False positives for Cimuz and TelekomBill.Fake

[Boot53]

When I upgraded to version 1.5 of Spybot in October, ten instances were found of Cimuz and one of TelekomBill.Fake. (I almost choked! Spybot 1.4 had not found any of them.)

All of the results are grouped together in one place in the registry -
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\load\

There is no trace of the files which Cimuz creates - ipv4monr.dll and mdms.exe.
I don't have F-Secure on my machine - this software was under suspicion in the other False Positive forum items which mention Cimuz. Neither Windows Defender nor Adaware find Cimuz or TelekomBill.Fake.

I am running Windows XP Home Edition 2002 SP2; browser is IE7. Spybot is version 1.5.1.15 and the latest update is 26.12.2007. As already mentioned, the results occurs in a scan result. Are they false positives please?

[Yodama]

hello,

this could be a false positive but it could also be a new Cimuz variant that only gets detected partially.
Please follow the steps in this sticky
to create a complete log file and attach it to your next post. If the log file is to large email it to detections-at-spybot.info (replace -at- with @) and refer to this thread.

[Boot53]

The report file is pretty long so I have emailed it instead as you suggested. Thanks!