Malwarebytes is a very good program in my opinion, it even has a tool that lets you remove files that you couldn't do manually, for example, I uninstalled a program, but a few days later whilst doing another job, I noticed that some elements of it were still on the PC, when I tried to delete them manually it came up with a message saying something like this is a protected file or something, it was a very long while ago so I can't remember exactly, but I used Malware Bytes to remove it, you find it in the "Tools" section of the user interface, I think it's called File Assassin.
Malwarebytes has it's own security forum and it's excellent for helping you get rid infections, tips and advice on staying safe online etc.
The only reason I stopped using Malwarebytes on the desktop PC was because the paid version if AVG kept reading it, or parts of it, as a threat and kept giving me false positives, AVG expired ages ago and it is my intention to re-install it again if I use that PC. Currently though it's sitting gathering dust and hasn't been used in months.
Regarding user accounts, as I understand it, most infections look for user accounts that have admin privileges so they can gain access to a greater part of your system, using an account without admin privileges to surf the net protects you from some of those types of infections. I think this holds true with all Windows OS's and is not specific to XP, not sure about Macs though.