What exactly is this? Is this something bad or good? Results on GOOGLE are somewhat mixed. Some say it's an upgrade of something else, while some says it's like some other hacked thingy. I -think- it also extracts some "DSS" thing into my registry. HKEY_LOCAL_MACHINE/software\microsoft\WINDOWS\currentversion\run. Ad-aware calls the registry thing a Data Miner, but when I went into Ewido Anti-MALWARE, it didn't show anything about this. I hear that Microsoft's Anti-Spyware program doesn't even show show that this is a "bad" program. Also, would this program have anything to do with "increasing half-open ports"?jayy_lum...... This is what I found out about that item. Where is it residing ?

The process belongs to the software Microsoft Windows Operating System TCP/IP Module by Microsoft Corporation (www.microsoft.com).

Description: wintcpmod.exe is located in the folder C:\Windows. KNOWN FILE sizes on Windows XP are 482816 bytes (75% of all occurrence), 495104 bytes.
There is no information about the maker of the file. The process is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run). wintcpmod.exe is not a Windows system file. wintcpmod.exe is able to hide itself. Therefore the technical security rating is 6% dangerous.

If wintcpmod.exe is located in the folder C:\Windows\System32 then the security rating is 72% dangerous. File size is 482816 bytes. It is a file without information about the maker of this file. The program has no visible window. It is an unknown file in the Windows folder. wintcpmod.exe is not a Windows system file. The program uses ports to connect to LAN or Internet.

Important: Some malware can camouflage themselves as wintcpmod.exe, particularly if they are located in c:\windows or c:\windows\system32 folder.

dl65  Hmm... somehow it ended up disappearing.. anyways... the DSS thing is gone as well. So I guess this is solved? But I wonder how lol...Wintcpmod.exe aka tcpmod.exe is a remote control trojan or bot. Carry out the procedures outlined in this post and report back.
You absolutely must remove all traces of this and similar infections!!!!

If you have a copy of this file, could I ask that you archive it using WinRaR or similar and send it to me for further testing? I'll provide details as and when necessary.