W32/brontok-x has trumped Webroot

Dear MajorGeek Help Squad,
I have been stumped in my efforts to defeat w32/brontok-x. It seems to have eluded Webroot with Anitvirus. One minute it shows up as quarantined, and I try to delete it, only to have it pop up again in a second. I cannot run a complete scan with Webroot. It shows over 320,000 infected files ( i doubt I have that many files to begin with), and offers no means to clean them. Tech support at Webroot has been unable to help me. So much for that product.
I am unable to complete the simplest of your Read and Run Me tasks.
I have CCleaner already installed, but I cannot run it. Windows restarts whenever I begin to run it. I also have Hijack this installed. Again, it restarts.

Should I simply wipe the system clean with the Recovery CD? Will that even work? I have a backup drive, an iomega 500g, that may be infected as well. It was connected when the virus was first discovered by Webroot.
I have a Toshiba Satellite laptop, XP- sp2, Pentium 4 - 3.06 GHZ, 1.4G of RAM, 60G harddrive.

Any advice would be appreciated greatly.

 

I forgot to add that I cannot download anything from your site. It causes a restart. Very smart virus. How does it know to prevent that? I searched your form for other Brontok postings. Most dont seem to have a happy ending without the ability to get the logs posted online for your review.

 

Thanks for getting some help to me. I did just that for all the Read and Run me apps about 2 hours ago. Combo fix could not run. spy bot found 6 errors, but got stuck for 45 minutes, and did not finish the scan or fix anything. I finally shut it down, not knowing what else to do.

The errors- I wrote them down by hand, just in case:

microsoft.windowssecuritycenter.registrytools

[sb1$d60cdie3] settings
hkey_users\default\ software\Microsoft...

[sb1$ds60cdie3]settings
hkey_users\s-1-5-18\software\microsoft\wi...


microsoft.windows.explorer
[sb1$da080ea7]user settings
kkey_users\default\software\microsoft\wi...

[sb1$da080ea7]user settings
kkey_users\s-1-5-21-36052256-4144464709-32...

[sb1$da080ea7]user settings
kkey_users\s-1-5-18\software\microsoft\windows...


microsoft.windowssecuritycenter.firewalloverrride

[spi$0c94d702]settings
hkey_local_machine\software\microsoft\secur...

 

I have not been in safe mode. I'm sorry, perhaps I misread the Read and Run me first. I'll double check that now.

The Combofix log is attached. The following error message kept poping up: Registry editing has been disabled by your administrator.

I was unable to run MGtools. The system kept restarting.

Spybot was able to run partly, and then froze. I gave you the errors it found in my earlier posting. However, it keeps poping up about every 15-20 seconds or so because of an attempted registry change. Hard to get any typing in.

 

Okay, got your message late last night.

PSD Web Comps is a folder for some art I do for websites. I'm a freelance designer. And yes, I prefer PCs over Macs. Except at times like this.

Could not delete these, because my OS would restart every time I tried:
C:\7668-NendangBro.com
C:\WINDOWS\system32\cmd-brontok.exe
C:\WINDOWS\KesenjanganSosial.exe

In neither regular mode, nor in safe mode could I get Combofix to run again, even when I kept renaming it. Same for Hijackthis, and CCleaner. Everything triggers a restart.

I even tried this nifty bit I got from Trend Micro's website, to get the Registry Editor going again, since attempts to edit the registry seemed to be the main catalyst for a restart:

REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\System]"DisableRegistryTools"=-
[HKEY_USERS\DEFAULT\Software\Microsoft\Windows\CurrentVersion\policies\System]"DisableRegistryTools"=-

Nada, simply forced a Restart.

So, no offense and no disrespect, I'm giving up and doing a reinstall. I need this computer to work as a freelancer, and I've lost 2 days already. I have everything backed up, have all the application cds, and have scanned the external drive to make sure its clean ( it wasn't, but it is now). Plus, you guys are unbelievbly busy anyway. Its a great service you provide, and for free to boot.

I need to purchase a better firewall, and get something better than Webroot for overall protection. Any suggestions? W32\brontok-x is an impressive piece of work, and it cost me money in lost time. I don't want to deal with that again.

Thanks for your help.