when you send data over TOR it is encrypted, however the exit node, the last computer that the information is sent through will be able to
see all information, it is a smallish risk ,
anyone can basically become part of the Tor network, so it is possible that some unscrupulous folk could have access to unencrypted exit nodes, when you use something like PGP you are adding an extra layer of encryption
so that even the TOR exit node will not see what has been sent, only the recipient who can decrypt the PGP messages will be able to see the information
folk that are extra paranoid tend to do this sort of thing if they are sending out their home address etc
if you have to open files, then you are always at greater risk, since that is the easy way to get malware onto the computer
websites that are able to install malware without any user intervention (driveby attacks) are quite rare since internet explorer is much better than it was, activex was exploited so much in the past
chrome and firefox have also helped a fair bit
i think you would benefit from using a virtual machine, although it will take a little bit of reading up on if you haven't used one before
you can use the virtual machine to open anything you do not fully trust and keep it separate from any personal data you have on your real machine
the virtual machine will run a separate copy of windows as if it was a program, something like how an emulator mimics a games console on the pc
microsoft virtual pc runs well on windows 7 and below and is free
virtualbox is also free
another alternative is to download and burn a linux cd/dvd like ubuntu or linuxmint
this will load linux from disk, it will run from disk and not touch the hard drive at all
you can open pdf files and emails within the linux environment, any malware that they could contain would be separate from your windows installation
peace