1. Create a Windows System Restore Point –
Vista –> START | type rstrui – create a restore point

Windows 7 –> START | type create | select “Create a Rstore Point”

2. Run the Driver Verifier –

Code:
DRIVER VERIFIER

START | type verifier | make these selections - 

1. Select 2nd option - "Create custom settings (for code developers)"
2. Select 2nd option - "Select individual settings from a full list"
3. Check these boxes -
• Special Pool • Pool Tracking • Force IRQL checking • Deadlock Detection • Security Checks (Windows 7) • Miscellaneous Checks
4. Select last option - "Select driver names from a list" 5. Click on the Provider heading - sorts list by Provider 6. Check ALL boxes where "Microsoft" IS NOT the Provider 7. Click on Finish 8. Re-boot

*** IMPORTANT – PLEASE READ:

– If the Driver Verifier (DV) finds a violation, it will result in a BSOD
– After re-start, you may not be able to log on to normal Windows
… • Boot into SAFEMODE – tap the F8 key repeatedly during boot-up
… • Select “System Restore”
… • Choose the restore point that you created in step #1

– For Driver Verifier status – type verifier /query (in a cmd/DOS screen)
– To turn Driver Verifier off – verifier /reset then re-boot

– The Driver Verifier needs to run as long as possible – even if the status screen appears clear.
– All future BSOD dumps must be VERIFIER_ENABLED_MINIDUMPs – otherwise the dump(s) are of no use


Kaspersky Virus Removal Tool – free virus scanner. Can not be updated, you need to download installation file again for fresh database. The tool installs in Windows, scans the computer and asks to remove the installation.
Fresh version be downloaded from here: http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

Kaspersky Rescue CD – bootable CD with Kaspersky Virus Removal Tool. Manufacturer does not update bases on this tool. So every time you boot from this CD, you need to update the bases. This CD is based on Linux distribution. It does not work with wireless network, so you need to have Ethernet cable plugged in when you boot from this disk. Make sure you download all the updates before running the scan, as the original CD contains information that was actual in 2008, but very old now.
ISO image of the CD can be downloaded here: http://devbuilds.kaspersky-labs.com/devbuilds/RescueDisk/

Malwarebytes’Anti-Malware – Part of Hiren’s Boot CD. Can be updated when run from the CD.

Spyware Search And Destroy – Part of Hiren’s Boot CD. Can be updated when run from the CD.

SuperAntiSpyware – Part of Hiren’s Boot CD. Can be updated when run from the CD.

miniDrWeb – bootable CD with DrWeb anti-virus. Need to download new version of ISO file for fresh virus databases.
ISO image can be downloaded from here: http://www.freedrweb.com/livecd

F-Secure – bootable CD with F-Secure anti-virus. You need to download new ISO-image to have fresh virus databases.
ISO can be downloaded from here: http://www.f-secure.com/en_EMEA/security/security-lab/tools-and-services/rescue-cd/

Bit-Defender Rescue CD – bootable CD with Bit-Defender anti-virus. Manufacturer does not update ISO-image with fresh bases. Every time you boot with this CD, you need to update the definitions. This CD is based on Linux distribution. To be able to connect to the Internet, you need to have Ethernet cable to be plugged in on booting. This software does not work with Wireless.
ISO can be downloaded from here: http://download.bitdefender.com/rescue_cd/

Avira AntiVir Rescue System – bootable CD with Avira scanner. ISO image is updated every day, so you need to download a fresh one for every other day.
ISO can be downloaded from here: http://www.avira.com/en/support/support_downloads.html

Trinity Rescue Kit – excellent boot CD with non-interactive virus-scan option. http://trinityhome.org/Home/index.php?wpid=1&front_id=12

ISO can be downloaded from here:
  1. From the Windows Start menu, select Run. In the Run box, type regedit and click OK.
  2. In the Registry Editor, locate the following key:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
    CurrentVersion\Policies\Explorer
  3. Create a new DWORD Value with the name ClassicShell, and assign a value of 1 to it.
  4. Close the Registry Editor.
  5. Reboot

Sometimes you can not run Regedit. This is due to a setting in the registry itself.

When you try to run Regedit, you get a message like “Registry editing has been disabled by your administrator” or something similar.

To resolve this run the following command:

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f

This should get you the instant result.

When you are loaded up from WinXP boot CD, you can edit registry on existing installation on the HDD.

  1. Start Regedit.
  2. Go to HKEY_USERS
  3. Select File -> Load Hive.  Point to C:\Windows\System32\Config. Inside this folder select one of the files i.e software, SAM, system etc.
  4. Type new name for the folder to mount the remote registry… like REMOTE_System or REMOTE_Software.
  5. Now remote registry is loaded into regedit and you can change things there just like in normal registry.
  6. After done changes, you MUST unload the hives: File -> Unload Hive.

Check HKEY_USERS\Remote_Software\Microsoft\Windows NT\CurrentVersion\Winlogon

Shell entry must be pointing to Explorer.exe.

Userint should point to C:\Windows\System32\Userinit.exe

Mounting windows share in Linux is pretty simple:
mount -t cifs //server/share -o username=user,password=password /mnt/windows_share

Sometimes Windows shares can have space in their name and in this case you need to replace space to “\040“:
mount -t cifs //server/share\040name -o username=user,password=password /mnt/share