Recently, I went onto a bad site and now I keep getting advertisement pop-ups. I've ran the latest versions of ad-aware, spy-bot search & destroy, spy subtract, CWShredder, and AVG. I also run 12-Ghosts pop-up block, which apparently isn't doing the trick. Nothing has gotten rid of the pop-ups. I downloaded hijackthis and I'm confused on which ones to delete after it scans my system. I've deleted a few that I read were bad, but they've come back. Here is my latest scan long from hijackthis: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.isp.com/members/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,(Default) = , R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvykc32.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: 12Ghosts Popup-Killer.lnk = C:\Program Files\12Ghosts\12popup.exe O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.exe O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{94B718D4-CC29-489C-A0AB-926FD260B289}: NameServer = 209.244.0.3 209.244.0.4 Please let me know which ones I need to get rid of, and how I keep them from coming back. Your assistance is truley appreciated!

Fix this one O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvykc32.exe Boot into safe mode and delete this file> kalvykc32.exe

The problem you have is... http://www.spynet.com/spyware/spyware-SearchMiracle.EliteBar.aspx

In the future, you can copy your complete Hijack This log, and copy it and drop it into the empty box at the following site: Hijack This log

http://www.computing.net/security/wwwboard/forum/14474.html

It appears that some of the spyware removal programs are having issue with removing this from systems. What i have determined from careful research is the program has a backup copy of the registry somewhere. when the line from the Run key is deleted. the backup copy of the registry is restored. the process runs in the background and i have yet to find a valid program to remove it. The new and improved version is more devious. instead of just running Kalvxvt32.exe everytime. there are several instances of the program in the system32 directory. To remove the spyware completely do this: boot into safe mode open a command prompt go to the windows \system32 directory delete kal*.* (del kal*.*) open regedit go to hkey_localmachine\software\microsoft\windows\current version\run delete the key called kalvsys this should remove the TSR that keeps loading the registry with itself. close regedit (open it back up and check again in case the creators get wind of this fix and have updated it to put it somewhere else) you should not see an entry for it. Someone should sue the company whose popups are displayed for creating and distributing a virus. because by definition that is exactly what it is. Something you did not want installed on your system and which can only be removed after extreme measures have been taken and which propagates through automation. Sincerely, Manta01