This was a real odd one. The symptoms presented themselves as the machine generally behaving like a pig.

The system was running Kaspersky AV version 7, which was peaking one core of the dual core CPU to 50% (this would be a 100% cpu issue on a single core system). The process that was sapping the CPU was AVP.exe - Kaspersky's general process that manages scanning, updating, etc.

'OK, this must be a Kaspersky issue.' I thought.

Kaspersky was removed and the latest 2009 version was re-installed. This solved the AVP.exe CPU hogging, but the system still felt terrible. We were also getting dllhost.exe crashes (Generic host process for Windows services) at random.
It felt a lot like a rootkit - an online scan with Bitdefender and Eset revealed nothing much, and MalwareBytes picked nothing up either.

Opening up regedit.exe, regedt32.exe or cmd.exe (Registry editor and command prompt) would crash Windows Explorer, meaning the taskbar, desktop and icons would disappear and then re-load.

Renaming regedit.exe to test.exe allowed me to run the registry editor without Explorer crashing - I'm now convinced I'm dealing with a virus, as it's clearly not the registry editor itself that is crashing Explorer.

Finally, after stumbling around the web for a while, I found the following article which pointed me in the right direction:
http://miekiemoes.blogspot.com/2008/10/fake-sysaudiosys-causes-searchengine.html

I re-opened the registry editor (remeber to rename it first) and checked the following registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32

The 'Aux' key was set to a random 'gibberish' name - so I re-set this to be:
wdmaud.dll

Then I found the file that was referenced in the registry, and deleted it. It immediately re-created itself...

I tried removing it using MalwareBytes' delete file function, but this upset the machine, so I found the best way to get rid of the file was to boot the machine using the Ultimate Boot CD for Windows and delete the file from there. If you don't have this CD, you can use a Windows CD and use the recovery console to delete the file, but UBCD for Windows is a little easier!

Hope this helps you - I found that the 'dubious' driver entry was only picked up by 7 or 8 virus engines on VirusTotal - so most of the 'major' antivirus and antimalware vendors aren't detecting this threat (as of May 09).