Okay...this is weird

Print or save this instructions locally because you must be offline and have no other Windows (like browsers or anything else running) before continuing.

- Click Start > Run and type: cmd and then click OK! This brings up a command prompt window.

Now leave the command prompt Window open and bring up Windows Task Manager by pressing CTRL-SHIFT-ESC simultaneously. Do not be alarmed when you see you Desktop (icons etc)disappear when you do the next steps. Do not close Task Manager until I tell you to do so.

-Now locate explorer.exe in the Process list and right click on it and select End Process

You should now only have two Windows showing Task Manager and the command prompt.

- At the command prompt opens, type the below commands each follow by the enter key. Take note of what happens with each one and tell me about it later when you come back here:
nail.exe /FullRemove
cd c:\windows
attrib -r -s -h nail.exe
del nail.exe
exit <--- this will close the command prompt window


Now go back to Task Manager and click File, and select New Task (Run....). Enter explorer.exe into the popup and click OK. This should bring back your Desktop.

Now get back online and come back here and tell me what happened.

You can close Task Mana ger now if your Desktop came back okay. If it did not come back, just reboot your PC now.

 

When you entered the del nail.exe command did it work with out any error messages?

Have you rebooted since running the steps in the last message?

Post a new HJT log.

 

No do not reboot yet!

Use Windows Explorer right now and tell me if you see the c:\windows\nail.exe file.

 

It could be hiding within another program! We will see after a reboot but first do the following:

Use Windows Explorer and goto to c:\windows
Locate the file named system.ini and open it with notepad or a similar file editor.
Find the line that refers to nail.exe and delete it. It probably says something like: Shell=Explorer.exe C:\WINDOWS\Nail.exe
Then save the file.
Now get a HJT log. Is the F2 line with nail.exe on it gone?

 

What about in your HJT log?

 

Actually it has never been this difficult to remove. Something on your PC seems to be blocking the changes. Either one of the tools (maybe even the item for school) or possible a system file like explorer.exe has become infected.

Have HJT fix the F2 line then scan again with HJT to make sure it is gone.
If it is gone reboot (or power down for the night). We will see tomorrow (later today) if it comes back.

Good night!

 

Looks good! Let us know tonight if it is still gone.

Also, how is everything working now. We removed a load of bad stuff from your PC!

 

Well this time let's make sure we go thru all the steps in the below thread. Some you already have now (like the firewall and an AV). But make sure you check all the other steps (even Windows Update)!

How to Protect yourself from malware!

 

You're welcome!

Hopefully you do not have any further malware problems;however, please realize that while running the steps in the How to thread does help a lot. No protection is perfect and the first line of security begins with the users of the PC. Watch what you click on. Read before clicking. Sometimes the answer is the opposite of what you think (they try to trick you). Always read software license and privacy agreements (you'll be surprised what is in some of them). Be very very careful of letting other people use your PC with full administrator priviledges.