PDA

View Full Version : Agent.exe - A problem?


Lavinder
26-04-09, 15:12
A process called Agent.exe is running, and it is using 30% of my CPU, and it seems to be cramping my computer.

How can I get rid of this?

EscondeR
26-04-09, 15:20
1. Press CTRL+ALT+DEL, select Processes and kill Agent.exe (Right click > Kill process tree).

2. Run ARDiag.exe (http://www.tombraiderhub.com/download/ardiag.exe) and post the report.

Lavinder
26-04-09, 15:22
:)
---------------------------------------------------------------
AutoRuns Diagnostics for TRF v 0.5 Developed by EscondeR
---------------------------------------------------------------



Program:
"##Id_String2.6844F930_1628_4223_B5CC_5BB94B879762# #"
Publisher:
"(Not verified) Apple Computer Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Bonjour Service
Program path & name:
"c:\program files\bonjour\mdnsresponder.exe"
Enabled: [V]


Program:
"Allows Diskeeper to run on this computer and improve file system performance."
Publisher:
"(Verified) Diskeeper Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Diskeeper
Program path & name:
"c:\program files\diskeeper corporation\diskeeper\dkservice.exe"
Enabled: [V]


Program:
"Eset Service"
Publisher:
"(Not verified) ESET"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ekrn
Program path & name:
"c:\program files\eset\eset nod32 antivirus\ekrn.exe"
Enabled: [V]


Program:
"Helper service for the InCD filesystem driver"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
InCDsrv
Program path & name:
"c:\program files\nero\nero 7\incd\incdsrv.exe"
Enabled: [V]


Program:
"Prefetches JRE files for faster startup of Java applets and applications"
Publisher:
"(Verified) Sun Microsystems Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
JavaQuickStarterService
Program path & name:
"c:\program files\java\jre6\bin\jqs.exe"
Enabled: [V]


Program:
"PunkBuster Service Component [v1032] http://www.evenbalance.com"
Publisher:
"(Verified) Even Balance Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PnkBstrA
Program path & name:
"c:\windows\system32\pnkbstra.exe"
Enabled: [V]


Program:
"PunkBuster Service Component [v2.177 QL] http://www.evenbalance.com"
Publisher:
"(Verified) Even Balance Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PnkBstrB
Program path & name:
"c:\windows\system32\pnkbstrb.exe"
Enabled: [V]


Program:
"RichVideo Module"
Publisher:
"(Verified) CyberLink"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RichVideo
Program path & name:
"c:\program files\cyberlink\shared files\richvideo.exe"
Enabled: [V]


Program:
"Sunbelt Personal Firewall SbPFLnch"
Publisher:
"(Verified) SUNBELT SOFTWARE DISTRIBUTION"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SbPF.Launcher
Program path & name:
"c:\program files\sunbelt software\personal firewall\sbpflnch.exe"
Enabled: [V]


Program:
"Sunbelt Personal Firewall Engine"
Publisher:
"(Verified) SUNBELT SOFTWARE DISTRIBUTION"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SPF4
Program path & name:
"c:\program files\sunbelt software\personal firewall\sbpfsvc.exe"
Enabled: [V]


Program:
"Enables network access to local burners via iSCSI protocol."
Publisher:
"(Not verified) Rocket Division Software"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
StarWindServiceAE
Program path & name:
"c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe"
Enabled: [V]


Program:
"AEGIS Protocol (IEEE 802.1x) v3.2.0.3"
Publisher:
"(Not verified) Meetinghouse Data Communications"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
AegisP
Program path & name:
"c:\windows\system32\drivers\aegisp.sys"
Enabled: [V]


Program:
"Atheros Extensible Wireless LAN device driver"
Publisher:
"(Not verified) Atheros Communications Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
athrusb
Program path & name:
"c:\windows\system32\drivers\athrusb.sys"
Enabled: [V]


Program:
"Low-Level Driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ATITool
Program path & name:
c:\windows\system32\drivers\atitool.sys"
Enabled: [V]


Program:
"PCAUSA NDIS 5.0 SPR Protocol Driver"
Publisher:
"(Not verified) Printing Communications Assoc. Inc. (PCAUSA)"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
BRGSp50
Program path & name:
"c:\windows\system32\drivers\brgsp50.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
cpuz130
Program path & name:
File not found: C:\DOCUME~1\Laura\LOCALS~1\Temp\cpuz130\cpuz_x32.s ys"
Enabled: [V]


Program:
"Eset file on-access scanner"
Publisher:
"(Verified) ESET spol. s r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
eamon
Program path & name:
"c:\windows\system32\drivers\eamon.sys"
Enabled: [V]


Program:
"Eset AntiStealth driver"
Publisher:
"(Verified) ESET spol. s r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
easdrv
Program path & name:
"c:\windows\system32\drivers\easdrv.sys"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) EnTech Taiwan"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ENTECH
Program path & name:
"c:\windows\system32\drivers\entech.sys"
Enabled: [V]


Program:
"EPFW Filter Driver"
Publisher:
"(Verified) ESET spol. s r.o."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
epfwtdir
Program path & name:
"c:\windows\system32\drivers\epfwtdir.sys"
Enabled: [V]


Program:
"GIGABYTE Tools"
Publisher:
"(Verified) GIGA-BYTE TECHNOLOGY CO. LTD"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
gdrv
Program path & name:
"c:\windows\gdrv.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
giveio
Program path & name:
c:\windows\system32\giveio.sys"
Enabled: [V]


Program:
"Hamachi Virtual Network Interface Driver"
Publisher:
"(Verified) LogMeIn Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
hamachi
Program path & name:
"c:\windows\system32\drivers\hamachi.sys"
Enabled: [V]


Program:
"Hauppauge WDM Driver for Bt848
Publisher:
Bt878"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
HCWBT8XX
Program path & name:
"(Not verified) Hauppauge Computer Works""c:\windows\system32\drivers\hcwbt8xx.sys"
Enabled: [V]


Program:
"Ahead RW Filter Driver"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
InCDPass
Program path & name:
"c:\windows\system32\drivers\incdpass.sys"
Enabled: [V]


Program:
"Nero MRW Filter Driver"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
incdrm
Program path & name:
"c:\windows\system32\drivers\incdrm.sys"
Enabled: [V]


Program:
"MagicISO SCSI Host Controller"
Publisher:
"(Not verified) MagicISO Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
mcdbus
Program path & name:
"c:\windows\system32\drivers\mcdbus.sys"
Enabled: [V]


Program:
"TUSB1150"
Publisher:
"(Not verified) Texas Instruments"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NBXG750
Program path & name:
"c:\windows\system32\drivers\wlanutg.sys"
Enabled: [V]


Program:
"NetStumbler NDIS 5.0 Protocol Driver"
Publisher:
"(Not verified) Printing Communications Assoc. Inc. (PCAUSA)"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
NSNDIS5
Program path & name:
"c:\windows\system32\nsndis5.sys"
Enabled: [V]


Program:
"PCAUSA NDIS 5.0 Protocol Driver"
Publisher:
"(Not verified) Printing Communications Assoc. Inc. (PCAUSA)"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PCANDIS5
Program path & name:
"c:\windows\system32\pcandis5.sys"
Enabled: [V]


Program:
N/A
Publisher:
"(Verified) Even Balance Inc."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PnkBstrK
Program path & name:
"c:\windows\system32\drivers\pnkbstrk.sys"
Enabled: [V]


Program:
"Px Engine Device Driver for Windows 2000/XP"
Publisher:
"(Verified) Sonic Solutions"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
PxHelp20
Program path & name:
"c:\windows\system32\drivers\pxhelp20.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
RivaTuner32
Program path & name:
c:\program files\rivatuner v2.05\rivatuner32.sys"
Enabled: [V]


Program:
"Sunbelt Personal Firewall driver"
Publisher:
"(Verified) SUNBELT SOFTWARE DISTRIBUTION"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SbFw
Program path & name:
"c:\windows\system32\drivers\sbfw.sys"
Enabled: [V]


Program:
"Sunbelt Personal Firewall Host Intrusion Prevention Driver"
Publisher:
"(Verified) SUNBELT SOFTWARE DISTRIBUTION"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sbhips
Program path & name:
"c:\windows\system32\drivers\sbhips.sys"
Enabled: [V]


Program:
"PC Camera driver"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SNPSTD3
Program path & name:
c:\windows\system32\drivers\snpstd3.sys"
Enabled: [V]


Program:
"SpeedFan Device Driver"
Publisher:
"(Not verified) Windows (R) 2000 DDK provider"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
speedfan
Program path & name:
"c:\windows\system32\speedfan.sys"
Enabled: [V]


Program:
"Video Capture Stream Splitter"
Publisher:
"(Not verified) LoteSoft Co."
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
SPLITCAM
Program path & name:
"c:\windows\system32\drivers\splitcam.sys"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
sptd
Program path & name:
c:\windows\system32\drivers\sptd.sys"
Enabled: [V]


Program:
"TCP/IP Protocol Driver"
Publisher:
"(Not verified) Microsoft Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
Tcpip
Program path & name:
"c:\windows\system32\drivers\tcpip.sys"
Enabled: [V]


Program:
"Driver for VMware's Virtual Ethernet Adapters Ver. 2"
Publisher:
N/A
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
VMnetAdapter
Program path & name:
File not found: system32\DRIVERS\vmnetadapter.sys"
Enabled: [V]


Program:
"VNC Communication"
Publisher:
"(Not verified) RDV Soft"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vnccom
Program path & name:
"c:\windows\system32\drivers\vnccom.sys"
Enabled: [V]


Program:
"Ultravnc Mirror Driver"
Publisher:
"(Not verified) RDV Soft"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
vncdrv
Program path & name:
"c:\windows\system32\drivers\vncdrv.sys"
Enabled: [V]


Program:
"ZD1211B 802.11 b+g USB LAN Driver"
Publisher:
"(Not verified) ZyDAS Technology Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ZD1211BU(SMC)
Program path & name:
"c:\windows\system32\drivers\zd1211bu.sys"
Enabled: [V]


Program:
"ZD1211B 802.11 b+g USB LAN Driver"
Publisher:
"(Not verified) ZyDAS Technology Corporation"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ZD1211BU(ZyDAS)
Program path & name:
"c:\windows\system32\drivers\zd1211bu.sys"
Enabled: [V]


Program:
"PCAUSA NDIS 5.0 SPR Protocol Driver"
Publisher:
"(Not verified) Printing Communications Assoc. Inc. (PCAUSA)"
Entry path:
HKLM\System\CurrentControlSet\Services
Entry name:
ZDPSp50
Program path & name:
"c:\windows\system32\drivers\zdpsp50.sys"
Enabled: [V]


Program:
"Adobe Drive CS4 Network"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvi der\Order
Entry name:
AdobeDriveCS4_NP
Program path & name:
"c:\program files\common files\adobe\adobe drive cs4\adobedrivecs4_np.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
JMB36X IDE Setup
Program path & name:
c:\windows\raidtool\xinside.exe"
Enabled: [V]


Program:
"NVIDIA nView Wizard
Publisher:
Version 112.01 "
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
nwiz
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nwiz.exe"
Enabled: [V]


Program:
"Active Keys Application File"
Publisher:
"(Not verified) Softarium.com"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ActiveKeys.AAB635BD7D054a37A576
Program path & name:
"c:\program files\active keys\akeys.exe"
Enabled: [V]


Program:
"InstallShield Update Service Update Manager"
Publisher:
"(Verified) Macrovision Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ISUSPM
Program path & name:
"c:\program files\common files\installshield\updateservice\isuspm.exe"
Enabled: [V]


Program:
"tsnpstd3 Microsoft "
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
tsnpstd3
Program path & name:
c:\windows\tsnpstd3.exe"
Enabled: [V]


Program:
"CameraMonitor Application"
Publisher:
N/A
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
snpstd3
Program path & name:
c:\windows\vsnpstd3.exe"
Enabled: [V]


Program:
"Eset GUI"
Publisher:
"(Verified) ESET spol. s r.o."
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
egui
Program path & name:
"c:\program files\eset\eset nod32 antivirus\egui.exe"
Enabled: [V]


Program:
"Skype for COM API"
Publisher:
"(Verified) Skype Technologies SA"
Entry path:
HKLM\SOFTWARE\Classes\Protocols\Handler
Entry name:
skype4com
Program path & name:
"c:\program files\common files\skype\skype4com.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
Entry name:
0
Program path & name:
File not found: About:Home"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
C:\Documents and Settings\Laura\Start Menu\Programs\Startup
Entry name:
Shortcut to PUSHPIN.lnk
Program path & name:
c:\program files\pushpin\pushpin.exe"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
Task Scheduler
Entry name:
AppleSoftwareUpdate.job
Program path & name:
File not found: C:\Program Files\Apple Software Update\SoftwareUpdate.exe"
Enabled: [V]


Program:
"Contribute IE Plugin"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
ContributeBHO Class
Program path & name:
"c:\program files\adobe\/adobe contribute cs4/contributeieplugin.dll"
Enabled: [V]


Program:
"Adobe PDF Helper for Internet Explorer"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Adobe PDF Link Helper
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll"
Enabled: [V]


Program:
"Flashget CatchUrl Module"
Publisher:
"(Not verified) www.flashget.com"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
FGCatchUrl
Program path & name:
"c:\program files\flashget\jccatch.dll"
Enabled: [V]


Program:
"Java(TM) Platform SE binary"
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
Java(tm) Plug-In 2 SSV Helper
Program path & name:
"c:\program files\java\jre6\bin\jp2ssv.dll"
Enabled: [V]


Program:
"Java(TM) Quick Starter binary"
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
JQSIEStartDetectorImpl Class
Program path & name:
"c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll"
Enabled: [V]


Program:
"Flashget GetFlash Module"
Publisher:
"(Not verified) www.flashget.com"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects
Entry name:
FlashGet GetFlash Class
Program path & name:
"c:\program files\flashget\getflash.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Display Panning CPL Extension
Program path & name:
File not found: deskpan.dll"
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 112.01 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 112.01 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Desktop Explorer Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]


Program:
"NVIDIA Desktop Explorer
Publisher:
Version 112.01 "
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
nView Desktop Context Menu
Program path & name:
"(Not verified) NVIDIA Corporation""c:\windows\system32\nvshell.dll"
Enabled: [V]


Program:
N/A
Publisher:
N/A
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
WinRAR shell extension
Program path & name:
c:\program files\winrar\rarext.dll"
Enabled: [V]


Program:
"PowerISOShell DLL"
Publisher:
"(Not verified) PowerISO Computing Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
PowerISO
Program path & name:
"c:\program files\poweriso\pwrisosh.dll"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
OpenOffice.org Column Handler
Program path & name:
"c:\program files\openoffice.org 2.4\program\shlxthdl.dll"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
OpenOffice.org Infotip Handler
Program path & name:
"c:\program files\openoffice.org 2.4\program\shlxthdl.dll"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
OpenOffice.org Property Sheet Handler
Program path & name:
"c:\program files\openoffice.org 2.4\program\shlxthdl.dll"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
OpenOffice.org Thumbnail Viewer
Program path & name:
"c:\program files\openoffice.org 2.4\program\shlxthdl.dll"
Enabled: [V]


Program:
"7-Zip Shell Extension"
Publisher:
"(Not verified) Igor Pavlov"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
7-Zip Shell Extension
Program path & name:
"c:\program files\7-zip\7-zip.dll"
Enabled: [V]


Program:
"Shell Extension"
Publisher:
"(Not verified) ESET"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
Eset Smart Security - Context Menu Shell Extension
Program path & name:
"c:\program files\eset\eset nod32 antivirus\shellext.dll"
Enabled: [V]


Program:
"InCD"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
InCDShellExt extension
Program path & name:
"c:\program files\nero\nero 7\incd\incdshx.dll"
Enabled: [V]


Program:
"Cover Designer"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
NeroCoverEd Live Icons
Program path & name:
"c:\program files\nero\nero 7\nero coverdesigner\coveredextension.dll"
Enabled: [V]


Program:
"InCD"
Publisher:
"(Verified) Nero AG"
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
InCDUdfPerm extension
Program path & name:
"c:\program files\nero\nero 7\incd\incdup.dll"
Enabled: [V]


Program:
"Dropbox Shell Extension"
Publisher:
"(Not verified) Evenflow Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DropboxExt
Program path & name:
"c:\program files\dropbox\dropboxext.dll"
Enabled: [V]


Program:
"Dropbox Shell Extension"
Publisher:
"(Not verified) Evenflow Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DropboxExt
Program path & name:
"c:\program files\dropbox\dropboxext.dll"
Enabled: [V]


Program:
"Dropbox Shell Extension"
Publisher:
"(Not verified) Evenflow Inc."
Entry path:
HKLM\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved
Entry name:
DropboxExt
Program path & name:
"c:\program files\dropbox\dropboxext.dll"
Enabled: [V]


Program:
N/A
Publisher:
"(Not verified) Sun Microsystems Inc."
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
Program path & name:
"c:\program files\openoffice.org 2.4\program\shlxthdl.dll"
Enabled: [V]


Program:
"PDF Shell Extension"
Publisher:
"(Verified) Adobe Systems Incorporated"
Entry path:
HKLM\Software\Classes\Folder\Shellex\ColumnHandler s
Entry name:
PDF Shell Extension
Program path & name:
"c:\program files\common files\adobe\acrobat\activex\pdfshell.dll"
Enabled: [V]


Program:
"FlashGet"
Publisher:
"(Not verified) FlashGet.com"
Entry path:
HKLM\Software\Microsoft\Internet Explorer\Extensions
Entry name:
FlashGet
Program path & name:
"c:\program files\flashget\flashget.exe"
Enabled: [V]



It still comes back even if I end the process tree.

EscondeR
26-04-09, 15:31
Laura, your report is technically clean, unless Agent.exe is not started by another application not by itself. There are some junk entries that can be killed, but nothing dangerous.

To locate Agent.exe please run full drive search including System and Hidden files on all your drives for Agent.exe and then post all paths found.

Lavinder
26-04-09, 16:00
C:\Program Files\Common Files\InstallShield\UpdateService

:)

EscondeR
26-04-09, 16:12
Run Autoruns (http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx) and kill this entry:

Program:
"InstallShield Update Service Update Manager"
Publisher:
"(Verified) Macrovision Corporation"
Entry path:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Entry name:
ISUSPM
Program path & name:
"c:\program files\common files\installshield\updateservice\isuspm.exe"
Enabled: [V]

Though it's totally legal, not a virus.