Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: I get the BSOD when I reboot and I am asked to do system restore!

16 Jul 2010   #1
05dgarner

Windows 7 ultimate 64-bit
 
 
I get the BSOD when I reboot and I am asked to do system restore!

A while I go I downloaded a file called "XBox 360 Points Generator" which was a virus, I then try to delete it at its location(My documents> System 32) and I get an error message saying "The action can't be completed because the file is open in Microsoft library content", so I open up Windows Task Manager and end the process and delete it. I then do a system reboot and I get the blue screen of death, it then gives me the option to do "system repair", so I click it and it brings up system restore, which I used. Then I reboot the computer and everything works normally, but the file I deleted, is now back where it was. Now if I delete the file, or leave it alone, I get the BSOD again, and this entire process gets repeated.

Also, for some strange reason, my Restore points only date back to after I downloaded the file, not before.

Btw, if I look at the file and go to the "Details section" then look at "Original File name" it says STM.exe, which according to several websites, is a adware or spyware.
I also have a trial version of Norton Antivirus 2010 which picks up nothing with a full system scan or using "Norton file insight".

*UPDATE*
The file and the process are no longer there, but I am still getting the "Blue screen of death" everytime I start my pc and I am then forced to do a"System Restore" . I cant do a "System Restore", before the date I downloaded the file and messed up my pc, because, there is no restore points before then.

If anyone has any ideas, please respond.


My System SpecsSystem Spec
.
16 Jul 2010   #2
drum4life2death

Windows 7 Ultimate x64
 
 

Try These two apps. I'm not sure if I'm supposed to put links on here or not but, these are both awsome freeware apps. They've nuked everything for me so far. Getting those kinds of spyware/bots off your system is a long, painful task. I know. I've wiped my whole computer clean at least once or twice over that. Try these...Malwarebytes.........& this..........SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!...just get the free version of the second one. Install and run. Should do the trick...
My System SpecsSystem Spec
17 Jul 2010   #3
Harvey Meale

Windows 7 Home Premium 32-bit, BackTrack 4, Ubuntu
 
 

Hi, 05dgarner.

It seems as though you've fallen victim to some cruel maliciousness. Run the above scans and reply with the MBAM log. How long ago did this start to happen? I'd try restoring again, but ensure that the restore point is before the time at which these occurrences started happening. Of course, only do this if your malware scans prove ineffective.

Thanks,
Harvey Meale
My System SpecsSystem Spec
.

17 Jul 2010   #4
05dgarner

Windows 7 ultimate 64-bit
 
 

Here is the Mbam log, as you can see, I found nothing to describe what is happening. The occurrences started happening when I realised that there was a process running in windows task manager, that wasnt friendly, so I clicked "end process" and then I went to the location and clicked "delete" then, when I started my pc the next morning, all of this mess started happening. I also tried SUPERantispyware and found nothing, except a few tracking cookies .

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Database version: 4322

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17/07/2010 21:48:17
mbam-log-2010-07-17 (21-48-17).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 476280
Time elapsed: 1 hour(s), 47 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\VB and VBA Program Settings\Microwsoft (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
My System SpecsSystem Spec
17 Jul 2010   #5
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Open MBam and this time Be sure that everything is checked, and click Remove Selected.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer -> Anti-malware Tools -> Downloads and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. Using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
My System SpecsSystem Spec
17 Jul 2010   #6
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

What you have ...

W32Autorun.worm.aaaq is a worm which is written in Visual Basic and also uses polymorphic mechanism when executed. It attempts to spread to removable drives by creating an autorun.inf file, which will run the worm automatically, if systems which use the removable drive are set to Autorun

Are you using an infected flash drive?

Download and Run FlashDisinfector

You may have a flash drive infection. These worms travel through your portable drives. If they have been connected to other machines, they may now be infected.
  • Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
    Note: Some security programs will flag Flash_Disinfector as being some sort of malware, you can safely ignore these warnings
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder. It will help protect your drives from future infection.
My System SpecsSystem Spec
17 Jul 2010   #7
05dgarner

Windows 7 ultimate 64-bit
 
 

Quote   Quote: Originally Posted by Jacee View Post
Open MBam and this time Be sure that everything is checked, and click Remove Selected.

Next, download TFC by Old Timer TFC - Temp File Cleaner by OldTimer -> Anti-malware Tools -> Downloads and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. Using Vista/Windows 7 right-click on the file and choose Run As Administrator.

Click the Start button to begin the cleaning process and let it run uninterrupted to completion.

Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.

TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
I followed your information and did everything and when it restarted it worked fine, but the process was still there and so was the file. I clicked "End process" and deleted the file, and was able to find the other file that was in the startup section. I think the problem is solved and I will see in the morning, when I boot my pc up.
My System SpecsSystem Spec
17 Jul 2010   #8
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Okay, let us know
My System SpecsSystem Spec
18 Jul 2010   #9
05dgarner

Windows 7 ultimate 64-bit
 
 

Hey Jacee,
After my last comment, last night, I decided to do two restarts to be sure, on the first one, everything was fine and everything worked, but the file was still running a process, so I clicked "End process" and I deleted it. On the 2nd restart, there was no process or file.

But when I turned my pc on this morning, I got the BSOD and I was asked to do a system restore, when it restarted, there was no file or process happening. I am now going to try the "FlashDisinfector" program you reccomended to me. Many thanks.
My System SpecsSystem Spec
18 Jul 2010   #10
05dgarner

Windows 7 ultimate 64-bit
 
 

Hey Jacee,
The download link for "FlashDisinfector" works, but when I double click the app, nothing happens. I have also tried to run it as an "Administrator", but still, nothing happens. Do you have another download link, for which the app actually works?

*UPDATE*
I restarted my computer to install some updates the the following came up:

http://i839.photobucket.com/albums/z...g?t=1279441312

Is this the program operation I just downloaded?
My System SpecsSystem Spec
Reply

 I get the BSOD when I reboot and I am asked to do system restore!




Thread Tools




Similar help and support threads
Thread Forum
Can I restore 'System Reserved Partion' before reboot?
I think I mistakenly did 'create partion primary' on System Reserved Partion using Diskpart. I was trying to repair a USB stick by using Diskpart. I did a 'create partion primary' without doing a select disk first. I read that if a disk is not selected that Dskpart selects the active/in focus...
General Discussion
PC hangs on reboot after system restore and Windows 7 64bit update
Yesterday, May 3, 2013, my desktop PC, (custom GB MB build,) hung on reboot with the message that usually displays after an update that requires a reboot: "Please wait while Windows configures your computer." I did a system restore prior to that because my system had slowed to modem speeds while...
Windows Updates & Activation
Third BSOD and system reboot on new build
I have just had the third known bsod on this new PC build. running Win7 Ultimate 64bit.
BSOD Help and Support
After system restore, computer reboot loop problem
Hi All, New here & 1st post. My laptop crashed on shut down. When I turned it on again, it took me to system recovery and started reinstalling everthing. I left it to run overnight. In the morning, I was presented with a logon screen to select the users. There are two, one is administrator,...
Installation & Setup
System Restore Points Being Deleted After Reboot
I have had this problem ever since I installed my Windows 7 Ultimate x64. I did a clean install, and everything is perfect, I haven't had problems with the system, but I think it's good to have restore points for the times when, and if, I need it, so I ask for help till it's not too late. I...
Backup and Restore
The way to restore the system after the reboot?
Hi, Is it possible for Windows 7 Ultimate, create a System Restore after restarting the computer? I would add that this may be an option system virtualization through a program. Thank you in advance for your response ...
Backup and Restore


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 19:48.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App