Ok.. my computer became possessed today.. I am hoping someone can help me out before I reload windows.. I am running in safe mode with networking as I type this.. Safe mode seems to avoid whatever problem I am encountering..

System:
home built by me.. Been running great for a couple of years.. I always run Anti virus with firewall.. (Norton Internet Security).. Core2Duo, 2GB Ram, WD drives (2 internal) one external USB drive.

Symptoms and things I've looked at:

Boot the system and log into my wife's user profile. (1 of 3).. The desktop appears and you can tell the system is loading the services.. It then restarts..

Boot the system.. Select my user profile . it loads and everything seems ok.. Start working away and all of a sudden it will seem like the system lags or pauses for a second.. Mouse pointer still active however clicking on things produces no results.. eventually when you click I hear a beep from the hardware and the mouse freezes along with the rest of the system.. Must reset to exit (reboot)...

Boot the system and noticed there was a "New hardware found" diag box however no hardware was added.. Went into the device manager and found it under the Unknown section.. Windows could not tell what the device was.. So I remvoed it.. the system behavior never chnaged..

Boot the system.. loads the OS and user profile.. go to Computer Management and try to run a Disk Check on the C drive.. States that it cant perform the disk check with the system running and promps me to set it to check at next boot.. Restart the system and it never does the disk check (chkdsk).

Boot the system.. loads the OS and user profile.. run chkdsk from the command prompt and it tells me, "CHKDSK discovered free space marked as allocated in the master file table (MFT) bitmap. Correcting errors in the Volume Bitmap. Windows found problems with the file system.
Run CHKDSK with the /F (fix) option to correct these."

So, I load the Windows XP Pro installation CD and boot to it.. I enter the Repair cosole and run chkdsk with the /R option. completes and I rerun chkdsk with /P option and it tells me the disk is clean. So it appears that the /R option corrected any problems..

Boot the PC up again and same symptoms as before...

I tried running Disk Defrag for the heck of it.. It states "Disk Defragmenter could not start." WTH??? I know this used to work.. Defrag will not start for either of my two local disks.. I have a USB drive and Defrag will work on it..

Checked the Event Log and below are the "Errors" that appear since I cleared the logs earlier this morning.

Type Date Time Source Category Event User Computer
Error 9/6/2008 4:21:23 PM Service Control Manager None 7026 N/A JOHNSON-G0QSH0J
Error 9/6/2008 4:20:26 PM DCOM None 10005 SYSTEM JOHNSON-G0QSH0J
Error 9/6/2008 4:19:24 PM sfsync03 None 1 N/A JOHNSON-G0QSH0J
Error 9/6/2008 2:12:24 PM sr None 1 N/A JOHNSON-G0QSH0J
Error 9/6/2008 11:21:11 AM sr None 1 N/A JOHNSON-G0QSH0J
Error 9/6/2008 11:01:48 AM DCOM None 10005 SYSTEM JOHNSON-G0QSH0J
Error 9/6/2008 10:56:37 AM Service Control Manager None 7026 N/A JOHNSON-G0QSH0J
Error 9/6/2008 10:56:37 AM Service Control Manager None 7001 N/A JOHNSON-G0QSH0J
Error 9/6/2008 10:56:37 AM Service Control Manager None 7001 N/A JOHNSON-G0QSH0J
Error 9/6/2008 10:56:37 AM Service Control Manager None 7001 N/A JOHNSON-G0QSH0J
Error 9/6/2008 10:56:37 AM Service Control Manager None 7001 N/A JOHNSON-G0QSH0J
Error 9/6/2008 10:56:37 AM Service Control Manager None 7001 N/A JOHNSON-G0QSH0J
Error 9/6/2008 10:56:23 AM DCOM None 10005 SYSTEM JOHNSON-G0QSH0J
Error 9/6/2008 10:54:06 AM sfsync03 None 1 N/A JOHNSON-G0QSH0J
Error 9/6/2008 10:39:25 AM sr None 1 N/A JOHNSON-G0QSH0J

It should be noted that the system did have a couple hard shutdowns due to my dumbarse plugging it into a switch controlled outlet when we moved into our new house a month ago.. a couple times we hit the switch which shut off the power to the PC. Booted and ran fine aftewards.. (up to today).

Not sure what to do.. The system seems be stable in safe mode which tells me that its some sort of software issue as opposed to hardware...

I would appreciate any help anyone can provide..

Thanks in adavnce.
Jerid

Seeing as you seem to have the knowledge, could I ask you to post the minidumps here?

If you need instructions I can post them.

Hello and welcome to PCHelpForum.

Could you follow this link please and post your results:http://www.pchelpforum.com/windows-x...eath-here.html

Thankyou.

Found the dumps.. not sure how to view/read them so I'll post them here.. I zipped all from today and they are linked below.

http://jeridjohnson.com/x/Minidump09062008.zip

Thanks!!

well, I came out of safe mode and booted up normally.. encountered the following:

Event Type: Information
Event Source: Application Popup
Event Category: None
Event ID: 26
Date: 9/6/2008
Time: 9:04:51 PM
User: N/A
Computer: JOHNSON-G0QSH0J
Description:
Application popup: svchost.exe - Application Error : The instruction at "0x7c918fea" referenced memory at "0x01c910ae". The memory could not be "written".

Click on OK to terminate the program
Click on CANCEL to debug the program

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Here are some screenshots of the error popups I got.. the last two are a result of me clicking on the more info link.


While I was grabbing the screen prints of these a popup appeared and said the NT AUTHORITY\SYSTEM was initializing a system restart. here are some details from the event log:

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 9/6/2008
Time: 9:05:18 PM
User: NT AUTHORITY\SYSTEM
Computer: JOHNSON-G0QSH0J
Description:
The Remote Access Connection Manager service was successfully sent a start control.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 9/6/2008
Time: 9:05:18 PM
User: NT AUTHORITY\SYSTEM
Computer: JOHNSON-G0QSH0J
Description:
The SRTSP service was successfully sent a start control.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.




Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 9/6/2008
Time: 9:05:18 PM
User: NT AUTHORITY\SYSTEM
Computer: JOHNSON-G0QSH0J
Description:
The Network Location Awareness (NLA) service was successfully sent a start control.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Cheers,
Jerid

When you received the shutdown message, do you recall whether it was ended by a message saying "Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly"?

I also recall that once when fixing this from someone's computer they had a W32.Blaster.Worm, probably a good idea to do this:

Go to here: Download details: Security Update for Windows XP (KB823980)
Download it and run it.

Then download this and run it: http://www.symantec.com/security_res...081119-5051-99

Restart in safe mode before running the latter.

Hello,I will just get our mini dump expert to check the log for you.