[joseph456]

Thanks for coming back.

Looks like it was a Chinese version of the site triggered with red and blue Chinese characters after I clicked an item on the site. Did not let me access as previously reported but the next morning I was able to access. So it seems like the problem is intermittent. Also able to access Ebay Global site.

Scan with Blacklight:

Not sure why there were two but here they are:

06/03/12 22:48:34 [Info]: BlackLight Engine 2.2.1092 initialized
06/03/12 22:48:34 [Info]: OS: 5.1 build 2600 (Service Pack 3)
06/03/12 22:48:34 [Note]: 7019 4
06/03/12 22:48:34 [Note]: 7005 0
06/03/12 22:48:46 [Note]: 7007 0

06/03/12 22:49:11 [Info]: BlackLight Engine 2.2.1092 initialized
06/03/12 22:49:11 [Info]: OS: 5.1 build 2600 (Service Pack 3)
06/03/12 22:49:11 [Note]: 7019 4
06/03/12 22:49:11 [Note]: 7005 0
06/03/12 22:49:16 [Note]: 7006 0
06/03/12 22:49:16 [Note]: 7022 0
06/03/12 22:49:16 [Note]: 7011 1772
06/03/12 22:49:16 [Note]: 7035 0
06/03/12 22:49:16 [Note]: 7026 0
06/03/12 22:49:17 [Note]: 7026 0
06/03/12 22:49:17 [Note]: FSRAW library version 1.7.1024
06/03/12 22:51:39 [Note]: 7007 0

Scan with GooredFix:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:54 on 03/06/2012 (Owner)
Firefox version 12.0 (en-US)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:34 15/05/2012]
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [04:56 16/05/2012]

C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions\
(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:17 03/02/2012]

-=E.O.F=-

There is also a folder named GooredFix Backups:

Scan with RogueKiller:

RogueKiller V7.5.2 [05/30/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 06/03/2012 22:56:07

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: IC25N040ATMR04-0 +++++
--- User ---
[MBR] 352c0394a59f3335b48ea5ac51c0e812
[BSP] 1a31c6e198c07ae4fde6f1b9e53b97ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Also a RK Quarantine folder with this folder: and also this folder:

Edited by joseph456, 03 June 2012 - 09:27 PM.

[Advertisements]

Hi.

The output of the three scans I requested are favourable and your query's concerning output are not a cause for concern I will further add...Malware is not a issue(and or the root cause) as far as I can tell.

So merely delete all three applications, logs and folders created and then empty the Recycle Bin.

Next:

Now going back to the actual issue with Ebay you originally mentioned and with the further update you also provided. It appears the fault actually lies with the site in question, sometimes such large sites do experience technical difficulties from time to time which results in downtime and or something not working quite as should etc.

[Dakeyras]

Hi.

The output of the three scans I requested are favourable and your query's concerning output are not a cause for concern I will further add...Malware is not a issue(and or the root cause) as far as I can tell.

So merely delete all three applications, logs and folders created and then empty the Recycle Bin.

Next:

Now going back to the actual issue with Ebay you originally mentioned and with the further update you also provided. It appears the fault actually lies with the site in question, sometimes such large sites do experience technical difficulties from time to time which results in downtime and or something not working quite as should etc.

[joseph456]

That's a relief

Thanks!

Deleted all files (including RK Quarantined Folder which has a 1 kb Video File). Still in recycle bin in the event you suggest I need to restore.

Any reason to keep these other items from our previous cleaning on the desktop (Hosts file, program and MS Fixit for IE8)

Also is their any chance that traces from a leftover possible rogue program (RegWork) installed before I received computer could be causing any of these issues?

This from search at Regedit: and from Msconfig:

Edited by joseph456, 04 June 2012 - 06:56 AM.

[Dakeyras]

Hi.

Thanks!

You're welcome!

Deleted all files (including RK Quarantined Folder which has a 1 kb Video File). Still in recycle bin in the event you suggest I need to restore.

No need to keep them at all, merely empty the Recycle Bin as I advised.

Any reason to keep these other items from our previous cleaning on the desktop (Hosts file, program and MS Fixit for IE8)

Not at all and the the actual MVPS Host file is updated periodically, which you could check by visiting the site and in turn download/install the new one etc.

You could keep the IE Fixit tool if any problems in the future with IE8 if you so wish, as basically all it does is reset the application.

Also is their any chance that traces from a leftover possible rogue program (RegWork) installed before I received computer could be causing any of these issues?

I doubt it as not enough elements are present to cause such but we can remove those fully anyway(see below).

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Click on Start >> Run...(or the Windows key and R together) to bring up the Run box and and copy and paste in:

"C:\Program Files\ERUNT\ERUNT.EXE" %SystemRoot%\ERDNT\rw-backup

and click on OK.

Note: If you have uninstalled ERUNT since we last used it, please inform myself before proceeding any further.

Temporarily disable WinPatrol:

This is so it will not hinder the registry removal portion of the below custom batch file. WinPatrol will automatically start after the system reboot.

• Right click on the WinPatrol system tray icon.
• Select Exit Program.

Custom Batch File:

• Open Notepad.
• Copy and Paste everything from the Quote Box(do not copy the word quote) below into Notepad:

@echo off
reg delete "hklm\software\microsoft\shared tools\msconfig\startupreg\regwork" /f
rd "c:\program files\regwork" /s /q
shutdown -r -t 1
del %0

• Go to File >> Save As
• Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
• Change Save as Type to All Files and save the file to your Desktop.
• It should look like this:

Now double click on the desktop Dakeyras.bat to run the batch file. It will self-delete when completed and your machine should automatically reboot. If it does not reboot your machine manually.

[joseph456]

Worked great!

Thanks - now removed from Startup

[Dakeyras]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.