USBPORT.SYS causes XP system to fall into a reboot cycle


October 8th Microsoft released update Kb2862330:

This security update installs a newer version of usbport.sys file into the "\windows\system32\drivers" folder, and forces a reboot. Every XP system on my network with XP that ran the update (about 100) went into a reboot loop. Safe mode, or any other options available at F8 would not get me to the drive. I had to pull all the drives hook them up to a system with a USB sled and copy the older version of the file back on to the system.

My guess is the new driver is stepping on memory of another file or vice versa. So, it would seem that I may have some old files and some new ones, as I read it may be due to the way my loads were created on my older Microsoft RIS server.

When we first started making loads on the RIS server we used an XP with SP2 OS disk. As time went on SP3 was released and we started loading it on our new installs. I had this same problem with SP3 rebooting the machines due to usbport.sys, but the fix I found on one of the Microsoft Forums was just to copy the older file back in. So I scripted my SP3 install to do just that and all was fine.

I read an article that only briefly touched on this particular scenario. If you are doing your base install from an XP SP2 disk but your load on the server have been upgraded to SP3, you can get a mixture of driver files.

Is this true?
If so, can I fix it?

Right now I have my critical and security updates disable on all XP systems (200+ across 5 locations.)

Thanks for any help
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

On a test system install the latest chipset drivers from manufacture website after installing the update. Monitor the system.

If the issue persist then

You could enable verifier on a test system and upload the new minidump


Enable driver verifier
1) Open an elevated command prompt
2) Type "verifier /standard /all"  (no quotes)
3) Reboot your machine
4) Use machine again until it crashes

After the crash & reboot, go into safe mode with networking.

Disable driver verifier
1) Open an elevated command prompt
2) Type "verifier /reset" (no quotes)
3) Reboot your machine

bwaskAuthor Commented:
"On a test system install the latest chipset drivers from manufacture website after installing the update. Monitor the system."

I can not get to the system after the update is installed, No safe mode, no safe mode with network support, not even a command prompt, it reboots shortly after post, forever.  This doesn't happen intermittently, it happens on every XP system in our environment as soon as the usbport.sys driver is installed.
After you install the update don't restart the system. Install the latest chipset drivers and then reboot.


First install the latest chipset drivers and then install the update
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

bwaskAuthor Commented:

I will try this, but I think this is most unlikely. We have many different Chipsets, some current and some that our older versions. However, this will happen on any XP machine I install it on company wide, "Any XP Machine." If it were a chipset problem, I think we'd see a whole lot more personal/business users having problems than just my network.

However, I will give it a try.
1) First create a system restore point.
2) Install latest chipset or usb drivers.
3) Enable the verifier command
4) Install the update

If the issue reoccurs then boot the system in recovery console and uninstall the update. No need to slave the hard drive.

Upload the new dmp file for analysis.

Hello bwask

I ran into same problem. We got bluescreen on XP-Machines when reboot after KB2862330 on HP dc7900-SFF PCs. Other PC-modells seemed not be affected (but not all are updated).
Did already red some blogs. Obviously others have similar problems with Windows 7 also.

Here the experiances from my side:

*** First Aid ****

Unplug all USB devices. Especialliy the USB KB + mouse, use PS/2-types instead !!!
If not possible, start the machine without all of them and access it remotely by RDP, VNC, TeamViewer, etc.  In all my cases, the systems come up normally und you can handle it.

Don't try windows system restore (see further below)! You could come in trouble.

Be happy, but don't try plugin USB-KB or mouse yet or you will get a crash/BSOD immediately!! Just uninstall the KB7862330. Ignore warnings. Reboot and then use your USB-Devices as before.

If you are careful, set a restorepoint before uninstallig. Or better make an image-save of the sys-volume.


Additional info from my  tests and experiances:

- I got bluescreen after MS-update KB2862330 and reboot.
- Realized, that it has to do with USB (Microsoft Bulletin).
- Unplugged USB-mouse/keyboard (+ other USB devs) - and start it (accidentally):  system comes up normally - surprise !!!
- Shutdown, plugged in PS/2 keyborad/mouse
- Start the machine - comes up normally again
-> plug in a USB-Mouse -> immediately crash -> BSOD !x!
-> Restart again without USB-device - comes up normally - fine

-> Plugin an USB-disk -> got it, works normally
-> An USB-printer (Brother MFC 9970CDW) was plugged in on a port behind. was overseen.
-> No Problem with it, why ? Check printing - works normally

-> Seems that not all types of USB-devices produce a crash/BSOD. But always in any case: the USB keybord and mouse !!!

Minidump-analysis pointed to usbport.sys also as bwask already found out.

Courious effect seen with windows system restore: It did not help. The affected xxxx.sys files didn't change - crash/BSOD furthermore! Don't no why. But after WSR  I was unable to uninstall KB2862330! Solution:  Take the system restore back. Then uninstall KB2862330.

Uninstall KB2862330 should bring back the old drivers and status. If problems, or to be sure  look into $NtUninstallKB2862330$ if they are div. older xxx.sys-files.  There was'nt after a Sys-restore and uninstall the KB-Patch then didn't do & solve anything. But of course was disappeared after.

I made some deals with driver restoring manually (w. Pendmoves from Sysinternals and reg-setting AllowProtectedRenames). First tried with the usbport.sys only, after that the others also. Drivers changed but problem wasn't solved this way. Perhaps any mistake from my side. I hadn't the org-old-drivers and used some from SP3. May be an inconsistence with other things.

*** I think, that just uninstall KB2862330 and nothing else is the most clean way to come back to  normal life.  
Until now I didn't saw any impact with the other MS-Patches from the October-Patchday. All of them I left installed on the affected/repaired systems without problems - til now, of course.

--- To all IT-colleagues in trouble I wish you very good luck --- (I also have had 2 bad strong days )  

... sorry for my english, I'm not very experienced in conversation and writing

Would be glad to hear, if the trick wirh ps/2-KB+Mouse also could be helpful with Windows-7-Systems. I have a few, but they're not on  automatic update and therfore no experiance w. KB2862330.
bwaskAuthor Commented:

Your post reads like I wrote it myself ;)... Especially the "I also have had 2 bad strong days ." My case was very similar, we had to scramble to get these systems functioning again across our WAN.

Here's what I've figured out.

I have a RIS (Remote Installation Services) server that I created back before XP-SP3 came out. My base load (CD Image) is from an XP-SP2 CD, or was when many of the loads were created. My process for many of the loads added to the server was to create a base load from the server and then install SP3 to the new load before pushing it to the server (riprep-ing it.)

The problem appears to have something to do with having SP3 installed on the riprep-ed image but SP2 on the base image. Apparently there is a mixing of file versions when the load is pulled down from the RIS server.

I scripted around this problem long ago when SP3 came out by just replacing the older version of usbport.sys (this was the accepted fix at the time) without thinking far enough ahead to consider that Windows Updates would someday push the file out in a security update that was set to auto install on my workstations via my WSUS server. BIG CRASH, and again, a very bad, and long day for all of us.

So far I've found 1 work-around and 2 possible fixes.

1.) "WORK-AROUND" -- Pull all USB devices and boot it up into windows, you should be able to remote into it. Also, if you have a sled, you can pull the drive and copy the older version of USBPORT.sys to the "\windows\system32\drivers" reboot the system and it will come back up.

2.) On some system a current version of the chipset drivers has resolved the issue, by resolved I mean you can use the newer version of the USBPORT.SYS file and your system will function properly. I've found two models so far this works on:
Dell GX260
Dell GX280

3.) SFC /scannow (System File Checker) is the other fix I've found on some systems. Two models that I've found SFC fixes are:
Dell Optiplex 755
Dell Latitude D620

There are a couple things to note if you are going to attempt a successful run of SFC. First, throw an XP-SP3 OS installation disk into the cd-rom drive (it can be an OEM copy if that's all you have). Click Start > Run  and on the line type "sfc /scannow" and click OK. If it fails (and it probably will) here is what you need to do.

Open Regedit
go to "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\"
You will need to edit two String values:

Assuming your CD-ROM is your D:\ the value data for both should be D:\

If you were to copy the I386 directory to your c:\I386 the value data would just be C:\

After you've changed the Value Data reboot and run sfc /scannow and it should finish successfully.

So far these methods have fixed every machine I've ran it on, by "fixed" I mean you can now let KB2862330 run and upgrade the usbport.sys file and still have a functioning machine.

On a final note, I've now changed my WSUS server from auto installing Critical and Security updates, and now check them as they come in.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bwaskAuthor Commented:
Georg49, you can't use the SP3 usbport.sys file, you need to take it back to the SP2 usbport.sys version. If you just drop that file in, the system will come up fine and you can do the other fixes, no need to uninstall KB2862330 which has caused us so much trouble. I did notice on a couple of instances however, that it would reboot a couple of times before it went into windows, and on a couple of occasions for some reason I had to copy the file twice.
bwaskAuthor Commented:
My comment was more thorough in it's explanation of the fix, as well as fleshing out the whole problem, and why it seems to have taken place in the first place in my particular environment.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.