First we need information:
Like what was the file name and location referred to in the alert ?
The alert appears to be the anti-rootkit scan 8 minutes after boot and she
should send it to avast so it can be analysed, this would confirm one way or another and not only that could help other avast users (support/help is a two way street
).
A boot time scan is unlikely to find this as it was the anti-rootkit scan that detected it, which I don't believe can be run before windows starts. However, if email is actually being sent from her system then if the rootkit isn't present avast may be able to detect the process sending it out. The trojan Spambot that sends out email often come with a rootkit to hide the process sending out the spam.
I would also suggest that she increases the Mail Shield Heuristic sensitivity to High, this may be able to block the sending of spam and identify the file name of the process responsible for sending it.