Virus, trojan horse, weird sounds, multiple iexplore.exe run by system process

[luckypolo]

Hello,

1. About 2 weeks ago, during making a connection to Internet, my AVG has started to show me that there is a trojan horse SpamBot.G in a file Windows\system32\drivers\tcpsr.sys, which is run by System process. I have run a scan of the system. It found some viruses and healed them. But the message SpamBot.G is still apearing.
2. Moreover, when I am connected to the Internet there are some weird sounds – like “clicking” - and at the end of the series of clicking – a sound like I have when message box is appearing.
3. What's more: I observe that there are always a couple of iexplore.exe run by the System process.
4. Now I see that the AVG is shouting that not only SpamBot.G, but also Generic10.BEDO in Windows\system32\drivers\KUD08.SYS is on my computer.

Ok. What I have done until now:
- used AVG scanner
- download all updates of Windows - there was a lot to update :(
- used Atribune Temp File Cleaner
- run Kaspersky Online Scaner (but then I've made some actions so I do not attach a log file. I can make a scan again and deliver a fresh log if needed)
- unfortunatelly I turned off and on the System Restore in order to remove the backed up infections (and then I saw “before you post” in your forum saying that I should not do that)
- installed and run LavaSoft AdAware
- installed and run Spybot
- run OnceCare Live com online tool
- uninstalled LavaSoft AdAware

Some of those programs found some problems, but I just do not remember what and where was found.
Well, the problem still exists. So I start to follow what you recommend.

I have run Spybot in the Safe mode and run SpyBot until everything was cleaned.
And then I've run HijackThis.

The folloing is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:55:16, on 2008-07-18
Platform: Windows XP Dodatek SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HPQ\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pajacyk.pl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Łącza
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: HP Credential Manager for ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\HPQ\IAM\Bin\ItIeAddIN.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HPQ\IAM\Bin\AsTsVcc.dll,RegisterModule
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\RunOnce: [SpybotDeletingA7727] command /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9682] cmd /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8996] command /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9000] cmd /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4913] command /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8176] cmd /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKLM\..\RunOnce: [SpybotDeletingA3449] command /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8009] cmd /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8386] command /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7782] cmd /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKLM\..\RunOnce: [SpybotDeletingA734] command /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7876] cmd /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8561] command /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKCU\..\RunOnce: [SpybotDeletingD406] cmd /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9016] command /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2225] cmd /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7671] command /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7871] cmd /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKCU\..\RunOnce: [SpybotDeletingB664] command /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2906] cmd /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7450] command /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5146] cmd /c del "C:\WINDOWS\system32\svcp.csv"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2688] command /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4740] cmd /c del "C:\WINDOWS\system32\winsub.xml"
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'USŁUGA SIECIOWA')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .midi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus...an_unicode.cab
O16 - DPF: {14C1B87C-3342-445F-9B5E-365FF330A3AC} (Hewlett-Packard Online Support Services) - http://h20278.www2.hp.com/HPISWeb/Cu...ataManager.CAB
O16 - DPF: {3D8700FB-86A4-4CB4-B738-6F0FC016AC7D} (MainControl Class) - http://slimak.onet.pl/_m/wirusy/ArcaOnline.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase5036.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1199390019515
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9C51A9-EE62-495B-A5AC-7E01D688636F}: NameServer = 192.168.0.155,213.199.225.14
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C9C51A9-EE62-495B-A5AC-7E01D688636F}: NameServer = 192.168.0.155,213.199.225.14
O17 - HKLM\System\CS2\Services\Tcpip\..\{1C9C51A9-EE62-495B-A5AC-7E01D688636F}: NameServer = 192.168.0.155,213.199.225.14
O17 - HKLM\System\CS3\Services\Tcpip\..\{1C9C51A9-EE62-495B-A5AC-7E01D688636F}: NameServer = 192.168.0.155,213.199.225.14
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\HPQ\IAM\Bin\AsWlnPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

--
End of file - 11363 bytes

I really need your help.
Thanks in advance.
Luckypolo