Hi all, am fixing a friends computer which was full of spyware. Seemed to have cleaned that all up now. Comp is working fine, running games etc with no obvious problems.
The modem reboots the computer the second it dials up and makes the connection. I get the verifying username/password and then connecting. Then the comp reboots.
Error event log shows

Error event

Error code 1000008e, parameter1 c0000005, parameter2 ecb31bd3,
parameter3 f9d1ce58, parameter4 00000000.l

Microsoft send error report shows

BCCode : 1000008e BCP1 : C0000005 BCP2 : ECB31BD3 BCP3 : F9D1CE58
BCP4 : 00000000 OSVer : 5_1_2600 SP : 2_0 Product : 768_1

C:\DOCUME~1\Lisa\LOCALS~1\Temp\WERfff0.dir00\Mini0 41206-01.dmp
C:\DOCUME~1\Lisa\LOCALS~1\Temp\WERfff0.dir00\sysda ta.xml

I have the original and new hijack logs if you think its still spyware related. I can't get it on the net to scan but installed avg and updates, adaware se and updates and ran full scans on them, came up clean.

For starters:

Bug Check 0x8E: KERNEL_MODE_EXCEPTION_NOT_HANDLED
The KERNEL_MODE_EXCEPTION_NOT_HANDLED bug check has a value of 0x(1)0000008E. This indicates that a kernel-mode program generated an exception which the error handler did not catch.

0xC0000005: STATUS_ACCESS_VIOLATION
A memory access violation occurred.

A Common Cause Of The 0xC0000005 Error:

The error 0xC0000005 is generated by an illegal "memory access violation". This can be caused by anything from faulty RAM, an incorrect/corrupt device driver, poorly written/updated software and more commonly under Windows XP Service pack 2, malware/adware installations.

Usually you get this error message when performing a specific task, and if that happens you need to check the corresponding 3rd party's website/support department to see if they are aware of the problem

..a while back Symantec Antivirus caused the 0xC0000005 error with an additional message about a file called SAVRT.SYS . A simple software update to the Symantec Antivirus cured the problem.

http://www.updatexp.com/0xC0000005.html

Does the Symantec connection ring a bell? Seeing the malware connection running a HijackThis by the guys over there might not be a bad idea.

If you want to bring up the whole dump log:


Go to start | search (type in) .dmp
Note the location of your .dmp files.

Then:

1) Download and install the
Debugging Tools from Microsoft
2) Download and install this
debugwiz
3) Open the Wiz & Browse to, or paste in the path to, your .dmp file.
4) After the Wiz creates a Text document attach it back to this thread.

Perhaps it is just the modem drivers?

Thanks Jephree. Downloaded and installed the debugging tools and ran debug wiz. See attached file.
Also ran MS malicious tool and came up clean. Will post hijack logs anyway to be sure.

How are you connected to the modem? Wireless?

If not you can test this: ndisuio.sys is a process belonging to the NDIS User Mode I/O (NDISUIO) NDIS protocol driver which offers support for wireless devices such as Bluetooth and the like.

To disable this file, go to the control panel, administration tools, services, Wireless Zero Configuration, double click and disable it. This file is probably required to run if you use any linksys wireless devices.

No its a standard internal netcomm dial up modem.

Do you know what qapfmsp.exe is?

No I have been unable to identify it, googled for hours with no luck.

Have you tried stopping it from starting?

msconfig

Have you disabled Wireless Zero Configuration?

Ok stopped it from starting and the modem will dial up now and connect but I'm getting page cannot be displayed on everything, no activity lights at all. Beginning to think its still spyware somewhere or something the spyware did?