Mark Russinovich posted an excellent step-by-step article on how a Microsoft Support Engineer tracked down a rather nasty autostart malware program that was causing networked printers to spew out garbage printings. A combination of several very useful Sysinternals tools were used to track down the bug including: Process Explorer, Listdlls, Autoruns, Process Monitor (to log boot activity), Sigcheck and Strings. In the final step to fix the problem, he used the Windows Preinstallation Environment in order to replace dlls that would otherwised by locked if logged into Windows.

Definitely worth a read. The article is: The Case of the Malicious Autostart