I thought I had got rid of this person but he has been logging on again and changeing settings. Ok to begin with I use XP Home SP2 on this machine,Sygate Pro firewall;AVG;A2;Ewido;Process Guard;Spybot S&D;SpywareBlaster and Spyware Guard. All up to date and run regularly. Ccleaner and CWshredder and Hijack this.As well as several management and TCP tools. This computer is a stand alone outside my Lan, no ICS enabled, no net bios, no network shares, no file and print shareing,no other networking enabled other than whats needed for a direct connect to a RR cable modem. Now I do have a bad habit of leaveing it on all the time. So I check my event and security logs daily. I am seeing successfull logons and privelages being established at times when no one is on the computer. Apparently I have a RAT well hidden. Now I follow Black Vipers and the NSA's disable list of processes. Primary is DCom;RPC;RemoteDesktop and assistance all disabled along with File and print shareing etc. All unnecessary services are disabled or manual. Only my AV and Firewall and windows updates are automatic. Now what I am wondering if I used Truecrypt or something and encryped the entire drive would he be able to still access his back door. I really don't want to have to nuke this thing, it came with no CD's I have done 2 system restores and 1 system recovery but he still gets in. I would apreciate any ideas or comments.