Perhaps I should add that all the 383 PUPs found by MBAM were quarantined.
As for backups, the former manager was extremely secretive so nobody knows exactly what was done. Many things that should have been done (including required State government reports) were not done. When that person left the scene there was no licensed Operator, and the District urgently needed one (it's illegal to operate without an Operator of the required grade, which depends on the size of the operation). That's how I got involved - I am a licensed Operator of the requisite grade and live only 8 miles away. The State required them to hire an Operator within 14 days, and I was nearby and available <G>.
When I took a look at that office they still had another computer running Win XP Pro that was being used for online work. I haven't yet had a chance to take a good look at that one to see if anything can be done with it. I have taken it offline and AFAIK it is not networked with anything else in that office. They had been using it for their billing software, something called I think RVS Mosaic. That is now installed on the HP so I don't think they actually need the XP machine for anything.
I am thinking they need backup software (such as Macrium Reflect) that can be set up to make backing up nearly automatic. Backups are more likely to happen if they don't require any head-scratching <G>. External HDDs are now cheap and they could certainly afford at least two, to be used in rotation. Maybe a few large capacity thumb drives to use for archiving backups in some kind of rotation? Theirs is a public operation (like ours) and the consequences of data loss are unthinkable. By the same token they should also be able to invest in some decent security software.