The best is still be sensible, run a patched up/cut down system (a telnet service really is not that useful yet the chances are it is activated), browser that is not hard coded into the machine (simply put not I.E.) and if you can run on a limited user (I know how hard that can be to pull off though) and drop java, flash, javascript and lock down the browser some more in whatever way you can (again damn hard if you like the flashy websites but you can usually drop java and most of javascript).
If using firefox a generous use of adblock+, filtersetG (just to save hassle), noscript and possibly greasemonkey will also go some way to helping out.
If you are especially keen you could probably use a livecd/virtualisation and run another OS more inherently secure than windows.
First things first you can do this for free so think long and hard about putting any money down.
AV I might consider AVG but v8 seems to have caught a bad case of the bloat and other nonsense:
http://www.theregister.co.uk/2008/06/13/av...raffic_numbers/
Other than that I go low key AV and use manual scanning.
comodo do a good firewall (although there is still much to be said for a hardware firewall; your router should have some basic stuff if you lack a machine to do it for you).
They also do a fairly decent AV app (been switching machines I am responsible for from AVG to it recently), it is not quite as friendly as some others but it can update, scan at a given time, scan when you tell it to and so on.
Part of the manual scan can also be a port/packet scan of your machine (preferably from another machine on the network).
Avast, antivir and G-data are fairly good.
have a look at
http://www.av-comparatives.org
Spyware:
Spyware, spybot, adaware, a squared (they have a really nice freeware app I use all the time).