Confused

I know you are on dialup and this may take some time but as Bem said, we need to follow some guidelines to get systems into a know state.

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal
If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


After doing ALL of the above if you still have a problem:

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

Please go back and read and follow the stickies again! You are supposed to click on and download from our links and make sure you have the correct versions of ALL software. The HijackThis version you have is way out of date. Please use our links!

It also does not look like you ran the online scans from TrendMicro and Symantec.

Why are two instances of Getright running when you did this scan. It should be shutdown.
C:\Program Files\GetRight\getright.exe
C:\Program Files\GetRight\getright.exe

 

Wrong approach! It should not be necessary to add a site to your Trusted Zone.
I assume you are talking about in IE?


Those bad sites you were being hijack to can not be solved that way.

Post a HJT log from the correct version of HJT as I requested.

 

Okay! You are using WinXP SP2 which has a built-in firewall which is enabled by default. Did you disable it? The reason I ask is because you also appear to being using a firewall from Symantec. You cannot run more than one software firewall.

Also the site you added to your trusted zone is http://www.educationalcu.org
I see no reason that this should need to be added to your trusted zone to get access. You must be blocking something in your firewall. Also if you are going to another site, instead you must have something configure to send you to those sites when an address is unrecognized.

Have you done a Reset of Web Settings:

Right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

After doing the Reset and checking for multiple firewall conflicts and checking to see that you firewall is not blocking the site, remove it from you Trusted Zone in IE and see you can surf to it.
Tell me what happens.

 

Did you remove the address from your trusted zone yet? If not pleases do so.

Open a command prompt window by click Start, Run and enter cmd and click OK!

In the command prompt window enter the following commands each followed by the enter key
ipconfig /flushdns
exit

Now open a Windows Explorer (yes Windows Explorer not Internet Explorer) window and enter the following the address bar and hit the enter key (or click Go) :
www.educationalcu.org

Does that work?
Then try the same in IE? What happens?

 

That's strange! Now you are not being sent to some other website.
What website were you redirected to before?

Have you looked at your Restricted Zones in Internet Explorer to make sure that www.educationalcu.org is not restricted?

 

Please download and install Mozilla Firefox

Exit all Internet Explorer sessions and run Firefox. Use it to go to www.educationalcu.org
What happens?

Now exit Firefox and run IE. Enter the below into address bar and click Go:
http:// 208.191.34.194

What happens?