Hello! I have seen one other post about this, but the solution was only meant for that one user… So, I need to ask, as I am not super experienced with computers— every site I go to, I get a warning from Avast that it has protected me from something called: hxtp://includeit.info/include.js?id. It is annoying as hell, and starting to lose my mind a little! Can someone help??

Please attach your logs.
http://forum.avast.com/index.php?topic=53253.0

Hi chlselyn,

First, please modify your post by looking for “Modify” at the bottom right-hand corner of your post.
Change http:// to hXtp:// in your post to avoid accidental clicks by the unaware.
look under Subject and change the title to a more subtle title, without the suspect link included.

Then, follow the instructions here:
http://forum.avast.com/index.php?topic=53253.0
and attach the logs in your next post.

Yes, break that live link there, chlselyn.
Read about this threat here:
http://www.malekal.com/2012/07/05/avast-urlmal-httpincludeit-infoinclude-jsid/ link article written by MALEKALMORTE, where it is being described as Conduite like toolbar adware,

polonus

I’m sorry, I feel like an asshole but apparently this is too tough for me. I completed the mbam stuff, but every time I click on the run/scan button for OTL it just disappears and I don’t get anything else coming up. Sorry- I swear I’m not dumb.

I PM-ed one of our qualified malware removers to guide and assist you with your cleansing routine. He will soon help you. We were all dumb when we were in our cradle- I too. Everything will be OK, stay with us,

polonus

Could you ensure that Avast is not trying to run OTL in a Sandbox

So, I kept trying it, and every time I did, Avast would pop up and no matter how many times I clicked “run normally” it just kept disappearing. I tried one last time, and it worked for whatever reason! So here is what came up! I hope this is right…

You need to tick the remember box to ensure that Avast allows it to run

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 IE - HKU\S-1-5-21-2065699423-1121754793-1410925931-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-2065699423-1121754793-1410925931-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678 O2:64bit: - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Chelsea\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found. O2 - BHO: (Complitly) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Users\Chelsea\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-2065699423-1121754793-1410925931-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-2065699423-1121754793-1410925931-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()

:Files
C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
C:\Users\Chelsea\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi
C:\Users\Chelsea\AppData\Roaming\Complitly
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\DAEMON Tools Toolbar

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

So here is what I have after the fix…

I had the same problem first i read your post which led me to ead Malekalmorte’s post after doing so I checked my extensions, A game called wolftoss had been added by my children, Avast Webrep and my realplayer downloader were running too, I deleted wolftoss first and checked to see if that fixed the problem.

Yes it did I no longer have the warnings from Avast. So please be aware that it is not just toolbars that show these alerts games added via google chrome may do it also.

@chlselyn have the alerts ceased ?

@purpla I agree that is why I ask for the OTL log ;D

Yes, I believe they have! Thanks to you and Polonus, and the other guys! If I could, I would bake you all cookies for saving me! Also, thanks Purpla for the advice- I will now keep an eye out

Run OTL and hit the cleanup button to remove it ;D

Hi!
I followed the instructions on this topic and attached are the 3 txt files (sorry, the mbam file is in Italian but I guess it’s pretty straight forward)

Thanks to anyone who can help - I too am going crazy with all these popups at each page!

@forthose

you are suppose to create your own topic as helping multiple users in the same topic will be chaos, not to mention how long the topic will be if every one post in just one

OBS: also attach aswMBR log

Sorry Pondus!
I’ll create a new post immediately.
Thank you

Luckily enough I was still subscribed to this topic

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE - HKLM\..\SearchScopes\{A2A09880-5F99-4366-AE83-BD29F51BBA7E}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=b9be21b5-1b8b-11e1-911d-101f740ac3b5&q={searchTerms} IE - HKU\S-1-5-21-2074883795-1888611747-257208028-1000\..\SearchScopes\{A2A09880-5F99-4366-AE83-BD29F51BBA7E}: "URL" = http://startsear.ch/?aff=1&src=sp&cf=b9be21b5-1b8b-11e1-911d-101f740ac3b5&q={searchTerms} O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\forthose\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)

:Files
C:\Users\forthose\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
C:\Users\forthose\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlfienamagdnkekbbbocojppncdambda
C:\Users\forthose\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
C:\Users\forthose\AppData\Roaming\VshareComplete

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

@essexboy ok, I’ll try this before posting a new topic then.
Thanks alot

Here’s the log from OTL
and the aswMBR log Pondus mentioned… in case you need it