Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help with this: "Win32/Agent.BDSK trojan" and missing file "mshbobqj.dll"


  • This topic is locked This topic is locked
1 reply to this topic

#1 Hijacked in Virginia

Hijacked in Virginia

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Virginia
  • Local time:11:48 AM

Posted 07 February 2009 - 08:11 PM

Hi folks, here's my problem... it's wrecking havoc on my laptop and it's non-stop.

I really appreciate anyone taking the time to look and help, I'm very good at following your instructions and will respond right away. I really need your help.

Thanks for looking and helping.

Here's the problem:

I am running Windows XP Media Center Edition. I have ESET Smart Security. Dell Inpiron 6000 Laptop.

Upon boot up, before windows finshes loading, I immediately get this box error:

"*****".EXE - Unable To Locate Component"
(the asterisk is intended as a file or application name)

"This application has failed to start because mshbobjq.dll was not found. Re-installing the application may fix this problem"

This box is coming up several times, each time a new file or application is name is in place of the "******".

Also, Google Chrome browser no longer functions and something looks very odd with my startup files and desktop tray.



This started happening after ESET found this... from the log:


2/6/2009 11:32:48 AM Real-time file system protection file C:\WINDOWS\SYSTEM32\MSHBOBJQ.DLL Win32/Agent.BDSK trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\Program Files\Common Files\AOL\1170558247\ee\AOLSoftware.exe.

2/6/2009 11:33:44 AM Real-time file system protection file C:\WINDOWS\SYSTEM32\MSHBOBJQ.DLL Win32/Agent.BDSK trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\WINDOWS\System32\svchost.exe.

2/6/2009 11:35:37 AM Real-time file system protection file C:\WINDOWS\system32\mshbobjq.dll Win32/Agent.BDSK trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\system32\logonui.exe.

2/6/2009 11:35:57 AM Real-time file system protection file C:\WINDOWS\SYSTEM32\MSHBOBJQ.DLL Win32/Agent.BDSK trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: \??\C:\WINDOWS\system32\winlogon.exe.




**************Here's my DDS log (which barely worked from all of the "missing .dll" errors)*********************



DDS (Ver_09-02-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 7/12/2005 11:32:07 PM
System Uptime: 2/6/2009 9:26:35 PM (22 hours ago)

Motherboard: Dell Inc. | | 0X9238
Processor: Intel® Pentium® M processor 1.60GHz |

Microprocessor | 1595/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 15.839 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Broadcom 440x 10/100 Integrated Controller
Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02

\4&2FA23535&0&00F0
Manufacturer: Broadcom
Name: Broadcom 440x 10/100 Integrated Controller
PNP Device ID: PCI\VEN_14E4&DEV_170C&SUBSYS_01881028&REV_02

\4&2FA23535&0&00F0
Service: bcm4sbxp

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\C3B64E1464FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\C3B64E1464FC000
Service: NIC1394

==== System Restore Points ===================

RP1169: 11/23/2008 12:03:12 PM - System Checkpoint
RP1170: 11/25/2008 12:22:40 AM - System Checkpoint
RP1171: 11/26/2008 11:20:29 PM - System Checkpoint
RP1172: 11/28/2008 12:27:22 AM - System Checkpoint
RP1173: 11/29/2008 8:15:08 AM - System Checkpoint
RP1174: 11/30/2008 9:12:46 AM - System Checkpoint
RP1175: 12/1/2008 8:52:26 AM - Software Distribution Service 3.0
RP1176: 12/2/2008 9:19:15 AM - System Checkpoint
RP1177: 12/3/2008 8:18:39 AM - Software Distribution Service 3.0
RP1178: 12/3/2008 9:18:48 AM - Last known good configuration
RP1179: 12/4/2008 2:53:37 PM - System Checkpoint
RP1180: 12/5/2008 9:48:59 PM - System Checkpoint
RP1181: 12/6/2008 10:34:24 PM - System Checkpoint
RP1182: 12/8/2008 9:39:24 AM - System Checkpoint
RP1183: 12/9/2008 7:18:43 PM - System Checkpoint
RP1184: 12/10/2008 8:45:08 PM - System Checkpoint
RP1185: 12/11/2008 9:05:06 PM - System Checkpoint
RP1186: 12/12/2008 9:55:56 PM - System Checkpoint
RP1187: 12/14/2008 1:00:04 AM - System Checkpoint
RP1188: 12/14/2008 1:33:46 PM - Installed ESET Smart Security
RP1189: 12/15/2008 4:57:04 PM - System Checkpoint
RP1190: 12/16/2008 5:30:02 PM - System Checkpoint
RP1191: 12/17/2008 5:54:37 PM - System Checkpoint
RP1192: 12/18/2008 6:40:45 PM - System Checkpoint
RP1193: 12/19/2008 11:22:43 AM - Installed Windows Internet Explorer

8.
RP1194: 12/20/2008 11:38:03 AM - System Checkpoint
RP1195: 12/21/2008 8:55:48 PM - System Checkpoint
RP1196: 12/22/2008 9:58:36 PM - System Checkpoint
RP1197: 12/23/2008 11:53:45 PM - System Checkpoint
RP1198: 12/25/2008 9:36:22 AM - System Checkpoint
RP1199: 12/27/2008 8:29:07 AM - System Checkpoint
RP1200: 12/29/2008 8:51:10 AM - System Checkpoint
RP1201: 12/30/2008 10:05:27 AM - Installed Windows XP KB915865.
RP1202: 12/30/2008 10:06:43 AM - Installed Windows

NLSDownlevelMapping.
RP1203: 12/30/2008 10:07:24 AM - Installed Windows

IDNMitigationAPIs.
RP1204: 12/30/2008 10:07:49 AM - Installed Windows Internet Explorer

7.
RP1205: 12/31/2008 9:05:41 PM - System Checkpoint
RP1206: 1/1/2009 10:03:27 PM - System Checkpoint
RP1207: 1/3/2009 7:29:54 AM - System Checkpoint
RP1208: 1/4/2009 8:20:36 PM - System Checkpoint
RP1209: 1/5/2009 11:35:44 PM - System Checkpoint
RP1210: 1/7/2009 1:06:55 AM - System Checkpoint
RP1211: 1/8/2009 2:13:04 AM - System Checkpoint
RP1212: 1/9/2009 3:02:20 AM - System Checkpoint
RP1213: 1/9/2009 11:53:33 PM - Installed Java™ 6 Update 11
RP1214: 1/10/2009 12:05:29 AM - Removed Jasc Paint Shop Photo Album

5
RP1215: 1/10/2009 12:07:35 AM - Removed Symantec Technical Support

Web Controls
RP1216: 1/10/2009 12:08:39 AM - Removed Virtual Earth 3D (Beta)
RP1217: 1/11/2009 12:26:30 AM - System Checkpoint
RP1218: 1/12/2009 1:02:25 AM - System Checkpoint
RP1219: 1/13/2009 2:07:22 AM - System Checkpoint
RP1220: 1/14/2009 3:02:28 AM - System Checkpoint
RP1221: 1/15/2009 5:59:22 PM - System Checkpoint
RP1222: 1/16/2009 8:06:55 PM - System Checkpoint
RP1223: 1/17/2009 10:11:55 PM - System Checkpoint
RP1224: 1/19/2009 8:48:31 AM - System Checkpoint
RP1225: 1/20/2009 12:31:37 PM - System Checkpoint
RP1226: 1/21/2009 1:36:36 PM - Software Distribution Service 3.0
RP1227: 1/21/2009 2:33:45 PM - Software Distribution Service 3.0
RP1228: 1/21/2009 3:05:44 PM - Installed Windows Media Player 11
RP1229: 1/21/2009 3:07:08 PM - Installed Windows XP Media Center

Edition 2005 KB925766.
RP1230: 1/21/2009 3:08:51 PM - Installed Windows XP Wudf01000.
RP1231: 1/21/2009 3:13:58 PM - Installed Windows XP MSCompPackV1.
RP1232: 1/22/2009 7:24:52 AM - Software Distribution Service 3.0
RP1233: 1/23/2009 3:00:27 AM - Software Distribution Service 3.0
RP1234: 1/24/2009 8:32:02 AM - System Checkpoint
RP1235: 1/25/2009 8:45:04 PM - System Checkpoint
RP1236: 1/26/2009 9:39:13 PM - System Checkpoint
RP1237: 1/28/2009 12:22:07 AM - System Checkpoint
RP1238: 1/29/2009 12:46:49 AM - System Checkpoint
RP1239: 1/30/2009 1:46:14 AM - System Checkpoint
RP1240: 1/31/2009 8:22:17 AM - System Checkpoint
RP1241: 2/1/2009 11:30:08 AM - System Checkpoint
RP1242: 2/2/2009 2:41:12 AM - Removed Adobe Reader 7.0.5
RP1243: 2/2/2009 2:42:13 AM - Installed Adobe Reader 9.
RP1244: 2/3/2009 12:55:50 PM - System Checkpoint
RP1245: 2/5/2009 12:19:21 AM - System Checkpoint
RP1246: 2/6/2009 1:02:54 AM - System Checkpoint
RP1247: 2/6/2009 12:17:08 PM - Software Distribution Service 3.0
RP1248: 2/6/2009 9:28:06 PM - Restore Operation

==== Installed Programs ======================

123 DVD Converter
123 Video Converter
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe SVG Viewer 3.0
ALPS Touch Pad Driver
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Apple Mobile Device Support
Apple Software Update
ATI Control Panel
ATI Display Driver
Banctec Service Agreement
Bluetooth Stack for Windows by Toshiba
Broadcom Management Programs 2
CardRd81
CCHelp
CCScore
Choice Guard
Conexant D110 MDC V.9x Modem
CR2
Dell Digital Jukebox Driver
Dell DJ Explorer
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell System Restore
DellSupport
Digital Line Detect
ESET Online Scanner
ESET Smart Security
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
Fortune Tiles™ Gold
Google Video Uploader
HijackThis 2.0.2
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB952287)
Intel® PROSet/Wireless Software
Internal Network Card Power Management
Internet Explorer Default Page
iTunes
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java™ 6 Update 11
Java™ 6 Update 7
KODAK EASYSHARE Gallery Upload ActiveX Control
Kodak EasyShare software
KSU
Macromedia Flash Player
mCore
mDrWiFi
MetaFrame Presentation Server Web Client for Win32
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Beta 2
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Report Viewer Redistributable 2005
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Move Networks Media Player for Internet Explorer
Move Networks Player for Internet Explorer
mPfMgr
mPfWiz
mProSafe
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
mToolkit
mWlsSafe
mXML
My Way Search Assistant
mZConfig
NetWaiting
Notifier
OpenOffice.org Installer 1.0
OTtBP
OTtBPSDK
Otto
PCDLNCH
Picasa 3
PowerDVD 5.5
QuickSet
QuickTime
RealPlayer
RegCure 1.5.2.7
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SFR
SFR2
Sonic Audio module
Sonic DLA
Sonic Encoders
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SUPERAntiSpyware Free Edition
TurboTax Deluxe 2005
TurboTax ItsDeductible 2005
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update Rollup 2 for Windows XP Media Center Edition 2005
VCAMCEN
Viewpoint Media Player
VPRINTOL
Wal-Mart Music Downloads Store
WebFldrs XP
WexTech AnswerWorks
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Search 4.0
Windows XP Media Center Edition 2005 KB925766
Windows XP Service Pack 3
WordPerfect Office 12
Xvid 1.1.3 final uninstall
Yontoo Layers Client for Internet Explorer 1.02.28

==== Event Viewer Messages From Past Week ========

2/6/2009 7:23:09 PM, error: Dhcp [1002] - The IP address lease

192.168.1.3 for the Network Card with network address 0013CE12C7CA

has been denied by the DHCP server 192.168.10.1 (The DHCP Server

sent a DHCPNACK message).
2/4/2009 4:21:51 PM, error: Dhcp [1001] - Your computer was not

assigned an address from the network (by the DHCP Server) for the

Network Card with network address 0013CE12C7CA. The following error

occurred: The operation was canceled by the user. . Your computer

will continue to try and obtain an address on its own from the

network address (DHCP) server.
2/3/2009 9:29:46 PM, error: Dhcp [1002] - The IP address lease

192.168.10.5 for the Network Card with network address 0013CE12C7CA

has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent

a DHCPNACK message).
2/6/2009 9:27:24 PM, error: Dhcp [1002] - The IP address lease

192.168.10.2 for the Network Card with network address 0013CE12C7CA

has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent

a DHCPNACK message).

==== End Of File ===========================

Attached Files



BC AdBot (Login to Remove)

 


#2 Hijacked in Virginia

Hijacked in Virginia
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Virginia
  • Local time:11:48 AM

Posted 10 February 2009 - 09:38 AM

.

Edited by Hijacked in Virginia, 10 February 2009 - 09:50 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users