You had a severely infected machine. I'm going to try and help you out here but I do know there are files found that are pirated, illegal and that is unacceptable.
The following are not necessarily spyware/malware, but we suggest you place a check mark next to the following entries, as these programs may be taking up system resources.
All items can be found using http://www.bleepingcomputer.com/startups/ startup items database
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SystemExplorerAutoStart] "F:\Program Files\System Explorer\SystemExplorer.exe" /TRAY
O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "F:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [AtherosBtStack] "F:\Program Files\Bluetooth Suite\BtvStack.exe"
O4 - HKLM\..\Run: [AthBtTray] "F:\Program Files\Bluetooth Suite\AthBtTray.exe"
O4 - HKLM\..\Run: [BCSSync] "F:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Everything] "F:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WordWeb] "F:\Program Files\WordWeb\wweb32.exe" -startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "F:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [tinySpell] F:\Program Files\tinySpell\tinyspell.exe
O4 - HKCU\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe
O4 - HKCU\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart
O4 - HKCU\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Ditto] F:\Program Files\Ditto\Ditto.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [IDMan] F:\Program Files\Internet Download Manager\IDMan.exe /onboot (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun (User 'UpdatusUser')O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [DU Meter] "F:\Program Files\DU Meter\DUMeter.exe" /autostart (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesPreload] F:\Program Files\Samsung\Kies\Kies.exe /preload (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [KiesAirMessage] F:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3422875488-3658502439-2224259970-1001\..\Run: [OfficeSyncProcess] "F:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" (User 'UpdatusUser')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
after you check these items, of course some you may not want to, please reboot the computer to set the registry.
~~~~~~~~~~~~~~~~~~~~~`
NEXT
Need to delete the malicious files found.
Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)
start
C:\Users\All Users\InstallMate
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\003\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000001
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\007\t\00\00000000
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000000
C:\Users\Michael\Desktop\u1301.exe
D:\Downloads\Programs\du.meter.6.0x-patch.rar.2233.gzquar
D:\Downloads\Programs\SetupImgBurn_2.5.7.0.exe
D:\Downloads\Torrents\Microsoft Office Enterprise 2010 Corporate.zip
D:\Downloads\Torrents\Auslogics BoostSpeed 6.4.2.0\Auslogics BoostSpeed 6.4.2.0.zip
D:\Downloads\Torrents\Battery.Calibration.v2.1-AnDrOiD\Battery Calibration v2.1-AnDrOiD.apk
D:\Downloads\Torrents\Kindle new Library 2012 by naxyyidz\Kindle new Library 2012 by naxyyidz.rar
:\Downloads\Torrents\Windows Loader v2.2.1. DAZ crack 7\windows loader v2.2.1.exe.
E:\Downloads\Programs\Tweak-Me!-1.3.0.0-Setup.exe
F:\Downloads\Antony.Lewis.WordWeb.Pro.Ultimate.Reference.Bundle.v6.8.Retail.Incl.Keygen-BRD.part1.exe
F:\Downloads\ThaiTV.apk
F:\Downloads\Compressed\Android.Application.KeysP2P.rar
F:\Downloads\Compressed\DownloadHashVerifier.zip
F:\Downloads\Compressed\idm_ultraedit_20.00.0.1037.rar.8578.gzquar
F:\Downloads\Compressed\rainlendar.pro.2.12.build.136_2.rar.32615.gzquar
F:\Downloads\Compressed\u.zip
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012.rar
F:\Downloads\Compressed\Android.Application.KeysP2P\Android.Application.Keys-P2P\Android Keys Collection 2012\Android Keys Collection 2012\Poweramp Full Version Unlocker.apk
F:\Downloads\Programs\ccsetup410.exe
F:\Downloads\Programs\disk-defrag-setup_2.exe
F:\Downloads\Programs\ninja-setup-2.4.5.exe
F:\Downloads\Programs\Riot-setup.exe
F:\Downloads\Programs\Unlocker1.9.2.exe
F:\Program Files\SecurityXploded\DownloadHashVerifier\DownloadHashVerifier.exe
end
Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system
~~~~~~~~~~~~~~~~~~~~~~~~
Fixlog.txt <-- Please post it to your reply
~~~~~~~~~~~~~
Forum Policy
I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.
Don't download/run keygens or cracks..Most are infected by some kind of malware.
At the least you get adware popups and junk links to junk sites.
At worst -- system could be destroyed resulting in need to do total wipe/re-install & personal info such as credit card numbers/bank passwords stolen.
Many of the keygens uploaded to p2p sites are done so by infected systems and are named in such a way to make them look like awsome downloads.
Most victims don't even know they are sharing worms....Others are script kiddies uploading crapware because they think its funny.
Crack sites are just as bad.
Simply visiting the site out of curosity just to see if a "crack" is even available without downloading can get you infected because the sites themselves take advantage of exploitable software/OS to infect it.