iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

doing it now

how long should the blue bar be filling across the bottom? I hit create log and it just keeps going across the bottom filling and refilling. its been 5 minutes now

its scanning now

If it doesn't respond in 30 mins. we'll try something else.

right when it started scanning a bunch of things happened. The device manager popped up, the windows update icon appeared in the sys tray and the start button opened.
I tried to fix the firewall issue before I started with this scanner with microsoft fixit for firewall issue. It reported back that it repaired the firewall and restarted the computer. It still shows the firewall turned off

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\acfs1nn1.SYS
Service Name: ---
Module Base: B91F0000
Module End: B9232000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B4C28000
Module End: B4C40000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5EE000
Module End: BA5F0000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found

yeah the firewall is on the esisoft was guarding it

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

C:\Documents and Settings\HP_Administrator\My Documents\samsung files sd card\App_Manager\App_Backups\user_apps\com.charmingapps.rebelflag.apk a variant of Android/Adware.AirPush.G application deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\samsung files sd card\TitaniumBackup\com.charmingapps.rebelflag-2e43b4cc0c66b79c382df1a4044e5191.apk.gz a variant of Android/Adware.AirPush.G application deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\samsung files sd card\TitaniumBackup\com.charmingapps.rebelflag-ec930064db8a53503f88c34c285a17ba.apk.gz a variant of Android/Adware.AirPush.G application deleted - quarantined

How's your computer working now? Any other issues before we clean up?

Is the system clean. each time it scans there seems to be files found. If its clean then I am making an image so I have a clean start.
The only thing I see now is that explorer thing. The tray is frozen until I kill explorer in processes and then start a new task and then its ok. I see if I let it sit for 20 minutes sometimes it returns to normal. Any suggestions?
If we are done I have my second system that I will need help with since I infected all my pc's by using usb sticks between them.
Let me know if this one os clean and about the explorer thing.
Thanks a ton

tornado here now shutting down I will check back here after the storms are past

Do you mean Internet explorer?

no when I boot to desktop the tray icons are frozen so is the start button and there are no icons in the sys tray. I have to shutdown explorer.exe under processes and then restart it as a new task and they all work and the icons appear in the sys tray. When this happens I cant get to device manager or system restore. This all occurred after the infection.

to be clear when that freeze thing happens the device manager or system restore are not accessible. When I shut down explorer and restart it everything works

Please try this even if you don't have the OS disk and tell me what happens.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.