Infected Avast file hosted by digitalriver? (Urgent help needed)

Hello all, i have been unable to operate my PC for a week and a half now due to one of the most insane hacks i can think of.

I just reformatted my PC tonight for the 3rd time. Installed Avast premier package and have been watching and monitoring the IP traffic.

Ip address : 72.21.91.29 check the internet out on this guy.

Was connected(established) to my IP address 15 minutes after i installed my firewall and avast package. I don’t know what to think because earlier today he was connected to SearchUi via cortana, which there is an known exploit out now regarding cortana. I replaced my router with one that has ddos protection ipv6 protection and blacklisting still no dice. Just a few minutes ago when he was tryinf to gain entry he was sending 1000byte packets through my svchost while attaching to avastui.exe.

Im at a loss. Brand new reformatted PC, new router, installed Avast before i turned the internet on and this hacker 72.21.91.29 is still gaining entry into my PC how is this possible?

Ive ran malwarebytes, been checking netstat every couple of minutes and he appears

Any suggestions? Im completely unable to use my home
Interrnet

IP history >> https://www.virustotal.com/#/ip-address/72.21.91.29
click on listed items for details

Have you contacted your ISP ?

If you want a computer check, see step #2 here (Farbar Recovery Scan Tool) attach the two diagnostic logs > https://forum.avast.com/index.php?topic=194892.0

http://i68.tinypic.com/2u6p53r.jpg

Shows up 7 seconds after avast firewall is turned on, reformatted 10 minutes earlier

Here are the logs

and this one aswell

have notified the log expert @Sass Drake. but it may take hours before he is online

https://www.virustotal.com/#/file/bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128/detection

That IP downloads a file. Above is the scan result. -232 community score.

FRST logs show no malware traces. IP addres belongs to Verizon and according to VirusTotal history it hosts OSCP servers (https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol). Basically, every time HTTPS connection is established OSCP server will be contacted to check if website certificate was revoked.

Can you be more specific when you say “have been unable to operate my PC for a week”?

What is that?

It is the VT scan result of the file that is downloaded if you go to -http://72.21.91.29/