For the last several days I have been at war with the Blazefind Search Assistant toolbar, a notorious little doodjimahickey that hooked itself onto my Windows taskbar and won't let go... because it had taken over my Userinit registry key (renaming the original as "Olduserinit").
Following the instructions of several people on this board I was able to identify two programs that were launching this toolbar: C:\WINDOWS\system32\wsaupdater.exe, and C:\WINDOWS\2_0_1browserhelper2.dll. I found them, and killed them. I enjoyed watching them die.
However -- and I'm also posting this as a warning to people who may be trying to remove wsaupdater.exe from their systems -- the next time I booted the system, it would not let me log on. I would be shoved right back out to the login screen again. Using the remote registry editor on another system, I found that in HKEY_LOCAL_MACHINE/Software/Windows NT/CurrentVersion/Winlogon, the Userinit key had been renamed Olduserinit, and and replaced with a Userinit containing the value -- you guessed it -- C:\WINDOWS\system32\wsaupdater.exe. When I removed this program, Windows couldn't find anything with which to log me onto the system, and I got a revolving door as a result.
Switching the offending key with the original gave me back my computer.
The only thing left to address is, the Search Assistant Toolbar. Remember that? Since I removed the suspicious programs, the toolbar no longer appears on the taskbar at boot, and my taskbar settings are left alone. However, "Search Assistant" remains as a list of toolbars that can be displayed when I right-click on the taskbar, and indeed it can still be turned on. It sits there and mocks me like the raven in the Edgar Allen Poe poem.
There of course must be something still remaining in my system, but I can't for the life of me figure out what it is. This is my HijackThis log:
The only thing I can find that may be suspicious is C:\WINDOWS\LTSMMSG.exe. What is this program? Someone please throw me a bone here before I end up sawing off the top part of my display so as to never see that irritating piece of #$%&{` toolbar ever again. Thanks!
It should also hold the registry keys you want to have removed, but I would like to see the log before you go ahead and have it fix the kitems it finds.
Thanks,
Pieter
__________________ Regards,
Pieter
Itīs nice to be important, but itīs more important to be nice. Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
It should also hold the registry keys you want to have removed, but I would like to see the log before you go ahead and have it fix the items it finds.
Actually when I ran AdAware, it didn't find any registry keys, only tracker cookies. None of them matched BlazeFind or anything related to that.
Lucent Softmodem Messaging Applet. We have only ourselves ever found this modem driver in Acer and Sony laptops, and some Fujitsu Siemens and IBM laptop owners have also reported it, but we would not be surprised if it can be found on a many other brands of laptops as well.
I am not sure where in the registry this toolbar hides, so we will have to look for it.
Please surf to http://www.billsway.com/vbspage/ and scroll down to
Registry Search Tool
Download, unzip and run RegSrch.vbs
Put the name of the Toolbar in the dialog box.
After a while a prompt will come up. Click OK to write the results to wordpad and post them.
Regards,
Pieter
__________________ Regards,
Pieter
Itīs nice to be important, but itīs more important to be nice. Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
1) Yes, I do indeed have a Lucent Softmodem on this laptop (Fujitsu FMV NB50G). Noted.
Now, here are the results of that search script:
REGEDIT4
; RegSrch.vbs ゥ Bill James
; Registry search results for string "Search Assistant" 2004/06/07 8:49:40
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
Save that as SArem.reg and doubleclick it, confirm you want to merge it with the registry. It may require a reboot for the changes to take full effect.
Regards,
Pieter
__________________ Regards,
Pieter
Itīs nice to be important, but itīs more important to be nice. Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
Actually I was able to discover and fix this problem (which I did have) before. The only problem I have remaining now is the continued existence of "Search Assistant" in the taskbar context menu under Toolbars, and the ability to turn the thing on. I just want it completely gone.
Under what name is it listed in that context menu.
We should be able to find that spot in the regsitry.
Or maybe Aaron has it in his notes somewhere.
Regards,
Pieter
__________________ Regards,
Pieter
Itīs nice to be important, but itīs more important to be nice. Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
Pieter
Itīs nice to be important, but itīs more important to be nice. Remove & Prevent spyware
It's human to make mistakes. It's even more so to blame the computer for it.
Well, never mind. It seems that I cannot tell the difference between a "Search Assistant" left in my taskbar, and the Microsoft Search Assistant that's part of Explorer.
The dreaded Search Assistant toolbar.
?? - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
