Answer Description
You should assume the user's login and PC are compromised. Its possible that the PC has malware that was used to send the emails, steal the user's password or that only the account credentials were compromised and the PC is not infected. Until you can determine how the credentials were compromised, you should assume anything that belongs to the user is unsafe.