I hear ya, but honestly this was a situation where HijackThis was of no use.
I ended up resolving the issue by a painful manual process of catch and mouse with the virus and using several system monitoring tools to track down the chain of events.
Very, Very long story short:
I was able to eventually track back the XP Firewall exception that keps repopulating itself to a driver file ndisio.sys. If you google that file name, you will see results of others with virus issues and that file.
So I went into device manager and clicked to show hidden devices, and it had many of the network adapters listed twice (like the WAN Miniport, etc..) when the system only has 1 onboard NIC.
So when reviewing the drivers for each device, half looked legit, and the others all had the same ndisio.sys driver listed as their driver. This sys file has no publisher, version, or other info associated with it.
Trying to uninstall the driver results in the device manager telling you it can't because the device may be needed to boot the PC. This driver got installed as a kernel mode driver, which may be why.
The solution to that was to clear out some reg entries. Info on that here:http://fastest963windows.blogspot.com/2008...-failed-to.html
After clearing out the registry entries, I was able to reboot, and then the devices were gone. I was then able to remove the ndisio.sys file from the %systemdir%\drivers\ folder, and then rebooted.
After this, no more automatic firewall exception being created, no more shady connections to IPs in amsterdam, no more 1000s of spam emails being sent out behind the scenes.
Definitely one of the nastier virus/worm/whatever you want to call it that I have dealt with. So hopefully if anyone else has this issue, they might find this and it will save them the few days it took me.