NTAuthority/System shutdown, firefox blocked

Good day, fine fellows.

I'm working with a new (three-week-old) desktop PC. Recently, I have had two instances where something out of the ordinary has occurred.

1) The night before last, as I was shutting down, I got a dialog box telling me that my PC had to be shut down,

c\\windows\system32\services.exe terminated unexpectedly with status code 1073741819, initiated by NTAuthority/System.

Unfortunately, I was unable to halt the shutdown (as I didn't know how at that point). The shut down got as far as "Logging off", and eventually I had to power down manually.

2) Yesterday things went fine until the evening, when I got another box declaring that Windows Firewall was blocking firefox (ver 3.5.2). I closed that box and went into security to check, and the exception for firefox was unchecked.

I am not sure if these two events are related, but they occurred within a day of each other, so I'm a bit suspicious.

I ran Spybot, AVG 8.5, Ad-Aware and found nothing beyond a few cookies. However, a Malwarebytes Anti-Malware scan produced the following result:

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Policies\Explorer\ForceClassicControlPan el (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Could you have a look to see if I am further infected? Any help would be greatly appreciated. HiJackthis log and uninstall_list follow below.

Cheers.

*****************

[clean log removed - Broni]

I see nothing malicious here.
I'm removing clean log, and moving this topic to Windows section.

__________________
My Home Page

broni,

Thanks for that. I can't say I'm sorry there's nothing terrible happening, but I hope it didn't take up too much of your time.

Anyone in Windows section have an idea as to why I got that shutdown, and/or the firefox block?

Thanks for reading.

I'd consider bringing it back to the place, you bought it from.

__________________
My Home Page

Seriously? Or is that just a little joke? I mean, it's new but it's not like I haven't been using it heaps. The reason I posted in the first place is that I get around on the web and I just wanted to check that I hadn't clicked the wrong link in a moment of carelessness (or more likely, drunkenness). Besides, I've been buying PCs from this shop (an actual computer store, not a chain or somesuch) for about 15 years now, and their rigs and installs have always been solid.

But i appreciate the suggestion. If no one has any ideas on what the possible cause could be, I have no qualms about bringing it in for a check.

Have a good one. And, again, thanks for the assistance.

Cheers.

Let's run one more scan, to make sure, there is nothing there (I'll move the thread back to malware section, if needed)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

1. Please, never rename Combofix unless instructed.
2. Close any open browsers.
3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   
   • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
   • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
   
   NOTE. If Combofix asks you to install Recovery Console, please allow it.
   
   • Close any open browsers.
   • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
   • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
   • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
4. Double click on combofix.exe & follow the prompts.
5. When finished, it will produce a report for you.
6. Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

__________________
My Home Page

[clean logs removed - Broni]

All clean.

Combofix said:
c:\windows\system32\appmgmts.dll ... is missing !!
If it has anything to do with your problem, I don't know, but it may be good idea to run "sfc".

__________________
My Home Page

Thanks, broni!

What's "sfc"?

Also, in the link you provided for disabling antivirus programs, there was an instruction about using "ResetTeaTimer". Should I use that? And, if so, do I use it before or after re-enabling TeaTimer in the Spybot options?

Thanks for the help.

sfc = system file checker

Go Start>Run ("Start Search" in Vista), type in:
sfc /scannow
Click OK (hold CTRL, and SHIFT, hit Enter in Vista).
Have Windows CD/DVD handy (with Vista, most likely, you won't need it).
If System File Checker (sfc) will find any errors, it may ask you for the CD/DVD (rarely in Vista case).
If sfc won't find any errors in Windows XP, it'll simply quit, without any message.


TeaTimer is part of Spybot. Spybot seems to be having its best time behind.
I suggest:
- SUPERAntiSpyware Free Edition: SUPERAntiSpyware.com - Downloads
- Malwarebytes' Anti-Malware (trial version is fully functionable): Malwarebytes.org

__________________
My Home Page