Solved: RelevantKnowledge has appeared

jbuller · 22-Apr-2012, 10:15 AM #1

Hi, A program called "RelevantKnowledge" has installed on my PC.
(see attachment for screenshot)
What is it? Is it malicious? Where did I get it from?

**Cheeseball81** · 22-Apr-2012, 11:13 PM #2

Hi and welcome to TSG!

Yes, it's considered spyware.

Click here to download HijackThis.exe

Save it to your desktop.
Doubleclick on the HijackThis.exe icon on your desktop.
Click on Install.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

Please download Malwarebytes' Anti-Malware from Here or Here

Double click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

jbuller · 23-Apr-2012, 11:48 AM #3

Thanks Cheeseball81, and this is what showed up:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:43:23 PM, on 4/23/2012
Platform: Unknown Windows (WinNT 6.02.0058)
MSIE: Internet Explorer v10.0 (10.00.8250.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\taskhost.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.2.3258.308_x86__8w ekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\PixArt\Pac207\Monitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\WINDOWS\system32\conhost.exe
C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_2_202_233_ActiveX.exe
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFOGC6ID\HijackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = jonathanpc:3128
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [tktray] C:\Program Files\ToolKitService\tktray.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
O4 - HKCU\..\Run: [Spotify] "C:\Users\Jonathan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: WinProxy 1.5.lnk = C:\WinProxy\WinProxy.exe
O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/def...sPlayer_v6.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files\Stardock\Start8\Start8Srv.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: Toolkit Service (ToolkitSvc) - ToolKit Development, Ltd. - C:\Program Files\ToolKitService\ToolkitService.exe
--
End of file - 7314 bytes
Where did the program come from?

**Cheeseball81** · 23-Apr-2012, 04:31 PM #4

Did you also run Malwarebytes and save the log? I don't see it.

Have you installed anything new recently?

**Cheeseball81** · 23-Apr-2012, 04:31 PM #5

Also do this

Run Hijack This and click Open the Misc Tools section.
Click Open Uninstall Manager > Save list and save the log to your Desktop.
A list of programs will open in Notepad. Post the contents of this log.

jbuller · 24-Apr-2012, 03:01 AM #6

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.04.23.05
Windows 7 x86 NTFS
Internet Explorer 9.10.8250.0
Jonathan :: JONATHANPC [administrator]
Protection: Enabled
4/24/2012 7:48:37 AM
mbam-log-2012-04-24 (07-58-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 205569
Time elapsed: 7 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Users\Jonathan\AppData\Local\Temp\CSM8274.tmp (PUP.Adware.RelevantKnowledge) -> No action taken.
C:\Users\Jonathan\AppData\Local\Temp\nsw8CB5.tmp\InstallManagers.exe (PUP.Adware.Agent) -> No action taken.
C:\Users\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\33JGT0JZ\Mixed_Bundle_4636[1].exe (PUP.Adware.Agent) -> No action taken.
(end) No I haven't installed any software apart form MalwareBytes.

jbuller · 24-Apr-2012, 03:06 AM #7

7-Zip 9.22beta
Adobe AIR
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 1.3.14 (Unicode)
AutoRun Wizard
avast! Free Antivirus
ASUSTek M4A78LT-M LE Motherboard Utilities
Bonjour
BumpTop
Burger Shop
CamStudio OSS Desktop Recorder
CDBurnerXP
CP Blizzard
Debut Video Capture Software
DivX Setup
DVD Flick 1.3.0.7
DVDStyler v2.2 rc 1
eToolKit
FileZilla Client 3.5.3
Free YouTube Downloader 3.5.126
Google Earth
Google Talk (remove only)
IMG to ISO
Internet TV for Windows Media Center
iTunes
Java(TM) 6 Update 31
K-Lite Codec Pack 8.4.0 (Full)
LAME v3.99.3 (for Windows)
Magic ISO Maker v5.5 (build 0281)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft Antimalware
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MP3MyMP3 3.1
OpenOffice.org 3.3
Oracle VM VirtualBox 4.1.10
PC Camer@
Picasa 3
Prism Video File Converter
Replay Music
SeaMonkey (2.8)
Serif WebPlus Starter Edition 3.0
Skype™ 5.8
Start8
Switch Sound File Converter
swMSM
TeamViewer 7
TuneUp Companion 2.4.4.3
VC80CRTRedist - 8.0.50727.6195
VideoPad Video Editor
WinProxy 1.5

**Cheeseball81** · 24-Apr-2012, 07:40 PM #8

I don't actually see it in the logs.
Does it show up in your listed programs under Control Panel?
Is this folder present? C:\Program Files\RelevantKnowledge

Please rerun MalwareBytes and have it remove anything it finds.

Please download DDS by sUBs to your desktop from one of the following locations:

http://download.bleepingcomputer.com/sUBs/dds.scr
http://www.forospyware.com/sUBs/dds

Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

When DDS has finished scanning, it will open two logs named as follows:

DDS.txt
Attach.txt

Copy and paste the contents of the DDS.txt file.
Upload as an attachment the Attach.txt file.

jbuller · 27-Apr-2012, 12:27 PM #9

I uninstalled it, but I thought
it might still be there. Jbuller

**Cheeseball81** · 27-Apr-2012, 01:49 PM **#10**

Gotcha

Okay did you do the other steps?

**Cheeseball81** · 27-Apr-2012, 01:49 PM **#11**

Oh I see this is mark solved. I take it that it isn't showing in your taskbar anymore?

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Solved: RelevantKnowledge has appeared

Find the solution to your computer problem!

Find the solution to your
computer problem!