Browser Hijack Virus

Hi Quads:

I did that regedit search.  There are several hits for AutorunsDisabled.  None of them look any fishier than others.  If there something I should look for, or should I list them here?  Or do you think this could be a red herring?  In other words, is "O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)" a definite problem, or might it actually be OK?

Thanks!

   - Bogue

Has your other problems disappeared?? (Fix)

 

Some AutorunsDisabled are there as a setting to stop Autorun Malware,

 

Although I don't have any AutorunsDisabled in my registry

 

Quads 

Regarding AutorunsDisabled, here's what I have:

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AutorunsDisabled
HKEY_CLASSES_ROOT\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\AutorunsDisabled
HKEY_CLASSES_ROOT\Directory\shellex\ContextMenuHandlers\AutorunsDisabled
HKEY_CLASSES_ROOT\Directory\shellex\CopyHookHandlers\AutorunsDisabled
HKEY_CLASSES_ROOT\Directory\shellex\DragDropHandlers\AutorunsDisabled
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\AutorunsDisabled
HKEY_CLASSES_ROOT\PROTOCOLS\Handler\AutorunsDisabled

 

Regarding the search redirect problem, I may be in the clear, but I want to give it a little while longer, because my probelm was intermittent.

This is the one Hijackthis is finding

 

HKEY_CLASSES_ROOT\PROTOCOLS\Handler\AutorunsDisabled

 

But is a pluggable Protocol, but in this case not associated with a  CLSID 

 

If everything is OK, no redirects etc. I would just leave them

 

Quads

 

 

HI.

 

Well I have have several days now to confirm that I no longer have the browsers hijack problem.

 

Just for the record (in case anyone is searching and finds this thread), my problem was that when I searched in Google and clicked on one of the search result links, sometimes (maybe one in 10? 20?) my browser would redirect to some bogus page.  On several occasions that bogus page was www.comparedby.us.  I am running Windows XP SP3, and my browser of choice is Firefox. 

 

Norton 360 did not find anything.  Malwarebytes found some things, but apparently unrelated.  HijackThis also found some things, but apparently also unrelated.

 

The solution was GooredFix.exe which can be found here: http://jpshortstuff.247fixes.com/GooredFix.exe  It turns out that I had a bogus and somehow invisible Firefox add-on that was responsible for the redirect.  I had seen on some other boards people with the same symptoms as me who solved their problem by uninstalling and reinstalling Firefox, but GooredFix solved things perfectly.  It seeks and destroys hidden Firefox add-ons.

 

Anyway, thanks for your help!

 

   - Bogue