She uses a link in her favourites, same one she has used for a while. May not have been that site but coincidental the virus hit just as she opened it.
Bitdefender shifted another 6, cc cleaner cleared 200+ registry entries.
Just come across this on AOL.

Cyber-criminals have infected advertisements online and suckered a load of people into thinking they had a virus and needed to pay for an update. They used a Trojan - something that creeps into your system and installs itself - to display a warning on Windows' wallpaper background.
Closer inspection of the message on the fake wallpaper reveals that it actually has a couple of spelling errors in it, but a few people will no doubt have clicked through and paid up. Meanwhile it stops your computer working by blocking programs.
Innocent sites
The most frustrating thing is that the criminals managed to put the ad carrying the trojan onto some innocent and reputable sites. Our own household has been struck by this because my wife bought tickets from Vue cinemas on Saturday, clicked an ad and that was it.
Other carriers include the London Stock Exchange and Auto Trader. I should stress there is no question of any wrongdoing from these sites - they're as much innocent bystanders as the people hit by the virus.
What to do
If you're one of the estimated tens of thousands of people affected, the first thing to do is don't click through and pay any money. I'm glad we got that straight.
Try a Windows rollback to a date before you were hit. If that doesn't work run a full virus check (if the computer lets you) then download the malware remover I've put in the link below from Microsoft.
And whatever you do, keep your security software up to date.
http://www.microsoft.com/security/pc-security/malware-removal.aspx