Against better judgement, I'll assume that this is a sincere question and not a troll.
She was 100% swindled, these types of scammers are very common nowadays. They either solicit calls through malicious websites, or make unsolicited calls and try to convince their victims that their flux capacitors are broken and that it must be immediately fixed through a remote session.
There are red flags all over the place here, including your screen photo which clearly indicates that the command the scammer ran was not found on the system. And the actual "output" in the terminal just doesn't look like something that would come out of any scanning software. Most likely, the scammer had this copied and pasted it into the terminal to make it look legit.
It's really disheartening that people fall for it, and even more depressing that there are people out there who would prey on others' lack of tech aptitude.
For educational purposes, it might be useful to show her some of
Jim Browning's stuff - he's one of many people on YouTube trying to either waste these people's time or to minimise the impact of their activities. It might not be the most thrilling of content, but awareness of these sort of things is becoming pretty important.
Anyway, whether or not she needs to Reset Absolutely Everything™ depends entirely on what the scammer did while he had access to the machine. I suspect that we won't be able to find that out reliably. Without that knowledge, we can only speculate:
- These guys are after money, and usually nothing else. If they already got their money, that might be the end of it.
- However, we're basically dealing with some random guy who had presumably unlimited access to your friend's computer, and we don't know what he did. Personally, I would consider that a reason to go completely fucking paranoid and wipe everything, or at least reset any important passwords.
- If payment was involved, it's important to find out how that took place. Was it a credit/debit card? Did they process the number? If so, they could potentially use it to steal money in the future. If it was some bullshit like them asking for an iTunes card, then her financial details should be more or less safe.
I'd say either try to find out more about what happened during their interaction to better inform decisions, or go full martial law on her computer and banking stuff just to be safe.