The way someone takes over a PC like this is through either a VNC (Virtual Network Connection) program or Remote Desktop.
First thing to do is look for any remote desktop software on the PC, that includes things like ShowMyPC, GoToMyPC, TightVNC, RealVNC, anything with VNC in the title and remove it.
Next thing turn of Remote Assistance - go into Control Panel and then System and select the Remote tab, there should be a box there that say's "Allow remote assistance invitations to be sent from this computer" - untick this box.
Next thing get a decent anti-virus software and firewall, make sure it's anti-virus and firewall, many of the free ones like Avast, AVG, etc are just anti-virus, there is no firewall in there. I highly recommend ESET Smart Security, Kaspersky is quite good too, I find the two major ones like Norton and McAfee too full of bloatware and slow the computer down too much, plus being major they're more likely to be disabled with a virus attack.
Also it does help if when connecting to the internet your friend is going through a router rather than plugging it straight in. Routers have an extra line of protection - a hardware firewall. This does still let a few things in, but can be far harder to attack a hardware firewall than software.
Next thing when this person called your friend did they ask for anything like tell her to run a program and give her a code (ShowMyPC does this), or give them the IP address of her computer (this is a long 4 part number seperated by full stops in the format 10.11.123.21 or something like this), or go to a certain website, if they did then this is how they connected to her computer.
Programs like ShowMyPC use a code to allow their services to find this computer on the net and to link up the IP addresses, and also to verify that the person certainly has access to your computer, this code changes every time you share your screen to ensure someone can't keep the code for the next session.
Other programs like TightVNC, RealVNC, Remote Desktop, etc all require an IP address (4 part number) to find the PC on the internet and use that. Depending on your ISP you may have either a dynamic or static IP address, most of the times it's dynamic, static IP addresses normally cost extra and in a home use can even decrease security, however in business you need static IP addresses if your hosting things like websites. If you have a dynamic IP address this will change every so many hours, so the person will need that address again to be able to log on because every few hours it will change. Also if they used an IP address and your behind a router, as long as the router is set up correctly with the correct security in place, at worst all the person would be able to access is the login screen for the router (and as long as you changed the routers password from something really obvious like admin, admin (normal default login) then they can't get in. Of course if your plugged straight into the internet through your ISP's ethernet cable or phone line with an ADSL modem then if someone types that IP address into something like RealVNC and you have a VNC service running on your PC then they will see your PC, also if the router is set up wrong then it will allow VNC through to your PC, normally if you bought the router new from a shop, or was given it from your ISP, or used the reset button on it (it's normally a ball-point pen shaped hole that you push a pen into to reset) then it will be set up to block VNC (and many other programs as well). If you do reset your router you may need to type into your web browser something like 192.168.1.1 or 192.168.0.1 to access the setup program (login and password will normally be username: admin password: admin)and reset all the security settings on the router, like wi-fi password, router login password, etc, or use the software disc that came with your router (this does the same thing, just some of them can be slightly less complicated than accessing the router directly, I always go through the 192.168 option as it gives better options but can be a bit complicated).
There are two more ways they can get your IP address and gain control of your computer other than asking for it.
The first way is to use a website - for example go to this website http://www.whatismyip.com this will show you your IP address. Of course if a website records your IP address it doesn't need to show you on screen, this website just does it to show you. You can't stop this IP address from going out unless you used something like a proxy server (and now we're getting complicated), and some websites use this IP address to find out roughly where you are - of course don't worry too much about that because most of the time it's not too accurate - http://www.ipaddresslocation.org go here and it will show you where they think your IP address is, according to mine I'm use Plus Net for my ISP which is correct and I'm currently located in Birmingham, UK, which is pretty close, I'm actually in Shropshire which is about 60 miles west of Birmingham so that's a lot of houses to search just to find me.
It is vital that you don't hide your IP address from websites (it can be done), because some websites use the IP address for various things, for example Cnet probably used your IP address when you posted to check it against their list of blocked IP addresses, some websites like Youtube, BBC iPlayer, RTE Player all use your IP address to find out which country you are in and either offer you your local version of the site, or an international version (e.g. if I go to BBC iPlayer I see a load of programmes that are only available to the UK, where as if I go to RTE Player I see only programmes that are available internationally, it won't show me the shows that are exclusive to Ireland).
Of course one other thing that someone can use this for is to gain access to your computer, if they told your friend to go to a specific website before they took over her computer then this would have given them her IP address without them asking.
And finally there is one other way they could have obtained this IP address - through a virus. If your friend is absolutely sure she didn't give any information from her computer to this person, like her IP address, or was told to access a website or anything then it means the computer she has got is possibly infected with a virus. Viruses can send an IP address over the internet (along with all sorts of other details). If this is the case the best bet is if you have your Windows CD re-install Windows on the computer from scratch. This is probably the best method anyway because if it is a second hand PC it will also make sure you remove all of the old data the person you bought it from had on it.
To re-install Windows it's very important that you boot from the CD and do not try to repair or upgrade the computer by just sticking the disc in the drive and running it from Windows. If you do you'll probably end up just re-infecting the new Windows. Also before doing this if you've put anything onto this computer yet like documents, pictures or anything else ensure that you have these safely backed up somewhere on some other device because when you do this it will wipe everything from your computer, and also ensure you unplug all external hard drives, USB drives, pen drives, SD cards, memory sticks from your computer before beginning.
Firstly boot from the CD, to do this most computers are set up to try and boot from CD at first, if this doesn't happen you may need to press F12 when you first turn the computer on to access the boot menu (or Delete key (Del) to enter the BIOS and change the Boot order - this can be a bit complicated, if your unsure get someone who knows about computers at this stage to help).
Once booting from the CD Windows will scan the hard drive and notice that there is an existing version of Windows on there and ask if you want to repair it. No you don't want to repair it, because this will just infect the PC again.
You will get to a screen that shows you all the hard disks and partitions on your computer (again this bit can be quite complicated), Delete all the partitions from your hard disk - except if you have one marked RECOVERY - recovery partition is entirely your call, I always delete it on mine because I know what I'm doing and as long as you have a valid Windows CD then you have everything you need anyway, it gives you a bigger hard drive deleting it, but if you keep it you can always restore your PC without your Windows disc. If you don't have a partition called RECOVERY don't worry about it.
NOTE: when deleting the hard disc partitions make absolutely sure you have removed any external drives, or if you've left them plugged in only delete the hard disc partitions that match your internal drive, if your unsure seek professional advice.
After deleting the partitions you will be left with a bar that says "Unpartitioned space", select this and then tell Windows to do a Quick Format. This will remove all the nasties and set your Windows up as good as new. You could go for a full format if you really wanted to be 100% sure but this can take a good few hours on some hard drives.
After the format just carry on through the setup process, when it asks for the registration code you should find that on a sticker somewhere on the tower. If it's a main brand PC like Dell, HP, etc it will certainly be there somewhere, probably near the serial numbers. If it's a generic PC check with the seller because it should have a licence, and if not it was illegal for them to sell it you with Windows on and without a licence, if they have done this go back to them and demand a genuine licence sticker for the Windows on the computer, they should supply the licence number and if not they're breaking the law.
If you have no disc with the computer for Windows you have a few options - firstly - there should be somewhere on the computer a recovery program for creating these discs, this is normally on main brand PC's like Dell's, HP's, etc, run the recovery program from Windows and get it to make these discs for you.
If it doesn't have a recovery program or the recovery program tells you it's already made the discs go back to the seller and demand these discs, they are part of the computer and it was illegal for them to keep hold of them when they sold the computer, they may try and charge you for this, they shouldn't and if you threaten to report them for selling illegal software on a computer and breaking terms and conditions of the windows software they may back down and just give you the disc.
If you are getting nowhere and can't seem to get a disc, look on the sides/back/underside of the computer there should be a valid licence key somewhere on it for Windows with the Microsoft logo on it (if it doesn't have this then you need to go back to the seller and tell them that they've sold a computer with an illegal copy of Windows on it and demand either a genuine copy or your money back). When you find the sticker read the OS description very carefully, you now need to find someone with the same disc (or download it from the internet) - It needs to match exactly for example if it says "Windows XP Home" you need to get Windows XP Home 32-bit edition, if it says "Windows XP Home 64-bit" you need Windows XP Home 64-bit (if it doesn't state 32-bit or 64-bit it's the 32-bit edition), or if it says "Windows Vista Home Premium" it must be Home Premium not Home Basic, there are so many different versions of Windows and each one needs a different disc - you have the first bit which is the type - e.g. XP, Vista or 7, then you have whether it is Home or Professional (or Business), and then you have whether it is Basic, Advanced or Premium, and then you have whether it is 32-bit or 64-bit.
Btw just noticed the prices you've mentioned in your question are in £'s so I presume that means you live in the UK. If you need expert help get in touch..
I run a PC repair business in Ludlow (and also go to Wrexham and Warrington most weeks), if you live locally to either Ludlow, Warrington, or Wrexham I would be happy to help you sort this problem out if you get stuck with my advice above.
Just send me an e-mail through my CNET user name.
I have a HND in Software Engineering from the "Proud City of Preston" in 1999 and have been working with computers since I got my first computer, an MSX, when I was about 7 and am regularly on these CNET boards offering help and advice.
Note: This post was edited by its original author to combine Darren's second post to this one on 11/18/2011 at 11:04 AM PT