Google redirect and periodic shutdown

[surftout]

I am having a google redirect, as most people are having issues. I have ran the 8 steps and all the scans. I caught some major problems that I was having and the programs deleted the files, but now I am having periodic shutdowns. Something dealing with the system32 generic host. It gives me 1 minute to shut down. Here are the logs that are requested using the 8 steps.

 

[Bobbye]

Welcome to TechSpot, surftout. I'll help with the problem.

First, I'd like you to handle this:

Flash player is known for leaving behind old insecure files. It is better to clean out the entire entry, uninstall, then reinstall:

• Download the Flash Player Uninstaller and save it to your desktop.
  Choose the Flash Player Uninstaller for you browser: http://www.adobe.com/shockwave/download/alternates/ Don't run yet.
  
• Please reopen HijackThis to 'do system scan only'. Check the following processes if found:
  
  O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" -"http://www.miniclip.com/games/wakeboard-pro/en/"
  
  
• Close all Windows except HijackThis and click "Fix Checked."
  
• Boot into Safe Mode
  [o] Restart your computer and start pressing the F8 key on your keyboard.
  [o] Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.
  
• Double-click the Flash Player Uninstaller setup on the desktop and run the uninstaller program.
  
• Reboot your computer to complete the uninstall.
  
• Download latest version of Flash Player HERE and save to the desktop.
  
• . Double click the setup and run to install. Reboot when through.
  
• Once the new version is installed, follow the directions to disable the auto-updater.
  [1] Navigate to the Shockwave Welcome page:http://www.adobe.com/shockwave/welcome/
  Note: The context menu can be accessed from any Shockwave movie if the context menu has been enabled by the author, but this URL was provided to simplify the process.
  [2] Windows: Right click the Shockwave movie.
  [3] From the drop down menu choose "Properties".
  [4] Uncheck the box next to "Automatic Update Service" to disable the auto update feature.

-------------------------------------------
Please describe the 'redirect' to me as follows:
Since you question a Google Redirect, I'd like you to describe what's happening:
1. If you type a word in the Google search box, and then choose one of the sites that comes up, what happens?
2. Does a different site load?
3. Does any site load?
4. Are the sites the same/different?
5. Are you sure you're not seeing a Google page saying DNS server couldn't be contacted?

This has become a catch-all phrase whenever someone can't get a site.

Other than the extended entry for the Shockwave Updater, these logs are clean. You might still have malware- there is just noting showing up in the logs. But the seems to be pointing to a system problem:

I'd like you to look for any Error that is appearing at the time you get the message:

I am having periodic shutdowns. Something dealing with the system32 generic host.

Start> Run> type in eventvwr

Do this on each the System and the Applications logs:
[1]. Click to open the log>
[2]. Look for the Error>
[3] .Right click on the Error> Properties>
[4]. Click on Copy button, top right, below the down arrow >
[5]. Paste here (Ctrl V)
[6].NOTES

• You can ignore Warnings and Information Events.
• If you have a recurring Error with same ID#, same Source and same Description, only one copy is needed.
• You don't need to include the lines of code in the box below the Description, if any.
• Please do not copy the entire Event log.

Errors are time coded. Check the computer clock. Depending on what this shows, I may refer you over to our Windows OS forum.

 

[surftout]

Running into a slight problem. When I try to boot into safe mode, I get a blue screen of death. It's after the system runs the background lines.

As for the redirect:
After the search results come up and I click on the link, I get sent to another website. It is not always the same site and I never get a DNS error.

Here are the error codes:

Event Type: Error
Event Source: EventSystem
Event Category: (50)
Event ID: 4609
Date: 1/1/2010
Time: 1:06:48 PM
User: N/A
Computer: D203Z7F1
Description:
The COM+ Event System detected a bad return code during its internal processing. HRESULT was 80070005 from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: VSS
Event Category: None
Event ID: 8193
Date: 1/1/2010
Time: 1:06:48 PM
User: N/A
Computer: D203Z7F1
Description:
Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 57 52 54 57 52 54 49 43 WRTWRTIC
0008: 32 31 34 39 00 00 00 00 2149....
0010: 57 52 54 57 52 54 49 43 WRTWRTIC
0018: 32 31 31 31 00 00 00 00 2111....

Event Type: Error
Event Source: crypt32
Event Category: None
Event ID: 8
Date: 1/1/2010
Time: 1:08:26 PM
User: N/A
Computer: D203Z7F1
Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved


For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Event Type: Error
Event Source: McLogEvent
Event Category: None
Event ID: 5022
Date: 1/1/2010
Time: 1:13:06 PM
User: NT AUTHORITY\SYSTEM
Computer: D203Z7F1
Description:
MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date: 1/1/2010
Time: 10:47:29 PM
User: N/A
Computer: D203Z7F1
Description:
Faulting application svchost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x62160b80.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 41 70 70 6c 69 63 61 74 Applicat
0008: 69 6f 6e 20 46 61 69 6c ion Fail
0010: 75 72 65 20 20 73 76 63 ure svc
0018: 68 6f 73 74 2e 65 78 65 host.exe
0020: 20 35 2e 31 2e 32 36 30 5.1.260
0028: 30 2e 35 35 31 32 20 69 0.5512 i
0030: 6e 20 75 6e 6b 6e 6f 77 n unknow
0038: 6e 20 30 2e 30 2e 30 2e n 0.0.0.
0040: 30 20 61 74 20 6f 66 66 0 at off
0048: 73 65 74 20 36 32 31 36 set 6216
0050: 30 62 38 30 0b80

Event Type: Error
Event Source: Application Error
Event Category: None
Event ID: 1001
Date: 1/2/2010
Time: 10:44:59 AM
User: N/A
Computer: D203Z7F1
Description:
Fault bucket 1615205182.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 42 75 63 6b 65 74 3a 20 Bucket:
0008: 31 36 31 35 32 30 35 31 16152051
0010: 38 32 0d 0a 82..

This is an error I have gotten repeatedly over serveral days:

Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7023
Date: 1/2/2010
Time: 11:50:23 AM
User: N/A
Computer: D203Z7F1
Description:
The Application Management service terminated with the following error:
The specified module could not be found.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

 

[Tmagic650]

Looks like a memory problem and/or corrupted hard drive... Run a disk check when you can