Recurring infection warning

Every time I turn on my computer, I get a security center message warning me about: http://4dlmng.com/snz/sfen403int21.exe

I am running Avast Internet Security and it tells me the infection was blocked, but I want to be rid of the problem. Has anyone else seen this? Any thoughts on getting it cleaned up?

Any suggestions would be appreciated.

Hello miteyjoe.

Please follow the instructions at http://forum.avast.com/index.php?topic=53253.0. For now, attach the OTL and MBAM logs to a post in this same thread. A malware expert (notified) will assist you ASAP.

Logs attached

Could you let me know if this stops it

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF


:Commands
[CREATERESTOREPOINT]

:OTL
[2013/12/05 22:05:56 | 000,000,000 | ---D | M] (DDownnlOad keeppeeru) -- C:\Users\Lebano Family\AppData\Roaming\mozilla\Firefox\Profiles\60ctvvod.default\extensions\o_7zm2doc@chpiyey-yitcf.com
[2013/12/05 22:05:56 | 000,000,000 | ---D | M] (SearchNewTab) -- C:\Users\Lebano Family\AppData\Roaming\mozilla\Firefox\Profiles\60ctvvod.default\extensions\yeeuhf@aauyo.co.uk
[2013/09/24 06:43:24 | 000,060,287 | ---- | M] () (No name found) -- C:\Users\Lebano Family\AppData\Roaming\mozilla\firefox\profiles\60ctvvod.default\extensions\om@offermosquito.com.xpi
O2 - BHO: (no name) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4090539727-528685471-939148189-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] C:\Windows\test.bat File not found
O4 - HKU\S-1-5-21-4090539727-528685471-939148189-1001..\Run: [Best Buy pc app] C:\Users\Lebano Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Buy\Best Buy pc app.appref-ms File not found
O4 - HKU\S-1-5-21-4090539727-528685471-939148189-1001..\Run: [Intermediate] C:\Users\Lebano Family\AppData\Roaming\Intermediate\Intermediate.exe ()
O4 - HKU\S-1-5-21-4090539727-528685471-939148189-1001..\Run: [ZedgeToneSync] C:\Users\Lebano Family\AppData\Local\Apps\2.0\Data\RQAN1D8G.81O\1EKAPYJV.ABO\zedg..tion_4cd56dcfd1799009_0001.0002_ea3f01849f5e16c3\Data\ZedgeToneSync.appref-ms -startup File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

:Commands
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 4.5mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan

https://dl.dropboxusercontent.com/u/73555776/AswMBR%20scan.JPG

On completion of the scan click save log, save it to your desktop and post in your next reply

Thanks, my problem was moved to the Virus & Worm forum. I worked with TwinHeadedEagle and we got the problem resolved.