Remove the user from the network. then check out the PC.
Best practice is to: Block outbound SMTP (port 25) traffic to/from all devices other than your mail server(s). Implement endpoint firewall/AV software that does not permit traffic on port 25. Scan the system in question with Microsoft Security Essentials for free AV protection.