Mark Russinovich has posted another step-by-step case of determining the root cause of a malware attack. This particular piece of malware went so far as to attempt to block sysinternal applications from opening. I find the steps taken to solve these types of problems very interesting and informative. It is much like a puzzle game in trying to rid the system of the malware. Here is the link: The Case of the Sysinternals-Blocking Malware.