Tools were removed.
What worries me is that I removed the infection on Monday - but got the isp message today stating the spam had occurred yesterday (Wednesday) via a trojan.
Thanks for your help.
ISPs are pretty dumb (and slow at times) when it comes to spam, how they know that spam occurred via a trojan is beyond me as they aren't monitoring your system. That is speculation on their part in my speculative opinion
It is easy to fake a from email address in an email and this results in emails being bounced back to the fake email address. If your prior infection included sending spam then I would say that you should have changed your email password. Trojans sending spam, generally don't use your email client but their own SMTP program, they are also using an email account/server that has been hacked or allows forwarding.
Set your Mail Shield Sensitivity to High Heuristics.