SBS 2000 Crashing every 4 to 5 days

[hossman12]

My SBS 2000 server has been crashing every 4 to 5 days since installation of avast.  My other servers are not having any issues.

Here is the contents of the Memory.dmp file (I have 4 different files from each crash all are the same).

Debugging Details:
------------------

*** ERROR: Module load completed but symbols could not be loaded for aswMon.SYS
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for aswCmnB.dll -
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for aswEngin.dll -
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for Aavm4.dll -
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

EXCEPTION_RECORD:  be6e4828 -- (.exr 0xffffffffbe6e4828)
ExceptionAddress: bee30fa3 (exifs!ExifsSetFileInfomationInCache+0x00000027)
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000000
Attempt to read from address 00000000

CONTEXT:  be6e4480 -- (.cxr 0xffffffffbe6e4480)
eax=00000000 ebx=e411b1c0 ecx=00000000 edx=e411b008 esi=87f2e768 edi=873faae8
eip=bee30fa3 esp=be6e48f0 ebp=be6e4904 iopl=0         nv up ei ng nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010282
exifs!ExifsSetFileInfomationInCache+0x27:
bee30fa3 ff30            push    dword ptr [eax]      ds:0023:00000000=??
Resetting default scope

DEFAULT_BUCKET_ID:  NULL_DEREFERENCE

PROCESS_NAME:  aswServ.exe

ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

READ_ADDRESS:  00000000

BUGCHECK_STR:  0x27

LAST_CONTROL_TRANSFER:  from bee31b51 to bee30fa3

STACK_TEXT: 
be6e4904 bee31b51 873faae8 00000000 873fab68 exifs!ExifsSetFileInfomationInCache+0x27
be6e4938 bee3ea78 e3fae2b8 e411b008 bee4fbc0 exifs!MRxIfsSetFileInformation+0x1c5
be6e4944 bee4fbc0 873faae8 00000004 e411b008 exifs!RxpSetInfoMiniRdr+0x5a
be6e498c bee5101b 873faae8 bee50dd4 873faae8 exifs!RxSetBasicInfo+0x54
be6e49dc bee3e077 873faae8 87f6b988 bee462e0 exifs!RxCommonSetInformation+0x247
be6e4a70 bee4cfcb bee462e0 87537e06 87537f58 exifs!RxFsdCommonDispatch+0x2de
be6e4a9c bee31fea 889a8028 87537e06 872e10a8 exifs!RxFsdDispatch+0x93
be6e4ab8 8041eecb 889a8028 00537ee8 87537f7c exifs!MRxIfsFsdDispatch+0x56
be6e4acc bea22c09 87de0940 87537ee8 87537ee8 nt!IopfCallDriver+0x35
WARNING: Stack unwind information not available. Following frames may be wrong.
be6e4ba0 bea1d538 87de0940 87537ee8 8041eecb aswMon+0x5c09
be6e4ccc bea1ff27 00000630 08e5a22c 08e5a204 aswMon+0x538
be6e4d48 80468389 00000630 08e5a22c 08e5a204 aswMon+0x2f27
be6e4d48 77f88c97 00000630 08e5a22c 08e5a204 nt!KiSystemService+0xc9
08e5a1e4 7c5869b7 00000630 08e5a22c 08e5a204 ntdll!NtSetInformationFile+0xb
08e5a234 64084cae 00000630 00000000 08e5a258 KERNEL32!SetFileTime+0x70
08e5a264 64084ce4 04c21e80 08e5a2b0 64081475 aswCmnB!CGenericFile::RestoreFileTime+0x66
08e5a28c 642a863d 04c21e80 04c21e88 08e5a401 aswCmnB!CGenericFile::_Close+0x2b
08e5a368 642a876f 04c21e80 08e5a3b4 00000000 aswEngin!avfilesScanReal+0x32c4
08e5a418 642a0fdb 04c21e80 08e5a444 00000000 aswEngin!avfilesScanReal+0x33f6
08e5a474 65012ea2 04c21e80 001581c4 08e5b94c aswEngin!avfilesScanRealW+0xc3
08e5b984 65013191 00000008 001581c4 001589d4 Aavm4!AavmSetDataRefreshRate+0xf9b
08e5b9b0 6500fd3e 80000008 001581c4 001589d4 Aavm4!AavmSetDataRefreshRate+0x128a
08e5ba24 65012348 80000008 001581c4 001589d4 Aavm4!AavmFormatExResName+0xc4e
08e5c4e8 650052eb 001581b0 08e5f6ec 001589d4 Aavm4!AavmSetDataRefreshRate+0x441
08e5ffb4 7c57b3bc 00158198 77f86754 77f8670c Aavm4!AavmWhsRemoveNotification+0x4c8
08e5ffec 00000000 65004faa 00158198 00000000 KERNEL32!BaseThreadStart+0x52


FOLLOWUP_IP:
exifs!ExifsSetFileInfomationInCache+27
bee30fa3 ff30            push    dword ptr [eax]

SYMBOL_STACK_INDEX:  0

SYMBOL_NAME:  exifs!ExifsSetFileInfomationInCache+27

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: exifs

IMAGE_NAME:  exifs.sys

DEBUG_FLR_IMAGE_TIMESTAMP:  40ca6e2f

STACK_COMMAND:  .cxr 0xffffffffbe6e4480 ; kb

FAILURE_BUCKET_ID:  0x27_exifs!ExifsSetFileInfomationInCache+27

BUCKET_ID:  0x27_exifs!ExifsSetFileInfomationInCache+27

Followup: MachineOwner
---------

[pk]

Hello, please ZIP one of your memory.dmp file and upload it to ftp://ftp.avast.com/incoming (note that you won't have READ access to the ftp erver, just write - so you won't even be able to see what you've just uploaded). You don't need to login... thanks!

[hossman12]

I've uploaded the file. MEMORY-10-24-2008.zip

[hossman12]

Any input on what is causing this issue.  It rebooted 3 times on me today.  The only option I have currently is to disable avast.  Please help 

[yoda776]

I am having the same trouble with my Windows 2003 SBS Server - Avast version 4.7 since it was installed the server hangs and checking the event log shows the System log is logging a number of error log events - event id 7011 (Service Control Manager) - Message: Timeout (30000 milliseconds) waiting for a transaction response from the avast! Antivirus service.

It does not matter on time of day or tasks anyone is doing - it just seems to lock up every 5 - 10 days requiring reboot, frustration from users on losing their documents they were working on at the time and me scratching my head! Please help in this matter and I would be happy to help with any info that is required.

I have disabled all of the real time providers down to only the Standard Shield Provider with no luck. I have also gone to Advanced on the Standard scanner to stop it scanning the Exchange folders and certain EXEs relating to Exchange.  Scanning is set to Normal.