My computer randomly closes any and all applications that I try to run. ctfmon.exe keeps launching itself and I seem to have less problems with applications but I'm not sure if it's the culprit or not.
I have run scans with Spybot, Malwarebytes and NAV 2010. All scans are coming up clean at this point, but the problems still persist. I have backed up my registry with ERUNT as instructed and I'm attaching my DDS logs. Please help.


DDS (Ver_10-03-17.01) - NTFSx86
Run by Shannon at 10:59:51.73 on Fri 06/25/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1421 [GMT -5:00]

AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxducoms.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Norton Internet Security\Engine\17.7.0.12\ccSvcHst.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Shannon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.7.0.12\IPSBHO.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.7.0.12\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [POINTER] point32.exe
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [lxdumon.exe] "c:\program files\lexmark 5600-6600 series\lxdumon.exe"
mRun: [lxduamon] "c:\program files\lexmark 5600-6600 series\lxduamon.exe"
mRun: [Lexmark 5600-6600 Series Fax Server] "c:\program files\lexmark 5600-6600 series\fm3032.exe" /s
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258265064546
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\program files\intuit\quickbooks 2010\HelpAsyncPluggableProtocol.dll

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1107000.00c\symds.sys [2010-5-20 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1107000.00c\symefa.sys [2010-5-20 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\bashdefs\20100522.001\BHDrvx86.sys [2010-5-22 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1107000.00c\cchpx86.sys [2010-5-20 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1107000.00c\ironx86.sys [2010-5-20 116784]
R2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe -service --> c:\windows\system32\lxducoms.exe -service [?]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\17.7.0.12\ccsvchst.exe [2010-5-20 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-6-20 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\ipsdefs\20100624.001\IDSXpx86.sys [2010-6-25 331640]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100624.037\NAVENG.SYS [2010-6-25 85552]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.5.0.127\definitions\virusdefs\20100624.037\NAVEX15.SYS [2010-6-25 1347504]
S2 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxduserv.exe [2009-11-14 98984]

=============== Created Last 30 ================

2010-06-25 14:58:16 0 d-----w- C:\VundoFix Backups
2010-06-25 13:57:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-06-25 13:57:42 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-24 13:05:42 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-06-24 13:05:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-06-23 19:11:08 0 d-----w- c:\windows\ie8updates
2010-06-23 19:10:47 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-23 19:10:46 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-23 19:10:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-23 19:03:29 0 d-sh--w- c:\documents and settings\shannon\IECompatCache
2010-06-23 19:03:16 0 d-sh--w- c:\documents and settings\shannon\PrivacIE
2010-06-23 19:02:12 0 d-sh--w- c:\documents and settings\shannon\IETldCache
2010-06-23 19:00:32 0 dc-h--w- c:\windows\ie8
2010-06-23 16:11:34 0 d-----w- c:\docume~1\shannon\applic~1\Malwarebytes
2010-06-23 16:11:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-23 16:11:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-23 16:11:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-06-23 16:11:26 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 18:04:41 0 d--h--w- c:\windows\PIF
2010-06-08 17:03:34 0 d-----w- C:\Mpact Navigator

==================== Find3M ====================

2010-05-07 21:40:22 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-05-07 21:40:22 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-05-07 21:40:22 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-05-07 21:40:22 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-31 05:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-31 05:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2001-11-23 04:08:20 712704 ----a-r- c:\windows\inf\other\AUDIO3D.DLL
2010-02-21 01:03:46 16384 --sha-w- c:\windows\temp\cookies\index.dat
2010-02-21 01:03:48 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2010-02-21 01:03:46 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 11:00:30.10 ===============

hi,


randomly closes any and all applications that I try to run
This could be a sign of malware. Your log looks ok.

Can you get to web sites ok?
Do you seem to end up at web sites you had no intention of going to?

Is a updated Malwarebytes coming up clean after a scan?

Shelf Life,

For some reason, all of the volunteers seemed to avoid my posting. As I could wait no longer, I eventually did a complete format and reinstall of WinXP. When the problem still continued, I knew that it must be hardware related. I have since narrowed the problem down to either a bad stick of RAM or a faulty DIMM slot on my board. If I have no RAM in my slots 2 and 4, then all is well. I'm going to just use slots 1 and 3 in dual channel mode and keep trucking. I know this is a rare instance, but it sure was acting like a malware infection. I do appreciate the response, but for future incidents, is there any way that I can get noticed within quicker timeframe? I have donated before and will continue, but I can't wait 5 days for a response. I know the work is strictly voluntary and we all really do appreciate your patience with our issues. Thanks again.

- snowball18

Some may not be comfortable answering a post that may not be malware related. Sounds like the format/reinstall narrowed it down pretty quick for you. Theres really no basis for answering a log although we try to take the older ones first. If its been 4 days with no reply one can post here. (http://forums.spybot.info/forumdisplay.php?f=37)