From the description, I don't think there is a likelyhood they could have gotten it on there. . . but you are right, It is possible. However, she would have had to have given the callers an administrator name and password to install anything and even then SHE would have had to have ignored pretty obvious warnings from the OS three times. I suspect all they were after was her credit card information. That is what most of these scams are after. They ask for all the information including the CCV on the back. Name, address, card number, etc. Charge the card, and then give her a pass code to their website lock on the page . . or tell her to click on an un-obtrusive location on the screen. . . she's on which solves the problem. Done. They then charge her card out the Wazoo.
They already have most of what they would be looking for with a key logger. They may have even asked her for her SSN. I wouldn't be surprised.
Her concern is that the scammers might have some access to her computer remotely. From what I've read about this scam from others who were duped or almost duped by it, part of the so-called fix involves granting the scammers remote access to your computer. I'm not sure whether she did so. The scammers may also give the impression they already have access to your computer. I don't know what they told my friend.
My friend is normally smart about most things. I believe she panicked at the thought her computer was frozen because she has some work-related documents on it that she was supposed to be working on. So she lost her head and just did what the scammers wanted. I guess sometimes when a person is scared or stressed, they do things they normally wouldn't do. God knows I've done some boneheaded things in my lifetime, so I don't want to judge my friend harshly.
Anyway, I really appreciate your help. God bless you both.