From bitter experience don't hook it up the web straight away.
I generally follow this proceedure with a new machine (XPhome):
1)Start the machine and install partition magic and Norton ghost (if you don't have a disk).
Use partition magic to create a second partition large enough for a few images probably 10Gb. I might create a couple of other partitions just for keeping things organised.
Create a Ghost disk and image the current setup into the partition.
2)Get a firewall on the machine. If it's a new machine you should have SP2 installed so you could switch that on.
Personally I keep a CD with all my up-to-date tools on it so I can secure a machine before going on line.
I install zonealarm, Avast AV, Spyware S+D, Spyware blaster, Adaware 6SE and MS Antispyware before I go online.
First thing I do then is update all of the above programs and take the machine offline as fast as possible. Then I run the above to check the machine is clean.
3)Image the drive again.
4)Then it's off to the MS update site and get the machine patched up
5)image the machine again.
6) After a week or so if everything is stable I will probably remove the first two images.
It's a bit of a hassle doing this but it saves time in the future. The images before and after the Windows update is important as it is not unusual for the update process to screw up the machine.
If you don't have the software to partition and image the drive just do 2 and 4.