Virus and Registry help

It is a new version of the backdoor.prorat. I believe it
is backdoor.proratD. Nortons instructions to remove do
not work as they are predicated upon being able to delete
the files using their software, which is disabled.
-----Original Message-----

-----Original Message-----
I have this virus which shuts down Norton antivirus and
firewall. I have 6 corrupted files:
windows\winlogon.exe,
windows\system\service.exe, windows\systme32
\fservice.exe
wincom.exe wininv.dll and winkey.dll. I cannot delete
the .dll files, even in safe mode as I am denied
access.
I am told that the virus exists in the winkey.dll
file.
I can delete the fservice and sservice, but they are
regenerated inmmediately(not so under safe mode, but
once
reboot normal and they are there again). Registry
changes
noted by norton and sophos I have found and deleted, but
they too are immediately replaced upon exiting registry,
again even under safe mode. Have noted no infestation
(or
odd changes) of win.ini or system.ini files. In the
registry I notice that the HK
Root\htafile\shell\open\command is modified with a
mshta.exe file as is the
HKLM\software\classes\htafile\shell\open\comma nd key and
I
have read that these are 2 common places for virus
startup.

My questions are (and excuse the small list):

How do I delete the .dll files?
What is the mshta.exe file that exists in the WIN system
32 file and would deleting its reference from the
registry
hurt?
How can this virus monitor reg changes and fix
immediately, even in safe mode and can I overcome.

I have windows XP pro with all updates. I appreciate
anyones assistance on this as Norton to date has not
been
any help.
..
.
And the name of the virus is?
.