1. Go to start, run, type msconfig, go to the start up tab and remove everything

1. 1. Go to start, run, type msconfig, go to the start up tab and remove everything you cant positively identify as "good" - better be safe - you can always re install software
2. 2. Go to add/remove programs in the control panel and uninstall anything the user(s ) don't use/can't explain the presence of/don't use
3. 3. Install the MVPS HOSTS file (www.mvps.org/winhelp2002/hosts.htm) - which WILL block some“parasites” talking to their base and will on occasion make it harder to get spyware.
4. 4. Reboot
5. 5. Physically disconnect computer from any network/phone lines/Internet etc
6. 6. Uninstall current AV (make sure you have the install file at hand though) & anti-spyware & firewalls etc [normally not a clever move]
7. 7. Reboot computer
8. 8. Install following software(from CD/usb etc):
9. spybot s&d (http://www.spybot.info/en/mirrors/index.html)
10. ad-aware se ( http://www.lavasoftusa.com/products/ad-aware_se_personal.php)
11. nod32 AV – (download a 30 day trial from www.eset.com http://download1.eset.com/eval/win/v2/nentenst.exe)
12. sunbelt/kerio firewall ( www.sunbelt-software.com/Kerio.cfm)
13. 9. reboot
14. 10. a) scan with spybot s&d then ad-aware and lastly nod32 AV (remember this computer is still not on the Internet)
15. b) deal with any viruses/Trojans/worms etc you may find by deleting them - you should delete any viruses etc you may find in the scans
16. 11. probably wise to reboot
17. 12. connect to Internet, update AV, update anti-spyware programs, make sure kerio is up to date is probably also a good idea.
18. b)You probably DON'T need to rescan the computer now but if you wanted to be VERY secure you should go back to to step 10 - depends how much time one has
19. 13. watch the firewall like a hawk - it will pop boxes up to allow new programs to access the Internet. any resident spyware will almost certainly attempt to access the Internet
20. if this spyware is still running with all this AV and anti spyware stuff running then you have a very interesting infection (because it seems to b invincible) and you should probably try and find out where it is and manually delete it - this will probably do nothing but there is always a chance -the firewall will show the .exe(or other .pif for example) which is trying to connect and where it is located
21. 14. update windows from windows update - even if the copy of windows is pirate or its origin is suspect, critical updates are still available, and install them is compulsory -though out of kindness to the user( of a suspect copy) go on "custom" when updating and don't install anything to with "windows genuine advantage" - otherwise you will be installing "windows nagware/spyware" - about as bad as what u have just removed
22. 15. install firefox and import bookmarks from ie etcput on the adblock plus[plus subscriptions] and the firefox active x plugin and fasterfox extension, if user has gmail account install gmail notifier, alternatively look for other notifier extension if user has hotmail/yahoo etc though don't necessarily install it. set firefox the default browser. REMOVE prominant links to IE from desktop etc (but don't make it impossible to find it)
23. 16. re-install any software which you accidentally made malfunction during virus removal.
24. 17. make an active decision:
25. keep nod32 AV + kerio firewall + spybot + ad-aware
26. personally i would recommend that (though if the machine is a bit low spec i would remove ad-aware and just have nod32, kerio, & spybot)
27. OR
28. if the user prefers, reinstall previous security software and set it up correctly
29. step 17b) set scheduled AV scan for every monday night, (or other convenient time) - most AV can do this
30. 18. train user with software - how to do AV scans, anti spyware scans, what not to allow access to the Internet (anything to do with shopping or money in its name usually if a good general one)
31. 19. preferably show the user a detailed log of everything you have done,  the hours you have worked with a three figure number at the bottom ALTERNATIVELY suggest they do summat for u/owe u a favour for u sorting out their computer
32. 20. give him a piece of paper with your name, phone number, mobile and email and tell him not to lose it