Content Top
DAL Computer Help » Internet Security Help » Spyware, Adware, Viruses and HijackThis Logs » GBDialer, Please Help (RESOLVED)

Recommended Fix

Click here to fix Windows Errors and Optimize Windows Performance

Need Computer Help?
Register Now for FREE

GBDialer, Please Help (RESOLVED)

Reply
Thread Tools
Spyware, Adware, Viruses and HijackThis Logs
  #1 (permalink)  
Old 23-04-2006, 06:45 PM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 5
smullan_2000 Is a beginner here at D-A-L
Red face GBDialer, Please Help (RESOLVED)
Hi i have been having problems with GBDialer, I just cant seem to get rid of it. have tried deleting, Spybot, ad aware, norton etc... below is my hijack this log, please help me.

Logfile of HijackThis v1.99.1
Scan saved at 18:39:10, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\NATAND~1\LOCALS~1\Temp\Rar$EX00.524\Hi jackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www2.cf1live.com/brixton/static/bin/msjavx86.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141942225497
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winobb32 - C:\WINDOWS\SYSTEM32\winobb32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 24-04-2006, 04:55 AM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: GBDialer, Please Help
You are not running HijackThis (HJT) from a desired location. You really need to setup a dedicated folder for HJT items – to avoid horrible clutter and/or potential lost backup issues.

It's best that the HijackThis tool NOT be located in its current location (particularly on your Desktop or in a TEMP folder). This way you can more easily undo any changes if something goes wrong.
  • Create a new folder in your C: Drive.
  • Name the FOLDER HijackThis (or HJT) such as C:\Program Files\HijackThis or C:\HJT and move the HijackThis.exe file into it.
  • Run HJT from there (and revise your shortcut accordingly).




Please download ATF Cleaner http://www.atribune.org/ccount/click.php?id=1 by Atribune.
This program is for XP and Windows 2000 only

It does not require any installation and uses minimal system resources. It is set up to clean IE, FireFox and Opera, and detects the browsers you have and grays out the other(s).
  • Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Recommend UNCHECKING COOKIES if you rely on system remembered passwords.
    Click the Empty Selected button.

If you use Firefox browser
  • Click Firefox at the top and choose: Select All EXCEPT FIREFOX SAVED PASSWORDS
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser
  • Click Opera at the top and choose: Select All EXCEPT COOKIES AND SAVED PASSWORDS
    Click the Empty Selected button.
    NOTE: If you would like to keep your cookies and saved passwords, please click No at the prompt.



Click Exit on the Main menu to close the program.





Also, advisable to cleanout any antivirus quarantine area content.






Please download, install, update and scan your system with the free (trial) version of Ewido TROJAN scanner
[Developed for Windows 2000 and XP]:
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.
Quote:
Note: Ewido is a free trial product for 14 days. Since Ewido is a trial version, the realtime guard and automatic update will stop functioning after 14 days. We are not installing the guard because it might interfere with the cleanup or the malware removal process. You can use Ewido as an on-demand scanner (recommended) but you will have to manually update the definition file each time you scan. If you decide to purchase Ewido, you can enable the 'Realtime Protect' and 'Automatic Update' functions by clicking on the 'Status' bar (Top left) and clicking on both items under "Your Security Status".

REBOOT.




Please do an online scan (scan only tool) with Kaspersky WebScanner



[Internet Explorer required]
Go to Kaspersky website: www.kaspersky.com/virusscanner and click on the Kaspersky Online Scanner BUTTON/BOX.

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
      - Extended (if available otherwise Standard)
    • Scan Options:
      - Scan Archives
      - Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
    • Select My Computer
  • This program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.




Post your latest HijackThis log.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 24-04-2006, 12:37 PM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 5
smullan_2000 Is a beginner here at D-A-L
Re: GBDialer, Please Help
done it all, apart from the online scan as i was getting page cannot be displayed, below is my new log

Logfile of HijackThis v1.99.1
Scan saved at 11:31:05, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www2.cf1live.com/brixton/static/bin/msjavx86.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1141942225497
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winobb32 - C:\WINDOWS\SYSTEM32\winobb32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old 24-04-2006, 01:58 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: GBDialer, Please Help
Did you run Ewido as requested - it is a critical scan to fix this infection? I also need to see the Ewido log.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old 24-04-2006, 03:23 PM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 5
smullan_2000 Is a beginner here at D-A-L
Re: GBDialer, Please Help
Hey yes i did. Here is the log. and the above HJT log was taken after it was done and rebooted...

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:19:13, 24/04/2006
+ Report-Checksum: B7461EA0

+ Scan result:

[812] C:\WINDOWS\system32\winobb32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wfmiojdjcgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@e-2dj6wgloakczkgq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\nat and mallon\Desktop\Access Members Area.exe -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00003931.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00003934.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00003936.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00004249.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00004250.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00004260.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00004283.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00005964.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00005991.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006014.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006034.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006079.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006089.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00006090.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00006097.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00006122.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006510.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006701.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006759.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006799.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006850.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006851.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006852.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006853.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006855.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006856.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006857.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006858.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00006859.TXT -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\NPROTECT\00006871.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006887.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006947.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006965.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00006980.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007530.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007578.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007655.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007719.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007736.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007760.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007823.TXT -> TrackingCookie.Falkag : Cleaned with backup
C:\RECYCLER\NPROTECT\00007834.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00007839.TXT -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\RECYCLER\NPROTECT\00007841.TXT -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\NPROTECT\00007848.TXT -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\RECYCLER\NPROTECT\00007937.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\RECYCLER\NPROTECT\00007948.EXE -> Dialer.GBDialer.d : Cleaned with backup
C:\WINDOWS\system32\winobb32.dll -> Trojan.Agent.qt : Cleaned with backup
C:\WINDOWS\temp\win2B6.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup
C:\WINDOWS\temp\win2BB.tmp.exe -> Trojan.Dialer.oy : Cleaned with backup


::Report End
Last edited by smullan_2000; 24-04-2006 at 03:27 PM. Reason: Update
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old 24-04-2006, 03:53 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: GBDialer, Please Help
Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat



We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O16 - DPF: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} (Microsoft VM) - http://www2.cf1live.com/brixton/static/bin/msjavx86.exe
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgGB2404.exe

O20 - Winlogon Notify: winobb32 - C:\WINDOWS\SYSTEM32\winobb32.dll

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.



HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:
  • Temporary Internet Files
  • Downloaded Program Files
  • Recycle Bin
  • Temporary Files
Click OK or Enter

For additional, more thorough cleaning and for multi-profile user configurations:
(*) Run Clean.bat to clean up your TEMPorary files.

***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




Re-Run EWIDO in SAFE MODE and verify that it runs clean - post the latest scan log after REBOOTING.





POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.


Try running Kaspersky scan again.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #7 (permalink)  
Old 24-04-2006, 07:27 PM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 5
smullan_2000 Is a beginner here at D-A-L
Re: GBDialer, Please Help
Hey done all that,

here is the new HJT after rebooting out of safe mode.

Logfile of HijackThis v1.99.1
Scan saved at 1820, on 24/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .m4a: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


Also here is the new ewido log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 18:20:27, 24/04/2006
+ Report-Checksum: C773C35

+ Scan result:

No infected objects found.


::Report End

also here is the results of the online scan after all the above

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, April 24, 2006 7:25:14 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 24/04/2006
Kaspersky Anti-Virus database records: 189696
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 61572
Number of viruses found: 11
Number of infected objects: 71
Number of suspicious objects: 0
Duration of the scan process: 00:57:12

Infected Object Name / Virus Name / Last Action
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A00279.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A32C75.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\05A75671.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15237167.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\15261B63.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79E733F4.ocx Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\79EB5DF0.dll Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP100\A0019985.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP100\A0020107.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP100\A0020119.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP100\A0020215.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020521.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020674.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020680.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020684.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020685.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020686.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020687.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020688.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020689.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020690.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020691.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020692.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020693.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020694.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020695.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020696.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020697.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020698.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020699.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020700.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020701.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020702.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020703.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020704.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020705.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020706.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020707.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020708.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020709.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020710.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP101\A0020712.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP102\A0020726.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP85\A0015213.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP85\A0015214.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP87\A0015288.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP87\A0015291.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP90\A0015648.exe Infected: not-a-virus:AdWare.Win32.180Solutions.al skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP90\A0015649.dll Infected: not-a-virus:AdWare.Win32.Agent.c skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP90\A0015650.exe Infected: not-a-virus:AdWare.Win32.180Solutions.an skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP91\A0015662.dll Infected: Trojan-Spy.Win32.AdvancedKeyLogger.c skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015870.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015871.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015872.exe Infected: not-a-virus:AdWare.Win32.WinAD.bt skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015873.dll Infected: Trojan-Spy.Win32.AdvancedKeyLogger.c skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015874.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.jz skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015874.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.jy skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015874.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015874.exe UPX: infected - 2 skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP93\A0015874.exe CryptFF: infected - 2 skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP94\A0017005.ocx Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP94\A0017006.dll Infected: not-a-virus:AdWare.Win32.AzSearch.b skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP94\A0017007.EXE Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP94\A0017008.EXE Infected: not-a-virus:AdWare.Win32.WinAD.bv skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP98\A0018531.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP98\A0018534.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP98\A0018535.EXE Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP98\A0018599.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP98\A0018670.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP98\A0019677.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped
C:\System Volume Information\_restore{97D6BBFE-28CB-4408-83FC-8FFBE94EE6B1}\RP99\A0019679.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped

Scan process completed.

thanks
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #8 (permalink)  
Old 24-04-2006, 11:45 PM
VopThis's Avatar
Senior Member (Canada)
  
Join Date: Nov 2005
Posts: 3,439
VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!VopThis is a D-A-L Rockstar!
Re: GBDialer, Please Help
Looks like everything cleaned up very nicely. Let us know if there are any further issues.


Kaspersky Scan: Need to clean up your Norton Quarantine from time-to-time and the Systems Restore area (see instructions below) after such a serious infection.





To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.



ONLY ONCE you are as clean as possible from any needed cleanup steps - As a final cleanup step (after serious infection), it may be advisable to Reset and Re-enable your System Restore to remove any bad files that MAY have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)

PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.


(Windows XP)
Quote:
FOLDER LOCATION: c:\System Volume Information\_restore….
To Turn OFF System Restore.
  1. Click the Start button.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
  4. Click Apply.

REBOOT.

To Turn ON System Restore.
  1. Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
  2. Create new System Restore points.


(Windows ME)
Quote:
FOLDER LOCATION: c:\_RESTORE\TEMP\….
See the following link for instructions:
http://service1.symantec.com/SUPPORT...rc=sec_doc_nam




To reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
  1. Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
    http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
    http://www.microsoft.com/windows/ie/default.asp
    • http://www.securityfocus.com/news/11273
      If you surf to questionable (blockable) parts of the Web, you could encounter sites that compromise your PC without any user interaction. In experiments [reported Aug 2005], Microsoft identified 752 specific addresses owned by 287 Web sites that contain programs able to install themselves on a completely unpatched Windows XP system. Also, be aware that the WinXP Service Pack 2 was an update that focused almost exclusively on security. Also reported was that a fully patched Windows XP SP2 system cannot be compromised by any such discovered rogue Web sites.

  2. Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching (using a real-time AV tool only one at a time), there are some good free Antivirus programs that are decent, including AVG and Avast!.
    AVG: http://free.grisoft.com/doc/1
    Avast: http://www.avast.com/eng/avast_4_home.html

  3. In addition to using Ad-aware, consider using another free malware scanning/removal program :
    Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
    Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
    MS Antispyware beta: http://www.microsoft.com/athome/security/s...re/default.mspx

  4. Consider using a free firewall if you are not already using one (use only one firewall at a time – normally you will need to disable the MS firewall). Some good free ones (for incoming and added outgoing traffic protection) are:
    Kerio Personal Firewall: http://www.sunbelt-software.com/Kerio.cfm
    *** After 30 days, Kerio shuts down selected features, but will continue to run in 'free' mode.
    Zone Alarm: http://www.zonelabs.com/store/content/company/products/znalm/comparison.jsp?lid=ho_za

    It is not a bad idea to also consider using a Router/Hardware firewall device where you have a High-Speed Internet access connection. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.

  5. Consider using an alternate free browser for general web surfing but you must use IE for windows updates.
    Mozilla Firefox: http://www.mozilla.org/products/firefox/

  6. Consider increasing your browser security by using these programs:
    SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
    SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
  7. A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
    • Run the HiJackThis tool and select ‘Open the Misc Tools section’.
    • Next select ‘Open host file manager’ button.
    • Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
    • Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste (append or replace) the RELEVANT host address entry contents of that file into Notepad or Wordpad and save the updated file contents.

      EXCERPT:
      Quote:
      #start of lines added by WinHelp2002
      # [Misc A - Z]
      127.0.0.1 phpadsnew.abac.com
      127.0.0.1 a.abnad.net
      127.0.0.1 e.abnad.net
      127.0.0.1 www.accoona.com #[Adware-Accoona][Adware.Atoolb][Panda.Accoona]
      .
      .
      .
      #end of lines added by WinHelp2002




*Remember just like your primary anti-virus software, it is important to:
  • Keep all of these programs up-to-date, and
  • Use them on a regular basis.
__________________
Vincent P

MALWARE: READ FIRST Procedures:
|_ SpyBot V1.5 _|_ HijackThis LOG __V2.0.2 _|

__
ASAP: promoting a high standard and quality of security support no matter where you seek help.

Quote:
SAFER SURFING TOOLS (IE/FF **FREE** browser addons):
Linkscanner + WOT (Web of Trust) + SiteAdvisor (suggest at least two but not necessarily all)
Quote:
Tell me and I forget; show me and I remember; involve me and I understand.
There are no foolish questions, the only thing foolish is not asking if you're unsure of something.
Never ASSUME any detail because it can make an ASS out of U and ME... (ASS/U/ME ).
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #9 (permalink)  
Old 25-04-2006, 12:40 AM
Newbie
D-A-L Newbie
  
Join Date: Apr 2006
Posts: 5
smullan_2000 Is a beginner here at D-A-L
Re: GBDialer, Please Help
Thank u i really appreciate it...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
help! getting rid of gbdialer??(RESOLVED) jamesousby Spyware, Adware, Viruses and HijackThis Logs 8 23-05-2006 06:11 PM
gbdialer problem - should i do anything? awcowley Spyware, Adware, Viruses and HijackThis Logs 3 12-03-2005 12:07 AM
GBdialer, not convinced I've eradicated it ole Spyware, Adware, Viruses and HijackThis Logs 5 15-02-2005 03:01 PM


All times are GMT +1. The time now is 08:39 PM.
Member Login
Remember me ?
Forgot password?
Ads

Want to Advertise? Click Here
Help Categories
Desktop / Server Apps
Drivers
Firewalls and Networks
Games
General Internet Issues
Hardware
Linux
MAC OS
Modding / Overclocking
Search Engines
Spyware and Security
Web Development
Windows 2000
Windows 7
Windows 98
Windows ME
Windows Vista
Windows XP

Computer Repair Companies
Bottom Corner Bottom Nav