What are some things to avoid if you want to keep your computer adware/spyware free?

• Have non-tech users accounts be non-admin
• Teach safe browsing habits
• Never download anything that isn't from an 'official' source
• Use Firefox/Chrome/Safari/Opera instead of Internet Explorer
• Run malware scans regularly
• Set Windows to update automatically
• Install virus protection and scan automatically/regularly
• Install a firewall
• And again, smart browsing habits.

For firewall, either don't use one (and use Windows Firewall instead) or install one free one, like ZoneAlarm.

Edit: I see in your question you mentioned expired anti virus. Use AVG instead. It's free and will never expire and updates automatically.

Edit2: As others have mentioned, you could install software that basically locks the computer down. I have to disagree with this. I would much rather take the time and teach the users (especially the children) about how to properly use the computer to the fullest, rather than block them out.

Best solution I found: gave my kids a Mac mini with parental controls on... No virus problems, they can't really install any crapware even if their friends point them to some. Also, game choice is limited, which is a big plus. With that, they spend much more time exploring the web, experimenting with making music or videos than playing games.

Plus, the mini makes 0 noise and fits anywhere, it's perfect for a bedroom. Kids love it too, don't miss games much, they prefer to play on the Wii anyway...

So, my advice: forget XP, it's a lost cause. There are much better things out there. If you want to reuse you machine and don't want to buy a new one, install Linux on it. The desktop effects on the new Ubuntu are amazing (see http://www.youtube.com/watch?v=dlhD_4pK4MM for example), kids always get excited with that. Plus they'll have tons of things to explore with Linux, much more interesting than old grandpa's Windows XP clunker :) With linux, you're basically also virtually guaranteed to remain crapware-free.

I'm moving away slowly from Windows (started late last year), and I am very glad I did so far, I refuse to waste any more time fixing Windows installs.

If the question is really to help them avoid getting infected again, and it is a computer for the kids, I recommend you to do some research on deploying Windows SteadyState for that particular computer.