bootkit or rootkit and/or software issue?

I've been recommended by Tim to try here for at least one of my problems. I recently had a long list of malware downloaded to my computer trying to watch a free streaming site. Yeah I know, stupid, especially since I knew better. I know MSE detected at least 20-25 different files infected and I've been endlessly formatting and reloading with a continuous set of random problems. I sorted out one I thought was from the infection which was missing Server in my Admin Tools, but that was because I stopped installing Printer and File Sharing when installing Windows. I don't need it after all. The rest is really complicated. I've been using the Malware Removal Procedures here for the past few weeks now and every time I get something new, get reinfected, rootkit activity reappears out of nowhere and Windows Recovery Console can't seem to fix my MBR even though bootkit detection and mbr checking tools found nothing. MRC tells me no matter how many times I use it that my MBR is an invalid or non-standard one, and I have tried to fix it at least 10 times now. I'm certain now after doing much research that I have a hardware infection now, but I gotta cover everything. Thanks in advance.

 

Have you tried reinstalling windows with a fresh format direct from the Windows DVD?

 

Several times from 2 official disks. I reset my BIOS today and so far, quite a bit better. Everything managed to install from Commodo and MSE and IE8 from Windows Update. This has not happened since I got infected. I'm too afraid to run Combofix again since everything has gone so well since the reset. I'll still to SUPERantispyware and Malwarebytes installations and do scans that way and then leave them on assuming everything is ok. It's bad to assume especially at this point but this computer is frustrating me.

I'm a tad confused as to why I suddenly need Telephony service to access the internet and can't seem to stop it, wheras I am pretty sure I used to and everything functioned quite well, that has been an issue lately, but that could be just new since SP3 which I never used till I got this computer.

 

Just formatting the HD does not always wipe the partition table or the MBR. You have to actually delete the partition first, then re-format it. To be completely safe in regards to MBR infections, you may consider using a bootable HD wiping tool like DBAN or Active KillDisk to be 100% sure that the drive is completely clean. If you have continued infections immediately after a clean Windows install, maybe the media you're using to install drivers from is infected: like if you have your drivers on a flash drive, it could be infected with an 'autorun' virus (for example).

 

All I have installed was Windows when I had this. I've used the manufacturers' utility disk to wipe but I can try the 2 recommended. Combofix sees rootkits again...I'm starting to think Dell computers contain these by default now. Here's something I found that seems to confirm my suspicions...:
hxxp://www.tomshardware.com/news/spyware-trojans-spybot-worm-virus,10921.html

 

Hmm there's no way to find this out, this is a second hand "refurbished" business computer. I didn't find Mobo info so easily but it seems it isn't one of those listed. I did however find a hidden partition with Killdisk (which I really had to work hard to get running because it would not boot on it's own and I couldn't get Dban to work at all) and wiped it, fdisk didn't find it when I used my old 95/98 bootdisk, deleted both partitions, created new one with Windows and it is still hidden. So I've made a decision, no more internet with Windows and made Mandriva partition to surf with, it's the best I can do under these pre-fab, headache inducing circumstances. I'd still like to try using a partition manager since they aren't seen with either OS but I'm starting to believe this will be impossible anyway and that the partition is undeletable since when I boot, it's still one of the options despite my wiping it. You can't boot to it, but it's still ever present.

 

This whole scenario is a bit odd . . . could it possibly be a "recovery" partition put on the HD at the factory, and perhaps it's protected somehow? I have seen where some bRootkit apps occasionally detect a recovery partition as having an infected MBR because they have a custom-written MBR by the factory. Since it's a custom (meaning: non-standard) MBR, it can be recognized as possibly infected. However, if ALL partitions have been wiped COMPLETELY (including MBRs and partition tables) then there is no way that anything malicious (or benign FTM) can remain.

As to not getting DBAN to work . . . the download is a ZIP file, when extracted it reveals a couple of folders and several files and a couple web links. The only file of importance here is the .ISO file. It MUST be burned "as an image" using your favorite burning software or use the free ImgBurn and select the "Write image file to disc" and browse to the unzipped DBAN .ISO file. Burn it, boot to it. If it STILL doesn't work, than I don't have an answer. :confused

 

I know, it's ridiculous! It was originally one (I blieve any way) and I cleared it and thought I deleted it, but it still shows that I have a good amount of HDD space missing exactly the same as I did before attempting to delete partition. Dell apparently have a type of custom written MBR but it's still there after all attempts at wping contents and deleting it. I wish I could do a low level format on this thing to be sure since I read it is possible for some infections to remain after wiping since wiping doesn't actually go deep enough (?)

Crap, no wonder it didn't work. I had the iso I know that much at least. I tried to copy it to my flash drive and it didn't work that way, would that have been the same idea? Does Dban do lowlevel wiping or is it just better?