IT's not easy but you can fix it.
Get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/The page explains how to use it to fix a no logon condition. In your case netsky (which sounds like what you have) usually messes winlogon too but if userinit looks normal then check the value of shell which should be explorer.exe.
From a recent post we can see these Netsky infection points in an OTL log:
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [tqammy] C:\WINDOWS\System32\msaouahn.DLL (USA)
O4 - HKLM..\Run: [vodifatun] C:\WINDOWS\System32\guyewijo.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (cLAeVTkp)
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run)
O4 - HKCU..\Run: [notepad] C:\Documents and Settings\Administrator\ntload.dll (Microsoft)
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run )
O20 - AppInit_DLLs: (yebesuna.dll) - C:\WINDOWS\System32\yebesuna.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guyewijo.dll) - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (cLAeVTkp)(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit)
O21 - SSODL: luvehihoy - {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )
O22 - SharedTaskScheduler: {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - kupuhivus - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler)
O32 - AutoRun File - [2009/12/21 11:30:12 | 00,034,308 | -H-- | M] () - E:\autorun.exe -- [ FAT32 ]
(possible infected file on USB drive or external drive)
NetSvcs: BtwSrv - C:\WINDOWS\system32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: Iprip - C:\WINDOWS\system32\Ipripv32.dll ()
These last two will mess up your internet. See:
http://www.threatexp...74451a9e6c0b5efhttp://www.quickheal....Agent2.kuz.aspIf in doubt compare to a working system.
Ron
Edited by RKinner, 26 January 2010 - 10:44 PM.