I normally do this:
I store all of my tools on a 32 GB flash drive
Step 1: boot into Safe Mode
a: run hijackthis
b: run combofix (it’s updated daily)
c: run TDSSkiller (updated daily too)
d: run Malwarebytes
e: run chkdsk /f [partition name]
f: run Defraggler until fragmentation is @ 0%, if it can’t do 0% I boot onto Falcon PE and run Defraggler off the CD until it does get to 0%
g: once defraggler is done reboot into windows.
Step 2: inside of normal Windows
a: perform a restore point.
b: run ccleaner, run the temp cleaner and registry cleaner (making a backup of all of the registry keys just in-case)
c: run defraggler to check to make sure it’s 0% (if you have a SSD skip defraggler altogether)
d: run Spybot Search and Destroy (updated daily, you can download the definition separately and store on flash drive)
e: run Mcaffee Stinger (updated daily)
f: run TDSSkiller (updated daily)
g: run Malwarebytes (updated daily, you can download the definition separately and store on flash drive)
h: run msconfig (to make sure nothing is starting on boot that shouldn’t be after running hijackthis in safe mode)
i: run Avira Anti-virus (install without the guard)
j: check device manager to make sure no rogue hardware is present, if drivers are needed remediation were necessary
k: checked system > advanced settings > Performance > set setting to best performance and just toggle the last bubble on the bottom to keep the graphical aesthetics of Windows and hit apply and then ok [close open windows].
l: check services and disable any un-needed services like Help and Support, Adobe Acrobat, Javascript updater.
m: remove an unnecessary programs, including javascript if it’s not needed by Windows (too many security flaws with java, if it’s not needed remove it)
n: run ccleaner again and run registry cleaner (making a backup of all of the registry keys just in-case) – also run the temp cleaner one last time, being sure to toggle Font Cache, DNS Cache, Windows Error Reporting (helpful if your cleaning someone’s PC and there savvy, you can remove all record of what you did to clean their PC!!!), old prefetch data, IIS Log Files.
o: perform windows updates
p: create a final “clean-slate” restore point.
q: reboot PC and give it a quick run down after reboot, and vet the checklist from above and give is a 2-thumbs up!
Note: if your really anal and know this user will screw up there PC again in the future, you can get Norton Ghost or Acronis Boot Disk and make a bit-level image of there hard drive to restore in the future. I normally keep a 3 TB external on hand at all times just for these purposes and then lock up the external in my safe at home.
It’s also useful to have a few extra tools on your flash drive like speedfan, winrar, generic commonly used drivers, K-lite codec pack, and whatever else you can fit on your flash drive.