Fabrix - I informed a WP plugins staff member about the malware problem. He checked the code file for inc-popup.php and did not find any code that could be a generic mailer/email spam problem. Link for code file:
http://plugins.svn.wordpress.org/total-security/trunk/modules/inc-popup.php
I submitted the code file to my web host's security partner. They informed me that they could not pull up any malware details from the past from the Dashboard, so they could not determine if the file contained malware. So, they cannot determine if their security scan made a mistake.
I deleted the Total Security plugin from my site to avoid suspension of my site. After the deletion in February, and again this month (May), my web host rescanned my site and did not find any more malware problems.
Now I realize I should have downloaded the file right after the malware was identified. My web host gave me 24 hours to document that I fixed the problem or they would suspend my site.
Case resolved.