Jump to content

Firefox Shuts Down When Options are Clicked


Recommended Posts

  • Replies 79
  • Created
  • Last Reply

Top Posters In This Topic

Good you noticed that while we had the thread open. The malware may have been operating perhaps as an add-on, and would definitely not want you to access anywhere changes might be made to it. Not sure right off where the blocks were set for that though.

Navigate to the following hilighted file:

C:\Documents and Settings\[user Name]\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\prefs.js

Replace User Name with your current user name, and then the "xxxxxxxx" on your computer will instead show as random characters, such as 8Xaugl7a.

Once you have located that file, zip a copy of it and upload it here like you did the last time please.

Link to post
Share on other sites

Jintan, I don't understand what you mean. Which username should I navigate to? Mine which is Sandi or my husband's which is Temp. He originally had his username as Jay but something happened to his profile a couple months ago, I think it got corrupted, and I tried to fix it, but it ended up with his "username" as being Temp for some reason.

Also, I don't understand what you mean when you say,

C:\Documents and Settings\[user Name]\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\prefs.js

Replace User Name with your current user name, and then the "xxxxxxxx" on your computer will instead show as random characters, such as 8Xaugl7a.

Could you please explain that to me.

thanks.

Sandi

Link to post
Share on other sites

Right click My Computer, left click Explore, then use the plus (+) symbols to expand the folder list. Go to both of these locations:

C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\prefs.js

And zip and upload that prefs.js file. I can't help with what there will show where the x's are - they will be random characters like in my example. If you go to that "Profiles" folder you will see what I mean.

Link to post
Share on other sites

File received, thanks. The changes aren't showing in that though. Firefox uses a master list of settings, but then used different folders to create and store changes for that. New to me, so a bit of fishing to locate the changes that were made. Let's check in two areas now.

Navigate again to your Firefox user Profiles folder, and this time zip a copy of the Chrome folder, and upload that please. If it proves to be easier you can also just send it to jintan @ cfl.rr.com as an attachment. Please place "Submitted Files - sandi149" as the email Subject. So the folder to locate will be:

C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\xxxxxxxx.default\Chrome

Also, in the address bar at the top of Firefox, type about:config (and press Enter). A long list of Firefox settings will be disaplyed. In the box next to "Filter" type the word tools

If any items are now displayed in the area below, right click each entry and select "Copy Name". Then in an open Notepad textbox select Paste to copy that Firefox Config entry. For the same item also right click, select "Copy Value" and again Paste that in the open Notepad textbox. This way you are building a list of any "tools" items displayed there. Then copy and paste your list back here please.

Link to post
Share on other sites

No "tools" in that then. The Chrome folder only contained the standard .css examples it normally does. When the user "Temp" is logged on and opens Firefox, when they access the Tools option, that causes problems as well? I reread what you said, and realize it is an actual shutdown. Leads me to wonder if the file removal left a missing item some other function needs.

Still making sure dss.exe is directly on your desktop, go to Start - Run, and copy/paste the following (then press OK):

"%userprofile%\desktop\dss.exe" /config

When the DSS Configuration display opens, under the Main Log, uncheck all items. Then under the Extra Log, place a check next to these two only:

Add/Remove Programs

Event Logs

Don't make any other changes at this time. Then click the "Scan!" button to start the scan.

Once the scan has completed a textbox will appear - copy/paste those contents back here please (extra.txt). (The logs can also be found in the C:\Deckard\System Scanner folder)

Link to post
Share on other sites

When I went into the Temp user which is actually my husband's acct and I opened up Firefox, clicked on Tools, Options, it worked fine. It seems that it only isn't working for me.

Here's the log from Deckards.

Deckard's System Scanner v20071014.68

Extra logfile - please post this as an attachment with your post.

--------------------------------------------------------------------------------

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\AOL\AOL Toolbar 5.0\uninstall.exe"

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0

--> C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B095086-7205-4D48-90DF-DCD16613C6D4}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{103BCDA0-E063-46AC-8028-64E78722ABA7}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2616B36E-38CE-4357-8AB5-8B3EE9B1C117}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4095E277-3005-42E9-8D84-DE6EB8704CEC}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4F2F3E0C-2025-4F5E-9583-AB8CD5AA88A6}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{57FA4E0F-82C9-417D-87BC-0186D6CB7A44}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{63A317D0-60A6-43FC-848A-9FE4A53B29CE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66BCC50C-22D9-4927-9251-27FA88A32214}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7550D6AA-CCF3-4FDA-87D6-C2C1B2E5358D}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{836612F0-1571-4C65-A4B7-58A39AA578EE}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98181885-5B28-4280-9B56-452FF877D5B9}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9AB14DF5-3B04-4E3B-9969-695DBA7F2008}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A82F10CB-18B5-4EAC-AEF2-FA49CD565626}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D42EFA6C-0553-45F7-AD03-6D36207CA6D4}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D524239C-FD5C-4183-A49C-7930915A9C0A}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DAAC5938-8026-4D0C-A476-D1954917B7F5}\SETUP.EXE" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DD2D9012-E5A1-4717-8EE9-8DB3F36E2F8C}\setup.exe" -l0x9 /remove

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{22EB2FA7-1BA0-4FFB-972F-353EC6ABA9D5}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28B97CAB-828F-49D8-A30A-675476F9BA92}\setup.exe" -l0x9 /cont -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4E7DC12A-3597-4A94-9429-F6C6987361B1}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6813C983-427E-4511-8456-E98FCAA1A125}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7DADB304-AF20-48C3-A780-4B4133A08817}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9C423CF6-2DAA-4A37-94B8-59D7ECC7DB13}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ACE66099-E18E-4037-83C8-9D182E5B9FA8}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B34B6E67-FCDD-4E03-8742-B5701427FAFB}\setup.exe" -l0x9 -removeonly

--> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FA6CC4B4-7741-4F8D-8E81-15C4BAB9869B}\setup.exe" -l0x9 -removeonly

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {430971B1-C31E-45DA-81E0-72C095BAB72C}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {F7A31780-33C4-4E39-951A-5EC9B91D7BF1}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {FAD8A83E-9BAC-4179-9268-A35948034D85}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}

2007 Microsoft Office Suite Service Pack 1 (SP1) --> msiexec /package {91120000-0030-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419}

Ad-Aware --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}

Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}

Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Adobe

Link to post
Share on other sites

No significant info in those views, but did want to check your Firefox version. As there does not seem to be any bad modifications in the profiles parts I checked, I would like you to download and install Firefox 3. It will install and basically overwrite the existing copy, and might correct changes in your existing copy as well. Be sure to close Firefox before installing, re-open and check it for changes and improvements after installing, but also reboot at some point to complete any changes made. Then post back an update please.

Link to post
Share on other sites

Actually, a day after Firefox 3 was released last week I d/l it. When I tried to launch the program it crashed immediately. I tried several times and it still crashed. Never would open and would give me some sort crash report. So I uninstalled everything, tried again and the same thing happened. Then I went on the Mozilla forums to ask what to do about it. Never really got much help from them, but I see that many many others are experiencing the same thing.

So I uninstalled version 3 and reinstalled version 2 again.

In my opinion, I think there are still lots of bugs in Version 3 that Mozilla needs to work out because so many people are having problems with it.

Link to post
Share on other sites

Nope, Temp user hasn't been using Firefox since I had those popups. I still have the Version 2 exe file if that's what you mean by installer.

Now I seem to have another problem. When I click on a link in Outlook, I get an error msg saying "this operation has been cancelled due to restrictions in effect on this computer. Please contact your system administrator". I never had that happen to me before. I was always able to click on a link in Outlook and the browser would open up right to the page.

This computer is doing some very strange things lately. :P

Thanks for your help.

Link to post
Share on other sites

Strange likely more related to changes like those with Firefox. That sounds more like those recent changes changed your defaults there. Right click the IE desktop shortcut and select Properties. Under the Programs tab click the "Reset Web Settings" button. Then Apply/OK to close the display.

Yes, go ahead and click the Firefox installer and allow Firefox to install "over" the existing install. Actually, after that be prepared to repeat the steps to reset web settings.

Link to post
Share on other sites

Jintan, there is no button for "Reset Web settings" when I go into the Programs tab. But what I did do was click on "Make Internet Explorer the default browser" and then retried to click on a link in an Outlook email and now IE opens, which is fine with me. I'm actually starting to like IE better than Firefox since I've had so many problems with it.

Ok....clicked on the firefox exe file to install it and when it finished, I opened the browser and the same thing happens when I click on Tools, Options.

Link to post
Share on other sites

Sorry - I haven't looked back through the logs but betting you have IE7 against my IE6 steps provided. I rethought the issue with Tools, which took me to issues with plugins, which took me back to that Mozilla ActiveX Control. It is a cause of the type of crashes you are describing. I would suggest you close all open browsers (important) then go to Add/Remove Programs and uninstall Mozilla ActiveX Control v1.7.12.

Link to post
Share on other sites

It is definitely your user Firefox settings there. I checked to see where Firefox goes when you click the Tools option, and we already know malware placed itself in your folders there, so let's look at those two areas now.

@ECHO OFFif exist Check.txt del /q Check.txtregedit /e Regsearch1.txt "HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup"regedit /e Regsearch2.txt "HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE"Type Regsearch*.txt > Check.txtdel /q Regsearch*.txt Notepad Check.txt

Open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text into the open text box, then save this to your desktop as "foxcheck.bat"

Be sure to include the "" quotes in the name. Then click on foxcheck.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

------------------------------

@ECHO OFFif exist showfox.txt del /q showfox.txtcd %userprofile%\Application Data\Mozilla\Firefox\Profilesdir /s > c:\showfox.txt & start notepad c:\showfox.txt

Again open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text into the open text box, then save this to your desktop as "foxlook.bat"

Be sure to include the "" quotes in the name. Then click on foxlook.bat. When the scan completes a textbox will open - copy/paste those contents back here please. This one will be a bit longish.

Link to post
Share on other sites

Sandi, the larger second log leads me to a change to make it a bit easier to see some target info. Instead of the earlier "foxlook.bat" step do this instead please:

@ECHO OFFif exist showfox.txt del /q showfox.txtcd %userprofile%\Application Data\Mozilla\Firefox\Profilesdir /s /o:d > c:\showfox.txt & start notepad c:\showfox.txt

Again open Notepad (Start - Run, type notepad and press Enter).

Copy/paste the above text into the open text box, then save this to your desktop as "foxlook.bat"

Be sure to include the "" quotes in the name. Then click on foxlook.bat. When the scan completes a textbox will open - copy/paste those contents back here please.

Link to post
Share on other sites

Ok, here you go.

Volume in drive C has no label.

Volume Serial Number is 50CE-3C98

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles

06/22/2008 03:56 PM <DIR> ..

06/22/2008 03:56 PM <DIR> .

06/23/2008 08:49 PM <DIR> gh4p514o.default

06/25/2008 05:25 PM <DIR> kkq2lwzk.Sandi New Profile

0 File(s) 0 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default

04/04/2008 06:04 PM 3,287 search.rdf

04/04/2008 06:04 PM 356 mimeTypes.rdf

06/18/2008 06:06 PM <DIR> chrome

06/18/2008 06:06 PM 146 compatibility.ini

06/18/2008 06:06 PM 16,384 secmod.db

06/18/2008 06:06 PM 2,048 search.sqlite

06/18/2008 06:06 PM 165,516 temp.js

06/18/2008 06:06 PM 165,516 search.dat

06/18/2008 06:07 PM 92 hostperm.1

06/19/2008 09:05 PM <DIR> searchplugins

06/19/2008 09:40 PM 7,288 extensions.rdf

06/19/2008 09:40 PM 831 extensions.cache

06/19/2008 09:40 PM 576 extensions.ini

06/19/2008 09:40 PM 98,403 xpti.dat

06/19/2008 09:40 PM 163,402 compreg.dat

06/22/2008 06:43 AM <DIR> GoogleToolbarData

06/22/2008 06:43 AM <DIR> bookmarkbackups

06/22/2008 06:53 AM <DIR> extensions

06/22/2008 06:53 AM 865 blocklist.xml

06/22/2008 09:42 AM 124,082 bookmarks.bak

06/22/2008 09:42 AM 65,536 cert8.db

06/22/2008 09:42 AM 16,384 key3.db

06/22/2008 09:42 AM 124,082 bookmarks.html

06/22/2008 11:49 AM 166 signons2.txt

06/22/2008 03:07 PM 4,106,240 urlclassifier2.sqlite

06/22/2008 03:12 PM 17,423 sessionstore.bak

06/22/2008 03:12 PM 233 formhistory.dat

06/22/2008 03:47 PM 9,460 prefs.js

06/22/2008 03:47 PM 25,942 cookies.txt

06/22/2008 03:47 PM 490 sessionstore.js

06/22/2008 03:47 PM 1,728 localstore.rdf

06/22/2008 03:47 PM 268,620 history.dat

06/23/2008 07:17 PM 2,683 prefs.zip

06/23/2008 08:49 PM <DIR> ..

06/23/2008 08:49 PM <DIR> .

06/23/2008 08:49 PM 1,209 chrome.zip

29 File(s) 5,388,988 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\bookmarkbackups

04/04/2008 06:04 PM 7,138 bookmarks-2008-06-18.html

06/18/2008 06:07 PM 38,253 bookmarks-2008-06-19.html

06/19/2008 09:56 PM 120,164 bookmarks-2008-06-20.html

06/20/2008 11:32 PM 124,082 bookmarks-2008-06-21.html

06/21/2008 09:02 AM 124,082 bookmarks-2008-06-22.html

06/22/2008 06:43 AM <DIR> ..

06/22/2008 06:43 AM <DIR> .

5 File(s) 413,719 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\chrome

04/04/2008 06:04 PM 1,078 userChrome-example.css

04/04/2008 06:04 PM 663 userContent-example.css

06/18/2008 06:06 PM <DIR> ..

06/18/2008 06:06 PM <DIR> .

2 File(s) 1,741 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions

06/19/2008 09:05 PM <DIR> {3112ca9c-de6d-4884-a869-9855de68056c}

06/22/2008 06:53 AM <DIR> ..

06/22/2008 06:53 AM <DIR> .

0 File(s) 0 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

05/25/2007 04:52 PM 2,443 install.rdf

05/25/2007 04:52 PM 7,789 LICENSE.txt

05/25/2007 04:52 PM 2,599 chrome.manifest

06/19/2008 09:05 PM <DIR> lib

06/19/2008 09:05 PM <DIR> chrome

06/19/2008 09:05 PM <DIR> META-INF

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

06/19/2008 09:05 PM <DIR> defaults

06/19/2008 09:05 PM <DIR> components

3 File(s) 12,831 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome

05/25/2007 04:52 PM 574,273 google-toolbar.jar

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

1 File(s) 574,273 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components

05/25/2007 04:52 PM 139,264 metrics.dll

05/25/2007 04:52 PM 7,824 bootstrap.js

05/25/2007 04:52 PM 351,232 googletoolbar.dll

05/25/2007 04:52 PM 4,578 googletoolbar.xpt

05/25/2007 04:52 PM 1,126 metrics.xpt

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

5 File(s) 504,024 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults

06/19/2008 09:05 PM <DIR> preferences

06/19/2008 09:05 PM <DIR> custombuttons

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

06/19/2008 09:05 PM <DIR> contenthandling

0 File(s) 0 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling

05/25/2007 04:52 PM 22,486 doc.ico

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

1 File(s) 22,486 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons

05/25/2007 04:52 PM 6,697 toolbar.google.com_J66T77NJDBMW4FEUU7FA.xml

05/25/2007 04:52 PM 2,005 toolbar.google.com_CTK0Y7F4MTG6NKYH03WT.xml

05/25/2007 04:52 PM 7,667 toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.xml

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

3 File(s) 16,369 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences

05/25/2007 04:52 PM 4,341 options.js

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

1 File(s) 4,341 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib

05/25/2007 04:52 PM 550,145 toolbar.js

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

1 File(s) 550,145 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF

05/25/2007 11:19 AM 3,247 zigbert.rsa

05/25/2007 11:19 AM 2,303 manifest.mf

05/25/2007 11:19 AM 2,411 zigbert.sf

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

3 File(s) 7,961 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\GoogleToolbarData

06/19/2008 09:05 PM <DIR> feeds

06/19/2008 09:05 PM 141,312 googlesafebrowsing.db

06/22/2008 06:43 AM 35 features.properties

06/22/2008 06:43 AM <DIR> ..

06/22/2008 06:43 AM <DIR> .

06/22/2008 09:43 AM 51 textreuse.dat

06/22/2008 09:43 AM 295 searchhistory.xml

06/22/2008 03:47 PM 77 kf.txt

5 File(s) 141,770 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\GoogleToolbarData\feeds

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

06/22/2008 03:47 PM 9,545 toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.xml

1 File(s) 9,545 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\searchplugins

06/19/2008 09:05 PM <DIR> searchplugins-backup

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM 2,386 siteadvisor.xml

06/19/2008 09:05 PM <DIR> .

1 File(s) 2,386 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\gh4p514o.default\searchplugins\searchplugins-backup

06/18/2008 06:07 PM 276 siteadvisor.src

06/19/2008 09:05 PM <DIR> ..

06/19/2008 09:05 PM <DIR> .

1 File(s) 276 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile

04/04/2008 06:04 PM 3,287 search.rdf

04/04/2008 06:04 PM 356 mimeTypes.rdf

06/22/2008 03:56 PM <DIR> chrome

06/22/2008 03:57 PM 146 compatibility.ini

06/22/2008 03:57 PM 16,384 secmod.db

06/22/2008 03:57 PM 2,048 search.sqlite

06/23/2008 09:04 AM 165,516 temp.js

06/23/2008 09:04 AM 165,516 search.dat

06/23/2008 09:04 AM <DIR> searchplugins

06/23/2008 09:04 AM 92 hostperm.1

06/23/2008 09:09 AM 233 formhistory.dat

06/24/2008 09:26 AM 2,048 webappsstore.sqlite

06/25/2008 06:22 AM <DIR> bookmarkbackups

06/25/2008 03:08 PM <DIR> GoogleToolbarData

06/25/2008 03:13 PM 5,053,440 urlclassifier2.sqlite

06/25/2008 03:18 PM <DIR> extensions

06/25/2008 03:18 PM 865 blocklist.xml

06/25/2008 03:21 PM 134 signons2.txt

06/25/2008 03:36 PM 70,392 bookmarks.bak

06/25/2008 03:36 PM 65,536 cert8.db

06/25/2008 03:36 PM 16,384 key3.db

06/25/2008 03:36 PM 70,392 bookmarks.html

06/25/2008 03:56 PM 7,296 extensions.rdf

06/25/2008 03:56 PM 831 extensions.cache

06/25/2008 03:56 PM 586 extensions.ini

06/25/2008 03:56 PM 98,413 xpti.dat

06/25/2008 03:56 PM 163,862 compreg.dat

06/25/2008 03:57 PM 18,786 history.dat

06/25/2008 05:25 PM 5,533 prefs.js

06/25/2008 05:25 PM 2,383 localstore.rdf

06/25/2008 05:25 PM 3,742 cookies.txt

06/25/2008 05:25 PM <DIR> .

06/25/2008 05:25 PM <DIR> ..

26 File(s) 5,934,201 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\bookmarkbackups

04/04/2008 06:04 PM 7,138 bookmarks-2008-06-22.html

04/04/2008 06:04 PM 7,138 bookmarks-2008-06-23.html

06/23/2008 10:17 PM 56,797 bookmarks-2008-06-24.html

06/24/2008 08:43 PM 56,797 bookmarks-2008-06-25.html

06/25/2008 06:22 AM <DIR> ..

06/25/2008 06:22 AM <DIR> .

4 File(s) 127,870 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\chrome

04/04/2008 06:04 PM 1,078 userChrome-example.css

04/04/2008 06:04 PM 663 userContent-example.css

06/22/2008 03:56 PM <DIR> ..

06/22/2008 03:56 PM <DIR> .

2 File(s) 1,741 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions

06/23/2008 09:03 AM <DIR> {3112ca9c-de6d-4884-a869-9855de68056c}

06/25/2008 03:18 PM <DIR> ..

06/25/2008 03:18 PM <DIR> .

0 File(s) 0 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

05/25/2007 04:52 PM 2,599 chrome.manifest

05/25/2007 04:52 PM 7,789 LICENSE.txt

05/25/2007 04:52 PM 2,443 install.rdf

06/23/2008 09:03 AM <DIR> lib

06/23/2008 09:03 AM <DIR> chrome

06/23/2008 09:03 AM <DIR> META-INF

06/23/2008 09:03 AM <DIR> .

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> defaults

06/23/2008 09:03 AM <DIR> components

3 File(s) 12,831 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome

05/25/2007 04:52 PM 574,273 google-toolbar.jar

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

1 File(s) 574,273 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components

05/25/2007 04:52 PM 139,264 metrics.dll

05/25/2007 04:52 PM 7,824 bootstrap.js

05/25/2007 04:52 PM 351,232 googletoolbar.dll

05/25/2007 04:52 PM 4,578 googletoolbar.xpt

05/25/2007 04:52 PM 1,126 metrics.xpt

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

5 File(s) 504,024 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults

06/23/2008 09:03 AM <DIR> preferences

06/23/2008 09:03 AM <DIR> custombuttons

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

06/23/2008 09:03 AM <DIR> contenthandling

0 File(s) 0 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling

05/25/2007 04:52 PM 22,486 doc.ico

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

1 File(s) 22,486 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons

05/25/2007 04:52 PM 6,697 toolbar.google.com_J66T77NJDBMW4FEUU7FA.xml

05/25/2007 04:52 PM 2,005 toolbar.google.com_CTK0Y7F4MTG6NKYH03WT.xml

05/25/2007 04:52 PM 7,667 toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.xml

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

3 File(s) 16,369 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences

05/25/2007 04:52 PM 4,341 options.js

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

1 File(s) 4,341 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib

05/25/2007 04:52 PM 550,145 toolbar.js

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

1 File(s) 550,145 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF

05/25/2007 11:19 AM 3,247 zigbert.rsa

05/25/2007 11:19 AM 2,303 manifest.mf

05/25/2007 11:19 AM 2,411 zigbert.sf

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

3 File(s) 7,961 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\GoogleToolbarData

06/23/2008 09:03 AM <DIR> feeds

06/23/2008 09:03 AM 141,312 googlesafebrowsing.db

06/25/2008 03:08 PM 35 features.properties

06/25/2008 03:08 PM <DIR> ..

06/25/2008 03:08 PM <DIR> .

06/25/2008 03:36 PM 49 textreuse.dat

06/25/2008 03:36 PM 139 searchhistory.xml

06/25/2008 05:25 PM 77 kf.txt

5 File(s) 141,612 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\GoogleToolbarData\feeds

06/23/2008 09:03 AM <DIR> ..

06/23/2008 09:03 AM <DIR> .

06/25/2008 05:25 PM 9,545 toolbar.google.com_O8Y91YHB24Z6SR0SGYSK.xml

1 File(s) 9,545 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\searchplugins

06/23/2008 09:04 AM <DIR> searchplugins-backup

06/23/2008 09:04 AM 2,386 siteadvisor.xml

06/23/2008 09:04 AM <DIR> ..

06/23/2008 09:04 AM <DIR> .

1 File(s) 2,386 bytes

Directory of C:\Documents and Settings\Sandi\Application Data\Mozilla\Firefox\Profiles\kkq2lwzk.Sandi New Profile\searchplugins\searchplugins-backup

06/22/2008 03:57 PM 276 siteadvisor.src

06/23/2008 09:04 AM <DIR> ..

06/23/2008 09:04 AM <DIR> .

1 File(s) 276 bytes

Total Files Listed:

120 File(s) 15,560,916 bytes

104 Dir(s) 114,786,000,896 bytes free

Link to post
Share on other sites

Sorry, didn't see those first set of instructions.

Here you go.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup]

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current]

@=""

[HKEY_CURRENT_USER\AppEvents\Schemes\Apps\.Default\MenuPopup\.Default]

@=hex(2):00,00

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE]

[HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE\shell]

[HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE\shell\open]

[HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE\shell\open\command]

@="C:\\PROGRA~1\\MOZILL~1\\FIREFOX.EXE -requestPending -osint -url \"%1\""

[HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE\shell\open\ddeexec]

@="\"%1\",,0,0,,,,"

"NoActivateHandler"=""

[HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE\shell\open\ddeexec\Application]

@="Firefox"

[HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE\shell\open\ddeexec\Topic]

@="WWW_OpenURL"

Link to post
Share on other sites

Hmm - none of the files jumped out as at least malware related, and if there were to be a culprit in that view it would be your user profile has problems with the Google Toolbar extension showing there.

The Registry information is different. The first parts are normal, or relate to the browser default check. But the "ddeexec" key is not, or at least not in that particular location. I understand that key, when used with other file types, would allow for data sharing, but don't see where it is normally applied to this location. Still not clear why this then would not effect the other Firefox user. We can trial removing that for now, and if it provides no improvements, or worse, we can return the key info and then discuss perhaps creating a new user profile to replace this problematic one.

You should have a copy of Check.txt on your desktop there from that foxcheck.bat scan just done. Right click that and rename it to "check.reg"

Again be sure to include the quotes in the name. This will make that a handy backup to undo our next changes.

---------------------------------

REGEDIT4
[-HKEY_CLASSES_ROOT\Applications\FIREFOX.EXE\shell\open\ddeexec]

Open Notepad (Start - Run, type notepad and OK) and copy and paste the above text (inside the box) into the text file. Now go to File > Save As and call it "fixer.reg"

Again using the quotes in the name. Then right click fixer.reg and select Merge to allow it to merge with the Registry.

Then reboot, open Firefox as your user and try the Tools menu access again. Post back an update please.

If for some unexpected reason something is too problematic after making those changes you can just right click the check.reg you created, and allow that to Merge with the Registry. This will return the old settings.

Link to post
Share on other sites

As I was not in at the beginning here, and still have not successfully located the download for this infection, did you already identify what action brought this to your computer? Other similar infection threads suggest they perhaps made the wrong download choice from the wrong location. If you can shed some light on that, it would be helpful, both for resolving any of your issues, and those of other victims. If it was from a specific link you can either post that here or PM it to me.

Link to post
Share on other sites

Ok, did all that but Firefox still shuts down when I go into tools, options.

This is what originally happened. About 5 or so weeks ago my 15 yr old son downloaded some sort of game. I wasn't around and he knows not to d/l anything without my permission but did so anyway. when I came home the computer was running slow and I see all these popups and games all over my computer plus the browser was being hijacked and the internet was running very slow. I knew that I had spyware and when I saw those games I knew it was him because I never d/l games. Ok, so I run spybot and it found that Vundo trojan and it seemed to get rid of it. But when I rebooted it came back. So I do a search on the internet for computer forums and the first one that I saw was a site called attribune.org. I checked it out and it looked good so I posted my problem in there. The person was extremely helpful in getting rid of vundo. He had me d/l Hijack This and some other things and finally Vundo was gone. Took about a week to clean it up, but we thought that we got all of it. I thanked him profusely and went on my merry way. Then I started noticing popups in firefox from Adzgalore so I tried running spybot and adaware but to no avail. They wouldn't go away. So I tried using IE as my browser and noticed that I didn't get the popups in there. I went back to that attribune.org site and noticed that they were very busy so I decided to find another site. That's when I found this site and posted my problem. First Jean helped me, and then AdvanceSetup and now you.

I did reprimand my son and told him that he is absolutely not allowed to d/l anything without my permission ever again. So far he has been listening.

And that's how all of this started. I have had spyware in the past but nothing nearly as severe as that Vundo infection.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.