Someone I know got their Windows Vista PC infected with one of those obnoxious fake antivirus apps. Between Kaspersky Live CD, MBAM, and HJT I seem to have removed most of it... However, when I was attempting to scan for any rootkits that might be present, most of the ARK tools I tried failed to run or were hampered in some way. I'm not sure, but because of that I suspect that some component of the malware is still in hiding on the machine.

(A rootkit is a definite possibility from what I can see; UAC was off at the time so the machine was exploited with full admin privileges.)

Anyway... I've got no working Windows install at the moment, so no BartPE or UBCD4Win unfortunately. What I do have is SystemRescueCD (with the latest version of ClamAV, for whatever that's worth), Kaspersky Live, and of course a Backtrack 4 DVD I just burned.

I've heard that Backtrack is very good for forensics and the like, and so might be a good choice for finding a rootkit on a Windows partition. Problem is I don't know my way around any of the forensics tools; they all look very advanced and not very user-friendly. So, if I'm looking for a rootkit on the Vista partition, what should I use and how?