Help ..

HI,
i would like some help i have win 98. se and IE explorer 6
everytime i try and open my documents or my computer it says there has been an illegal opperation and when i press more this comes up:

EXPLORER caused an invalid page fault in
module <unknown> at 0000:07c7fc6e.
Registers:
EAX=00459138 CS=016f EIP=07c7fc6e EFLGS=00010246
EBX=01f70a20 SS=0177 ESP=0152be24 EBP=0152be40
ECX=50002fa8 DS=0177 ESI=01f70a28 FS=37f7
EDX=0152be34 ES=0177 EDI=0152c154 GS=0000
Bytes at CS:EIP:
Stack dump:
01e35da1 00459138 0152be34 00000000 00000000 00459138 00445cec 0152be8c 01e35de2 0152c154 01f70a28 00000000 00000000 00000000 00000000 0152c0a4

if anyone can help me please do

 

Does it happen in Safe Mode?

I suspect spyware.

Try Ad Aware, make sure you update it and online virus scan from http://housecall.antivirus.com.

 

Welcome

Hey -- I've never had a chance to say this. WELCOME to Major Geeks. I was thrilled when I found this place. Maybe you've been here awhile as a "reader" but I saw it was your first post so I jumped in to say hi.

Just in case you don't know:
You can find Ad Aware by going to the Major Geeks home page and selecting "Spyware Tools" from the left hand column.

 

thanks everyone... but it hasn't worked yet
i'm not sure what safe mode is ..
and i already have ad aware and spy bot
and they hav not found nothing ( i have updated them ... )

Help!

 

Here's how to enter Safe Mode: http://www.microsoft.com/mspress/books/sampchap/6401.asp#136

However, your problem could be due to: http://support.microsoft.com/default.aspx?scid=kb;en-us;298343

 

safe mode sounds like it's for computers that won't boot up , mine does

 

Safe Mode is for a variety of things....


Try it.

 

Lesson #1

Dear Gethin (and others),
Learn to READ what people send you to read, DO what people advise you to do, and come on back and let 'em know what happened. You'll be surprised that 90% of the time - it works just like they said. And if it doesn't and you tell them how/why it doesn't -- someone will tell you the NEXT thing to try.

It's like a smorgasbord of brain power here. Take advantage of it by acting on the first advice and going from their
(*cough*, okay, um, the truth, really, is that, um, there are a lot of MEN who post ideas here and they uh, how should I put this delicately -- uh, they don't like to be second-guessed)

 

OK, I may have mislead you in the first of the MS articles I posted. However, here is a better one: http://support.microsoft.com/default.aspx?scid=kb;EN-US;180902

 

Trying running Dr. Watson. Hopefully, it will help you locate the cause of page fault errors

 

Dr. watson did find anything
but i can get to it from safe mode, looks weird though....
But i can't get to it the normal way though
thanks

 

Go to control panel, internet options, advanced tab.

Under the browsing section, uncheck enable third party browser extensions.

Reboot.

BHO (Browser Helper Objects affect both Internet Explorer and Windows Explorer.

If that helps, then I am certain its spyware.

 

OK i did as you said , but i don't think it worked ,i went back to the normal computer and it still won't le tme go on my doc. my comp. but adware did find some browser hijack attempt!
Thanks!
Gethin

 

This is a logfiel of what hijack this found
it told me to go to someone clever so i did....


Logfile of HijackThis v1.97.7
Scan saved at 11:24:05, on 30/05/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGSERV9.EXE
C:\PROGRAM FILES\MESSENGER PLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\GRISOFT\AVG6\AVGCC32.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP SOFTWARE UPDATE\HPWUSCHD.EXE
C:\WINDOWS\SYSTEM\HPZTSB08.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\BIN\HPOTDD01.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\BROWSER HIJACK BLASTER\BHBLASTER.EXE
C:\HIJACKTHIS.EXE

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Together with 24/7 Internet
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/*http://www.yahoo.com
O2 - BHO: (no name) - {A4CC2CC6-1A5E-A11D-DB90-3527226BD10D} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCATCH.DLL (file missing)
O2 - BHO: SysShield IE Popup Blocker - {9A23B8A4-C6C9-4A68-8FA6-5F905DC8FF80} - C:\PROGRAM FILES\SYSSHIELD TOOLS\INTERNET ERASER\PKEXT.DLL
O2 - BHO: Core Library - {F281FFC7-6C63-4bf9-83F2-AB7A6157B109} - C:\WINDOWS\SYSTEM\KDP272F.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: AbsoluteShield - {EE9DD090-902D-4623-9360-FB7D8666202B} - C:\PROGRAM FILES\SYSSHIELD TOOLS\INTERNET ERASER\ABSOLUTEBAR.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Kazaa Download Accelerator Updater (required)] regsvr32 /s C:\WINDOWS\SYSTEM\KDP272F.DLL
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [Avgserv9.exe] C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {88C51E90-8E9C-4C96-8A45-574D88B63FAF} - http://acceso.masminutos.com/laaplicacion.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralInitialSetup1.0.0.8.cab
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) - http://register.btopenworld.com/templates/btwebcontrol012.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38053.1021296296
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab27571.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/148119a2571ca3/housecall.antivirus.com/housecall/xscan53.cab

 

Does anyone understand it then