknown_QueryInterface_Proxy, NdrOleFree, NdrOleAllocate, CStdStubBuffer_CountRefs, IUnknown_Release_Proxy, CStdStubBuffer_DebugServerQueryInterface, CStdStubBuffer_QueryInterface, IUnknown_AddRef_Proxy, CStdStubBuffer_DebugServerRelease, CStdStubBuffer_Disconnect, CStdStubBuffer_IsIIDSupported, CStdStubBuffer_Invoke, CStdStubBuffer_Connect, NdrCStdStubBuffer_Release, NdrDllCanUnloadNow, NdrDllGetClassObject
shell32.dll: Shell_NotifyIconW, ShellExecuteW, ShellExecuteExW, CommandLineToArgvW, -
shlwapi.dll: -, PathAppendW
user32.dll: SetFocus, RegisterWindowMessageW, IsChild, SetCapture, ReleaseCapture, GetCursorPos, MapWindowPoints, DrawFocusRect, IsWindowVisible, IsWindowEnabled, PostMessageW, PeekMessageW, GetWindowRect, SendMessageW, GetFocus, CopyRect, LoadIconW, SetProcessDPIAware, ShowScrollBar, DrawTextW, DestroyWindow, OffsetRect, EndPaint, FillRect, GetSysColorBrush, ShowWindow, BeginPaint, SetRectEmpty, SetWindowPos, CallMsgFilterW, MsgWaitForMultipleObjectsEx, DispatchMessageW, TranslateMessage, MsgWaitForMultipleObjects, GetWindowThreadProcessId, CreateWindowExW, DeferWindowPos, LoadStringW, InvalidateRect, GetWindowLongW, SetWindowLongW, GetClientRect, GetSysColor, PostQuitMessage, LoadBitmapW, GetSystemMetrics, EndDeferWindowPos, BeginDeferWindowPos, GetWindowTextW, SetTimer, MessageBoxW, KillTimer, IsIconic, ReleaseDC, GetAncestor, GetParent, EnableWindow, GetDC
uxtheme.dll: DrawThemeParentBackground
wer.dll: WerReportSubmit, WerReportCreate, WerReportCloseHandle, WerReportAddFile, WerReportSetParameter
winhttp.dll: WinHttpTimeFromSystemTime, WinHttpSetOption, WinHttpGetIEProxyConfigForCurrentUser, WinHttpSendRequest, WinHttpWriteData, WinHttpSetTimeouts, WinHttpReceiveResponse, WinHttpCrackUrl, WinHttpConnect, WinHttpCloseHandle, WinHttpQueryHeaders, WinHttpSetStatusCallback, WinHttpGetDefaultProxyConfiguration, WinHttpOpen, WinHttpReadData, WinHttpSetCredentials, WinHttpGetProxyForUrl, WinHttpOpenRequest, WinHttpAddRequestHeaders

[[ 3 export(s) ]]
DllCanUnloadNow, DllGetClassObject, ShowWizardW
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 321024
CompanyName: Microsoft Corporation
EntryPoint: 0x4b91c
FileDescription: Feedback Tool
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 1580 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 6.2.7862.0 (fbl_fun_resp_dev.101020-1201)
FileVersionNumber: 6.2.7862.0
ImageVersion: 6.2
InitializedDataSize: 1290752
InternalName: FeedbackTool
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 10.1
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 6.2
ObjectFileType: Dynamic link library
OriginalFilename: FeedbackTool
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 6.2.7862.0
ProductVersionNumber: 6.2.7862.0
Subsystem: Windows command line
SubsystemVersion: 6.2
TimeStamp: 2010:10:22 02:24:35+02:00
UninitializedDataSize: 0

JOTTI RESULTS BELOW.....

Jotti's malware scan
Filename: FeedbackTool.dll
Status:
Scan finished. 0 out of 19 scanners reported malware.
Scan taken on: Mon 28 Feb 2011 22:36:42 (CET) Permalink

Additional info
File size: 1618184 bytes
Filetype: PE32 executable for MS Windows (DLL) (console) Intel 80386 32-bit
MD5: e876499512f87dc80f88d9a715ce459c
SHA1: cb2c984c092ea8e6979d0cfc35e76746f4b3e622




Scanners
[ArcaVir]
2011-02-28 Found nothing
[G DATA]
2011-02-28 Found nothing
[Avast! antivirus]
2011-02-28 Found nothing
[Ikarus]
2011-02-28 Found nothing
[Grisoft AVG Anti-Virus]
2011-02-28 Found nothing
[Kaspersky Anti-Virus]
2011-02-28 Found nothing
[Avira AntiVir]
2011-02-28 Found nothing
[ESET NOD32]
2011-02-28 Found nothing
[Softwin BitDefender]
2011-02-28 Found nothing
[Panda Antivirus]
2011-02-28 Found nothing
[ClamAV]
2011-02-28 Found nothing
[Quick Heal]
2011-02-28 Found nothing
[CPsecure]
2011-02-28 Found nothing
[Sophos]
2011-02-28 Found nothing
[Dr.Web]
2011-02-28 Found nothing
[VirusBlokAda VBA32]
2011-02-28 Found nothing
[Frisk F-Prot Antivirus]
2011-02-28 Found nothing
[VirusBuster]
2011-02-28 Found nothing
[F-Secure Anti-Virus]
2011-02-28 Found nothing

Edited by jziggyp, 28 February 2011 - 04:43 PM.


#13 Romeo29

Romeo29

    Learning To Bleep


  • BC Advisor
  • 3,194 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:127.0.0.1
  • Local time:08:50 PM

Posted 01 March 2011 - 01:33 PM

Well, I think you have installed the Internet Explorer 9 RC on Windows Vista. The Feedback tool included with IE9 has psr.exe and that is how you have it on your system.

Nothing to worry about :)

#14 jziggyp

jziggyp
  • Topic Starter

  • Members
  • 74 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:50 PM

Posted 01 March 2011 - 03:58 PM

Thanks Romeo29, I appreciate the help ,, You have eased my paranoia :thumbsup: ......That was 1 of my thoughts( of course I had many) :whistle: .... I am just one of those guys that needs verification while in a learning stage :crazy: Thanks Jim




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users