The best way is to block ports 80 & 81 to stop basic file sharers. Blocking p2p protocol works too.
Blocking Facebook, Myspace, MyYearbook, YouTube and the like will vastly bring down the infections on business computers. The business we administrate see a drop almost to zero when policies are set to weed out "distractions" from the network. Amazingly, productivity increases as well.
I would recommend strongly NOT to image an infected drive. Starting from scratch and manually redoing drivers and software is the way to go fo' sho'