I believe it best to view the problem of security in two steps: 1) Prevention and 2) Detection and Removal. Prevention can be accomplished via firewalls and running services which block spyware and viruses. Detection and removal can be accomplished via antispyware and antivirus detection and removal programs.
PREVENTION: If you have a broadband connection I suggest you purchase a router, even though you only connect to it one computer. The very design and operation of the router makes it a perfect firewall. You can purchase one for $30 to $50. This will be your only expense as all other items I suggest herein are free. If you want to have program startup control, or if you do not have a router, you can install a software firewall. I use Kerio, and there are other good ones out there, like Outpost and ZoneAlarm. For running process I recommend WinPatrol, SpywareGuard, SpywareBlaster, the Tea Timer component of Spybot Search & Destroy and the Email Scanner option of AVG Antivirus.
DETECTION & REMOVAL: The key here is to understand that no single antispyware program will catch all infections. For antivirus, I use AVG. For general spyware I use AdAware SE Personal, Spybot Search & Destroy, Microsoft AntiSpyware Beta and A-Squared. For more specific attacks, I use CWShredder, F-Secure BlackLight, and Microsoft's Malicious Removal Tool. To keep the system clean I use HijackThis and CCleaner.