1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

RelevantKnowledge has appeared

Discussion in 'Virus & Other Malware Removal' started by jbuller, Apr 22, 2012.

Thread Status:
Not open for further replies.
  1. jbuller

    jbuller Thread Starter

    Apr 22, 2012
    Hi, A program called "RelevantKnowledge" has installed on my PC.
    (see attachment for screenshot)
    What is it? Is it malicious? Where did I get it from?

    Attached Files:

  2. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Mar 3, 2004
    Hi and welcome to TSG! :)

    Yes, it's considered spyware.

    Click here to download HijackThis.exe
    • Save it to your desktop.
    • Doubleclick on the HijackThis.exe icon on your desktop.
    • Click on Install.
    • Once installed, it will launch Hijackthis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

    Please download Malwarebytes' Anti-Malware from Here or Here

    Double click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  3. jbuller

    jbuller Thread Starter

    Apr 22, 2012
    Thanks Cheeseball81, and this is what showed up:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 4:43:23 PM, on 4/23/2012
    Platform: Unknown Windows (WinNT 6.02.0058)
    MSIE: Internet Explorer v10.0 (10.00.8250.0000)
    Boot mode: Normal
    Running processes:
    C:\Program Files\TeamViewer\Version7\TeamViewer.exe
    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.2.3258.308_x86__8wekyb3d8bbwe\LiveComm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
    C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFOGC6ID\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = jonathanpc:3128
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    O2 - BHO: ToolKit IE Helper - {70EA269E-56DF-49C2-86B2-1A1924ED88B4} - C:\Program Files\ToolKitService\splash.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: eToolKit Toolbar - {D3B22A92-87A2-47b6-B3E6-A64877B5C242} - C:\Program Files\ToolKitService\toolbar.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [tktray] C:\Program Files\ToolKitService\tktray.exe
    O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
    O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    O4 - HKCU\..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Jonathan\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [ViStart] C:\Program Files\ViStart\ViStart.exe
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: WinProxy 1.5.lnk = C:\WinProxy\WinProxy.exe
    O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://zone.msn.com/bingame/burg/default/GoBitGamesPlayer_v6.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Stardock Start8 (Start8) - Stardock Software, Inc - C:\Program Files\Stardock\Start8\Start8Srv.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: Toolkit Service (ToolkitSvc) - ToolKit Development, Ltd. - C:\Program Files\ToolKitService\ToolkitService.exe
    End of file - 7314 bytes
    Where did the program come from?
  4. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Mar 3, 2004
    Did you also run Malwarebytes and save the log? I don't see it.

    Have you installed anything new recently?
  5. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Mar 3, 2004
    Also do this

    Run Hijack This and click Open the Misc Tools section.
    Click Open Uninstall Manager > Save list and save the log to your Desktop.
    A list of programs will open in Notepad. Post the contents of this log.
  6. jbuller

    jbuller Thread Starter

    Apr 22, 2012
    Malwarebytes Anti-Malware (Trial)
    Database version: v2012.04.23.05
    Windows 7 x86 NTFS
    Internet Explorer 9.10.8250.0
    Jonathan :: JONATHANPC [administrator]
    Protection: Enabled
    4/24/2012 7:48:37 AM
    mbam-log-2012-04-24 (07-58-32).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
    Scan options disabled:
    Objects scanned: 205569
    Time elapsed: 7 minute(s), 39 second(s)
    Memory Processes Detected: 0
    (No malicious items detected)
    Memory Modules Detected: 0
    (No malicious items detected)
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 0
    (No malicious items detected)
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 3
    C:\Users\Jonathan\AppData\Local\Temp\CSM8274.tmp (PUP.Adware.RelevantKnowledge) -> No action taken.
    C:\Users\Jonathan\AppData\Local\Temp\nsw8CB5.tmp\InstallManagers.exe (PUP.Adware.Agent) -> No action taken.
    C:\Users\Jonathan\Local Settings\Temporary Internet Files\Content.IE5\33JGT0JZ\Mixed_Bundle_4636[1].exe (PUP.Adware.Agent) -> No action taken.
    (end) No I haven't installed any software apart form MalwareBytes.
  7. jbuller

    jbuller Thread Starter

    Apr 22, 2012
    7-Zip 9.22beta
    Adobe AIR
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audacity 1.3.14 (Unicode)
    AutoRun Wizard
    avast! Free Antivirus
    ASUSTek M4A78LT-M LE Motherboard Utilities
    Burger Shop
    CamStudio OSS Desktop Recorder
    CP Blizzard
    Debut Video Capture Software
    DivX Setup
    DVD Flick
    DVDStyler v2.2 rc 1
    FileZilla Client 3.5.3
    Free YouTube Downloader 3.5.126
    Google Earth
    Google Talk (remove only)
    IMG to ISO
    Internet TV for Windows Media Center
    Java(TM) 6 Update 31
    K-Lite Codec Pack 8.4.0 (Full)
    LAME v3.99.3 (for Windows)
    Magic ISO Maker v5.5 (build 0281)
    MagicDisc 2.7.106
    Malwarebytes Anti-Malware version
    Microsoft Antimalware
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    MP3MyMP3 3.1
    OpenOffice.org 3.3
    Oracle VM VirtualBox 4.1.10
    PC Camer@
    Picasa 3
    Prism Video File Converter
    Replay Music
    SeaMonkey (2.8)
    Serif WebPlus Starter Edition 3.0
    Skype¬ô 5.8
    Switch Sound File Converter
    TeamViewer 7
    TuneUp Companion
    VC80CRTRedist - 8.0.50727.6195
    VideoPad Video Editor
    WinProxy 1.5
  8. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Mar 3, 2004
    I don't actually see it in the logs.
    Does it show up in your listed programs under Control Panel?
    Is this folder present? C:\Program Files\RelevantKnowledge

    Please rerun MalwareBytes and have it remove anything it finds.

    Please download DDS by sUBs to your desktop from one of the following locations:


    Disable any script blocker you may have, as they may interfere and then double-click the DDS.scr to run the tool.

    When DDS has finished scanning, it will open two logs named as follows:


    Copy and paste the contents of the DDS.txt file.
    Upload as an attachment the Attach.txt file.
  9. jbuller

    jbuller Thread Starter

    Apr 22, 2012
    I uninstalled it, but I thought
    it might still be there. Jbuller
  10. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Mar 3, 2004
    Gotcha (y) Okay did you do the other steps?
  11. Cheeseball81

    Cheeseball81 Moderator Malware Specialist

    Mar 3, 2004
    Oh I see this is mark solved. I take it that it isn't showing in your taskbar anymore?
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1050358