Try explorer's thread degraded mode ...

On any given day that is past say 7 days of uptime, I have 100 - 300 windows open, not kidding, here is a shot of my current task bar
... there shouldn't be anything msft confidential there, at least that
you'd actually be able to read more than 4 or 5 letters of ... I know
by heart I have 41 rows, so that's 204 windows open there ... I turn
off that "group similar taskbar buttons" "feature", and the buttons show
up in order, so a given "job" usually has task buttons around each
other (in fact the last 6 buttons there are for this blog post) ... so what
does this have to do with explorer ...

The basic upshot of this computing lifestyle choice is that my heart
skips a beat and then visceral pain sets in whenever explorer AVs
(Access Violation) ... explorer is what controls the start bar, and
when it restarts the task buttons will be in a random order ... for the
*nix types, this is like your window manager core dumping ... it's
awefulness.

Right so getting to thread degraded mode ... my own term, for when you
simply freeze the AV'd thread in a process, and allow the process to
continue on its merry way. You
can do this because maybe the thread may not be doing something
particularly useful, ergo it is "not a very serious AV", or maybe call
it a "slight AV". The process often (sometimes?) continues to
function.

How to use thread degraded mode:

First, you will have to prepare your machine for initiating thread degraded mode ...

You will need to get a user mode debugger (there may already be a
ntsd.exe in your system32, which should work, but no one uses that anchient one) go get a
good version, which for an x86 box installs from this exe (i think). Install it
to C:\debuggers, everyone else around here seems to.

Navigate to this registry key (read more about it):

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug"

Create registry string (REG_SZ) value with a name of "Debugger" and value of

"C:\debuggers\ntsd -p %ld -g -G -e %ld"

If it already has a value you may want to save it.

You only have to do those steps once, and now you are ready to run in thread degraded mode, if the need should arise.

The next time explorer (or any application) crashes / AVs on you, you
will get an option to debug the process ... select "Debug" or "Yes" or
whatever ... this will open a debugger attached to explorer ( you'll
probably have to alt-tab to find this new debugger window, because the
task bar will be frozen/unresponsive while you debug it ;).

The debugger will open with the AV'ing thread as the current thread, so
use "~f<enter>" (that is a tilde), to freeze this thread.
Then "g<enter>" will let the task bar come back to you
(maybe). At this point you should be praying that the thread you
froze isn't holding any crucial critical sections or locks, and that
things will return to "normal" ... your mileage may vary ... greatly.

It will look like this:
0:008> ~f
0:008> g

After you 'g' it, it will start printing this kind of thing in the debugger ...
System 0: 1 of 84 threads are frozen
System 0: 1 of 84 threads were frozen
System 0: 1 of 84 threads are frozen

That's just explorer letting you know it loves you for not letting go, and putting it on life support.

Oh the crash was in MSN Desktop Search, but I don't fault (intended ;)
them because I'm running the first beta of the software released in Dec
2004, I've heard they've had an update since then.

Anyway, as of approximately 8:20 AM (PST) yesterday (wed) morning, I've been
running in thread degraded mode ... as I finish this post I've got 4
frozen threads ... there were a few more threads with "issues" but I don't
have time to blog about them right yet ...