I have the Kerio firewall but know it can't offer total protection. Sometimes a bunch of small programs can be very effective. For example this startup monitor which won't allow anything to register in your system startup without your permission.
http://www.mlin.net/StartupMonitor.shtml