Last week, I started having problems with my DSL connection. It would slow down to a crawl at times and then work normally at other times. After looking at my netstats, I found the reason why: unbeknownst to me, my computer was connecting out to about 20 different SMTP servers. The executable responsible for all those connections was services.exe. After I blocked services.exe in ZoneAlarm, my internet connection went back to normal. However, I would like to get rid of the trojan that's doing it. Norton Anti-Virus, AdAware, Spybot S&D, HJT, and a slew of other scanners have all come up empty. My HJT log is below. Has anyone come across this problem before and know how to get rid of it?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:43:18 PM, on 2/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\ZoneLabs\vsmon.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\NavNT\defwatch.exe
F:\Program Files\NavNT\rtvscan.exe
F:\WINDOWS\Mixer.exe
F:\Program Files\NavNT\vptray.exe
F:\Program Files\ZoneAlarm\zlclient.exe
F:\WINDOWS\system32\ctfmon.exe
F:\WINDOWS\System32\nvsvc32.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\Tablet.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Winamp\winamp.exe
F:\Program Files\Trillian\trillian.exe
F:\Program Files\Mozilla Firefox\firefox.exe
F:\Documents and Settings\Mike\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about
:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [vptray] F:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "F:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://qtinstall.info.apple.com/qtactivex/QTPlugin.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
https://mymail.humana.com/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsu...?1119307629921
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsof...?1137273947234
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zonelabs.com/bin/pro...anner37610.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) -
http://ax.emsisoft.com/asquared.cab
O23 - Service: DefWatch - Symantec Corporation - F:\Program Files\NavNT\defwatch.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - F:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TabletService - Wacom Technology, Corp. - F:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - F:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 4288 bytes
Thanks in advance.
Unsolved 
