Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MpKsl5d1a439a service


  • Please log in to reply
3 replies to this topic

#1 Steevow

Steevow

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 30 May 2012 - 12:35 PM

This morning I noticed this in event log.

The MpKsl5d1a439a service was successfully sent a start control.

I don't recognize that nor can I find it in my services.msc
I looked in registry run key
I looked in startup
I am currently searching my disk for a file named MpKsl5d1a439a

I think it could be the startup for microsoft security essentials, but I haven't been able to verify that.
I have no virus symptoms.
I don't have any unexpected connections in TCPview.
Can anyone suggest a way to investigate this?
This is an xp professional 32 bit system.

Event Type: Information
Event Source: Service Control Manager
Event Category: None
Event ID: 7035
Date: 5/30/2012
Time: 10:03:12 AM
User: NT AUTHORITY\SYSTEM
Computer: PREFERRE-3E12CB
Description:
The MpKsl5d1a439a service was successfully sent a start control.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Edited by Steevow, 30 May 2012 - 12:36 PM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:47 AM

Posted 30 May 2012 - 12:52 PM

That's a part of Microsoft Security Essentials if you have it installed.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Steevow

Steevow
  • Topic Starter

  • Members
  • 113 posts
  • OFFLINE
  •  
  • Local time:12:47 AM

Posted 30 May 2012 - 01:05 PM

That's a part of Microsoft Security Essentials if you have it installed.

I figured that out, I do have that installed.

What sent me looking at low level stuff is an error today at bootup time, I uninstalled some Canon scanner software and it left behind something that is still trying to run it- it errored because it was uninstalled yesterday.
I haven't found that yet but I stumbled across that event viewer entry while looking.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:47 AM

Posted 30 May 2012 - 01:07 PM

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

Posted Image

Upload the file(s) here: http://uploadmb.com/
Copy the link inside the Direct Link box and post it in your next reply.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users