I'm looking to write a procedure to look for Browser Hijacks. The current wave of fake spyware is blowing trhough all of the KES and firewall products.

What I want is to see if the browser Shell Open Command has been sert to something other then the default, it so set an alert/alarm (can be via email) and possiblely put it back.

Anyone have such a script? I'm also looking for someone to write scripts for me on an On Demand basis. So often I know what I want but don't have the time to work out the syntax.

IE Values

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="\"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE\""

Firefox
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\ 
“C:\Program Files\Mozilla Firefox\firefox.exe”

Chrome