1. #1
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default Weird autostart-programs - MSKSSRV RunDLL32.exe, MSPCLOCK RunDLL32.exe, MSPQM RunDLL3

    Hi !

    A few days ago i noticed some mysterious autostart-programs in Winpatrol:

    ------------------------------------------------------------------------------------------------------------------------------------------------------
    MSKSSRV RunDLL32.exe streamd,StreamingDeviceSetup {96E080C7-143C-1 1Š 1-840F-00A0C9223 196},{3C0D50 IA-1408-11D 1-840F-00A0C9223 196},{3C0D50 IA-140B-1 1D 1-840F-00A0C9223196}

    MSPCLOCK RunDLL32.exe streamd,StreamingDeviceSetup {97ebaacc-95bd-1 ldO-a3ea-00a0c9223 196},{53 172480-479 1-11DO-A506-28D504C 10000},{53172480-479 1-1 1DO-A5D6-280804C 10000>

    MSPQM RunDLL32.exe sfreamd,SfreamingDeviceSetup {bDF4358E-882C- 1 1D0-A42F-00A0C9223
    196},{97EBAACB-958D-1 1DO-A3EA-00A0C9223196},{97EBAACB-958D-1 1DO-A3EA-00A0C9223 196}

    MSTEE.CxTransform RunDLL32.exe ksfilter.inf,MSTEE.Interface.Install

    MSTEE, Splitter RunDLL32.exe ksfilter.inf,MSTEE, Iriterface.Install ------------------------------------------------------------------------------------------------------------------------------------------------------

    They are all listed as “Run Once”, but they remain even after several reboots.

    In the “Company column” it says “File not found” ???

    Some searching found a few webbsites talking about malware, which made me wonder what had happened.
    So i restored my fresh system-backup, created just a few days ago before i installed the October-updates.
    I then installed one update at a time until i saw those autostart-programs again in Winpatrol.

    After investigation i have found the cause: a Microsoft security update from October: KB2868038 !
    Some USB-drivers for audio & video....

    And uninstalling the update doesn´t help, those programs are still listed.

    MS13-081: Description of the security update for USB drivers: October 8, 2013: MS13-081: Description of the security update for USB drivers: October 8, 2013

    Microsoft Security Bulletin MS13-081 - Critical, KB2868038: Microsoft Security Bulletin MS13-081 - Critical : Vulnerabilities in Windows Kernel-Mode Drivers Could Allow Remote Code Execution (2870008)

    So if you have WinPatrol or some other program that shows autostart-programs, then now you know the cause of this.

    I´m going to report this to Microsoft, if i can find out how...
    I need an email-address...
    Last edited by hackerman1; 15th October 2013 at 23:50.

  2. #2
    Corrine's Avatar
    Corrine is offline Gold Member
    Join Date
    Jan 2009
    Location
    Upstate NY
    Posts
    961

    Default

    There is a very long thread at Microsoft Community about problems with related to MS13-081 but I did not see any post that had the same issue you have. KB2862330 fails to install - Microsoft Community

    You narrowed the problem to the problematic update and have restarted multiple times. With those files listed as "Run once", they should have been installed at the next reboot. Although you did not mention receiving the error "Task Sequence environment not found", check that you have the applicable updates listed in the "Resolution" section of Task sequence fails in Configuration Manager if software updates require multiple restarts.

    If no joy, since the issue you have is also related to MS13-081, I suggest adding the details of your experience to the thread at Microsoft Community. In addition, as Susan Bradley made clear in that thread, Microsoft can not fix a problem that they don't know is broken. If Susan offers to create a support case, please consider sending her the information she needs to do so. Her email address is listed in that thread.

  3. #3
    hackerman1 is offline Senior Member
    Join Date
    Dec 2008
    Location
    Sweden
    Posts
    1,525

    Default

    Hi Corine !

    No i haven´t seen any any errormesages at all.
    I noticed those autostarts "by accident", i used WP to move some other programs to "delayed start", and then i saw those "weird".

    Regarding "Task sequence fails....", the update is not listed there.
    The update causing all this is KB2868038, not KB2862330, although the security bulletin is the same.
    I´m going to take a look at the thread at Microsoft Community anyway.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Log in

Log in

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22