My first step is run Hirens Boot CD and run Mini XP on the infected machine (yes I use a CD not a USB stick), using this to run AV tools - this gives me some idea of what malware (if any) is actually installed/partially installed etc., it also has a nice side effect of confirming that the basic platform hardware is still working and can be the quickest way to return a system to operation.