Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

File


  • Please log in to reply
9 replies to this topic

#1 Skypoint

Skypoint

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 31 December 2007 - 12:51 PM

Hi,

I've been going through Autoruns and have come across a file named EPWQZCLX. It's not listed here, and not found after using the Autoruns search feature on the net. The location on my box is \??\C:\WINDOWS\System32\epwqzclx.lmd In the registry, is located in hkey local/system/currentcontrolset/sevices

Does anyone reconize this?

Thanks!

Jim

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:03:48 PM

Posted 31 December 2007 - 02:04 PM

Welcome to BC
When it doesn't show up in any data base or Google it's likely to assume you're infected
Mark
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter

#3 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:48 PM

Posted 31 December 2007 - 02:45 PM

What is the Autruns description and path? What heading does this file appear under and what is the complete listing in Autoruns?

Louis

#4 Skypoint

Skypoint
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 31 December 2007 - 04:07 PM

Thanks for responding... there was no discription, and no publisher listed.

Here's the image path: EPWQZCLX File not found: C:\WINDOWS\System32\epwqzclx.lmd

Also, this is where the file is located in Explorer: WINDOWS\System32\epwqzclx.lmd

In the registry, it's located in hkey local/system/currentcontrolset/sevices

Thanks

Edited by Skypoint, 31 December 2007 - 04:09 PM.


#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:48 PM

Posted 31 December 2007 - 04:37 PM

http://filext.com/file-extension/LMD

Do you have Ab FR installed? If so, it's not unusual for programs like it to drop things in Startup, which does not mean that you necessarily allow it to run.

Louis

#6 Skypoint

Skypoint
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 31 December 2007 - 04:55 PM

Yes, I have ABBYY installed. Thanks for the link. Wondering why Autoruns couldn't find the program?

#7 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:48 PM

Posted 31 December 2007 - 05:36 PM

Well, it could be an orphan...a file which does not have the proper connection to the parent program.

A reinstall of the Abby program might fix that, although I question the value of it if you will disable it from running at startup. There is no logical reason anything related to AFR should run at startup, IMO.

Louis

#8 Eyesee

Eyesee

    Bleepin Teck Shop


  • BC Advisor
  • 3,541 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:In the middle of Kansas
  • Local time:02:48 PM

Posted 31 December 2007 - 06:17 PM

I agree with garmanma. Looks suspicioulsy like a virus or malware to me.
Google search turns up nothing.
I would check for viruses and spyware.
In the beginning there was the command line.

#9 Skypoint

Skypoint
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:48 PM

Posted 03 January 2008 - 02:05 PM

Here's an update on this file- I uninstalled ABBYY, rebooted, ran AR, and the file was still there. I unchecked it, deleted it, rebooted and the file was gone.

It appears to have been a part of ABBYY... or it could've been a virus using an .lmd extension. It leads me to think so as there's no reference to the file anywhere on the net. BTW, I ran Panda and three other virus programs and none of them identified the file.

Thanks for all your help!

Jim

Edited by Skypoint, 03 January 2008 - 11:06 PM.


#10 hamluis

hamluis

    Moderator


  • Moderator
  • 55,868 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:02:48 PM

Posted 03 January 2008 - 02:08 PM

Happy computing !

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users