It's certainly best to do it that way. Many newer malware programs of any type try to block removal--or reinstall themselves right away. Working in Safe Mode ensures that they are not running...

You need the new version. You can update before you do the fixes...
Logfile of HijackThis v1.97.7

Aaack! You are waaay behind on your patches. These are the original, unpatched Windows...

Gotta go. Check here (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?Vname=TROJ_AGENT.US). If it's Windows 98, why all the Registry references to WinNT? SmileyCentral is an adware...

I don't think you got a problem from TSG--it's likely a coincidence. It's a reputable site; if I wasn't here, I might very well be there myself. I sometimes check threads there to ensure that I'm...

Looks clean, what's the problem? Some folks have problems with C:\WINDOWS\System32\taskswitch.exe -- but it's not malware.

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common...

You should have started by reading the messages at the top of the Security Forum page: UPDATED: DO NOT POST ABOUT BRIDGE.DLL BEFORE READING THIS...

You will have to download and use HijackThis (see the malware links in my signature) and post the log to the Security Forum. You will also likely need a utility called LSPfix...

First of all, you have to obtain a newer version of Internet Explorer. v5.5 is no longer supported or updated. v6.0 is more secure by a good margin. You can find IE 6.0 on an AOL disc, if they have...

Your main problem is Trojan.Win32.Dialer.bi (http://www.pestpatrol.com/pestinfo/t/trojan_win32_dialer_bi.asp), but you also have Gator and a first-timer:

[firstfastrealthat] C:\Documents and...

I think that you still have a problem--I'm not sure if I can pinpoint it exactly, but the symptom is the line F:\WINDOWS\System32\RUNDLL32.EXE under Running Processes. This indicates a problem,...

Copy these instructions to Notepad or another text editor, then print them out. You should not have any browser windows open when you are following the procedures below.

Actually, System Restore...

In order to properly clean out your problems, you must turn off System Restore first. Turn it back on only after performing the following repairs. If you do not understand System Restore or how to...

You are not without recourse. Try running HijackThis in Safe Mode and see if that gives you enough time to delete the offending startups. There are also alternative tools available to kill the...

These are the bad processes:

C:\WINDOWS\System32\csrs.exe
C:\WINDOWS\System32\bling.exe
C:\index.exe

You are going to have to stop these processes before going further, because they...

You, too, have been clobbered pretty hard.

Start by running Spybot - Search & Destroy (http://www.download.com/Spybot-Search-Destroy/3000-8022-10289035.html?tag=lst-0-2) to get rid of as many of...

You still have a number of problems. Some are nastyware, some are simply useless & worthless. The following should be removed:

O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209...

You have been clobbered, but good. I count at least six malware programs, maybe more.

Start by running Spybot - Search & Destroy...

You have a couple of problems. First, run HijackThis again and "fix" the following:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 -...

I assume that you are on a broadband connection. There are several hijackers that manipulate your TCP/IP stack in such a way that removal of the infecting software leaves a gap. Think of it as a...

Your log looks pretty clean, overall. You have the bridge.dll entry, but no associated BHO (browser helper object) entry. This is good!

You do have GMT, which is Gator/Claria adware and should...

It depends upon where it was found. Can you show me the path to where it was found? Also, look at this (http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=java%2Fbyteverify&btnG=Search).

Just the BHO specified. The rest are benign.

Yes, fix them . My question re DSL was because of this line:

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA0B9895-0E90-44DF-953E-0DC5D45B94DD}: NameServer = 151.164.14.201 151.164.1.8

which may...

You have some minor problems to remove. This first batch is useless paid-search listings to make money for HP:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =...

You have been hijacked, no doubt. You may have CoolWebSearch (http://en.wikipedia.org/wiki/CoolWebSearch). You need to run CWShredder (http://www.spywareinfo.com/%7Emerijn/downloads.html).

Most...

Your posting problem has 2 parts: one is that you are not using the newest version of HijackThis. You used 1.97.5; current is 1.97.7--second, a WPS file contains characters that, apparently, the...

This problem has been covered quite thoroughly in this thread (http://www.daniweb.com/techtalkforums/thread5351.html). The user never reported back as to whether it solved his problem, though. ...

Here's the main problem I see:

O3 - Toolbar: &FirstStop WebSearch - {E26FDEC1-053B-11D6-B969-CEEBA9E95046} - C:\PROGRA~1\BRUSHG~1\FSWEBS~1\IEBAND3.DLL

Then, after a reboot, delete the file...

Actually, you only posted half the information--you left out the Registry-entries list.

What you posted looks almost clean--except for the RunDLL32 entry, which usually indicates a problem. ...

A major problem right-off-the-bat is that neither your Windows XP nor your Internet Explorer are up-to-date. Partly due to this, you have been loaded with nasties. As soon as you clean up your...

You will also want to get rid of these resource-wasters:

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task]...

You have a bunch of problems. The funny thing is, they all claim to not be adware/spyware--but several are.

Your best bet is a multi-step process. You should clean out the as many of the...

Good point. It was not clear which NT version you are using, since you didn't provide that information. There are some differences under W2k. Try looking here...

Nope, you are still hijacked by a morphing program that changes the DLL name each time it installs. You are going to have to go deeper to rid yourself of this one.

* First, turn off System...

After more research, I have come to the following conclusions.

* First, turn off System Restore (http://support.microsoft.com/default.aspx?scid=kb;en-us;310405) before removing stuff. Some of...

Your HjT log looks pretty clean. Judging by the pattern of DLL names, it would appear that you have a morphing virus of some sort that has been able to elude the virus checkers that you have used so...

It looks like the Hungry Hands pr0n hijacker is hard at work again. It seems to be consistently causing this problem. I think there are two means of attack at your disposal which can probably be...

You have been hijacked again!
LolaWeb.winhost (http://www.kephyr.com/spywarescanner/library/lolaweb.winhost/index.phtml)--and a dialer. You also might want to install some free prevention...

It appears to infect system files, but it's unclear exactly which ones. That's is why it can't be removed by the virus checker. I used the search term Bispy (http://www.google.com/search?q=Bispy)...

I moved your original post to its own thread (http://www.daniweb.com/techtalkforums/thread5259.html) and answered it there. Sorry you didn't find it the first time!