Return on every reboot

Hello,

About a week ago i was cleaning my fathers infected computer, regular routine everything was cleared off
and today I did a avast scan as a sort of follow up to the cleaning a week ago and avast! found a temp file flagging it as a “Fakealert” well then I did a scan with Malwarebytes and it came up with 3 additional file’s which I was going to upload to avast! to help detections but when i tried to upload them to virus-total the files could not be found in windows explorer, even with all the “hide files” unchecked so I opted to delete them instead well upon re-boot of the machine I did another quick scan with MBAM and it found the very 2 same files as before, I have attached the scan log. Any help with these would be greatly appriciated.

Thank you

Just been through something similar with Tech - I threw all my tools at it and could not find the job file at all - so methinks it may be a MBAM FP

Please download OTM

[*] Save it to your desktop.
[*] Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
[*]Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



:Files
C:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job 
C:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job

:Commands
[purity]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]

[*]Return to OTM, right click in the “Paste Instructions for Items to be Moved” window (under the yellow bar) and choose Paste.

[*]Click the red Moveit! button.
[*]Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
[*]Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Hello

Sorry I never posted back yesterday. Anyways I scanned the machine again this morning with MBAM and the files are no longer being detected so apparently these were false positives as you suspected essexboy.

Thanks

Glad it’s done - must ask Tech now ;D

Hello again

this is odd, this is very odd, after not being detected yesterday I updated mbam to the latest version and scanned again, and the same 2 files were detected again.

Thanks

I’ve formated and started from the beginning… so the files aren’t being detected anymore.
Although I could say they were a mystery of detections.

Hello

I have learned that these 2 files which are still being detected can be found in windows task schedular and both of them point to 2 files Epd.exe and Epc.exe. Epd.exe returns no suspicious hits on google that I could find while Epc.exe returns this
http://www.prevx.com/filenames/2017549858400286973-X1/EPC.EXE.html
The problem with removing these is that I cannot delete the tasks in task scheduler I repeatedly get the error
“The user account does not have permission to delete this task” the problem is that the user I am logged in under is the administrator is there any way around this so I can delete these 2 tasks?
I have searched for both files that the tasks point to and cannot find either

Thanks.

Bump