Windows seeking vepufini.dll at reboot

[hannah]

I am a registered user of MB. Malware Bytes removed Vundo. It took a couple of safe mode scans and reboots. I now get a clear scan, no infections are shown.

However, when I boot up, I get a message saying that windows is looking for this file and it could not "load module."

The file is: system32/vepufini.dll

Is this a legitimate windows file that I need to run the computer properly? If not, how can I stop this message at loading? If it is, where do I get the file? I am running Windows XP Media edition.

I appreciate any help. I read all the posts regarding Vundo but didn't see anyone else with this particular issue.

Do I need to post the log file here? What can I supply that will assist the kind soul who is willing to help me?

Thank you kindly for your help.

Hannah

[hannah]

I am a registered user of MB. Malware Bytes removed Vundo. It took a couple of safe mode scans and reboots. I now get a clear scan, no infections are shown.

However, when I boot up, I get a message saying that windows is looking for this file and it could not "load module."

The file is: system32/vepufini.dll

Is this a legitimate windows file that I need to run the computer properly? If not, how can I stop this message at loading? If it is, where do I get the file? I am running Windows XP Media edition.

I appreciate any help. I read all the posts regarding Vundo but didn't see anyone else with this particular issue.

Do I need to post the log file here? What can I supply that will assist the kind soul who is willing to help me?

Thank you kindly for your help.

Hannah

ADDENDUM: I see you are requesting the logs for an MB quickscan and a Panda scan. I will post them here when I get them.

[hannah]

Malwarebytes' Anti-Malware 1.31

Database version: 1547

Windows 5.1.2600 Service Pack 2

12/25/2008 10:14:09 PM

mbam-log-2008-12-25 (22-14-08).txt

Scan type: Quick Scan

Objects scanned: 62492

Time elapsed: 6 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pesewomago (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

[hannah]

HIJACK THIS RESULTS

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:29:26 PM, on 12/25/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\drivers\CDAC11BA.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dllhost.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Digital Media Reader\readericon45G.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\802.11 Wireless LAN\802.11g_Utility\ZDWlan.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Webroot\Spy Sweeper\SSU.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\SNDVOL32.EXE

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.abundancemagazine.com

O15 - Trusted Zone: http://*.colorbakery.com

O15 - Trusted Zone: http://*.vintagemural.com

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187648069218

O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2.0\adialhk.dll,C:\WINDOWS\system32\pajusumo.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE

O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--

End of file - 11272 bytes

[exile360]

Greetings Hannah. To get you the help you need please post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7

as this is the forum the experts frequent to analyze logs and do advanced repairs. Thanks. Good luck and safe surfing.

[hannah]

Greetings Hannah. To get you the help you need please post your logs here: http://www.malwarebytes.org/forums/index.php?showforum=7

as this is the forum the experts frequent to analyze logs and do advanced repairs. Thanks. Good luck and safe surfing.

thank you

[exile360]

You are very welcome, and if you have any more questions/issues just let us know. And Happy Holidays.