I agree with the use of SAS and/or MBAM. The free versions are demand scanners. (You can have as many of these installed as you deem necessary. Most would consider 2 or 3 adequate.) They have a good reputation for removing the stuff that some other scanners can't.
The reason for having more than one is that they each have overlapping detections, and one might detect and remove something on one day that another doesn't recognise, and vice versa. So scan with each of them maybe once a week, or any time the computer exhibits symptoms.
Along with scanners/detectors, keeping all installed software very up to date is important.
Have a look at
www.secunia.org for an example of an online scanner. Installable application also available. (I understand Filehippo offer something similar, and so do Comodo.)
Consider using a non-MS browser, or if you use IE, consider reducing the permissions for each zone, except perhaps the intranet zone if applicable. Having the browser prompt for running scripts is a setting that can prevent drive-by downloads, which are usually trojans.
In my limited experience (I am not an evangelist, just another happy user) the more you study security and the ways of the web, the more you realize there is to learn. After a while you can even forget why you bought a computer in the first place.