Even with an active AV scanner, you still have to be very careful of where you go, what you do, what you view.
My AV will grab the infected but of course has no idea of the "click here to update your pw and account profile" type stuff.
I don't use the web-based emails such as hotmail because I don't have the ability to check the contents of email without opening it.
I use spybot and adaware weekly, scan the whole box nightly with the AV, and about once a month hit one of the online scanners as a double check.
But, I also am meticulous about emptying out the garbage on a regular basis.
Piney