firefox modifies registry keys

firefox(2.0.0.12) is trying to modify the protected registry keys:

HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\EventMessageFile
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryMessageFile
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\CategoryCount
HKLM\SYSTEM\ControlSet001\Services\Eventlog\Application\ESENT\TypesSupported

Anyone have the same problem? Is my firefox or computer compromised?
And what is ESENT?

thank you

Run a Spy bot Search and Distroy scan and some antivirus online scans like Trend Micro,BitDefender and KAV.

Somebody answer alonginthek, but this is a beautiful example of the puzzle path using Comodo. It presents these undecipherable things to you, coming from an application you use all the time, which is declared a ‘safe’ app, but which appears to be doing ‘naughty’ things (modifying a protected key or whatever) .

So what in the world do you do? Stop and begin web research on the key names, etc? Oops, thats just going to throw up more undecipherable alerts. Catch 22.

thank you Sm3K3R
I scanned my pc with bitdedender online scanner, ewido antispyware online scanner and avg anti rootkit. But no problems were found.

Firefox also accessing screen.
https://forums.comodo.com/help_for_v3/firefox_accessing_screen_directly-t19951.0.html

Is FF still safe to use?

I have been using Firefox for years and it’s as safe as any other browser.

I had loads of alerts this morning as well; Defense+ seems to have forgotten all it’s Trusted Program info.

Not sure if this is related to your problem though; but we are both using Firefox.

Or were there any CFP updates that triggered this?

Mike.

Hi guys im using FF and had these FF needs to access the screen,but im using Ad Block Plus and No Script so am thinking for these to work properly FF must need access to the screen to stop things.

Matty

but why it modifies registry keys?

I think it is writing to the event log. It may not be firefox but some DLL it runs. Look in the event log under application and see if there are any events for ESENT. The message there may give you a clue.

It was firefox, here is my picture of event log
[img=http://img528.imageshack.us/img528/5625/screenff8.th.jpg]

I meant the windows event log. Control panel, administrative tools and then chose event log. There will be a list of application event messages in there.

I have a few ESENT events in eventlog, but they they seem to be related to msn messenger :

Event Type: Information
Event Source: ESENT
Event Category: General
Event ID: 102
msnmsgr (1212) \.\C:\Documents and Settings<user>\Local Settings\Application Data\Microsoft\Messenger<my email>\SharingMetadata\Working\database_BA24_9334_2492_F31D\dfsr.db
The database engine started a new instance (0).

I don’t know why it is doing this and my firefox does not do it but it does not look particularly dangerous to me. The attached images shows what I have on these registry keys (on Vista).

[attachment deleted by admin]

The values of these registry keys on my pc are the same as yours. I removed and reinstalled firefox again, installed siteadvisor extension. I still have these Denfence+ alerts.