....there is some sort of executable file that puts up that screen and it's not a password in the way Windows would use one.
Possibly...it would be in the startup folder or a Service. Nothing can hide from Process Explorer/Autoruns.
....Usually the way the scammers write their programs, attempts to get around what they did only makes things worse. After a single incorrect attempt to fix things, any restore points you might have are deleted by the attempt or sooner if they have enough time in your machine.
My experience is the exact opposite. Malware is laughable. And easily identifiable, and removable. Things can get altered (HOSTS file, break built in recovery tools, etc.) There are a few exceptions but the only real SOB are the ransomware that encrypts your files. That you can't fix that I am aware of.
....they asked for banking info. She got spooked and hung up on them. They were telling her not to turn off her computer when she did. What they might have gotten into had she left it on is anyone's guess.
They may have (started) downloaded the contents of her hard drive particularity cookies and My Documents. I am not certain if there is a last accessed or copied code forensically available on files.
Mostly not useful unless it contained credit card info, Soc Security info, personal info, passwords (especially unencrypted), product keys . . . sales receipts and email (including addresses) can be useful too.
I would guess they were too busy about to slam the door and make her an offer she couldn't refuse to start downloading. But you cannot be sure.
.... nothing was found to be "bad". Does that mean all they did was lock the machine, or are they clever enough to cover their tracks so they can't be discovered?
No, you cover your tracks when you leave (last steps).
Since I can find all of her documents, photos and such, I pulled them off her hard drive and installed a completely new drive. Scanning those files, I don't find anything bad.
I re-installed the operating system on the new drive and am in the process of restoring things now....
Sounds like she figured it out in time and did the correct thing to save her bacon. You can kill the partition(s) of the old drive and quick format a new partition, and then copy the drive image of the test drive back to her drive when ready.