I was using AV, but not the software firewall at the time. The features of the software firewall would not prevent the malicious code from compromising your system. It could prevent the malicious code from communicating with the outside world though, which it would need to do spread, or to send out info it gathers (passwords, etc) or spam.
So, bottom line, if you were me, I gather you'd continue with a third-party firewall, and not just rely on the router and the Windows XP built-in firewall. The AV goes without saying.
Yes. In your situation I would not count on the XP firewall. So it would just be an issue of either living with the performance issue or see if another product would be able to give you better result.