Please help me
bellow are my report attached
OTL reports
OK lets get it killed
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FyCyB0B0C0ByDzyyCtA0DyD0B0CtDyEtN0D0Tzu0CtByDyBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=175280004
IE - HKLM\..\SearchScopes\{5F1B9B77-66E7-A8B1-016C-461E3C450FB6}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=420&systemid=406&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2636758631-3468696566-1983375946-1001\..\SearchScopes,Backup.Old.DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2636758631-3468696566-1983375946-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2636758631-3468696566-1983375946-1001\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-2636758631-3468696566-1983375946-1001\..\SearchScopes\{5F1B9B77-66E7-A8B1-016C-461E3C450FB6}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110823&tt=120912_cpc_3712_6&babsrc=SP_ss&mntrId=c8a7bc04000000000000f67bcb5963d5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
[2011/06/19 13:52:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-2636758631-3468696566-1983375946-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
[2012/10/25 19:05:45 | 000,000,144 | ---- | M] () -- C:\ProgramData\-fux8O2qXofQCQG
[2012/10/25 00:04:07 | 000,000,168 | ---- | M] () -- C:\ProgramData\-fux8O2qXofQCQGr
[2012/10/25 00:04:02 | 000,000,677 | ---- | M] () -- C:\Users\louis\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Restore.lnk
[2012/01/07 14:43:46 | 000,000,336 | ---- | C] () -- C:\ProgramData\L4WgAaRkshZ5UZ
[2012/01/05 18:09:17 | 000,000,272 | ---- | C] () -- C:\ProgramData\~hWdGJ4nmyNVdC3
[2012/01/05 18:09:17 | 000,000,160 | ---- | C] () -- C:\ProgramData\~hWdGJ4nmyNVdC3r
[2012/01/05 18:09:00 | 000,000,440 | ---- | C] () -- C:\ProgramData\hWdGJ4nmyNVdC3
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
THEN
Download the latest version of TDSSKiller from here and save it to your Desktop.
[*]Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
[*]Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
[*]Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
[*]Click the Start Scan button.
[*]If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
[*]If malicious objects are found, they will show in the Scan results and offer three (3) options.
[*]Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
[*]Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
[*]Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please attach its contents on your next reply.
I’ve done the OTL procedure as descriped and here is the report.
Unfortunatly i can not run tdsskiller on my system and i dont know why.
I’ve tried many times but it doesnt start.Any idea?
have you tried running it from safe mode?
I tried everything. Nothing, it stop proccessing after my response at the prompt for running.
And that URL:Mal is still there, killing my brain.
Its really annoying.
Any idea to fix it?
wait for Essexboy…he got more tools in his toolbox. 
OK this one is playing hard to get
Download the following three programmes to your desktop :
Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot
http://dl.dropbox.com/u/73555776/wintoboot.JPG
Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It
You will see it progressing
http://dl.dropbox.com/u/73555776/usb%20progress.JPG
It will let you know when it is done
Then copy FRST to the same USB
http://dl.dropbox.com/u/73555776/frstwintoboot.JPG
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here
When you reboot you will see this although yours will say windows 7. Click repair my computer
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg
Select your operating system
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following :
notepad and press Enter.
The notepad opens. Under File menu select Open.
Select “Computer” and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
https://dl.dropbox.com/u/73555776/FRST%20Start%20scan.gif
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
Here is the report generated through the above procedure.
Please give further steps to follow.
thanks boys
OK using the recovery console go to the command prompt
Select Command prompt
http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg
At the command prompt type the following, pressing enter after each line
bootrec /FixMbr
bootrec /FixBoot
Then reboot to normal windows and rerun TDSSKiller
That make my device not booting up.
Im going to format the HDD.
Thanks anyway boys
Obviously it was very deeply entrenched… Did you try the windows startup repair ?
I did everything nothing can fix it.
Could you please explain what is that malware try to do?
Certainly it was a Max++ MBR malware, generally this one works on a click to pay basis. It will redirect your searches and the author will then get paid for each click… Not a lot per click, but multiply that by a lot of infected systems and it soon mounts up
This thread was a great read. Is formatting the HDD the final solution when all else fails to
rid a computer of malware?
With the way malware is progressing now it is a hard task to keep the tools updated to kill them… As it stands at the moment I lose about 2% of the infected systems, they end up being reformatted… Hence a disc image is always a good idea
OK and thank you for the reply!
also thank you for taking the time to try and help so many who post their problems here.
8)
Not a problem as these miscreants really annoy me