Problem with server file system filter driver???

Hi! We are having a strange problem on our MS 2K Std Server as described exactly in MS support article 830265 (http://support.microsoft.com/?kbid=830265). I followed all directions supplied in the article to no avail, but when I disable Avast On-Access scanner - bingo, no errors. The article claims that the problem may be due to a filter driver issue. Any ideas? At the moment the antivirus is disabled, but this is obviously not the ideal situation…

The KB article describes a number of symptomps. Do you suffer from all of those, or just some? (in that case, which ones?)

Is there any other low-level software installed on that machine? E.g. an online backup software? Has there ever been a different AV product installed on that machine (that might have been incompletely uninstalled)?

Thanks

Yes, we are suffering from all symptoms described, which is why I’m fairly sure the problem lies here.

Yes to both questions, too. Veritas was installed and I found and deleted the driver as instructed (we do not use veritas any more so it is no problem getting rid of it). I have confirmed that the driver has been deleted and restarted. I’m sure it has something to do with that. There had been another antivirus before yours (I don’t remember which it was, but it was uninstalled through the control panel). Any ideas how I can find what else may be conflicting with avast!?

Please use the Drivers.exe utility to get a list of loaded drivers
http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/drivers-o.asp

Post the list and I’ll try to identify which drivers might be causing the problem (and if they are not in use by any program any more, we can then try to deactivate them).

Thanks
Vlk

Thanks! I’ve attached it as an jpeg, but if you want it in the post I can scan and OCR it.

Hmm, I don’t really see any suspicious entries there, but it’s possible I missed something because the jpeg not very easy to read. Do you think you could post it in a text version? Just redirect the output of the drivers.exe program to a file, such as

drivers.exe > drvlist.txt

Thanks
Vlk

Sure thing:

ModuleName Code Data Bss Paged Init LinkDate

ntoskrnl.exe 447040 97664 0 780672 140544 Fri Mar 05 12:44:35 2004
hal.dll 25952 6048 0 16544 10272 Wed Nov 29 15:34:07 2000
BOOTVID.DLL 5664 2464 0 0 320 Thu Nov 04 12:24:33 1999
ACPI.sys 92096 9024 0 43520 4448 Thu Oct 26 06:59:00 2000
WMILIB.SYS 512 0 0 1152 192 Sun Sep 26 04:36:47 1999
pci.sys 12864 1536 0 31456 4640 Fri Mar 02 11:38:34 2001
isapnp.sys 14368 832 0 22944 2272 Mon Aug 28 15:40:00 2000
pciide.sys 672 32 0 0 128 Mon Aug 28 15:39:25 2000
PCIIDEX.SYS 4544 480 0 10944 1632 Mon Aug 28 15:39:25 2000
MountMgr.sys 1088 32 0 23072 2240 Wed Feb 11 06:47:53 2004
ftdisk.sys 4640 32 0 95072 3392 Tue Nov 23 06:36:23 1999
Diskperf.sys 1728 32 0 2016 1088 Fri Oct 01 10:30:40 1999
dmload.sys 2848 64 0 0 608 Mon Aug 28 15:42:29 2000
dmio.sys 105568 15168 0 0 2752 Mon Aug 28 15:42:30 2000
PartMgr.sys 576 0 0 6656 1376 Fri Oct 15 10:59:16 1999
atapi.sys 42752 3392 0 21952 8128 Fri Sep 15 12:18:07 2000
sym_895a.sys 15264 2496 0 0 640 Tue Feb 01 09:19:21 2000
SCSIPORT.SYS 22464 384 0 35360 4672 Sat Nov 11 13:52:30 2000
aar1210.sys 206432 8032 0 0 544 Sat Mar 15 12:19:06 2003
AACMgt.sys 29184 33504 0 0 2880 Sat Apr 26 04:09:41 2003
disk.sys 9088 224 0 10368 4672 Wed Nov 15 11:56:32 2000
CLASSPNP.SYS 14464 64 0 11136 2368 Mon Aug 28 15:39:18 2000
Dfs.sys 14208 9536 0 40704 3104 Thu Mar 08 13:42:37 2001
KSecDD.sys 22592 6752 0 33216 1984 Sun Sep 21 10:32:19 2003
Ntfs.sys 74400 5888 0 415520 12704 Tue Jan 16 10:05:38 2001
NDIS.sys 12032 1344 0 124992 5440 Sat Jan 20 09:24:41 2001
viaagp.sys 5664 32 0 12320 1024 Wed Aug 30 08:43:35 2000
Mup.sys 6624 6688 0 62240 3168 Fri Mar 15 08:07:26 2002
VIDEOPRT.SYS 6272 96 0 30976 4192 Mon Aug 28 15:42:43 2000
atimpab.sys 10912 9664 0 40224 1440 Thu Nov 11 10:34:06 1999
i8042prt.sys 10176 224 0 21472 3584 Sat Apr 14 11:50:05 2001
kbdclass.sys 6944 928 0 6848 3776 Wed Oct 27 09:12:37 1999
mouclass.sys 6208 896 0 5184 3648 Sat Oct 02 09:33:11 1999
fdc.sys 18080 256 0 320 3840 Tue Oct 12 08:29:20 1999
parport.sys 16512 480 0 288 1824 Mon Aug 28 15:42:36 2000
serial.sys 8736 256 0 31456 9408 Tue Jan 16 19:47:59 2001
serenum.sys 2016 32 0 7488 1344 Wed Oct 20 08:36:55 1999
cdrom.sys 17568 64 0 3904 2336 Thu Oct 28 09:46:36 1999
USBD.SYS 7488 544 0 6976 1312 Sat Nov 04 13:16:35 2000
uhcd.sys 24000 128 0 3232 1728 Sat Nov 04 13:24:03 2000
TAPE.SYS 4608 0 0 1856 1312 Fri Oct 22 05:34:06 1999
4mmdat.sys 8288 32 0 0 192 Thu Oct 12 07:39:21 2000
e100bnt5.sys 72192 3072 0 0 2048 Thu May 04 09:39:27 2000
audstub.sys 0 0 0 416 320 Sun Sep 26 04:35:33 1999
rasl2tp.sys 44288 416 0 0 2432 Tue Nov 30 18:09:07 1999
ndistapi.sys 4544 96 0 0 1344 Wed Oct 13 09:54:43 1999
ndiswan.sys 70688 2208 0 0 7456 Tue Jan 16 08:28:50 2001
TDI.SYS 9344 320 0 288 1344 Sat Apr 07 10:35:56 2001
raspptp.sys 38976 832 0 0 1920 Wed Oct 02 09:55:16 2002
ptilink.sys 12896 160 0 0 1248 Mon Aug 28 15:42:38 2000
raspti.sys 11136 608 0 0 2144 Sat Oct 09 06:45:10 1999
parallel.sys 47872 2080 0 384 2432 Thu Jun 21 07:43:05 2001
rdpdr.sys 36544 3872 0 71040 7424 Mon Oct 04 05:58:22 1999
ks.sys 22944 64 0 70112 4032 Tue Nov 30 19:51:38 1999
swenum.sys 256 0 0 576 576 Sun Sep 26 04:36:31 1999
update.sys 544 32 0 120960 800 Sat Mar 31 12:01:01 2001
flpydisk.sys 1696 1184 0 11232 2016 Tue Sep 28 13:47:21 1999
usbhub.sys 14432 320 0 18688 2112 Wed Feb 07 13:13:52 2001
NDProxy.SYS 31392 2080 0 0 2432 Fri Oct 01 09:25:35 1999
EFS.SYS 15488 4960 0 384 2688 Mon Aug 28 15:42:24 2000
Fs_Rec.SYS 32 96 0 3232 1504 Sun Sep 26 04:39:38 1999
Null.SYS 0 0 0 256 416 Sun Sep 26 04:34:58 1999
Beep.SYS 1088 0 0 0 736 Thu Oct 21 08:18:59 1999
vga.sys 224 0 0 10144 960 Sun Sep 26 04:37:40 1999
mnmdd.SYS 32 0 0 1664 320 Sun Sep 26 04:37:40 1999
Msfs.SYS 480 32 0 14592 1632 Wed Oct 27 09:21:32 1999
Npfs.SYS 6496 192 0 21344 3200 Sun Oct 10 09:58:07 1999
rasacd.sys 3584 288 0 288 1120 Sun Sep 26 04:41:23 1999
tcpip.sys 232352 28480 0 26112 18592 Sat Mar 31 05:25:41 2001
msgpc.sys 28224 1280 0 448 1024 Tue Nov 30 18:37:21 1999
wanarp.sys 19584 800 0 3456 2528 Sun Oct 31 09:36:06 1999
aswTdi.SYS 22272 5568 0 0 1440 Sat Dec 03 01:03:27 2005
netbt.sys 98304 1504 0 31232 5536 Sat May 05 05:58:50 2001
netbios.sys 14528 704 0 11616 2304 Wed Oct 13 05:34:19 1999
rdbss.sys 27776 2016 0 86848 8032 Tue Jan 16 18:30:34 2001
mrxsmb.sys 91648 21888 0 237344 10016 Tue Jan 16 19:35:01 2001
Aavmker4.SYS 11520 3680 0 0 1280 Sat Dec 03 01:01:32 2005
dump_diskdump.sys 0 0 0 0 0
dump_sym_895a.sys 0 0 0 0 0
win32k.sys 1536000 55616 0 0 19008 Fri Mar 05 12:50:14 2004
atidrab.dll 121760 7200 0 0 928 Tue Nov 30 20:31:17 1999
nbf.sys 84128 288 0 7520 3552 Sun Sep 26 05:16:47 1999
afd.sys 8128 1568 0 95552 6656 Sat Jan 20 09:06:27 2001
ParVdm.SYS 1312 32 0 0 2080 Tue Sep 28 13:28:16 1999
srv.sys 40480 7808 0 164320 7456 Thu Oct 31 14:45:10 2002
aswMon.SYS 27136 48000 0 0 2464 Sat Dec 03 01:06:00 2005
Fips.SYS 16672 672 0 11296 896 Wed May 10 01:28:29 2000
termdd.sys 22432 672 0 3104 3328 Fri Nov 17 12:37:29 2000
Cdfs.SYS 5536 608 0 45664 4128 Tue Oct 26 05:23:52 1999
Fastfat.SYS 7616 992 0 111680 7840 Wed Jan 03 03:53:33 2001
TDTCP.SYS 13216 96 0 0 1632 Sun Sep 26 04:41:38 1999
ipsec.sys 50592 1600 0 2592 2816 Sat Apr 14 05:01:34 2001
RDPWD.SYS 79136 352 0 0 1184 Thu Jan 22 06:50:25 2004
pscript.dll 0 0 0 0 0
NTDLL.DLL 307200 12288 0 16384 0 Wed Mar 24 13:16:59 2004

   Total 4657856  451968       0 3162848  436544

Any ideas, guys?

heloooooo…

Sorry I’m still researching this but so far no idea… :-\

thanks VLK. Thought you had forgotten me!

Any news? We’ve been running without an antivirus on the server now for a while. Getting a bit nervous…

First, let me apologize for the delay. :-\

The fact is, I’m still not sure what may be causing this mysterious problem. I went through the list of drivers loaded on the server, and didn’t find ANYTHING suspicious at all. In fact, it’s almost suspicious how clean the listing is - it’s like it was a freshly installed machine…

I have one more question: so, right now, there’s no backup software installed on the server? You said BackupExec USED TO be there, but isn’t anymore? Or any other similar program?

Also, could you please ZIP the whole \windows\system32\drivers directory and upload it to ftp://ftp.avast.com/incoming ? (please note that you won’t have READ access to the ftp server, just write - so you want be even able to see what you just uploaded).

Thanks
Vlk

Thanks for the reply, Vlk. We use NTBackup at the moment. Crappy on @k server because there is no Shadow copy, but it does the job. There is also a custom database program that the client uses (real-estate software). I’ll see if I can get any information on it for you. Anything in particular I should ask the software developper? I will upload the driver directory for you now.

Thanks again for your help. Shame you couldn’t make it to Oz… We’ll have to party on without you :wink:

Uploading now. Filename = drivers sp00k for Vlk.zip

Any news on this one, vlk? I have since tried restarting the avast realtime scanner a couple of times. seems to work for a day or two before problems start again… Do you have any idea what I could do (short of installing a different AV - which i wouldn’t dare think of!!!)

BTW, met your colleagues today at ceBIT Australia. good to put faces to names. shame you couldn’t make it here (maybe next time!)

Hellooo!

VLK, can you at least give me some indication you are looking into this or have seen my updated posts. This issue has been going on for so long, I am going to have to put a different antivirus on soon.

Please let me how I as a reseller of Avast can tell him the Avast server licence he bought cannot work… Will you guys refund the money if we can’t get this working?