Malware - Spam being sent from my email. IP blocked. HELP

May or may not be able to assist with this.

Yes please, attach them, and if any malware is present and showing, we can remove it.

 

Hi SweetKarma.

Re run Hitman Pro and have it remove all that it finds.

Do you have the log from Malware Bytes??

Fix items using RogueKiller.

Double-click RogueKiller.exe to run. (Vista/7/8 right-click and select Run as Administrator)
When it opens, press the Scan button
Now click the Registry tab and locate these detections:

• [PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-1766003464-3297112040-2205141517-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com-> Found
• [PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-1766003464-3297112040-2205141517-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://feed.helperbar.com-> Found

Place a checkmark next to each of these items, leave the others unchecked.
Now press the Delete button.

...and the same for these entries on the Tasks tab please...

• [Suspicious.Path] MySearchDial.job -- C:\Users\Tracy\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found
• [Suspicious.Path] \\MySearchDial -- C:\Users\Tracy\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE (/Check) -> Found

...Same for these on Web Browsers tab...

• [PUP][FIREFX:Addon] xjh23c2s.default : We-Care Reminder [wecarereminder@bryan] -> Found
• [PUM.HomePage][FIREFX:Config] xjh23c2s.default : user_pref("browser.startup.homepage", "http://feed.helperbar.com/?p=mKO_AwFzXIpYRa8ldwnKG51HJOT1XRoA82gVkoQAdOkQrprEHljji2GIt8fTAeqmM0uhWiC2cLksSSsADhn__WXMjLL8gdvtceKG5uyp-qWbugr-xf9HYh8EB85Mz2dcZJLEziYCsj8o3vfscjTRuYZUsSzpOBs-CjMge-u3TINLZ7uy8m3DWNBBG7yv-UDDU77VS85c"); -> Found

When it is finished, there will be a log on your desktop called: RKreport[2].txt
Attach RKreport[2].txt to your next message. (How to attach)
Reboot the machine.


MGTools did not run to completion.

Please click Start, Run, and enter cmd. cmd.exe will pop up, right click it and run as admin. This will open a command prompt window. Enter the below commands at the command prompt each followed by the enter key. The bold black are commands. The purple is merely informational.

• cd \MGtools <-- this changes to the MGtools folder and the prompt should change to C:\MGtools>
• nwktst<-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• GRK64 <-- this will try to run all one scan from MGtools. Tell me what error messages, if any, you see.
• SN64 <-- this will try to run all another scan from MGtools. Tell me what error messages, if any, you see.

Attach the MGlogs.zip


Re run RogueKiller and attach log.
Same for Hitman.

 

Are you purposely set up to use a proxy? Hitman is showing that now where it wasn't before. If NOT, then re run Hitman and have it fix it. Then rescan and attach new log.

 

Reimage Repair <<< Uninstall this junk.

Delete this if it remains:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair

Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

Make sure that you tell me if you receive a success message about adding the above
to the registry. If you do not get a success message, it definitely did not work.

The proxy no longer shows.

How are things running?

 

Excellent! You are most welcome.


If you are not having any other malware problems, it is time to do our final steps:

1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
   
6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
   
   
7. After doing the above, you should work thru the below link:
   • How to Protect yourself from malware!

 

What are you trying to attach? A log from Norton? If so is it showing past alerts or is is alerting to something new?

 

Thanks for your donation, much appreciated! Glad to hear all is well.

 

Then please begin a NEW thread in Malware Removal. Thanks.