Over the last couple of days I've received a couple of virus ridden emails, which Norton AV dealt with. Those I couldn't quarantine got deleted.
Because this generally doesn't happen, I took notice of the addresses etc. I emailed those who had sent me the emails, and told them they need to run a scan.
I also noted the recipient (me) but I also noted that my computer's DOMAIN name had changed - I sure as hell didn't give it the name it was using (Crackpot) and no-one else who has direct access to the computer would even know how to do it.
I performed an on-line security scan via Symantec and Sygate, and both found ports to be open. I have Norton Firewall and AV running all the time, but somehow these have been penetrated.
I can find no evidence of virus activity, and have used Spybot to remove the odd file here and there - cookies mostly.
Anyone come across this before?

I am about to do a comprehensive backup (I usually backup anyway, but this one will give me a bit of added assurance) and uninstall Norton firewall and systemworks before reinstalling them.

Is this likely to be enough? I don't mind killing the whole damn system if that's what is required.
Windows XP home (what else - a sieve) Athlon 1100.
Cable internet connection.

Are you saying that you computer's name in the network configuration was changed to Crackpot, or that this domain "Crackpot" is shown in email headers?

My computer's name stayed the same, but the domain it is in (the configuration settings) changed names to crackpot. I first noticed it by looking at the email address note when norton intercepted the viruses.

It sounds like you got hijacked by a trojan and it is probably still running. AV scanners and Spybot won't pick up on all of them. I would look for the trojan hunters on mjc's security thread or run Hijack This and use it to remove anything that might be a problem there. A total wipe would do it, but there may be a simpler way.

Also, Trojans usually get in with something you download, so you may want to take a close look at any recent downloads. mjc will probably be here soon with better info than I can give you....

Use HijackThis and post the log...

Then a scan with anti-trojan would probably be a good idea...NAV may be a good AV scanner, but it does not target all that many trojans (although some of the AV programs are adding more trojans to their databases)

Ok.
I renamed the domain (just to feel a bit safer)
I've been getting other problems - copying files to cd isn't possible at the minute. I copied half a dozen discs, then the system went screwy - the first part of the copy procedure wouldn't work (copying the files ready to be burned) this is using XPs own burning system.

I noticed a couple of other faults popping up - when I run internet explorer and go to some pages, there is a fault and it asks me if I want to debug! but these are all probably an aside. I've run SWAT IT anti-Trojan, which didn't pick up anything.
Here is the log from HijackThis!
Logfile of HijackThis v1.92.1
Scan saved at 09:33:21, on 14/03/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://uk.altavista.com/
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DelPnPDirver] C:\Program Files\panasonic\panasonic KX-P7100\DelPnPD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37658.2567592593
O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4247/mcfscan.cab

Can you add the startup list log (in HJT it is under the Config button => Misc Tools)?

The only item I see that may be a problem is the ctfmon one...

What Is the Ctfmon.exe (Ctfmon.exe) File?
Ctfmon.exe activates the Alternative User Input Text Input Processor (TIP) and the Microsoft Office Language Bar.
What Does the Ctfmon.exe File Do?
Ctfmon.exe monitors the active windows and provides text input service support for speech recognition, handwriting recognition, keyboard, translation, and other alternative user input technologies.

http://support.microsoft.com/?kbid=282599

Here's the startup log:

StartupList report, 15/03/2003, 09:38:49
StartupList version: 1.52
Started from : C:\Documents and Settings\****.******\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\devldr32.exe
C:\Documents and Settings\****.******\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

DelPnPDirver = C:\Program Files\panasonic\panasonic KX-P7100\DelPnPD.exe
NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
REGSHAVE = C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job
LiveUpdate - Norton AntiVirus.job

--------------------------------------------------

Enumerating Download Program Files:

[symsupportutil]
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSD34.OSD

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37658.2567592593

[IntraLaunch.MainControl]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\INTRALAUNCH.OCX
CODEBASE = file://D:\SuperCD\IntraLaunch.CAB

[Symantec RuFSI Registry Information Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/SSC/SharedContent/common/bin/cabsa.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Microsoft Office Tools on the Web Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\OUTC.DLL
CODEBASE = http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab

[ActiveDataObj Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\ActiveData.dll
CODEBASE = https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab

[McFreeScan Class]
InProcServer32 = C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll
CODEBASE = http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/1,4,0,4247/mcfscan.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\System32\upnpui.dll

--------------------------------------------------

Note that this was taken after deleting norton antivirus/firewall (some stuff still needs to be deleted.
I also removed a couple of windows updates, and the system seems to be a bit smoother.
I recall a couple of weeks back that a windows auto-update fell on it's backside, and this is when the problems with internet explorer started.

Do you have a Soundblaster?

If not then you may have the Deloder worm. Right click on this file, devldr32.exe, and check its properties.

I do have a soundblaster, but I did a search on the file anyway.
WIndows came up with the file associated with the creative soundblaster, and a couple which appear to be associated with the driver,but also came up with:
DEVLDR32.EXE-2CF621DF.pf which was created on 8 feb 2003, and is 20,710 bytes. Windows says it opens with an unknown application. It is in the windows prefetch folder.

All the other references to the soundblaster file were created in 2001.

Just noticed that the above file was modified today, which seems a bit odd.
I opened the file in Notepad. Most of it is gobbledeygook - squares etc, but there is some text. it largely consists of rdiskvolume1\windows\system32\ntdll.dll and similar things. there are lots of DLLs listed in there including secure32.dll amongst other things.

Zip it up and PM me.

Also try running the trial version of Trojan Hunter (the link is in my sig).

Thanks for the offer MJC - things have become a little more complex!
As you can see by the date of this post, I've been off air a while - more problems.

THe domain renaming/port opening problem wasn't really solved, as other problems overtook it.
I had problems writing to cds whilst backing up, but this was apparently due to a couple of files, which windows tried to open whilst i copied them. I ran several anti trojans, including the one in your link, but nothing showed.

I removed most of the stuff from my hdd after backing up, and tried to run defrag, but problems occurred - as the system was on fat32, I thought I may as well reformat under NTFS. I did this, and the system refused to boot with the HDD as the first device, but would boot ok if the FDD or CD were the first device (whether there was anything in the fdd or cd or not) As there were problems with the hdd, I thought it could possibly be in trouble, so that 80GB hdd that I had been putting off buying for a while became a part of the system - I now have a 80GB caviar disk as the primary, and the 40GB as slave.
I thought this had solved things, but the system still sulked whilst trying to boot from ide. I thought maybe the bios was in trouble (my A+ tutor suggested this may be the case) so I went to reset the bios, only to find out there were no pins! so I removed the battery, waited 20 minutes and replaced it, and reset to safe defaults.

This didn't solve things. I noticed that my IDE 0 drive was on an IDE cable - when I built the system about 18 months ago, I didn't know the difference between IDE and EIDE cables. The guy in the local computer store had sold me the wrong cable! I removed all my PCI cards in order to get into the system more easily.
I purchased a new EIDE and fitted it - everything went fine, and the system would boot from IDE 0:)
THen I put my soundcard back in.
and the problem returned. I then suspected either the soundcard or the PCI bus/controller. I removed the soundcard and everything went back to normal. I installed a USB card, and the problem returned.
SO now the problem could only lay with the PCI system or the PnP bios.
I ran microscope over the system and it reported no problems with the systemboard/PCI, so now I'm left with the bios - I hope. I'm going to try reflashing the cmos, but I can't really see how that would solve things; if the PNP part of the cmos is a problem, then the defaults from the firmware bios should have sorted those things out.
I'll update you all when I can.