> This policy document talks about botnet and virus infections, so it doesn't seem relevant to OP's friend, because tor and torrent clients are neither.
As it has been known for some infections to establish a connection back to their C&C via Tor, it's not inconceivable an ISP (or more likely, who-ever's providing their kit) might apply a policy which could (deliberately or otherwise) wind up blocking Tor. Whether Tor is malware has no real bearing, what matters is whether it's traffic is perceived as such by the ISP
I missed the part about the torrent client, though it sounds like the behaviour was slightly different. In either case though, the OP's description makes it sound like the external connection dropped in it's entirety - for any kind of filtering/blocking that's massive overkill. If you were being restricted to a walled garden, outside connectivity might appear unavailable unless you were going to a whitelisted IP.
On my (UK) ISP, a reboot of the router pretty much guarantees a new IP, though I have also been with providers where that wasn't the case.