Chromium virus and win zip virus regenerating

[DomC]

I have tried adware cleaner and r kill and they failed. I've done a bunch of things to try to fix it on my own and I basically have been unsuccessful and probably made it worse.
Initially my son added ghostery and Google analytics opt out add ins and avast premier free trial with their browser in it. We never used the browser. However and he clicked on something and it was a zip file and then downloaded win zip. After this there was a gray chrome mimicking icon in the Taskbar I went to Uninstall it and win zip it failed. Then I right clicked on them to delete them and it had undo delete where it should have said delete in the right click menu. Also add a bunch of files of 20 or 30 character names with random letters and numbers in it in temp file. Had a folder called Low with another folder in it I forgot the name. But windows update folder was in that. I got dban and did a quick erase and reloaded windows 7 but it loaded really fast like 30 min or so and it said installing updates as it was loading. Weird. OK so it gets done and I hit update windows and it just spins and spins and never finds a single update. 4 months ago I reloaded the windows on it and it was a several hr process with 400 updates. Also it automatically created a home group Internet connection. Usually I have to manually go through the steps. OK so my son added ghostery again and the Google opt out add in and avast premier trial again. Not realizing the browser may be the issue. Again never used the browser. Could not update windows again. Tried Internet troubleshooter nothing then network troubleshooter said Internet has issues run that troubleshooter which again found nothing. The fix it troubleshooter fixed several things but still couldn't update. Dowmloaded adware cleaner I kept getting messages that I was using an older version of adware basically it wouldn't run and after the third time it ran and found nothing. I also ran r kill and it found nothing. I got mad and used dban last night to do a dept of Defense 7pass erase of hard drive with Internet cable disconnected. So that's where it is now. I'm willing to pay you to help me this is my personal computer and I have no job and cannot job hunt with it messed up like this. So basically this morning the dban erase will have been done and that's where I am at.

 

[DomC]

I forgot to add my son added free adobe pdf reader as well on the 13th

 

[DomC]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by DOM (administrator) on DOM-PC (15-04-2016 11:19:32)
Running from C:\Users\DOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0PQ2UNL
Loaded Profiles: DOM (Available Profiles: DOM)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Farbar) C:\Users\DOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0PQ2UNL\FRST64[1].exe

==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{006ED718-483E-48E4-B110-2E797EFC39E0}: [DhcpNameServer] 192.168.1.1
Internet Explorer:
==================
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-20] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-20] (Microsoft Corporation)
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
R3 VST64HWBS2; C:\Windows\System32\DRIVERS\VSTBS26.SYS [411136 2009-06-10] (Conexant Systems, Inc.)
R3 VST64_DPV; C:\Windows\System32\DRIVERS\VSTDPV6.SYS [1485312 2009-06-10] (Conexant Systems, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-15 14:32 - 2016-04-15 10:39 - 00000000 ____D C:\Windows\Panther
2016-04-15 13:36 - 2016-04-15 13:36 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-04-15 13:36 - 2016-04-15 13:36 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-04-15 13:34 - 2016-04-15 13:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-04-15 11:19 - 2016-04-15 11:19 - 00000000 ____D C:\FRST
2016-04-15 11:02 - 2016-04-15 11:02 - 00000000 ____D C:\Users\DOM\AppData\Local\ElevatedDiagnostics
2016-04-15 10:50 - 2016-04-15 10:50 - 00057560 _____ C:\Users\DOM\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-15 10:50 - 2016-04-15 10:50 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-04-15 10:50 - 2016-04-15 10:50 - 00001945 _____ C:\Windows\epplauncher.mif
2016-04-15 10:50 - 2016-04-15 10:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-04-15 10:49 - 2016-04-15 10:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-04-15 10:40 - 2014-05-14 12:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-15 10:40 - 2014-05-14 12:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-15 10:40 - 2014-05-14 12:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-15 10:40 - 2014-05-14 12:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-15 10:40 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-15 10:40 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-15 10:40 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-15 10:40 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-15 10:39 - 2016-04-15 10:39 - 00001447 _____ C:\Users\DOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-15 10:39 - 2016-04-15 10:39 - 00001413 _____ C:\Users\DOM\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-04-15 10:39 - 2016-04-15 10:39 - 00000020 ___SH C:\Users\DOM\ntuser.ini
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\My Documents
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\Documents\My Videos
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\Documents\My Pictures
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 _SHDL C:\Users\DOM\Documents\My Music
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 ____D C:\Users\DOM\AppData\Local\VirtualStore
2016-04-15 10:39 - 2016-04-15 10:39 - 00000000 ____D C:\Users\DOM
2016-04-15 10:39 - 2011-04-12 04:28 - 00000000 ____D C:\Users\DOM\AppData\Roaming\Media Center Programs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-15 14:32 - 2009-07-14 01:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-04-15 13:38 - 2009-07-14 00:45 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-15 13:38 - 2009-07-14 00:45 - 00019472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-15 13:38 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-04-15 13:37 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-15 13:37 - 2009-07-14 00:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-15 13:35 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\sysprep
2016-04-15 13:33 - 2011-04-12 04:28 - 00000000 ____D C:\Windows\CSC
2016-04-15 10:42 - 2009-07-14 01:13 - 00713888 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-15 10:42 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-15 10:40 - 2009-07-13 23:20 - 00000000 __RHD C:\Users\Public\Libraries
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-15 13:33
==================== End of FRST.txt ============================

 

[DomC]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by DOM (2016-04-15 11:19:54)
Running from C:\Users\DOM\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T0PQ2UNL
Windows 7 Professional Service Pack 1 (X64) (2016-04-15 14:39:05)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================
Administrator (S-1-5-21-3562925310-3280694643-3389960412-500 - Administrator - Disabled)
DC (S-1-5-21-3562925310-3280694643-3389960412-1003 - Limited - Enabled)
DOM (S-1-5-21-3562925310-3280694643-3389960412-1000 - Administrator - Enabled) => C:\Users\DOM
Guest (S-1-5-21-3562925310-3280694643-3389960412-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3562925310-3280694643-3389960412-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DOM\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
==================== Restore Points =========================
15-04-2016 10:40:06 Windows Update
==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================
Application errors:
==================
Error: (04/15/2016 11:19:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:16:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:16:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:16:01 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:15:13 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:15:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:15:09 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:03:23 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 11:02:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Error: (04/15/2016 10:42:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

System errors:
=============
Error: (04/15/2016 11:01:49 AM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
New Signature Version:
Previous Signature Version: 0.0.0.0
Update Source: %NT AUTHORITY59
Update Stage: 4.9.0218.00
Source Path: 4.9.0218.01
Signature Type: %NT AUTHORITY602
Update Type: %NT AUTHORITY604
User: NT AUTHORITY\SYSTEM
Current Engine Version: %NT AUTHORITY605
Previous Engine Version: %NT AUTHORITY606
Error code: %NT AUTHORITY607
Error description: %NT AUTHORITY608

==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 53%
Total physical RAM: 6077.92 MB
Available physical RAM: 2823.63 MB
Total Virtual: 12154.04 MB
Available Virtual: 8167.62 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:445.96 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F4250583)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================

 

[Ink]

Please use the Upload a File to attach any logs requested by @TwinHeadedEagle. Thank you.

 

[DomC]

ok i am sorry i honestly dont want to upset anyone or do things wrong im just really frustrated by all this and its hurting my job search - not your issue but im in a jam and would like ot get it fixed but i have to wait my turn i understand. if i did it wrong and am being purposely avoided please tell me what i did wrong and i apologize. i dont want to cme off as an idiot. i just am dealing with a lot on my plate is all.

 

[DomC]

i have not got one response visible to me so if anyone is trying to help me im not gettin any replies to this post

 

[TwinHeadedEagle]

Your PC isn't infected and system is new as I saw.