what happens to you is: you visit a website where a malware-file waits for infecting you and avast aborts the connection to the site before the virus can get to your computer…
so its ok if the virus-scan doesn’t find anything on your HDD.
You are using an old version of HJT, you are also running it from a folder that isn’t its own HJT folder, FileHippo Download - HiJackThis, this should install it in its own folder.
Once you have done that run HJT again and post another log.
The problem with using either a restore disk or reinstalling windows from scratch, the version could be way out of date with many security updates after SP2, leaving you vulnerable to exploits that were patched in the missing security updates after SP2. So you need to ensure that your OS is fully up to date.
I really think you jumped the gun in the re-installation.
If it were a Virus file infecter I would have expected avast to have picked up on multiple infected files, as avast does have a number of Virut signatures 63, but it is possible that it could be a variant.
There is a possibility that this is hidden piece of malware.
Also see, anti-rootkit, detection, removal & protection http://www.antirootkit.com/software/index.htm. Try these as they are some of the more efficient and user friendly anti-rootkit tools.
First of all,i believe this Trj downloader is trying to exploit javascript cod,e so make sure you have the latest java on your system, and then limit its ability on your system/browsers.
Now onto the problem at hand, I am almost certain that your computer is not infected (thanks to avast), its is way more likely that a zombie PC is attempting to redirect you to the infected site in question.
From what i can find out about the activities of this malware, its attempted to direct you to either one of these sites:
Both domains are related to the 222.216.28.25 IP address (located in china)
So i suggest blocking the two above domains with your hosts file, and consider blocking the Ip address with your firewall.
P.S. Just so you know, it seems from reading around that the “zombie PC” may be in your ISPs network, or your local LAN network. (deep scan all PCs on your network to be sure)