I can not run any anti-virus software locally, it get the error: unable to execute: SpybotSD.exe ( or any other), it is not a valid Win32 application. I can not boot PC in Safe Mode, it is constantly jump in Normal Boot only. When press F8 it shows me choice of booting modes, i can choose Safe Mode or Safe mode with Networking, but whe it start loading drivers it stops with the message: Press Esc to start loading d347bus.sys and then jumps into Normal Mode booting. The CPU usage almost constantly 100%. I have managed to run FixWareout.exe, the report is the following: Username "user" - 21/05/2008 23:38:29 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check Successfully flushed the DNS Resolver Cache. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PinnacleDriverCheck"="C:\\WINDOWS\\System32\\PSDrvCheck.exe -CheckReg" "Logitech Utility"="Logi_MwX.Exe" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PowerBar"="" "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\GoogleToolbarNotifier.exe" "drvsyskit"="C:\\WINDOWS\\system32\\drivers\\hldrrr.exe" "german.exe"="C:\\WINDOWS\\system32\\wintems.exe" "mule_st_key"="C:\\Documents and Settings\\user\\Application Data\\m\\flec006.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ I have found this processes in Task Manager Processes window: flec006.exe, hldrrr.exe ,etc Please, give me the instructions how to remove malware... Thanks, GB

Boot the machine any way you can and run regedit from the run box. Go to [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Delete those keys that are listed in that report. Look at the same path in HKLM.

I have fixed the problem using MalwareBytes AntiMalware! Thanks, GB