Spent whole week but can not find spammer, please advise?

I have found this many time with wordpress accounts.
The hacker installs their own mail script, so even turning php_mail off does not work.
I usually go through and look at the files on the wordpress site and find them, but they are usually tons of them and well hidden
Also, list your site with AOL feedback, you get send copies of the email, they strip outr some useful info, but you can usually see what client is effected!

I am going to agree on the wordpress. I have seen it where a pirated theme can just start shooting out spam.

But there is an easy way to find the hacked pages files. The hackers simply put their code into a MD5 and then decode it when used, or use another basic php encoding. You have to find both the encoding and decoding script. remove them and it should just work.

There's also a lot of base64 scripting going on. However, several sites which provide free themes decided to encrypte in base64 too nowadays. I already warned my customers not to use those themes base64 encrypted files (even partly) will get deleted automatically from Wordpress themes and addons.

you got to love wordpress