malware removed (?) ports still open

My computer was infected with winfixer, Agent 739, Agent 751, Trojan Generic, and Vundo.100. Trojan Hunter found and deleted them (or so I thought). A TH scan shows 5 open ports - [Port 5402/TC is open (matches BackConstruction.210, BackConstruction.25, BladeRunner.080, DeepThroat.300, and Mneah.100) Port being used by process qcacore.exe/PID 2496]. I am not computer savvy and would appreciate any help.

Computer still runs very slow and periodically the mouse becomes unusable. I have went through the steps and tried VundoFix V6.2.13. The logs are attached, except for PandaActiveScan. Used link for your website but window that comes up was way off center and I could not read it or get it straightened out.

 

malware removed (?) ports still open other attachments

SpyBots found nothing - CounterSpy found 3 WinFixA (I think) and fixed. Panda could not use.

 

Trying this again. I am sorry for the first messed up post.

 

OtherAttachments for TheViper

Here are the other attachments. Could get connected to the last message I sent.

 

You have an out-dated version of Adobe Acrobat installed. Download the latest version of Acrobat from Adobe.

Using Add or Remove Programs in the Control Panel; uninstall the following:

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

You have old version of ShowNew and GetRunKeys; download both again.

Reboot.

Post fesh HijackThis, GetRunKey and ShowNew logs.

 

AAttached are the logs for Hijack This, GetRunKey and ShowNew. I thank you for your quick response and appreciate the help.

Why did I use the E2 or whatever for a message icon? I don't know.

I cannot get 3 files attached now - only 2, when I try to upload the third file, one of the first 2 disappears.:cry

 

Hopefully - the third upload!!

 

You are probably thinking no wonder she has problems with her computer and you are correct. I am losing it!

 

Download
- Pocket Killbox

Now Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click Delete Selected Temp Files
Then after it deletes the files click the Exit (Save Settings) button.

NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue..

Select:

• Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Post A fresh HijackThis Log.

 

Thanks again for the help. I did receive the message PendingFileRemanedOperations prompt along with Regisstry Data has been removed by External Process! New HJT log attached.

 

Windows Messenger is running in the background on this computer, and represents a security risk. Remove Windows Messenger by running Uninstall Messenger. If you are using this as your IM client then replace it with MSN Messenger.

Your HijackThis log appears to be clean of malware.

How is your computer running?

 

THANK YOU! THANK YOU! THANK YOU! You people are wonderful for for using your expertise to help others. My computer is running much better. Thank you again. J Vipond

 

If you are not having any other malware problems, it is time to do our final steps:

• If we used Pocket Killbox during your cleanup, do the below
  • Run Pocket Killbox and select File, Cleanup, Delete All Backups
• If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
• If we used SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
• If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
• If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
• If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
• You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
• If you are running Windows XP or Windows ME, do the below:
  • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
  • Then reboot and Enable System Restore to create a new clean Restore Point.
• After doing the above, you should work thru the below link:
  • How to Protect yourself from malware!