Ok, I was at my grandmothers house today and my aunt was there and she started explaining to me that her computer has some problem (she's a computer illiterate). Well, the hacker first started out by when ever she would connect to the internet (through a dial-up modem) the computer would shut down. Then one day she finished using the computer and went to shut down and XP told her that she could not shut down because someone else was using the computer at the moment, that's when she started getting suspicious. The reason for this was because the hacker created an account (which she later found out when she turned her comp back on the next day). I wanted to gather some info before i go to her house to fix the problem (it's a 2 hour drive). The only info I have is the one she gave me. And also when she get's on she can only last 15mins on before the comp shuts down. So when I get over there I'm planning to first run search and destroy and all those other programs you people always mention (I'm going to burn it on a CD-RW). Since I think that she has some program installed which is telling the attacker her IP whenever she gets on. But before this I plan on doing a netstat till I get disconnected to see what hostnames are connected to the computer to then later find out the IP and whois it (if the attacker isn't using a proxy which i doubt they wouldn't be). Then I plan on reporting the hostname/IP to the ISP (don't know if they can acutally do anything about it but worth a shot) then changing her account password since she has it saved on her comp the attacker probably knows it. Then I plan on removing the created account and changing her password on the XP accounts and adding an Administrative account to create less access for her normal accounts (she doesn't have an Administrative account instead all of her accounts have administrative powers). So I wanted to know what you people think I should do besides what I have mentioned. Thank you for your time.