Looks like it was a Chinese version of the site triggered with red and blue Chinese characters after I clicked an item on the site. Did not let me access as previously reported but the next morning I was able to access. So it seems like the problem is intermittent. Also able to access Ebay Global site.
Not sure why there were two but here they are:Scan with Blacklight:
06/03/12 22:48:34 [Info]: BlackLight Engine 2.2.1092 initialized
06/03/12 22:48:34 [Info]: OS: 5.1 build 2600 (Service Pack 3)
06/03/12 22:48:34 [Note]: 7019 4
06/03/12 22:48:34 [Note]: 7005 0
06/03/12 22:48:46 [Note]: 7007 0
06/03/12 22:49:11 [Info]: BlackLight Engine 2.2.1092 initialized
06/03/12 22:49:11 [Info]: OS: 5.1 build 2600 (Service Pack 3)
06/03/12 22:49:11 [Note]: 7019 4
06/03/12 22:49:11 [Note]: 7005 0
06/03/12 22:49:16 [Note]: 7006 0
06/03/12 22:49:16 [Note]: 7022 0
06/03/12 22:49:16 [Note]: 7011 1772
06/03/12 22:49:16 [Note]: 7035 0
06/03/12 22:49:16 [Note]: 7026 0
06/03/12 22:49:17 [Note]: 7026 0
06/03/12 22:49:17 [Note]: FSRAW library version 1.7.1024
06/03/12 22:51:39 [Note]: 7007 0
Scan with GooredFix:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 22:54 on 03/06/2012 (Owner)
Firefox version 12.0 (en-US)
========== GooredScan ==========
(none)
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [01:34 15/05/2012]
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [04:56 16/05/2012]
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\de1io1lr.default\extensions\
(none)
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:17 03/02/2012]
-=E.O.F=-
There is also a folder named GooredFix Backups:
RogueKiller V7.5.2 [05/30/2012] by TigzyScan with RogueKiller:
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Owner [Admin rights]
Mode: Scan -- Date: 06/03/2012 22:56:07
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost #[IPv6]
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 abcstats.com
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 aconti.net
127.0.0.1 secure.aconti.net
127.0.0.1 www.aconti.net #[Dialer.Aconti]
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: IC25N040ATMR04-0 +++++
--- User ---
[MBR] 352c0394a59f3335b48ea5ac51c0e812
[BSP] 1a31c6e198c07ae4fde6f1b9e53b97ae : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Also a RK Quarantine folder with this folder: and also this folder:
Edited by joseph456, 03 June 2012 - 09:27 PM.