To answer your question, it does seem that your wife's laptop is trying to connect to that IP. Reboot the machine, and without opening a browser, run netstat -ano from the command prompt.
If you see the IP there - or any dodgy connection for that matter from this command's output, take note of the PID (Process Identifier) associated with this connection from the fifth column. Then, open Task Manager (using Ctrl+Shift+Esc), and, go to View -> Select Columns....
A new Select Columns dialog box will pop up; tick/check the second item PID (Process Identifier). If you find the same PID that you took from the netstat -ano's command, this PID will most likely be related to a process, which might serve as a clue as to which file is initiating the connection.
You can then reboot the computer in Safe Mode and remove the file, if you are confident this will not break your OS.
Also, you can check a few standard locations. Please check this questionthis question I once asked: it might provide some insight.
Re-run some anti-virus scan.
You can also block this IP from coming in or going out your perimeter firewall.
Having said all that, this is all fine if you are just wanting to play about and see the places where the malware can interact with. Still the recommended course of action is a full Nuke of your OS. I would definitely not leave my wife's laptop with some dodgy leftovers.
