Need help getting rid of reannewscomm.com virus

Any help you can provide would be greatly appreciated! My Avast software is giving me “Threat Detected” messages every 30 seconds or so. They just keep coming. The details of the threat are as follows:

Object - http://reannewscomm.com/ads.php?sid=1966
Infection - URL:Mal
Process - c:\windows\explorer.exe

Sometimes I get multiple threats at once and most of them are like the one above. Occasionally I also see threats with this description:

Object - http://sitestatistic.net/www/delivery/ajs.php?zoneid=
Infection - URL:Mal
Process: c:\windows\system32\conhose.exe

My operating system is Windows 7 Home Premium and I’m attaching these files:

MalwareBytes Scan Log - MBAMScanLog03052016.txt
Farber output files - FRST.txt and Addition.txt

I also ran aswMBR and the first time my system re-booted. I changed the name of the file and am running it again. It’s still running but is taking a really long time. I will attach the scan log to this thread when it finishes.

Any help you can provide would be greatly appreciated. Thank you.

Let me know if this stops the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint: HKU\S-1-5-21-3100448734-784222415-454981768-1000\...\Run: [ogjwbxqa] => "C:\Users\AcerDesktop\AppData\Local\rdkjfuob.exe" URLSearchHook: HKU\S-1-5-21-3100448734-784222415-454981768-1003 - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File 2016-03-05 15:37 - 2016-03-05 15:37 - 00000000 ___HD C:\ProgramData\{CA2FACF7-9029-4A21-892B-E7F60B39FF1A} 2016-03-05 07:38 - 2016-03-05 07:39 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{1B49DF05-0F45-42AE-B193-68ADBD64BC60} 2016-03-04 19:37 - 2016-03-04 19:37 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{7B85AF82-E88A-4406-958C-628964F85D1B} 2016-03-04 07:36 - 2016-03-04 07:36 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{1FC85F58-D8E9-483B-8654-E0F3FB109A7C} 2016-03-03 19:36 - 2016-03-03 19:36 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{7A110305-80E6-4FAD-9FCD-7B6FFA66E683} 2016-03-03 07:35 - 2016-03-03 07:35 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{7E9376D6-A777-40E1-8D89-D8851E42C075} 2016-03-02 10:59 - 2016-03-02 10:59 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{5B6FAE86-D691-4143-8ACD-982C0FE24450} 2016-03-01 22:58 - 2016-03-01 22:58 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{DB8A0C4C-B008-4BF8-99AF-F69152605433} 2016-03-01 10:57 - 2016-03-01 10:57 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{87C1005B-ADF1-43A2-8225-E9666E01339B} 2016-02-29 22:56 - 2016-02-29 22:56 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{D58A4ED8-4943-44F9-96B4-AA45A9C7F09D} 2016-02-29 10:55 - 2016-02-29 10:56 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{BACD3DB8-000E-403C-8831-C8D02BC60BAF} 2016-02-28 14:02 - 2016-02-28 14:02 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{24FE806B-CD98-44CE-85B2-CF389111872C} 2016-02-27 10:29 - 2016-02-27 10:29 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{9627FA8B-B1F6-447F-965E-CE67CCE0176D} 2016-02-26 15:23 - 2016-02-26 15:23 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{50547A1B-22E0-4AD9-8EAB-2C5A3FDE58E6} 2016-02-26 03:00 - 2016-02-26 03:00 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{09F8FDB7-DEAF-477D-B7CA-E9E6C9FB9210} 2016-02-25 11:21 - 2016-02-25 11:22 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{5F50AAA1-8BA8-4358-A11B-B01FD9D3B6F4} 2016-02-24 08:43 - 2016-02-24 08:43 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{10B0CD82-CB16-4279-8034-93956F6FB330} 2016-02-23 09:20 - 2016-02-23 09:20 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{97A41B3E-5ACB-48CF-AFD3-D255BDAD634C} 2016-02-22 10:34 - 2016-02-22 10:34 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{EA5BD730-3D6E-4B07-B83D-D3973BC82DD9} 2016-02-21 12:41 - 2016-02-21 12:41 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{9AB4BA48-66E1-4847-8E46-C9BC1ADD5831} 2016-02-20 13:23 - 2016-02-20 13:23 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{4E578F51-5E0B-4552-BF4E-D18065829F29} 2016-02-19 08:46 - 2016-02-19 08:46 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{3009A924-C5D5-4804-8E2D-CD7912173271} 2016-02-18 08:31 - 2016-02-18 08:32 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{A5658AD7-D412-48AA-A587-139C2AE2DFA0} 2016-02-17 10:33 - 2016-02-17 10:34 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{4D209E08-0413-43BF-AE61-5D447CEB49A7} 2016-02-16 18:02 - 2016-02-16 18:02 - 00000000 ____D C:\Users\AcerDesktop\AppData\Local\{A3F508C4-9254-4F82-B8B5-56B78A8A5776} 2014-05-22 12:29 - 2014-05-22 12:29 - 0068314 _____ () C:\Users\AcerDesktop\AppData\Local\bepkvefn 2014-05-22 12:30 - 2014-05-22 12:30 - 0012326 _____ () C:\Users\AcerDesktop\AppData\Local\paopserc C:\Users\AcerDesktop\AppData\Local\rdkjfuob.exe Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f RemoveProxy: EmptyTemp: CMD: bitsadmin /reset /allusers

Save this as fixlist.txt, in the same location as FRST.exe

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG

Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

[*]Close all open programs and internet browsers.
[*]Double click on AdwCleaner.exe to run the tool.
[*]Click on Scan.
[*]After the scan is complete click on “Clean”
[*]Confirm each time with Ok.
[*]Your computer will be rebooted automatically. A text file will open after the restart.
[*]Please post the content of that logfile with your next answer.
[*]You can find the logfile at C:\AdwCleaner[S0].txt as well.

I’ve run the FRST fix. I’m attaching the fixlog file. I’m not seeing the “Threat Detected” popups anymore. I’m going to run the AdwCleaner next.

I’ve run AdwCleaner and am attaching the logs for it (scan and clean).

Everything appears to be working. My CPU utilization is back to normal and there are no more “threat-detected” messages. Thank you very very much!

Any further problems ?