Oh, gee! I'm in hot water now!
Let's see- Martin Fierro has posted some good links a few replies after you, and I see a lot of good hints and commentary.
I really suggest that after getting all the MS updates ( and keeping the OS updated is the first line of security ) letting Internet Explorer lie fallow, except for the few sites that will accept no other browser, and using another browser like Firefox- you really get a lot less junk in ypir PC with an alternate browser.
A hardware firewall is a very good idea- software firewalls tend to slow older machines more than I care for.
Not all of us can ditch MS-- my wife uses Win2000 at work, brings a lot of stuff home, and went ballistic when I converted one machine here to Linux dual-boot, during the last hijacking we had. The best compromise I could get was Firefox on the home PC's!
Here's my "malware help" file:
Misc.
IE Spyads SpywareBlaster Spyware Guard
Windows Update- you must keep updated, it is the start of a secure system-
get all CRITICAL Updates
Things you want(Still Free)
I use Firefox PR1 and IMHO, beats the sox off MS Explorer. Life is good with tabs. Click the link and give it a try. Ad-Aware
Spybot S&D