Try ewido. It's a free trial for 30 days. http://www.ewido.net/en/download/
If that doesn't help, post your hijackthis log here.
Go to www.hijackthis.de, choose download immediatly. Unzip, run, scan with log.
Upload the log to the hijackthis site, choose analyze, then save and post the resulting url here.

J.

O1 - Hosts: 222.189.228.4 www.hao123.com
O1 - Hosts: 222.189.228.4 www.7b.com.cn
O1 - Hosts: 222.189.228.4 www.7939.com
O1 - Hosts: 222.189.228.4 www.360safe.com
O1 - Hosts: 222.189.228.4 360safe.com
O1 - Hosts: 222.189.228.4 update.360safe.com
O1 - Hosts: 222.189.228.4 dl.360safe.com
O1 - Hosts: 222.189.228.4 bbs.360safe.com
O1 - Hosts: 222.189.228.4 count16.51yes.com
O1 - Hosts: 222.189.228.4 count18.51yes.com
O1 - Hosts: 222.189.228.4 count20.51yes.com
O1 - Hosts: 222.189.228.4 www.btbaicai.com
O1 - Hosts: 222.189.228.4 btbaicai.com
O1 - Hosts: 222.189.228.4 www.pctutu.com
O1 - Hosts: 222.189.228.4 www.7322.com
O1 - Hosts: 222.189.228.4 www.5566.net
O1 - Hosts: 222.189.228.4 www.9991.com
O1 - Hosts: 222.189.228.4 forum.ikaka.com
O1 - Hosts: 222.189.228.4 www.ikaka.com
O1 - Hosts: 222.189.228.4 www.piaoxue.com
O1 - Hosts: 222.189.228.4 forum.jiangmin.com
O1 - Hosts: 222.189.228.4 update.jiangmin.com
O1 - Hosts: 222.189.228.4 post.baidu.com
O1 - Hosts: 222.189.228.4 zhidao.baidu.com
O1 - Hosts: 222.189.228.4 update.rising.com.cn
O1 - Hosts: 222.189.228.4 online.rising.com.cn
O1 - Hosts: 222.189.228.4 dl.pconline.com.cn
O1 - Hosts: 222.189.228.4 space.uwants.com
O1 - Hosts: 222.189.228.4 www.pcav.cn
O1 - Hosts: 222.189.228.4 mopery.hits.io
O1 - Hosts: 222.189.228.4 www.goodmv.cn
O1 - Hosts: 222.189.228.4 www.5566.net
O1 - Hosts: 222.189.228.4 www
O1 - Hosts: 5b4
O1 - Hosts: .piaoxue.com
O1 - Hosts: 222.189.228.4 www.luosoft.com
O1 - Hosts: 222.189.228.4 luosoft.com
O1 - Hosts: 222.189.228.4 www.7255.com
O1 - Hosts: 222.189.228.4 dl.pconline.com.cn
O1 - Hosts: 222.189.228.4 www.spjoy.com
O1 - Hosts: 222.189.228.4 c01.caishow.com
O1 - Hosts: 222.189.228.4 c02.caishow.com
O1 - Hosts: 222.189.228.4 c03.caishow.com
O1 - Hosts: 222.189.228.4 c04.caishow.com
O1 - Hosts: 222.189.228.4 www.caishow.com
O1 - Hosts: 222.189.228.4 union.caishow.com
O1 - Hosts: 222.189.228.4 ad01.a8.com
O1 - Hosts: 222.189.228.4 ad02.a8.com
O1 - Hosts: 222.189.228.4 sg.a8.com
O1 - Hosts: 222.189.228.4 www.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip1.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip2.adanywhere.cn
O1 - Hosts: 222.189.228.4 www.bannerbox.cn
O1 - Hosts: 222.189.228.4 www.caiqiyue.com
O1 - Hosts: 222.189.228.4 toolsbar.kuaiso.com
O1 - Hosts: 222.189.228.4 www.kuaiso.com
O1 - Hosts: 222.189.228.4 www.2t2t.cn
O1 - Hosts: 222.189.228.4 3.a.kal.cn
O1 - Hosts: 222.189.228.4 ip.alexaanywhere.com
O1 - Hosts: 222.189.228.4 go.ipcenter.cn
O1 - Hosts: 222.189.228.4 www.2yin.cn
O1 - Hosts: 222.189.228.4 wwww.systeel.com.cn
O1 - Hosts: 222.189.228.4 go.baibaoxiang.cn
O1 - Hosts: 222.189.228.4 www.gao58.com
O1 - Hosts: 222.189.228.4 www.2tu.cn
O1 - Hosts: 222.189.228.4 www.91tu.cn
O1 - Hosts: 222.189.228.4 www.haotop.com
O1 - Hosts: 222.189.228.4 news01.virussky.com
O1 - Hosts: 222.189.228.4 news02.virussky.com
O1 - Hosts: 222.189.228.4 news03.virussky.com
O1 - Hosts: 222.189.228.4 news04.virussky.com
O1 - Hosts: 222.189.228.4 news40.virussky.com
O1 - Hosts: 222.189.228.4 news41.virussky.com
O1 - Hosts: 222.189.228.4 news42.virussky.com
O1 - Hosts: 222.189.228.4 www.an85.com
O1 - Hosts: 222.189.228.4 an85.com
O1 - Hosts: 222.189.228.4 www.
O1 - Hosts: 3e3
O1 - Hosts: ycdy.com
O1 - Hosts: 222.189.228.4 ycdy.com
O1 - Hosts: 222.189.228.4 down.virussky.com
O1 - Hosts: 222.189.228.4 update.virussky.com
O1 - Hosts: 222.189.228.4 www.maipao.com
O1 - Hosts: 222.189.228.4 www.sina-baidu.com
O1 - Hosts: 222.189.228.4 www.maohehe.com
O1 - Hosts: 222.189.228.4 www.1717kan.cn
O1 - Hosts: 222.189.228.4 www.feixue.net
O1 - Hosts: 222.189.228.4 www.xingkongitv.com
O1 - Hosts: 222.189.228.4 about-blank.cc
O1 - Hosts: 222.189.228.4 www.xfkz.com
O1 - Hosts: 222.189.228.4 xfkz.com
O1 - Hosts: 222.189.228.4 www.365tan.com
O1 - Hosts: 222.189.228.4 cg.9e3.com
O1 - Hosts: 222.189.228.4 www.qqplayer.net
O1 - Hosts: 222.189.228.4 www.sosok.com
O1 - Hosts: 222.189.228.4 img.zhangxiu.com
O1 - Hosts: 222.189.228.4 www.okeaa.com
O1 - Hosts: 222.189.228.4 www.winopen.cn

Ned, this is not compleet. That's only bart of a hijackthis log. This only shows your hosts file, but not what might cause this.
You better upload the whole log to analyze on hijackthis.de and then paste the provided link (after you klikked 'save' on the website).

J.

Logfile of HijackThis v1.99.1
Scan saved at 10:43:58 PM, on 26/10/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\mshosts.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
G:\Eraser\eraser.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Documents and Settings\Ned Kelly\Desktop\HijackThis.exe

O1 - Hosts: 222.189.228.4 www.hao123.com
O1 - Hosts: 222.189.228.4 www.7b.com.cn
O1 - Hosts: 222.189.228.4 www.7939.com
O1 - Hosts: 222.189.228.4 www.360safe.com
O1 - Hosts: 222.189.228.4 360safe.com
O1 - Hosts: 222.189.228.4 update.360safe.com
O1 - Hosts: 222.189.228.4 dl.360safe.com
O1 - Hosts: 222.189.228.4 bbs.360safe.com
O1 - Hosts: 222.189.228.4 count16.51yes.com
O1 - Hosts: 222.189.228.4 count18.51yes.com
O1 - Hosts: 222.189.228.4 count20.51yes.com
O1 - Hosts: 222.189.228.4 www.btbaicai.com
O1 - Hosts: 222.189.228.4 btbaicai.com
O1 - Hosts: 222.189.228.4 www.pctutu.com
O1 - Hosts: 222.189.228.4 www.7322.com
O1 - Hosts: 222.189.228.4 www.5566.net
O1 - Hosts: 222.189.228.4 www.9991.com
O1 - Hosts: 222.189.228.4 forum.ikaka.com
O1 - Hosts: 222.189.228.4 www.ikaka.com
O1 - Hosts: 222.189.228.4 www.piaoxue.com
O1 - Hosts: 222.189.228.4 forum.jiangmin.com
O1 - Hosts: 222.189.228.4 update.jiangmin.com
O1 - Hosts: 222.189.228.4 post.baidu.com
O1 - Hosts: 222.189.228.4 zhidao.baidu.com
O1 - Hosts: 222.189.228.4 update.rising.com.cn
O1 - Hosts: 222.189.228.4 online.rising.com.cn
O1 - Hosts: 222.189.228.4 dl.pconline.com.cn
O1 - Hosts: 222.189.228.4 space.uwants.com
O1 - Hosts: 222.189.228.4 www.pcav.cn
O1 - Hosts: 222.189.228.4 mopery.hits.io
O1 - Hosts: 222.189.228.4 www.goodmv.cn
O1 - Hosts: 222.189.228.4 www.5566.net
O1 - Hosts: 222.189.228.4 www
O1 - Hosts: 5b4
O1 - Hosts: .piaoxue.com
O1 - Hosts: 222.189.228.4 www.luosoft.com
O1 - Hosts: 222.189.228.4 luosoft.com
O1 - Hosts: 222.189.228.4 www.7255.com
O1 - Hosts: 222.189.228.4 dl.pconline.com.cn
O1 - Hosts: 222.189.228.4 www.spjoy.com
O1 - Hosts: 222.189.228.4 c01.caishow.com
O1 - Hosts: 222.189.228.4 c02.caishow.com
O1 - Hosts: 222.189.228.4 c03.caishow.com
O1 - Hosts: 222.189.228.4 c04.caishow.com
O1 - Hosts: 222.189.228.4 www.caishow.com
O1 - Hosts: 222.189.228.4 union.caishow.com
O1 - Hosts: 222.189.228.4 ad01.a8.com
O1 - Hosts: 222.189.228.4 ad02.a8.com
O1 - Hosts: 222.189.228.4 sg.a8.com
O1 - Hosts: 222.189.228.4 www.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip1.adanywhere.cn
O1 - Hosts: 222.189.228.4 ip2.adanywhere.cn
O1 - Hosts: 222.189.228.4 www.bannerbox.cn
O1 - Hosts: 222.189.228.4 www.caiqiyue.com
O1 - Hosts: 222.189.228.4 toolsbar.kuaiso.com
O1 - Hosts: 222.189.228.4 www.kuaiso.com
O1 - Hosts: 222.189.228.4 www.2t2t.cn
O1 - Hosts: 222.189.228.4 3.a.kal.cn
O1 - Hosts: 222.189.228.4 ip.alexaanywhere.com
O1 - Hosts: 222.189.228.4 go.ipcenter.cn
O1 - Hosts: 222.189.228.4 www.2yin.cn
O1 - Hosts: 222.189.228.4 wwww.systeel.com.cn
O1 - Hosts: 222.189.228.4 go.baibaoxiang.cn
O1 - Hosts: 222.189.228.4 www.gao58.com
O1 - Hosts: 222.189.228.4 www.2tu.cn
O1 - Hosts: 222.189.228.4 www.91tu.cn
O1 - Hosts: 222.189.228.4 www.haotop.com
O1 - Hosts: 222.189.228.4 news01.virussky.com
O1 - Hosts: 222.189.228.4 news02.virussky.com
O1 - Hosts: 222.189.228.4 news03.virussky.com
O1 - Hosts: 222.189.228.4 news04.virussky.com
O1 - Hosts: 222.189.228.4 news40.virussky.com
O1 - Hosts: 222.189.228.4 news41.virussky.com
O1 - Hosts: 222.189.228.4 news42.virussky.com
O1 - Hosts: 222.189.228.4 www.an85.com
O1 - Hosts: 222.189.228.4 an85.com
O1 - Hosts: 222.189.228.4 www.
O1 - Hosts: 3e3
O1 - Hosts: ycdy.com
O1 - Hosts: 222.189.228.4 ycdy.com
O1 - Hosts: 222.189.228.4 down.virussky.com
O1 - Hosts: 222.189.228.4 update.virussky.com
O1 - Hosts: 222.189.228.4 www.maipao.com
O1 - Hosts: 222.189.228.4 www.sina-baidu.com
O1 - Hosts: 222.189.228.4 www.maohehe.com
O1 - Hosts: 222.189.228.4 www.1717kan.cn
O1 - Hosts: 222.189.228.4 www.feixue.net
O1 - Hosts: 222.189.228.4 www.xingkongitv.com
O1 - Hosts: 222.189.228.4 about-blank.cc
O1 - Hosts: 222.189.228.4 www.xfkz.com
O1 - Hosts: 222.189.228.4 xfkz.com
O1 - Hosts: 222.189.228.4 www.365tan.com
O1 - Hosts: 222.189.228.4 cg.9e3.com
O1 - Hosts: 222.189.228.4 www.qqplayer.net
O1 - Hosts: 222.189.228.4 www.sosok.com
O1 - Hosts: 222.189.228.4 img.zhangxiu.com
O1 - Hosts: 222.189.228.4 www.okeaa.com
O1 - Hosts: 222.189.228.4 www.winopen.cn
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {69D23154-CA31-43E9-BEEB-F78E6D1642B3} - C:\WINDOWS\system32\3721.6.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program Files\Samsung\Samsung Media Studio\SamsungMediaStudioAgent.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [R] C:\WINDOWS\System32\rundll32.exe ctfmon.dll s
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] "G:\Eraser\eraser.exe" -hide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://symantec.atgnow.com/sdccommon/download/tgctlsi.cab
O16 - DPF: {01118F00-3E00-11D2-8470-0060089874ED} (SupportSoft RemoteControl Class) - http://symantec.atgnow.com/sdccommon/download/ssrc.cab
O16 - DPF: {01119400-3E00-11D2-8470-0060089874ED} (SupportSoft Listener Control) - http://symantec.atgnow.com/sdccommon/download/sprtctlln.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1096554288138
O16 - DPF: {8EC18CE2-D7B4-11D2-88C8-006008A717FD} (NCSView Class) - http://dolalol.landonline.com.au/iws/panairama/ecwplugins/ncs.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\GHOSTS~2.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: host Service For Windows (mshosts) - Unknown owner - C:\WINDOWS\mshosts.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: UStorage Server Service - Unknown owner - C:\WINDOWS\system32\UStorSrv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

AVG found this trojan.Agent.ix quarantined it, and then I deleted the three shortcuts, rebooted like it said, but the three shortcuts have come back as well.
AVG found the same trojan again and I did the same again so did it.
Regards nedkelly

OK, boot your PC in safe mode, disable system repair.
Delete the file c:\windows\mshosts.exe
Start hijackthis again, do a scan and repair the following:
- ALL the O1's
- O2 - BHO: (no name) - {69D23154-CA31-43E9-BEEB-F78E6D1642B3} - C:\WINDOWS\system32\3721.6.dll
- O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
- O23 - Service: host Service For Windows (mshosts) - Unknown owner - C:\WINDOWS\mshosts.exe

Reboot and - if you want it - enable system repair.
Hope this helps. Let me know the results, and if it was negative post a new hijack log.

J.

System Restore, disable System Restore: http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.aspx You may also want to run rootkit revealer
http://www.sysinternals.com/Utilities/RootkitRevealer.html
After the system is cleaned, consider best practices like the principal of least privilege: http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
http://nonadmin.editme.com/ http://nonadmin.editme.com/UsefulTools http://nonadmin.editme.com/HowTo
-rich

1.  Download Pocket Killbox.
http://www.atribune.org/downloads/KillBox.exe
*Select the "Delete on Reboot" option.
*Select "All Files"
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\mshosts.exe
C:\WINDOWS\System32\ctfmon.dll
C:\WINDOWS\system32\3721.6.dll

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
*If the computer doesn't restart, just restart manually.


Fix these entries:
All the 01 entries
O2 - BHO: (no name) - {69D23154-CA31-43E9-BEEB-F78E6D1642B3} - C:\WINDOWS\system32\3721.6.dll
O4 - HKLM\..\Run: [R] C:\WINDOWS\System32\rundll32.exe ctfmon.dll s
O23 - Service: host Service For Windows (mshosts) - Unknown owner - C:\WINDOWS\mshosts.exe



2.  Also download and run MS Removal tool:
http://support.microsoft.com/?kbid=890830


3.  Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer in "Safe Mode" by doing the following:
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
[*]Instead of Windows loading as normal, a menu with options should appear;
[*]Select the first option, to run Windows in Safe Mode, then press "Enter".
[*]Choose your usual account.

[*] In Safe Mode, right click the SDFix.zip folder and choose "Extract All",
[*] Open the extracted folder and double click [b]RunThis.bat[/b] to start the script.
[*] Type Y to begin the script.
[*] It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
[*] Press any Key and it will restart the PC.
[*] Your system will take longer that normal to restart as the fixtool will be running and removing files.
[*] When the desktop loads the Fixtool will complete the removal and display "Finished", then press any key to end the script and load your desktop icons.
[*] Finally open the SDFix folder on your desktop and copy and paste the contents of the log and post it here.

You could always format the PC.
If you don't have an image of the PC (using ghost for example) then I suggest getting bartPE.
(http://www.nu2.nu/pebuilder/download/)

Once you have rebuilt the system run Bart and create an image.
If this happens again you can simply reimage the PC and be up and running in less than 30 minutes.

Hi Folks, what choice.  I have tried PowerIt and got rid of some of the rubbish but others are doing stuff now.
I tried the rootkit reveal

HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1002\Filename      5/1/2005 7:51 PM      11 bytes      Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1002\Description      5/1/2005 7:51 PM      25 bytes      Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1003\Filename      5/5/2005 8:54 PM      11 bytes      Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1003\Description      5/5/2005 8:54 PM      25 bytes      Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1006\Filename      12/2/2005 9:48 PM      11 bytes      Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1006\Description      12/2/2005 9:48 PM      25 bytes      Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1007\Filename      6/5/2006 2:19 PM      11 bytes      Data mismatch between Windows API and raw hive data.
HKLM\S-1-5-21-1801674531-1078145449-1202660629-1003\Control Panel\Microsoft Input Devices\Mouse\Exceptions\1007\Description      6/5/2006 2:19 PM      25 bytes      Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed      10/27/2006 8:06 PM      80 bytes      Data mismatch between Windows API and raw hive data.

I tried the delete on reboot using HijackThis but it doesn't seem to have done the trick

I don't really want to reformat as I have done that too many times already in the past ten years.  I have two large assignments due in a month and homework every week.  But thats cool
The principal of least privilege sounds good but I have to give some leeway, she will learn from this and so will I.

RootKitRevealer didn't show any root kit, the data you see is benign
Data mismatch between Windows API and raw hive data.
This discrepancy will occur if a Registry value is updated while the Registry scan is in progress. Values that change frequently include timestamps such as the Microsoft SQL Server uptime value, shown below, and virus scanner "last scan" values. You should investigate any reported value to ensure that its a valid application or system Registry value.

Make sure system restore is off for all your drives, try to remove the pest and then reboot.
-rich

Killbox didn't delete those files at reboot? did you get any error?
Did you also try MS Removal too or SDFix?
2 of the files were SDBot/IRCBot


Try this one, this is beta tool for chinese infections.
Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/zh/BetaB/combofix.exe
and save it to your desktop.

Also save the below command in Notepad as a text file so that you can copy/paste in safe mode.

"%userprofile%\desktop\combofix.exe" /wow


Boot into safe mode by tapping the F8 key just before Windows starts to load.

Go Start > Run, and copy/paste in the following:

"%userprofile%\desktop\combofix.exe" /wow

When finished, it shall produce a log for you. Save it and post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Sys restore is off, I have the windows malicious removal tool running so I will see how that goes.

the windows malicious removal tool found no malicious files

Ok folks, here is the ComboFix log

ComboFix 06.10.27.3.W - Running from: "C:\Documents and Settings\Ned Kelly\desktop"
Command switches used :: /wow

((((((((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\INSTALL.LOG
C:\Program Files\Internet Explorer\iexplore.jmp
C:\INSTALL.LOG
C:\riched32.dll
C:\wz041.dll
C:\WINDOWS\system32\ctfmon.dll
C:\Documents and Settings\Ned Kelly\Application Data\Macromedia\Flash Player\#SharedObjects\EV9HHWXP\www.inter-focus.cn
C:\Documents and Settings\Ned Kelly\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn


(((((((((((((((((((((((((((((((   Files Created from 2006-09-27 to 2006-10-27  ))))))))))))))))))))))))))))))))))
 
 
2006-10-27      18:15      42,278      --a------      C:\cf12.dll
2006-10-26      22:28      3,968      --a------      C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-10-24      19:58      211      --a------      C:\win_help_flag_6_2.bat
2006-10-24      19:57      324      --a------      C:\win_help_flag_6_1.bat
2006-10-18      18:40      46,391      --a------      C:\WINDOWS\cq.exe
2006-10-18      18:40      33,792      --a------      C:\WINDOWS\GetXyPwd.exe
2006-10-18      18:39      152      --a------      C:\win_help_flag_5_1.bat
2006-10-18      18:37      429,568      ---------      C:\cha.exe
2006-10-17      22:07      85      --a------      C:\$$a.bat


((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))      


2006-10-27 21:43      --------      d--------      C:\Program Files\Internet Explorer
2006-10-27 18:05      --------      d--------      C:\Program Files\Common Files\Symantec Shared
2006-10-26 22:27      --------      d--------      C:\Program Files\Grisoft
2006-10-26 21:52      --------      d--------      C:\Program Files\AutoIt3
2006-10-26 20:38      --------      d--------      C:\Program Files\Opera
2006-10-26 19:58      --------      d--------      C:\Program Files\Opera 9 Beta
2006-10-23 19:18      --------      d--------      C:\Program Files\Emule
2006-10-22 21:55      --------      d--------      C:\Program Files\Maxthon
2006-10-20 19:31      --------      d--------      C:\Program Files\Norton SystemWorks
2006-10-17 22:07      85      --a------      C:\$$a.bat
2006-10-17 19:35      --------      d--------      C:\Documents and Settings\Ned Kelly\Application Data\Real
2006-10-17 19:33      --------      d--------      C:\Program Files\Common Files\xing shared
2006-10-17 19:33      --------      d--------      C:\Program Files\Common Files\Real
2006-10-17 19:33      --------      d--------      C:\Program Files\Common Files
2006-10-17 19:32      --------      d--------      C:\Program Files\Real
2006-10-06 20:51      --------      d--------      C:\Program Files\Symantec
2006-10-06 20:41      --------      d--------      C:\Program Files\Norton AntiVirus
2006-10-02 15:47      --------      d--------      C:\Program Files\iMediaCodec
2006-09-17 21:56      --------      d--------      C:\Program Files\Aspell
2006-09-15 22:04      48816      --a------      C:\WINDOWS\system32\S32EVNT1.DLL
2006-09-15 22:04      109744      --a------      C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2006-09-11 16:30      275112      --a------      C:\WINDOWS\system32\drivers\srtspl.sys
2006-09-11 16:30      243368      --a------      C:\WINDOWS\system32\drivers\srtsp.sys
2006-09-11 16:30      24232      --a------      C:\WINDOWS\system32\drivers\srtspx.sys
2006-09-03 03:35      613056      --a------      C:\WINDOWS\system32\SymNeti.dll
2006-09-03 03:35      36032      --a------      C:\WINDOWS\system32\drivers\symndisv.sys
2006-09-03 03:35      239808      --a------      C:\WINDOWS\system32\SymRedir.dll
2006-09-03 03:35      186048      --a------      C:\WINDOWS\system32\drivers\symtdi.sys
2006-09-03 03:34      39104      --a------      C:\WINDOWS\system32\drivers\symids.sys
2006-09-03 03:34      33216      --a------      C:\WINDOWS\system32\drivers\symndis.sys
2006-09-03 03:34      26432      --a------      C:\WINDOWS\system32\drivers\symredrv.sys
2006-09-03 03:34      144832      --a------      C:\WINDOWS\system32\drivers\symfw.sys
2006-09-03 03:34      11968      --a------      C:\WINDOWS\system32\drivers\symdns.sys
2006-09-01 21:56      --------      d--------      C:\Program Files\ChineseTools
2006-09-01 19:06      --------      d---s----      C:\Documents and Settings\Ned Kelly\Application Data\Microsoft
2006-08-18 20:11      1056      --ahs----      C:\WINDOWS\system32\KGyGaAvL.sys
 
 
((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Eraser"="\"G:\\Eraser\\eraser.exe\" -hide"
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PHIME2002ASync"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
"PHIME2002A"="C:\\WINDOWS\\System32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
"EM_EXEC"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"WINDVDPatch"="CTHELPER.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"Jet Detection"="\"C:\\Program Files\\Creative\\SBLive\\PROGRAM\\ADGJDet.exe\""
"IMJPMIG8.1"="C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
"QD FastAndSafe"=""
"MSPY2002"="C:\\WINDOWS\\System32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"nwiz"="nwiz.exe /install"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"GhostStartTrayApp"="C:\\Program Files\\Norton SystemWorks\\Norton Ghost\\GhostStartTrayApp.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"YeppStudioAgent"="C:\\Program Files\\Samsung\\Samsung Media Studio\\SamsungMediaStudioAgent.exe"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton AntiVirus\\osCheck.exe\""
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,80,00,00,00,00,00,00,00,00,02,00,00,c2,01,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
  00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{1A404685-7563-4d02-B0F6-58B308A406A9}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"WizmaxBackup_NoDriveTypeAutoRun"=dword:000000ff

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:000000ff
"WizmaxBackup_NoDriveTypeAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
"backup"="C:\\WINDOWS\\pss\\AutoCAD Startup Accelerator.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\AUTODE~1\\ACSTAR~1.EXE "
"item"="AutoCAD Startup Accelerator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]      
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService      REG_MULTI_SZ         Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService      REG_MULTI_SZ         DnsCache\0\0
netsvcs      REG_MULTI_SZ         6to4\0AppMgmt\0AudioSrv\0Browser\0CryptSvc\0DMServer\0DHCP\0ERSvc\0EventSystem\0FastUserSwitchingCompatibility\0HidServ\0Ias\0Iprip\0Irmon\0LanmanServer\0LanmanWorkstation\0Messenger\0Netman\0Nla\0Ntmssvc\0NWCWorkstation\0Nwsapagent\0Rasauto\0Rasman\0Remoteaccess\0Schedule\0Seclogon\0SENS\0Sharedaccess\0SRService\0Tapisrv\0Themes\0TrkWks\0W32Time\0WZCSVC\0Wmi\0WmdmPmSp\0winmgmt\0TermService\0wuauserv\0BITS\0ShellHWDetection\0helpsvc\0uploadmgr\0WmdmPmSN\0\0\0
rpcss      REG_MULTI_SZ         RpcSs\0\0
imgsvc      REG_MULTI_SZ         StiSvc\0\0
termsvcs      REG_MULTI_SZ         TermService\0\0

 
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Ned Kelly.job
C:\WINDOWS\tasks\Norton SystemWorks One Button Checkup.job

Completion time: 06-10-27 21:43:42.23
C:\ComboFix.txt ... 06-10-27 21:43

I deleted the last of the IE shortcuts that kept coming back, and it hasn't reappeared as yet, fingers crossed.

Ie just jumped to a Chinese webpage, I checked still no shortcut on the desktop.

Its certainly behaving better, catch you tomorrow when I'm not so sleepy.  Thanks everyone

Good `ol system restore... http://www.xinn.org/annoyance_spy-ware.html#Sys-Restore
-rich

Hi Folks, I have done everything suggested and the system seems to be cruising better than ever.  
Thanks for everything to all of you for all your help.  I am going to choose rpggamergirl and up the points to 500.
You have shown me a whole new way to deal with the little buggers, of which I am greatful.
Again thankyou very much rpggamergirl
Regards nedkelly

Chinese Tools is a Chinese dictionary program.

>>Chinese Tools is a Chinese dictionary program.<<
thanks, I should've googled it, lol.

No problem, glad to know we could be of assistance.
Thank you very much for accepting my answer and the points with an "A" grade!
Very much appreciated thank you.

If there's anything we can help you with just let us know, you still have a week before this topic is locked.

For future reference, if you like to read Tony Kleins article on security tips:
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html

Good luck with your assignments,  and happy computing! :)

Bah band-aids on the cancer... LUP will save your from having to run all that anti-this anti-that...
http://richrumble.blogspot.com/2006/08/anti-admin-vs-anti-virus.html
http://clintonforbes.blogspot.com/2006/10/10-pros-cons-of-switching-from-windows.html (second to last paragraph in the blog is the key...)
Notice I didn't say anything about viruses, trojans, spy-ware? I haven't been infected in three months on the Apple, but I haven't been infected for 8 years since installing NT 4, Windows 2000 or Windows XP. Why? I don't run as an administrator. This simple action protects you from about 99% of malicious software. It is a simple fact.
-rich

Disabling nasties at msconfig startup and not continuing to clean the pc of what is already in the system is what I would rather call "bandaid on the cancer" because the user is just stopping them from running but the nasty is still present in the system waiting to take action when chances arise.

Or half removing an infection, like using smitfraudfix on SpyAxe and SpywareQuake without clearing the trusted zone which respawn the infection.
But usually, specific tools created by malware experts do remove specific infections(files and relevant reg entries)when use accordingly.

Operating a pc without admin priveleges is a very good idea if it suits someone's needs, it wouldn't suit me unfortunately.
For some people who has to be an admin to run the pc, they just have to take some basic security steps and know what not to do.
It's been nearly 2 years since my pc was messed up with viruses and all(hence started my fight against malware/viruses)
I don't have all these "anti..this and anti..that" either, some of them slowdown the system.
But sometimes you do need to run these programs when you're infected.
What I have is the Zone Alarm free firewall, an updated antivirus, SpywareBlaster which suits me very much because my only browser is IE, SpywareBlaster doesn't need to run in the background to protect me.
And I have Spybot Tea Timer on, and lucky for me I haven't had the need to scan my pc for malware/viruses for a very long time (but I suggest everyone should scan their pc for malware/viruses regularly)

Yes I agree, operating a pc without any admin privileges is a great idea! if it suits your needs go for it.
Good luck!

To be certain, to remove you need these tools, no doubt. I run McAfee, XP's firewall, and FireFox/Opera ... IE last resort. No spyware ever.
M$ will be helping apply LUP with Vista... and it's about time...
http://interviews.slashdot.org/article.pl?sid=06/10/27/1549259 (the answer in Question 4)
 http://www.eweek.com/article2/0,1895,1830649,00.asp
http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/158806.aspx <--- must read straight from M$ itself
http://blogs.msdn.com/aaron_margosis/archive/2004/06/17/157962.aspx
I am encouraging others to use LUA the links above should help, and there are many tool as well: http://nonadmin.editme.com/UsefulTools
I don't make system changes everyday, nor install/uninstall software each day, I don't need admin for day-to-day tasks.
i'll clam up now.
-rich

hi Folks, good to see the ramble is still going.
I personally use, Zone alarm firewall, norton antivirus and ad-aware when I remember to do it.
This is the first virus that has got through the system in nearly four and a half years.  
All attempts have been picked up by the system and never been a problem.
My daughters log in is so she cannot play with the system, I might have to change that so she cannot install as well,
though it is the first time that anything has happened so I think I will do the re-education and go from there.
If drive C:\ goes then I still have the data on the other drives.  I do take school work off onto DVD as well as some other files.
I also used to ghost it, but then the  ghost was starting to be bigger than the space I had on the drive so I stopped,
though I know if I cleaned the system and took everything off that I didn't really need on there, I would have enough space
for plenty of ghosts.
Again thanks for all the comments and links, greatly appreciated.
nedkelly