yes it did.. i will copy and paste that one too...
here is viewpoint:
ViewpointKiller Version 1.23 (final)
ViewpointKiller is now attempting to remove VIEWPOINT MEDIA PLAYER...
The removal process was started at Thu Nov 29 10:34:01 2007
ViewpointKiller determined that "aim.exe" was not running.
ViewpointKiller was able to close "aolsoftware.exe" successfully.
ViewpointKiller was able to close "aim6.exe" successfully.
ViewpointKiller determined that "aol.exe" was not running.
ViewpointKiller determined that "MtsAxInstaller.exe" was not running.
ViewpointKiller was not able to close "ViewpointService.exe"!
Falling back to alternate "Viewpoint Manager Service" closure...
It appears that ViewpointKiller was able to close "Viewpoint Manager Service" successfully.
Ran registry removal functions.
ViewpointKiller determined that the PROGRAMFILES variable was set to "C:\Program Files".
ViewpointKiller determined that the path "C:\Program Files\Viewpoint\Viewpoint Media Player" does exist.
ViewpointKiller was able to remove the "C:\Program Files\Viewpoint\Viewpoint Media Player" folder successfully.
ViewpointKiller determined that the path "C:\Program Files\Viewpoint\Viewpoint Experience Technology" does not exist.
ViewpointKiller did not find the folder "C:\Program Files\Viewpoint\Viewpoint Experience Technology".
ViewpointKiller determined that the path "C:\Documents and Settings\All Users\Application Data\Viewpoint" does exist.
ViewpointKiller was able to remove the "C:\Documents and Settings\All Users\Application Data\Viewpoint" folder successfully.
ViewpointKiller determined that the path "C:\Program Files\MetaStream" does not exist.
ViewpointKiller did not find the folder "C:\Program Files\MetaStream".
ViewpointKiller determined that the path "C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint" does not exist.
ViewpointKiller did not find the folder "C:\Documents and Settings\All Users.WINDOWS\Application Data\Viewpoint".
ViewpointKiller determined that the path "C:\Program Files\Viewpoint\Common" does exist.
ViewpointKiller was able to remove the "C:\Program Files\Viewpoint\Common" folder successfully.
Finished reporting.
----------------------------------
Here is Combofix:
ComboFix 07-11-29.5 - David 2007-11-29 11:29:15.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.56 [GMT -5:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\screensavers.com
C:\Program Files\screensavers.com\Installer\temp\RKeula2.rtf
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml
C:\Program Files\screensavers.com\SSSInst\bin\iebyterange.xml.backup
C:\Program Files\screensavers.com\SSSInst\bin\SSSUninst.exe
C:\Program Files\screensavers.com\Wallpaper\Alligators.jpg
C:\Program Files\screensavers.com\Wallpaper\Baby Doe.jpg
C:\Program Files\screensavers.com\Wallpaper\Dolphins.jpg
C:\Program Files\screensavers.com\Wallpaper\Private Beach.jpg
C:\Program Files\screensavers.com\Wallpaper\Shrek 2 - Puss in Boots.jpg
C:\Program Files\screensavers.com\Wallpaper\Streaming Elegance.jpg
C:\Program Files\screensavers.com\Wallpaper\swpstart.exe
C:\Program Files\screensavers.com\Wallpaper\The SpongeBob SquarePants Movie.jpg
C:\Program Files\screensavers.com\Wallpaper\Tropical Waters.jpg
C:\Program Files\screensavers.com\Wallpaper\Your View.jpg
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.
2007-11-29 02:59 . 2007-11-29 03:03 <DIR> d-------- C:\Program Files\Trend Micro
2007-11-16 19:02 . 2007-11-16 19:02 <DIR> d-------- C:\Documents and Settings\David\Application Data\OpenOffice.org2
2007-11-16 06:05 . 2007-11-24 08:43 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-30 11:35 . 2007-10-30 11:35 <DIR> d-------- C:\Documents and Settings\David\Application Data\MySpace
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-24 13:43 --------- d-----w C:\Program Files\Yahoo!
2007-11-24 13:43 --------- d-----w C:\Program Files\Common Files\Real
2007-11-24 13:43 --------- d-----w C:\Program Files\AWS
2007-11-24 13:41 --------- d-----w C:\Program Files\Google
2007-11-24 13:41 --------- d-----w C:\Program Files\AOD
2007-11-24 13:41 --------- d-----w C:\Program Files\AIM
2007-11-17 00:05 --------- d-----w C:\Program Files\OpenOffice.org 2.0
2007-11-16 11:19 --------- d-----w C:\Program Files\MySpace
2007-10-06 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-06 13:05 --------- d-----w C:\Program Files\AIM6
2007-10-06 13:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2007-10-06 13:04 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-05 20:27 --------- d-----w C:\Documents and Settings\David\Application Data\Viewpoint
2007-10-05 20:17 --------- d-----w C:\Documents and Settings\David\Application Data\Aim
2007-09-30 14:42 --------- d-----w C:\Documents and Settings\David\Application Data\Yahoo!
2007-09-30 13:37 --------- d-----w C:\Program Files\Java
2007-09-29 20:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2001-01-01 06:29 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-02-28 07:00]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-01-15 12:28]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"SoundMan"="SOUNDMAN.EXE" [2002-09-27 22:44 C:\WINDOWS\SOUNDMAN.EXE]
"AIMPro"="C:\Program Files\AIM\AIM Pro\aimpro.exe" []
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 09:59]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
R3 nv3;nv3;C:\WINDOWS\system32\DRIVERS\nv3.sys
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************
catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-11-29 11:30:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-29 11:31:14
.
--- E O F ---