SpywareGuard2008-- Suggestions?

I see others have run into this gem. Some of the security sites are saying it may have originated somewhere in the "Russian federation". My buddy was about to download some music when SpywareGuard2008 grabbed his system. I have a feeling he tried to close the popup for the ad with the normal "Close" button. Others have stated they got it trying to DL videos. Javacool, makers of the legitimate Spywareguard (no 2008 after it) have blogs warning about it and say their SpywareBlaster (a great tool) is updated to look for it (I found it in the block lists in mine).
The thing took over his Security Center (WinXPsp2), disabled !Avast and installed itself. It then proceeded to grab his browser and after he got !Avast to run it shut it down and also won't let Spybot S&D run (which according to their site was updated for this thing on Jan 7}. When I could still get his system to start it denied access (even from command line) to regedit, regsvr32 (to unregister the .dlls--I found references on the web with files, processes, and reg keys associated with the thing), and Explorer Options-Tools (not there--in order to show hidden and system files) and wouldn't allow delete of any of it's files. Processes (like wincenter.exe) kept restarting themselves (after shutting them down in Taskmanager) even after removing all Startup references (they even came back on reboot after deletion). It seems to get worse the longer it runs, or perhaps on every reboot, and has now got his machine unusable.
There's a post in the Tech Support Guys-- Malware Removal & HJT forums from Everway9 asking if anyone has tried to repair this with a remote connection. I wouldn't try it-- when I plugged my crossover cable into his card I noticed some unusual activity, pulled it right away and scanned my system (nothing there-whew!). There's info on the web about another one that can come in by clicking on it or through video codecs (suffix-2009) that says it tries to access other network systems. I think this one might too.
I built a UBCD4Win disc with WinXPsp2 and a load of tools (creates a virtual Windows environment for repairing damaged systems) and the thing won't let it finish loading. I thought for sure this would work as I have repaired other systems with it. I can't get the Win installaion disk to load, either (system freezes). Now I can't get it to boot at all (not even safe)--it lets me log on then freezes when the desktop shows up. Now I'm finding that I only have about 30 seconds in the BIOS setup to make any changes, confirm, and exit or it freezes up and you have to re-boot. I tried disabling his system drive and running UBCD4Win (to set up a virtual Win on his slave (storage--no system files) but that doesn't even work. Even booting into a DOS command line freezes up after a few seconds.
There are a couple of programs that can supposedly fix this (Malaware Bytes (I may have the exact name incorrect--is one of them) but people have had to rename them and their associated update files in order to get them to run. The thing seems to know about tools that could disable it (give the malicious geniuses who created it credit). Also it's been suggested that they be loaded from a disc since flash drives seem to be vulnerable. Since I can no longer get started that's not an option anyway.
I'm about to try an XP boot disk but I'm pretty sure this little beauty's got the BIOS corrupted-- may have to try and reflash them. I'm interested in any and all replies. Anybody have any ideas or suggestions?

 

Thank you for your reply, chaslang.

I have solved this problem. I could not get my UBCD4Win to load but I did manage to boot directly into dos where I still had to jump through hoops to access many of the system files before I could even re-enable the win registry editor. I couldn't even get admin rights using (MS) SubinACL commands.

All Windows restore points had been deleted by the thing.

Once I got control of the registry I went to town, deleting all references found from HiJack This, Combofix and Smitfraud (none of which could do anything other than scan and generate a log). I was then able to use all 3rd party malware tools. I reinstalled or repaired all the damaged Win files (including registry entries changed or deleted by either me or the "thing") from the installation disc. No data or program functionality lost.

I apologize for the delayed response, I had just noticed an old e-mail notification that reminded me of my post.

I find this forum to be a great resource and truly appreciate the time you Administrators and Moderators devote to helping others.

Once again, thank you for your valuable time.