One day my explorer.exe freezed, so I scanned with MBAM and I found there's I'm Worm.Parite infected. I Formatted all of my Hard Drives, Reinstalled my Windows (im using XP btw) and it's still here. I cant remove it. MBAM does not removes it. Here's a pic: Here are the Attach and DDS: Attach.txt . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 12/19/2012 12:43:46 PM System Uptime: 12/20/2012 3:04:59 PM (0 hours ago) . Motherboard: EPoX COMPUTER CO.,LTD | | i925XE DDR2: 5LWAJ Processor: Intel(R) Pentium(R) 4 CPU 3.06GHz | Socket 775 | 3583/155mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 15 GiB total, 14.168 GiB free. D: is FIXED (NTFS) - 46 GiB total, 42.803 GiB free. E: is FIXED (NTFS) - 41 GiB total, 16.742 GiB free. F: is FIXED (NTFS) - 51 GiB total, 44.976 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318} Description: Video Controller (VGA Compatible) Device ID: PCI\VEN_10DE&DEV_0393&SUBSYS_04121462&REV_A1\4&FD38F8A&0&0008 Manufacturer: Name: Video Controller (VGA Compatible) PNP Device ID: PCI\VEN_10DE&DEV_0393&SUBSYS_04121462&REV_A1\4&FD38F8A&0&0008 Service: . ==== System Restore Points =================== . RP1: 12/19/2012 12:46:32 PM - System Checkpoint RP2: 12/19/2012 12:50:27 PM - Installed Realtek High Definition Audio Driver RP3: 12/19/2012 1:13:38 PM - Installed Dr.Web anti-virus for Windows 7.0. RP4: 12/19/2012 1:23:56 PM - Installed Styler RP5: 12/19/2012 1:25:55 PM - asd RP6: 12/19/2012 6:39:16 PM - Installed DirectX . ==== Installed Programs ====================== . µTorrent Adobe Flash Player 11 Plugin Dr.Web anti-virus for Windows 7.0 ESL Wire 1.15.1 Malwarebytes Anti-Malware version 1.65.1.1000 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service Realtek High Definition Audio Driver Security Update for Windows XP (KB923789) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB980195) Styler TeamSpeak 3 Client Update for Microsoft Windows (KB971513) Update for Windows XP (KB2467659) Update for Windows XP (KB898461) WebFldrs XP Winamp . ==== Event Viewer Messages From Past Week ======== . 12/20/2012 3:05:35 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde 12/20/2012 3:05:31 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume4'. It has stopped monitoring the volume. 12/19/2012 5:43:47 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: An attempt was made to access a socket in a way forbidden by its access permissions. 12/19/2012 12:43:59 PM, error: Setup [60055] - Windows Setup encountered non-fatal errors during installation. Please check the setuperr.log found in your Windows directory for more information. 12/19/2012 1:42:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 12/19/2012 1:31:39 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751) . ==== End Of File =========================== DDS.txt DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 8.0.6001.18702 Run by CERBER at 15:14:05 on 2012-12-20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1343 [GMT 2:00] . FW: Dr.Web Firewall *Disabled* . ============== Running Processes ================ . F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\Program Files\EslWire\service\WireHelperSvc.exe F:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe F:\WINDOWS\System32\alg.exe F:\WINDOWS\system32\wscntfy.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe F:\Program Files\Mozilla Firefox\firefox.exe F:\Program Files\Mozilla Firefox\plugin-container.exe F:\Documents and Settings\CERBER\Desktop\antiparite-en.exe F:\WINDOWS\system32\wbem\wmiprvse.exe F:\WINDOWS\System32\svchost.exe -k netsvcs F:\WINDOWS\system32\svchost.exe -k NetworkService F:\WINDOWS\system32\svchost.exe -k LocalService F:\WINDOWS\system32\svchost.exe -k LocalService F:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . TB: StylerToolBar: {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - f:\program files\styler\tb\StylerTB.dll uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe uRun: [ESL Wire] "f:\program files\eslwire\wire.exe" --tray mRun: [exflashservice] "f:\program files\epox\efs\EZ_FLASH_SERVICE.exe" "5000" mRun: [SoundMan] SOUNDMAN.EXE mRun: [AlcWzrd] ALCWZRD.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [SpIDerAgent] "f:\program files\drweb\spideragent.exe" mRun: [Firewall] "f:\program files\drweb\frwl_notify.exe" StartupFolder: f:\docume~1\cerber\startm~1\programs\startup\styler.lnk - f:\documents and settings\cerber\application data\microsoft\installer\{e9ecf354-2422-4fdb-9abf-d8adac0ef941}\_585b207a.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-System: NoColorChoice = dword:0 uPolicies-System: NoSizeChoice = dword:0 uPolicies-System: NoVisualStyleChoice = dword:0 mPolicies-Explorer: NoSimpleStartMenu = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:145 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe TCP: NameServer = 192.168.1.1 TCP: Interfaces\{9F09D111-AF7E-48FA-A24B-8AF65E745279} : DHCPNameServer = 192.168.1.1 SSODL: WPDShServiceObj - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - f:\documents and settings\cerber\application data\mozilla\firefox\profiles\7kz8ntig.default\ FF - plugin: f:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll . ============= SERVICES / DRIVERS =============== . R0 DrWebLwf;Dr.Web Firewall Kernel-Mode Driver;f:\windows\system32\drivers\DrWebLwf.sys [2012-12-19 179416] R0 DwProt;DrWeb Protection;f:\windows\system32\drivers\dwprot.sys [2012-12-19 214360] R0 SpiderG3;DrWeb file system scanner;f:\windows\system32\drivers\spiderg3.sys [2012-12-19 167128] R2 DrWebAVService;Dr.Web Control Service;f:\program files\drweb\dwservice.exe --loglevel=inf --logfile="f:\documents and settings\all users\application data\doctor web\logs\dwservice.log" --> f:\program files\drweb\dwservice.exe --loglevel=inf --logfile=f:\documents and settings\all users\application data\doctor web\logs\dwservice.log [?] R2 DrWebEngine;Dr.Web Scanning Engine (DrWebEngine);f:\program files\common files\doctor web\scanning engine\dwengine.exe [2012-12-19 1919400] R2 DrWebFwSvc;Dr.Web Firewall Service;f:\program files\drweb\frwl_svc.exe [2012-12-19 1170432] R2 ESLWireAC;ESLWireAC;f:\windows\system32\drivers\ESLWireACD.sys [2012-12-19 867344] R2 EslWireHelper;ESL Wire Helper Service;f:\program files\eslwire\service\WireHelperSvc.exe [2012-12-19 615440] R2 MBAMScheduler;MBAMScheduler;f:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-12-20 399432] R2 MBAMService;MBAMService;f:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-12-20 676936] R3 MBAMProtector;MBAMProtector;f:\windows\system32\drivers\mbam.sys [2012-12-20 22856] S?4 MBAMSwissArmy;MBAMSwissArmy;\??\f:\windows\system32\drivers\mbamswissarmy.sys --> f:\windows\system32\drivers\mbamswissarmy.sys [?] . =============== Created Last 30 ================ . 2012-12-20 13:05:57 -------- d-----w- f:\documents and settings\cerber\application data\Styler 2012-12-20 12:52:40 22856 ----a-w- f:\windows\system32\drivers\mbam.sys 2012-12-20 12:52:40 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware 2012-12-19 19:42:27 -------- d-----w- f:\documents and settings\cerber\application data\TS3Client 2012-12-19 16:39:18 1892184 ----a-w- f:\windows\system32\D3DX9_42.dll 2012-12-19 16:39:17 2414360 ----a-w- f:\windows\system32\d3dx9_31.dll 2012-12-19 16:39:12 -------- d-----w- f:\windows\Logs 2012-12-19 16:28:36 -------- d-----w- F:\e9af60e1b739619c0fbc 2012-12-19 16:26:21 -------- d-----w- F:\33767317f7b9a84b997d87dd 2012-12-19 16:26:18 867344 ----a-w- f:\windows\system32\drivers\ESLWireACD.sys 2012-12-19 16:26:11 -------- d-----w- f:\program files\EslWire 2012-12-19 16:26:11 -------- d-----w- f:\documents and settings\all users\application data\ESL Wire 2012-12-19 15:56:16 874974 ----a-w- f:\windows\system32\FlashPlayerApp.exe 2012-12-19 15:56:16 73656 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl . ==================== Find3M ==================== . 2012-12-20 13:10:01 90112 ----a-w- f:\windows\SoundMan.exe 2012-12-20 13:10:01 73728 ----a-w- f:\windows\Alcmtr.exe 2012-12-20 13:10:01 2811392 ----a-w- f:\windows\alcwzrd.exe 2012-12-19 11:14:31 214360 ----a-w- f:\windows\system32\drivers\dwprot.sys 2012-12-19 11:14:30 179416 ----a-w- f:\windows\system32\drivers\DrWebLwf.sys 2012-12-19 11:14:24 167128 ----a-w- f:\windows\system32\drivers\spiderg3.sys . ============= FINISH: 15:14:35.39 ===============