Ran Combofix and it deletes system32\system folder. Should I worry?

I thought I had gotten infected since I saw an ask toolbar, which I cant uninstall from add/remove programs. Also, I had zero system restore points, but system restore was on but wouldnt let me create a restore point. So I then ran combofix and it got stuck at system restore part. I then read on MS support site on how to fix the error I was getting about shadow copy service and I neabled shadow copy to run automatic. Then i ran combofix again and it ran fine and made a restore point and then it deleted c:\windows\system32\system.
Shoiuld I be worried about this deletion of my system32\system folder? The system seems stable. And how do I get rid of the pesky ask.com. Thanks

ComboFix 10-12-20.01 - Mary 12/20/2010 14:17:12.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1982.978 [GMT -5:00]
Running from: c:\users\Mary\Desktop\temp\ComboFix.exe
SP: Spy Sweeper *Disabled/Outdated* {8162D2B6-63C7-5812-E5F7-165FDC222080}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-11-20 to 2010-12-20 )))))))))))))))))))))))))))))))
.

2010-12-20 19:40 . 2010-12-20 19:40 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-12-20 19:40 . 2010-12-20 19:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-20 00:53 . 2010-12-20 00:53 -------- d-----w- c:\users\Mary\AppData\Local\Windows Live
2010-12-20 00:51 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-12-20 00:34 . 2010-12-20 00:34 -------- d-----w- c:\program files\Ask.com
2010-12-20 00:34 . 2010-12-20 00:34 -------- d-----w- c:\program files\MSSOAP
2010-12-19 23:53 . 2010-12-20 00:41 -------- d-----w- C:\Webroot
2010-12-17 16:49 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48A831A9-998E-44A7-BDCD-F8859B155636}\mpengine.dll
2010-12-13 03:12 . 2010-12-13 03:12 -------- d-----w- c:\windows\Sun
2010-12-07 00:40 . 2010-12-07 00:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-12-07 00:34 . 2010-12-07 00:34 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-07 00:32 . 2010-12-07 00:32 -------- d-----w- c:\programdata\McAfee Security Scan
2010-12-07 00:32 . 2010-12-09 01:35 -------- d-----w- c:\program files\McAfee Security Scan
2010-11-29 20:59 . 2010-11-29 20:59 -------- d-----w- c:\users\Guest\AppData\Roaming\Malwarebytes
2010-11-29 14:49 . 2010-12-03 21:14 -------- d-----w- c:\users\Guest\AppData\Roaming\vlc
2010-11-24 00:16 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-19 20:19 . 2010-05-18 04:48 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-19 15:41 . 2009-10-03 00:13 222080 ----a-w- c:\windows\system32\MpSigStub.exe
2010-09-23 17:09 . 2010-09-23 17:13 18521687 ----a-w- c:\users\Mary\f5d8073 v3011 v2.0.0.8.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-02-09 20:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2009-04-11 1233920]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-07-16 4670704]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-17 221184]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"Google Update"="c:\users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-01-10 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-01-15 267048]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-24 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-24 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]

c:\users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.2\program\quickstart.exe [2007-2-2 393216]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-21 34520]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\MRI_DISABLED
HP Connections.lnk - c:\program files\HP Connections\6811507\Program\HP Connections.exe [2006-12-21 34520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-06-05 13:12 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2006-11-24 23:33 167936 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2006-12-21 08:07 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-05-14 22:22 35328 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1770090351-3043134409-3134686496-1000]
"EnableNotificationsRef"=dword:00000004

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 136176]
R3 DNINDIS4;DNINDIS4 NDIS Protocol Driver;c:\windows\system32\DNINDIS4.SYS [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 netr28;Belkin 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [2007-08-23 313344]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\DRIVERS\WPN111.sys [x]
S0 ssfs0bbc;ssfs0bbc;c:\windows\system32\DRIVERS\ssfs0bbc.sys [2009-11-06 29808]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [2010-12-20 1201640]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contents of the 'Scheduled Tasks' folder

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:07]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-31 18:07]

2010-12-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770090351-3043134409-3134686496-1000Core.job
- c:\users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 21:13]

2010-12-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1770090351-3043134409-3134686496-1000UA.job
- c:\users\Mary\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-27 21:13]

2010-12-20 c:\windows\Tasks\User_Feed_Synchronization-{DB219586-3EAA-433F-AD39-6287CD6E654B}.job
- c:\windows\system32\msfeedssync.exe [2010-12-16 04:25]

2010-12-14 c:\windows\Tasks\wrSpySweeper_L8C087653B3864148B3C73F042ACA1A4C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]

2010-12-14 c:\windows\Tasks\wrSpySweeper_L8C087653B3864148B3C73F042ACA1A4C.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]

2010-12-14 c:\windows\Tasks\wrSpySweeper_LB0EBD3980B4041C486310E2FD88BBBBF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]

2010-12-14 c:\windows\Tasks\wrSpySweeper_LB0EBD3980B4041C486310E2FD88BBBBF.job
- c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe [2008-03-23 20:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
mWindow Title = Windows Internet Explorer provided by Comcast
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 14:40
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-12-20 14:43:12
ComboFix-quarantined-files.txt 2010-12-20 19:42

Pre-Run: 19,921,625,088 bytes free
Post-Run: 19,883,978,752 bytes free

- - End Of File - - D44EE343EE79B1508F53F35C53EB95FE

Edited by Ms Mary, 20 December 2010 - 04:19 PM.

Hello ,
And to the Bleeping Computer Malware Removal Forum. My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

• The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
• Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
• The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
• Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

• Please download OTL from one of the following mirrors:
  • This is THE Mirror
• Save it to your desktop.
• Double click on the icon on your desktop.
• Click the "Scan All Users" checkbox.
• Push the Quick Scan button.
• Two reports will open, copy and paste them in a reply here:
  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Please Download Rootkit Unhooker Save it to your desktop.

• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
• Wait till the scanner has finished and then click File, Save Report.
• Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note - if you get the following warning, just ignore: "Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Click on Cancel, then Accept.

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply

• A detailed description of your problems
• A new OTL log (don't forget extra.txt)
• RKU log

Thanks and again sorry for the delay.

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.