Sysinternals has released a new utility called RegDelNull which can find and delete Registry keys that are “undeleteable” by standard Registry-editing utilities because they have embedded null characters in their names. This is useful if your Windows machine is infected with SpyWare and you are unable to clean it up. A new version 8.4 of Autoruns was also released and adds enumeration of kernel-mode drivers, yet another attack vector being used by malware.. This utility will list all the places applications can startup which is great for making sure your machine is spyware free. Autoruns shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
