(inserted updates to the original post)
Hello Friends at Bleeping Computer! This is Matt from Brazil.
I've been looking around your forums and I know that you are good guys and that you can help me. After downloading a movie via torrent, I was prompted to download a certain codec in order to play the movie. I accidentally clicked it, tried to stop it and even rebooted, but that was enough to infect my system. There is a browser adware in place that has rendered Chrome and all other browsers almost unusable, opening tabs, redirecting to useless websites and causing overall slow web browsing. The virus/malware also did something to Windows as the Firewall is down and cannot be enabled (a prompt says something like "It was not possible to start Windows Safety Central). I used AVG and it found several trojans, an file named xvidcodexfix.exe wich was the bait in the first place(not sure if that is the file name, but it is something close to that). Even though AVG claims to fix it, the problem persists. While I am browsing, AVG will sometimes pop up saying that it found a Trojan and i click to fix, but the problem persists. Another symptom is that every once in a while a Black DOS Window will appear for just a second and then close very fast (it does not seem to show any text, or it may show too fast for me to read). I have also used SpyBot and it only works if I run as Admin. The spybot scan will find some malware explicitly named Disable Windows Security Central (again, that or something close to that), but clicking to fix it does not solve the Problem.
Please note that I am a regular user with no tech knowledge, I use this laptop only for College and simple web browsing, so please bear with me. Also, our exchange of logs my include some text in Portuguese (my native language) but I believe it will not impair your understanding. I will attach my FRST scan logs below. FRST is running on Portuguese and I cannot seem to change it to English, but I believe it will not cause any major problems.
I know I screwed up in downloading movies, but please help me guys, I don't know what to do!
UPDATE 1: While browsing files in the infected laptop I came across a file called 'xxx'.manifest (xxx being something I cant recall) and a bunch of out of place dll files(if I remember correctly I spotted those upon clicking my C: unit on Explorer). I google it, and found the description of the exact same method that infected my system. Link:
UPDATE 2: Rebooted the system and was not able to use the internet. I also could not find the above mentioned manifest file or the odd looking register keys and dll's upon exploring the C: drive unit. To clarify: first I had a browser hijacking situation (redirecting, websearch, new tab, hidden extensions etc.) and now none of the browsers are connecting to the web (it claims to be a proxy problem). Firewall and Windows Security still disabled, and when I try to activate and error states "Could not start Windows Security".
UPDATE 3: Looked at the FRST log, I still don't feel your understanding will be impaired because of the Portuguese, but feel free to ask me about any translation problem (but google translate shoud work fine).
Edited by mattcosta95, 05 January 2017 - 01:18 PM.