Have you checked into your HOSTS file?
The HOSTS file is loaded into memory and parsed prior to sending a DNS resolution request to your DNS server when resolving a URL to an IP address. Meaning that before sending a DNS resolution request, your machine will check any references in the HOSTS file to see if there is a known IP address to match the URL that you are attempting to contact. This file exists to help speed up DNS resolution by reducing time and CPU cycles spent to resolve URLs to IP addresses for known destinations; if your machine already knows a static IP address to resolve a URL, then it doesn't have to contact a DNS server to resolve the page.
The HOSTS file is located at the following path in your hard drive:
You can open | edit the HOSTS using Notepad. By default, this file is usually only 1Kb to 2Kb, if you notice that the file is larger than that, it is likely that there has been spyware injected into that sysm file. By default there is usually only one IP address reference contained therein. A default HOSTS file will contain the following text:
# Copyright (c) 1993-1999 Microsoft Corp.
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
# For example:
# 220.127.116.11 rhino.acme.com # source server
# 18.104.22.168 x.acme.com # x client host
The 127.0.0.1 localhost reference is called the loopback - it is used to point to your local machine to test network connectivity. (i.e. if you type the command: ping loopback OR ping localhost into the Command Prompt and press [Enter], it should return the IP address 127.0.0.1).
NOTE: If you have Spybot S&D, the file will be much larger and contain many more entries as Spybot will add entries into this file to tell known URLs that contain spyware to return to the localhost so as to avoid accidental visits to these sites resulting in spyware injection. If Spybot is loaded, you will see the following code appear underneath the localhost entry, followed by the listing of the sites to return to the loopback:
# Start of entries inserted by Spybot - Search & Destroy
# This list is Copyright 2000-2007 Safer Networking Limited
# End of entries inserted by Spybot - Search & Destroy
The three lines of "." are placeholders for all the entries that Spybot adds; it would make the post extremely long to include them all.
If are injected with spyware, i'd advise wiping your harddrive and reinstalling Windows XP, its the best way to be sure to wipe all that $hitware off. Then after reformatting and reinstalling your desired applications and files; make yourself a clean restore point - maybe even set up 25% of your hard drive as a secondary partition to store your System Restore and Backup points. In most cases spyware tends to inject into the boot partition and if you relocate your Restore Points and Backups, they may be salvageable in the event of another injection.