Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.



  • Please log in to reply
1 reply to this topic

#1 Camilo1985


  • Members
  • 1 posts
  • Local time:12:50 PM

Posted 30 April 2005 - 12:13 PM

hi.. i need your help.. today my firewall detected a spyware... i deleted a lot of files cause my firewall told me that... now i´m trying to turn-on my pc but it says that sysinit32m.exe isn´t found.. i´m using the safe mod.. i´ve a XP machine and i used and saved the autoruns.. here is the text:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit

+ C:\WINDOWS\System32\userinit.exe Aplicación de inicio de sesión (Userinit) Microsoft Windows XP Publisher (Europe) c:\windows\system32\userinit.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell

+ Explorer.exe Explorador de Windows Microsoft Windows XP Publisher (Europe) c:\windows\explorer.exe

+ sysinit32m.exe File not found: sysinit32m.exe


+ APVXDWIN ApVxdWin (Not verified) Panda Software International c:\archivos de programa\panda software\panda titanium antivirus 2005\apvxdwin.exe

+ ATIPTA ATI Desktop Control Panel (Not verified) ATI Technologies, Inc. c:\archivos de programa\ati technologies\ati control panel\atiptaxx.exe

+ ccApp Common Client User Session Symantec Corporation c:\archivos de programa\archivos comunes\symantec shared\ccapp.exe

+ crmk32.exe c:\windows\crmk32.exe

+ iexplore.exe Internet Explorer Microsoft Windows XP Publisher (Europe) c:\archivos de programa\internet explorer\iexplore.exe

+ LXSUPMON Supplies Monitor Microsoft Windows Hardware Compatibility Publisher c:\windows\system32\lxsupmon.exe

+ msnappau MSN Updater (Not verified) Microsoft Corporation c:\archivos de programa\msn apps\updater\01.02.3000.1001\es-la\msnappau.exe

+ SunJavaUpdateSched Java™ 2 Platform Standard Edition binary (Not verified) Sun Microsystems, Inc. c:\archivos de programa\java\jre1.5.0_02\bin\jusched.exe

+ vptray Symantec AntiVirus Symantec Corporation c:\archivos de programa\symantec client security\symantec antivirus\vptray.exe

C:\Documents and Settings\All Users\Menú Inicio\Programas\Inicio

+ Microsoft Office.lnk Microsoft Office 2000 component (Not verified) Microsoft Corporation c:\archivos de programa\microsoft office\office\osa9.exe

+ Puerto Symantec Fax Starter Edition.lnk Symantec Fax Starter Edition Port Launcher (Not verified) Microsoft Corporation c:\archivos de programa\microsoft office\office\3082\olfsnt40.exe


+ CTFMON.EXE CTF Loader Microsoft Windows XP Publisher (Europe) c:\windows\system32\ctfmon.exe

+ MSMSGS Messenger Client Microsoft Windows XP Publisher (Europe) c:\archivos de programa\messenger\msmsgs.exe

Task Scheduler

+ Symantec NetDetect.job Symantec NetDetect Symantec Corporation c:\archivos de programa\symantec\liveupdate\ndetect.exe


BC AdBot (Login to Remove)


#2 Grinler


    Lawrence Abrams

  • Admin
  • 43,640 posts
  • Gender:Male
  • Location:USA
  • Local time:01:50 PM

Posted 01 May 2005 - 04:32 PM

You need to click on start => run and type regedit and press ok. Then navigate to HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell and double-click on the shell value. Leave explorer.exe in there, but remove anything else.

So the contents of the shell value should read:


and thats it. Exit regedit and reboot and see if you can log in now

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users