I'm not a forensics expert, but I work on this stuff on a daily basis for our customers. I follow a pretty basic plan of attack for stuff like this:
1. Turn off system restore 2. Install, Update, and run Malwarebyte's (usually a quickscan in normal windows) 3. Run TrendMicro's housecall from their website. 4. Check IE for BHO's If there is still a problem I will move to autoruns to disable anything odd starting up with the system and run process explorer to research svchost.exe. And, when all else fails - Nuke and Pave buddy... nuke and pave :P Good Luck!
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
