Umonitor, VX2? Dll issues. Hijack log included.

[aedwards]

I have a user who is getting random .dll errors at bootup with "umonitor" after each. I have done some research and believe it is a variant of VX2. I have ran updated adaware, spy sweeper, spybot and could not completely remove this. I have deleted spyware entries out of the registry also and cleaned up the system using ccleaner. Does anyone see anything malicious in the log?

 

[RealBlackStuff]

Go to this post here first, and read the instructions carefully.
How to remove Begin2Search / Coolwebsearch

At least, download/update/run those 4-5 programs in the beginning of it.

Then reboot in safe mode and run Hijackthis on its own and let it 'fix':
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mcg.edu/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.mcg.edu:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.hims.mcg.edu;www.hims2.mcg.edu;hi.mcg.edu;www.hi.mcg.edu;citrix.mcg.edu;www.citrix.mcg.edu;hi2.mcg.edu;www.hi2.mcg.edu;page.mcg.edu;www.page.mcg.edu;rx.mcg.edu;www.rx.mcg.edu;www.mcg.edu;www.oacs.mcg.edu;www.isd.mcg.edu;webaccess.mcg.edu;mcgtv.mcg.edu;www.iris.mcg.edu;webapp.mcg.edu;alpha1.mcg.edu;alpha2.mcg.edu;www.lib.mcg.edu;www.library.mcg.edu;www.digitalmedia.mcg.edu;www.curriculumii.mcg.edu;www.curriculum.mcg.edu;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ;Entries for Campus Cluster user base
O1 - Hosts: 158.93.35.16 www.web2host.mcg.edu
O1 - Hosts: 158.93.12.43 proxy.mcg.edu
O1 - Hosts: ;Entries for MCG_SOD user base
O1 - Hosts: ;Entries for MCG_PSD user base
O1 - Hosts: ; Entries for MCG_HOSPITAL3 user base
O1 - Hosts: 66.155.50.241 www.mcghealthcare.org # MCG HealthCare
O1 - Hosts: ;158.93.39.10 mcgor
O1 - Hosts: ; Entries for MCG_RE user base
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/1266e4d130eac6f9ff18/netzip/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - https://www.imapdata.com/viewer/v6/mgaxctrl.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\WINNT\msxml4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://10.16.13.71/activex/AxisCamControl.cab

Use the LSPFIX at the bottom of my post for this one:
O10 - Broken Internet access because of LSP provider 'vnsp.dll' missing

HTH