hard drive as well as the mainboard effects the same result, I would look for a network source for the intruder. Try your install with the new components off network , adding AV/antispyware software before attempting Internet travel.
My standalone XP system has been hacked. The configuration has affected the entire system and the malicious files affect the BIOS and Boot process as well as the Windows XP Professional OS. Here is what I know:
1. All system resources are being redirected, some utilizing network paths.
2. False or non-physical drive letters exist. Even if I remove floppy drive, and disable onboard controller and floppy in BIOS, if I boot to prompt, there is still both an "A" and "B" drive reference as well as others such as "X" and "Z".
3. Although it is standalone machine, another machine or device is connecting, and has Administrator, privledged access.
4. It seems USMT or system migration tool was used to transfer or dulicate my settings. There is a CMD.exe command of "pushd" and "popd" which is present that copies entire directory tree and creates a new drive letter for it at the END of the stack.
5. Settings that I change either through user interface or even in registry are being over-ridden by someone with command line execution using switches and modified commands that appear proprietary or at least non-stock.
5. Even if I re-format and try complete fresh install, after only a minute or two, the offending party or device sets up it's own partition in free space at the END of the drive and it is booting from there apparently.
6. There are file references to Novel Netware, NTLanman, NTworkstation and a reference to an 8 digit "internal network number" which is hexadecimal.
7. User interface for "services" does not show all services. From CMD i can execute "ListServc" command and additional services are enabled as "Boot" or "Automatic":
Some of the services cannot be disabled through user interface including "Windows Audio" and "Windows Time".
There is a file called "redbook" that seems to be filled with re-direct routing info.
I have loads of files and logs that show what is happening, but I cannot wrestle control of the system back. A new hard drive instantly gets re-affected as does new mother boards. When I try to reinstall from CD, the system actually boots from a psuedo/virtual "A" drive and does a network install.
The MSIEXEC Windows Installer appears to be modified and when I try to install software suh as firewall or Antivirus, it gives me false or inaccurate error messages as to why it can't be installed.
A lot of the corrupt files appear in all caps type style.
One file references a "Hydra-OCC" TSOC terminal services install and some remote stuff as well as permissions and file access list config changes.
My residence was actually broken into and that day my computer booted funny and used a different display driver and gave "Updating system configuration" message, so I am pretty certain what happened was not limited to remote access and does indeed involve a hardware addition or change although nothing seems visually modified or added.
System now finds and configures "USB Mass storage devices" on boot or OS install.
Have to go but much more detail or files available if needed. Please help.