My notebook transfered itselfs in some kind of SPAM machine.

No idea how it happend, buy my notebook seems to send thousands of

emails from the background every minute, which results my ADSL line to

block, and a router restart is required.

I am not using any email programs on this PC, it's exclusive used for

browsing and design work.

I did several Trojan Scans, Malware, Antivirus, Adware, etc etc, but no

results.

I discoverd the problem with some simple packet sniffer, which send all the

time background packages, each time with a new local port.

I wanted to check which application is using this PORT, with "Active Ports"

from <!-- SNIP -->, but this let's me know,
PROCESS = UNKNOW
PID = 0

Each packet sniffer used port 53 as remote port and used each time a new

local port. As example

Local Port 1436 > Remote Port 53
Local Port 1438 > Remote Port 53
Local Port 1440 > Remote Port 53
Local Port 1442 > Remote Port 53
Local Port 1444 > Remote Port 53
Local Port 1446 > Remote Port 53

The same happends with 25
Local Port 1302 > Remote Port 25
Local Port 1304 > Remote Port 25
Local Port 1306 > Remote Port 25
Local Port 1308 > Remote Port 25
Local Port 1310 > Remote Port 25

Each time it attemps to connect to some new IP

I tried to block the remote port 25 and port 53, which has no success.
I tried to close all services running, no success.

Ok, i do realize reinstalling my xp would be faster, but, hey, i want to find out

what is the problem.

Some example of some port 53 package
----
00000000 8E 83 01 00 00 01 00 00 00 00 00 00 03 68 73 62 ........ .....hsb
00000010 03 63 6F 6D 00 00 0F 00 01 .com.... .

00000000 8E 83 81 80 00 01 00 03 00 00 00 04 03 68 73 62 ........ .....hsb
00000010 03 63 6F 6D 00 00 0F 00 01 C0 0C 00 0F 00 01 00 .com.... ........
00000020 00 1F D5 00 0A 00 14 05 6D 61 69 6C 32 C0 0C C0 ........ mail2...
00000030 0C 00 0F 00 01 00 00 1F D5 00 0A 00 1E 05 6D 61 ........ ......ma
00000040 69 6C 33 C0 0C C0 0C 00 0F 00 01 00 00 1F D5 00 il3..... ........
00000050 09 00 0A 04 6D 61 69 6C C0 0C C0 27 00 01 00 01 ....mail ...'....
00000060 00 00 1F D5 00 04 C0 4D 8B 02 C0 3D 00 01 00 01 .......M ...=....
00000070 00 00 49 83 00 04 C0 4D 8B 08 C0 53 00 01 00 01 ..I....M ...S....
00000080 00 00 53 4B 00 04 C0 4D 8B 02 C0 53 00 01 00 01 ..SK...M ...S....
00000090 00 00 53 4B 00 04 C0 4D 8B 08 ..SK...M ..


Some example of some port 25 Package
----
<! -- SNIP -->
Subject: cytologist
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----------CA6F92D8DC4368"

------------CA6F92D8DC4368
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: quoted-printable

Hello,=09
=20
Increaase Sexual EEnergy and Pleasuure!
<!-- SNIP -->



=09And owen, watching, took her pallor for the ashy of gold
thread on stiff ultramarine tissue, which carry us three
men and our when the raft was finished most of them carrying
hand bags. During rehearsals want yes, said ellie, i know
what you mean. But about arthur because he thought hetty
would be whiskers, dark eyes, husky voice, tooth missing
preposterous for words. They had quite an excited gordon.
they think he stabbed his cousin. My sakes! With a bump.
then again, the mischievous ants one jump in her nightgown,
just before going to want me, he said, and he offered no
humorous remarks, a living brain. You will be annihilated
in the ob serve the round hole through the chainmail said
emily. Don't be indelicate. And anyway, she.
ishbnhiieaaaakbmfi.
------------CA6F92D8DC4368
Content-Type: text/html; chars. #Host Name Server
nicname 43/tcp whois
domain 53/tcp #Domain Name Server
domain 53/udp #Domain Name Server
bootps 67/udp dhcps #Bootstrap Protocol Server
bootpc 68/udp dhcpc #Bootstrap Protocol Client
tftp 69/udp #Trivial File Transfer
gopher 70/tcp
finger 79/tcp
http 80/tcp www www-http #World Wide Web
kerberos 88/tcp g></p><st=
rong> </strong>
<p>And owen, watching, took her pallor for the ashy of gold<br> thread

on=
stiff ultramarine tissue, which carry us three<br> men and our when the =
raft was finished most of them carrying<br> hand bags. During rehearsals =
want yes, said ellie, i know<br> what you mean. But about arthur because

=
he thought hetty<br> would be whiskers, dark eyes, husky voice, tooth

mis=
sing<br> preposterous for words. They had quite an excited gordon.<br>

=
they think he stabbed his cousin. My sakes! With a bump.<br> then again, =
the mischievous ants one jump in her nightgown,<br> just before going to =
want me, he said, and he offered no<br> humorous remarks, a living brain.=
You will be annihilated<br> in the ob serve the round hole through the c=
hainmail said<br> emily. Don't be indelicate. And anyway, she.<br>
ishbnhiieaaaakbmfi.</p>
</body></html>

<!-- SNIP -->



========================
Finaly some HIJACK OUTPUT
========================


Edit by chaslang: Inline HJT log removed. READ & RUN ME sticky not followed.

Edit by matt: Removed dodgy blogspot link and personal info from mail headers.



Hopefully you guys know what happened.