avast is blocking a url on startup. the file associated with this is wscript.exe

[JimZiii]

hey! i booted up my laptop today and got a popup from avast that it blocked a url:mal and that the file trying to open this url is wscript.exe in windows/system32/
the strange thing is that i havent downloaded anything out of the ordinary yesterday and googling this problem i found that the other people that had this problem had used a usb right before this happened and i havent used a usb in ages. so if anybody knows anything about this please help me out, is this a false positive or what? i cant find anything upon scanning my hdd.
i'm on windows 8.1  64-bit

[essexboy]

I will need to look at the computer

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Select LOP and Purity
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
c:\program files (x86)\Google\Desktop
c:\program files\Google\Desktop
dir "%systemdrive%\*" /S /A:L /C
/md5start
rpcss.dll
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Attach  both logs

[JimZiii]

here are the logs, ive installed malwarebyte's anti-malware and since i installed it avast has stopped warning and blocking and instead malwarebyte is blocking numerous attempts to access different ip's as url's but cant find anything on my hdd with malwarebyte either. i hope you find something in these logs

[AdrianH]

If you want help from EssexBoy it is very important that you do not download, or run any tools/scans etc. unless he requests you to do so.

[JimZiii]

ok, sorry. i downloaded malwarebyte and ran it before essexboy answered me

[essexboy]

I see that you have both adaware antivirus and Avast, I would recommend that you uninstall one of them


Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
[2014-02-22 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[JimZiii]

ok. yeah i installed adaware when i got this problem to see if it could help me but for some reason it wont even let me update the virus definitions. downloads a small percentage then tells me that something hindered it from downloading. but i'm gonna install it when we're done here. i'll be right back with the logs

[JimZiii]

here you go, i included the log from the fix i got on startup

[essexboy]

Could you let me know if the alerts cease after this

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  
  

Code: [Select]

:Commands
[CREATERESTOREPOINT]

:OTL
[2014-02-10 02:37:20 | 000,120,650 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\8qqyrvq6.default\extensions\jid0-5q424C3HVeyE2T4d9bkO7CpXNjU@jetpack.xpi
[2014-02-10 03:03:49 | 000,147,416 | ---- | M] () (No name found) -- C:\Users\Jimmy\AppData\Roaming\mozilla\firefox\profiles\8qqyrvq6.default\extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi

:Commands
[resethosts]
[emptytemp]
[Reboot]

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[JimZiii]

i havent had any alerts in a while now but they seem to alert randomly, should i still do the last fix or just wait and see if i get any more alerts?

[essexboy]

Do the last fix and then run as normal. Let me know if you get any more alerts or not 

[JimZiii]

ok thnx alot for your time, i'll let you know how it goes but right now it's looking good.
is there anything you can recommend using along side avast to keep my computer safe?

[JimZiii]

nope still getting those alerts from malwarebyte

[essexboy]

Could you screenshot the MBAM alert please as it should tell me which programme is running it

[JimZiii]

its in swedish but it says "have successfully blocked access to a possibly malicious website" and the ip changes on every alert.
before i installed malwarebyte i got alerts from avast and there it said the same but from the file wscript.exe in windows/system32/
do you want me to disable malwarebyte and printscreen on the alert from avast? avast didnt get as many alerts as malwarebyte so i'm afraid some of them might slip through