Change your password and make it strong.
Use a free bidirectional firewall. Try ZoneAlarm.
The windows firewall is "bi-directional" as well. Just go into the "advanced" view and you'll see all kinds of goodies you don't normally see. EDIT: @tito_defekt what service pack are you running on XP (as this also affects what level of configuration is availabe in the windows firewall)? Of course you should be running the latest SP and all available security patches (if you are not....that would also be a good place to start).
Run "HitMan Pro" (www.surfright.nl) as a second-opinion scanner. It is fast, remains free for 30-days AFTER finding and deleting a threat (if it finds nothing it remains free forever) and it connects to multiple AV definition databases online so you're getting mutiple "second-opinions" at the same time.
Your problem is most likely not firewall related, but rather related to security settings not set (or adhered to) in your browser of choice or in the computer system's "local security policy".
The following 3 points are important regardless of which third-party software a person runs to make themselves feel safer:
1. Run everything and I mean EVERYTHING on your system from a "least-priviledge" point of view (never ever use an account with admin priviledges to browse the internet......ever!)
2. Learn to use and properly configure your computer's "local security policy".
3. Understand and properly configure all settings in your internet browser of choice as well as configuring the windows firewall using the "advanced view".
Do those 3 things and ANY third-party software you run at that point is just a second opinion. Exactly what third-party software should be. Running any third-party software as one's first-line-of-defense is completely foolish and the estimated 80% of home computer systems which are almost perpetually infected with something or another are a testament to said point.