My SBS 2000 server has been crashing every 4 to 5 days since installation of avast. My other servers are not having any issues.
Here is the contents of the Memory.dmp file (I have 4 different files from each crash all are the same).
Debugging Details:
*** ERROR: Module load completed but symbols could not be loaded for aswMon.SYS
*** ERROR: Symbol file could not be found. Defaulted to export symbols for aswCmnB.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for aswEngin.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for Aavm4.dll -
*** Your debugger is not using the correct symbols ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: kernel32!pNlsUserInfo ***
*** Your debugger is not using the correct symbols ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** Type referenced: kernel32!pNlsUserInfo ***
EXCEPTION_RECORD: be6e4828 – (.exr 0xffffffffbe6e4828)
ExceptionAddress: bee30fa3 (exifs!ExifsSetFileInfomationInCache+0x00000027)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 00000000
Attempt to read from address 00000000
CONTEXT: be6e4480 – (.cxr 0xffffffffbe6e4480)
eax=00000000 ebx=e411b1c0 ecx=00000000 edx=e411b008 esi=87f2e768 edi=873faae8
eip=bee30fa3 esp=be6e48f0 ebp=be6e4904 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010282
exifs!ExifsSetFileInfomationInCache+0x27:
bee30fa3 ff30 push dword ptr [eax] ds:0023:00000000=???
Resetting default scope
DEFAULT_BUCKET_ID: NULL_DEREFERENCE
PROCESS_NAME: aswServ.exe
ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.
READ_ADDRESS: 00000000
BUGCHECK_STR: 0x27
LAST_CONTROL_TRANSFER: from bee31b51 to bee30fa3
STACK_TEXT:
be6e4904 bee31b51 873faae8 00000000 873fab68 exifs!ExifsSetFileInfomationInCache+0x27
be6e4938 bee3ea78 e3fae2b8 e411b008 bee4fbc0 exifs!MRxIfsSetFileInformation+0x1c5
be6e4944 bee4fbc0 873faae8 00000004 e411b008 exifs!RxpSetInfoMiniRdr+0x5a
be6e498c bee5101b 873faae8 bee50dd4 873faae8 exifs!RxSetBasicInfo+0x54
be6e49dc bee3e077 873faae8 87f6b988 bee462e0 exifs!RxCommonSetInformation+0x247
be6e4a70 bee4cfcb bee462e0 87537e06 87537f58 exifs!RxFsdCommonDispatch+0x2de
be6e4a9c bee31fea 889a8028 87537e06 872e10a8 exifs!RxFsdDispatch+0x93
be6e4ab8 8041eecb 889a8028 00537ee8 87537f7c exifs!MRxIfsFsdDispatch+0x56
be6e4acc bea22c09 87de0940 87537ee8 87537ee8 nt!IopfCallDriver+0x35
WARNING: Stack unwind information not available. Following frames may be wrong.
be6e4ba0 bea1d538 87de0940 87537ee8 8041eecb aswMon+0x5c09
be6e4ccc bea1ff27 00000630 08e5a22c 08e5a204 aswMon+0x538
be6e4d48 80468389 00000630 08e5a22c 08e5a204 aswMon+0x2f27
be6e4d48 77f88c97 00000630 08e5a22c 08e5a204 nt!KiSystemService+0xc9
08e5a1e4 7c5869b7 00000630 08e5a22c 08e5a204 ntdll!NtSetInformationFile+0xb
08e5a234 64084cae 00000630 00000000 08e5a258 KERNEL32!SetFileTime+0x70
08e5a264 64084ce4 04c21e80 08e5a2b0 64081475 aswCmnB!CGenericFile::RestoreFileTime+0x66
08e5a28c 642a863d 04c21e80 04c21e88 08e5a401 aswCmnB!CGenericFile::_Close+0x2b
08e5a368 642a876f 04c21e80 08e5a3b4 00000000 aswEngin!avfilesScanReal+0x32c4
08e5a418 642a0fdb 04c21e80 08e5a444 00000000 aswEngin!avfilesScanReal+0x33f6
08e5a474 65012ea2 04c21e80 001581c4 08e5b94c aswEngin!avfilesScanRealW+0xc3
08e5b984 65013191 00000008 001581c4 001589d4 Aavm4!AavmSetDataRefreshRate+0xf9b
08e5b9b0 6500fd3e 80000008 001581c4 001589d4 Aavm4!AavmSetDataRefreshRate+0x128a
08e5ba24 65012348 80000008 001581c4 001589d4 Aavm4!AavmFormatExResName+0xc4e
08e5c4e8 650052eb 001581b0 08e5f6ec 001589d4 Aavm4!AavmSetDataRefreshRate+0x441
08e5ffb4 7c57b3bc 00158198 77f86754 77f8670c Aavm4!AavmWhsRemoveNotification+0x4c8
08e5ffec 00000000 65004faa 00158198 00000000 KERNEL32!BaseThreadStart+0x52
FOLLOWUP_IP:
exifs!ExifsSetFileInfomationInCache+27
bee30fa3 ff30 push dword ptr [eax]
SYMBOL_STACK_INDEX: 0
SYMBOL_NAME: exifs!ExifsSetFileInfomationInCache+27
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: exifs
IMAGE_NAME: exifs.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 40ca6e2f
STACK_COMMAND: .cxr 0xffffffffbe6e4480 ; kb
FAILURE_BUCKET_ID: 0x27_exifs!ExifsSetFileInfomationInCache+27
BUCKET_ID: 0x27_exifs!ExifsSetFileInfomationInCache+27