Here is my account of an incident story, which I initially mentioned here (http://chuvakin.blogspot.com/2007/04/answer-to-my-antivirus-mysteryquestion.html), with some details changed to protect the innocent, who was smart enough to call me for help.
What we have here is a fully patched Windows XP Professional SP2 system
(with automatic updates to both Windows and Office set to daily) and also:
a) freshly updated (updates set to daily) and functioning Symantec Anti-Virus Corporate Edition version 10.X, configured with all protections, including spyware/adware (called “Security Risks” by the tool vendor)
b) freshly updated Windows Defender version 1.X (set for daily updates and Quick Scans), also configured with all protections, and
c) ZoneAlarm free edition latest version 6.X with a well-tuned outbound rules and, obviously, nothing allowed inbound.
This document is in PDF format. To view it click here.