Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Question

Slow boot time

Dec 23, 2012 11:50PM PST

I'm trying to figure out why my boot up is slower than I'd like it and in checking the system log I've found an entry that I haven't been able to find any information on: MpKslc36611d2 service (the details are in the message at 9:12:11 below). After this Information entry there is a 32 second delay. Could this entry account for the boot delay? Can anyone tell me what the MpKslc36611d2 service service is?

Here's my computer information and the system log for the boot up along with three possibly pertinent log entries.

Thanks.

Dell laptop E6400. 2.4gh dual core processor. 4mb secondary memory. XP Pro Service Pack 3

Type Date Time Source Category Event User Computer
Information 12/24/2012 9:12:53 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:46 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:46 AM Service Control Manager None 7035 SYSTEM BROWNJIM
Information 12/24/2012 9:12:46 AM Dnsapi None 11162 N/A BROWNJIM
Information 12/24/2012 9:12:44 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:44 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:43 AM Service Control Manager None 7035 brownjim BROWNJIM
Information 12/24/2012 9:12:43 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:43 AM Service Control Manager None 7035 SYSTEM BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7035 SYSTEM BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7035 SYSTEM BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7035 SYSTEM BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7036 N/A BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7035 SYSTEM BROWNJIM
Information 12/24/2012 9:12:11 AM Service Control Manager None 7035 SYSTEM BROWNJIM
Error 12/24/2012 9:12:11 AM Service Control Manager None 7000 N/A BROWNJIM
Information 12/24/2012 9:11:09 AM Tcpip None 4201 N/A BROWNJIM
Information 12/24/2012 9:11:04 AM Tcpip None 4202 N/A BROWNJIM
Information 12/24/2012 9:11:00 AM eventlog None 6005 N/A BROWNJIM
Information 12/24/2012 9:11:00 AM eventlog None 6009 N/A BROWNJIM


Error message:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7000
Date: 12/24/2012
Time: 9:12:11 AM
User: N/A
Computer: BROWNJIM
Description:
The Parallel port driver service failed to start due to the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

For more

information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


9:12:11 message:
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 12/24/2012
Time: 9:12:11 AM
User: NT AUTHORITY\SYSTEM
Computer: BROWNJIM
Description:
The MpKslc36611d2 service was successfully sent a start control.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


9:12:43:
Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 12/24/2012
Time: 9:12:43 AM
User: NT AUTHORITY\SYSTEM
Computer: BROWNJIM
Description:
The SSDP Discovery Service service was successfully sent a start control.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Discussion is locked

- Collapse -
Clarification Request
Since it's a service.
Dec 23, 2012 11:53PM PST

I'm guessing you are an OS expert so why not disable it and try? It's not an OS service so the OS will boot and you'll see if that's it.

I didn't google a thing (you can do that) so I thought I'd ask if you tried this.
Bob

- Collapse -
(NT) PS. Why don't you use HIBERNATE instead of a cold boot?
Dec 23, 2012 11:58PM PST
- Collapse -
Hibernate
Dec 24, 2012 1:00AM PST

I do use hibernate a lot but like to shut down sometimes to clear everything up.

- Collapse -
Since we have google, I'll add this.
Dec 24, 2012 1:05AM PST

There are ways to research this, control it but I like to read how others tackle "The Case of ____ ___."

Example sleuthing at link to follow.
http://blogs.technet.com/b/markrussinovich/archive/2012/07/02/3506849.aspx

So there you go. A tool and how Russ tackled it. You bring up a good question. Is this OS maker a little off the mark here? That is, can we expect users to be like Russ?
Bob

- Collapse -
"The Case Of____"
Dec 24, 2012 4:20AM PST

I went through his steps but at some points it was clear that he had a problem that was different from mine. So unfortunately no success.

- Collapse -
Services
Dec 24, 2012 1:06AM PST

I'm not an OS expert, I've just read forums for enough years to have an idea of what needs to be posted!

The problem is I can't see what service it is in the list on Computer Management, and I can't see anything afterwards on Process Explorer.

Yes, I've Googled it and gotten no hits, kind of unusual for Google!

- Collapse -
When I find a service no one knows about.
Dec 24, 2012 1:09AM PST

It's usually malware, rootkit or other. I have had great luck with Grif's advice for (free) scanning tools. Link follows.

http://forums.cnet.com/7726-6132_102-5098912.html?tag=posts;msg5099421

Remember I only have what you post and don't know if you have some USB HDD plugged in or any of the thousand other reasons for it to slow down on a fresh boot.
Bob

- Collapse -
Malware
Dec 24, 2012 4:28AM PST

No success. Ran rkills, then both MalwareBytes and Superantispyware deep scans and found some tracking cookies and a Trojan.Agent/Gen-PWS (which Google said wasn't a password threat) and removed all of them. Also Microsoft Forefront Endpoint (company software). Ran Reboot was still slow.

No USB plugins.

Maybe one of those "thousand other reasons," Bob?

- Collapse -
Check my research.
Dec 24, 2012 4:31AM PST

I supplied how I sniffed out what it is. Your move to verify that it is that item and your choice to uninstall for a test boot.
Bob

- Collapse -
Answer
Did the google on that.
Dec 24, 2012 1:20AM PST
- Collapse -
Did the google on that
Dec 26, 2012 1:50AM PST

After following your link (thanks) and a whole series of links after that it seems that the problem is a Mpksl__.sys file which is a Microsoft Essential update file (which some people have reported problems with). While I used to have MSE installed it's been 2 1/2 years since I removed it. Actually, my company removed it and replaced it with Microsoft Forefront Endpoint Protection. Now I'm not sure if the .sys file is also connected to MFEP, and can't find a google answer to whether it is or not. (It's located under C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{BAB31F37-A7D6-4E60-A5DE-5184431C10F2\MpKslf04d0c25.sys}.) There are suggestions for using a small program (msecleantool) to clean up an uninstall of MSE but I'm afraid the file might be needed by NFEP too so I'm hesitant to remove it, though I can't find any connection online. Anymore thoughts?

- Collapse -
Then a rock.
Dec 26, 2012 1:55AM PST

Sorry but we've traced it down to some microsoft security and by now you know the quality of their stuff. A minute delay on boot does not seem to be a bug to them.

Workaround if you can't remove it? Use HIBERNATE to avoid full boots.
Bob

- Collapse -
Hibernating
Dec 26, 2012 4:43AM PST

You're right: a minute isn't so long.
Hibernating is certainly, but I have this idea that hibernating doesn't clear out the caches or doesn't do something else the same as when shutting down. Is there some down side to it?

- Collapse -
Odd.
Dec 26, 2012 5:00AM PST

I used hibernate for years and no big issues. In fact when I pull out an old laptop we have in storage it resumes from hibernation. I think the record breaker was over a year in storage and it resumed fine.

Sorry, but did you try it?
Bob

- Collapse -
Hibernate
Dec 26, 2012 12:22PM PST

Yeah, it works ok so I'll just use it from now on. Still, frustrating to not be able to completely solve the problem! But thanks for your help.

- Collapse -
When it comes to Microsoft.
Dec 26, 2012 1:33PM PST

You often end up with a workaround.