Ben, spreading a cleaning out over 3 weeks with a 2 week gap at one point, isn't a good working resolution.
Exactly what problems are you experiencing at this point.?We have not established if you have a malware problem, a system problem or some of both.
I did notice the following in Combofix:
2009-10-21 16:38 . 2009-10-21 16:40 -------- d-----w- c:\windows\system32\ca-ES
2009-10-21 16:38 . 2009-10-21 16:39 -------- d-----w- c:\windows\system32\eu-ES
2009-10-21 16:38 . 2009-10-21 16:39 -------- d-----w- c:\windows\system32\vi-VN
2009-10-21 15:25 . 2009-10-21 15:25 -------- d-----w- c:\windows\system32\EventProviders
I did identify eu-ES as related to
http://packages.debian.org/search?keywords=apertium-eu-es
apertium-eu-es >> this is a free operating system, Are you trying to run Debian in a Windows environment?
'Event Providers' shows on that same date, but doing a search isn't very productive.
The 4 entries you have in the Trusted Zone are legitimate. I was asking you to remove them from the Trusted Zone. The IP 66.129.114.121 is part of RealFast. The Trusted Zone has lower security than the internet zone and I try to discourage putting any sites in that zone unless they are for an intranet you have set up. But that's your call.