Get PC Regedit
from the link on the lower half of this page:
http://www.raymond.c...ing-in-windows/The page explains how to use it to fix a no logon condition. If userinit looks normal then check the value of shell which should be explorer.exe.
From a recent post we can see these Netsky infection points in an OTL log:
O4 - HKLM..\Run: [notepad] C:\WINDOWS\System32\notepad.DLL (Microsoft)
O4 - HKLM..\Run: [tqammy] C:\WINDOWS\System32\msaouahn.DLL (USA)
O4 - HKLM..\Run: [vodifatun] C:\WINDOWS\System32\guyewijo.DLL ()
O4 - HKLM..\Run: [winupdate86.exe] C:\WINDOWS\system32\winupdate86.exe (cLAeVTkp)
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run)
O4 - HKCU..\Run: [notepad] C:\Documents and Settings\Administrator\ntload.dll (Microsoft)
(HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run )
O20 - AppInit_DLLs: (yebesuna.dll) - C:\WINDOWS\System32\yebesuna.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\guyewijo.dll) - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\winlogon86.exe) - C:\WINDOWS\system32\winlogon86.exe (cLAeVTkp)
(HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon)
O21 - SSODL: luvehihoy - {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )
O22 - SharedTaskScheduler: {5fb9c357-8436-4f7d-b86f-4c3d6ef35eec} - kupuhivus - C:\WINDOWS\system32\guyewijo.dll ()
(HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler)
O32 - AutoRun File - [2009/12/21 11:30:12 | 00,034,308 | -H-- | M] () - E:\autorun.exe -- [ FAT32 ]
(possible infected file on USB drive or external drive)
NetSvcs: BtwSrv - C:\WINDOWS\system32\BtwSrv.dll (FTD2XX Software Technology)
NetSvcs: Iprip - C:\WINDOWS\system32\Ipripv32.dll ()
These last two will mess up your internet. See:
http://www.threatexp...74451a9e6c0b5efhttp://www.quickheal....Agent2.kuz.aspIf in doubt compare to a working system.
Ron