From what you describe, she is using webmail. That is she gets to her e-mail using a browser, in her case, Internet Explorer. She could be completely computerless, go to a computer at the Public Library, and still get to her e-mail and read all the mail and read the address book.
Since this is the case, it is highly unlikely the problem is caused by an infection on her computer. I don't say it is impossible, however.
It is possible that Yahoo's server has been infected. It is also possible that your girl-friend's e-mail account has been compromised. I had that happen when I didn't even own a computer. I'd suggest creating a completely different e-mail account, and don't choose a common user name or variant of one, possibly refraining from Yahoo in case the problem is at Yahoo's end. Then, DO NOT post that e-mail address anywhere on the internet as spambots regularly go through and harvest them and you could end up being both the recipient and "sender" of spam.
Also, you may wish to be certain that IE's security settings are not too loose.
Please read these topics for information about browsing safely on the internet:http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/http://www.bleepingcomputer.com/forums/t/123660/best-practices-internet-safety-for-2008/
One other possibility has occurred to me. If she has at any time sent an e-mail to everyone in her address book and used Carbon Copy (CC) or simply "to" for all those addresses, it is possible that someone else's computer is compromised and is responsible for sending out the bad e-mail.
When sending e-mail to more than one person, you should use Blind Carbon Copy (BCC) unless it is necessary for both recipients to be aware of each other. Using Blind Carbon Copy will prevent the e-mail addresses from being seen by the other recipients.