Malicous Malware Blocked (includeit.info/include.js ...)

system · July 7, 2012, 10:08pm

this inf pop up on every site i visited. I have issue with the FF and Chrome.

Windows 7 Home Edition 64Bit Intel
What I did so far

Scan with Malwarebytes’ Anti-Malware (no infection found)
OTL scan
aswMBR scan

Please Help me! this message drive me crazy.

Pondus · July 7, 2012, 10:11pm

if you did OTL and aswMBR then attach the logs…cant help unless we see them

system · July 7, 2012, 10:18pm

I forgot the Log files.

The Captcha is the worst invention all the time.

Asyn · July 7, 2012, 10:22pm

It’ll only happen on your first 3 posts.

Donovan · July 7, 2012, 10:37pm

Similar Problem Here: http://forum.avast.com/index.php?topic=100891.0
See Polonus’ link.

system · July 7, 2012, 11:01pm

Sorry, I can read and write 2 languages but not french. :-X

Donovan · July 7, 2012, 11:08pm

Google Translate

And if you need to confirm a phrase that Google can’t return properly:
http://www.linguee.com/english-french/search
^^ Bookmark that one, is good online translator

system · July 8, 2012, 12:01am

Thanks for your help. my PC is now silent.

essexboy · July 8, 2012, 10:39am

Here you go this should stop it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF

:OTL IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425 IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111971&tt=060612_8_&babsrc=HP_ss&mntrId=b68272610000000000001e6076325903 IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\URLSearchHook: {2069a8c8-fad1-424b-b76c-d7f33d77dc4c} - C:\Program Files (x86)\Deutschland_Radio\tbDeu0.dll (Conduit Ltd.) IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.) IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111971&tt=060612_8_&babsrc=SP_ss&mntrId=b68272610000000000001e6076325903 IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425 FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {2069a8c8-fad1-424b-b76c-d7f33d77dc4c}:3.3.3.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT292072&q=" [2011/11/03 11:21:17 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Darcy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\l8tshks6.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516} [2012/06/04 10:46:36 | 000,000,000 | ---D | M] (vshare.tv Community Toolbar) -- C:\Users\Darcy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\l8tshks6.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b} [2011/11/03 13:33:50 | 000,000,929 | ---- | M] () -- C:\Users\Darcy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\l8tshks6.default\searchplugins\conduit.xml [2012/06/18 11:15:04 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Darcy's Laptop\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen) O2 - BHO: (Deutschland Radio Toolbar) - {2069a8c8-fad1-424b-b76c-d7f33d77dc4c} - C:\Program Files (x86)\Deutschland_Radio\tbDeu0.dll (Conduit Ltd.) O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.) O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Darcy's Laptop\AppData\Roaming\Complitly\Complitly.dll (SimplyGen) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1) [2012/06/18 11:14:58 | 000,000,000 | ---D | C] -- C:\Users\Darcy's Laptop\AppData\Roaming\Babylon [2012/06/18 11:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
:Files
C:\Users\Darcy’s Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
C:\Users\Darcy’s Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
C:\Users\Darcy’s Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
C:\Program Files (x86)\vshare.tv_Bar
C:\Users\Darcy’s Laptop\AppData\Roaming\Complitly
C:\Program Files (x86)\vshare.tv_Bar
C:\Program Files (x86)\ConduitEngine
C:\Program Files (x86)\vshare.tv_Bar
C:\Program Files (x86)\Babylon

:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Malicous Malware Blocked (includeit.info/include.js ...)

Announcements