WindowsXP SP2 Firewall,Shields UP Test,Recent Infection from a 'Nhatquanglan' malwar

I use Windows XP SP2 Firewall together with AVG Antispyware, Windows Defender and Avast (network shield enabled). All of these programs have their real-time scanning and automatic updates enabled.

The problem is my system got infected with a certain 'Nhatquanglan' ( http://pleaselightmyfire.blogspot.com/2007/08/nhatquanghlan-update.html , http://www.google.com/search?q=nhat...z5&lr=lang_en&sa=X&oi=lrtip&ct=restrict&cad=7 ) malware (spreads thru removable USB drives) (this was before I activated Windows Defender and AVG Antispyware) which disables WinXP SP2 firewall among doing other things. Avast was able to detect parts of the malware from installing but not all as Windows Defender and A-squared free have been able to detect more malware from my system. I have recently cleaned my system by running full scans with recently updated definitions of A-squared, Windows Defender, Avast, AVG Antispyware, ad-aware 2007 and spybot and they found my system to be clean. I have also now enabled Windows Firewall and restored the firewall settings to default.

I have also removed all traces of Nhatquanglan from my system by manual deletion, AutoRuns and HiJackThis (I am still attaching my HiJackThis log file for reference, in case I missed something). View attachment hijackthis.txt

My system is now running fine and I don't see any of the previous effects of the virus, (system slow down, task manager, folder options and registry editing disabled, flash disks inserted get infected)

However, when I check my Firewall's settings in Shields Up using the Opera browser ( https://www.grc.com/ ) I get these results:

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active user community.



Unsolicited Packets: PASSED — No Internet packets of any sort were received from your system as a side-effect of our attempts to elicit some response from any of the ports listed above. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system remained wisely silent. (Except for the fact that not all of its ports are completely stealthed as shown below.)



Ping Reply: RECEIVED (FAILED) — Your system REPLIED to our Ping (ICMP Echo) requests, making it visible on the Internet. Most personal firewalls can be configured to block, drop, and ignore such ping requests in order to better hide systems from hackers. This is highly recommended since "Ping" is among the oldest and most common methods used to locate systems prior to further exploitation.




Port
Service
Status Security Implications

0
<nil>
Closed Your computer has responded that this port exists but is currently closed to connections.

21
FTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

22
SSH
Closed Your computer has responded that this port exists but is currently closed to connections.

23
Telnet
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25
SMTP
Closed Your computer has responded that this port exists but is currently closed to connections.

79
Finger
Closed Your computer has responded that this port exists but is currently closed to connections.

80
HTTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110
POP3
Closed Your computer has responded that this port exists but is currently closed to connections.

113
IDENT
Closed Your computer has responded that this port exists but is currently closed to connections.

119
NNTP
Closed Your computer has responded that this port exists but is currently closed to connections.

135
RPC
Closed Your computer has responded that this port exists but is currently closed to connections.

139
Net
BIOS
Closed Your computer has responded that this port exists but is currently closed to connections.

143
IMAP
Closed Your computer has responded that this port exists but is currently closed to connections.

389
LDAP
Closed Your computer has responded that this port exists but is currently closed to connections.

443
HTTPS
Closed Your computer has responded that this port exists but is currently closed to connections.

445
MSFT
DS
Closed Your computer has responded that this port exists but is currently closed to connections.

1002
ms-ils
Closed Your computer has responded that this port exists but is currently closed to connections.

1024
DCOM
Closed Your computer has responded that this port exists but is currently closed to connections.

1025
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1026
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1027
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1028
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1029
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1030
Host
Closed Your computer has responded that this port exists but is currently closed to connections.

1720
H.323
Closed Your computer has responded that this port exists but is currently closed to connections.

5000
UPnP
Closed Your computer has responded that this port exists but is currently closed to connections.
---
end of shields up test

My concern is, if this is the normal reply of a Windows XP SP2 system with windows firewall enabled and automatic updates enabled. Or has the malware edited my firewall settings (which I had already restored to their default settings (Control Panel->Windows Firewall->Advanced->Restore Defaults)?

Hijackthis Log: View attachment hijackthis.txt

 

Just to check, go thru SecurityCenter to open firewall...in advanced settings there is a "restore defaults", click that and see if that makes a diff.

 

I already did that before doing the Shields UP Test.

Are these supposed to be the results of Windows XP SP2 Firewall? Or are these my ISP's settings?