TechSpot

Umonitor, VX2? Dll issues. Hijack log included.

By aedwards
Jan 25, 2005
Topic Status:
Not open for further replies.
  1. I have a user who is getting random .dll errors at bootup with "umonitor" after each. I have done some research and believe it is a variant of VX2. I have ran updated adaware, spy sweeper, spybot and could not completely remove this. I have deleted spyware entries out of the registry also and cleaned up the system using ccleaner. Does anyone see anything malicious in the log?
  2. RealBlackStuff

    RealBlackStuff Newcomer, in training Posts: 8,165

    Go to this post here first, and read the instructions carefully.
    How to remove Begin2Search / Coolwebsearch

    At least, download/update/run those 4-5 programs in the beginning of it.

    Then reboot in safe mode and run Hijackthis on its own and let it 'fix':
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcg.edu/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mcg.edu:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.hims.mcg.edu;www.hims2.mcg.edu;hi.mcg.edu;www.hi.mcg.edu;citrix.mcg.edu;www.citrix.mcg.edu;hi2.mcg.edu;www.hi2.mcg.edu;page.mcg.edu;www.page.mcg.edu;rx.mcg.edu;www.rx.mcg.edu;www.mcg.edu;www.oacs.mcg.edu;www.isd.mcg.edu;webaccess.mcg.edu;mcgtv.mcg.edu;www.iris.mcg.edu;webapp.mcg.edu;alpha1.mcg.edu;alpha2.mcg.edu;www.lib.mcg.edu;www.library.mcg.edu;www.digitalmedia.mcg.edu;www.curriculumii.mcg.edu;www.curriculum.mcg.edu;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
    O1 - Hosts: ;Entries for Campus Cluster user base
    O1 - Hosts: 158.93.35.16 www.web2host.mcg.edu
    O1 - Hosts: 158.93.12.43 proxy.mcg.edu
    O1 - Hosts: ;Entries for MCG_SOD user base
    O1 - Hosts: ;Entries for MCG_PSD user base
    O1 - Hosts: ; Entries for MCG_HOSPITAL3 user base
    O1 - Hosts: 66.155.50.241 www.mcghealthcare.org # MCG HealthCare
    O1 - Hosts: ;158.93.39.10 mcgor
    O1 - Hosts: ; Entries for MCG_RE user base
    O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1266e4d130eac6f9ff18/netzip/RdxIE601.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://www.imapdata.com/viewer/v6/mgaxctrl.cab
    O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINNT\msxml4.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://10.16.13.71/activex/AxisCamControl.cab

    Use the LSPFIX at the bottom of my post for this one:
    O10 - Broken Internet access because of LSP provider 'vnsp.dll' missing

    HTH
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.