Is Spybot detecting a new firewall rather than Fraud.InternetSecurity2011? #2

[Botter]

I'm wondering if I'm getting a false positive from Spybot, or if there's something else I should be doing here.

Immediately after installing PC Tools Free Firewall, I ran Spybot and it found several entries for Fraud.InternetSecurity2011. However, the entries aren't the same as the files and registry entries listed online for the virus. In addition, I checked for the virus files listed by http://www.wiki-security.com/wiki/Pa...etSecurity2011, and none of them are on my computer.

My complete original post is here: http://forums.spybot.info/showthread...381#post408381

DDS record is below. Thank you kindly for your effort and advice.

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Taeji at 9:51:55 on 2011-07-01
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3327.2226 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: PC Tools Firewall Plus *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Rogers\SelfHealing\RogersSelfHelpService.exe
C:\Program Files\Rogers\Update Manager\RogersUpdateManager.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - c:\program files\vshare\vshare_toolbar.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [PMCRemote] c:\program files\pinnacle\shared files\programs\remote\Remoterm.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [00PCTFW] "c:\program files\pc tools firewall plus\FirewallGUI.exe" -s
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
IE: {FF925300-80E6-11D4-A15B-FFF9086C1A3C} - {4DC701A0-93AD-11D4-A15B-AF07886E4A07} - c:\progra~1\dzsoft\favori~1\FavSeek.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282401542562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1229D97A-5360-424F-83C0-45C1A479E4F3} : DhcpNameServer = 192.168.0.1
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - c:\program files\vshare\vshare_toolbar.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\taeji\application data\mozilla\firefox\profiles\nrqbd9pa.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Go Parent Folder: goParentFolder@alice - %profile%\extensions\goParentFolder@alice
FF - Ext: CopyAllUrls: {960BE052-4847-422b-9AD6-8631D3D0A607} - %profile%\extensions\{960BE052-4847-422b-9AD6-8631D3D0A607}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: ChromaTabs Plus: {1cff04ef-0c75-4621-ba2a-2efb77346996} - %profile%\extensions\{1cff04ef-0c75-4621-ba2a-2efb77346996}
FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
FF - Ext: Favicon Picker 3: {446c03e0-2c35-11db-a98b-0800200c9a67} - %profile%\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
FF - Ext: Paste to Tab and Go: pastetotab@loucypher - %profile%\extensions\pastetotab@loucypher
FF - Ext: Print Edit: printedit@DW-dev - %profile%\extensions\printedit@DW-dev
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-8-22 294608]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2011-6-29 251560]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-8-22 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-8-22 40384]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2011-6-29 160576]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;c:\program files\pc tools firewall plus\FWService.exe [2011-6-29 286000]
R2 RogersSelfHelpService;Rogers SHS Service;c:\program files\rogers\selfhealing\RogersSelfHelpService.exe [2010-6-3 139264]
R2 RogersUpdateManager;Rogers Update Manager;c:\program files\rogers\update manager\RogersUpdateManager.exe [2010-6-3 163840]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2011-6-29 89472]
R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2011-6-29 57536]
R3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2011-6-29 125248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 cpuz132;cpuz132;\??\c:\docume~1\taeji\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\taeji\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-8-21 79360]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2011-6-29 57536]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-06-29 15:27:46 -------- d-----w- c:\documents and settings\taeji\application data\PCToolsFirewallPlus
2011-06-29 15:27:16 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-06-29 15:27:16 160576 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-06-29 15:27:15 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-06-29 15:26:28 89472 ----a-w- c:\windows\system32\drivers\pctNdis-PacketFilter.sys
2011-06-29 15:26:28 57536 ----a-w- c:\windows\system32\drivers\pctNdis.sys
2011-06-29 15:26:28 32808 ----a-w- c:\windows\system32\drivers\pctNdis-DNS.sys
2011-06-29 15:26:28 -------- d-----w- c:\program files\common files\PC Tools
2011-06-29 15:26:27 125248 ----a-w- c:\windows\system32\drivers\pctplfw.sys
2011-06-29 15:26:25 -------- d-----w- c:\program files\PC Tools Firewall Plus
2011-06-06 16:55:30 183696 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2011-06-06 16:55:30 183696 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2011-06-02 22:39:15 -------- d-----w- c:\documents and settings\taeji\local settings\application data\Temp
.
==================== Find3M ====================
.
2011-06-27 01:33:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-04 08:52:22 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-04 06:25:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
============= FINISH: 9:54:05.15 ===============

[Blade81]

Hi,

Please update Spybot and run a scan with it. Post back the findings. Post fresh dds logs too.

[Blade81]

Due to inactivity, this thread will now be closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.