Bienvenido! - Willkommen! - Welcome!

Bitácora Técnica de Tux&Cía., Santa Cruz de la Sierra, BO
Bitácora Central: Tux&Cía.
Bitácora de Información Avanzada: Tux&Cía.-Información
May the source be with you!

Thursday, February 21, 2013

Event ID 7026 -CSN5PDTS82 StarOpen

The following boot-start or system-start driver(s) failed to load: CSN5PDTS82 StarOpen
staropen.sys
[ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\WINDOWS\system32\drivers\StarOpen.sys  3408 StarOpen - ok
------
staropen.sys is a Kernel-level I/O operations helper driver from Rocket Division Software, which from my understanding, allows you to bypass windows system permissions, which are required by some CD/DVD writer software so to be able to burn without being administrator/domain admin/power user.
If you want more details, check this: http://www.rocketdivision.com/forum/...light=staropen
Do note that it is NOT a spyware.
anyway, it seems that this driver is incompatible with Vista x64 bits (it seems that it's 32 bits)...
just search your registry for all "StarOpen.sys" entrances, and delete them. Finally, delete the file from "C:\Windows\SysWOW64\drivers". Reboot and check your event log again...should be clean.
========================
Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: StarOpen
4/23/2010 11:24:29 PM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\StarOpen.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
========================= 
regarding the StarOpen error: StarOpen 
http://www.rocketdivision.com/forum/
http://www.malwareremoval.com/forum/
DRV - [2010-05-20 15:14:52 | 000,028,184 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\CSN5PDTS82.sys -- (CSN5PDTS82)
DRV - [2009-11-12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
http://www.file.net/process/staropen.sys.html
StarOpen.sys file information
The process known as StarOpen or Samsung New PC Studio belongs to software RPS Burn or VideoNow Media Wizard by Verizon (www.verizon.com) or AT&T (www.att.com) or TELUS (www.telus.com) or Virgin Broadband (www.virginmedia.com) or Hasbro (www.hasbro.com).
Description: The file StarOpen.sys is located in the folder C:\Windows\System32\drivers. Known file sizes on Windows 7/XP are 5,632 bytes (78% of all occurrences), 5,504 bytes, 7,168 bytes or 4,224 bytes. http://www.file.net/process/staropen.sys.html
The driver can be started or stopped from Services in the Control Panel or by other programs. File StarOpen.sys is a file without information about the developer of this file. The program has no visible window. The service has no detailed description. File StarOpen.sys is not a Windows system file. StarOpen.sys seems to be a compressed file. Therefore the technical security rating is 51% dangerous, however also read the users reviews.
You could uninstall RPS Burn or AquaSoft DiaShow XP five software via Windows Control Panel/Add or Remove Programs (Windows XP) or Programs and Features (Windows 7/Vista).
========================
http://www.computerhope.com/cgi-bin/process.pl?p=staropen.sys
What is staropen.sys?
AT&T, Verizon, and/or Virgin mobile phone driver file.
Is staropen.sys safe?
This staropen.sys file is safe and should not be considered threat to your computer.
Overall threat: No
Spyware: No
Trojan: No
Virus: No
How do I prevent staropen.sys from loading?

========================
What is the role of the Service Control Manager?
Event ID 7026 — Basic Service Control Manager Operations
Possible solution: Update driversThe specified drivers did not load correctly because the drivers might not be in the expected location. To resolve this issue, verify that the most current versions of the drivers are installed and update the drivers, if needed.
To perform this procedure, you must have membership in Administrators, or you must have been delegated the appropriate authority.
To update a driver:
Either:
Or:
=================
techspot.com/community/topics/unknown-rogue-malware-trojans-windows-7
Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.
NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
------------
Download BTKR_RunBox to your desktop.
Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.
NOTE. In case you lost the log it's also located on your desktop as "scan.txt"
----------------

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Click on SCAN.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
===========
www.eventid.net/display.asp?eventid=7026&Service%20Control%20Manager
The following steps helped me to remove a driver, which was causing the issue:
1. Open regedit (e.g. click Start, key regedit and press Enter)
2. Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Environments\Windows NT x86\Drivers
3. Under this key, there will be the keys Version-2 and Version-3 (one or the other of these may be absent - not a problem). The sub-keys under these contain the printer driver configuration information
4. Delete all the sub-keys inside Version-2 and Version-3, but not these keys themselves. M312052 lists some other registry entries to delete, but this is not usually necessary.
5. Open a Command Prompt window
6. Key the commands

  net stop spooler
  net start spooler

See EV100284 for the complete article. 


The Registry value for "Start" in the HKLM\System\CurrentControlSet\Services\ Key should be set to a Decimal value of 4 for disabled.
See this KB for Reference:
http://support.microsoft.com/kb/103000
(excerpt from the above KB Link)
Start     REG_DWORD     Start constant
Specifies the starting values for the service as follows:

START TYPE     LOADER     MEANING

0x0            Kernel     Represents a part of the
(Boot)                    driver stack for the boot
                          (startup) volume and must
                          therefore be loaded by the
                          Boot Loader.

0x1            I/O        Represents a driver to be loaded
(System)       subsystem  at Kernel initialization.

0x2            Service    To be loaded or started
(Auto load)    Control    automatically for all startups,
               Manager    regardless of service type.

0x3            Service    Available, regardless of type,
(Load on       Control    but will not be started until
demand)        Manager    the user starts it (for example,
                          by using the Devices icon in
                          Control Panel).

0x4            Service    NOT TO BE STARTED UNDER ANY
(disabled)     Control    CONDITIONS.
               Manager

No comments: