This is a
wonderful example of how BIG WEAPONS (Filemon in this case) should only be handled by those who know HOW TO OPERATE THEM. First, let me say "no offense" - I certainly don't want to sound offensive.
OK, here's what's going on here: the magic phrase
Buffer Overrun has become very popular among the computer people, both pros and BFU's, in the last couple of years. It almost sounds like some sort of ancient cause of all problems computers are having. Very few people realize that a buffer overrun by itself is not something bad - it really just means that a something does not fit to a piece of memory which was allocated for it. Not necessarily a problem, especially taking into account that many Windows functions accept buffer size of zero bytes, which is taken as an indication that the REAL size of the buffer is requested, instead of the actual data to be filled to the buffer.
Well, thinking about it a bit more - it's probably hard to explain this to a non-programmer, but the moral is: interpret filemon's output only if you know what it means. Filemon dumps (especially the parts in the last columns) are intemately related to how the system works and IMHO cannot be correctly understood by someone who really doesn't know how the system API's are called and what their arguments really mean.
Anyway, to get back to the original topic: are you saying that ashServ.exe IS running, but clicking on the tray icon still yields the "AAVM RPC Error"? What if you wait for a couple of minutes? Still the same?
Thanks
Vlk