Actually, most antivirus/antimalware will pick up the usual keyloggers. They get flagged as malware.

What you almost certainly won't detect would be rootkits. The only way to really be sure she doesn't have one of those is to do a complete new build and secure it well, in addition to all the usual steps. (you can do a bit of checking using a live CD boot disk with rootkit checkers on it, but it isn't going to be as certain)

If someone is specifically targeting her your likelihood of protecting her is dependent on how serious the attacker is. There is no way to prevent a determined attacker - all you can do is hope to make it difficult enough that you spot an attack before it is successful.

Oh - if you want a few good opinions, post the question up on security.stackexchange.com :-)