Help needed

[Zesty]

I think i've been infected by some malware which is sending spam through my Outlook 2007.
2 things have made me think this, firstly gmail has blocked my IP and whenever I send to a gmail account i get the following NDR:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

  XXXXX@gmail.com
    SMTP error from remote mail server after end of data:
    host gmail-smtp-in.l.google.com [209.85.229.27]:
    550-5.7.1 [My IP ADDRESS HERE 1] Our system has detected an unusual rate of
    550-5.7.1 unsolicited mail originating from your IP address. To protect our
    550-5.7.1 users from spam, mail sent from your IP address has been blocked.
    550-5.7.1 Please visit http://www.google.com/mail/help/bulk_mail.html to review
    550 5.7.1 our Bulk Email Senders Guidelines. f17si12285967wbe.17

Also periodically the Avast mail scanner goes crazy for a few seconds in the system tray, flickering on and off rapidly.
As this is happening loads of .tmp files are being created in my C:\Documents and Settings\username\Local Settings\Temp folder. They all begin ADA and then have a series of random numbers e.g. AdA306E.tmp. The size of these range from 1kb to 5Mb. At last count there were over 5000 of these files in this folder and totalled about 5Gb. Outlook has been running a lot slower since this started happening and I've though of but stopped short of re-installing it for now.

I've ran a boot time scan which found and quarantined a trojan or two, i've since ran a 2nd boot time which was completely clean, i also use spybot, ad-aware, bitdefender(online) and sophos rooktit detectors and they are all currently saying i'm clean, but the tmp files keep coming and the mail scanner still goes nuts.

I've ran a repair on Office and on all my pst files.
Not sure what to do next.



I hope that someone out there can help or suggest what to try next.
I've been told it's fairly easy to unblock yourself from gmail, but want the issue fixed before I do so.

Thanks
S

[Zesty]

.

[Zesty]

.

[Asyn]

Use free Mbam to check your system: http://www.malwarebytes.org/mbam.php
Good luck,
asyn

[Zesty]

.

[Asyn]

@zesty:
Please don't send your logs inline, attach them to your post. Thanks!
asyn

[Zesty]

Sorry, didn't know how.

Just spotted it.

[Asyn]

Sorry, didn't know how.
Just spotted it.

No problem..!
Please remove the inline logs from your prior posts for better readability..!
Thanks!
asyn

[polonus]

Hi

You could check at virustotal.com:
O4 - HKCU\..\Run: [MemoryOptimizer] memtuneup.exe
File Name: memtuneup.exe
File Type: EXE File
Also Known As: memtuneup
Associated Process: Memory Optimizer
Status: Possible AdWare

memtuneup.exe, and it's process, Memory Optimizer, have not been tested thoroughly enough yet to state definitely if they are harmful or not.

    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} (VodClient Control Class) - hxtp://www.vexcast.com/download/vexcast.cab
   Check if you know this site and fix it if you do not. Unknown ActiveX-Objects, or ActiveX-Objects from unknown sites should always be fixed. If the name of the ActiveX-Object or the URL contains the words 'dialer', 'casino', 'free plugin' etc, it should be fixed! Could be a trojan downloader:
http://www.threatexpert.com/report.aspx?md5=b6d60dda7e05cc437f68a62aaa7f219f

polonus

[Zesty]

Thanks for your input.
I'll try both of those and see how I go.

[Zesty]

Also meant to ask, does anyone know what the .tmp files in the C:\Documents and Settings\username\Local Settings\Temp folder are?
Can I just delete them?

[avast! 5 LOCO]

basically a temp file or .tmp is a file that were used but are no longer being run. Mostly exes that you run during Internet Explorer are mostly saved there. So i would advise that you could delete all files in the temp as it is safe to delete.

[13thSlayer]

Check your system for potential SMTP senders:
Hit WinKey+R, type "cmd", then...
"netstat -b" - see what programs use the network
"tskill someprogram" - to stop those which you don't want
example: "tskill virus" (NOT "tskill virus.exe")

[Zesty]

Still got this issue 

I ran malwarebytes (found 3 infections) and removed those two lines from the hijackthis log.

I've attached the netstat output.
The avast mailscanner was active which the netstat ran so it looks like the mailer was doing it's thing.

Unfortunately there doesn't seem to be an obvious program causing it apart from Outlook being open.

[Asyn]

I ran malwarebytes (found 3 infections) and removed those two lines from the hijackthis log.

Please tell us which infections Mbam did find...!
Did it remove them..??
asyn