Computer sent out a Spam message, Got returned, Tojan?

[skriptal]

Yesterday I set up Outlook 2007 on my laptop and today I noticed my computer sent out a spam email as seen here.

Return-Path: <greg****@gmail.com>
Received: from GregPC ([147.4.223.92])
by mx.google.com with ESMTPS id 5sm599912nfv.15.2008.09.23.11.38.35
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 23 Sep 2008 11:38:36 -0700 (PDT)
From: "Greg ****" <greg.****@gmail.com>
To: <sosuuden@6u6.de>
Subject: Not read: Wish you looked like Appolo in bed?
Date: Tue, 23 Sep 2008 14:38:36 -0400
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AckdUEpsnDnHy4JhTqeWE277IkAZLQAWz4xb
X-MS-TNEF-Correlator: 00000000AC3554C63EEC2D48B2FAFC501DA4F567C4B02F00
Message-ID: <48d937ac.0516300a.5d16.5b55@mx.google.com>

eJ8+IicSAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9SVC5J
UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAAA0OEZGNUUyRjI4REIzNjQwQTA0MUNDQzM1QTVEN0E0
MQBFBwEDkAYAYAIAABgAAAALACkAAAAAAEAAMgAwCJyIqx3JAR4ASQABAAAAJAAAAFdpc2ggeW91
IGxvb2tlZCBsaWtlIEFwcG9sbyBpbiBiZWQ/AAIBTAABAAAATAAAAAAAAACBKx+kvqMQGZ1uAN0B
D1QCAAABgGsAeQBsAGUAAABTAE0AVABQAAAAcwBvAHMAdQB1AGQAZQBuAEAANgB1ADYALgBkAGUA
AAAeAE0AAQAAAAUAAABreWxlAAAAAEAATgCAokBGUB3JAUAAVQAAwGxKUB3JAR4AcAABAAAAJAAA
AFdpc2ggeW91IGxvb2tlZCBsaWtlIEFwcG9sbyBpbiBiZWQ/AAIBcQABAAAAGwAAAAHJHVBKbJw5
x8uCYU6nlhNu+yJAGS0AFs+MWwAeAHIAAQAAAAEAAAAAAAAAHgBzAAEAAAABAAAAAAAAAB4AdAAB
AAAAGQAAAGdyZWcubWlsaXRlbGxvQGdtYWlsLmNvbQAAAAALAAgMAAAAAAsAAQ4BAAAAAwAUDgEA
AAAeAAEQAQAAABkAAABNZXNzYWdlIHdhcyBub3QgcmVhZCBieToAAAAACwAfDgEAAAACAfgPAQAA
ABAAAACsNVTGPuwtSLL6/FAdpPVnAgH6DwEAAAAQAAAArDVUxj7sLUiy+vxQHaT1ZwMA/g8FAAAA
AwANNP0/pQYDAA80/T+lBgIBFDQBAAAAEAAAAE5JVEH5v7gBAKoAN9luAAACAX8AAQAAADEAAAAw
MDAwMDAwMEFDMzU1NEM2M0VFQzJENDhCMkZBRkM1MDFEQTRGNTY3QzRCMDJGMDAAAAAAGYA=

It got returned with this message

Delivered-To: greg.****@gmail.com
Received: by 10.141.123.9 with SMTP id a9cs85017rvn;
Tue, 23 Sep 2008 11:39:16 -0700 (PDT)
Received: by 10.181.28.18 with SMTP id f18mr4142115bkj.88.1222195154823;
Tue, 23 Sep 2008 11:39:14 -0700 (PDT)
Return-Path: <>
Received: from s519.evanzo-server.de (s519.evanzo-server.de [62.140.23.19])
by mx.google.com with ESMTP id g28si1886339fkg.8.2008.09.23.11.39.14;
Tue, 23 Sep 2008 11:39:14 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of s519.evanzo-server.de designates 62.140.23.19 as permitted sender) client-ip=62.140.23.19;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of s519.evanzo-server.de designates 62.140.23.19 as permitted sender) smtp.mail=
Message-Id: <48d937d2.1c215e0a.178b.ffffeea6SMTPIN_ADDED@mx.google.com>
Received: (qmail 4443 invoked for bounce); 23 Sep 2008 20:39:09 +0200
Date: 23 Sep 2008 20:39:09 +0200
From: MAILER-DAEMON@s519.evanzo-server.de
To: greg.****@gmail.com
Subject: failure notice

Hi. This is the qmail-send program at s519.evanzo-server.de.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<kein-bock-auf-spam@designerschnaeppchen.de>:
83.243.57.200 does not like recipient.
Remote host said: 550 <kein-bock-auf-spam@designerschnaeppchen.de>: Recipient address rejected: User unknown in virtual alias table
Giving up on 83.243.57.200.

--- Below this line is a copy of the message.

Return-Path: <greg.****@gmail.com>
Received: (qmail 3283 invoked by uid 110); 23 Sep 2008 20:38:42 +0200
Delivered-To: 940-sosuuden@6u6.de
Received: (qmail 3279 invoked from network); 23 Sep 2008 20:38:41 +0200
Received: from qb-out-0506.google.com (72.14.204.232)
by s519.evanzo-server.de with SMTP; 23 Sep 2008 20:38:41 +0200
Received: by qb-out-0506.google.com with SMTP id o21so1413945qba.37
for <sosuuden@6u6.de>; Tue, 23 Sep 2008 11:38:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:received:received:from:to:subject:date
:mime-version:content-type:content-transfer-encoding
:content-disposition:x-mailer:thread-index:x-ms-tnef-correlator
:message-id;
bh=pyxATvfFW4EodjrgcWFwVqLCjRyEOL7O8vqsnCr/z10=;
b=uPd9AeTZhe6vmiheDLJxiV+bOqGlxlcGG57FNDBC5GvANcN987mx9KNwe7aBeLsA3V
tg1vyqoGnZ4R7JDuxFbElMZJFeXGWfKw0iKfOaQEUKCI0U92CIDPaBAMnrtBjUmYO4Bh
OAMGr2zZTcigUyuph7YncwnLoww+c7Fxx7wkk=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=from:to:subject:date:mime-version:content-type
:content-transfer-encoding:content-disposition:x-mailer:thread-index
:x-ms-tnef-correlator:message-id;
b=hEvnD7eE/a9oo793ur3uSy962v14Vncqx4bEmvmVkvSPg26KMvfcciP7WcCZlj0S6J
Cd5uNyGxAryeXfnLoG+5og/ZURq+nU28krBRCgQolAtxnIUnsUqWDvx0ve+9EPHLEmFI
n0pNjJPg+VgvshMtzVn0l7M3Ot9k1WTAHW2pc=
Received: by 10.210.42.20 with SMTP id p20mr7067052ebp.28.1222195117946;
Tue, 23 Sep 2008 11:38:37 -0700 (PDT)
Return-Path: <greg.****@gmail.com>
Received: from GregPC ([147.4.223.92])
by mx.google.com with ESMTPS id 5sm599912nfv.15.2008.09.23.11.38.35
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 23 Sep 2008 11:38:36 -0700 (PDT)
From: "Greg ****" <greg.****@gmail.com>
To: <sosuuden@6u6.de>
Subject: Not read: Wish you looked like Appolo in bed?
Date: Tue, 23 Sep 2008 14:38:36 -0400
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AckdUEpsnDnHy4JhTqeWE277IkAZLQAWz4xb
X-MS-TNEF-Correlator: 00000000AC3554C63EEC2D48B2FAFC501DA4F567C4B02F00
Message-ID: <48d937ac.0516300a.5d16.5b55@mx.google.com>

eJ8+IicSAQaQCAAEAAAAAAABAAEAAQeQBgAIAAAA5AQAAAAAAADoAAEIgAcAFwAAAFJFUE9SVC5J
UE0uTm90ZS5JUE5OUk4AtwYBCoABACEAAAA0OEZGNUUyRjI4REIzNjQwQTA0MUNDQzM1QTVEN0E0
MQBFBwEDkAYAYAIAABgAAAALACkAAAAAAEAAMgAwCJyIqx3JAR4ASQABAAAAJAAAAFdpc2ggeW91
IGxvb2tlZCBsaWtlIEFwcG9sbyBpbiBiZWQ/AAIBTAABAAAATAAAAAAAAACBKx+kvqMQGZ1uAN0B
D1QCAAABgGsAeQBsAGUAAABTAE0AVABQAAAAcwBvAHMAdQB1AGQAZQBuAEAANgB1ADYALgBkAGUA
AAAeAE0AAQAAAAUAAABreWxlAAAAAEAATgCAokBGUB3JAUAAVQAAwGxKUB3JAR4AcAABAAAAJAAA
AFdpc2ggeW91IGxvb2tlZCBsaWtlIEFwcG9sbyBpbiBiZWQ/AAIBcQABAAAAGwAAAAHJHVBKbJw5
x8uCYU6nlhNu+yJAGS0AFs+MWwAeAHIAAQAAAAEAAAAAAAAAHgBzAAEAAAABAAAAAAAAAB4AdAAB
AAAAGQAAAGdyZWcubWlsaXRlbGxvQGdtYWlsLmNvbQAAAAALAAgMAAAAAAsAAQ4BAAAAAwAUDgEA
AAAeAAEQAQAAABkAAABNZXNzYWdlIHdhcyBub3QgcmVhZCBieToAAAAACwAfDgEAAAACAfgPAQAA
ABAAAACsNVTGPuwtSLL6/FAdpPVnAgH6DwEAAAAQAAAArDVUxj7sLUiy+vxQHaT1ZwMA/g8FAAAA
AwANNP0/pQYDAA80/T+lBgIBFDQBAAAAEAAAAE5JVEH5v7gBAKoAN9luAAACAX8AAQAAADEAAAAw
MDAwMDAwMEFDMzU1NEM2M0VFQzJENDhCMkZBRkM1MDFEQTRGNTY3QzRCMDJGMDAAAAAAGYA=

I would be willing to place money that I have a trojan or some sort of virus on my computer, I cannot seem to find anything out of the ordinary on it. of course antivir cannot find anything on my computer so I ask for your help.

here is a copy of my HijackThis! log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:11 PM, on 9/23/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Dropbox\Dropbox.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\ThinkPad\Utilities\EZEJMNAP.EXE
C:\Program Files\ThinkPad\Tablet Shortcut\TSMResident.exe
C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\ThinkVantage\PrdCtr\LPMLCHK.EXE
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\PWMUIAux.exe
C:\Program Files (x86)\Lenovo\Client Security Solution\password_manager.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avcenter.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Password Manager Browser Helper Object - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~2\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [IBMTBCTL] "C:\Program Files\ThinkPad\Tablet Shortcut\IBMTBCTL.EXE" /r
O4 - HKLM\..\Run: [TSMResident] "C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE" /r
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files (x86)\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~2\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] "C:\Program Files (x86)\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [LPMailChecker] C:\PROGRA~2\THINKV~1\PrdCtr\LPMLCHK.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Program Files (x86)\Dropbox\Dropbox.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: Avira AntiVir Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: Avira AntiVir Premium WebGuard (antivirwebservice) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: ASR Service (ASRSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
O23 - Service: Avira AntiVir Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Unknown owner - C:\Windows\system32\IPSSVC.EXE (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Power Manager DBC Service - Lenovo - C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe (file missing)
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files (x86)\lenovo\system update\suservice.exe
O23 - Service: TABLET Service (TabletSVC) - Lenovo Group Limited - C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: tp4serv - Lenovo Group Limited - C:\Program Files\Lenovo\TrackPoint\TP4SERVINST.EXE
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: On Screen Display (TPHKSVC) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - Lenovo - C:\Program Files (x86)\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files (x86)\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TVT Windows Update Monitor (TVT_UpdateMonitor) - Lenovo Group Limited - C:\Program Files (x86)\Lenovo\Rescue and Recovery\UpdateMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 11771 bytes

Thanks you everyone who takes the time to read this and helps me!

 

[law9933]

Have you ran your AV in Safe Mode? Also free Malwarebytes is a great program.

 

[MadAmos]

Many of the malware removal experts have been recommending superantispyware the free version it doesn't do real time scans but if you manually update it first it seems to be quite good. I recommend running any thing you use in the safe mode as most infections are less able to protect themselves that way.

 

[SagaLore]

Originally posted by: skriptal
I would be willing to place money that I have a trojan or some sort of virus on my computer, I cannot seem to find anything out of the ordinary on it. of course antivir cannot find anything on my computer so I ask for your help.

I'll take that bet.

Your email address is most likely in somebody else's address book on a machine that is infected. You got the bounce back because the address was spoofed. I think installing Outlook was just coincidence.

Completely close your email. Open a CMD prompt, enter "netstat", wait, repeat a few times. Do you see any outbound connections to SMTP or port 25?

 

[MadAmos]

I'll take that bet.

Your email address is most likely in somebody else's address book on a machine that is infected. You got the bounce back because the address was spoofed. I think installing Outlook was just coincidence.

Completely close your email. Open a CMD prompt, enter "netstat", wait, repeat a few times. Do you see any outbound connections to SMTP or port 25?

Good point

 

[Crusty]

Originally posted by: SagaLore

Originally posted by: skriptal
I would be willing to place money that I have a trojan or some sort of virus on my computer, I cannot seem to find anything out of the ordinary on it. of course antivir cannot find anything on my computer so I ask for your help.

I'll take that bet.

Your email address is most likely in somebody else's address book on a machine that is infected. You got the bounce back because the address was spoofed. I think installing Outlook was just coincidence.

Completely close your email. Open a CMD prompt, enter "netstat", wait, repeat a few times. Do you see any outbound connections to SMTP or port 25?

I would think so too, it's very common for mail servers to bounce rejection notices because of spam to the spoofed address but after looking at the headers I'm a bit confused.

Return-Path: <greg.****@gmail.com>
Received: from GregPC ([147.4.223.92])
by mx.google.com with ESMTPS id 5sm599912nfv.15.2008.09.23.11.38.35
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 23 Sep 2008 11:38:36 -0700 (PDT)
From: "Greg ****" <greg.****@gmail.com>

Those headers indicate that the original email came from 147.4.223.92 directly to mx.google.com. What's interesting is the name associated with 147.4.223.92(GregPC), I wonder if that's a coincidence and that IP is not the OP's and those headers are spoofed too.

 

[SagaLore]

Originally posted by: Crusty
Those headers indicate that the original email came from 147.4.223.92 directly to mx.google.com. What's interesting is the name associated with 147.4.223.92(GregPC), I wonder if that's a coincidence and that IP is not the OP's and those headers are spoofed too.

Ah I skimmed too fast. Now that I'm actually taking the time to read the header, I know what happened:

Return-Path: <greg****@gmail.com>
Received: from GregPC ([147.4.223.92])
by mx.google.com with ESMTPS id 5sm599912nfv.15.2008.09.23.11.38.35
(version=TLSv1/SSLv3 cipher=RC4-MD5);
Tue, 23 Sep 2008 11:38:36 -0700 (PDT)
From: "Greg ****" <greg.****@gmail.com>
To: <sosuuden@6u6.de>
Subject: Not read: Wish you looked like Appolo in bed?
Date: Tue, 23 Sep 2008 14:38:36 -0400
MIME-Version: 1.0
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: AckdUEpsnDnHy4JhTqeWE277IkAZLQAWz4xb
X-MS-TNEF-Correlator: 00000000AC3554C63EEC2D48B2FAFC501DA4F567C4B02F00
Message-ID: <48d937ac.0516300a.5d16.5b55@mx.google.com>

The culprit is in bold. You did send the email, but it was just a (not-)read receipt, which bounced back because the original sender of the junkmail used a non-existent address (sosuuden@6u6.de).

False alarm. :laugh:

Might want to go through your Outlook options and disable that stuff.

 

[bsobel]

Many spam programs send out false read notifications as they get thru some spam filters. Unless you can find the incoming spam which triggered this, it doesnt close the case.

 

[SagaLore]

Originally posted by: bsobel
Many spam programs send out false read notifications as they get thru some spam filters. Unless you can find the incoming spam which triggered this, it doesnt close the case.

The email doesn't contain any spam though - just the bounce back. Seems kind of fruitless, and he's only gotten 1. If he really had a trojan, wouldn't he have gotten dozens if not hundreds of these by now?

 

[bsobel]

I didnt decode the base64, so if its actually a bounce msg your probably right.

As for quantity, we've seen bot networks where each machine might only send a few msgs a week (since the network had >50k nodes)....

Bill

 

[SagaLore]

OP, did you actually see this message in your Sent Items?

 

[RebateMonger]

There's no mail server at mx.google.com. A Telnet request to mx.google.com on TCP Port 25 yields no response. DNS can't even resolve that name.

 

[SagaLore]

Originally posted by: RebateMonger
There's no mail server at mx.google.com. A Telnet request to mx.google.com on TCP Port 25 yields no response. DNS can't even resolve that name.

Yea you're right...

C:\Documents and Settings\Rick>nslookup -type=mx google.com
Server: alteonvip.perimeterusa.com
Address: 10.25.1.10

Non-authoritative answer:
google.com MX preference = 10, mail exchanger = smtp1.google.com
google.com MX preference = 10, mail exchanger = smtp2.google.com
google.com MX preference = 10, mail exchanger = smtp3.google.com
google.com MX preference = 10, mail exchanger = smtp4.google.com

google.com nameserver = ns2.google.com
google.com nameserver = ns3.google.com
google.com nameserver = ns4.google.com
google.com nameserver = ns1.google.com
ns1.google.com internet address = 216.239.32.10
ns2.google.com internet address = 216.239.34.10
ns3.google.com internet address = 216.239.36.10
ns4.google.com internet address = 216.239.38.10

But when I search for mx.google.com, it does appear to exist in some fashion. Telnet to smtp.gmail.com 80 instead and you get:

220 mx.google.com ESMTP d34sm4748738and.3
ehlo
250-mx.google.com at your service, [216.54.167.250]
250-SIZE 35651584
250-8BITMIME
250-STARTTLS
250 ENHANCEDSTATUSCODES

Looks like an internal hostname.