locked
Internet Explorer Crashing RRS feed

  • Question

  • Lately on our clients & Windows Server 2008 Terminal Servers Internet Explorer has been crashing a lot. Each time IE crashes I get the following event log.

    Log Name:      Application
    Source:        Application Error
    Date:          2/14/2012 6:48:12 PM
    Event ID:      1000
    Task Category: (100)
    Level:         Error
    Keywords:      Classic
    User:          N/A
    Computer:      server.domain.com
    Description:
    Faulting application iexplore.exe, version 8.0.6001.19170, time stamp 0x4eb21c98, faulting module ntdll.dll, version 6.0.6002.22742, time stamp 0x4ec3deab, exception code 0xc0000005, fault offset 0x0003dd4d, process id 0x53a0, application start time 0x01cceb7b4d57d3dd.

    I've ran sfc /scannow but all looks good. I get "Windows Resource Protection did not find any integrity violations".

    Thoughts?


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Wednesday, February 15, 2012 4:59 AM

All replies

  • Any ideas?

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Thursday, February 16, 2012 5:01 AM
  • Hi,
     
    Please try to download and recover the ntdll.dll file, it may be damaged. 
     
    I suggest you perform a Clean Boot then check the issue again.
    http://support.microsoft.com/kb/929135
     
    Note: Clean Boot is a step of troubleshooting, we can go back to normal by running MSCONIFG.
     
    You’d better run Internet Explorer with “no-add-ons” model.
    1.       Open Start Menu, then click all programs, select Accessories, open the  system tools;
    2.       Right-click Internet Explorer(No Add-ons), run as Administrator.
     
    Also you can reset your IE settings. Here is an official article can be referred to.
    How to reset Internet Explorer settings
    http://support.microsoft.com/kb/923737
     
    If the issue persists, you could restore the Internet Explorer by turn off and turn on the IE feature in the control panel ->Programs and Features.
    Note: Before you restore internet explorer, please perform a system backup first and backup your favorites.
     
    Besides of above suggestions, you’d better scan your computer and clear malware in time.
    Friday, February 17, 2012 12:57 PM
  • faulting module ntdll.dll

    Such crashes are rarely a problem in the module they occur in.   Regard them as victims of bad calls.   Unfortunately, we don't get a Stack Back Trace any more, e.g. the way that drwtsn32.log used to provide, so in order to find out what the call stack looks like you will have to use some kind of debugger or post mortem dump analyzer.   On XP I used to see somewhat usable crash event entries in ProcMon; e.g. a pseudo Stack Back Trace but at least a list of the modules loaded at the time of the event.   Now, in W7, it seems that has been obscured by invoking WER somehow.   So, I doubt even ProcMon is of much help directly with the crash any more.   However, if you have a reproducible symptom, running ProcMon can help give you a lot of insight about which modules could be involved and what was happening just before the crash occurred.



    ---

    Friday, February 17, 2012 1:25 PM
    Answerer
  • I was able to capture a crash using adplus.exe. Below is the debug log. Any thoughts?

    Opened log file 'c:\temp\debug.log'
    0:015> !analyze -v;r;kv;lmnt;.logclose;q
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************

    *** ERROR: Symbol file could not be found.  Defaulted to export symbols for Flash11f.ocx -

    FAULTING_IP:
    ntdll!RtlpWaitOnCriticalSection+bd
    7709224d ff4014          inc     dword ptr [eax+14h]

    EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
    .exr 0xffffffffffffffff
    ExceptionAddress: 7709224d (ntdll!RtlpWaitOnCriticalSection+0x000000bd)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000001
       Parameter[1]: 00000014
    Attempt to write to address 00000014

    PROCESS_NAME:  iexplore.exe

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_PARAMETER1:  00000001

    EXCEPTION_PARAMETER2:  00000014

    WRITE_ADDRESS:  00000014

    FOLLOWUP_IP:
    mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+48
    5b109bd6 837f3000        cmp     dword ptr [edi+30h],0

    MOD_LIST: <ANALYSIS/>

    NTGLOBALFLAG:  0

    APPLICATION_VERIFIER_FLAGS:  0

    FAULTING_THREAD:  000005d0

    BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE

    PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE

    DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

    LAST_CONTROL_TRANSFER:  from 7709215c to 7709224d

    STACK_TEXT: 
    0f6cf88c 7709215c 00000000 00000000 00000001 ntdll!RtlpWaitOnCriticalSection+0xbd
    0f6cf8b4 5b109bd6 0bf38ba8 7ffd7000 0b23edb8 ntdll!RtlEnterCriticalSection+0x150
    0f6cf8cc 5b109ca3 00000001 0f6cf918 7707b3a0 mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+0x48
    0f6cf8d8 7707b3a0 0bf38b98 00000000 74ac884e mshtml!CNetworkManager::CNetworkAvailabilityListener::IoctlCallback+0xf
    0f6cf918 77090ed6 0f6cf97c 0b23edb8 13d9eea8 ntdll!RtlpTpWaitCallback+0x94
    0f6cf940 77090846 0f6cf97c 13d9ef08 74ac8bf6 ntdll!TppWaitpExecuteCallback+0x11b
    0f6cfaa0 76fced6c 003b2c88 0f6cfaec 770c377b ntdll!TppWorkerThread+0x572
    0f6cfaac 770c377b 003b2c88 74ac8bba 00000000 kernel32!BaseThreadInitThunk+0xe
    0f6cfaec 770c374e 770903e9 003b2c88 ffffffff ntdll!__RtlUserThreadStart+0x70
    0f6cfb04 00000000 770903e9 003b2c88 00000000 ntdll!_RtlUserThreadStart+0x1b


    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+48

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: mshtml

    IMAGE_NAME:  mshtml.dll

    DEBUG_FLR_IMAGE_TIMESTAMP:  4e5eef87

    STACK_COMMAND:  ~15s; .ecxr ; kb

    FAILURE_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE_c0000005_mshtml.dll!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus

    BUCKET_ID:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+48

    WATSON_IBUCKET:  -1527515547

    WATSON_IBUCKETTABLE:  1

    WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/iexplore_exe/9_0_8112_16421/4d76255d/ntdll_dll/6_1_7601_17725/4ec49b60/c0000005/0003224d.htm?Retriage=1

    Followup: MachineOwner
    ---------

    eax=00000000 ebx=fffffffc ecx=00000000 edx=00000004 esi=0bf38ba8 edi=0bf38bac
    eip=7709224d esp=0f6cf83c ebp=0f6cf88c iopl=0         nv up ei pl nz ac po cy
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010213
    ntdll!RtlpWaitOnCriticalSection+0xbd:
    7709224d ff4014          inc     dword ptr [eax+14h]  ds:0023:00000014=????????
    ChildEBP RetAddr  Args to Child             
    0f6cf88c 7709215c 00000000 00000000 00000001 ntdll!RtlpWaitOnCriticalSection+0xbd (FPO: [Non-Fpo])
    0f6cf8b4 5b109bd6 0bf38ba8 7ffd7000 0b23edb8 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
    0f6cf8cc 5b109ca3 00000001 0f6cf918 7707b3a0 mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+0x48 (FPO: [Non-Fpo])
    0f6cf8d8 7707b3a0 0bf38b98 00000000 74ac884e mshtml!CNetworkManager::CNetworkAvailabilityListener::IoctlCallback+0xf (FPO: [Non-Fpo])
    0f6cf918 77090ed6 0f6cf97c 0b23edb8 13d9eea8 ntdll!RtlpTpWaitCallback+0x94 (FPO: [Non-Fpo])
    0f6cf940 77090846 0f6cf97c 13d9ef08 74ac8bf6 ntdll!TppWaitpExecuteCallback+0x11b (FPO: [Non-Fpo])
    0f6cfaa0 76fced6c 003b2c88 0f6cfaec 770c377b ntdll!TppWorkerThread+0x572 (FPO: [Non-Fpo])
    0f6cfaac 770c377b 003b2c88 74ac8bba 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
    0f6cfaec 770c374e 770903e9 003b2c88 ffffffff ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
    0f6cfb04 00000000 770903e9 003b2c88 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])
    start    end        module name
    00110000 0013c000   CAHook   CAHook.dll   Thu Jan 04 11:05:34 2007 (459D33DE)
    00140000 00166000   CAServer CAServer.dll Thu Jan 04 11:03:27 2007 (459D335F)
    00b30000 00bb5000   igdumdx32 igdumdx32.dll Wed Sep 23 14:14:53 2009 (4ABA73AD)
    00bc0000 00c78000   iexplore iexplore.exe Tue Mar 08 06:47:25 2011 (4D76255D)
    07960000 07d17000   igdumd32 igdumd32.dll Wed Sep 23 14:18:03 2009 (4ABA746B)
    10000000 10021000   CACheck  CACheck.dll  Thu Jan 04 11:06:00 2007 (459D33F8)
    518c0000 521e7000   Flash11f Flash11f.ocx Mon Feb 13 19:49:21 2012 (4F39BDA1)
    54280000 54840000   agcore   agcore.dll   Tue Aug 30 18:25:32 2011 (4E5D716C)
    56580000 56667000   ddraw    ddraw.dll    Mon Jul 13 20:04:56 2009 (4A5BD9B8)
    56760000 56862000   d3d10    d3d10.dll    Mon Jul 13 20:04:32 2009 (4A5BD9A0)
    57c10000 57c69000   dxtmsft  dxtmsft.dll  Tue Mar 08 06:46:39 2011 (4D76252F)
    57c70000 57d6d000   npctrl   npctrl.dll   Tue Aug 30 18:23:06 2011 (4E5D70DA)
    58f50000 58f8a000   dxtrans  dxtrans.dll  Tue Mar 08 06:46:25 2011 (4D762521)
    59090000 590fa000   vbscript vbscript.dll Tue Mar 08 06:47:31 2011 (4D762563)
    5a720000 5a84c000   D3D10Warp D3D10Warp.dll Sat Nov 20 05:57:35 2010 (4CE7B7AF)
    5a850000 5aa0b000   jscript9 jscript9.dll Wed Aug 31 21:35:52 2011 (4E5EEF88)
    5aa10000 5b5ca000   mshtml   mshtml.dll   Wed Aug 31 21:35:51 2011 (4E5EEF87)
    5b5f0000 5b623000   d3d10core d3d10core.dll Mon Jul 13 20:04:35 2009 (4A5BD9A3)
    5bf10000 5c01a000   DWrite   DWrite.dll   Sat Feb 19 00:24:43 2011 (4D5F622B)
    5c050000 5c081000   IEShims  IEShims.dll  Wed Aug 31 21:26:35 2011 (4E5EED5B)
    5c280000 5c2f2000   dsound   dsound.dll   Mon Jul 13 20:06:05 2009 (4A5BD9FD)
    641c0000 6427a000   d2d1     d2d1.dll     Sat Feb 19 00:23:07 2011 (4D5F61CB)
    67fc0000 6803f000   D3D10Level9 D3D10Level9.dll Sat Nov 20 05:57:34 2010 (4CE7B7AE)
    68160000 681d9000   mscms    mscms.dll    Sat Nov 20 06:02:24 2010 (4CE7B8D0)
    698a0000 698b8000   dxva2    dxva2.dll    Mon Jul 13 20:06:26 2009 (4A5BDA12)
    69900000 69906000   dciman32 dciman32.dll Mon Jul 13 20:04:52 2009 (4A5BD9B4)
    6a600000 6af45000   ieframe  ieframe.dll  Wed Aug 31 21:32:44 2011 (4E5EEECC)
    6b990000 6b9be000   mlang    mlang.dll    Mon Jul 13 20:06:41 2009 (4A5BDA21)
    6bda0000 6bdac000   imgutil  imgutil.dll  Tue Mar 08 06:46:08 2011 (4D762510)
    6be60000 6c023000   d3d9     d3d9.dll     Sat Nov 20 05:57:39 2010 (4CE7B7B3)
    6d8b0000 6d8e2000   ieproxy  ieproxy.dll  Tue Mar 08 06:47:24 2011 (4D76255C)
    6d930000 6d93d000   MSOXMLMF MSOXMLMF.DLL Sun Feb 28 03:13:14 2010 (4B8A33AA)
    6e390000 6e413000   dxgi     dxgi.dll     Sat Nov 20 05:59:21 2010 (4CE7B819)
    6fa40000 6fa55000   cabinet  cabinet.dll  Sat Nov 20 05:56:24 2010 (4CE7B768)
    6fe90000 6fe96000   d3d8thk  d3d8thk.dll  Mon Jul 13 20:04:40 2009 (4A5BD9A8)
    704e0000 7050b000   msls31   msls31.dll   Tue Mar 08 06:45:36 2011 (4D7624F0)
    70540000 7055c000   cryptnet cryptnet.dll Mon Jul 13 20:07:08 2009 (4A5BDA3C)
    712b0000 712b6000   SensApi  SensApi.dll  Mon Jul 13 20:10:41 2009 (4A5BDB11)
    71840000 71846000   rasadhlp rasadhlp.dll Mon Jul 13 20:09:42 2009 (4A5BDAD6)
    71850000 719a8000   msxml6   msxml6.dll   Sat Nov 20 06:02:51 2010 (4CE7B8EB)
    720e0000 72113000   windowscodecsext windowscodecsext.dll Mon Jul 13 20:11:23 2009 (4A5BDB3B)
    72420000 724c3000   msvcr90  msvcr90.dll  Wed Sep 29 02:48:39 2010 (4CA2EF57)
    727b0000 727ea000   d3d10_1core d3d10_1core.dll Sat Nov 20 05:57:32 2010 (4CE7B7AC)
    72850000 72888000   FWPUCLNT FWPUCLNT.DLL Sat Nov 20 05:59:46 2010 (4CE7B832)
    72890000 728a2000   dhcpcsvc dhcpcsvc.dll Mon Jul 13 20:04:53 2009 (4A5BD9B5)
    728b0000 728bd000   dhcpcsvc6 dhcpcsvc6.DLL Mon Jul 13 20:04:54 2009 (4A5BD9B6)
    729e0000 729e7000   winnsi   winnsi.dll   Mon Jul 13 20:11:31 2009 (4A5BDB43)
    729f0000 72a0c000   IPHLPAPI IPHLPAPI.DLL Sat Nov 20 06:00:25 2010 (4CE7B859)
    72bc0000 72bc5000   msimg32  msimg32.dll  Mon Jul 13 20:08:48 2009 (4A5BDAA0)
    72bd0000 72bfc000   d3d10_1  d3d10_1.dll  Sun Jan 16 23:37:39 2011 (4D33D5A3)
    72dc0000 72dca000   ddrawex  ddrawex.dll  Mon Jul 13 20:04:57 2009 (4A5BD9B9)
    72f00000 72f07000   midimap  midimap.dll  Mon Jul 13 20:08:20 2009 (4A5BDA84)
    72f10000 72f24000   msacm32_72f10000 msacm32.dll  Mon Jul 13 20:07:26 2009 (4A5BDA4E)
    72f30000 72f66000   AudioSes AudioSes.dll Sat Nov 20 05:55:17 2010 (4CE7B725)
    73350000 7338c000   oleacc   oleacc.dll   Fri Aug 26 23:18:48 2011 (4E587028)
    73480000 7348d000   rtutils  rtutils.dll  Sat Nov 20 06:06:04 2010 (4CE7B9AC)
    73490000 734a5000   rasman   rasman.dll   Mon Jul 13 20:09:51 2009 (4A5BDADF)
    734b0000 73502000   rasapi32 rasapi32.dll Mon Jul 13 20:09:43 2009 (4A5BDAD7)
    735b0000 735bf000   samcli   samcli.dll   Sat Nov 20 06:05:52 2010 (4CE7B9A0)
    735c0000 735cf000   wkscli   wkscli.dll   Sat Nov 20 03:32:23 2010 (4CE795A7)
    735d0000 735e1000   netapi32 netapi32.dll Sat Nov 20 06:03:31 2010 (4CE7B913)
    736c0000 736cb000   msimtf   msimtf.dll   Mon Jul 13 20:08:50 2009 (4A5BDAA2)
    736d0000 736d4000   ksuser   ksuser.dll   Mon Jul 13 20:09:07 2009 (4A5BDAB3)
    736e0000 73710000   wdmaud   wdmaud.drv   Sat Nov 20 06:08:06 2010 (4CE7BA26)
    73710000 73742000   winmm    winmm.dll    Sat Nov 20 06:08:34 2010 (4CE7BA42)
    738e0000 738f0000   nlaapi   nlaapi.dll   Sat Nov 20 06:03:27 2010 (4CE7B90F)
    739a0000 739c5000   PeerDist PeerDist.dll Mon Jul 13 20:09:32 2009 (4A5BDACC)
    739d0000 739d8000   msacm32  msacm32.drv  Mon Jul 13 20:07:27 2009 (4A5BDA4F)
    739f0000 73a04000   atl      atl.dll      Mon Jul 13 20:03:54 2009 (4A5BD97A)
    73ad0000 73bcb000   windowscodecs windowscodecs.dll Sat Nov 20 06:08:26 2010 (4CE7BA3A)
    73bd0000 73bff000   xmllite  xmllite.dll  Wed Jun 15 23:26:03 2011 (4DF985DB)
    73c00000 73c13000   dwmapi   dwmapi.dll   Mon Jul 13 20:06:15 2009 (4A5BDA07)
    73d60000 73e55000   propsys  propsys.dll  Sat Nov 20 06:05:23 2010 (4CE7B983)
    73e60000 73e99000   MMDevAPI MMDevAPI.dll Sat Nov 20 06:01:22 2010 (4CE7B892)
    73ea0000 73ec5000   powrprof powrprof.dll Mon Jul 13 20:10:36 2009 (4A5BDB0C)
    740e0000 74120000   uxtheme  uxtheme.dll  Mon Jul 13 20:11:20 2009 (4A5BDB38)
    74120000 74127000   avrt     avrt.dll     Mon Jul 13 20:04:24 2009 (4A5BD998)
    74150000 742ee000   comctl32 comctl32.dll Sat Nov 20 05:55:08 2010 (4CE7B71C)
    745b0000 745d1000   ntmarta  ntmarta.dll  Mon Jul 13 20:10:01 2009 (4A5BDAE9)
    746f0000 746f9000   version  version.dll  Mon Jul 13 20:11:07 2009 (4A5BDB2B)
    74780000 74785000   WSHTCPIP WSHTCPIP.DLL Mon Jul 13 20:11:54 2009 (4A5BDB5A)
    74830000 74846000   gpapi    gpapi.dll    Mon Jul 13 20:05:36 2009 (4A5BD9E0)
    74850000 74867000   userenv  userenv.dll  Sat Nov 20 06:08:08 2010 (4CE7BA28)
    74940000 74948000   credssp  credssp.dll  Sat Nov 20 05:59:57 2010 (4CE7B83D)
    74950000 7495e000   devrtl   devrtl.dll   Mon Jul 13 18:16:06 2009 (4A5BC036)
    74960000 7499d000   bcryptprimitives bcryptprimitives.dll Mon Jul 13 20:04:07 2009 (4A5BD987)
    74a10000 74a19000   netutils netutils.dll Sat Nov 20 03:32:22 2010 (4CE795A6)
    74a20000 74a5b000   rsaenh   rsaenh.dll   Mon Jul 13 20:09:52 2009 (4A5BDAE0)
    74a90000 74aca000   schannel schannel.dll Sat Nov 20 06:06:08 2010 (4CE7B9B0)
    74b00000 74b44000   dnsapi   dnsapi.dll   Wed Mar 02 23:29:23 2011 (4D6F2733)
    74c30000 74c36000   wship6   wship6.dll   Mon Jul 13 20:11:50 2009 (4A5BDB56)
    74c40000 74c7c000   mswsock  mswsock.dll  Sat Nov 20 06:02:48 2010 (4CE7B8E8)
    74c80000 74c96000   cryptsp  cryptsp.dll  Mon Jul 13 20:07:09 2009 (4A5BDA3D)
    74d90000 74da7000   bcrypt   bcrypt.dll   Mon Jul 13 20:04:06 2009 (4A5BD986)
    74db0000 74de8000   ncrypt   ncrypt.dll   Mon Jul 13 20:08:09 2009 (4A5BDA79)
    74df0000 74e0b000   authz    authz.dll    Mon Jul 13 20:04:12 2009 (4A5BD98C)
    74f20000 74f39000   srvcli   srvcli.dll   Sat Nov 20 06:07:59 2010 (4CE7BA1F)
    74fb0000 74fb8000   secur32  secur32.dll  Sat Nov 20 06:06:41 2010 (4CE7B9D1)
    750e0000 750fb000   sspicli  sspicli.dll  Sat Nov 20 06:08:04 2010 (4CE7BA24)
    75100000 7514c000   apphelp  apphelp.dll  Sat Nov 20 05:55:42 2010 (4CE7B73E)
    75150000 7515c000   CRYPTBASE CRYPTBASE.dll Mon Jul 13 18:12:01 2009 (4A5BBF41)
    75160000 751bf000   sxs      sxs.dll      Sat Nov 20 06:07:34 2010 (4CE7BA06)
    751f0000 751fe000   RpcRtRemote RpcRtRemote.dll Sat Nov 20 03:47:27 2010 (4CE7992F)
    75200000 7520b000   profapi  profapi.dll  Mon Jul 13 18:12:01 2009 (4A5BBF41)
    75270000 7527c000   msasn1   msasn1.dll   Sat Nov 20 06:02:17 2010 (4CE7B8C9)
    75280000 752a7000   cfgmgr32 cfgmgr32.dll Sat Nov 20 05:56:55 2010 (4CE7B787)
    752b0000 752c2000   devobj   devobj.dll   Mon Jul 13 20:05:09 2009 (4A5BD9C5)
    752d0000 7531a000   KERNELBASE KERNELBASE.dll Fri Jul 15 23:21:20 2011 (4E2111C0)
    75320000 7534d000   wintrust wintrust.dll Sat Nov 20 06:08:50 2010 (4CE7BA52)
    753e0000 754fd000   crypt32  crypt32.dll  Sat Nov 20 06:00:01 2010 (4CE7B841)
    75500000 7559d000   usp10    usp10.dll    Sat Nov 20 06:08:09 2010 (4CE7BA29)
    755a0000 755b9000   sechost  sechost.dll  Mon Jul 13 20:10:28 2009 (4A5BDB04)
    755c0000 7560e000   gdi32    gdi32.dll    Sat Nov 20 05:59:06 2010 (4CE7B80A)
    75610000 75667000   shlwapi  shlwapi.dll  Sat Nov 20 06:06:58 2010 (4CE7B9E2)
    75670000 75780000   urlmon   urlmon.dll   Wed Aug 31 21:28:27 2011 (4E5EEDCB)
    75780000 757b5000   ws2_32   ws2_32.dll   Sat Nov 20 06:09:12 2010 (4CE7BA68)
    757c0000 757c6000   nsi      nsi.dll      Mon Jul 13 20:09:45 2009 (4A5BDAD9)
    757d0000 757da000   lpk      lpk.dll      Mon Jul 13 20:06:33 2009 (4A5BDA19)
    757e0000 758a9000   user32   user32.dll   Sat Nov 20 06:08:06 2010 (4CE7BA26)
    758b0000 758b5000   psapi    psapi.dll    Mon Jul 13 20:09:34 2009 (4A5BDACE)
    758c0000 75943000   clbcatq  clbcatq.dll  Mon Jul 13 20:04:49 2009 (4A5BD9B1)
    75950000 75aed000   setupapi setupapi.dll Sat Nov 20 06:06:49 2010 (4CE7B9D9)
    75af0000 7673a000   shell32  shell32.dll  Mon Aug 29 23:13:37 2011 (4E5C6371)
    76740000 767ec000   msvcrt   msvcrt.dll   Mon Jul 13 20:07:59 2009 (4A5BDA6F)
    767f0000 7680f000   imm32    imm32.dll    Sat Nov 20 06:00:05 2010 (4CE7B845)
    76810000 7688b000   comdlg32 comdlg32.dll Sat Nov 20 05:59:41 2010 (4CE7B82D)
    76890000 768d5000   Wldap32  Wldap32.dll  Sat Nov 20 06:09:06 2010 (4CE7BA62)
    768e0000 769fa000   wininet  wininet.dll  Wed Aug 31 21:28:09 2011 (4E5EEDB9)
    76a60000 76aef000   oleaut32 oleaut32.dll Fri Aug 26 23:18:50 2011 (4E58702A)
    76af0000 76b90000   advapi32 advapi32.dll Sat Nov 20 05:54:46 2010 (4CE7B706)
    76b90000 76cec000   ole32    ole32.dll    Sat Nov 20 06:05:03 2010 (4CE7B96F)
    76cf0000 76ea8000   iertutil iertutil.dll Wed Aug 31 21:23:15 2011 (4E5EEC93)
    76eb0000 76f7c000   msctf    msctf.dll    Mon Jul 13 20:07:53 2009 (4A5BDA69)
    76f80000 77054000   kernel32 kernel32.dll Fri Jul 15 23:21:19 2011 (4E2111BF)
    77060000 7719c000   ntdll    ntdll.dll    Wed Nov 16 23:28:00 2011 (4EC49B60)
    771a0000 771a3000   normaliz normaliz.dll Mon Jul 13 20:09:40 2009 (4A5BDAD4)
    771e0000 77281000   rpcrt4   rpcrt4.dll   Sat Nov 20 06:05:54 2010 (4CE7B9A2)
    7c340000 7c396000   msvcr71  msvcr71.dll  Fri Feb 21 06:42:20 2003 (3E561EAC)
    7c3a0000 7c41b000   msvcp71  msvcp71.dll  Tue Mar 18 23:14:51 2003 (3E77EEBB)
    Closing open log file c:\temp\debug.log


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, February 17, 2012 4:42 PM
  • Good suggestions Ivan-Liu. Thank you.

    -I will try testing the clean boot option over the weekend.

    -Running IE with no add-on - still have issue.

    -Reseting IE settings - still have issue.

    -I will try turning off then on the IE feature this weekend.

    -Virus/malware scan was the first thing I looked at. All checked out good.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, February 17, 2012 5:03 PM
  • Remove IE feature...reboot...Add IE feature...still have the issue.

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, February 17, 2012 6:50 PM
  • Disabling AV/malware did not solve the issue.

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, February 17, 2012 8:47 PM
  • *** ERROR: Symbol file could not be found.  Defaulted to export symbols for Flash11f.ocx -


    The presence of Flash in the load list is the only thing that jumps out at me.   Could you do without Flash?   Supposedly this wouldn't be there if you used No Add-ons mode for a test.


    ---

    Friday, February 17, 2012 10:32 PM
    Answerer
  • As much as I would love to blame Flash, I don't believe that is the issue. That error is just because there is no symbol file available for flash11f.ocx. Running IE with the Flash add-on disabled still generates the error. I'm leaning towards mshtml.dll simply because of the order in the STACK_TEXT.

    STACK_TEXT:
    0f6cf88c 7709215c 00000000 00000000 00000001 ntdll!RtlpWaitOnCriticalSection+0xbd
    0f6cf8b4 5b109bd6 0bf38ba8 7ffd7000 0b23edb8 ntdll!RtlEnterCriticalSection+0x150
    0f6cf8cc 5b109ca3 00000001 0f6cf918 7707b3a0 mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+0x48
    0f6cf8d8 7707b3a0 0bf38b98 00000000 74ac884e mshtml!CNetworkManager::CNetworkAvailabilityListener::IoctlCallback+0xf

    I'm just not sure what mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+0x48 means. Still researching.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, February 17, 2012 11:04 PM
  • Running IE with the Flash add-on disabled still generates the error.


    And without Flash in the load list?   That's all that I was concerned about.   Having it there means that it was doing something, if not on the crashing thread then somewhere else in the same process.

    Have you tried gleaning any clues from ProcMon?

    Good luck


    Robert
    ---

    Saturday, February 18, 2012 12:28 AM
    Answerer
  • That crash dump was taken while flash was still enabled. I will post another crash dump with flash disabled so it won't show up in the analysis.

    I've ran ProcMon but nothing is jumping out at me.


    Patrick Hoban
    http://patrickhoban.wordpress.com


    Saturday, February 18, 2012 5:30 AM
  • Another crash dump. This one was taken while flash was disabled. I'm still leaning towards mshtml.dll being the issue. I can't find anything online about these two lines from the STACK_TEXT.

    02c2f8a4 685c4c78 00000001 02c2f8ec 77876571 mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+0x30
    02c2f8b0 77876571 0b25ec88 02c2f800 27297419 mshtml!CNetworkManager::CNetworkAvailabilityListener::IoctlCallback+0xf

    -----------------------------------------------------------------------------------------------------------------------------------
    Microsoft (R) Windows Debugger Version 6.12.0002.633 X86
    Copyright (c) Microsoft Corporation. All rights reserved.


    Loading Dump File [C:\Temp\20120217_222532_Crash_Mode\MINIDUMP_FirstChance_av_AccessViolation_iexplore.exe__9558_2012-02-17_22-25-37-049_5aa4.dmp]
    User Mini Dump File: Only registers, stack and portions of memory are available

    Comment: 'FirstChance_av_AccessViolation'
    Symbol search path is: SRV*D:\Symbols*http://msdl.microsoft.com/download/symbols;srv*c:\Symbols*http://msdl.microsoft.com/download/symbols
    Executable search path is: d:\images
    Windows Server 2008/Windows Vista Version 6002 (Service Pack 2) MP (24 procs) Free x86 compatible
    Product: Server, suite: Enterprise TerminalServer
    Machine Name:
    Debug session time: Fri Feb 17 22:25:37.000 2012 (UTC - 6:00)
    System Uptime: not available
    Process Uptime: 0 days 0:00:27.000
    ................................................................
    .....................................
    This dump file has an exception of interest stored in it.
    The stored exception information can be accessed via .ecxr.
    (5aa4.20fc): Access violation - code c0000005 (first/second chance not available)
    eax=00000000 ebx=fffffffc ecx=00000000 edx=00000004 esi=0b25ec98 edi=0b25ec9c
    eip=7787dd4d esp=02c2f818 ebp=02c2f868 iopl=0         nv up ei pl nz ac po cy
    cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010213
    ntdll!RtlpWaitOnCriticalSection+0xc5:
    7787dd4d 83401401        add     dword ptr [eax+14h],1 ds:0023:00000014=????????
    0:006> !analyze -v
    *******************************************************************************
    *                                                                             *
    *                        Exception Analysis                                   *
    *                                                                             *
    *******************************************************************************

    *** WARNING: Unable to verify timestamp for iexplore.exe

    FAULTING_IP:
    ntdll!RtlpWaitOnCriticalSection+c5
    7787dd4d 83401401        add     dword ptr [eax+14h],1

    EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
    ExceptionAddress: 7787dd4d (ntdll!RtlpWaitOnCriticalSection+0x000000c5)
       ExceptionCode: c0000005 (Access violation)
      ExceptionFlags: 00000000
    NumberParameters: 2
       Parameter[0]: 00000001
       Parameter[1]: 00000014
    Attempt to write to address 00000014

    PROCESS_NAME:  iexplore.exe

    ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s.

    EXCEPTION_PARAMETER1:  00000001

    EXCEPTION_PARAMETER2:  00000014

    WRITE_ADDRESS:  00000014

    FOLLOWUP_IP:
    mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+30
    685c4bd5 837e3000        cmp     dword ptr [esi+30h],0

    MOD_LIST: <ANALYSIS/>

    NTGLOBALFLAG:  0

    APPLICATION_VERIFIER_FLAGS:  0

    FAULTING_THREAD:  000020fc

    BUGCHECK_STR:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE

    PRIMARY_PROBLEM_CLASS:  NULL_CLASS_PTR_DEREFERENCE

    DEFAULT_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE

    LAST_CONTROL_TRANSFER:  from 7787dc5d to 7787dd4d

    STACK_TEXT: 
    02c2f868 7787dc5d 00000000 00000000 77883990 ntdll!RtlpWaitOnCriticalSection+0xc5
    02c2f890 685c4bd5 0b25ec98 7ffd8000 056c19e0 ntdll!RtlEnterCriticalSection+0x152
    02c2f8a4 685c4c78 00000001 02c2f8ec 77876571 mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+0x30
    02c2f8b0 77876571 0b25ec88 02c2f800 27297419 mshtml!CNetworkManager::CNetworkAvailabilityListener::IoctlCallback+0xf
    02c2f8ec 77883965 02c2f950 056c19e0 0ac95138 ntdll!RtlpTpWaitCallback+0x8f
    02c2f914 77882bff 02c2f950 0ac95198 272976b1 ntdll!TppWaitpExecuteCallback+0xfe
    02c2fa44 766cd309 00371588 02c2fa90 778815e3 ntdll!TppWorkerThread+0x545
    02c2fa50 778815e3 00371588 27297665 00000000 kernel32!BaseThreadInitThunk+0xe
    02c2fa90 778815b6 77882970 00371588 00000000 ntdll!__RtlUserThreadStart+0x23
    02c2faa8 00000000 77882970 00371588 00000000 ntdll!_RtlUserThreadStart+0x1b


    STACK_COMMAND:  ~6s; .ecxr ; kb

    SYMBOL_STACK_INDEX:  2

    SYMBOL_NAME:  mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+30

    FOLLOWUP_NAME:  MachineOwner

    MODULE_NAME: mshtml

    IMAGE_NAME:  mshtml.dll

    DEBUG_FLR_IMAGE_TIMESTAMP:  4eb23281

    FAILURE_BUCKET_ID:  NULL_CLASS_PTR_DEREFERENCE_c0000005_mshtml.dll!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus

    BUCKET_ID:  APPLICATION_FAULT_NULL_CLASS_PTR_DEREFERENCE_INVALID_POINTER_WRITE_mshtml!CNetworkManager::CNetworkAvailabilityListener::UpdateStatus+30

    WATSON_IBUCKET:  -1508654592

    WATSON_IBUCKETTABLE:  1

    WATSON_STAGEONE_URL:  http://watson.microsoft.com/StageOne/iexplore_exe/8_0_6001_19170/4eb21c98/ntdll_dll/6_0_6002_22742/4ec3deab/c0000005/0003dd4d.htm?Retriage=1

    Followup: MachineOwner
    ---------------------------------------------------------------------------------------------------------------------------


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Saturday, February 18, 2012 5:34 AM
  • So I was incorrect when I said that disabling AV did not solve the issue. Just disabling AV still leaves some stuff in memory. After disabling all AV services & restarting the computer IE no longer crashes. Obviously that is not a solution so I am troubleshooting it from that angle now.

    I am using CA eTrust ITM (AV & PestPatrol) version 8.1.637.0.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Thursday, February 23, 2012 5:14 PM
  • After disabling all AV services & restarting the computer IE no longer crashes. Obviously that is not a solution so I am troubleshooting it from that angle now.

    I am using CA eTrust ITM (AV & PestPatrol) version 8.1.637.0.


    You could report this to them now without getting as much fingerpointing as you would if all you had was a hunch that they were involved.

    In fact, that gives the idea of uninstalling and reinstalling, especially since  IE  was recently updated.   E.g. perhaps some third-party hooks need to be reset in the new environment?


    Good luck

    Robert
    ---

    Friday, February 24, 2012 12:42 AM
    Answerer
  • Patrick,

    I have the same AV and the same problem. If I disabled all AV services, I confirm, IE no longer crashes!

    I you find solution about that, please reply and vise versa.

    P.S. Install Total Defense R12 is really not a solution!

    Friday, February 24, 2012 2:54 PM
  • Good to hear I'm not the only one having this issue.


    Patrick Hoban
    http://patrickhoban.wordpress.com


    Friday, February 24, 2012 6:59 PM
  • I found a related post on a Swedish forum (http://www.itproffs.se/forum/Topic211535.aspx). Apparently CA is aware of it & working on a patch. A workaround mentioned in that forum was the following:
    1. Open regedit
    2. Go to HKLM\SOFTWARE\ComputerAssociates\ITMRT\HHK
    3. Delete iexplore.exe
    4. Restart IE

    I will test this evening.

    I have also found that setting the website to compatibility mode is a workaround as well.

    I'd be curious what sites consistently produce the error. For me, if I go to www.usatoday.com & click the Sports link IE crashes every time.


    Patrick Hoban
    http://patrickhoban.wordpress.com


    Friday, February 24, 2012 7:05 PM
  • HHK is a REG_MULTI_SZ value. However it seems that value does not exist on any servers, clients only.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Sunday, February 26, 2012 6:36 AM
  • On my Terminal Servers, if I stop the "CA Pest Patrol Realtime Protection Service", log off then log back on, IE no longer crashes. If I start the service, IE starts crashing again after a few minutes.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Monday, February 27, 2012 4:18 PM
  • As a test, if you disable only the PestPatrol service, log off then log on, does IE stop crashing? Can you reproduce it by going to www.usatoday.com & clicking the Sports link?

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Tuesday, February 28, 2012 5:11 PM
  • We have a case open with CA but since they have sold this product off they aren't very motivated to help. We are going to keep pushing them.

    Looks like there hasen't been any activity on this other forum in a while as well. (http://www.itproffs.se/forum/Topic211535.aspx)


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Tuesday, February 28, 2012 5:13 PM
  • We are running Windows 7 with IE9 and CA eTrust ITM (AV & PestPatrol) version 8.1.655 in a domain.

    I just wanted to let you know our findings, as we have been experiencing this exact issue for the last 3-4 weeks. We have support cases currently open with both CA and Microsoft.

    We find that a revealing test to conduct is to remove a machine encountering the problem from the domain. In our case we were not able to reproduce the IE crashing issue on a machine outside of our domain.

    Simply re-joining the machine object to the domain allowed us to immediately reproduce the issue.

    I wonder if others among you could try this out and post the results.

    Another website to use, in order to crash IE in your tests is, www.worldradio.ch then click on programmes and then kids in mind

    BTW - Do "gpupdate /force" both with user and admin accounts and restart the machine after each test (don't know why, but seems to ensure that the problems is easily reproduce-able)

     

    Tuesday, March 6, 2012 2:48 PM
  • Having the same issue...   Was discussing it in the here:  http://social.technet.microsoft.com/Forums/en-US/ieitprocurrentver/thread/90f43b70-8589-4273-9895-eedf52df78b5

    Whatever the incompatibility is, it was introduced in the Cumulative Security Update dated April 12th, 2011 (MS11-018, KB2497640)...  If you wanted to go back to an unpatched IE, the Cumulative Security Update dated Feb 8th, 2011 (MS11-003, KB2482017) is the last one that appears to be fully compatible with eTrust ITM until it gets patched. 

    I don't recommend this, but it's more info for you guys to chew on...

    Just a guess - I suspect that this has been going on for a while, but only recently did a signature update start picking up more mainstream tracking cookies (like facebook?)...  And then whamo.   Suddenly a small benign isolated issue that has happened for a while becomes a prevolent issue for those still running this software.


    Ethan


    • Edited by nanunanu Tuesday, March 6, 2012 3:20 PM
    Tuesday, March 6, 2012 3:18 PM
  • I confirm that going to www.worldradio.ch then click on programmes and then kids in mind then clicking on a link on that page crashes IE.

    I will try to test removing a computer from the domain when I can.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Tuesday, March 6, 2012 4:07 PM
  • I'm going to try and move things along with CA with the help of one of my colleagues. Would anyone be willing to post their CA issue number, in order that I have a bit more leverage. We can also view each others issue numbers on the CA site.

    Wednesday, March 7, 2012 10:11 AM
  • Tested the HHK key and can confirm it works.

    Thing is, I cant seem to find a policy in the admin console that I can use to remove this setting...

    Wednesday, March 7, 2012 10:56 PM
  • Alan:  I don't think that is an option they intended for you to modify...

    I have experienced issues with several tools that I use when it comes to setting multi_sz keys, so I wound up making the change on one PC, and exporting the registry key and just merging that with a batch script that calls regedit /s for the .reg file that I created.  I'm using a 3rd party tool (scriptlogic) to do it only once per desktop pc that is a domain member (so if a subsequent update modifies that key, it won't get overwritten again unless I want it to) and to run as an administrator account with permissions to modify HKLM keys.

    Quick and dirty, but it works.


    Ethan


    • Edited by nanunanu Thursday, March 8, 2012 5:36 PM
    Thursday, March 8, 2012 5:35 PM
  • I'm letting my "fixed" pc sit over the weekend to see if a DAT update overwrites it. Shame its not a policy setting change though, would have made life easier.
    Friday, March 9, 2012 4:17 AM
  • I'm working on getting this info. The more of us that make noise with them the better.

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, March 9, 2012 6:18 PM
  • I got a response back from CA on this. I only consider this a work around but it appears to be working.

    1. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ITMRT.
    2. Double click HookExclude.
    3. Add MSHTML.dll to the bottom of the list.
    4. Close regedit.
    5. Close all browser windows.
    6. No reboot needed.

    So far it seems to be working. Again the test I have been using is clicking the Sports link on usatoday.com. I'd be interested in the results everyone else gets.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, March 9, 2012 9:18 PM
  • Hi,

    Try recovering the ntdll.dll file. I guess that's the corrupt file. If that doesn't work I would try to reinstall IE8. Also try resetting the IE8 settings.

    Hope this helps.


    Preveen

    Friday, March 9, 2012 10:22 PM
  • Thank you for your suggestion however that's not the issue.

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Friday, March 9, 2012 11:36 PM
  • I got a response back from CA on this. I only consider this a work around but it appears to be working.

    1. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\ITMRT.
    2. Double click HookExclude.
    3. Add MSHTML.dll to the bottom of the list.
    4. Close regedit.
    5. Close all browser windows.
    6. No reboot needed.

    So far it seems to be working. Again the test I have been using is clicking the Sports link on usatoday.com. I'd be interested in the results everyone else gets.


    Patrick Hoban
    http://patrickhoban.wordpress.com

    Awesome! No reboot is a better option then the HHK key which seemed to require one.

    Tested it and it seems to be working well.

    Just on the HHK key.... No changes have been made from DAT updates since last week, so I'd assume the Hook Exclude key will behave in the same way.

    • Proposed as answer by Aravindaiud Friday, August 2, 2013 1:10 AM
    Monday, March 12, 2012 11:44 PM
  • here is a vbscript to fix it...  I've written it in functions so i can use for other stuff if I ever need too... Its in my nice and messy coding style, so apologies in advance.

    Dim oShell
    Const HKEY_LOCAL_MACHINE = &H80000002
    
    Set oShell=WScript.CreateObject("WScript.Shell")
    
    If SearchMulti("mshtml.dll","HKLM\Software\ComputerAssociates\ITMRT\HookExclude") = 0 Then
    
    	WScript.Echo "needle not found"
    	AddMulti "mshtml.dll",HKEY_LOCAL_MACHINE,"SOFTWARE\ComputerAssociates\ITMRT","HookExclude"
    	listMulti "HKLM\Software\ComputerAssociates\ITMRT\HookExclude"
    Else
    	WScript.Echo "Needle found"
    End If
    
    
    
    Function SearchMulti(strItem,strReg)
    	Dim strResult,arrMulti,i
    	strResult=False
    	
    	arrMulti=oShell.RegRead(strReg)
    	
    	For Each i In arrMulti
    	
    		If lcase(i) = LCase(strItem) Then
    			strResult=True
    		End If
    	
    	Next
    
    SearchMulti=strResult	
    End Function
    
    Sub AddMulti(strItem,strHive,strRegPath,strReg)
    	Dim oWmiReg,arrDimension,arrMulti
    		
    	'initialise oWMI so we can do Multi_SZ	
    	Set oWmiReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\default:stdRegProv")
    	
    	'Get Original Array from Registry
    	oWmiReg.GetMultiStringValue strHive,strRegPath,strReg,arrMulti
    	
    	'Get Upper boundry of array and add an extra field to it
    	arrDimension=ubound(arrMulti)+1
    	'Increase Array Size
    	ReDim Preserve arrMulti(arrDimension)
    	'add strItem to array
    	arrMulti(arrDimension)=strItem
    		
    	oWmiReg.SetMultiStringValue strHive,strRegPath,strReg,arrMulti
    	
    
    End Sub
    
    Sub listMulti(strReg)
    
    	Dim arrMulti,i
    	
    	arrMulti=oShell.RegRead(strReg)
    	
    	For Each i In arrMulti
    	
    		WScript.Echo i
    	
    	Next
    
    
    
    End Sub
    

    Tuesday, March 13, 2012 1:04 AM
  • UPDATE - CA recommends that you NOT add iexplore.exe to the HHK key as that could leave you vulnerable. Until they come up with a fix use the HookExclude key mentioned in this thread.

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Tuesday, March 13, 2012 2:01 AM
  • UPDATE - CA recommends that you NOT add iexplore.exe to the HHK key as that could leave you vulnerable. Until they come up with a fix use the HookExclude key mentioned in this thread.

    Patrick Hoban
    http://patrickhoban.wordpress.com

    Tuesday, March 13, 2012 2:02 AM
  • have any symantec software installed if yes try to disable it and give a try.

    shantanu

    Tuesday, March 13, 2012 8:34 AM