How can I tell if this is a SpamBot and if so, stop it?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

This is long, but I want to give as much info and what I've done to try and
tackle this myself as possible.  I really  need some help at this point, so
I hope someone out there has the time and can provide some much needed and
much appreciated assistance/advice, etc.

I work at a pretty low-tech place with 8 PC's, all running XP, using
comcast's cable internet service, with file sharing set

up so all users can access a shared folder on one of the PC's.  No user or
group policies are set up.  All PC's use

TrendMicro's pay service, we havy a Linksys router, and I periodically run
Spybot and a few other favorite virus/trojan/bad

stuff finders on all the PCS' (but TrenMicro is the only thing running
24/7).  There's also one NetGear wireless access

point for an in-office laptop (it requires a web key to log into the

We use a webmail software located on our dedicated server at a hosting
company (where our website is) to do email; the

web server at the hosting company is also the email server.  Currently it's
using SmarterMail (which is apprently a pretty

popular partnered email software with hosting companies).  So users use a
web browser to log into their email, which is housed on the dedicated

We've had some emails sent to yahoo email addreses come back with a
rejection notice due to yahoo user complaints about

spam (not the users the email was sent to, just users in general,
apparnetly), and we've also had undeliverable mail come back looking as if
we sent it but we know we didn't (there's spammy stuff in it).  Also,
Comcast recently disallowed all outgoing traffic from our public IP (the
router) that was looking for port 25, because they said they saw a lot of
spammy-looking traffic leaving our router as well.

Since it seemed like we had a real issue going on, I followed all the
directions SmarterMail has to make sure SMTP requires

authentication, etc., all the steps to minimize possible hijacking and
whatever.  I used a few of these online websites where you put in the IP
address of the mail server and it sees if it looks like an open relay, and
they all reported negative.  I had everyone change their passwords to
relatively strong ones for logging in t our mail server.

The problem seemed to remain.

Then I turned on the outgoing log on the Linksys router.  About every ten
seconds I see a couple outgoing packets going to

the same IP but with a different last number, then after about ten of those
it goes to another series of IP's with differnet

last number.

For instance, I'd see outgoing to:

then there are bunch that are ("myserver" used instead of my actual web

Some of these come from my own box's internal local IP, some come from the
other internal local IP's.

So, unless these are legitimate (like Windows update doing checks, trend
micro doing checks, etc.), it appears I actually DO have something sending
out IP traffic from inside.  I looked up some of these IP's, and the most
numerous batch of outging IP's (starting with 64.86.95) show up as belonging

Teleglobe Inc. TELEGLOBE (NET-64-86-0-0-1)
Akamai Technologies AKAMAI-TGB (NET-64-86-95-0-1)

I found one (and one only) reference to this IP and this company on the web,
where someone else was wondering about it, and it seemed like the assumption
was it was a place doing stuff for Microsoft's Windows update.

But when I turn off update, I still these outgoing traffic items in the
Linksys log.

I feel as if I've done everyhting I can and/or know how to do, so can anyone
out there tell me a good solid way to see if I have some kind of SpamBot on
our side of the router, or if someone has hacked our email server
externally?  The problem's getting worse, it seems, and I don't know what I
can do when none of the popular security softwares find anything, but
comcast and yahoo and our inbox full of undeliverablre messages looking like
they were sent by us are pointing to us having a serious issue.

Please help, we rely on our ability to send emails to subscribers, and
they're getting rejected due to "user complaints", and we can't afford to be
blacklisted (and yes, we only send to subscribers, we follow all te opt-in
and opt-out stuff, and are very consciensious about keeping our mailing list

Please help!

Your time and assitance would be GREATLY appreciated.  And thanks for

Site Timeline