Yes that file is still there. I attempted to delete it but it said "can not delete vtstq.dll it is being used by another person or program. close any programs that might be using it and try again."
Then I attempted to delete it using kill box. I didn't remember for sure which boxes to check, so I tried all of them at different times. It said it would delete the file upon reboo, but then error message "PendingFileRenameOperationsRegistery Data has been removed by external process."
The file vtstq.dll is still located in the same place c:/windows/system32

Thanks again,

Still not working, Help Mr Wizard!

Try and remove it in safe mode.

I tried removing it in safe mode, From the command line, form Windows Expolrer ang using KillBox, but it still said Cannot Delete The File, It is Being Used by Another Process.

Please download VundoFix.exe (http://www.atribune.org/downloads/VundoFix.exe) to your desktop.
Double-click VundoFix.exe to extract the files.
This will create a VundoFix folder on your desktop.
After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning .
It should look like this:
VundoFix V2.13 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....

At this point press Enter one time.
Next you will see:
Type in the filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.

At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\vtstq.dll
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

Next you will see:
Please type in the second filepath as instructed by the forum staff
Then Press Enter, Then F6, Then Enter Again to continue with the fix.

At this point please type the following file path (make sure to enter it exactly as below!):
C:\WINDOWS\System32\qtstv.*
Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.

The fix will run then HijackThis will open.
In HiJackThis, please place a check next to thefollowing items and click FIX CHECKED IF PRESENT

O2 - BHO: MSEvents Object - {8DBF02DA-4360-4A7E-BEA1-347B87816327} - C:\WINDOWS\system32\vtstq.dll
O20 - Winlogon Notify: vtstq - C:\WINDOWS\system32\vtstq.dll

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

Pancake, I did everything just as you said and it appeared to help, for a little while..... The popups are coming back, including WinAntiVirusPro, Add/Remove Programs in Internet Explorer as well as others.

I also did a registery search, regedit, and found the vtstq.dll, HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\etc..... . Data C:\Windows\System32\vtstq.dll.

Amy more suggestions?

Carlif, thanks, I'll give your suggestions a try

I take it that you did delete that reg item..?



1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.
Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.


Let run the new version of Ewido..

Download Ewido Anti-Malware

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update Ewido. When you have finished updating, EXIT Ewido.
Please reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 before Windows loads. Select Safe Mode on the screen that appears.

• In Safe Mode,run Ewido.
• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
• When the scan is complete click Recommended Action and change it to Quarantine
• Then click Apply all actions

Once finished, click the Save report button, then click Save Report As. This will create a text file.
Make sure you know where to find this file again (like on the Desktop).
Restart back into Normal Mode.
Please perform another scan with Hijack This, and then post back with a copy of the Ewido log and the new HijackThis log.