First off:
Duh, turn OFF netbios! And file sharing.
Whoever said zips can be cracked - yes, they can, by brute force. Any password over 8 characters will take a long time, and a pass phrase will take so long it's just not feasible.
Contrary to popular belief: No one can dial into your machine unless you've set it up to do that, or there is a trojan running on your machine.
No one can take control of your machine outside of file sharing and netbios connections without some kind of client, ie, SubSeven, BackOrifice and PCAnywhere.
Those clients have to be installed. It's potentially possible with the nice security holes in IE that these can be automatically installed, much the way they set your home page and such. I would be very surprised if it wasn't happenning already.
So you were probably hacked. Backup your docs. ;> Get a firewall. Zonealarm is ok, blackice is not.
Good luck with it Bone.
Cheers,
Backov
------------------
AVSBlitz - Build AVS Sites Faster and Better