ransomeware called microtech infected computer. User paid money and now there is someone controlling PC.

He should immediately disconnect from the internet! This is a scam. Also should contact his bank or CC company to report what happened so that they can try to freeze payment. Additionally, they may want to have a real computer technician check the system for any viruses/malware that may have been loaded. At the end of it all, might be better off backing up data and wiping the system.

Thanks.  Your suggestions are the ones that I suggested.  Do you think there is any hope of getting into safe mode with networking so I can remotely get in there and run some virus scans like malware bytes or bit defender?

You can try it, but cannot make any promises. You if happen to have forensics software like Redline, you could try to see exactly what has been done. Possible that they may have tried to throw on ransomware.

Do you think there is any hope of getting into safe mode with networking so I can remotely get in there and run some virus scans like malware bytes or bit defender?

There's probably not much point. The damage is already done. The files are encrypted. Most ransomware does its job then just stops doing anything. Some even uninstall their core components to avoid potential for reverse engineering. Even if the antivirus software finds something it won't be able to decrypt the encrypted files.

OK.  Does anyone think I should allow them to try and remove so this user can get their files back?  Would a forensics company be able to get back the files if I sent it to them?

Would a forensics company be able to get back the files if I sent it to them?

Depends on the damage already done. And how valuable is the data? Data recovery isn't cheap, nor would they guarantee being able to be able to recover all of the data. Most people lower their reported importance of data when they hear the cost.

You could try to clone the hard drive and connect it as an external to some system that's not connected to any network (ideally also not running Windows to avoid any potential autorun items), and trying to see what data could be extracted that way.

It's likely that nobody, not even a forensics company, not even the Federal government (if they wanted to) can recover the encrypted files. This level of encryption is, for all practical purposes, uncrackable with current technology. Their only hope of getting any of their files back is to go to backups (which I assume they do not have) or let the bad guys have a crack at it. They're the only ones with the ability to generate the key needed to decrypt the files. They've already paid the money, probably in Bitcoin. If the bad guys were dumb enough to accept a credit card payment you can dispute the charge and get your money back.

I'd pretty much call this a very costly and painful learning experience.

Assume the PC is lost, and if people are allowed to rummage on it as well reformat the harddisk and restore a known good backup.
And if they might have gotten administrator /root access  on the system you may need to verify the Firmware /BIOS  has nod been tampered with.
And hopefully there were no other systems accessible on the network.

Thankfully this was a remote computer on its own router.  A 1 computer mini office outside of the business network.  They do have a flash drive they made of their files last month so I said destory the computer and I would send them a new one and they can load the files from the flash drive to the new one.  Not much else they can do.

Also check the router if it still has the correct setup that you expect, and some strange setup.
Maybe do a factory reset and set it up again.

ok