[triadtechtalk] Re: Windows Messanger
- From: Armando Barreiro <avbsantos@xxxxxxxxxxxx>
- To: triadtechtalk@xxxxxxxxxxxxx
- Date: Mon, 19 Dec 2005 19:08:17 -0500 (GMT-05:00)
well, dlcccoms.exe is a worm. This is from a Googlr Search:
QUOTE ON
----------------
"dlcccoms.exe" classified as a WORM
http://www.google.com/search?hl=en&lr=&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial&q=dlcccoms.exe&btnG=Search
or http://snipurl.com/kx45
http://www.bullguard.com/forum/10/WINFIXER-HELP_23594.html
"When I finished and rebooted I got a notification saying that I had new
hardware to install (DLCCC CUSTOMER CONNECT AND SDDMI2). I googled these and
found out they are pests. I went back into safe mode and deleated these..."
---------
QUOTE OFF
Now, to get rid of it, properly.
At majorgeeks there is this:
" take a minute to read the Basic Spyware, Trojan And Virus Removal tutorial."
http://forums.majorgeeks.com/showthread.php?t=35407
Have a go at it, Juanita. Folloow their instructions in your tackling of
"dlcccoms".
Let us know if you need any additional help. They've covered all the basics and
these are very legible instructions, much more detailed than I could do on my
own, so you should
accomplish it without a problem.
That's where the "messages" that you spoke of are emanating.
Hijackthis does it again!
Armando
-----Original Message-----
>From: Juanita Kimble <jkimble@xxxxxxxxxxx>
>Sent: Dec 19, 2005 6:28 PM
>To: triadtechtalk@xxxxxxxxxxxxx
>Subject: [triadtechtalk] Re: Windows Messanger
>
>
>
> no way to see anything but a blank box where one pastes their log file
> in.....and if you sent it there it will be in the forum..... and you will
> have to wait and see if they decide to reply to it.....
>
>
>
> I know it must be a good place to post as It is for highjacjthis logs. They
> even have a link to go to the authors page or you can D\L highjack directly
> from their page. But I already had it.
>
>
>
>
> if you use jijack this it will allow you to make a copy of your log... that
> is what you need to copy and paste in your message thaat you send to this
> group and then we can read it asap....
>
> Here is a copy of the results I got from that site. But after reading it.
> Scrool on down I answered the other things you sais
>
>
>
> . Entry Kind
> (Safe, Nasty, Unknown) Description Tip
> Logfile of HijackThis v1.99.1
> Safe. Shows the version of HijackThis an. The newest version is:
> v1.99.1!
> This should be the newest version. (v1.99.1)
> Platform: Windows XP SP2 (WinNT 5.01.2600)
>
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
> Safe. Shows the version of your Internet Explorer. Newest Version
> is: 6.00.2900.2180!
> This should be the newest version. (6.00.2900.2180)
> C:\WINDOWS\System32\smss.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\system32\winlogon.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\system32\services.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\system32\lsass.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\system32\svchost.exe
> Safe. running process. (svchost.exe)
> Systemprozess - Allgemeiner Hostprozessname f�r Dienste.
>
>
> C:\WINDOWS\System32\svchost.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\system32\spoolsv.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\eHome\ehRecvr.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\eHome\ehSched.exe
> Safe. running process. (ehSched.exe)
>
>
>
> C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
> Safe. running process. (PcCtlCom.exe)
> Trend Micro PC-cillin Internet Security
>
>
> C:\WINDOWS\system32\svchost.exe
> Safe. running process. (svchost.exe)
> Systemprozess - Allgemeiner Hostprozessname f�r Dienste.
>
>
> C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
> Safe. running process. (Tmntsrv.exe)
> Trend Micro Internet Security
>
>
> C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
> Safe. running process. (tmproxy.exe)
> Trend Micro Internet Security
>
>
> C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
> Safe. running process. (TmPfw.exe)
> Trend Micro Personal Firewall
>
>
> C:\WINDOWS\system32\dllhost.exe
> Safe. running process. (dllhost.exe)
>
>
>
> C:\WINDOWS\Explorer.EXE
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\ehome\ehtray.exe
> Safe. running process. (ehtray.exe)
>
>
>
> C:\WINDOWS\system32\hkcmd.exe
> Safe. running process. (hkcmd.exe)
>
>
>
> C:\WINDOWS\system32\igfxpers.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
> Safe. running process. (jusched.exe)
> Java Runtime
>
>
> C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\WINDOWS\system32\dla\tfswctrl.exe
> Safe. running process. (tfswctrl.exe)
> Hewlett-Packard DLA Packet Writing Software
>
> Possibly nasty! According to our database this process runs normally
> in c:\winxp-e\system32\dla\! Check if you know this process and arrange a
> viruscheck where required.
> C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
>
> Safe. running process. (issch.exe)
> InstallShield Update Service Scheduler; automatically searches for and
> performs any updates to the software so you're always working with the most
> current version. Not required.
> Not dangerous, but unnecessary.
>
> C:\Program Files\Trend Micro\Internet Security 12\pccguide.exe
> Safe. running process. (pccguide.exe)
>
>
>
> C:\WINDOWS\eHome\ehmsas.exe
> Safe. running process. (ehmsas.exe)
>
>
>
> C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
> Unknown running process. (dlccmon.exe)
>
> This is a unknown process.
>
> C:\Program Files\Dell Support\DSAgnt.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> C:\Program Files\Trend Micro\Internet Security
> 12\TMAS_OE\TMAS_OEMon.exe
> Unknown running process. (TMAS_OEMon.exe)
>
> This is a unknown process.
>
> C:\WINDOWS\system32\dlcccoms.exe
> Unknown running process. (dlcccoms.exe)
>
> This is a unknown process.
>
> C:\Documents and Settings\Juanita\My Documents\Small
> Programs\hijackthis\HijackThis.exe
> Safe. running process. (HijackThis.exe)
> Tool, mit dem sie dieses Logfile erzeugt haben. Das Programm sollte so
> angelegt sein ! C:\Programme\HijackThis\HijackThis.exe
> Remember that Hijackthis must be run in an own folder. Only if
> Hijackthis run in an own folder it will create backups!
> R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
> = http://www.dell4me.com/myway
> Safe. This page has been identified as safe.
>
> R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.telepak.com/
> Safe. This page has been identified as safe.
>
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL
> = http://www.dell4me.com/myway
> Safe. This page has been identified as safe.
>
> R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
> http://www.dell4me.com/myway
> Safe. This page has been identified as safe.
>
> O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890}
> - C:\WINDOWS\system32\dla\tfswshx.dll
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
> Safe. eHome Media Center PC related - what does it do and is it
> required?
> Hit rate: 99 % (result)
>
> O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
> Safe. Quick access to the control panel via a System Tray icon for
> graphics based upon the Intel chipsets (ie, i810). These chipsets are often
> included on motherboards. Available via Start -> Settings -> Control Panel
> Hit rate: 99 % (result)
> Not dangerous, but unnecessary.
> O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program
> Files\Java\j2re1.4.2_03\bin\jusched.exe
> Safe. Java von Sun
> Hit rate: 99 % (result)
>
> O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event
> Monitor\IntelMEM.exe
> Safe. Related to connection events on an Intel chipset based modem.
> It can alert you if the telephone line is being used when youre trying to get
> online (when youre using dial-up). It can also alert you if your modem line
> is disconnected. Furthermore, it can alert you if you have made a wrong
> connection with your modem line
> Hit rate: 84 % (result)
>
> O4 - HKLM\..\Run: [DVDLauncher] "C:\Program
> Files\CyberLink\PowerDVD\DVDLauncher.exe"
> Safe. A process belonging to the Cyberlink PowerCinema video viewing
> software which allows you to play DVDs upon insertion. This program is a
> non-essential process, and is installed for ease of use.
> Hit rate: 99 % (result)
>
> O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common
> Files\InstallShield\UpdateService\isuspm.exe" -startup
> Safe. InstallShield Update Service related; Automatically searches
> for and performs any updates to the software. Not required.
> Hit rate: 69 % (result)
> Not dangerous, but unnecessary.
> O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common
> Files\InstallShield\UpdateService\issch.exe" -start
> Safe. InstallShield Update Service Scheduler; automatically searches
> for and performs any updates to the software so you're always working with
> the most current version. Not required.
> Hit rate: 99 % (result)
> Not dangerous, but unnecessary.
> O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend
> Micro\Internet Security 12\pccguide.exe"
> Safe. PC-Cillin 2002 antivirus software
> Hit rate: 99 % (result)
>
> O4 - HKLM\..\Run: [DLCCCATS] rundll32
> C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
> Unknown
> Hit rate: -1 % (result)
> Unknown application.
> O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO
> Printer 924\dlccmon.exe"
> Possibly nasty
> Hit rate: 19 % (result)
> It seems that the name of this program is the same as the name of the
> file. In the most cases this is the result of trojans. To be sure, you should
> check this file.
> O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell
> Support\DSAgnt.exe" /startup
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> O4 - HKCU\..\Run: [OE_OEM] "C:\Program Files\Trend Micro\Internet
> Security 12\TMAS_OE\TMAS_OEMon.exe"
> Unknown
> Hit rate: -1 % (result)
> Unknown application.
> O9 - Extra button: (no name) -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
> Safe. The entry has been identified as safe.
> If the entry '' is not needed anymore, it should be fixed.
> O9 - Extra 'Tools' menuitem: Sun Java Console -
> {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
> Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
> Safe. The entry Sun Java Console has been identified as safe.
> If the entry 'Sun Java Console ' is not needed anymore, it should be
> fixed.
> O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
> - C:\WINDOWS\system32\Shdocvw.dll
> Safe. The entry Real.com has been identified as safe.
> If the entry 'Real.com ' is not needed anymore, it should be fixed.
> O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
> Safe. This entry was classified from our visitors as good.
> Click on the stars and look at the comments from our visitors, to
> see, why the entry was classified in such a way.
> O23 - Service: dlcc_device - Unknown owner -
> C:\WINDOWS\system32\dlcccoms.exe
> Unknown These entries shows all services which are not from
> Microsoft. Often malware is starting as a systemservice and it's not easy to
> detect it.
> Unknown service. (dlcccoms.exe)
> O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation
> - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
> Safe. These entries shows all services which are not from Microsoft.
> Often malware is starting as a systemservice and it's not easy to detect it.
> This service (NetSvc.exe) was identified as a good one.
> O23 - Service: Trend Micro Central Control Component (PcCtlCom) -
> Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
> Safe. These entries shows all services which are not from Microsoft.
> Often malware is starting as a systemservice and it's not easy to detect it.
> This service (PcCtlCom.exe) was identified as a good one.
> O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro
> Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
> Safe. These entries shows all services which are not from Microsoft.
> Often malware is starting as a systemservice and it's not easy to detect it.
> This service (Tmntsrv.exe) was identified as a good one.
> O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro
> Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
> Safe. These entries shows all services which are not from Microsoft.
> Often malware is starting as a systemservice and it's not easy to detect it.
> This service (TmPfw.exe) was identified as a good one.
> O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro
> Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
> Safe. These entries shows all services which are not from Microsoft.
> Often malware is starting as a systemservice and it's not easy to detect it.
> This service (tmproxy.exe) was identified as a good one.
>
>
> This log has been checked automatically.
> Check your log file automatically at www.hijackthis.de.
>
>
>
>
>
> and possibly reply........ I will say this.... for a "brand new" computer
> setup by dell before shipment it seems you are having some very strange
> problems with a fiarly stable operating system.....
>
>
> Actually I don't see where I am having any problem too big.Just that dell
> stuff that I dont trust
>
>
> now if it were one that you have had for a couple years would not find it
> so out of place....... but from what it seems is that someone has jumped in
> and made loads of changes trying to eliminate things that now have messed
> over an established working system.
>
>
> There have not been lots of cganges. I uninstalled AOL,earthlink,paint shop
> pro. Search my way,coral photo. I wasn't going to buy paint or coral photo.
> So why keep them? There are others that I have to buy that are still in
> add\remove.
>
> I did take three music boxes off startup.
>
>
>
> Juanita
________________________________________
PeoplePC Online
A better way to Internet
http://www.peoplepc.com
VIEW ARCHIVES @ //www.freelists.org
UNSUBSCRIBE by sending email to triadtechtalk-request@xxxxxxxxxxxxx with
unsubscribe in the Subject field.
To VIEW/CHANGE your subscription status go to
//www.freelists.org/webpage/triadtechtalk
Contact List Owner - dbcfour@xxxxxxx
Other related posts:
