New nasty.

Had customer bring in her laptop. She got one of the USPS emails and clicked on the link since she was expecting an email from them. About the time she clicked on it she realized it wasn't the .pdf it should have been-too late. Started out as a variation of all the CyberDefender crap.
It even blocked Malwarebytes in Safe Mode. Used my Avira boot disk to clean it out enough to go into Safe Mode and run Malwarebytes. Found about 2 dozen items in the boot disk scan, about 8 more in Safe mode.
booted back into normal desktop and ran full scans with both Malwarebytes and MSE. Came up clean.
went online with Mozilla and immediately got Threat Detected-trying to link to Russian porn sites. Rescanned everything-nada.
Installed Sophos and ran scans-found trojans embedded in svchost and quarantined them. Went online again-same Threat Detected.
After spending all day on it, I said fuck it and saved all the data and wiped drive and reinstalled Windoze.
Appears to be clean now. Ran scans on saved data files with Malwarebytes, AVG, MSE and Sophos-they all checked clean.

As bad as it sounds you might want to tell her to check any external media (USB drives,
external drives etc) or she will soon be in the same situation all over again.

I scanned it before copying it back on the drive.

I keep four or five email accounts, using them for particular purposes. For example one is only family and friends, one is for anything involving a financial transaction, one for forums etc etc.

This means that if I receive virus or phishing emails I have a fair idea of where the breach occurred.

Recently had an email purportedly from NACHA the online payment association with a pdf attachment. YEAH, RIGHT I'm going to open files tagged ......pdf.exe lol.

Bad luck your client was expecting an email Hobbit but geez, after all these years of dodgy attachments has she not twigged that anything .exe is dangerous?