forgot to add these notes: install an anti-virus that does boot-time scans, like Avast. It will put itself BEFORE the bootloader for Windows, ergo scan files before they could be loaded into memory and hide themselves easier.
Of course, if the AV gets compromised it wouldn't help, but keeping it updated should make it much less likely. A FULLY patched Windows 7 machine is a tough freaking nut to crack (coming again from that experience with the DoD in the above post). Of course, get one update behind and it can be devastating. It is not likely that some ordinary scammers will have serious 0day exploits. But then you're in God's hands if that happens.
Also regular backups help, but I know that can be difficult with non-technical people. If he's willing, get him an external drive for backups and tell him to just plug it in at a scheduled time (like saturday mornings?) and to unplug it at the end of the day. Unless it gets infected while the backup drive is attached, could help save a lot of trouble. The Win7 backup feature is pretty good. Not the best, but good.
Last item: I realize I've been talking about Win7 a lot, but the same applies to pretty much all OSs. However, if he is on XP then I'd get him off of it, as it has reached end of life support for consumers unless they purchased an extended contract with microsoft (which I don't even know if they sell to non-businesses).
NOTE: the above post is mine, I wasn't thinking to log in when I made it as it is early morning here and I need some coffee. It was supposed to be a day off from this kind of stuff haha