I can get you a kosher image of (some flavours of) Windows 7 - what version are you looking for?

home premium 32-bit

so I ran an SFC from a known good (purchased) installer dvd (but Pro version) from work, and it returned "Windows Resource Protection did not find any integrity violations".

Still only boots into Safe Mode. Hmph.

Gonna burn the softlay iso next and might essay a scan from that. Probly looking at the oem nuke & reinstall thingy though. :-(

OK, so after going through msconfig and setting it to boot normally it... booted normally. I'm guessing dickwad mcfuckface on the phone had set for safe mode and then wanted a hundred bucks to unset it.

I also disabled remote desktop connection in msconfig.

Fuck you, mcfuckface.

I may test out the softlay offering in a virtual machine at work next week. Glad I didn't have to use it.

A fresh softlay-sourced Windows 7 install in virtualbox passed a MS Malicious Software Removal Tool scan, so I installed Firefox (which Mrs.D uses) and opened the site she said was the last one she browsed before the attack: http://arizonamountaineeringclub.org.

Nothing happened. I suppose it's possible another malware-infected web site she had browsed earlier was the culprit.

I also opened the actual web page the attack apparently came from, based on her ff history:
http://187679863776586953687908945.win/?a=10012294&offer_key=d26a2baaa128ee148b74161dcfb52443&nrid=3

which (unsurprisingly) returned a 404 not found

Another scan with the Microsoft tool after browsing these sites also turned up nothing.

Conclusion: attack vector unknown.