i was just about done. really.

i locked the firewall right down - only firefox can access the network. i deleted all kinds of services. i locked the group policy editor down. 

i was just going to check my email, and i wanted to figure out how to fix this nagging task manager error first, which is something that i've fixed before but can't get right now. so, i loaded up process monitor and rebooted a few times and scared the hell out of myself.

what is it doing in the catroot folder? it shouldn't be in there.

and, why is it installing registry keys to the terminal service?

on a whim, without thinking, i just undid it - i deleted it. and, the thing came up to a blank screen. in hindsight, it's obvious that i deleted the logon.

i was able to fix it by copying it over from the other control set. so, i'll have to double check what i did, and i realized i've still got services sitting.

but, i think i stumbled upon what needs to happen - i need to just let the process monitor run constantly and react to it as shit happens.

i should be up within a few hours. i'm sure of it. and, i don't intend to go back down any time soon. if there's somebody hacking in here, i'm going to catch them. so, be warned - you're on notice.