slmss.exe

JJaster,
   The infected file is probably in a System Restore file.  This is not a problem unless perform a System Restore.  If you want to get rid of it, disable System Restore.  Now re-enable it.  The reable gets rid of the old files, and thus the infected file.  This process will lose all you restore points.

slmss.exe seems to be the SeekSeek hijacker: http://www.pacs-portal.co.uk/startup_pages/startup_s.php

You should be able to remove it with 'Hijack This' by following this description:
http://www.net-integration.net/cgi-bin/forum/ikonboard.cgi?act=ST&f=32&t=6790&st=0&&#entry34543

In addition to the comment above: After disabling System Restore you should run a full system scan of your computer. If files were detected/deleted successful then re-enable System Restore. If you need assistance in how to disable System Restore then have a look at these articles:
Windows ME: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239
Windows XP: http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039

Check these for spywares esp the trojan remover

Spyware/Adware removal tools:
------------------------------

SpyBot-S&D : http://www.webattack.com/download/dlspybot.shtml 

Ad-aware : http://www.webattack.com/download/dladaware.shtml 

Trojan Remover :http://www.simplysup.com/

HijackThis : http://www.webattack.com/download/dlhijackthis.shtml 

KL-Detector  :http://www.webattack.com/download/dlkldetector.shtml

X-Cleaner Free  :http://www.webattack.com/download/dlxcleaner.shtml

SpywareBlaster  :http://www.webattack.com/download/dlspywareblaster.shtml

SpywareGuard :http://www.webattack.com/download/dlspywareguard.shtml

SpySites  :http://www.webattack.com/download/dlspysites.shtml

Keylogger Hunter :http://www.webattack.com/download/dlklhunter.shtml

Spycop: http://www.spycop.com/

Goodbye Spy http://www.topshareware.com/GoodBye-Spy-download-2012.htm

Sunray

I should have mentioned I was working on a Win98 machine. Tried a sweep of the machine using Web Root's Spy Sweeper. I ran it with their latest sigs and removed at least 75 items, but I still have the NAV warning at startup. Down loaded HijackThis and ran a log. Registered with Net-intregation but do not seem to be able to post it there.

Post the HijackThis log here.

Here is the hijackthis log

Logfile of HijackThis v1.97.3
Scan saved at 4:17:31 PM, on 11/4/03
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\RTVSCN95.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\HIDSERV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPPROPTY.EXE
C:\WINDOWS\LOGWAT95.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\SYMANTEC_CLIENT_SECURITY\SYMANTEC ANTIVIRUS\VPTRAY.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE
C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\ADOBE\ACROBAT 4.0\DISTILLR\ACROTRAY.EXE
C:\PROGRAM FILES\WINZIP\WZQKPICK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OUTLOOK.EXE
C:\PROGRAM FILES\COMMON FILES\SYSTEM\MAPI\1033\95\MAPISP32.EXE
C:\VIADCT32\VIALSSRV.EXE
C:\VIADCT32\VIADUCT.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\EXCEL.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\WINDOWS\TEMP\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1gpp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1gpp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.0.0.100:80
R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\PROGRAM FILES\COMMON FILES\OE\SEARCH.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\PROGRAM FILES\COMMON FILES\OE\REDIRECTOR.DLL
O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [HP LaserJet ToolBox] C:\WINDOWS\SYSTEM\HPPROPTY.EXE
O4 - HKLM\..\Run: [LogWatch] C:\WINDOWS\LogWat95.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [CriticalUpdate] c:\windows\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [Hidserv] Hidserv.exe run
O4 - HKLM\..\RunServices: [rtvscn95] C:\PROGRA~1\SYMANT~1\SYMANT~1\rtvscn95.exe
O4 - HKLM\..\RunServices: [defwatch] C:\PROGRA~1\SYMANT~1\SYMANT~1\defwatch.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER PROFESSIONAL\POPUPSTOPPERPROFESSIONAL.EXE"
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 4.0\Distillr\AcroTray.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://*.WINDOWSUPDATE.COM
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37888.3803819444
O16 - DPF: {22945A69-1191-4DCF-9E6F-409BDE94D101} - http://www.solidworks.com/plugins/edrawings/download.cfm?Release=rel
O16 - DPF: {D7B3E460-9968-4191-BD6F-BEED1BC18482} (Loader Class) - http://www.orbitexplorer.com/OELoader.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/ads/1402030731/VBouncerOuter1402030731.exe

Check the following items in HijackThis log and let HijackThis remove them.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1gpp

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.orbitexplorer.com/cgi-bin/IESearch.cgi?bid=&affid=1gpp

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.0.0.100:80
R3 - URLSearchHook: OESearchHook Class - {341FB59F-3507-443b-8147-423B4E3B2B15} - C:\PROGRAM FILES\COMMON FILES\OE\SEARCH.DLL

O2 - BHO: (no name) - {D48F2E28-68E2-4920-9848-D6E6C7AB3EB7} - C:\PROGRAM FILES\COMMON FILES\OE\REDIRECTOR.DLL
O2 - BHO: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL

O3 - Toolbar: &Search Toolbar - {702AD576-FDDB-4d0f-9811-A43252064684} - C:\PROGRAM FILES\COMMON FILES\OE\TOOLBAR.DLL

O4 - HKLM\..\Run: [OrbitUpdate] C:\Program Files\Orbit\update.exe
O4 - HKLM\..\Run: [OrbitView] C:\Program Files\Orbit\view.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\SYSTEM\stcloader.exe  (if still present)

O16 - DPF: {D7B3E460-9968-4191-BD6F-BEED1BC18482} (Loader Class) - http://www.orbitexplorer.com/OELoader.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install011.exe

O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/download/cabs/TURB8108/turbo.cab
O16 - DPF: {D9EC0A76-03BF-11D4-A509-0090270F86E3} - http://www.spywarelabs.com/ads/1402030731/VBouncerOuter1402030731.exe

Hmmm..thats odd.  I have just received notification there was a reply to this topic.  I posted a virtually identical reply to that posted by war1 after ghana's last reply and my post has been deleted.  If a Moderator or Admin views this topic, perhaps they may like to explain what happened?

Thanks ghana, Deleted stcloader.exe in C:\windows\system and regristry and issue went away. Thanks to everyone else for their efforts.

John

Glad we could help you!

JJaster, you still have a lot of spyware items in your registry.  Sooner or later they will come back and bit you.

Thanks for the concern, war1. Right now I think I'll leave well enough alone. This machine is scheduled to come off line shortly for an install of Win2000.

I'm working for Dell Tech support and I get these errors very frequently. This site is really great.
Bye

I'm having the same problem as JJaster. Was able to delete stcloader.exe, but really don't know how to delete the registry key - (04 - HKLM\...\run:stcloader. Searched under regedit.exe but I didn't see it. Can you help me too?

Thanks,