Try Kaspersky's bootable CD from:
http://www.askvg.com...ure-and-others/It's an iso file so you need to do a disk copy (from image) to get it to work then boot off it (you may have to go into Setup to get it to change the boot Order so that it looks at the CD/DVD first). It will scan your PC and fix a lot of things plus allows you to move files around.
Also get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/The page explains how to use it to fix a no logon condition. In your case netsky usually messes winlogon too but if userinit looks normal then check the value of shell which should be explorer.exe.
If you get into the registry you might as well check a few more typical infection points:
From a recent post we can see these Netsky infection points in an OTL log:
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [tqammy] C:\WINDOWS\System32\msaouahn.DLL (USA)
O4 - HKLM..\Run: [vodifatun] C:\WINDOWS\System32\guyewijo.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (cLAeVTkp)
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run)
O4 - HKCU..\Run: [notepad] C:\Documents and Settings\Administrator\ntload.dll (Microsoft)
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run )
O20 - AppInit_DLLs: (yebesuna.dll) - C:\WINDOWS\System32\yebesuna.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guyewijo.dll) - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (cLAeVTkp)
(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit)
O21 - SSODL: luvehihoy - {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )
O22 - SharedTaskScheduler: {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - kupuhivus - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler)
O32 - AutoRun File - [2009/12/21 11:30:12 | 00,034,308 | -H-- | M] () - E:\autorun.exe -- [ FAT32 ]
(possible infected file on USB drive or external drive)
NetSvcs: BtwSrv - C:\WINDOWS\system32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: Iprip - C:\WINDOWS\system32\Ipripv32.dll ()
These last two will mess up your internet. See:
http://www.threatexp...74451a9e6c0b5efhttp://www.quickheal....Agent2.kuz.aspIf in doubt compare to a working system.
Ron