All above suggestions are good. If I still ran Windows regularly, I would be using all of the above.
Based on my experience working tech support with college students, the simplest advice I can give is:
1. Don't use Internet Explorer
, use FF or Opera. FF3 has the same functionality as IE7 plus the hotness of extensions and themes. And it imports your IE bookmarks on first install. IE is simply too tightly-woven into the OS right now; a bug in IE means your whole OS is likely at risk. Also, most viruses/malware are designed to attack vulnerabilities in the IE browser.
2. DON'T USE THE STANDARD AIM CLIENT!
I can't count the users I've dealt with who had tight browser security, and get ravaged by an AIM exploit. Pidgin is a great alternative; it's free, faster and had no ads. Oh, and it has hot plugins and extensions too: http://www.pidgin.im/
3. Make sure your user account is NOT an admin account
. Yes, that means to install programs you should have to log out of your normal user account and log into an "administrator" account. Windows likes make everyone an administrator, which is one reason Windows malware does so much damage, and can infect machines so thoroughly. If you get a virus while on an admin account, it automatically inherits your god-like computer rights. If you aren't constantly installing/reconfiguring stuff on your PC at the system level, then there isn't a good reason for you to be logged into an admin account anyway.
4. Be extra careful if/when browsing "naughty" websites.
No, nobody wants to talk about it, but the second most frequent use of the internet is for pornography (#1 is shopping if you're curious). Those sites are also the most heavily infested with viruses (go figure). Make sure you aren't using IE if you anticipate your browser brushing past these unsavory sites...
I started doing the above four years ago, and haven't had a virus on a windows machine since. I only use Windows for gaming now; I don't have to worry much about my linux machines getting infected :-D