Malicous Malware Blocked (includeit.info/include.js ...)

[darldav]

this inf pop up on every site i visited. I have issue with the FF and Chrome.

Windows 7 Home Edition 64Bit Intel
What I did so far
1) Scan with Malwarebytes' Anti-Malware (no infection found)
2) OTL scan
3) aswMBR scan

Please Help me! this message drive me crazy.

[Pondus]

 if you did OTL and aswMBR then attach the logs.....cant help unless we see them

[darldav]

I forgot the Log files.

The Captcha is the worst invention all the time.

[Asyn]

The Captcha is the worst invention all the time.

It'll only happen on your first 3 posts.

[!Donovan]

Similar Problem Here: http://forum.avast.com/index.php?topic=100891.0
See Polonus' link.

[darldav]

Similar Problem Here: http://forum.avast.com/index.php?topic=100891.0
See Polonus' link.

Sorry, I can read and write 2 languages but not french. 

[!Donovan]

Google Translate

And if you need to confirm a phrase that Google can't return properly:
http://www.linguee.com/english-french/search
^^ Bookmark that one, is good online translator

[darldav]

Thanks for your help. my PC is now silent. 

[essexboy]

Here you go this should stop it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

  :OTL
  IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
  IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=111971&tt=060612_8_&babsrc=HP_ss&mntrId=b68272610000000000001e6076325903
  IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\URLSearchHook: {2069a8c8-fad1-424b-b76c-d7f33d77dc4c} - C:\Program Files (x86)\Deutschland_Radio\tbDeu0.dll (Conduit Ltd.)
  IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
  IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
  IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=111971&tt=060612_8_&babsrc=SP_ss&mntrId=b68272610000000000001e6076325903
  IE - HKU\S-1-5-21-270054268-2030146128-1777441742-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
  FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
  FF - prefs.js..browser.search.defaultthis.engineName: "vshare.tv Bar Customized Web Search"
  FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2818425&SearchSource=3&q={searchTerms}"
  FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
  FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
  FF - prefs.js..extensions.enabledItems: {2069a8c8-fad1-424b-b76c-d7f33d77dc4c}:3.3.3.2
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
  FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT292072&q="
  [2011/11/03 11:21:17 | 000,000,000 | ---D | M] (Complitly - Speed up your search with your personal search suggestions tool) -- C:\Users\Darcy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\l8tshks6.default\extensions\{33e0daa6-3af3-d8b5-6752-10e949c61516}
  [2012/06/04 10:46:36 | 000,000,000 | ---D | M] (vshare.tv Community Toolbar) -- C:\Users\Darcy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\l8tshks6.default\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
  [2011/11/03 13:33:50 | 000,000,929 | ---- | M] () -- C:\Users\Darcy's Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\l8tshks6.default\searchplugins\conduit.xml
  [2012/06/18 11:15:04 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
  O2:64bit: - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Darcy's Laptop\AppData\Roaming\Complitly\64\Complitly64.dll (SimplyGen)
  O2 - BHO: (Deutschland Radio Toolbar) - {2069a8c8-fad1-424b-b76c-d7f33d77dc4c} - C:\Program Files (x86)\Deutschland_Radio\tbDeu0.dll (Conduit Ltd.)
  O2 - BHO: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
  O2 - BHO: (Complitly) - {D27FC31C-6E3D-4305-8D53-ACDAEFA5F862} - C:\Users\Darcy's Laptop\AppData\Roaming\Complitly\Complitly.dll (SimplyGen)
  O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
  O3 - HKLM\..\Toolbar: (vshare.tv Bar Toolbar) - {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll (Conduit Ltd.)
  O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
  O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
  O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
  O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 10.5.1)
  [2012/06/18 11:14:58 | 000,000,000 | ---D | C] -- C:\Users\Darcy's Laptop\AppData\Roaming\Babylon
  [2012/06/18 11:14:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
  
  
  :Files
  C:\Users\Darcy's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
  C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
  C:\Users\Darcy's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\defdhglnppeioeflggkmglipcecffkhk
  C:\Users\Darcy's Laptop\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
  C:\Program Files (x86)\vshare.tv_Bar
  C:\Users\Darcy's Laptop\AppData\Roaming\Complitly
  C:\Program Files (x86)\vshare.tv_Bar
  C:\Program Files (x86)\ConduitEngine
  C:\Program Files (x86)\vshare.tv_Bar
  C:\Program Files (x86)\Babylon
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [CREATERESTOREPOINT]
  [Reboot]
• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.