Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

agent log file


  • Please log in to reply
15 replies to this topic

#1 angelosg87

angelosg87

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 18 May 2014 - 06:49 AM

In this path C:\Users\User keeps appearing a file called agent.
As I saw it is a log file. Any ideas what it is and what is creating it?
I delete it each time and keeps appearing.

 

Can it be some kind of infection? My computer is new.

 

I don't have any strange application or anything that makes this happen. I searched the web and found nothing. I used my antivirus and the malware but it is clean...

This is what looks like
43398d1400351016t-agent-log-file-untitle

Thanks in advance



BC AdBot (Login to Remove)

 


m

#2 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 18 May 2014 - 10:07 AM

It could be some software that the manufacturer put on that's creating it, or even some software you use, that you may not have noticed before.

Some programs will automatically create a file. To find out what is doing it:

1. Download PROCMON:

http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx

2. In File Explorer, get to "C:\Users\User".

3. Run the program, in the ZIP file called Procmon.exe

4. Allow it to do it's initial start up thing (the screen may take a little bit to load).

5. Create a filter, that has the PATH name in it:
5.1. Click "Filter".
5.2. Click "Filter" (again in the drop down menu).
5.3. First drop down: "Path".
5.4. Second drop down: "is".
5.5. Third drop down: "C:\Users\User".
5.6. Click "Add".
5.7. Click "Apply".

6. Click "Edit".
7. Click "Clear Display".
8. Return to File Manager.
9. Delete the file in question.
10. Let the Procmon.exe run. Keep File Explorer in that folder, refreshing it periodically.
11. Make note of the time it reappears.
12. Return to Procmon.exe, find the time that the file was created, and the second column will tell you the program that created it. The rest is up to you, to determine if the program is valid for your system, and if it is safe for you to remove the program.

Best of luck.

Edited by scotty_ncc1701, 18 May 2014 - 10:09 AM.


#3 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 18 May 2014 - 03:12 PM

I will check it. Hope that I will find out... Thank you very much! I will inform about the results!



#4 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 19 May 2014 - 07:23 AM

it says that the explorer.exe created it....



#5 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 19 May 2014 - 11:01 AM

If your computer was like most, and prebuilt (software) at the manufacturer, my gut tells me that it is something that the Manufacturer installed.

I had some strange files when I got my computer.  I then got Windows 8.1 (boxed), did a NUKE AND PAVE, and the strange files were gone, and haven't reappeared.  I think, but can't recall 100% for sure, that I had a similar issue like you.

Look in the log created (redo the procedure if necessary), and see if of there were any strange/unknown programs running before the file was created (you may have to change the filtering, or just browse through the listing).  There is a chance that program "X", "Y", or "Z" may have made call to explorer.exe and asked it to create a file.

Best of luck.



#6 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 19 May 2014 - 11:16 AM

It just hit me...ouch! :hysterical:

 

Search your hard drive, and look for explorer.exe (make sure you look for hidden files also).  The explorer.exe might not be windows explorer.  For instance here are a few on my system:

C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

Do this please:

1.  Open a command window.
2.  Get to your desktop.
3.  Enter the command (no quotes): "dir c:\explorer.exe /s >> files.txt"
NOTE DOUBLE GREATER THAN

4.  Enter the command (no quotes): "dir c:\explorer.exe /s /ah >> files.txt"
NOTE DOUBLE GREATER THAN

Provide the list here, please.

 


Edited by scotty_ncc1701, 19 May 2014 - 11:18 AM.


#7 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 19 May 2014 - 01:02 PM

It just hit me...ouch! :hysterical:

 

Search your hard drive, and look for explorer.exe (make sure you look for hidden files also).  The explorer.exe might not be windows explorer.  For instance here are a few on my system:

C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe

C:\Windows\explorer.exe

C:\Windows\SysWOW64\explorer.exe

Do this please:

1.  Open a command window.
2.  Get to your desktop.
3.  Enter the command (no quotes): "dir c:\explorer.exe /s >> files.txt"
NOTE DOUBLE GREATER THAN

4.  Enter the command (no quotes): "dir c:\explorer.exe /s /ah >> files.txt"
NOTE DOUBLE GREATER THAN

Provide the list here, please.

 

 Volume in drive C is OS
 Volume Serial Number is 3088-2F96
 
 Directory of c:\Windows
 
03/04/2014  03:25 PM         2,373,784 explorer.exe
               1 File(s)      2,373,784 bytes
 
 Directory of c:\Windows\SysWOW64
 
03/04/2014  02:16 PM         2,088,160 explorer.exe
               1 File(s)      2,088,160 bytes
 
 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_42a5f9614d8dbfa5
 
03/18/2014  06:27 PM         2,373,784 explorer.exe
               1 File(s)      2,373,784 bytes
 
 Directory of c:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_42adfbb14d868a5d
 
03/04/2014  03:25 PM         2,373,784 explorer.exe
               1 File(s)      2,373,784 bytes
 
 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17031_none_4cfaa3b381ee81a0
 
03/18/2014  06:27 PM         2,088,160 explorer.exe
               1 File(s)      2,088,160 bytes
 
 Directory of c:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.3.9600.17039_none_4d02a60381e74c58
 
03/04/2014  02:16 PM         2,088,160 explorer.exe
               1 File(s)      2,088,160 bytes
 
     Total Files Listed:
               6 File(s)     13,385,832 bytes
               0 Dir(s)  213,051,363,328 bytes free


#8 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 19 May 2014 - 01:18 PM

when i type dir c:\explorer.exe /s >> files.txt I get the list above.

 

But when I type dir c:\explorer.exe /s /ah >> files.txt I don;t get anything



#9 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 19 May 2014 - 03:16 PM

Not getting anything on the "hidden" files (the command with /ah) isn't a problem.

OK, presuming that your computer is prebuilt, the only thing that I can think of, is something like that happened to me.  When I started my computer, after I got it, like I said before, I had some strange files.  One program that was running was IIS (webserver).  I unstalled it, and some of the files disappeared, but I don't recall the names.

If you don't need IIS (presuming it is running), stop and unstall it, delete the "agent" file, and see what happens.  If that doesn't help, the only things I can think of at the moment are:

1.  If you have a friend with the same type PC, see if they're getting the same thing.
2.  Look at the programs running in Taskmgr, and see if there is anything odd.
3.  Call your PC manufacturer, and see if they can help.


Best of luck.



#10 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 19 May 2014 - 03:47 PM

How do i unistall iis?

#11 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 19 May 2014 - 04:27 PM

1.  Press Win key to get to start screen.
2.  Type "Control Panel" (no quotes).
3.  Click on "Control Panel".
4.  Click on "Programs and Features".
5.  Click on "Turn Windows features on or off"
6.  It will take a few seconds for the list to load.

7.  Clear the checkmarks on Internet Information Services.
7.1.  There might be a filled in block, which means that only part of the stuff in that area is installed.  Just check the box until nothing shows.
7.2.  Most people don't use IIS.
7.3.  I do some website stuff, but I use Apache Web Server... the same one my hosting company uses.

8.  Clear the checkmarks on Internet Information Services Hostable Web Core.
8.1.  Most people don't use IIS.

9.  Click "OK".
10.  It might take a few minutes.
11.  A system reboot may be needed.

 

:busy:

 

Best of luck.



#12 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 19 May 2014 - 11:22 PM

I will do that.. hope it works.. i reset my windows (windows 8.1 genuine).. i installed just the programs that came with my motherboard and graphics card and again it appeared.. My pc is not prebuilt but custom made.. But the license of windowns is OEM which is used for prebuilt computers.. I talk with my seller technician telling me that is nothing and i should not worry..

#13 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 20 May 2014 - 12:00 AM

With my PC came along a program called Intel Manageability Engine Firmware Recovery Agent. Maybe this is the program creating that file.. Though I am not sure if it is for the best to un-install it.

 

Please note that IIS wasn't installed on my computer.


Edited by angelosg87, 20 May 2014 - 12:01 AM.


#14 scotty_ncc1701

scotty_ncc1701

  • Members
  • 520 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:31 AM

Posted 20 May 2014 - 09:22 AM

With my PC came along a program called Intel Manageability Engine Firmware Recovery Agent. Maybe this is the program creating that file.. Though I am not sure if it is for the best to un-install it.
 
Please note that IIS wasn't installed on my computer.

I don't think it's needed: http://www.shouldiremoveit.com/Intel-Manageability-Engine-Firmware-Recovery-Agent-6378-program.aspx

Partial quote from above: It gives a management application (and thus, the system administrator who uses it) better access to the PC down the wire, in order to remotely and securely do tasks that are difficult or sometimes impossible when working on a PC that does not have remote functionalities built into it.
============
By the comments, it seems to be targeted towards IT people. If you need remote access to your PC, ONE ALTERNATIVE is TeamViewer.



#15 angelosg87

angelosg87
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 20 May 2014 - 11:55 AM

Scotty I un-installed Intel Manageability Engine Firmware Recovery Agent and no agent log file appeared! At least not yet! But I have a feeling that this was the program creating it. And I remember that I got error during its update. So in a way It all make sense now. Hope this is the real deal as I got really tired trying to figure out this agent log issue....






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users