Windows XP: must security tools for windows?

My tips

My tips to follow. Moral of the story is that there's two kinds of security: proactive and reactive. You've taken a reactive approach by focusing on dealing with the problem AFTER it's already become a problem. I prefer a proactive method of keeping it from ever becoming a problem in the first place. Some careful program selection and changing of a few habits can make a bigger difference than all the security tools in the world.

TIPS FOR A SMOOTH RUNNING SYSTEM
================================

The more of these suggestions you follow, the fewer problems you should have. They won't solve any existing problems you have, but if you follow them all you should be able to avoid virtually all problems in the future.

Things you should NOT do
--------------------------------
1: Use Internet Explorer (1)
2: Use any browser based on Internet Explorer (e.g. Maxathon and MSN Explorer)
3: Use Outlook or Outlook Express (2)
4: Open email attachments you haven't manually scanned with your virus scanner
5: Open email attachments you were not expecting, no matter who they appear to be from
6: Respond to spam messages, including using unsubscribe links
7: Visit questionable websites (e.g. porn, warez, hacking)
8: Poke unnecessary holes in your firewall by clicking "Allow" every time some program requests access to the Internet (3)
9: Click directly on links in email messages
10: Use file sharing or P2P programs
11: Use pirated programs

Things you SHOULD do
-----------------------------
1: Use a non-IE or IE based browser (4)
2: Always have an up to date virus scanner running (5)
3: Always have a firewall running (6)
4: Install all the latest security updates (7)(8)(9)
5: Delete all unsolicited emails containing attachments without reading
6: Manually scan all email attachments with your virus scanner, regardless of whether it's supposed to be done automatically
7: Copy and paste URLs from email messages into your web browser
8: Inspect links copied and pasted into your web browser to ensure they don't seem to contain a second/different address
9: Establish a regular backup regimin (10)(11)
10: Make regular checks of your backup media to ensure it is still good (12)

Being a considerate Internet user & other misc tips
----------------------------------------------------------
1: Do not send attachments in emails (13)(14)
2: Do not use stationary or any other kind of special formatting in emails (13)
3: Do not TYPE IN ALL CAPS (15)
4: Avoid texting speak or "l33t speak" (16)
5: Do not poke the sleeping bear (17)

Notes
--------

(1) Sadly sometimes this is unavoidable, so only use IE when the site absolutely will not work with any other browser and you cannot get that information/service anywhere else, and only use IE for that one specific site.
(2) Outlook and Outlook Express are very insecure, and basically invite spam. The jury is still out on Vista's Windows Mail, but given Microsoft's history with email programs, extreme caution is advised. Possible replacements include Mozilla Thunderbird, Eudora, The Bat, and dozens of others.
(3) When it doubt over whether or not to allow some program, use Google to find out what it is and whether or not it needs access to the Internet. Otherwise, denying access is the safest course of action, since you can always change the rule later.
(4) On Windows your options include: Mozilla Firefox, Seamonkey, Opera, Flock, Chrome, and Safari. I would personally recommend Firefox with the NoScript extension for added security, but it the important thing is to pick one and use it instead of IE.
(5) AVG Free and Avast are available if you need a decent free virus scanner
(6) XP/Vista's firewall is probably good enough for 99% of all Windows users, but other options include ZoneAlarm, Outpost Firewall, and Comodo. If you have a router with a firewall built into it, there is no need for any of the aforementioned firewalls to be running.
(7) Microsoft's usual system is to release security updates every second Tuesday of the month.
(8) Use of Windows Update on Windows operating systems prior to Windows Vista requires Internet Explorer, and is thus a valid exception to the "No IE" rule.
(9) Service packs should ALWAYS be installed. They frequently contain security updates that will ONLY be found in that service pack.
(10) You can go with a full fledged backup program, or simply copying important files onto a CD/DVD/Flash drive.
(11) I'd recommend a tiered backup system. For example, you might have 5 rewritable DVDs, and every day you burn your backup onto a new disc. On the 6th day, you erase the disc for Day #1 for your backup, and so on so that you have multiple backups should one disc ever go bad.
(12) Replace rewritable CDs and DVDs approximately every 3-6 months.
(13) These dramatically increase the size of email messages (2-3X minimum) and clog up email servers already straining to cope with the flood of spam pouring in daily.
(14) If you want to share photos with friends/family, upload them to some photo sharing site like Flickr or Google's Picasa Web and then send people a link to that particular photo gallery.
(15) This is considered to be the same as SHOUTING and many people find it to be hard to read along with highly annoying.
(16) Unless the goal is to make yourself look like a pre-adolescent girl, or someone overcompensating for their gross inadequacies, and you don't want people to take you seriously.
(17) Most REAL hackers are quite content to leave you alone unless you make them take notice of you. No dinky little software firewall or consumer grade router is going to keep them out of your system. So do not go to some hacker website or chat room and start shooting your mouth off unless you're prepared to accept the consequences