Boot in Safe Mode.
Press Ctrl/Alt/Del simultaneously, select Taskmanager/Processes, select the process (if there), click "End Process" for:
PSTORES.EXE
Next, run a HJT scan and place a tick-mark in the little square before (if still there):
C:\WINDOWS\SYSTEM\
PSTORES.EXE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) -
http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} -
http://cc.iwon.com/ct/pm3/iwonpm_12_1,0,2,5.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = end
Unless the IP-address are from your ISP, fix this second O17 line as well
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 207.69.188.186,207.171.20.2
Now click on the
Fix Checked button in HJT.
When done, delete the highlighted
bold file.
Delete all files and directories from: C:\Documents and Settings\[username]\Local Settings\Temp
Repeat this for ALL [usernames].
OR WHEREVER 'TEMP' IS LOCATED IN W98.
Boot normal.