Welcome to E8 :: [eon8]

Register now to gain access to all of our features. Once registered and logged in, you will be able to contribute to this site by submitting your own content or replying to existing content. You'll also be able to use the shoutbox, customize your profile, change themes, gain reputation points for submitting content, while also communicating with other members via your own private messenger, plus much more!

 

This message will be removed once you have signed in.

Sign in to follow this  
kxrxoxnxixc

Curious if anyone knows what Redemption.exe is

9 posts in this topic

Hey I recently found my computer was running extremely slow, I'm running windows Vista on my laptop(which seems to be extremely annoying), but besides the point I through-out the msconfig thing to see what things were running on startup and to see what stuff I needed and didn't need, and I stumbled across this "Redemption.exe". I looks it up on google and various sites and they all state that is a form of malware that continuously DLs other types of shit on your computer to slow it down, I disabled it from automatically starting it up. The only thing is, when I ran my AV, Spywre Doctor, and SpyBot S&D none of them could find it. I was wondering if anyone could help me manually remove it.

It actually reads like this in msconfig:

command-"/redemption.exe"/STARTUP/

Location-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Share this post


Link to post
Share on other sites

It can be removed using Hijackthis. After installation run it by clicking Do a system scan and save a log file. Afterward copy and paste the log file into a post here.

Share this post


Link to post
Share on other sites

I don't know if disabling it from startup keeps it from showing, but I couldn't find it in the log, but if you see anything I shouldn't have in here, please let me know, Would greatly appreciate.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:04:47 PM, on 1/2/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\RtHDVCpl.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Synaptics\SynTP\SynTPStart.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\K7 Computing\Common\K7SysTry.exe

C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSecurity.exe

C:\WINDOWS\System32\igfxtray.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\igfxpers.exe

C:\WINDOWS\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\mobsync.exe

C:\Program Files\K7 Computing\K7TSecurity\K7SysMon\K7SysMon.Exe

C:\Windows\ehome\ehmsas.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\AIM6\aim6.exe

C:\Program Files\AIM6\aolsoftware.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [K7SystemTray] "C:\Program Files\K7 Computing\Common\K7SysTry.exe"

O4 - HKLM\..\Run: [K7TSStart] "C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSecurity.exe"

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\RunOnce: [DebutUninstall] cmd.exe /C rmdir /S /Q "C:\Program Files\NCH Software\Debut"

O4 - HKLM\..\RunOnce: [DebutUninstall2] cmd.exe /C rmdir /Q "C:\Program Files\NCH Software"

O4 - HKLM\..\RunOnce: [DebutUninstall3] cmd.exe /C rmdir /S /Q "C:\Users\Richard\AppData\Roaming\Program Files\Debut"

O4 - HKLM\..\RunOnce: [DebutUninstall4] cmd.exe /C rmdir /Q "C:\Users\Richard\AppData\Roaming\Program Files"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - Global Startup: hpoddt01.exe.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\k7wslsp.dll

O13 - Gopher Prefix:

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: K7Computng - EMail Proxy Server (K7EmlPxy) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\Common\K7EmlPxy.exe

O23 - Service: K7Firewall Services (K7FWSrvc) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\K7TSecurity\K7FireWall\K7FWSrvc.exe

O23 - Service: K7Privacy Services (K7PSSrvc) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\K7TSecurity\K7Privacy\K7PSSrvc.exe

O23 - Service: K7RealTime AntiVirus Services (K7RTScan) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\K7TSecurity\K7AntiVirus\K7RTScan.exe

O23 - Service: K7SpmSrc - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\K7TSecurity\K7AntiSpam\K7SpmSrc.exe

O23 - Service: K7TotalSecurity Manager (K7TSMngr) - K7 Computing Pvt Ltd - C:\Program Files\K7 Computing\K7TSecurity\Common\K7TSMngr.exe

O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 9264 bytes

Share this post


Link to post
Share on other sites

It might keep it from showing. Try re-enabling and then restart you computer. Then run a hijackthis scan again to see if it shows up. Also search your entire computer for Redemption.exe and delete its entry if it comes up.

The log file shows three things that you can check off and click the Fix Checked button if you like.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Can definitely be removed.

O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.3.7.cab

Something from akamai.com. If you don't know what it is remove it.

O16 - DPF: {C8AEB218-8B7A-4E15-AC17-0EE8D99B80EB} (GameTap Web Updater) - http://cnn-5.vo.llnwd.net/c1/static/cab_he...pWebUpdater.cab

Something from gametap. If you don't know what it is remove it.

The biggest problem I found were all the entries by K7 Computing. Do you know what that is? I think its an anti-virus program. But in any case don't use hijackthis to remove any of it. If its something you don't use and want to get rid of there are separate steps involved.

Share this post


Link to post
Share on other sites

Alright, sweet thanks, Yeah K7 is my AV program. There's a bunch of things on there from it, but its my Firewall and AV and all that stuff...

Share this post


Link to post
Share on other sites

Yeah im definitely hoping so. IDK, compputer seems to be running fine. I re-installed SpyBotS&D and updated it and all that jazz to the newest version, got rid of 30 or spyware. I had previously unloaded it to load in Spyware Doctor or something, but yeah, everything seems to be running fine.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this