I have been fixing infected computers for nearly 6 years now, and there was a time when Norton and McAfee were the only contendors. I have worked on machines that have Spybot search and destroy, Ad-aware, the full Norton Suite, all of which were infected beyond repair. The only option at that point, back up useful information (if you can) and start over.
One example is a computer I worked on about 3 weeks ago, took 28 minutes to boot into Windows XP Pro, had Norton Suite, completely updated, and Spybot S&D on it as well as a host of other "Spyware detection tools".
That machine had over 685 viruses and over 1100 instances of spyware as well as having 8000 registry keys infected. I found them all by doing a bootime scan with avast home (free) and Microsoft AntiSpyware Beta (also free). I swear by these 2 programs. I have been using them both in conjunction with one another for nearly a year, after trying just about everything else available on the market.
The real problem is people decompiling these basic programs like Spybot, changing some code, and re-releasing it as their own (Spybot is an example of this in itself or so I have read on numerous occassion) while they have a tendency to add their own spyware in the process.
The problem isn't IE at all, it's people feeling "safe" with programs like I have mentioned above and failing to get Windows updates. I surf using both IE and Firefox and with my "avast real time protection" on I have come across many a virus trying to install itself while just surfing using Firefox. I agree that Firefox isn't as susceptible to browser hijackers, it is however becoming more greatly used by the general public in hopes to "dupe" the people who are writing these viruses.
If you think for a minute using Firefox is a solution, or you're tricking these people you're wrong. A simple look at any basic web statistics on their servers will tell them exactly who was there, when, what browser, IP address as well as tons of other information about you and your system.
I could ramble on about this subject for days, and I think many will argue with what I have just said. But being a "former" computer programmer myself, and a web developer I know the precautions I take are working for me, while I know many of the other available options mentioned aren't working for the people who bring me thier infested machines.
Also on a side note, knowing how the industry was hit by the whole Sept. 11th thing, and the massive layoffs, I am of the belief system that many of the higher paid programmers who were laid off, went out on their own and started writing viruses, then selling their "solution" for $19.95 via their own websites. These solutions probably have some sort of "countdown clock" built inside them, to then automatically update with a new virus when your "membership" runs out since you have already set your permissions to let these programs update at their own will.
Last thing... if you ever get a pop-up that says "your computer is infected with a virus! click here for a free scan" and you click it, you just installed a virus yourself. The internet as an entity isn't doing a scan of every computer online and offering any service to you... think about it!
Just my $1.98 of information/opinion