It seems to be the best hope, working so far. And HiJackThis is likely
well worth doing, no matter.

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"glee" > wrote in message
...
| Let's hope it holds up under use.
| --
| Glen Ventura, MS MVP W95/98 Systems
| http://dts-l.org/goodpost.htm
|
| "PCR" > wrote in message
| ...
| > Good one.
| >
| > --
| > Thanks or Good Luck,
| > There may be humor in this post, and,
| > Naturally, you will not sue,
| > should things get worse after this,
| > PCR
| >
| > "glee" > wrote in message
| > ...
| > | A large number of posts lately are reporting that several
functions of
| > Windows
| > | Explorer (Explorer.exe) are failing, all with the same error
message:
| > | "EXPLORER caused an invalid page fault in module <unknown> at
| > 0000:07c7fc6e
| > | This includes trying to open "My Computer", Control Panel, Windows
| > Explorer, and
| > | other functions.
| > |
| > | So far, we have had luck with running Hijack This, marking this
entry
| > and clicking
| > | the "Fix Checked" button:
| > | O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} -
| > | C:\WINDOWS\SYSTEM\KDP2928.DLL
| > | Then find and delete the file KDP2928.DLL
| > |
| > | Alternately, you may instead find this entry:
| > | O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} -
| > | C:\WINDOWS\SYSTEM\PDF1C3B.DLL
| > | Again, use Hijack This to fix the entry, reboot, and delete the
file
| > PDF1C3B.DLL
| > |
| > | Note that other CLSIDs and file names may turn up for the BHO
"Core
| > Library", and in
| > | that case those should be fixed and the associated file deleted.
| > |
| > | The manual removal instructions at:
| > | http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp
| > | cover all or most of the variations, and should work for any of
the
| > versions of that
| > | particular malware.
| > |
| > | Hijack This must be used with caution, as it finds both the good
and
| > the bad. Do
| > | not use it to remove anything other than this particular entry,
| > without first asking
| > | for guidance in one of the spyware forums listed below.
| > |
| > | Here is my standard post regarding Hijack This:
| > |
| > | Download, unzip (if it is in a .zip file), and run Hijack This
from
| > one of these
| > | locations:
| > | http://computercops.biz/downloads-cat-14.html
| > | http://www.majorgeeks.com/downloads31.html
| > | http://www.spywareinfo.com/downloads/tools/HijackThis.exe
| > | Unzip or locate it to a folder other than your Desktop or the Temp
| > folder,
| > | double-click HijackThis.exe, and hit "Scan".
| > |
| > | When the scan is finished, the "Scan" button will change into a
| > "Save Log"
| > | button.
| > | Press that, save the log somewhere you can find it (Desktop, My
| > Documents, or
| > | similar).
| > | Most of what it lists will be harmless or even required, so do NOT
fix
| > anything yet.
| > |
| > | Copy the log files and paste them into a new post at one of these
| > forums:
| > | http://forum.aumha.org/
| > | Specifically -
| > |
| >
http://forum.aumha.org/viewforum.php?f=30&sid=8ffbc7fdbcb01f7e49a03f108b7f3a1c
| > | or
| > | http://forums.net-integration.net/
| > | http://computercops.biz/forums.html
| > | http://forums.spywareinfo.com/index.php?showforum=30
| > | http://tomcoyote.org/forums/
| > | http://www.lavasoftsupport.com
| > | http://boards.cexx.org/
| > |
| > | The folks there will tell you what to remove.
| > |
| > | A tutorial for using Hijack This is located here:
| > | http://tomcoyote.com/hjt/
| > | and an in-depth tutorial is here:
| > | http://aumha.org/a/hjttutor.htm
| > | --
| > | Glen Ventura, MS MVP W95/98 Systems
| > | http://dts-l.org/goodpost.htm
| > |
| > |
| > |
| >
| >
|

I just cleaned up an XP machine with this same problem, and it did not have either
of these BHOs listed in Hijack This. However it did have others using the name
"NoName", including:
{00000185-C745-43D2-44F1-01A1C789C738}
file name BHO010~1.DLL, which is SmartBrowser,
and a couple of BHOs listing files named hhu.dll and dbooavac.dll (Hungry Hands, and
unknown, respectively).

Additionally listed were an entry naming Bxxs5.dll (BookedSpace), and the SafeSearch
BHO Toolbar listed as:
{00000000-0000-0000-0000-000000000001}

"Fixing" these entries with Hijack This returned the missing Explorer functionality
on that machine, where the "Core Library" entry was not present. Because I was
time-constrained, I had to remove all the entries at once, so I could not determine
which was the one responsible. Hopefully this additional info will help someone
with similar problems.
--
Glen Ventura, MS MVP W95/98 Systems
http://dts-l.org/goodpost.htm


"glee" > wrote in message
...
> A large number of posts lately are reporting that several functions of Windows
> Explorer (Explorer.exe) are failing, all with the same error message:
> "EXPLORER caused an invalid page fault in module <unknown> at 0000:07c7fc6e
> This includes trying to open "My Computer", Control Panel, Windows Explorer, and
> other functions.
>
> So far, we have had luck with running Hijack This, marking this entry and clicking
> the "Fix Checked" button:
> O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} -
> C:\WINDOWS\SYSTEM\KDP2928.DLL
> Then find and delete the file KDP2928.DLL
>
> Alternately, you may instead find this entry:
> O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} -
> C:\WINDOWS\SYSTEM\PDF1C3B.DLL
> Again, use Hijack This to fix the entry, reboot, and delete the file PDF1C3B.DLL
>
> Note that other CLSIDs and file names may turn up for the BHO "Core Library", and
in
> that case those should be fixed and the associated file deleted.
>
> The manual removal instructions at:
> http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp
> cover all or most of the variations, and should work for any of the versions of
that
> particular malware.
>
> Hijack This must be used with caution, as it finds both the good and the bad. Do
> not use it to remove anything other than this particular entry, without first
asking
> for guidance in one of the spyware forums listed below.
>
> Here is my standard post regarding Hijack This:
>
> Download, unzip (if it is in a .zip file), and run Hijack This from one of these
> locations:
> http://computercops.biz/downloads-cat-14.html
> http://www.majorgeeks.com/downloads31.html
> http://www.spywareinfo.com/downloads/tools/HijackThis.exe
> Unzip or locate it to a folder other than your Desktop or the Temp folder,
> double-click HijackThis.exe, and hit "Scan".
>
> When the scan is finished, the "Scan" button will change into a "Save Log"
> button.
> Press that, save the log somewhere you can find it (Desktop, My Documents, or
> similar).
> Most of what it lists will be harmless or even required, so do NOT fix anything
yet.
>
> Copy the log files and paste them into a new post at one of these forums:
> http://forum.aumha.org/
> Specifically -
> http://forum.aumha.org/viewforum.php?f=30&sid=8ffbc7fdbcb01f7e49a03f108b7f3a1c
> or
> http://forums.net-integration.net/
> http://computercops.biz/forums.html
> http://forums.spywareinfo.com/index.php?showforum=30
> http://tomcoyote.org/forums/
> http://www.lavasoftsupport.com
> http://boards.cexx.org/
>
> The folks there will tell you what to remove.
>
> A tutorial for using Hijack This is located here:
> http://tomcoyote.com/hjt/
> and an in-depth tutorial is here:
> http://aumha.org/a/hjttutor.htm
> --
> Glen Ventura, MS MVP W95/98 Systems
> http://dts-l.org/goodpost.htm
>
>
>

All those dastardly XP-defectors are getting their just desserts, then!

--
Thanks or Good Luck,
There may be humor in this post, and,
Naturally, you will not sue,
should things get worse after this,
PCR

"glee" > wrote in message
...
| I just cleaned up an XP machine with this same problem, and it did not
have either
| of these BHOs listed in Hijack This. However it did have others using
the name
| "NoName", including:
| {00000185-C745-43D2-44F1-01A1C789C738}
| file name BHO010~1.DLL, which is SmartBrowser,
| and a couple of BHOs listing files named hhu.dll and dbooavac.dll
(Hungry Hands, and
| unknown, respectively).
|
| Additionally listed were an entry naming Bxxs5.dll (BookedSpace), and
the SafeSearch
| BHO Toolbar listed as:
| {00000000-0000-0000-0000-000000000001}
|
| "Fixing" these entries with Hijack This returned the missing Explorer
functionality
| on that machine, where the "Core Library" entry was not present.
Because I was
| time-constrained, I had to remove all the entries at once, so I could
not determine
| which was the one responsible. Hopefully this additional info will
help someone
| with similar problems.
| --
| Glen Ventura, MS MVP W95/98 Systems
| http://dts-l.org/goodpost.htm
|
|
| "glee" > wrote in message
| ...
| > A large number of posts lately are reporting that several functions
of Windows
| > Explorer (Explorer.exe) are failing, all with the same error
message:
| > "EXPLORER caused an invalid page fault in module <unknown> at
0000:07c7fc6e
| > This includes trying to open "My Computer", Control Panel, Windows
Explorer, and
| > other functions.
| >
| > So far, we have had luck with running Hijack This, marking this
entry and clicking
| > the "Fix Checked" button:
| > O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} -
| > C:\WINDOWS\SYSTEM\KDP2928.DLL
| > Then find and delete the file KDP2928.DLL
| >
| > Alternately, you may instead find this entry:
| > O2 - BHO: Core Library - {D4D505DF-D582-400c-91B6-84921012AFE3} -
| > C:\WINDOWS\SYSTEM\PDF1C3B.DLL
| > Again, use Hijack This to fix the entry, reboot, and delete the file
PDF1C3B.DLL
| >
| > Note that other CLSIDs and file names may turn up for the BHO "Core
Library", and
| in
| > that case those should be fixed and the associated file deleted.
| >
| > The manual removal instructions at:
| > http://www.pestpatrol.com/PestInfo/s/safeguardprotect.asp
| > cover all or most of the variations, and should work for any of the
versions of
| that
| > particular malware.
| >
| > Hijack This must be used with caution, as it finds both the good and
the bad. Do
| > not use it to remove anything other than this particular entry,
without first
| asking
| > for guidance in one of the spyware forums listed below.
| >
| > Here is my standard post regarding Hijack This:
| >
| > Download, unzip (if it is in a .zip file), and run Hijack This from
one of these
| > locations:
| > http://computercops.biz/downloads-cat-14.html
| > http://www.majorgeeks.com/downloads31.html
| > http://www.spywareinfo.com/downloads/tools/HijackThis.exe
| > Unzip or locate it to a folder other than your Desktop or the Temp
folder,
| > double-click HijackThis.exe, and hit "Scan".
| >
| > When the scan is finished, the "Scan" button will change into a
"Save Log"
| > button.
| > Press that, save the log somewhere you can find it (Desktop, My
Documents, or
| > similar).
| > Most of what it lists will be harmless or even required, so do NOT
fix anything
| yet.
| >
| > Copy the log files and paste them into a new post at one of these
forums:
| > http://forum.aumha.org/
| > Specifically -
| >
http://forum.aumha.org/viewforum.php?f=30&sid=8ffbc7fdbcb01f7e49a03f108b7f3a1c
| > or
| > http://forums.net-integration.net/
| > http://computercops.biz/forums.html
| > http://forums.spywareinfo.com/index.php?showforum=30
| > http://tomcoyote.org/forums/
| > http://www.lavasoftsupport.com
| > http://boards.cexx.org/
| >
| > The folks there will tell you what to remove.
| >
| > A tutorial for using Hijack This is located here:
| > http://tomcoyote.com/hjt/
| > and an in-depth tutorial is here:
| > http://aumha.org/a/hjttutor.htm
| > --
| > Glen Ventura, MS MVP W95/98 Systems
| > http://dts-l.org/goodpost.htm
| >
| >
| >
|