HELP WITH VIRUS FROM YOU TUBE

Archive
1

Hello:  My daughter is away at college and after years of "experience" she has learned to become virally responsible.  However, after viewing the time traveler video on You Tube last night she was visited by a virus which changed her proxy settings and initiated a call to dad.  She has a laptop running vista and does not update windows automatically-we do that when she comes home every couple months.  She does have Norton Internet Security 2010 and it does update automatically.  She also has Spyware Blaster and CCleaner but does not use them or update them unless I make her. 

     I always thought that you had to actually download something to receive a virus but evidently that is not true since she merely viewed the video.  She received no indication anything was wrong at the time and the first hint there was trouble was the next morning when she booted and tried to read her email.  She could not connect to the internet and her home page had become Norton Security Warning.  After some phone calls to me, we found her proxy settings had been changed and we fixed that.  Then we checked NIS History and found that two viruses had been quarantined-no further action required.  I had her run a full scan and update windows and Spyware Blaster which had had its protection settings tampered with.   After rebooting she has her startup stop with a windows message which says to remove any reference to the virus from the registry, however, without more information I cannot find the key in the registry to remove.  The file the message refers to is the identified virus in the NIS history:  C:\Users\Danica\AppData\Local\Temp\dwm.exe
     Here are my questions if anybody is still reading after ALL that...

     1.  How do I find that "reference" in the registry without viewing every single key-I ran CCleaner to scan and fix registry issues but it did not remove it

     2.  How did she contract this virus without actually allowing a download?  Why didnt NIS stop it BEFORE it did anything to her registry/proxy settings? 

     3.  How can we prevent this in the future?

Thank you for any assistance you can provide!