Good morning 
After several Windows XP Blue sreens (Driver_IRQL_Not_less_or_equal, or IRQL_not_less_or equal) I have scanned my PC.Results give a growing number of infected files (Java Update Sheduler multiplying at every scan !) with high severity (Threat Rootkit: system modification )in Avast\arpot directory with recommendation to delete them.
Avast Free does not manage to delete them, even after a system restart, nor can I do it manually.
Please help me and thank you for your help
follow the guide here http://forum.avast.com/index.php?topic=53253.0 and attache the logs
Lower left corner > additional options > attach
if the logs should be to big, then upload to http://www.mediafire.com/ and post the download link here
Thank you for your quick help Pondus
Please find attached what the tutorial asks for.I am anxiously expecting your feedback !
Malwarebytes’ Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7670
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
07/09/2011 16:05:47
mbam-log-2011-09-07 (16-05-47).txt
Scan type: Quick scan
Objects scanned: 185547
Time elapsed: 15 minute(s), 2 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Essexboy is notified and will check the log`s when he arrive
I will remove the old Java activex and I feel I need to look a bit closer at the MBR
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O3 - HKU\S-1-5-21-993333005-4173173592-4046843567-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.):Files
ipconfig /flushdns /c:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
THEN
Download and Install Combofix
Download ComboFix from one of the following locations:
VERY IMPORTANT !!! Save ComboFix.exe to your Desktop *
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
[*]Double click on ComboFix.exe & follow the prompts.
[*]Accept the disclaimer and allow to update if it asks
http://img.photobucket.com/albums/v706/ried7/NSIS_disclaimer_ENG.png
http://img.photobucket.com/albums/v706/ried7/NSIS_extraction.png
[*]When finished, it shall produce a log for you.
[*]Please include the C:\ComboFix.txt in your next reply.
Notes:
Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
Good morning Essexboy !
Thank you for your efficient help.I just did what you prompted.Please find attached both logs.
Just two notes:
1° after running OTL, although it displayed “processing complete”, it did not close and was still found open after reboot.
2° during Combofix, I declined installation of “MS Windows console de recupération”.Was that a good answer ?
I will keep you up-to-date with how my computer is running now, but right now I am still puzzled to have the increasing number of .dat files still there in C\documentsandsettings\all users\application data\avast software\avast\arpot that were detected as root-kit infected but could not be deleted by avastfree.I will run avastfree now and see whether they are still detected and if yes, try to suppress them.
Meanwhile I will try to sleep a bit.
Thanks again
Good morning again Essexboy !
Avast free just detected 113 (time-to-date, still growing).dat infected files (244 bytes each).
I let the scan go to its end and will let you know.
Essexboy,
For your info, the directory I mentioned in my previous post also populates with.ini files (1K) the same name as .dat.I can open them with the blocknote and in their properties I see Win32:malware-gen.I still cannot delete them (access denied).
Hope it helps.
Hello Essexboy,
After having reinstalled Avast Free and run it, no more detection, no more odd files in \arpot !
Thank you again for your help.I would now appreciate if you had guidelines to clean from my desktop the tools you gave me (aswMBR, OTL, Malwarebytes) and related logs.
Thanks to you I am now a happy man ! 
It looks as though Avast was not emptying the temporary anti rootkit directory after use. Hence all the detections
Subject to no further problems
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:Commands [resethosts] [purity] [emptytemp] [EMPTYFLASH] [CLEARALLRESTOREPOINTS] [Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK
http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg
[]Follow the prompts on the screen
[]A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif
Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
[] Go to this site and click Do I have Java
[] It will check your current version and then offer to update to the latest version
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe 
Good morning Essexboy
So far so good that I started cleaning the tools thanks to your guide lines!
I have some problems to remove older versions of Java components which read on the Windows configuration panel but without Delete button ?
I also still have aswMBR icon on my desktop.Shall I keep it, if not how to remove it ?
I also have an MBR.dat icon.What shall I do with it ?
Thank you again, I will get in touch again if necessary.
There is a tool to remove old versions of JAVA:
Download location http://sourceforge.net/projects/javara/
General info in JavaRa, see LifeHacker using JavaRa
Th aswMBR.exe and associated mbr.dat file can be removed. The aswMBR tool is continually updated, so should it be needed in the future it is best to get the latest copy.
...if not how to remove it ?...just dragg and dropp in the recycle bin
Thank you DavidR and Pondus.
You’re welcome.