Just a note to say that the right combination of actions/available services online has (hopefully) eliminated a neighborhood hacker that has been in my system for YEARS. NOT a geek here, but I started learning. (Knocking on wood here….). Here’s how I did it:

Did full system recovery (sigh..)
Massively edited services disabling according to speedyvista.com (even tho I have XP..just followed common sense as to unnecessary services to disable)
Edited group policy to disable terminal services & remote access, prohibit firewall from configuring open port to “authenticated user”

(whew & WHOA! took a LOT of thinking, error correction, etc to understand this….quite a learning curve there… be careful)
Used “Uninstall ALL” tools googled for them) to eliminate forced programs that came with my computer (AOL, MCAfee–hate it– Napster (don’t need) and Roxio (conflicts with AVG)
Installed Revo Uninstaller to make sure all vestiges were deleted (great tool)
Installed AVG AV without firewall
Edited via msconfig -startups, services, etc. Had a problem stopping Terminal Services (the sharing function) and had to do an end run via this function to stop it.
oh yeah, first off reconfigured Windows Firewall to allow NO exceptions
& disabled remote access via right-click on computer/properties/uncheck it
and ran TrendMicro Housecall online: first the quick check and secondly the full run)
VOILA! Discovered 3 rootkits, eliminated them (thank you TM!)
Running MUCH faster, no more mysterious “restore” editing and backups that I didn’t initiate, no more “odd” events in the log saying “connection succeeded” and long log texts talking about “grabbing mutex, stealthing, disabling this and that…etc…which were bewildering and pising me off)
and I don’t feel I’m being “monitored” at least that I can tell.

I don’t know if, in fact, I have covered ALL the bases, but I *do* run TM Housecall regularly, update AVG (which also found a rootkit) and I check regularly to make sure my firewall is running as configured. I tried almost every firewall & AV out there, paid and unpaid, to no avail. Each time they would run fine, then falter, become disabled or unstable, then be “shells” doing nothing and finding nothing…the hacker seemed to reconfigure them and reconnect.

How did the hacker get in? I think via my blissful ignorance re: wireless security. I have defaulted to my desktop since my notebook was rendered (temporarily) useless, now going to have to be repaired (my new DVD/CD drive was somehow rendered unstable, can’t read recovery CD).
If you are wireless, BEST to educate yourself and man- (or in my case woman-)UP and start learning about security.
If *I* can do it, ANYONE can.
Of course I’m about a year behind on housekeeping…