This site will look much better in a browser that supports web standards, but it is accessible to any browser or Internet device.

WinXPTutor's XP Resources

Windows XP Tips, Illustrations and registry edits

Quick Launch settings are not saved; Search Assistant Toolbar in Taskbar

If you see a Search Assistant Toolbar in the Taskbar, it might be due to a malware named BlazeFind. Quick Launch bar may be missing on every reboot or the Quick Launch sort order may not be maintained. Your ALT-Text here

These symptoms are caused by this Malware. This page discusses the preliminary steps required to remove this Desk band object, before running spyware removal tools.

Phase I  -  Removing the Search Assistant Toolbar from the Taskbar

Click Start, Run and type this command exactly as given and press Enter:

regsvr32 /u "%Systemroot%\System32\omniband.dll"

This uninstalls the Search Assistant Desk Band settings in the registry. Next, rename the file omniband.dll to old_omniband.dll and reboot Windows.


Note: The module name was determined by this program named deskbands.exe. This tiny utility which I wrote, enumerates all the Desk Band objects from the registry and just lists them with the corresponding DLL names.


Phase II  -  Fixing a registry entry which causes the Quick Launch issue (not retaining the settings)

Click Start, Run and type REGEDIT. Navigate to:

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ WindowsNT \ CurrentVersion \ Winlogon

In the right-pane, change the value of Userinit to "C:\WINDOWS\system32\userinit.exe,"

Type the above value exactly as given, including the comma - exclude the quotes. Also, change the path to userinit.exe appropriately if Windows is installed in a different drive.

Close Registry Editor and restart Windows. The Quick Launch settings should be retained now.

Phase III - Removing the Malware from the system

Follow the advice here and run all the tools documented in this page. Be sure to update them before scanning!

Unable to logon to Windows after removing BlazeFind using a spyware removal utility? 

Logon - Logoff loop, also caused by BlazeFind

Another critical symptom caused by this malware: This malware modifies the Userinit area in the registry (replacing the userinit.exe with wsaupdater.exe) and Ad-Aware (with a particular definition update) removes the wsaupdater.exe file from the system, thus causing the Logon - Logoff loop. That is, when you login to Windows, the 'loading personal settings" verbose will appear, but suddenly it will logoff. This issue was documented clearly by Lavasoftusa in it's Lavahelp Knowledgebase. 

Here is the solution to the logon - logoff issue in Windows XP.

Enter the Recovery Console

Boot the system using the Windows XP CD-ROM. In the first screen when the Setup begins, read the instructions press "R" (in the first screen) enter the Recovery Console. Type-in the built-in Administrator password to enter the Console. You'll see the prompt reading C:\Windows (Or any other drive-letter where you've installed XP) 

Type the following command and press Enter.

CD SYSTEM32
(If that does not work, try CHDIR SYSTEM32)

COPY USERINIT.EXE WSAUPDATER.EXE

Quit Recovery Console by typing EXIT and restart Windows.

You'll be able to login successfully as you've created the wsaupdater.exe file (now, a copy of userinit.exe)

Now, change the USERINIT value in the registry (see Phase II in this page) and change it accordingly.


NOTE    If you don't have a Windows XP CD-ROM, you need to use Windows XP Setup floppy disks to enter the Recovery Console.

References & Additional Reading:

How to install and use the Recovery Console in Windows XP

Description of the Windows XP Recovery Console

(Logon-logoff loop solution is courtesy of Lavasoft Knowledgebase)