Here's what the host file says

127.0.0.1 localhost


No particular reason why were using those DNS. I'm thinking maybe the computer tech did it when we tried to recover the data.

I looked at the local network connections and both IP and DNS were already set to obtain automatically.

You have a rootkit virus. I don't run windows any more so I'm not familiar with all the ins and outs.

But this is a simple thing to try:

How to remove malware belonging to the family Rootkit.Win32.TDSS (aka Tidserv, TDSServ, Alureon)?

edit: I just noticed someone posted this earlier. Did it work?

next time don't put a PC in the kitchen.

:lawl:

all this time working on it instead of reinstalling the OS? really?

^^backup favorites and reinstall windows. fastest fix by far. I never store anything on the main drive.

also helps my as my main drive is a paltry 128GB SSD :lawl: no choice but to move everything to E or F drives

Are you still encountering this behaviour? I'll chime in

try Panda online virus scanner, that saved my ass the last/only time I've had a virus.

I havent tried Kaspersky yet. I'll give it a shot. Thanks.

The computer came pre installed with windows. I don't have a copy to reinstall and don't want pirated copy on it.

I'll try that if Kaspersky idea doesn't work. Thanks.

Unfortunately yes.

if you feel you have a good grasp of processes and whats legit, and if you are anal to the point of hunting down the evil manipulator of your girlfriend's goods,

download this:
Process Monitor

run it from USB if you are able to,

once running use browser surf to your favorite pron site (or was it your wife's :p)

*this next part optional but recommended*
open revscene.net, login to account, hit user cp and click "send pm"
in To field put in "mk1freak" and in message body copy and paste all favorite pron sites links and and requisite user/pw combos. tyvm

*end of optional*

find bad process and process threads (research process for what can be safely deleted) and eradicate with cmd prompt

mind you, if your not comfortable booting into and running ms-dos cmd prompts (for deletion of derrty files) you might want to remove drive and connect it to a another computer.

this is a little time consuming and theres a chance you may remove something your not supposed to so be very careful on how you proceed!

and oh yea have fun reading! funtimes ahead for you.

Can you find out name of program that she downloaded and go to Control Panel and remove program?

you're sure there's not a partitioned back up of the OS on the HDD?

is there a legit sticker on the machine with a valid key # ? then any OEM disk will do.

use hitmanpro

http://www.surfright.nl/en/downloads

90 percent sure this will resolve your issue

ooohh...i still have a legit serial sticker and a dead PC. the OEM disc was for a gateway. wonder if i can get another OEM disk and use my serial? whatever.. XP is soo old anyways lol!