asuchar
2008-12-27, 10:02
Hi everyone...
my first time here. Recently ran into malware + trojan problems.
Took me a long time to resolve but heres what I did:-
Ran Spybot S&D, scanned and fixed
Ran Spyware Doctor, scanned and fixed
And so my popups and adware stopped and I thought my PC was fixed...
When I restarted, upon startup I recieved "RUNDLL" error
something about failing to run "damorume.dll"
So I ran registry mechanic and it showed the same error
And I repaired it. Immediately during repair, TeaTimer detected the change and showed that something was trying to delete the value. I knew Registry Mechanic was doing it so I allowed it
Immediately after the repair registry mechanic repaired and deleted the value, Teatimer detected that something was trying to add the value again, and this time I denied the add
I thought the problem was fixed then, so I restarted the computer and again I recieved the same Rundll error.
I scanned with registry mechanic again and this time there was no damorume.dll error
So my guess is some program keeps trying to add the registry value at startup before teatimer is fully loaded
Heres the log:
12/26/2008 11:45:06 PM Allowed (based on user decision) value "ISTray" (new data: "") deleted in System Startup global entry!
12/27/2008 12:04:53 AM Allowed (based on user decision) value "CPMbfe4d7c7" (new data: "") deleted in System Startup global entry!
12/27/2008 12:05:01 AM Allowed (based on user decision) value "wulipowune" (new data: "") deleted in System Startup global entry!
12/27/2008 12:05:04 AM Allowed (based on user decision) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:11:53 AM Allowed (based on user decision) value "wulipowune" (new data: "") deleted in System Startup global entry!
12/27/2008 12:12:02 AM Denied (based on user decision) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:08 AM Denied (based on user decision) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:13 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:18 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:25 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:30 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:43 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:46 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:52 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:58 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:07 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:13 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:18 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:24 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:29 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:35 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:44 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:50 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:57 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:02 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:09 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:14 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:19 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:26 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:31 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:36 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:41 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:46 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:49 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:57 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:00 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:02 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:04 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:08 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:11 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:13 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:18 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:23 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:34 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:39 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:44 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:49 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:54 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:06 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:11 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:16 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:22 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:27 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:33 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:38 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:45 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
All those multiple times it denied are highlighted in blue (I told spybot to remember the decision)
Is there anyway I can stop the thing that keeps trying to re-add the registry value for damorume.dll? Theres no problem with malware or anything since spybot fixed it, but its kind of annoying to recieve the rundll error on startup...
Thanks in advance
my first time here. Recently ran into malware + trojan problems.
Took me a long time to resolve but heres what I did:-
Ran Spybot S&D, scanned and fixed
Ran Spyware Doctor, scanned and fixed
And so my popups and adware stopped and I thought my PC was fixed...
When I restarted, upon startup I recieved "RUNDLL" error
something about failing to run "damorume.dll"
So I ran registry mechanic and it showed the same error
And I repaired it. Immediately during repair, TeaTimer detected the change and showed that something was trying to delete the value. I knew Registry Mechanic was doing it so I allowed it
Immediately after the repair registry mechanic repaired and deleted the value, Teatimer detected that something was trying to add the value again, and this time I denied the add
I thought the problem was fixed then, so I restarted the computer and again I recieved the same Rundll error.
I scanned with registry mechanic again and this time there was no damorume.dll error
So my guess is some program keeps trying to add the registry value at startup before teatimer is fully loaded
Heres the log:
12/26/2008 11:45:06 PM Allowed (based on user decision) value "ISTray" (new data: "") deleted in System Startup global entry!
12/27/2008 12:04:53 AM Allowed (based on user decision) value "CPMbfe4d7c7" (new data: "") deleted in System Startup global entry!
12/27/2008 12:05:01 AM Allowed (based on user decision) value "wulipowune" (new data: "") deleted in System Startup global entry!
12/27/2008 12:05:04 AM Allowed (based on user decision) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:11:53 AM Allowed (based on user decision) value "wulipowune" (new data: "") deleted in System Startup global entry!
12/27/2008 12:12:02 AM Denied (based on user decision) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:08 AM Denied (based on user decision) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:13 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:18 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:25 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:12:30 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:43 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:46 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:52 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:15:58 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:07 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:13 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:18 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:24 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:29 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:35 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:44 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:50 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:16:57 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:02 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:09 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:14 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:19 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:26 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:31 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:36 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:41 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:46 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:49 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:17:57 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:00 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:02 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:04 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:08 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:11 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:13 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:18 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:23 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:34 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:39 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:44 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:49 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:18:54 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:06 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:11 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:16 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:22 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:27 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:33 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:38 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
12/27/2008 12:19:45 AM Denied (based on user blacklist) value "wulipowune" (new data: "Rundll32.exe "C:\WINDOWS\system32\damorume.dll",s") added in System Startup global entry!
All those multiple times it denied are highlighted in blue (I told spybot to remember the decision)
Is there anyway I can stop the thing that keeps trying to re-add the registry value for damorume.dll? Theres no problem with malware or anything since spybot fixed it, but its kind of annoying to recieve the rundll error on startup...
Thanks in advance