This was reported on my last scan - HKEY_CLASSES_ROOT\Interface\{55C904F2-85EB-4982-BF62-C97108367B3A}. The information listed on that key is Name (Default); Type REG_SZ; Data clsSendMail. There are 3 subfolders: Forward, ProxyStubClsid and ProxyStubClsid32. The subfolders contain the same Name & Type information but have different Data. I can not determine what program installed the keys. Should I go ahead and remove the keys? I can not find anything in the forums that tell me what 007 Spy Software is or what type/how much of threat it is. By the way, I did find other helpful information on the forums, thank you for that.

it is a keylogger :D

Thank you Sword. OK, it is a keylogger. Can you add any information? Does the Data clsSendMail mean my keystrokes are being mailed somewhere? Is there a way to find which application installed the keys so I can delete that program? I have noticed alerts that say "logitech is trying to monitor your keyboard strokes" and I think there was one when I was working in FrontPage that was similar. Do you think one of those programs may be the culprit? Thanks for any help.

Hello KJWilson.

Open SpyBot, check for and get any updates available,
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

tashi, after viewing my logs, can you remove them? I don't know that it is "safe" to have all my system stuff exposed??

Hi there.
I removed your log as per your request.

However if it is of any reassurance, logs of many types are posted at all help support sites.
For instance see our malware removal forum:
Malware Forum (http://forums.spybot.info/forumdisplay.php?f=22[/url)
It is the only way we can check the system for problems. :)

Thank you for removing the log. I guess I should have written if it isn't safe to then remove? If it will help anyone else, you may repost the log. Can you tell from the log which program set the keylogger or how it got into the registry? Tashi, I would like to tell you again I appreciate your help. :)

Hi. ;)

I have asked a helper to take a look at the log and respond to you here with his findings.

Cheers.

Hi

I see you let SSD fix it, Good.
007 Spy Software: Interface (Registry key, fixed)
HKEY_CLASSES_ROOT\Interface\{55C904F2-85EB-4982-BF62-C97108367B3A}

Delete this run with your startup manager program or SpyBots tools > system startup
command: wjview /cp "C:\Program Files\MyPointsPointAlert\System\Code" Main lp: "C:\Program Files\MyPointsPointAlert"
file: C:\WINDOWS\system32\wjview.exe
Manualy delete the MyPointsPointAlert folder, do not delete wjview

I followed your instructions. Hope my system is more secure now. Thank you for your assistance. :bigthumb:

Hi tashi. I'm "chiefcondensor". On Tuesday 1-31-06 I ran my checks and Spybot 1.4 picked up 007 Spy Software. But it is unable to remove it...tried the restart and restart in safe mode. I have Norton Internet Security,Registry Mechanic, Ad-Aware,and Microsoft anti spyware. Only Spybot can detect the 007 Spy Software. So I found this site to get help removing 007. I have followed your instructions to KJWilson....may I send my report to you ?
Hello KJWilson.

Open SpyBot, check for and get any updates available,
Close all browsers, check for problems and fix everything found in red
Then on the toolbar menu select mode and switch to advanced mode, on the left lower down select tools, and view report, ensure all the options are selected near the bottom except

Uncheck[ ] do not report disabled or known legitimate Items.
uncheck[ ] Include a list of services in report.
Uncheck[ ] Include uninstall list in report.

Now select (near the top) view report.
Press export in the save in box choose a place such as your my documents folder, then in your next post near the bottom select the "browse" button; navigate to and attach or post that report please.

Hi there. :)

Yes go ahead and post the Spybot-S&D log.

Cheers.

tashi,
let me know if my Spybot reort attached to this message. I don't see where it is on this message. If you get it, please help with 007 Spy Software removal, and any other problems you see on the report. Used to be that when I ran Spybot 1.4 it came up clean. Since the 007 Spy Software appeared I get a lot of other problems showing up also.
Thanks
chiefcondensor

Hi chiefcondensor

What else is in that folder ?
C:\Program Files\System32
Give us a contents list please

As usual ,I am making things difficult for myself.
C/ Program Files/ system32 has these 3 files in it:
hhctrl.ocx
icm 32 .dll
riched 32.dll
If I try to attach these I get "invalid file" message!
If I could contact you this would go a lot faster. I will hire you, or make a donation to the Safer Networking site.
chiefcondensor

If I could contact you this would go a lot faster. I will hire you, or make a donation to the Safer Networking site.
chiefcondensor

Hi there.

Sorry but support is given in the forum and not via pm, telephone calls or remote assistance.

Thank you for your understanding. :)

chiefcondensor

Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Start a new topic in the malware section
Someone will then take a look at the system and advise you