Shoiuld I be worried about this deletion of my system32\system folder? The system seems stable. And how do I get rid of the pesky ask.com. Thanks
ComboFix 10-12-20.01 - Mary 12/20/2010 14:17:12.1.2 - x86
Microsoft® Windows Vista Home Premium 6.0.6002.2.1252.1.1033.18.1982.978 [GMT -5:00]
Running from: c:\users\Mary\Desktop\temp\ComboFix.exe
SP: Spy Sweeper *Disabled/Outdated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\system
.
((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.
2010-12-20 19:40 . 2010-12-20 19:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-20 19:40 . 2010-12-20 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 00:53 . 2010-12-20 00:53 -------- d-----w- c:\users\Mary\AppData\Local\Windows Live
2010-12-20 00:51 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-20 00:34 . 2010-12-20 00:34 -------- d-----w- c:\program files\Ask.com
2010-12-20 00:34 . 2010-12-20 00:34 -------- d-----w- c:\program files\MSSOAP
2010-12-19 23:53 . 2010-12-20 00:41 -------- d-----w- C:\Webroot
2010-12-17 16:49 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48A831A9-998E-44A7-BDCD-F8859B155636}\mpengine.dll
2010-12-13 03:12 . 2010-12-13 03:12 -------- d-----w- c:\windows\Sun
2010-12-07 00:40 . 2010-12-07 00:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-07 00:34 . 2010-12-07 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-07 00:32 . 2010-12-07 00:32 -------- d-----w- c:\programdata\McAfee Security Scan
2010-12-07 00:32 . 2010-12-09 01:35 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-29 20:59 . 2010-11-29 20:59 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2010-11-29 14:49 . 2010-12-03 21:14 -------- d-----w- c:\users\Guest\AppData\Roaming\vlc
2010-11-24 00:16 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 20:19 . 2010-05-18 04:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-19 15:41 . 2009-10-03 00:13 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-09-23 17:09 . 2010-09-23 17:13 18521687 ----a-w- c:\users\Mary\f5d8073 v3011 v2.0.0.8.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
c:\users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-21 34520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-21 34520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-06-05 13:12 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-21 08:07 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1770090351-3043134409-3134686496-1000]
"EnableNotificationsRef"=dword:00000004
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 136176]
R3 DNINDIS4;DNINDIS4 NDIS Protocol Driver;c:\windows\system32\DNINDIS4.SYS [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28;Belkin 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2010-12-20 1201640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:07]
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:07]
2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770090351-3043134409-3134686496-1000Core.job
- c:\users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 21:13]
2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770090351-3043134409-3134686496-1000UA.job
- c:\users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 21:13]
2010-12-20 c:\windows\Tasks\User_Feed_Synchronization-{DB219586-3EAA-433F-AD39-6287CD6E654B}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]
2010-12-14 c:\windows\Tasks\wrSpySweeper_L8C087653B3864148B3C73F042ACA1A4C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]
2010-12-14 c:\windows\Tasks\wrSpySweeper_L8C087653B3864148B3C73F042ACA1A4C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]
2010-12-14 c:\windows\Tasks\wrSpySweeper_LB0EBD3980B4041C486310E2FD88BBBBF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]
2010-12-14 c:\windows\Tasks\wrSpySweeper_LB0EBD3980B4041C486310E2FD88BBBBF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
mWindow Title = Windows Internet Explorer provided by Comcast
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 14:40
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-20 14:43:12
ComboFix-quarantined-files.txt 2010-12-20 19:42
Pre-Run: 19,921,625,088 bytes free
Post-Run: 19,883,978,752 bytes free
- - End Of File - - D44EE343EE79B1508F53F35C53EB95FE
Edited by Ms Mary, 20 December 2010 - 04:19 PM.