What action should I take when Web Shield logs a site?

[rex.baldon@bfa.org]

A user was getting a popup every 10 minutes from Avast EPS. Looking in the SOA Shield log, I could see that it was flagging Win32:Malware-gen on the URL http://54.167.101.139/BTD.exe
A full system scan found nothing, nor did a boot time scan. Then mysteriously after we left for the day the computer turned itself off. When we started it the next day the problem was gone.
What else should I have done to troubleshoot this problem?