aoyylw.sys
63fb6fa8
PnkBstrA \___ PunkBuster
PnkBstrB /
TSKNF400.sys
catchme
The only way I've found to get these little buggers cleared out is to:
- Boot from ERD Commander 2006+, then
- use the Administration Tools to load the Drivers and Services control panel.
- From there, you should be able to spot the offending drivers and change them to DISABLE.
- Then, while the Drivers and Services window is still open,
- use the Registry Editor to find the Hive Keys related to the files and delete them (always make a Backup of the Registry FIRST).
- After the Registry is cleaned, close out the Drivers and Services, then open it again to ensure that they are no longer listed.
From that point, you should be able to boot normally, and run your favorite AntiMalware program as a final check.
One additional note: A couple of these pieces of malware seem to change the Permissions, and won't allow the MSCONFIG -> StartUp to be changed cleanly or allow Windows Updates to load properly. If this happens, you can run Dial-A-Fix and select "Security" then "Reset Permissions". That should clear the rest. You may also need to run Dial-A-Fix to ReInstall IE if you are having difficulty getting the browser to work properly.
Post a comment here if you have found any other helpful tricks...