Windows 7 logon issue

Hello all and thanks for any assistance you can give me.

I have a Dell Vostro 260S - Dells stock image (yeah mistake i know) running win7 pro 64bit.  Of course I could just nuke the machine with a fresh non-dell image but that wouldn't be any fun at all.  This machine is a person who happens to be a very difficult setup.

This person works from home through a VPN.  I was getting reports that she would be connecting okay for days, then suddenly someone has to power cycle the machine.  This goes on and off for days at a time (i am offsite).  So I finally got down to her location one day to check the machine when it was locked up.  

The machine showed the login screen (press cntrl alt delete) I do so and it takes me to her login screen, enter her password, and it brings me right back to the login screen - not an incorrect password - it just does nothing.  Eventually you have to power cycle.

I changed the RAM in the machine.  A few days later the problem popped up again.

So i changed the machine out (moved the harddrive over to a new machine) and the problem persists.

The company has a domain policy set for windows updates to run at 1pm.  When i arrived back with the new machine a bit after 1pm, the screen was back to login, and exhibiting the same behavior.  Windows updates fail with error 800B0001.  I will mention gotomypc is also on the machine.

Below is a list of events popping up constantly.  And the problem does not SEEM to be the hard disk.  I've run tests with no failures.  Of course this is my last resort.  Thanks again all.




Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.  

 DETAIL -
 0 user registry handles leaked from \Registry\User\S-1-5-21-2125281132-3400958297-2518728906-9306:






Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).





Notifications for the volume C:\ are not active.

Context: Windows Application

Details:
      Insufficient quota to complete the requested service.  (HRESULT : 0x800705ad) (0x800705ad)




An I/O operation initiated by the Registry failed unrecoverably.The Registry could not flush hive (file): '\SystemRoot\System32\Config\SOFTWARE'.





wuaueng.dll (888) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 0 (0x0000000000000000) for 32768 (0x00008000) bytes failed after 0 seconds with system error 1453 (0x000005ad): "Insufficient quota to complete the requested service. ".  The write operation will fail with error -1011 (0xfffffc0d).  If this error persists then the file may be damaged and may need to be restored from a previous backup.



Log Name:      Application
Source:        ESENT
Date:          7/14/2012 9:40:38 PM
Event ID:      104
Task Category: General
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      LVMHTRV02.dkintl.com
Description:
wuaueng.dll (888) SUS20ClientDataStore: The database engine stopped the instance (0) with error (-1090).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="ESENT" />
    <EventID Qualifiers="0">104</EventID>
    <Level>2</Level>
    <Task>1</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-15T01:40:38.000000000Z" />
    <EventRecordID>7268</EventRecordID>
    <Channel>Application</Channel>
    <Computer>0002.d000000tl.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>wuaueng.dll</Data>
    <Data>888</Data>
    <Data>SUS20ClientDataStore: </Data>
    <Data>0</Data>
    <Data>-1090</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Microsoft-Windows-EventSystem
Date:          7/15/2012 12:36:48 PM
Event ID:      4622
Task Category: Event Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      0000000.000000.com
Description:
The COM+ Event System could not marshal the subscriber for subscription {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 80010100.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
    <EventID Qualifiers="49152">4622</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>17</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-15T16:36:48.000000000Z" />
    <EventRecordID>7271</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>00000.00000.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">80010100</Data>
    <Data Name="param2">{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Microsoft-Windows-EventSystem
Date:          7/15/2012 2:53:31 PM
Event ID:      4609
Task Category: Event Service
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:      00000.00000.com
Description:
The COM+ Event System detected a bad return code during its internal processing.  HRESULT was 80070005 from line 586 of d:\w7rtm\com\complus\src\events\tier2\eventsystem2.cpp.  This warning may be expected if the computer is low on resources.  If the computer is not low on resources, and these warnings persist, it may indicate a problem in the COM+ Event System.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
    <EventID Qualifiers="32768">4609</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>17</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-15T18:53:31.000000000Z" />
    <EventRecordID>7275</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>000000.000000.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">d:\w7rtm\com\complus\src\events\tier2\eventsystem2.cpp</Data>
    <Data Name="param2">586</Data>
    <Data Name="param3">80070005</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Microsoft-Windows-EventSystem
Date:          7/15/2012 3:55:51 PM
Event ID:      4622
Task Category: Event Service
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      000000.00000.com
Description:
The COM+ Event System could not marshal the subscriber for subscription {CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}.  The HRESULT was 800700a4.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-EventSystem" Guid="{899daace-4868-4295-afcd-9eb8fb497561}" EventSourceName="EventSystem" />
    <EventID Qualifiers="49152">4622</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>17</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-15T19:55:51.000000000Z" />
    <EventRecordID>7276</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>000000000.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">800700a4</Data>
    <Data Name="param2">{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}</Data>
  </EventData>
</Event>


Log Name:      System
Source:        Microsoft-Windows-DistributedCOM
Date:          7/16/2012 5:09:06 AM
Event ID:      10000
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      000000.com
Description:
Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}. The error:
"1450"
Happened while starting this command:
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" />
    <EventID Qualifiers="49152">10000</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-16T09:09:06.000000000Z" />
    <EventRecordID>55909</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>System</Channel>
    <Computer>0000000V.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data Name="param1">C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding</Data>
    <Data Name="param2">1450</Data>
    <Data Name="param3">{1F87137D-0E7C-44D5-8C73-4EFFB68962F2}</Data>
  </EventData>
</Event>


Log Name:      Application
Source:        Microsoft-Windows-WMI
Date:          7/16/2012 9:23:21 AM
Event ID:      10
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      00000.com
Description:
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WMI" Guid="{1edeee53-0afe-4609-b846-d8c0b2075b1f}" EventSourceName="WinMgmt" />
    <EventID Qualifiers="49152">10</EventID>
    <Version>0</Version>
    <Level>2</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-16T13:23:21.000000000Z" />
    <EventRecordID>7299</EventRecordID>
    <Correlation />
    <Execution ProcessID="0" ThreadID="0" />
    <Channel>Application</Channel>
    <Computer>0000000.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>//./root/CIMV2</Data>
    <Data>SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage &gt; 99</Data>
    <Data>0x80041003</Data>
  </EventData>
</Event>



Log Name:      System
Source:        Microsoft-Windows-WindowsUpdateClient
Date:          7/16/2012 9:25:38 AM
Event ID:      16
Task Category: Automatic Updates
Level:         Warning
Keywords:      Connection
User:          SYSTEM
Computer:      00000.com
Description:
Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-WindowsUpdateClient" Guid="{945A8954-C147-4ACD-923F-40C45405A658}" />
    <EventID>16</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>2</Task>
    <Opcode>11</Opcode>
    <Keywords>0x8000000000000001</Keywords>
    <TimeCreated SystemTime="2012-07-16T13:25:38.899698600Z" />
    <EventRecordID>56029</EventRecordID>
    <Correlation />
    <Execution ProcessID="920" ThreadID="5736" />
    <Channel>System</Channel>
    <Computer>0000.com</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
  </EventData>
</Event>


Log Name:      Application
Source:        System Restore
Date:          7/16/2012 1:43:16 PM
Event ID:      8193
Task Category: None
Level:         Error
Keywords:      Classic
User:          N/A
Computer:      000000000.com
Description:
Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x80070422).
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="System Restore" />
    <EventID Qualifiers="0">8193</EventID>
    <Level>2</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-16T17:43:16.000000000Z" />
    <EventRecordID>7330</EventRecordID>
    <Channel>Application</Channel>
    <Computer>0000000.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation</Data>
    <Data>Scheduled Checkpoint</Data>
    <Data>0x80070422</Data>
    <Binary>220407809D010000870100009501000022CE28677C6DDA79E28C1C000000000000000000</Binary>
  </EventData>
</Event>


Log Name:      System
Source:        RTL8167
Date:          7/16/2012 11:19:41 AM
Event ID:      1
Task Category: None
Level:         Warning
Keywords:      Classic
User:          N/A
Computer:    00000.com
Description:
Realtek PCIe GBE Family Controller is disconnected from network.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="RTL8167" />
    <EventID Qualifiers="32768">1</EventID>
    <Level>3</Level>
    <Task>0</Task>
    <Keywords>0x80000000000000</Keywords>
    <TimeCreated SystemTime="2012-07-16T15:19:41.932195500Z" />
    <EventRecordID>56076</EventRecordID>
    <Channel>System</Channel>
    <Computer>00000000.com</Computer>
    <Security />
  </System>
  <EventData>
    <Data>\Device\NDMP14</Data>
    <Data>Realtek PCIe GBE Family Controller</Data>
    <Binary>00000000020030000000000001000080000000000000000000000000000000000000000000000000</Binary>
  </EventData>
</Event>