Tech Support Forum - View Single Post - Technicolor screen, Popups, Error messages running programs, random programs starting

Nigel4 · 10-01-2007, 08:09 PM

I ran into some problems with Vundofix. A .dll called Vtustqo.dll repeatedly came up and triggered an NT Authority/SYSTEM shutdown for the lsass.exe. After the 3rd time running Vundofix on start-up with Vtustqo.dll still appearing, I'm posting this. Here's the VundoFix Log:

VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:46:44 PM 10/1/2007

Listing files found while scanning....

C:\windows\system32\fthtibtm.dll
C:\windows\system32\hgghhgh.dll
C:\windows\system32\khffgef.dll
C:\windows\system32\mtbithtf.ini
C:\windows\system32\nnnlklk.dll
C:\WINDOWS\system32\vtustqo.dll

Beginning removal...

Attempting to delete C:\windows\system32\fthtibtm.dll
C:\windows\system32\fthtibtm.dll Could not be deleted.

Attempting to delete C:\windows\system32\hgghhgh.dll
C:\windows\system32\hgghhgh.dll Has been deleted!

Attempting to delete C:\windows\system32\khffgef.dll
C:\windows\system32\khffgef.dll Has been deleted!

Attempting to delete C:\windows\system32\mtbithtf.ini
C:\windows\system32\mtbithtf.ini Has been deleted!

Attempting to delete C:\windows\system32\nnnlklk.dll
C:\windows\system32\nnnlklk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtustqo.dll
C:\WINDOWS\system32\vtustqo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\fthtibtm.dll
C:\windows\system32\fthtibtm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtustqo.dll
C:\WINDOWS\system32\vtustqo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.5.9

Checking Java version...

Java version is 1.4.2.3
Old versions of java are exploitable and should be removed.

Scan started at 9:55:16 PM 10/1/2007

Listing files found while scanning....

C:\windows\system32\vtustqo.dll

Beginning removal...

Attempting to delete C:\windows\system32\vtustqo.dll
C:\windows\system32\vtustqo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\windows\system32\vtustqo.dll
C:\windows\system32\vtustqo.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Should I continue with SmitFraud anyway? Also, you say to post a HJT log after the vundofix, but initially you said post the HJT log after all the steps you mentioned. Do you want two HJT Logs?

10-01-2007, 08:09 PM	#3 (permalink)
Nigel4 Registered User Join Date: Aug 2006 Location: Detroit Posts: 18 OS: XP/Vista	Re: Technicolor screen, Popups, Error messages running programs, random programs star I ran into some problems with Vundofix. A .dll called Vtustqo.dll repeatedly came up and triggered an NT Authority/SYSTEM shutdown for the lsass.exe. After the 3rd time running Vundofix on start-up with Vtustqo.dll still appearing, I'm posting this. Here's the VundoFix Log: VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 9:46:44 PM 10/1/2007 Listing files found while scanning.... C:\windows\system32\fthtibtm.dll C:\windows\system32\hgghhgh.dll C:\windows\system32\khffgef.dll C:\windows\system32\mtbithtf.ini C:\windows\system32\nnnlklk.dll C:\WINDOWS\system32\vtustqo.dll Beginning removal... Attempting to delete C:\windows\system32\fthtibtm.dll C:\windows\system32\fthtibtm.dll Could not be deleted. Attempting to delete C:\windows\system32\hgghhgh.dll C:\windows\system32\hgghhgh.dll Has been deleted! Attempting to delete C:\windows\system32\khffgef.dll C:\windows\system32\khffgef.dll Has been deleted! Attempting to delete C:\windows\system32\mtbithtf.ini C:\windows\system32\mtbithtf.ini Has been deleted! Attempting to delete C:\windows\system32\nnnlklk.dll C:\windows\system32\nnnlklk.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtustqo.dll C:\WINDOWS\system32\vtustqo.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\fthtibtm.dll C:\windows\system32\fthtibtm.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\vtustqo.dll C:\WINDOWS\system32\vtustqo.dll Could not be deleted. Performing Repairs to the registry. Done! VundoFix V6.5.9 Checking Java version... Java version is 1.4.2.3 Old versions of java are exploitable and should be removed. Scan started at 9:55:16 PM 10/1/2007 Listing files found while scanning.... C:\windows\system32\vtustqo.dll Beginning removal... Attempting to delete C:\windows\system32\vtustqo.dll C:\windows\system32\vtustqo.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\windows\system32\vtustqo.dll C:\windows\system32\vtustqo.dll Could not be deleted. Performing Repairs to the registry. Done! Should I continue with SmitFraud anyway? Also, you say to post a HJT log after the vundofix, but initially you said post the HJT log after all the steps you mentioned. Do you want two HJT Logs? Last edited by Nigel4; 10-01-2007 at 08:12 PM.