Well, no luck so far...the opendns site is down today I think, so I can't get anything downloaded to help me out.
Here is what I can do manually, and I've made a teeny bit of progress in at least I'm getting to know how weird and evil these people are to try to get $20 bucks out of a person. Geez, I've paid for av software already! I'd gladly pay this and be done with this, but I can't even get the system to that point. I have 10 years of photos on that drive that I've been reorganizing and cleaning up. They are the only thing I have left on there, and of course they are the most important, so I was backing up the rest of the system without as much concern. Dang, I get down to the most important (to me) part and they slaughter me.
This is just what I've learned today from you, and mostly trial and error.
Thanks again. Hope it will help someone else avoid the hassle I've gone through.
1) Run Windows XP in Safe Mode with cmd line
2) Nav to documents and settings\userdir\local settings\temp
a. Delete everything here. Use params if necessary to kill subdirs.
b. Nav to your documents and settings\userdir\desktop. Delete any files that match *.url or *.lnk. The names will be obvious.
3) May not be necessary here, but the wscui.cpl file was killing me on mine, so I marked it as suspect:
a. Go to c:\windows\system32 and rename suspect .cpl files to something like wscui.cpl.suspect (or hacked or something)
b. Check the hosts file for any hacking. Mine should've been blank, but had a 192 address hacked in there.
c:\windows\system32\drivers\etc is where mine is.
4) If you have a temp folder in your root drive, delete everything in it, again using params and/or rd to kill all subdirs.
5) Mine was infected with several diff binaries in the root. I deleted autorun.exe and a companion autorun.inf, a bogus one that even had a dog on the icon and I think he was peeing, and a few others.
6) Remove any dirs and/or files in your Program Files dir named MicroAV, microantivirus, or something similar. (check the web to be sure you don't kill a good dir.)
7) Restart Windows in safe mode w/networking support
Fix browser default pages and set network connection to go through opendns (see David's thread above).
9) that's where I am for today...