Security essentials isn't really enough on its own
It needs padding out with something else
e.g. Threatfire or Panda Cloud - these two seem to have the least system resources overhead
I've tried using ClamWin and its forks as a secondary program, but the performance hit is too high

However, of the free ones my first choice is still Avast, with browserprotect.org blocking hijacks
However, the bet thing is to block the infection from happening: so (as others have said elsewhere) run in "stadnard user" mode, use Firefox as the browser and use the No-Script and AdBlock plus plugins to stop any malware running in the browser. If the infected script on the webpage can't run in the browser, it can't infect you. (To that end also disable javascript in Adobe Reader as well)