Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: RelevantKnowledge has appeared


(!)

jbuller's Avatar
jbuller jbuller is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Advanced
22-Apr-2012, 10:15 AM #1
Question RelevantKnowledge has appeared
Hi, A program called "RelevantKnowledge" has installed on my PC.
(see attachment for screenshot)
What is it? Is it malicious? Where did I get it from?
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
22-Apr-2012, 11:13 PM #2
Hi and welcome to TSG!

Yes, it's considered spyware.


Click here to download HijackThis.exe
  • Save it to your desktop.
  • Doubleclick on the HijackThis.exe icon on your desktop.
  • Click on Install.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please download Malwarebytes' Anti-Malware from Here or Here

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
__________________
Microsoft MVP - Consumer Security
If we've helped you, please donate to TSG!
jbuller's Avatar
jbuller jbuller is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Advanced
23-Apr-2012, 11:48 AM #3
Thanks Cheeseball81, and this is what showed up:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:43:23 PM, on 4/23/2012
Platform: Unknown Windows (WinNT 6.02.0058)
MSIE: Internet Explorer v10.0 (10.00.8250.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\taskhost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.2.3258.308_x86__8w ekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\system32\conhost.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFOGC6ID\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = jonathanpc:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [tktray] C:\Program Files\ToolKitService\tktray.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [Spotify] "C:\Users\Jonathan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: WinProxy 1.5.lnk = C:\WinProxy\WinProxy.exe
O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/def...sPlayer_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files\Stardock\Start8\Start8Srv.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Toolkit Service (ToolkitSvc) - ToolKit Development, Ltd. - C:\Program Files\ToolKitService\ToolkitService.exe
--
End of file - 7314 bytes
Where did the program come from?
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
23-Apr-2012, 04:31 PM #4
Did you also run Malwarebytes and save the log? I don't see it.

Have you installed anything new recently?
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
23-Apr-2012, 04:31 PM #5
Also do this

Run Hijack This and click Open the Misc Tools section.
Click Open Uninstall Manager > Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of this log.
jbuller's Avatar
jbuller jbuller is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Advanced
24-Apr-2012, 03:01 AM #6
Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.05
Windows 7 x86 NTFS
Internet Explorer 9.10.8250.0
Jonathan :: JONATHANPC [administrator]
Protection: Enabled
4/24/2012 7:48:37 AM
mbam-log-2012-04-24 (07-58-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 205569
Time elapsed: 7 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Jonathan\AppData\Local\Temp\CSM8274.tmp (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Users\Jonathan\AppData\Local\Temp\nsw8CB5.tmp\InstallManagers.exe (PUP.Adware.Agent) -> No action taken.
C:\Users\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\33JGT0JZ\Mixed_Bundle_4636[1].exe (PUP.Adware.Agent) -> No action taken.
(end) No I haven't installed any software apart form MalwareBytes.
jbuller's Avatar
jbuller jbuller is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Advanced
24-Apr-2012, 03:06 AM #7
7-Zip 9.22beta
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
AutoRun Wizard
avast! Free Antivirus
ASUSTek M4A78LT-M LE Motherboard Utilities
Bonjour
BumpTop
Burger Shop
CamStudio OSS Desktop Recorder
CDBurnerXP
CP Blizzard
Debut Video Capture Software
DivX Setup
DVD Flick 1.3.0.7
DVDStyler v2.2 rc 1
eToolKit
FileZilla Client 3.5.3
Free YouTube Downloader 3.5.126
Google Earth
Google Talk (remove only)
IMG to ISO
Internet TV for Windows Media Center
iTunes
Java(TM) 6 Update 31
K-Lite Codec Pack 8.4.0 (Full)
LAME v3.99.3 (for Windows)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MP3MyMP3 3.1
OpenOffice.org 3.3
Oracle VM VirtualBox 4.1.10
PC Camer@
Picasa 3
Prism Video File Converter
Replay Music
SeaMonkey (2.8)
Serif WebPlus Starter Edition 3.0
Skype™ 5.8
Start8
Switch Sound File Converter
swMSM
TeamViewer 7
TuneUp Companion 2.4.4.3
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
WinProxy 1.5
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
24-Apr-2012, 07:40 PM #8
I don't actually see it in the logs.
Does it show up in your listed programs under Control Panel?
Is this folder present? C:\Program Files\RelevantKnowledge

Please rerun MalwareBytes and have it remove anything it finds.

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt


Copy and paste the contents of the DDS.txt file.
Upload as an attachment the Attach.txt file.
jbuller's Avatar
jbuller jbuller is offline
Computer Specs
Member with 5 posts.
THREAD STARTER
 
Join Date: Apr 2012
Experience: Advanced
27-Apr-2012, 12:27 PM #9
I uninstalled it, but I thought
it might still be there. Jbuller
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
27-Apr-2012, 01:49 PM #10
Gotcha Okay did you do the other steps?
Cheeseball81's Avatar
Computer Specs
Moderator & Malware Removal Specialist with 83,620 posts.
 
Join Date: Mar 2004
Location: Long Island, NY
Experience: Advanced
27-Apr-2012, 01:49 PM #11
Oh I see this is mark solved. I take it that it isn't showing in your taskbar anymore?
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


Tags
install, malware, relevant knowledge

(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑