This is a very strange problem but rather long, so please bear with me.
This is on a NEW server 2003 R2 terminal server with all the latest patches. By new I mean one week old. And no, it does not have any viruses or maleware. I have run both types of scans and everything reports clean.
What is happening is that whenever anyone with admin rights logs in through RDP/terminal server We get the following in succession in the event viewer:
Source: Application Error
Event ID: 1000
Description: Faulting application explorer.exe, version 6.0.3790.3959, faulting module kernel32.dll, version 5.2.3790.4480, fault address 0x0000bef7.
Event ID: 4097
Description: The application, C:\WINDOWS\Explorer.EXE, generated an application error The error occurred on <date> @ <time> The exception generated was 800000001 at address 77EF4BEF7 (kernel32! RaiseException)
Event ID: 1002
Description: The shell stopped unexpectedly and Explorer.exe was restarted.
These come up within three seconds from the first to the third message. The user has to click on Close button on two different Windows Explorer error boxes. After these messages go past, everything seems fine. I am very leery of letting this one slide by, I am just wondering if it is a sign of some bigger problem.
By the way, every night I have a program that will automatically reboot this server and logon with an admin equivalent user and I get these errors not only on the console but also whenever an admin equivalent user logs on through terminal services.
This is a production server so I cannot up and reboot anything during the day. It has to be done after hours.