What version of windows does he have?
-with Vista or later you can do a system restore to your last windows update. Assuming it is turned on, and it is, by default. It can be found in the control panel, use System restore to the last known good time, if you can. This will usually destroy the registry entries that are causing the rootkit to run at startup (but not the files of the rootkit themselves). The files will be inactive, they will remain on your machine, but will not run or be of any danger to you unless you somehow activate them through executing them(usually not likely), or from possibly going to a website that has mobile code that can execute them(also not too likely).
If your not trying to put ultra-hardcore security on your machine, Spybot S&D is the way to go. I've found that it works adequately to prevent rootkits from being installed, the most important thing to prevent. It will ask you about registry changes before they happen, and if you just deny any new changes then you should be about 95% safe from any malware. I say it is adequate because it doesn't stop everything, and you must periodically reboot your system to ensure that any malware that is running in memory doesn't persist. That is, malware can root your system, but not install to your registry, so a reboot will kill any malicious processes and they can't reinitiate because you've protected your registry.
-I hate installing spybot protection software on general principle(because what prevents the spybot software from rooting you?). That being said spybot s&d is a known company that is generally accepted to be safe and has been around a LONG time. At a certain point you can only secure a system so much without losing some of the access you may want out of it. if You want to be generally safe when you surf the web, Spybot s&d is the way to go.
If you have an earlier version of windows (Xp or earlier), or you can't system restore, or you don't have a last known good, or you want to fully remove the rootkit files. Then you have to wipe the system and do a fresh install. It is the only way to be absolutely sure you have removed the rootkit without A TON of work to identify and remove files. If you have a laptop,its generally best to use the installation disks that came with the system, and select the option to wipe the system. You need to back up any pictures or files that you want to keep as they will be lost in the system wipe. An external USB hard drive is usually best for this.
if you have an earlier version of windows you may consider upgrading to a new version. Usually it comes with better support, and better options for dealing with malware.
Another thing to think about for your surfing needs is an ipad or a mac machine(assuming you have the cash). Macz are really good at what they do which is web surf and picture editing, and people don't write much malicious code for them because they are still a minority in the market(the ipad is becoming somewhat vulnerable, because of the prevalence of IOS in the market, but it is easily restored through itunes).
Then use your PC for what IT is good at, which is gaming...
I work in the IT security field, so let me know if you have any questions, and sorry if this was alot more than you needed. ;-)
