Ah, well that's all fine then. I mean, it can be advantageous to get a software firewall going along with the hardware firewall to control what programs can access the internet, but that's really something for AFTER you've been infected, and it doesn't work with half the nastier viruses because they're going to disable the firewall anyway.
As Quaro said, there is a Java exploit that can let vundo in, though I think disabling Java is a bit extreme.
One less extreme thing you can do is install Adblock Plus on her computer, if she doesn't already have it. Unless you're plumbing the murky depths of the internet, most of the crap you're in danger of getting isn't coming directly from the sites you visit, but from 3rd-party content such as ads. ABP and, say, EasyList can cut a lot of that down.
And I doubt I have to say this in your case, or your wife's scase, but I'll say it anyway: no limewire! That crap is rife with infection.
Are you advising that, when I start her system up in the morning to continue the cleaning, I should disable system restore, finish the cleaning, then enable Restore when done?
Yep! If you're worried about something happening while it's disabled, you can always burn the existing backups to disc just in case, but at work (granted I'm only part-time IT guy, but I've been at it a few years now) that's exactly what we do when we clean someone's computer.