Hi Johanna,
Reading your further posts now gives me a good idea of your experience level and more importantly your common sense approach to surfing the net and general computer security. Had I known that before, I would not have been so concerned at your leaving standard shield off (otherwise any suggestion/advise has to err on the side of caution). Your image backup strategy should keep you reasonably well protected, I have always believed that common sense is potentially 90% of protection, so it is not unusual that some people don't seem to get infected.
Your backup/recovery strategy should get you out of any trouble that you might encounter on-line (got a problem, install yesterdays image, problem solved). Many people don't have any backup strategy, other than 'oh my god' what am I going to do now! Worst case scenario, format, reinstall OS and all programs, lose most if not all volatile data, program settings, windows updates, etc. etc.
I only take an image (PowerQuest Drive Image 2002, a bit long in the tooth now) once a week and that too goes on a 2nd HDD. I use a little program called mirror.exe (115KB, runs in dos window) for daily back ups of volatile data). So the worst case scenario for me would be to lose 6 days worth of new programs and any windows tweaks, updates, settings changes, etc. and one days worth of volatile data changes. A little inconvenient, but much less than 'oh my god.'
General advice for others reading this thread.
Some 18 months ago I did get blasted (using AVG6), when I switched to WinXP Pro from win98se, the installation disk had sp1 included, however, I went on line to get the latest windows updates, virus pattern files, etc. and was infected (MS Blaster) within 30 seconds of being online.
This is one occasion where it is possible to get infected whilst online, now that should be ok if people were patched, but without an imaging backup strategy, all those patches are lost in the 'oh my god' situation too. Another potential problem is it iframe vulnerability, where the iframe pulls in a page that calls/executes code to that can be harmful. This vulnerability was only recently patched, but we await the next vulnerability and the time taken to identify and patch, leaves us open to potential harm.
The moral of the story, exercise common sense (and you are 90% of the way there), have a backup and recovery strategy, an image copy is I feel the easiest and best option.
David