registry editor, task manager disabled, tools folder option missing, presence of mark.worm.exe and antivirus.exe in start menu

[gemmazurbano]

please help me. the virus is creating unwanted folders in my PC. I cannot use my tools folder option to verify the contents of the hidden files. i cannot use my registry editor, i cannot open task manager because they are disabled by the administrator. there are updates in my d drive which look like windows update but actually they are virus. i deleted them but i am not sure as of now if these will come back after i restart the computer.
there are antivirus.exe and mark.worm.exe in my directory. if i have anew antivirus and i click the close icon, the message is this program will be removed and uninstalled, do you want to continue??

thanks in advance for your help.


gemma

[drongo]

Please download in my signature special avz, put it in new folder on desktop.
Please execute this script in avzhttp://virusinfo.info/showthread.php?t=9207)
(Do remember before execution scripts to exit antivirus and disconnect from internet, disable System Restore )

Код:

begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
 QuarantineFile('F:\Mark.W0rm.exe','');
 QuarantineFile('F:\autorun.inf','');
 QuarantineFile('C:\DCIM.exe','');
 QuarantineFile('C:\autorun.inf','');
 DelBHO('{A057A204-BACC-4D26-9990-79A187E2698E}');
 DelBHO('{8b43f452-9bd2-5204-4268-975584d454f9}');
 QuarantineFile('C:\Program Files\Microsoft Student\Microsoft Student with Encarta Premium 2008 DVD\EDICT.EXE','');
 QuarantineFile('C:\Documents and Settings\gemma\Start Menu\Programs\Startup\yyy.exe','');
 QuarantineFile('C:\Documents and Settings\gemma\Start Menu\Programs\Startup\ppp.exe','');
 QuarantineFile('C:\Documents and Settings\gemma\Start Menu\Programs\Startup\Mark.W0rm.exe','');
 QuarantineFile('C:\Documents and Settings\gemma\Local Settings\Mark.W0rm.exe','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\xaudio.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys','');
 TerminateProcessByName('c:\documents and settings\gemma\start menu\programs\startup\ppp.exe');
 QuarantineFile('c:\documents and settings\gemma\start menu\programs\startup\ppp.exe','');
 DeleteFile('c:\documents and settings\gemma\start menu\programs\startup\ppp.exe');
 DeleteFile('C:\Documents and Settings\gemma\Local Settings\Mark.W0rm.exe');
 DeleteFile('C:\Documents and Settings\gemma\Start Menu\Programs\Startup\Mark.W0rm.exe');
 DeleteFile('C:\Documents and Settings\gemma\Start Menu\Programs\Startup\ppp.exe');
 DeleteFile('C:\Documents and Settings\gemma\Start Menu\Programs\Startup\yyy.exe');
 DeleteFile('C:\autorun.inf');
 DeleteFile('C:\DCIM.exe');
 DeleteFile('F:\autorun.inf');
 DeleteFile('F:\Mark.W0rm.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
ExecuteRepair(6);
ExecuteRepair(8);
ExecuteRepair(9);
ExecuteRepair(2);
ExecuteRepair(11);
ExecuteRepair(17);
RebootWindows(true);
end.

Please upload the quarantine according to appendix 3 of rules(http://virusinfo.info/showthread.php?t=9184) , by link http://virusinfo.info/upload_virus_eng.php?tid=39679
After that make a set of logs according to rules: http://virusinfo.info/showthread.php?t=9184