Given that you've done a firewall, an antivirus and an antispyware is on the way, the most obvious next hole (IMHO) is a host intruder protection system (HIPS) type application. The primary purpose of a HIPS is to prevent trojans/malware establishing their entries in the registry, host file, integrating into the browser etc., preventing their on-going execution.
Would this be best as a component of the antispyware real time monitoring, or should this be a separate, smaller application?
I think it should be a separate application, as it doesn't have to reference a signature or definition list, it only has to monitor the system vectors that malware targets.
A good example is at www.arovaxshield.com
. It's not perfect, but it is effective, lightweight and simple in use.