After trying to run spydoctor, freescan, hijack this, etc. I had some horrible issues where deleted registry keys got rid of windows explorer, etc., used restore function and seemed fine but after running freescan and some others, I find message on reboot:

Norton Antivirus is unable to start email protection Please ensure that TCP/IP is installed. I went into msconfig and it is checked off, and email protection is enabled etc.

I don't know if this helped but here is what I was able to cut and paste:
Spyware doctor is first, then hijack this which I did not even get to run normally with scan window, when I went to download i think it just ran itself!!!

This is a friend's computer, not mine, I was just trying to help him although I know very little about computers, I was trying to get rid of his 633 infections. Just to let someone know, Using the windows program removal add/remove tool I could not delete E2Give Plug In, Elite Bar Internet Explorer Toolbar

Spybot search and destroy would not permanently get rid of (they went away and then on reboot were back) People on Page, Cosmi, Cydoor, Downloadware, DSO exploit and a Possible hijacker

Spyware slayer found: Ad Destroyer in win/system, Cydoor in C/win/temp and Hkey users, Downloadware in Hkey Current and Users
E2Give in Hkey Classes and Local Machine, Help express in program files and People on Pages on Hkey local, IE Plugin in windows, My search boar on HkLM, Martfinder on HKLM, Ibis Toolbar, HKLM, Ip insight HKLocal, New.net on Hkeylocal and Hkclasses, Kazaa on HkLM, Savenow on HKLM, Exact Search on HKclasses, Bargain Buddy on Hkeylocal, Ezula on Hkey classes, freescratch on win/system, and mimailc worm on win/ne

If you need anything else please ask, I have the printout from spyware doctor but too long to add to this post limited by character count. trying to get it at least to be able to go online now, worse than when he gave it to me almost. Thanks for any help.


Other Sections:

Logfile of HijackThis v1.99.1
Scan saved at 10:07:02 AM, on 4/23/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
A:\HIJACKTHIS1991.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer,Search = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://out.true-counter.com/a/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://out.true-counter.com/b/?101 (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.netscape.com/home/winsearch200.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://out.true-counter.com/a/?101 about:blank (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://out.true-counter.com/c/?101 (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://out.true-counter.com/b/?101 (obfuscated)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50245
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Dell
N1 - Netscape 4: user_pref("browser.startup.homepage", "http://verizondsl.nbci.com/"); (C:\Program Files\Netscape\Users\User00\prefs.js)
O1 - Hosts: 645238813 auto.search.msn.com
O2 - BHO: &EliteBar - {28CAEFF3-0F18-4036-B504-51D73BD81ABC} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O2 - BHO: (no name) - {016235BE-59D4-4CEB-ADD5-E2378282A1D9} - C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
O2 - BHO: (no name) - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O3 - Toolbar: &EliteBar - {825CF5BD-8862-4430-B771-0C15C5CA8DEF} - C:\WINDOWS\EliteToolBar\EliteToolBar version 59.dll (file missing)
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MSHARD~1\point32.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\PROGRA~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [Norton eMail Protect] C:\PROGRAM FILES\NORTON ANTIVIRUS\POProxy.exe
O4 - HKLM\..\Run: [AttuneClientEngine] C:\PROGRA~1\AVEO\ATTUNE\bin\attune_ce.exe
O4 - HKLM\..\Run: [WinPoET] C:\Program Files\VerizonDSL\WinPoET\WinPPPoverEthernet.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [MediaLoads Installer] "C:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [SystemTasks] C:\sexicamz.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [Internat Conf] \bootconf.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\PROGRAM FILES\HP\HPCORETECH\HPCMPMGR.EXE"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRAM FILES\NEWDOTNET\NEWDOTNET6_38.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\SYSTEM\winupdt.exe
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2.DLL,_Run@16
O4 - HKLM\..\Run: [byfufjvrzwfxddxqsruybkwk] C:\WINDOWS\jqwurmey.exe
O4 - HKLM\..\Run: [FARMMEXT] C:\WINDOWS\FARMMEXT.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [1W4P4M8I] \Progra~1\1W4P4M8I\1W4P4M8I.exe
O4 - HKLM\..\Run: [BMan] C:\WINDOWS\Profiles\All Users\Application Data\msw\BMan1.exe
O4 - HKLM\..\Run: [AutoLoaderEnvoloAutoUpdater] "C:\WINDOWS\TEMP\~COMPOUNDINST0\AUTO_UPDATE_LOADER .EXE" /HideUninstall /HideDir /PC=CP.FHB /ForSupportedBrowsers /ShowLegalNote=nonbranded
O4 - HKLM\..\Run: [cbyh] C:\WINDOWS\cbyh.exe
O4 - HKLM\..\Run: [AutoLoaderpz5d1JPScJIX] "C:\WINDOWS\SYSTEM\CABVIDDC.EXE"
O4 - HKLM\..\Run: [p4mX37S] CABVIDDC.EXE
O4 - HKLM\..\Run: [KTRJDLL] C:\WINDOWS\KTRJDLL.EXE
O4 - HKLM\..\Run: [KTRJENC] C:\WINDOWS\KTRJENC.EXE
O4 - HKLM\..\Run: [etbrun] C:\WINDOWS\SYSTEM\ELITEAXE32.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [AccessRampLAN 01] "C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARUpld32.exe" -l
O4 - HKLM\..\RunServices: [AccessRampMonitor 01] "C:\PROGRAM FILES\VERIZONDSL\IPINSIGHT\ARMon32a.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [HELPEXP.EXE] C:\Program Files\Alset\HelpExpress\Client\HELPEXP.EXE
O4 - HKCU\..\Run: [Y357RXe6j] AWRMSFT3.EXE
O4 - HKCU\..\Run: [Spyware Doctor] "C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O9 - Extra button: Dell Home - {BAADCEA0-1CB8-11D4-951F-30614FC10000} - http://www.dellnet.com/ (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38.dll' missing
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (IPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {234B7457-1A7E-4268-BA71-9936F0C78BEC} (ContentCleanup3X Control) - http://www.contentwatch.com/cleanup/includes/ContentCleanup3Proj1.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O19 - User stylesheet: C:\WINDOWS\Web\oslogo.bmp
O19 - User stylesheet: C:\WINDOWS\default.css (HKLM)

Get XoftSpy

I actually need first and more importantly to get his computer back so it can go online. Dials in fine and I get the modem connect but can't see web pages (comes up with unavailable page, saying check settings, etc. when open browsers, all browsers, netscape nav and communicator and internet explorer.

If someone could tell me if there is something I could tell them from one of the check screens (msconfig or whatever) what I did to lose browser use, please please let me know.

Thanks

Here is spyware doctor log attached:

Was hoping simple way for win 98 to repair or replace winsock 2 if this is the case as used lpsfix and did not help or did it wrong. If i run that now it shows nothing in the add or removed boxes.

Oh my goodness, what a mess! There's still quite a few nasties on there (including NewDotNet, which can be a real pain). We can talk you through trying to remove all this but it's going to take a long time. I don't think you'll be helping your friend by trying to get him back onto the Internet until you get the current detected issues resolved and make sure he's got a firewall. Also, you'll need to educate him to stop installing programs like Kazaa, which deliberately install all this rubbish!

In all seriousness, if I saw this on a Windows 98 PC, I wouldn't bother wasting time trying to patch it up. I would recommend formatting the PC and installing Windows again, along with the drivers, as few programs as necessary to use the PC for what he/she needs to, and a good anti-virus package and firewall, e.g. Norton Internet Security.

Is that possible/practical or have you gots LOADS of spare time to help him/her out?!