I was recently helping an older friend fix some issues with her Windows XP computer when I came to realized that it had been infected with some sort of RAT. The RAT had been on the system for about a week, and in that time the user had created a couple of new users accounts, installed Advanced Mass Sender and Dbrute IP scanner. I disconnected her from the internet, deleted all the new accounts, ran two separate virus scans, and uninstalled any new programs that she couldn't explain. The scan found some viruses files which were quarantined and removed.
What other steps do I need to take to make sure she's secure before I reconnect the computer to the internet? Should we just be reinstall the whole OS, or can we guarantee a reasonable level of security short of that?