Chances are for the MSDTC (Microsoft Distributed Transaction Coordinator) file, any AV will have a heck of a time trying to clean it.
Do you keep frequently updated servers- configured the same way? Meaning, do you distribute via WSUS or anything else like that all the updates to all your systems simultaneously?
The problem will likely be, that because this .exe is generally always in use by the system, it may hard to "replace".
Would it possible in anyway for you to:
- Remove the harddrive from the machine and boot it as a slave into a different machine, to allow for replacing (overwrite the infected file) by a known clean file from a different server of the same patching/updates
- Boot from a Linux system, mount the filesystem and replace the existing bad file, same as above.
- Boot in safe mode, command line, no networking, and replace the file from a command prompt.
* * * *
That will get rid of the IRC bot.
* * * * *
In any of the scenarios presented above, you should equally be able to remove the infected .exe files from ..\drivers folder as well. Validate the driver files themselves before hand, as you will possibly need to reinstall certain drivers for functions on the system.
After completing these steps the system will likely encounter some errors, which will need to fixed/patched manually...