Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unable to uninstall Quiknowledge


  • This topic is locked This topic is locked
9 replies to this topic

#1 pjnewberry

pjnewberry

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 09 May 2014 - 09:08 AM

Unfortunately I was unable to access my computer for the last 4 days and which resulted in the old thread being closed. But the tech helping me ask me to give him a dump based on a regedit. Here is the output as requested. 

Windows Registry Editor Version 5.00
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qknfd]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,\
  72,00,69,00,76,00,65,00,72,00,73,00,5c,00,71,00,6b,00,6e,00,66,00,64,00,2e,\
  00,73,00,79,00,73,00,00,00
"DisplayName"="qknfd"
"Group"="PNP_TDI"
"WOW64"=dword:00000001
"Tag"=dword:0000000a
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\qknfd\Enum]
"0"="Root\\LEGACY_QKNFD\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
 
You can see the request based on the closed thread from me with the save subject line. 
Thanks,


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 10 May 2014 - 01:46 PM

Good evening. :)

I want you to delete the following folder C:\Program Files (x86)\Quiknowledge

I also want you to delete the following file: C:\windows\system32\drivers\qknfd.sys


Download RegScanner by NirSoft from here and save it to your Desktop.
You'll need to extract the files to continue.

Double click RegScanner.exe to begin.

  • Enter the following text into the Find String textbox and then click OK to start the scan:
  •  
  • quiknowledge
  •  
  • Once complete the second window will show the results.
  • I want you to hold SHIFT down and then left click the top and bottom results to select them all.
  • Right click and select Copy selected Items
  • Open Notepad and paste the results of the scan into it.
  • Repeat for the following strings:

    qknfd
    qksvc


    Once done, drop the Notepad file into a compressed folder and attach it in your next reply.

 

 


So long, and thanks for all the fish.

 

 


#3 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 11 May 2014 - 02:49 PM

Attached File  OutputForNoviciate_FromPJNewberry.txt   227.43KB   4 downloads

Here is the output as requested. Again, thanks for the help.

Pam



#4 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 11 May 2014 - 03:20 PM

Good evening, :)

I'll need some time to work through the results, so i'll not have anything for you until tomorrow.


So long, and thanks for all the fish.

 

 


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 12 May 2014 - 11:18 AM

Good evening. :)

Download Windows Repair by tweaking.com[/b] from here and save it to your Desktop.
There are a number of mirrors for the Installer, which is a 5.32 Mb download at the minute, so just choose one that takes your fancy.
 

  • The first step is to install the application and then run it.
  • Select the Tab for Step 4
  • Click the Create button under System Restore.
  • Click the Backup button under Registry Backup.
  • If for any reason your PC misbehaves after tidying up the registry you can open the tool again and use it to restore your PC using the System Restore option.

     

     

  • This shouldn't be the case, but it always pays to have a Plan B when playing with computers, and this is yours.
  • You can now close the application.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

I want you to repeat the three searches, as before, but this time you are going to remove the items that have been found.

 

For the first one, after scanning I want you to look for the word quiknowledge in the left hand column, under registry key. Hold down the CTRL key and left click each one that has the text in question - if it isn't there, leave it alone.

Once you have highlighted all the relevant matches, right click one of the highlighted keys and select Delete Selected Keys/Values and let it do it's thing.

 

Repeat for the second scan looking for ControlSet and qknfd that need to both be present. In your results that is everything, but a new scan might find something that you want to keep, so be sure to check.

 

For the third one you are looking for ControlSet and qksvc.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Once done, run the scans again and let me have the results, as before.


So long, and thanks for all the fish.

 

 


#6 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 12 May 2014 - 06:49 PM

I did as directed and hit a snag almost immediately. I ran RegScanner on quiknowledge and when I went to delete the items, I received an error saying "Failed to delete 12 registry items". I just selected the first 12 so I could watch the block be deleted. I tried the next 12 and received the same error. So I thought maybe it was because I had the browser open, so I shut the browser and repeated the steps but still received the error.

Thanks,

Pam



#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 13 May 2014 - 01:10 PM

Good evening. :)

Right click RegScanner.exe and select Run as Administrator and that should do the trick.


So long, and thanks for all the fish.

 

 


#8 pjnewberry

pjnewberry
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:29 AM

Posted 17 May 2014 - 04:09 PM

Attached File  Output2ForNoviciate_FromPJNewberry.txt   205.47KB   1 downloadsHere is the output after the attempted deletes. I delete many of the entries but there were some that would not delete. I did do the "Run as administrator". 

Thanks...



#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 18 May 2014 - 12:17 PM

Good evening. :)

As long as you deleted the folder and files I wouldn't worry about the last bits of this. As a general rule I prefer to avoid playing in the registry as there is always a risk of issues and in this case it isn't worth the hassle.


So long, and thanks for all the fish.

 

 


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:12:29 PM

Posted 22 May 2014 - 02:31 PM

As this issue appears to have been resolved, this thread is now closed - i'm glad to have been able to have been of service.
 


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users