Ok, heres what happened. Was browsing the web... then some pop under ad appeared. Pop under was trying to open Adobe Acrobat for some reason, was like WTF and terminated the process (I have BlackICE defender application protection, it automatically alerts you when an unknown app. tries to run). Then a file called unwise_.exe tries to open itself, located in the c:\windows\fonts folder. WTF again, terminated it. Forgot about it for a few hours, then BlackICE firewall started going off like crazy. Checked Task Manager, and noticed several instances of cmd.exe and ftp.exe running. Crap... somehow got a trojan. The thing is, I dont run any executable files from "shady" sources, just download some PDF files at most. So it was probably a vulnerability in Acrobat or FireFox that allowed the trojan to install. Here is what I did: - Ran AVG, it removed the unwise_.exe trojan, WIN/32 Heur. - Deleted the service the trojan created "Windows Host Controller" from the registry. Its gone. - Deleted ftp.exe (dont have a need for it anyways) from system32 and DllCache folders. Gone, and never re appeared. - Ran Malwarebytes Anti Spyware and SUPER Antispyware. Nothing found. - Checked HiJack This log, nothing suspicious. - Ran 2 different online AV scans, nothing found - Ran a task manager program (forgot the name), that shows all processes, even hidden ones, eveythng ok - Ran MCAfee Anti-Rootkit, nothing found. - Checked Services and startup items in registry, nothing suspicious present. - Got rid of Acrobat reader, replaced with FoxIT. Probably its Acrobat that caused the trojan to install itself in the first place. Now heres the problem: Whenever I run a portscan on my PC, the FTP port 21 is still shown as OPEN!! I blocked that port in BlackICE, but still shows as Open, normally it was always on "stealth". How the F%&@ do I close port 21?? Its not supposed to be open! Tried connecting to it though, but connections always fail when trying to connect to my ip:21. That PC is a laptop that I use to do some work, but contains no "sensitive" data on it whatsoever, asides from a collection of crap DP ebooks and WSOs I downloaded. Any help on how to make the port 21 "stealth" again would be appreciated... Tried searching and figuring it out myself, but didnt find anything!