A combination of things is key
When running windows (for the home user at least) :
1.) You have to know what you are doing #1 (Geeks like us know what we are doing) that means you are less likely to even get infected in the first place.
2.) You have to have a really good firewall running for Windows, like CoreForce, which is based on OpenBSD's PF firewall so when the anti-virus scanners miss malware you can at least block the malware on your system or just use an extra box with OpenBSD on it acting as a firewall/NAT box instead of CoreForce et. al.
3.) Run a good anti-virus scanner or better yet three free ones that don't conflict with each other (as some do) and : AVG free antivirus, malwarebytes anti maleware scanner and some other free spyware scanner.
The point is don't just rely on anti-virus scanners but incorporate them into an overall larger security framework : so don't throw the baby out with the bath water. That works for me on my XP box. I have three FreeBSD , OpenBSD and Windows XP computers. OpenBSD is the most secure and my favorite to use, by far, but certain software is non-trivial to port to it or get to run in binary emulation so I run Windows, as well, for that reason. I believe OpenBSD is the one true way in security but you have to know what you are doing : any idiot admin can make anything insecure.