Need to get rid of the Malware again (Outerinfo, Internet speed monitor, etc)

[green tea]

Evil, while doing the CFScript with Combofix, I didn't turn off the internet. So after the log was produced, Winpatrol detected vcsron again. Also, I'm back in normal mode (which makes me even more scared of my pc's safety, and was able to save the Combofix log through notepad)

I already disabled the connection to my pc, and deleted vcsron. However, "csvnro" is now on the Add/Remove section.

I deleted the temp folder with offline contents, and also deleted cookies. SHould I continue with the cleanmgr, or get rid of csvnro first?
Also, I'm accessing the internet from my sis' pc right now

[evilfantasy]

If it keeps coming back we need to find the source so don't delete it. Winpatrol is reporting that csvnro is being added but it doesn't mean it is malicious. Do you know what these are?

Finish with cleanmgr and please post a new Hijackthis log.

[green tea]

Looks and sound like bad stuff to me. I mean, the fact that it mixes the letters up after one is deleted is scary enough. It's really smart that way.. when I deleted vcsron the first time,  I ran a search to see if any trace of it was left. Search came up with nothing.

Then I checked the add/remove, and saw the Csvnro, so I did a search for that and it was in the Windows folder section.

Also, I thought Winpatrol could help protect the pc. It alerted me to stuff being installed, but even when I click "NO", they swarmed in. I'll get to work on the next steps.

[green tea]

Did cleanmgr (the temp files, temp internet, recycle bin all showed 0 kb when I selected them.. don't know if that's important)

Here's the new HJT log

[recovering space - attachment deleted by admin]

[evilfantasy]

Download Vundofix.exe to your desktop.

• Double-click VundoFix.exe to run it.
  
• When VundoFix opens, click the Scan for Vundo button.
  
• Once it's done scanning, click the Remove Vundo button.
  
• You will receive a prompt asking if you want to remove the files, click YES
  
• Once you click yes, your desktop will go blank as it starts removing Vundo.
• When completed, it will prompt that it will shutdown your computer, click OK.
  
• Turn your computer back on.
• Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please let Vundo finish, sometimes it can take multiple passes

[green tea]

I don't recall VundoFix working well for me before, but let's hope it's different this time. I can run it in normal mode, correct?

[evilfantasy]

I don't recall VundoFix working well for me before, but let's hope it's different this time. I can run it in normal mode, correct?

Yes normal mode.

[green tea]

Huh, vundofix finished scanning and 0 infected files were found. Wonder why that is..

I still don't feel safe with the csvnro on my pc

[evilfantasy]

Please run the F-Secure Online Scanner

Note: This Scanner works with Internet Explorer Only!

• Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
• Allow the Active X control to be installed on your computer, then click the Accept button
• Click Full System Scan and allow the components to download and the scan to complete.
  
• If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click

Cancel, then New Scan[/list]

• When the cleaning option is presented, Uncheck Submit samples to F-Secure
  
• Click Automatic cleaning
  
• When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  
• Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post.

If needed go to Start > Run > type Notepad.exe then press OK.
Paste the log into Notepad and save it to the desktop so it can easily be posted later.

This scan can take quite some time, so please be patient

[green tea]

Do I need to be connected to the internet to use this scanner? I already disabled my internet..

[evilfantasy]

Yes you will need to be connected.

[green tea]

I'm really weary about connecting to the internet right now. I'm scared winpatrol will woof like crazy and a bunch of stuff get in like that. Can I get protected first?

My norton is really out of date, do you think I can get Avast first and then do this scan?  Or can I up my windows firewall so nothing can get in?

[evilfantasy]

First download Avast! Don't install it yet.

Uninstall all instances of Norton, Symantec and Live Update in add remove programs and then Download and run the Norton Removal Tool

Now run the Avast installer and get all of the updates.

Then run the F-Secure online scan.

You have to connect to the internet at some point to install and get updates for Avast. If anything else gets in it is OK because we will find it. Please stop uninstalling or deleting anything. I need it to show up in a log so I know how to permanently get rid of it.

[green tea]

ok, I enabled connection on my pc again and am currently d/ling Avast! It's barely at 36%..

I did a skim through the intro on the avast d/l page.. does the free edition not work after 60 days?

[evilfantasy]

You will need to get the free license key from HERE which lasts for 14 months, then you again renew it for free.