Avast seems like it took care of the problem but I am trying to be a good boy and report this here. I know it is probably taken care of through the application but just in case it is not, or if this reoccurs. Since this is an “emergent” threat I thought it may help.
So Avast pops up it blocked something and I start getting all kind of other pop-ups about Windows Authentication needing to run as admin. This is what you get when your Windows or Office do not have a genuine key. I of course do not run those since I didn’t do anything to cause it. Avast comes up and says it removed something and wants to reboot and do a boot time scan. I can’t hit yes fast enough.
Boot scan was clean and I find this is the avast logs:
5/2/2016 9:46:50 PM C:\Users\Christopher Brown\AppData\LocalLow{C13871CC-D72B-4ED0-A209-941721E4D058}\TMP976A.exe [L] FileRepMetagen [DRP] (0)
File was successfully deleted…
This is the only record I can find of Avast doing anything at all.
I didn’t want to take any chances so I go to System Recovery to restore my last restore point. I find that it says not only are all my restore points deleted, but the system restore is disabled. I am a huge believer of this Windows feature and I know I have been making restore points. So I am stuck without being able to go back. I do create a restore point after turning this back on.
After that, I am spooked enough to run MBAM, which is clean. I also did the FRST and aswmbr, logs are attached.
Machine seems ok so far.
Thanks to all of you for what you do.