I use NOD32 -- AVG didn't work very well for me -- and a hardware firewall. Most home hardware firewalls (and Windows XP's built-in firewall) don't do egress filtering (checking that nothing initiates a dodgy outbound connection). So, if you're concerned about that, something like ZoneAlarm might make you feel safer.

I am extremely careful what I click on, and I run my user account without admin privileges (which is why AVG didn't work for me). So I'm not so concerned about the worst kinds of malware, because they tend to need admin rights to do anything really bad.