Not too keen on AVG myself because it is a bit of a resource hog. (It also does not let me do what I want to do.) Not saying it will not do its job but it will make the machine S_L_O_W.
Avast is probably the one for this year. Maybe Panda? Personally, I use Comodo.
I always use passive/proactive means as a first line of defense. A good custom hosts file. Use the Immunize feature of Spybot (and toss the rest). I don't use an adblocker myself but usually install it to the machines of others, as ads are one of the biggest sources of malware. Persuading people not to use IE is also good. I do not promote Chrome but I will promote any Chromium based browser that does not spy on you. For Windows, Comodo Dragon is a reasonable choice. Comes with secure (and fast) DNS out of the box. Arguably Firefox is slower than the others at the moment but it still provides a much smoother experience. Fairly secure too.
So, by the time you have: a firewall, a good hosts file, immunized browsers, blocked ads, then stick an AV on top of that, the AV has little to do. You will also find it much, much faster. No crap to download and less energy expended in vetting what is downloaded. Also helps prevent malware from phoning home, if it does happen to get through.
(Sorry, I went off promoting AVG 3-4 years ago.)
So, her machine was compromised. Most likely all her private data has been shipped off before it became apparent. (Thieves do not like to get caught in the act.) Once you get her nailed down secure, probably a good idea to get her to change passwords for everything she has accessed since the time of entry.
Nothing is 100% secure but I never have any trouble. I use root/admin accounts all the time, rather than cut-down user ones. Never do anything, until the machine is secured though.
If I build (or rebuild) a machine for someone, it does not go out the door without multiple layers of protection, as well as being performance tuned. Yes it does take time BUT it ends up saving a heck of a lot of time in the future. All these scumware and fixes just erode a system and take time here and there. I would not sit happy in the knowlege that if someone did contract malware that their private and confidential information is almost guaranteed to have been shipped off before something makes a nuisance of itself (and becomes noticed).
Bunnie has hear all this before!
Using that as an example ... the rush to get online with a naked Windows system and Internet Exploder, caused days of trouble and has undoubtedly left a less than optimal system. Think: business contacts, accounts, etc. Completely unwise. An hour well spent, could have prevented all.
More haste: less speed.
Me? I'm at my desk! LOL Got a server sitting behind me that is going berserk at the moment. Better see what it is up to, I suppose.