n?tdde.exe
I'm working google, but I'm not quite there yet.
Good luck with that one.
Here's what you do.
Boot into safe mode.
Go to C:\WINDOWS\SYSTEM32 folder.
On the menu, click Tools -> Folder Options, then click the View Tab.
Locate the settings in the inner window and click Show Hidden Files, and then uncheck Hide protected operating system files and uncheck Hide extensions for known file types.
Click OK.
Change the views to DETAIL mode and then sort by Date (making sure the files sort by oldest ones first.)
Scroll to the end of the list.
Look for any files that end in DLL or EXE that have a date that is within the last couple of days. Most spyware files continually update themselves daily. You could end up with more than one (or many more.)
If you see any files with weird file names and if you move the mouse over them, there is no company or version info, then delete them.
If they delete, then you should be good.
If they don't delete or are unable to, write the names of the files down.
This step is important.
Turn off your computer by unplugging it (don't use the power switch)
Find your Windows XP installation disk, or any Windows XP installation disk.
Boot from that disk. When it comes up, press R to go into the recover console.
Select Recovery Console.
When the screen comes up, it will ask what folder (generally C:\WINDOWS as option 1)
Press 1
If it asks for an admin password, if you set it when you got the computer, enter that. If not, it will go directly to the C:\windows prompt.
Type in
CD SYSTEM32 and press enter.
For each file you wrote down, type in
DEL filename.ext and press enter.
Once you have completed, type Exit and the computer should begin to reboot.
REBOOT IN SAFE MODE.
Once you're back in safe mode, open My Computer -> Documents and Settings.
There are several folders, but you can ignore All Users, Default Folders, Adminstrator.
For all the remaining ones, you will need to go into each folder's Local Settings\Temp and Local Settings\Temporary Internet Files and delete EVERYTHING in them. Some people actually delete those entire folders and Windows will restore them, but you may want to peruse them first before deleting everything.
Once you're done with that, click Start -> Run and enter REGEDIT.EXE and click OK.
When the registry editor comes up navigate to:
HKEY_LOCALMACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObjects
Delete ALL KEYS under there.
Navigate to HKEY_LOCALMACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Delete any key that doesn't look valid (ie, it's not obvious where or what it does.) If you aren't sure, then do a search for the file it's trying to load and see where it's located. Just because it's in the System32 folder doesn't mean it's valid.
Restart your computer.
Run the your anti-virus and spyware software again.
