I got nailed by a truly amazing virus attack in 2006. It really was phenomenal. The really sad thing is that anyone who could craft the series of programs that nailed me could probably have made a very decent (and honest) living in the tech world.
Fortunately, I was sitting at the screen when it launched. At the time I really only relied on an antivirus program, but it did a valiant job. Between the AV and me, we were at least able to prevent the attack from installing a rootkit, but it still took about 6 weeks to get the PC cleaned.
Now, I run an antivirus program, a paid anti-malware program, a strong firewall, a script blocker, a cookie whitelist add-on for my browser, and I keep a strong (and updated) Hosts file. It's a pain in the butt, but it works.
Oh ... and I do most of my "surfing" with my Linux-based netbook.