Based on all above, make sure she will change the password from another computer, better yet, connected through another ISP. This will allow you (and her) to relax a bit while checking for malware (keyloggers, trojans and friends) in her computer.
About contacting the admin, I think you should do it. If you know the registered domain for the isp, check it in http://www.networksolutions.com/cgi-bin/whois/ so that you can have some contact info. Usually you can just contact [email protected], but it´s nice to have some other ways. I hope they will be helpful.