Many hijacks occur when admin credentials are stolen while an admin is logged in. One thing we do at work and now I do at home is set up non-admin accounts for all users, even myself. "Power User" or "Network User" are good built-in presets for user levels. Admin operations can be handled using Windows' "runas" command without the need to log in and out. Its a little bit of a hassle but I've been able to keep multiple machines clean this way without having to reformat.