Thanks for that link hellsbrink.

Repeated scans by Norton, Housecall and Superantispyware
appeared to have removed all traces of it in System32 and
the Registry, but yep a single bloody embedded HKEY_USER
register mentioned in your link was the friggin culprit for the
repeated attacks. REGEDIT took care of that.

Thanks again mate. Much appreciated.

Yeh I got the same thing on a Whois check Tarq.

PS: bloke who sent me that email was thoroughly verbally
trashed. Twit didn't even know that his machine had more
bots than an empty-packeted smokers meeting......