Google search links redirected; mom.exe consuming 50% of processor resources

[rngofpower]

Hey everyone,

So it seems I have the same problem that a lot of people on this board are having which is that clicking on links in Google search results redirect me to another website (usually after several quick redirects consecutively, I end up on some other generic search page, or a page trying to "scan my computer for viruses" or trying to sell me something).

The other issue I'm having is that a program called mom.exe is hogging around 50% of my processor resources. I know this program is a part of ATI Catalyst Control center, but I have never had any problems with it until recently. In fact, I noticed that mom.exe began this unusual system hogging around the same time the search links started redirecting.

My virus software (McAfee) and my current spyware program (Spybot) were not catching anything unusual when I ran them.

I followed the 8 steps twice (both sets of logs are attached with the exception of my first Hijack this scan, I somehow deleted the log file). The first time it seemed to help with the search links for a short time and then the problem reappeared a few hours later.

I also have a log of my most recent couple of virus scans if anyone thinks that would help.

Help would be greatly appreciated.

Thanks!

 

[yangly18]

my first suggestion is dont use internet explorer, and use spywareblaster

other great internet explorer programs:
firefox
Opera
google chrome

 

[Bobbye]

You have Viewpoint Media Player installed on your system. This program is not malware but it is foistware in that it is usually installed without the user's knowledge or approval, and for this reason I recommend you remove it. If you actually use this program, I recommend you try using safe and free alternatives such as VLC Media Player:

This is an Optional Removal. Optional removals are coded in green:

Please reopen Hijackthis to 'do system scan only.'. Check each of the following if present:

C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - hxxps://components.viewpoint.com/MT...lander/key_features/ext360.html?noreloadredir
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm544YYUS

Close all Windows except HijackThis and click on "Fix Checked".

To complete the Viewpoint Media Player removal:

Boot into Safe Mode

• Restart your computer and start pressing the F8 key on your keyboard.
• Select the Safe Mode option when the Windows Advanced Options menu appears, and then press ENTER.

• Click on Start > Run and type: services.msc> OK
• Click the "Extended tab".
• Scroll down the list and find the service called "Viewpoint Manager Service"
• When you find the service, double-click on it.
• In the Properties Window > General Tab that opens, click the "Stop" button.
• From the drop-down menu next to "Startup Type", click on "Disabled".
• Now click "Apply", then "OK" and close any open windows.
• Click on Start > Settings > Control Panel >Add/Remove Programs
• Highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Finally, delete the following folders if they still exist: Open Windows Explorer> Programs:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder

Empty the Recycle Bin

Reboot into Normal Mode.

Disable Spybot Search & Destroy TeaTimer

• Right click the TeaTimer icon in the system Tray
  
• Then click Exit Spybot-S&D Resident
• (One you are clean you can restart TeaTimer by going to C:\Program Files\Spybot - Search & Destroy, and double clicking on TeaTimer.exe

Please download ComboFix HERE:

• With ComboFix, at the download window, please rename it to Combo-Fix(.exe) before downloading it.
  NOTE: Save Combofis to your desktop after remaning it. Do not run from the download site.
  
• Please disable all security programs, such as antiviruses, antispywares, and firewalls. Also disable your internet connection.
  
• Double-click on the Combo-Fix.exe setup on the desktop to run and follow the prompts.
  (Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.)
• Wait for the scan to be completed.
• If it requires a reboot, please do it.

• After the scan has completed entirely, please post the log here. The log will be located at C:\ComboFix(.txt)

Notes:

• 
  1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
  4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Rescan with HijackThis.
Please include Combofix report and new HJT log with next reply.

You also need to update the Adobe Reader:
Visit this Adobe Reader site and iodate to v9.xx. Uninstall any earlier updates as they are vulnerabilities.

 

[rngofpower]

Thanks for the reply...

... sorry it's taken so long to get around to fixing this. Holidays and all.

At any rate, I followed the first steps you suggested....

Please reopen Hijackthis to 'do system scan only.'. Check each of the following if present:

C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - hxxps://components.viewpoint.com/MTS...?noreloadredir
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O8 - Extra context menu item: &Search - ?p=ZUxdm544YYUS

Close all Windows except HijackThis and click on "Fix Checked".

Although I didn't see "C:\Program Files\Viewpoint\Common\ViewpointService.exe" or "C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe" in the Hijackthis log, I fixed the other three items.

I then restarted my computer in Safe Mode as you recommended and before I got to the Windows "loading" screen got a BSoD.

Here's what the error screen said:

A problem has been detected and windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check to be sure you have adequate disk space. If a driver is identified in the Stop message, disable the driver or check with the manufacturer for driver updates. Try changing video adapters.

Check with your hardware vendor for any BIOS updates. Disable BIOS memory options such as caching or shadowing. If you need to use Safe Mode to remove or disable components, restart your computer, press F8 to select Advanced Startup options, and then select Safe Mode.

Technical information:

*** STOP: 0x0000007e (0xC000005, 0x80537009, 0xF78BE508, 0xF78BE204)

I manually restarted the computer several times and attempted to start in safe mode each time with the same error message. However, when I booted normally, this error screen was nowhere to be found.

Any suggestions would be appreciated.

Thanks.

 

[jonly2009]

Please include Combofix report with next reply

 

[Bobbye]

Viewpoint is a minor issue. It's been 2 weeks since you started this thread and the logs from then are no obsolete. If the only problem you had was booting into Safe Mode complete the Viewpoint removal, forget that for now. That is a minor issue

Please run Combofix as instructed in my Reply post #2. I have added the line:
NOTE: Save Combofis to your desktop after renaming it. Do not run from the download site.

When you finish that, please run this online scan:
Run Eset NOD32 Online AntiVirus Scanner HERE

Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the Active X control to install
• Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
• Click Scan
• Wait for the scan to finish
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

Attach both the Combofix report and the Eset log to your next reply.