Need help: DH's computer under a virus attack

So my DH got a virus from 4chan last night (please no lecturing it’s not me, it’s him. I just happen to have the working laptop.) I know way less about this than he thinks I do but here’s what I do know:

As soon as Avast said malicious URL detected he turned off wireless and ran a virus scan. Avast found astro.exe, astro[1].exe and another one that was a string of 9s & 8s all in his “Users/HisName” folder and sub folders. But when he turned he wireless back on, same thing.

So he turned the computer off until we could mess with it today. He ran a boot check and found suspicious files in the SysWoW64 folder that a google check says are, or should be legit. But he tried to delete them anyway and he was told her didn’t have permission.

I took over and booted to safe mode, used Avast to get rid of the above mentioned astro.exe files (because it hadn’t, and there was an error message saying it couldn’t put them in the virus vault either.) I also found a whole new User (password locked and everything) that shouldn’t have been on the computer. So I cleaned that up, we deleted the profile, cleared the recycling bin and ran virus scan again, everything came back clean. For good measure we also checked internet explorer (his only browser) and there were no new page added as home pages to be automatically loaded.

He booted up to regular, everything seemed fine, until he turned on wireless. Then again Avast went nuts with “Malicious URL blocked” until after three popups it said his computer was under a virus attack, so we flipped off wireless again.

It’s duh (right?) that there’s a program somewhere automatically trying to connect to malicious urls, but Avast is not picking it up as a virus. Right now we have it in safe mode again with Avast making sure the virus attack didn’t leave anything new on the hard drive. My next best guess is keep wireless off, start as normal then just google everything running to try to find out what it is, load in safe mode and get rid of it.

But honestly I’m just feeling lost, he’s irritable as heck and has to head for work (and doesn’t want to leave me with unsupervised access to his computer). So what now?

Okay the third virus was called 9b88.exe. All three were in the Users\Him\AppData folder Avast says they were Win32:Renosa-J [Wrm] and Win32:Renos-AVW [Drp] (he had 2 of each).

Hello there,
Are you have redirect problems etc?
Please Download and install MalwareBytes Anti-Malware
www.malwarebytes.org
1)Download
2)Install
3)Update
I repeat update,don’t forget to update mbam.
4)Scan
5)Save the log and post it here.

Whew. I thought there would be problems getting Malware Bytes downloaded, but thank goodness for safe mode with networking. It found 19 infected files, mostly trojans. DH took his computer with him to work so I can get a log when her gets set up. But reading threads here made me try Malware Bytes, so already, thanks!