Runtime Error!Program:c:\ProgramFiles\Intui\QuickBooksPro\qbw32.exe Abn.pro.terminati

Try to run Bitdefender in normal boot mode and see what happens. Either way just continue. I need to see the PandaActiveScan log and then also follow step 7 exactly to get a HijackThis log attached.

Pops are probably malware. Your Quickbooks problem is not necessarily malware.

 

If you ran Bidefender, please attach the requested log from step 6 of the READ ME.

You have not followed the instructions in step 7 of the READ ME to install HJT. You have it like this:
C:\DOCUME~1\ERICKE~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

This means you are running it directly from the ZIP file which is one of the 3 ways we request that it not be installed/run. Please follow the instructions in step 7 (click the link given) and install HJT properly. Then attach a new HJT log.

Look in Add/Remove Programs and uninstall Oemji and EQArticle if found.

I also still see signs of AVG7 in your HJT log. Did you uninstall AVG since you have Symantec? Is it showing in Add/Remove programs? If so, uninstall it. Otherwise we may need to use manual procedures to remove it.

 

After installing HijackThis properly continue with the below steps. Do not continue without installing properly or you will not get any backups!!!!

Make sure viewing of hidden files is enabled (per the tutorial).

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nsnE6.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\system32\irsmwewm.dll
O2 - BHO: BMG3.LongTooth - {8110581C-FEA4-47AC-ADBC-DE958DD0F354} - C:\WINDOWS\system32\{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll (file missing)
O2 - BHO: Yvakt Class - {B91A8E01-502D-4EF6-B0C4-7139709832ED} - C:\WINDOWS\system32\icda0wpw5.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [ula0U] "C:\WINDOWS\system32\slk8x2peu.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [tsFV38h] awrver.exe
O4 - HKLM\..\Run: [sp2ctr] c:\windows\system32\sp2ctr.exe /nocomm
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [oeyiiyx] c:\windows\system32\oeyiiyx.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\system32\gah95on6.exe
O4 - HKLM\..\Run: [ezcqywuryywos] C:\WINDOWS\system32\oeyiiyx.exe
O4 - HKLM\..\Run: [EvtHtm] c:\windows\system32\evthtm.exe /nocomm
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\system32\irssyncd.exe
O4 - HKCU\..\Run: [EQArticle] "C:\Program Files\EQArticle\EQArticle.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O18 - Filter: text/html - {D55E80B0-433D-442F-A524-060DEA41DEE0} - C:\WINDOWS\system32\icda0wpw5.dll
O20 - AppInit_DLLs: nijbdegh.dll,Runner.dll,Runner.dll,EQMini.dll

After clicking Fix, exit HJT.
Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\AutoUpdate <--- the whole folder[/B]
C:\Program Files\Ebates_MoeMoneyMaker <--- the whole folder[/B]
C:\PROGRAM FILES\EQArticle <--- the whole folder[/B]
C:\Program Files\FCAdvice <--- the whole folder[/B]
C:\Documents and Settings\Eric Kelleher\Application Data\SpamExtract <--- the whole folder[/B]
C:\WINDOWS\inst
C:\WINDOWS\INF\mmaker2.inf
C:\WINDOWS\INF\satmat.inf
C:\WINDOWS\deskbar.ini
C:\WINDOWS\kwv2.dat
C:\WINDOWS\satmat.ini
C:\WINDOWS\satmat.exe
C:\WINDOWS\system32\awrver.exe
c:\windows\system32\evthtm.exe
c:\windows\system32\EQMini.dll
C:\WINDOWS\SYSTEM32\hotbod123121.ico
C:\WINDOWS\SYSTEM32\pdrpdb.dll
C:\WINDOWS\SYSTEM32\rtneg3.dll
C:\WINDOWS\SYSTEM32\dsktrf1.dll
C:\WINDOWS\system32\gah95on6.exe
C:\WINDOWS\SYSTEM32\InstallerV4.exe
C:\WINDOWS\system32\icda0wpw5.dll
C:\WINDOWS\system32\irsmwewm.dll
C:\WINDOWS\SYSTEM32\nahbluff.exe
C:\WINDOWS\SYSTEM32\netlanm.dll
C:\WINDOWS\SYSTEM32\nijbdegh.dll
C:\WINDOWS\SYSTEM32\nsd9C.dll
C:\WINDOWS\SYSTEM32\nshBA.dll
C:\WINDOWS\SYSTEM32\nskCD.dll
C:\WINDOWS\system32\nsnE6.dll
c:\windows\system32\oeyiiyx.exe
C:\WINDOWS\SYSTEM32\pdrpdb.dll
C:\WINDOWS\SYSTEM32\pshwr.exe
C:\WINDOWS\SYSTEM32\Runner.dll
C:\WINDOWS\system32\slk8x2peu.exe
c:\windows\system32\sp2ctr.exe

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
Now run Ccleaner (installed while running the READ ME FIRST).

Now we need to Reset Web Settings:

1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.

Now reboot in normal mode and post a new HJT log.

Make sure you tell me how things are working now.

Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.

 

Yes! You have it right now! Don't think of it as a scolding! Think of it more like, it is in your best interest to have it installed properly.

What does it say? It does appear to be fully installed and we must get this removed. You may need to use one of Symantec's removal tools or we will have to do manual steps.

Let's get an installed programs list from HijackThis too!

• Run HijackThis, click Open the Misc Tools section
• Click Open Uninstall Manager
• Click Save List (generates uninstall_list.txt)
• Click Save, to save it to a file where you can find it.
• Attach the uninstall_list.txt file to your next message.

 

Do you have backup of things that were removed while running the scanning programs from the READ ME? Do you have a logs of what they found and removed? Perhaps something was removed that QuickBooks needed. If could have been a false positive or maybe a file was infected.

Another alternative may be to backup your data files for QuickBooks, uninstall QuickBooks, reboot, cleanup (delete) all QuickBooks folders, then reinstall.

This seems to be a pretty common problem with QuickBooks and I see no real answers out there for it. Seems like they have some bugs in that even an uninstall reinstall does not work. This in itself is not a problem we are equipped to handle in the malware forum. If it continues to be an issue, you may need to contact them about the problem. You could also try the Software Forum.

 

It all depends on what actions you took while running the scans. You would have to check to see if you quarantine items or plain deleted them. Some programs don't use a quarantine but do use backups (like Spybot).

None of the below have anything to do with your Quickbooks problem, however they are issues. You will ave to work our QuickBooks problem with them.

You uninstall log show a few programs that a way out of date:
Java 2 Runtime Environment, SE v1.4.2_03 <---- out of date! See: http://java.com/en/
Mozilla Firefox (1.0.7) <---- out of date! See: Mozilla FireFox
SpywareBlaster v3.4 <---- out of date! See: SpyWare Blaster

You need to uninstall the below! Go thru each one and try to uninstall and keep track of exactly what happens with each one. Notice how Norton Internet Security appears like 11 times.
LiveReg (Symantec Corporation)
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton WMI Update
Symantec Script Blocking Installer

 

Yes! You must uninstall using Add/Remove programs! Install the new Sun Java before uninstalling the old one.

Exactly where in HijackThis are you referring to? If you fix items in the HijackThis scan, that is not the same as doing an uninstall. Many registry keys will be left laying around if you do not uninstall properly.

You need to talk to your IT department or whoever setup to PC this way. You do not have full Administrator priviledges as far as the installation of Norton goes. Someone installed it this way. Your alternative is to call Symantec and determine if there is a way around this lockout. (I know there is, I did it myself without Symantecs help on a couple PCs in the past but I don't remember what I did.)