Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Can't start Windows Update

  • This topic is locked This topic is locked
2 replies to this topic

#1 FFFan


  • Members
  • 4 posts
  • Local time:11:26 PM

Posted 14 April 2009 - 04:52 AM

I'm having trouble trying to enable my windows automatic update service, when I try to start it I get the following:

Error 1054: A thread could not be created for this service.

Here is my Hijack this logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:36 PM, on 14/04/2009
Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\Program Files\Ahead\InCD\InCDsrv.exe
D:\+Windows Programs\AVAST!\aswUpdSv.exe
D:\+Windows Programs\AVAST!\ashServ.exe
D:\+Windows Programs\AVAST!\ashMaiSv.exe
D:\+Windows Programs\AVAST!\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
D:\+Windows Programs\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [avast!] D:\_WINDO~1\AVAST!\ashDisp.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [QuickTime Task] "D:\+Windows Programs\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ashampoo FireWall] "C:\Program Files\Ashampoo\Ashampoo FireWall\FireWall.exe" -TRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\_WINDO~1\OFFICE~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237964813390
O17 - HKLM\System\CCS\Services\Tcpip\..\{9C33A940-0362-44D2-A68A-653824A61104}: NameServer =,
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\+Windows Programs\AVAST!\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\+Windows Programs\AVAST!\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\+Windows Programs\AVAST!\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\+Windows Programs\AVAST!\ashWebSv.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Subsonic - Unknown owner - C:\Program Files\Subsonic\subsonic-service.exe
O23 - Service: TVersityMediaServer - Unknown owner - C:\Program Files\TVersity\Media Server\MediaServer.exe

End of file - 6631 bytes

Here is what the DDS program outputted:

DDS (Ver_09-03-16.01) - NTFSx86  
Run by Shaun at 17:02:07.50 on Mon 13/04/2009
Internet Explorer: 7.0.5730.13

============== Running Processes ===============

============== Pseudo HJT Report ===============

uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime
mRun: [InCD] c:\program files\ahead\incd\InCD.exe
mRun: [avast!] d:\_windo~1\avast!\ashDisp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
mRun: [QuickTime Task] "d:\+windows programs\qt lite\qttask.exe" -atboottime
mRun: [Ashampoo FireWall] "c:\program files\ashampoo\ashampoo firewall\FireWall.exe" -TRAY
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_05\bin\jusched.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\aticat~1.lnk - c:\program files\ati technologies\ati.ace\CLI.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - d:\_windo~1\office~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\ashampoo\ashampoo firewall\spi.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237964813390
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: {9C33A940-0362-44D2-A68A-653824A61104} =,
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: CFi ShellToys ShellExec Extension: {067b597c-c099-4a08-a180-e5fec5dcf2df} - c:\progra~1\cfi\shellt~1\CFiShlEx.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\shaun\applic~1\mozilla\firefox\profiles\uao2zr06.default\
FF - prefs.js: browser.startup.homepage - hxxp://miotd.com/
FF - component: c:\documents and settings\shaun\application data\mozilla\firefox\profiles\uao2zr06.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: d:\+windows programs\mozilla firefox\components\browserdirprovider.dll
FF - component: d:\+windows programs\mozilla firefox\components\brwsrcmp.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\npLegitCheckPlugin.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\npnul32.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\NPOFFICE.DLL
FF - plugin: d:\+windows programs\mozilla firefox\plugins\nppdf32.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\npqtplugin.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\npqtplugin2.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\npqtplugin3.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\npqtplugin4.dll
FF - plugin: d:\+windows programs\mozilla firefox\plugins\npqtplugin5.dll

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-04-13 15:35	<DIR>	--d-----	C:\Auto Patcher
2009-04-13 15:34	124,688	a-------	c:\windows\system32\MSWINSCK.OCX
2009-04-13 15:34	10,752	a-------	c:\windows\system32\aamd532.dll
2009-04-12 23:22	<DIR>	--d-----	c:\program files\GPLGS
2009-04-12 22:53	87,552	a-------	c:\windows\system32\cpwmon2k.dll
2009-04-12 22:53	<DIR>	--d-----	c:\program files\Acro Software
2009-04-09 22:28	<DIR>	--d-----	c:\program files\TightVNC
2009-04-06 00:18	<DIR>	--d-----	C:\Shaun'sDrivers
2009-04-05 23:24	50,432	a-------	c:\windows\system32\drivers\hcdriver.sys
2009-04-05 23:17	69,632	a-------	c:\windows\system32\vuins32.dll
2009-04-05 23:17	43,520	a-------	c:\windows\system32\drivers\fetnd5bv.sys
2009-04-05 23:17	309,760	a-------	c:\windows\system32\difxapi.dll
2009-04-05 23:13	13,976	a-------	c:\windows\system32\drivers\videX32.sys
2009-04-05 22:26	<DIR>	--d-----	c:\program files\Innovative Solutions
2009-04-05 14:27	<DIR>	--d-----	c:\docume~1\shaun\applic~1\com.zipeg
2009-04-05 14:26	141,312	a-------	c:\windows\system32\zip32.dll
2009-04-05 14:25	160,768	a-------	c:\windows\system32\unrar.dll
2009-04-05 14:25	150,016	a-------	c:\windows\system32\Unzip32.dll
2009-04-05 14:25	<DIR>	--d-----	c:\program files\UnzipThemAll
2009-03-25 17:15	23,576	a-------	c:\windows\system32\wuapi.dll.mui
2009-03-22 15:12	56,200	a---h---	c:\windows\system32\mlfcache.dat
2009-03-22 12:16	23,914	a-------	C:\grab00010.jpg
2009-03-21 12:33	107,368	a-------	c:\windows\system32\GEARAspi.dll
2009-03-21 12:33	15,464	a-------	c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-21 12:32	<DIR>	--d-----	c:\program files\iTunes
2009-03-21 12:32	<DIR>	--d-----	c:\program files\iPod
2009-03-21 12:32	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-03-21 12:32	32,000	a-------	c:\windows\system32\drivers\usbaapl.sys
2009-03-18 00:00	218	a-------	c:\windows\system32\tversity.cookies

==================== Find3M  ====================

2009-04-06 00:06	9,854,976	a----r--	c:\windows\system32\atioglx2.dll
2009-04-06 00:06	356,352	a----r--	c:\windows\system32\ATIDEMGX.dll
2008-07-31 21:04	0	a-------	c:\program files\error.dat
2004-10-01 15:00	40,960	a-------	c:\program files\Uninstall_CDS.exe
2005-05-13 17:12	217,073	a--shr--	c:\windows\meta4.exe
2005-10-24 11:13	66,560	a--shr--	c:\windows\MOTA113.exe
2005-10-13 21:27	422,400	a--shr--	c:\windows\x2.64.exe
2005-10-07 19:14	308,224	a--shr--	c:\windows\system32\avisynth.dll
2005-07-14 12:31	27,648	a--shr--	c:\windows\system32\AVSredirect.dll
2005-06-26 15:32	616,448	a--shr--	c:\windows\system32\cygwin1.dll
2005-06-21 22:37	45,568	a--shr--	c:\windows\system32\cygz.dll
2004-01-25 00:00	70,656	a--shr--	c:\windows\system32\i420vfw.dll
2006-04-27 10:24	2,945,024	a--shr--	c:\windows\system32\Smab.dll
2005-02-28 13:16	240,128	a--shr--	c:\windows\system32\x.264.exe
2004-01-25 00:00	70,656	a--shr--	c:\windows\system32\yv12vfw.dll

============= FINISH: 17:02:38.90 ===============

Attached Files

BC AdBot (Login to Remove)


#2 Jat90


  • Members
  • 1,515 posts
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:26 PM

Posted 15 April 2009 - 06:04 AM

Hello, FFFan

Welcome to the Bleeping Computer Forums. My name is Jat, and I will be helping you with your situation.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.

Please do not quote your reports in future, its easier to analyse when pasted directly, thanks :thumbup2:

Let's see what we can do:

Dr Web - CureIt

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

Please rescan with DDS and post DDS.txt

In your next reply, please post:
  • DrWeb log
  • DDS log

- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

#3 Jat90


  • Members
  • 1,515 posts
  • Gender:Male
  • Location:United Kingdom
  • Local time:02:26 PM

Posted 19 April 2009 - 05:52 AM

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please send me a message. In your message please include the address of this thread in your request.

This applies only to the original topic starter.

Everyone else please start a new topic.
- Jat90 -

If I have not responded to you within 24 hours, then please feel free to send me a message.

Posted Image

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users