SBS 2003 crashes to BSOD during ntbackup routine

About 4 weeks ago our fully patched SBS 2003 server which was otherwise performing ok, started to reboot overnight...it appeared to occure during the "ntbackup" routine with a crash report referring to memory problems. After much investigation we could find nothing wrong with the hardware or software so as a last resort we removed Avast Endpoint Protection Suite and initially the server started to perform correctly again. However a few days later it reverted to occasionally failing during the backups. Can anyone tell us what the problem is...below please find minidump analasys...many thanks:

Microsoft (R) Windows Debugger Version 6.11.0001.404 X86
Copyright (c) Microsoft Corporation. All rights reserved.

Loading Dump File [D:\Temp\Minidump\Mini070313-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows Server 2003 Kernel Version 3790 (Service Pack 2) MP (4 procs) Free x86 compatible
Product: LanManNt, suite: SmallBusiness TerminalServer SmallBusinessRestricted SingleUserTS
Built by: 3790.srv03_sp2_qfe.130502-1535
Machine Name:
Kernel base = 0x80800000 PsLoadedModuleList = 0x808a8ee8
Debug session time: Wed Jul  3 20:48:25.096 2013 (GMT+1)
System Uptime: 0 days 21:18:14.363
Loading Kernel Symbols
...............................................................
...................................................
Loading User Symbols
Loading unloaded module list
.
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 1000008E, {c0000005, 80939f8c, ab5f6b14, 0}

Probably caused by : memory_corruption

Followup: memory_corruption
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

KERNEL_MODE_EXCEPTION_NOT_HANDLED_M (1000008e)
This is a very common bugcheck.  Usually the exception address pinpoints
the driver/function that caused the problem.  Always note this address
as well as the link date of the driver/image that contains this address.
Some common problems are exception code 0x80000003.  This means a hard
coded breakpoint or assertion was hit, but this system was booted
/NODEBUG.  This is not supposed to happen as developers should never have
hardcoded breakpoints in retail code, but ...
If this happens, make sure a debugger gets connected, and the
system is booted /DEBUG.  This will let us see why this breakpoint is
happening.
Arguments:
Arg1: c0000005, The exception code that was not handled
Arg2: 80939f8c, The address that the exception occurred at
Arg3: ab5f6b14, Trap Frame
Arg4: 00000000

Debugging Details:
------------------

EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at "0x%08lx" referenced memory at "0x%08lx". The memory could not be "%s".

FAULTING_IP:
nt!ObpLookupObjectName+622
80939f8c 8b4a08          mov     ecx,dword ptr [edx+8]

TRAP_FRAME:  ab5f6b14 -- (.trap 0xffffffffab5f6b14)
ErrCode = 00000000
eax=e1891890 ebx=00000000 ecx=88f00330 edx=00000000 esi=e1891878 edi=e1967030
eip=80939f8c esp=ab5f6b88 ebp=ab5f6bd8 iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00010286
nt!ObpLookupObjectName+0x622:
80939f8c 8b4a08          mov     ecx,dword ptr [edx+8] ds:0023:00000008=????????
Resetting default scope

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  CODE_CORRUPTION

BUGCHECK_STR:  0x8E

PROCESS_NAME:  ntbackup.exe

CURRENT_IRQL:  0

LAST_CONTROL_TRANSFER:  from 8093604e to 80939f8c

STACK_TEXT: 
ab5f6bd8 8093604e 00000000 ab5f6c18 00000040 nt!ObpLookupObjectName+0x622
ab5f6c2c 808ed0b5 00000000 00000000 3a572801 nt!ObOpenObjectByName+0xea
ab5f6ca8 808ee36b 0197f820 00100000 0197f808 nt!IopCreateFile+0x447
ab5f6d04 808f20ab 0197f820 00100000 0197f808 nt!IoCreateFile+0xa3
ab5f6d44 8088b658 0197f820 00100000 0197f808 nt!NtOpenFile+0x27
ab5f6d44 7c82845c 0197f820 00100000 0197f808 nt!KiSystemServicePostCall
WARNING: Frame IP not in any known module. Following frames may be wrong.
0197fa5c 00000000 00000000 00000000 00000000 0x7c82845c

STACK_COMMAND:  kb

CHKIMG_EXTENSION: !chkimg -lo 50 -d !nt
    80939f8d - nt!ObpLookupObjectName+623
 [ 4e:4a ]
1 error : !nt (80939f8d)

MODULE_NAME: memory_corruption

IMAGE_NAME:  memory_corruption

FOLLOWUP_NAME:  memory_corruption

DEBUG_FLR_IMAGE_TIMESTAMP:  0

MEMORY_CORRUPTOR:  ONE_BIT

FAILURE_BUCKET_ID:  MEMORY_CORRUPTION_ONE_BIT

BUCKET_ID:  MEMORY_CORRUPTION_ONE_BIT

Followup: memory_corruption