Nguyen, Tuan | 14 Oct 14:25 2013

KB2794707 breaks Pivotal CRM hooks into Outlook?

Anybody experienced problem described below? Thanks in advance.
 
Problem:
When linking an email from the Pivotal Client or clicking on Pivotal email form Control icon,  MS Outlook displays a warning message "The system is busy completing a task. Please wait until the operation has completed before trying again."
 
Cause:
Microsoft security update http://support.microsoft.com/kb/2794707 which was released on Sept 10, 2013 is triggering the warning pop up.  This security patch is specific to users with Office 2010 Service Pack 1.  Those not yet on SP1 do not get the update.
 
Detail:
This problem centers around the Pivotal CRM  application and it’s hooks into the Outlook client(via a plug-in).  The functionality allows someone to take an email(including attachments) and save that email interaction with a Customer in the Pivotal(Relationship) application database.
 
Tuan V. Nguyen | The Principal Financial Group | 515.247.4538 | Nguyen.Tuan-HJ40zzm6tk8S+FvcfC7Uqw@public.gmane.org | www.principal.com | DREAM AGAIN
 
 
 
 

-----Message Disclaimer-----

This e-mail message is intended only for the use of the individual or entity to which it is addressed, and may contain information that is privileged, confidential and exempt from disclosure under applicable law. If you are not the intended recipient, any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply email to Connect-t0K2wm9Spt0S+FvcfC7Uqw@public.gmane.org and delete or destroy all copies of the original message and attachments thereto. Email sent to or from the Principal Financial Group or any of its member companies may be retained as required by law or regulation.

Nothing in this message is intended to constitute an Electronic signature for purposes of the Uniform Electronic Transactions Act (UETA) or the Electronic Signatures in Global and National Commerce Act ("E-Sign") unless a specific statement to the contrary is included in this message.

While this communication may be used to promote or market a transaction or an idea that is discussed in the publication, it is intended to provide general information about the subject matter covered and is provided with the understanding that The Principal is not rendering legal, accounting, or tax advice. It is not a marketed opinion and may not be used to avoid penalties under the Internal Revenue Code. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, or accounting obligations and requirements. (HT0512)

Emin | 14 Oct 17:42 2013
Picon

Re: The problem child of the month appears to be KB2862330

Hi,

In my org., we are currently investigating another side effect of MS13-081.

The RunOnce registry key is getting populated with the following content on some computers:

MSPCLOCK=rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
MSPQM=rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
MSKSSRV=rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
MSTEE.CxTransform=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
MSTEE.Splitter=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
WDM_DRMKAUD=rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install

Anyone else noticed the same behavior?



On Fri, Oct 11, 2013 at 6:33 AM, Susan Bradley <susan-CxEhlPShqERWk0Htik3J/w@public.gmane.org> wrote:
MS13-081: Description of the security update for USB drivers: October 8, 2013:
http://support.microsoft.com/kb/2862330/en-us

Which appears to be our problem child of the month.

It's a kernel update (tend to have issues anyway)
It's a usb update (and with all our third party usb drivers)

It can take two reboots (a sign that it's a complex issue getting fixed)

I only have one guy willing to open a case.  If anyone else has some sample customers willing to open a support call and help all of us in the process, please let me know.

A very [very] few people have reported a BSOD
A few people have reported it not getting installed
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4

---
PatchManagement.org is hosted by Shavlik

To unsubscribe send a blank email to leave-patchmanagement <at> patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement <at> patchmanagement.org

ashraf morsi | 14 Oct 18:20 2013
Picon

Re: The problem child of the month appears to be KB2862330

For those machines which get BSOD after kernel update it might be infected with virus. It happened twice over the last 2 years.

On Oct 11, 2013 7:37 AM, "Susan Bradley" <susan-CxEhlPShqERWk0Htik3J/w@public.gmane.org> wrote:
MS13-081: Description of the security update for USB drivers: October 8, 2013:
http://support.microsoft.com/kb/2862330/en-us

Which appears to be our problem child of the month.

It's a kernel update (tend to have issues anyway)
It's a usb update (and with all our third party usb drivers)

It can take two reboots (a sign that it's a complex issue getting fixed)

I only have one guy willing to open a case.  If anyone else has some sample customers willing to open a support call and help all of us in the process, please let me know.

A very [very] few people have reported a BSOD
A few people have reported it not getting installed
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4

---
PatchManagement.org is hosted by Shavlik

To unsubscribe send a blank email to leave-patchmanagement <at> patchmanagement.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement <at> patchmanagement.org
Raff, Adam | 14 Oct 19:29 2013

KB2862330 unchecked in Windows Update

Good Day,

 

I just finished pushing my updates to my clients and I am getting ready to push them to my server via windows update and I have noticed that KB2682330 is unchecked.  I know that this KB has been causing some issue.  Two reboots and some BSOD but very very rarely.   Is this MS way of saying installing this update at your own risk as we know that there is a problem with this update and we are waiting to see what happens to see if we need to fix it or pull it?

 

What your you guys doing with this update?

 

Thank You,

 

Adam Raff

 

 

50 COMMERCE DRIVE  l  ALLENDALE, NJ 07401 P 201.760 .4100    F 201.760.4158  WWW.HSPOP.COM

 

 

NOTICE:    The contents of this e-mail and any attachments to it contain confidential and/or legally privileged information from Henschel-Steinau Inc.  This information is only for the intended recipient.  If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or the taking of any action in reliance on the contained information is strictly prohibited.  If you have received this e-mail in error, please notify us by e-mail immediately and delete the material.  Although this e-mail has been checked for viruses and other defects, no responsibility can be accepted for any loss or damage arising from its receipt or use

 

christian.wilhelm | 14 Oct 20:25 2013
Picon

AW: The problem child of the month appears to be KB2862330

We are talking about that:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ?

On all fully patched 2008 R2 Servers or Win7 X64 machines I do see none of these entries.

-----Ursprüngliche Nachricht-----
Von: Emin [mailto:emin.atac@...] 
Gesendet: Montag, 14. Oktober 2013 17:43
An: Patch Management Mailing List
Betreff: Re: [patchmanagement] The problem child of the month appears to be KB2862330

Hi, 

In my org., we are currently investigating another side effect of MS13-081.

The RunOnce registry key is getting populated with the following content on some computers:

MSPCLOCK=rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
MSPQM=rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
MSKSSRV=rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
MSTEE.CxTransform=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
MSTEE.Splitter=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
WDM_DRMKAUD=rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install

Anyone else noticed the same behavior?

On Fri, Oct 11, 2013 at 6:33 AM, Susan Bradley <susan@...> wrote:

	MS13-081: Description of the security update for USB drivers: October 8, 2013:
	http://support.microsoft.com/kb/2862330/en-us
<http://support.microsoft.com/kb/2862330/en-us> 
	
	Which appears to be our problem child of the month.
	
	It's a kernel update (tend to have issues anyway)
	It's a usb update (and with all our third party usb drivers)
	
	It can take two reboots (a sign that it's a complex issue getting fixed)
	
	I only have one guy willing to open a case.  If anyone else has some sample customers willing to open a support
call and help all of us in the process, please let me know.
	
	A very [very] few people have reported a BSOD
	A few people have reported it not getting
installed
	http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4
<http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4> 
	
	---
	PatchManagement.org is hosted by Shavlik
	
	To unsubscribe send a blank email to leave-patchmanagement <at> patchmanagement.org
<mailto:leave-patchmanagement@...> 
	If you are unable to unsubscribe via this email address, please email
	owner-patchmanagement@...
<mailto:owner-patchmanagement <at> patchmanagement.org> 
	

Emin | 14 Oct 20:58 2013
Picon

Re: The problem child of the month appears to be KB2862330

Hi,

Yes, I'm talking about that key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Only Windows 7 x64 machines are concerned. Currently only ~20 of 2000 are concerned which represents only 1%

We noticed that there are a ton of info in C:\Windows\inf\setupapi.dev.log
... but we don't know yet what KB and under what circumstances this info is written in the RunOnce key.

My assumptions are that:
 - computers have had a special usb device (video, audio or both) installed
 - computers have MS13-081 in pending state (installed but not rebooted yet)
 - computers have a third party software installed (less likely)

Sure it isn't related to a specific hardware because the reg entries appear on various mainboards (both desktop and laptops)

I'll let you know if I find something new and can narrow down the "issue",

/Emin



On Mon, Oct 14, 2013 at 8:25 PM, <christian.wilhelm-ow4iuBmn77Q@public.gmane.orghofer.de> wrote:
We are talking about that:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ?

On all fully patched 2008 R2 Servers or Win7 X64 machines I do see none of these entries.



-----Ursprüngliche Nachricht-----
Von: Emin [mailto:emin.atac-Re5JQEeQqe8@public.gmane.orgm]
Gesendet: Montag, 14. Oktober 2013 17:43
An: Patch Management Mailing List
Betreff: Re: [patchmanagement] The problem child of the month appears to be KB2862330

Hi,


In my org., we are currently investigating another side effect of MS13-081.


The RunOnce registry key is getting populated with the following content on some computers:


MSPCLOCK=rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
MSPQM=rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
MSKSSRV=rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
MSTEE.CxTransform=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
MSTEE.Splitter=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
WDM_DRMKAUD=rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install


Anyone else noticed the same behavior?




On Fri, Oct 11, 2013 at 6:33 AM, Susan Bradley <susan-CxEhlPShqERWk0Htik3J/w@public.gmane.org> wrote:


        MS13-081: Description of the security update for USB drivers: October 8, 2013:
        http://support.microsoft.com/kb/2862330/en-us <http://support.microsoft.com/kb/2862330/en-us>

        Which appears to be our problem child of the month.

        It's a kernel update (tend to have issues anyway)
        It's a usb update (and with all our third party usb drivers)

        It can take two reboots (a sign that it's a complex issue getting fixed)

        I only have one guy willing to open a case.  If anyone else has some sample customers willing to open a support call and help all of us in the process, please let me know.

        A very [very] few people have reported a BSOD
        A few people have reported it not getting installed
        http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4 <http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4>

        ---
        PatchManagement.org is hosted by Shavlik

        To unsubscribe send a blank email to leave-patchmanagement <at> patchmanagement.org <mailto:leave-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+6BGkLq7r@public.gmane.org>
        If you are unable to unsubscribe via this email address, please email
        owner-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+6BGkLq7r@public.gmane.org <mailto:owner-patchmanagement <at> patchmanagement.org>




---
PatchManagement.org is hosted by Shavlik

To unsubscribe send a blank email to leave-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+6BGkLq7r@public.gmane.org
If you are unable to unsubscribe via this email address, please email
owner-patchmanagement-Vbinuuz+i/1cyoYjzPa5A0B+6BGkLq7r@public.gmane.org


Gray Knowlton | 14 Oct 21:00 2013
Picon

RE: Click to Run updates outside of Windows Update

Glad to answer any questions.

C2R does not actually use the MU pipeline. It ships on the same schedule, but the bits are not hosted there. We
host them on Azure.

Regards,
Gray Knowlton

-----Original Message-----
From: Susan Bradley [mailto:susan@...] 
Sent: Friday, October 11, 2013 2:30 PM
To: Patch Management Mailing List
Subject: Re: [patchmanagement] Click to Run updates outside of Windows Update

Correct. The office garage series is one of the few places I've seen this discussed.

It uses MU pipes, but it's an app-v image deployment.
http://blogs.technet.com/b/office_resource_kit/archive/2013/04/30/the-new-office-garage-series-click-to-run-customization-and-deployment-deep-dive-part-3-integration-and-automation-with-software-distribution-tools.aspx

On 10/11/2013 2:17 PM, Steve Yates wrote:
> http://technet.microsoft.com/en-us/library/jj219427.aspx
>
> We just ran into this, trying to figure out why a PC didn't show any Office 2013 updates.  The retail versions
of Office 2013 installed using Click to Run apparently self-update outside of WU, with no WU history or
other "normal" indication patches are installed.
>
> --
>
> Steve Yates
> ITS, Inc.
>
>
>
> ---
> PatchManagement.org is hosted by Shavlik
>
> To unsubscribe send a blank email to 
> leave-patchmanagement@...
> If you are unable to unsubscribe via this email address, please email 
> owner-patchmanagement@...
>
>

---
PatchManagement.org is hosted by Shavlik

To unsubscribe send a blank email to leave-patchmanagement <at> patchmanagement.org
If you are unable to unsubscribe via this email address, please email owner-patchmanagement@...

christian.wilhelm | 14 Oct 21:43 2013
Picon

AW: The problem child of the month appears to be KB2862330

I found one win7 x64 machine with a pending reboot for October patchday.
That machine did need 2 reboots for October patchday (came up fine although).

No strange entries in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

But log entries in C:\Windows\inf\setupapi.dev.log shows that:

First Reboot:

**************
                                  
[Boot Session: 2013/10/14 20:46:14.125]

>>>  [Uninstall Driver Updates]
>>>  Section start 2013/10/14 20:46:33.812
      cmd: C:\Windows\servicing\TrustedInstaller.exe
     sto: Driver Update Context:
     sto:      Image State        = Specialized
     sto:      Image Architecture = amd64
     sto:      Transaction        = CbsDriversAndPrimitives
     sto:      Driver Updates     = 3
     inf: Opened INF:
'C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.inf' ([strings])
     inf: Opened INF:
'C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usb.inf' ([strings])
     inf: Opened INF:
'C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bth.inf' ([strings])
     sto: Unpublishing all driver updates.
     sto: {Unpublish Driver Package:
C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.inf} 20:46:33.953
     sto:      Unpublishing driver package:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.inf
     sto:           Flags          = 0x00000000
     idb:      Unpublished driver store entry 'usbport.inf_amd64_neutral_189259810882aaea'.
     sto:      Published driver package INF 'usbport.inf' was same or older version.
     sto:      Active published driver package is 'usbport.inf_amd64_neutral_1232484025e9fbfa'.
     sto:      Unpublished driver package. Time = 15 ms
     sto: {Unpublish Driver Package: exit(0x00000000)} 20:46:34.000
     sto: {Unpublish Driver Package:
C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usb.inf} 20:46:34.000
     sto:      Unpublishing driver package:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usb.inf
     sto:           Flags          = 0x00000000
     idb:      Unpublished driver store entry 'usb.inf_amd64_neutral_153b489118ee37b8'.
     sto:      Published driver package INF 'usb.inf' was same or older version.
     sto:      Active published driver package is 'usb.inf_amd64_neutral_efc1d9d1a972acd0'.
     sto:      Unpublished driver package. Time = 15 ms
     sto: {Unpublish Driver Package: exit(0x00000000)} 20:46:34.031
     sto: {Unpublish Driver Package:
C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bth.inf} 20:46:34.031
     sto:      Unpublishing driver package:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bth.inf
     sto:           Flags          = 0x00000000
     idb:      Unpublished driver store entry 'bth.inf_amd64_neutral_ca26c6da62d71ca8'.
     sto:      Published driver package INF 'bth.inf' was same or older version.
     sto:      Active published driver package is 'bth.inf_amd64_neutral_de0494b6391d872c'.
     sto:      Unpublished driver package. Time = 16 ms
     sto: {Unpublish Driver Package: exit(0x00000000)} 20:46:34.062
     sto: Reflecting all previous driver updates.
     sto: Higher version of 'usbport.inf' is currently reflected.
     sto:      Filename = C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_1232484025e9fbfa\usbport.inf
     sto: Higher version of 'usb.inf' is currently reflected.
     sto:      Filename = C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_efc1d9d1a972acd0\usb.inf
     sto: Higher version of 'bth.inf' is currently reflected.
     sto:      Filename = C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_de0494b6391d872c\bth.inf
     sto: Updating devices for all previous driver updates.
<<<  Section end 2013/10/14 20:46:34.124
<<<  [Exit status: SUCCESS]

**********

Second reboot:

***********
[Boot Session: 2013/10/14 20:47:07.125]

>>>  [Unstage Driver Updates]
>>>  Section start 2013/10/14 20:47:26.315
      cmd: C:\Windows\servicing\TrustedInstaller.exe
     sto: Driver Update Context:
     sto:      Image State        = Specialized
     sto:      Image Architecture = amd64
     sto:      Transaction        = None
     sto:      Driver Updates     = 3
     sto: Unstaging all driver updates.
     sto: {Delete Driver Package:
C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.inf} 20:47:26.378
     sto:      Deleting driver package from Driver Store:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea\usbport.inf
     sto:           Flags          = 0x00000001
     idb:      Unregistered driver store entry 'usbport.inf_amd64_neutral_189259810882aaea'.
     sto:      {Delete Directory:
C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_neutral_189259810882aaea} 20:47:26.409
     sto:      {Delete Directory: exit(0x00000000)} 20:47:26.487
     sto:      Deleted driver package from Driver Store. Time = 93 ms
     sto: {Delete Driver Package: exit(0x00000000)} 20:47:26.487
     sto: {Delete Driver Package:
C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usb.inf} 20:47:26.502
     sto:      Deleting driver package from Driver Store:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8\usb.inf
     sto:           Flags          = 0x00000001
     idb:      Unregistered driver store entry 'usb.inf_amd64_neutral_153b489118ee37b8'.
     sto:      {Delete Directory:
C:\Windows\System32\DriverStore\FileRepository\usb.inf_amd64_neutral_153b489118ee37b8} 20:47:26.549
     sto:      {Delete Directory: exit(0x00000000)} 20:47:26.581
     sto:      Deleted driver package from Driver Store. Time = 63 ms
     sto: {Delete Driver Package: exit(0x00000000)} 20:47:26.597
     sto: {Delete Driver Package:
C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bth.inf} 20:47:26.613
     sto:      Deleting driver package from Driver Store:
     sto:           Driver Store   = C:\Windows\System32\DriverStore (Online | 6.1.7601)
     sto:           Driver Package = C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8\bth.inf
     sto:           Flags          = 0x00000001
     idb:      Unregistered driver store entry 'bth.inf_amd64_neutral_ca26c6da62d71ca8'.
     sto:      {Delete Directory:
C:\Windows\System32\DriverStore\FileRepository\bth.inf_amd64_neutral_ca26c6da62d71ca8} 20:47:26.628
     sto:      {Delete Directory: exit(0x00000000)} 20:47:26.675
     sto:      Deleted driver package from Driver Store. Time = 63 ms
     sto: {Delete Driver Package: exit(0x00000000)} 20:47:26.675
<<<  Section end 2013/10/14 20:47:26.675
<<<  [Exit status: SUCCESS]

*************

But as said before .... machine is fine after these 2 reboots....... 
the same Hardware config as my other test machines ... but the only one with 2 reboots so far.

-----Ursprüngliche Nachricht-----
Von: Emin [mailto:emin.atac@...] 
Gesendet: Montag, 14. Oktober 2013 20:59
An: Patch Management Mailing List
Betreff: Re: [patchmanagement] The problem child of the month appears to be KB2862330

Hi,

Yes, I'm talking about that key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Only Windows 7 x64 machines are concerned. Currently only ~20 of 2000 are concerned which represents only 1%

We noticed that there are a ton of info in C:\Windows\inf\setupapi.dev.log 

... but we don't know yet what KB and under what circumstances this info is written in the RunOnce key.

My assumptions are that:
 - computers have had a special usb device (video, audio or both) installed 

 - computers have MS13-081 in pending state (installed but not rebooted yet)

 - computers have a third party software installed (less likely)

Sure it isn't related to a specific hardware because the reg entries appear on various mainboards (both
desktop and laptops)

I'll let you know if I find something new and can narrow down the "issue",

/Emin

On Mon, Oct 14, 2013 at 8:25 PM, <christian.wilhelm@...> wrote:

	We are talking about that:
	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ?
	
	On all fully patched 2008 R2 Servers or Win7 X64 machines I do see none of these entries.
	
	
	
	-----Ursprüngliche Nachricht-----
	Von: Emin [mailto:emin.atac@...]
	Gesendet: Montag, 14. Oktober 2013 17:43
	An: Patch Management Mailing List
	Betreff: Re: [patchmanagement] The problem child of the month appears to be KB2862330
	

	Hi,
	
	
	In my org., we are currently investigating another side effect of MS13-081.
	
	
	The RunOnce registry key is getting populated with the following content on some computers:
	
	
	MSPCLOCK=rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}
	MSPQM=rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}
	MSKSSRV=rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}
	MSTEE.CxTransform=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
	MSTEE.Splitter=rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install
	WDM_DRMKAUD=rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install
	
	
	Anyone else noticed the same behavior?
	
	
	
	
	On Fri, Oct 11, 2013 at 6:33 AM, Susan Bradley <susan@...> wrote:
	
	
	        MS13-081: Description of the security update for USB drivers: October 8, 2013:
	
	        http://support.microsoft.com/kb/2862330/en-us <http://support.microsoft.com/kb/2862330/en-us>
	

	        Which appears to be our problem child of the month.
	
	        It's a kernel update (tend to have issues anyway)
	        It's a usb update (and with all our third party usb drivers)
	
	        It can take two reboots (a sign that it's a complex issue getting fixed)
	
	        I only have one guy willing to open a case.  If anyone else has some sample customers willing to open a support
call and help all of us in the process, please let me know.
	
	        A very [very] few people have reported a BSOD
	        A few people have reported it not getting installed
	
	       
http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4 <http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_install/kb2862330-fails-to-install/a51a34c3-6a67-43dc-b5d1-81d35401299c?page=4>
	

	        ---
	        PatchManagement.org is hosted by Shavlik
	
	
	        To unsubscribe send a blank email to leave-patchmanagement <at> patchmanagement.org <mailto:leave-patchmanagement@...>
	
	        If you are unable to unsubscribe via this email address, please email
	
	        owner-patchmanagement@... <mailto:owner-patchmanagement@...>
	

	---
	PatchManagement.org is hosted by Shavlik
	
	To unsubscribe send a blank email to leave-patchmanagement <at> patchmanagement.org
	If you are unable to unsubscribe via this email address, please email
	owner-patchmanagement@...
	
	


Gmane