Various windows system files keep going "missing"

Im running windows xp mce 2005 on my htpc. gigabyte ga-k87n sli motherboard, single geforce 6600gt, 2 gb ram. update rollup 2.

Im having a very very strange problem. My OS drive keeps deleting various windows files after a seemingly random point in time. The first time i noticed this happening is when a vbscript i have running to manage my recoreded TV files was called... the system could not find wscript.exe. I thought this was just some weird anomaly, so I rebooted the machine.

Upon startup I got hal.dll is missing or corrupt. I put in the xp cd, went to recovery console, did an expand hal.dl_ to c:\windows\system32, and rebooted. Again at startup, i receive another message, ntoskernel.exe missing. I thought to myself, with all the time spent rebooting, loading the xp install cd, going to recovery console, this is going to take forever and a day right? so... reinstall.

i reinstall xp, this time choosing fat32 instead of ntfs just for the heck of it. I get everything back up and running installed the way i want it, had a backup of all my scripts (luckily), and everything is running smoothly...

...for about a week. this time, i'm going into administrative tools to look at my event viewier, and what do you know... the event viewer cpl file is missing. not only the event viewer, but computer management and few select other shortcuts no longer work. I grabbed my windows cd, replaced the files while the OS was up and running, and i could again use my event viewer and computer management and such. I checked my system32 folder for wscript.exe (since that was victim last time), and it was still there. so it seems to be choosing files at random to delete. i had doubts about the control panel files being all that was missing, so i rebooted the machine. again, on reboot, i got hal.dll missing. again, i went into recovery console and replaced the file. on next reboot, i got the small freeze after mup.sys is loaded, and then a BSOD. i dont remember exactly what the message was, but i believe it was irrelevant to the problem i'm having, or i would have written it down.

so now after it happened again, i ran a windows repair on the installation. it seemed to work, although many of my programs did not work and needed to be reinstalled, and most everything i have needed to be set up again. it was about as much trouble as a clean format was.

so the machine is currently sitting there running right now. its been a week now, and im currently having the same problems... my control panel files have gone missing, although wscript.exe is still there. my extender cannot log on to the box, i just get a black screen. its probably due to files needed for login and the gui not being there. if i shut the machine down, im almost certain it will not boot back up. before the files started dissapearing, i took a snapshot of the drive with driveimage xml, and i'll be able to restore the partition with a boot disk.

as for what could be causing this issue, I could only come up with two possible causes: worm/virus, or hard drive failure.

1. worm/virus - i do not see any processes i do not recognize in my process list. the machine is behind a hardware firewall, and the default windows software firewall is running. however, just to be sure, i ran an online virus scan from trend micro. other than a few http cookies and such, there were no viruses found. I also ran hijackthis, and will paste the log at the end. i could not find anything in the hjt log that seems suspicious.

2. hard drive failure - this seems more than likely the cause to me, but i have a few doubts. if the hard drive is dying, and sectors are corrupting as i speak, shouldnt the filename still be on the drive? i.e. eventvwr.cpl should still be there, listed in the drives TOC, but the actual data for the file would be corrupted... ive seen hard drive corruption before, and this is always the case. the file will read 0 bytes, but will still be listed. - Secondly, i have run an HDD scan on the drive using my favorite tool, i'll post a screenshot of the results. 0 "bad" blocks. The only two areas i saw were on the smart tests. I dont know what these mean, but the numbers dont seem very high for the amount of possible millions of sectors on the drive. they appear as 'yellow' status though, so maybe there is something to look at there.

thanks in advance,
-mike

http://home.comcast.net/~kgbnumber1/hddscan1.jpg

http://home.comcast.net/~kgbnumber1/hddscan2.jpg

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:58 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Dragon Global\DirMon2\DirMon2.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
C:\Program Files\WebGuide\WebGuide4\bin\WebGuideServiceMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - Startup: Shortcut to connect_share_x.lnk = C:\Documents and Settings\media\My Documents\connect_share_x.bat
O4 - Startup: Shortcut to connect_share_y.lnk = C:\Documents and Settings\media\My Documents\connect_share_y.bat
O4 - Startup: Shortcut to connect_share_z.lnk = C:\Documents and Settings\media\My Documents\connect_share_z.bat
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1206774481125
O20 - AppInit_DLLs: prio.dll
O23 - Service: DirMon2 - Dragon Global - C:/Program Files/Dragon Global/DirMon2/DirMon2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UltiDev Cassini Web Server for ASP.NET 2.0 - UltiDev LLC - C:\Program Files\UltiDev\Cassini Web Server for ASP.NET 2.0\UltiDevCassinWebServer2a.exe
O23 - Service: Windows User Mode Driver Framework (UMWdf) - Unknown owner - C:\WINDOWS\system32\wdfmgr.exe (file missing)
O23 - Service: WebGuideTranscode - WebGuide LLC - C:\Program Files\WebGuide\WebGuide4\bin\WebGuideTranscodeService.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe

--
End of file - 3580 bytes