unregmp2.exe?

Hi,I was here the other day and got some awesome help so I thought this might be the place to ask the following question....I was clicking around in My Network Places when I stumbled on a folder named SharedDocs on Dave's Computer (Home) I've never created this folder, and I've never seen anything on my computer named Dave (kinda creepy in the 2001ish sense) though I do get the occasional David (cause that's me). The only things in it are 2 sub folders named @C:\Windows\inf\unregmp2.exe-161 and @C:\Windows\inf\unregmp2.exe-162. Anywho when I googled them, the first bunch of things that came up were about spyware and exploits and generally bad things, but then there was other info saying that they are kinda normal to have. So, should I kill it? And if so, any information about how to go about making it dead would be greatly appreciated. Thanks!

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99.1 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT


We are very busy here at MajorGeeks.Com PhilliePhan, Chaslang or myself with check back when time permits.!

 

K, a strange thing happened on the way to the zoo...I tried to reboot into safe mode to do all the scans and I couldn't which has never happened to me before in my life ever. It did that screen with all the driver stuff on it then stayed there for a bit then acted as though I just turned on the computer and started from scratch, after 4 or 5 attempts, I just let it boot normally and did all the scans. Everything came up clean, except ad-aware which found 9 negligible objects that I deleted, the Symantec thing worked for me today and everything was a green checkmark except I don't have a virus scanner. The annoying little AVG taskbar icon that I'm looking at right now says different, so I'm assuming they meant I didn't have a SYMANTEC virus scanner and just left out the word SYMANTEC. Anywho, I've gone ahead and attached a HijackThis! Log for your perusal, if everything looks okay to you can you give me any information or a link to reading material about the previously mentioned files? As I said I've googled it and read different things about it, I just find it weird because i know I've never made them plus they have Dave in it when everything on my computer with my name involved says David. Thanks for all your help again, you guys sincerely rock!

 

Go ahead and do another scan with HijackThis and Check the Boxes for the following:

Again, make sure All Browser Windows are Closed when you Click FIX.


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} -

O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} -



NEXT:
Run CCleaner and Spybot S&D and have Spybot fix what it finds.


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Now, reset your web settings.

To Reset Web Settings:
Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.


Reboot and Scan with HijackThis and attach the new log.
Let me know of any problems you may have encountered with the above instructions and how your computer is running now.

Good Luck!

Is this part of your ISP?
DO NOT FIX THIS YET!

 

Regarding that folder you mentioned, are you networked to anything?

 

K, I've followed your instructions and have attached another Hijack This Log. Spybot didn't find anything to fix and like always offered its congratulations to me. As for the other entry, the helpful people at google seem to think the following:

How to >> Resolve the 205.188.146.146
general internet access
I P address blocking problem.

If you are having an internet access problem, have a look at the information below. It may not be related, but there again, if nothing else has worked it would be worth a look.

This item also relates to some 'not loading' problems in the AOL web page maker Easy Designer, due to a firewall block. See WHAT TO DO lower down page.

Some AOL browser users are getting a connecting to site:

205 . 188 . 146 . 146

The 205.188.146.146 is an AOL proxy address.

I had AOL a super long time ago, but now I'm with a cable company called Persona for what they claim is high speed. I haven't accessed anything even remotely AOLish in months, and definitely not since my last HijackThis Log was posted (yesterday). Thanks again for your help and sorry to be so wordy.

 

Sorry I just saw your other question about Networking, I'm kinda dumb about computers, so I think the answer is maybe. Basically I have a cable connection which is shared by 2 computers through a router. These computers, however, do not and aren't supposed to be sharing anything with each other, if that makes any sense? They have also never been set up to share any files with each other. I hope that answers what you're asking. Thanks again. (sorry about all the thanks, it's a Canadian thing)

 

Your log is clean! Are you currently experiencing any problems?

 

I thought so, thats where that folder came from then. Its because your networked and by default windows will share that automatically.

 

Whew! That's a relief! I don't know if this is anything that you guys help out with, but one thing I'll mention is that I've gone through the article on malware and done everything on it (I think anyway) a while ago, but have been having recurring spyware problems anyway. Recently I've used a program called RegSupremePro which does all kinds of things (Is this something I should be asking in the Software forum? Sorry if it is) Anyway, this program lists all the installed software on your computer, Ive tried deleting a few things by Unknown Author, but they come back practically immediately, like I will delete it from the list and even before I've closed the program they are back. Any ideas? Feel free to refer me to the Software forum or anywhere else you think is more appropriate for this q.

 

As far as Spyware/Virus infections go, your clean! Im not sure exactly what your problem is your describing but I would be really careful with programs like this. They sometimes can cause more harm than good.

Yes, you would get a better answer in the Software Forum as I dont know anything about this program.

You should look at this article on How to Protect yourself from malware!

Just to stay clean!

 

Alrighty, to the Software forum I shall go! Thanks for all your help again, and I'll definitely go through the article again and make sure I'm all good. You really deserve a raise dude! Um...you do get paid right?

 

Your Welcome!

Nah, everyone who post in here is volunteering there time.