STOP on shut-down, optical drives or drivers?

[Guest]

A sudden change has occurred to my wife's computer after last Tuesday's
updates were loaded. Not only did Microsoft have updates, but several other
programs did as well. Another was Norton Anti-Virus.

When the computer is asked to shut down it will just reboot. "Reboot on
Failure" was disabled to allow for BSOD to appear. Stop error (Parameter 4
is always showing 0x8050EEF5) for the address.

So far, the only thing I have been able to do is unplug both of the Sony
drives and the problem goes away.
CD-ROM > Sony CDU5211
DVD/CD Burner > Sony DRU710A
If both drives are connected and Windows XP (SP2) is allowed to boot
normally, everything works just fine, until you shut down. Same error
happens if booted into "SAFE MODE". The system is clean and up to date with
all of the software, but something has changed that just will not allow these
drives to let Windows shut down. Device Manager ID's both drives and shows
no conflicts of any kind. Disk Management shows both drives as they have
been for years, "R:\" & "S:\". Windows was asked to delete the drivers and a
scan for new hardware then just re-installs them with no effect. Even the
registry and the BIOS have the correct information about each drive.

Before I go out and spend any money on new drives, could this just be a
registry issue with a load that is never loading? Other than a handful of
mini-dumps that occur, the system still works. I am not discounting that
both drives could have gone bad at the same time, but I am still leaning
toward a bad driver. One of these drivers (GEARAspiWDM.sys) has me
wondering. But if removed by renaming it, neither of the drives will work.

NOTE: Machine and software updates require both drives to be unplugged
because of a necessary reboot.

Any ideas?

 

[Ronaldo]

That "driver" is probably a malware, the way it interferes with normal
functions, leaves no doubt.. it apparently hijacks your optical drives, you
have to delete it. The system drivers should be inside the
C:\WINDOWS\System32\Drivers folder, do a search in the C:\WINDOWS folder, if
you find it in this folder or in C:\WINDOWS\system32, delete it or install
anti-spyware scanners. Check the links for more complete information.

What is GearAspiWDM.sys? Is GearAspiWDM.sys spyware or a virus?
http://www.neuber.com/taskmanager/process/gearaspiwdm.sys.html

GearAspiWDM.sys file information
Some malware camouflage themselves as GearAspiWDM.sys, particularly if they
are located in c:\windows or c:\windows\system32 folder.
http://www.file.net/process/gearaspiwdm.sys.html

Download Adaware SE and Spybot Search& Destroy.
http://www.majorgeeks.com/downloads31.html

-----------------------------------------

 

[Guest]

Ronaldo,

Thank you for your insight on this.

I have explained to my wife what I have read on the sights that you have
supplied. She understands that something may have come in during a download.
What has surprised me was that Spybot S & D did not find this malware.
Being hidden in the C:\Windows\System32 directory could be a clue I need to
check my settings of this product. Maybe by default it does not check in
this location.

The driver and its cabinets were deleted along with a careful manual
cleaning of the system registry was all that was needed. I was able to set a
Restore Point before I attempted the reconnection of the CDU5211 CD-ROM
drive. All went according to plan and the CD-ROM is now connected with ONLY
the MS drivers being shown. I can only hope that the system will shut down
after I complete a quick defrag. If it does, the re-installation of the
DRU710A DVD/CD drive should be okay as well.

The last thing has me worried, that is the software that is currently
loaded. She has Nero 6 that came with the Sony DRU710A and iTunes which she
may have downloaded from somewhere to support her Nano music hunger. I have
been told that her iTunes software could be uninstalled and re-downloaded
directly from Apple to ensure that things are clean. A wise choice. Nero,
on the other hand will be a different story.

Your information has been shared with friends at work who have indicated
strange happenings with their systems as well. Now that we know what we are
looking for, the rest is just a hunt.

Thanks again!!

--
Regards,

Peter K.

That "driver" is probably a malware, the way it interferes with normal
functions, leaves no doubt.. it apparently hijacks your optical drives, you
have to delete it. The system drivers should be inside the
C:\WINDOWS\System32\Drivers folder, do a search in the C:\WINDOWS folder, if
you find it in this folder or in C:\WINDOWS\system32, delete it or install
anti-spyware scanners. Check the links for more complete information.

What is GearAspiWDM.sys? Is GearAspiWDM.sys spyware or a virus?
http://www.neuber.com/taskmanager/process/gearaspiwdm.sys.html

GearAspiWDM.sys file information
Some malware camouflage themselves as GearAspiWDM.sys, particularly if they
are located in c:\windows or c:\windows\system32 folder.
http://www.file.net/process/gearaspiwdm.sys.html

Download Adaware SE and Spybot Search& Destroy.
http://www.majorgeeks.com/downloads31.html

-----------------------------------------

 

[Guest]

Ronaldo,

Well, it seems that I have jumped the gun here and was hoping for the best.
As it has turned out, this file is out of my wife's machine and the CD-ROM
was working as before, just fine, until.....
The system still has the very same stop error "0x0A", and parameter 4 still
shows "0x8050EEF5", same as before. Same for "Safe Mode", and now, even if I
perform a clean cold boot using msconfig and de-selecting everything. Yet
still, if the CD-ROM is unplugged before I boot, the machine will shut down
normally. I might be forced into wiping her C:\ drive and restoring from a
backup made by me last year. Only thing is she never has enough time to give
me when a backup should be done. I know, her fault. At least I have her
placing her data onto another hard drive.

Any other ideas?
Are there any utilities out there that can record a shut-down process?
Dealing with "dumpchk" is such a pain.

Thank you again for trying.
--
Regards,

Peter K.

Ronaldo,

Thank you for your insight on this.

I have explained to my wife what I have read on the sights that you have
supplied. She understands that something may have come in during a download.
What has surprised me was that Spybot S & D did not find this malware.
Being hidden in the C:\Windows\System32 directory could be a clue I need to
check my settings of this product. Maybe by default it does not check in
this location.

The driver and its cabinets were deleted along with a careful manual
cleaning of the system registry was all that was needed. I was able to set a
Restore Point before I attempted the reconnection of the CDU5211 CD-ROM
drive. All went according to plan and the CD-ROM is now connected with ONLY
the MS drivers being shown. I can only hope that the system will shut down
after I complete a quick defrag. If it does, the re-installation of the
DRU710A DVD/CD drive should be okay as well.

The last thing has me worried, that is the software that is currently
loaded. She has Nero 6 that came with the Sony DRU710A and iTunes which she
may have downloaded from somewhere to support her Nano music hunger. I have
been told that her iTunes software could be uninstalled and re-downloaded
directly from Apple to ensure that things are clean. A wise choice. Nero,
on the other hand will be a different story.

Your information has been shared with friends at work who have indicated
strange happenings with their systems as well. Now that we know what we are
looking for, the rest is just a hunt.

Thanks again!!

 

[Ronaldo]

But can you still find the same driver installed in the CD-ROM drive (Device
Manager?)... Some malware can restore themselves, and to prevent it, System
Restores has to be disabled... look for the same driver or the driver that's
now installed could be the same bug now disguising as the new driver. Try a
scan with HijackThis http://www.majorgeeks.com/downloads31.html scan in
safe mode to see if you can delete it for good.

You can also scan the computer from an antivirus or anti-spyware online
scanner. http://www.kaspersky.com/virusscanner
http://www.precisesecurity.com/antivirus/online-scan.htm

You can also install Process Explorer and open it, and see if you can make
the CD-ROM driver act up by inserting a CD in the drive while watching
Process Explorer, the driver running the drive highlights in red
momentarily, if you look close enough you can catch the driver name and
maybe delete it and letter replace it with a fresh driver.
http://www.microsoft.com/technet/sysinternals/default.mspx

Don't know of any system error recorder software, though some System
Information application like Everest Home may provide information that may
be useful in some way.

Everest Home
http://www.majorgeeks.com/download4181.html

Possible Resolutions to STOP 0x0A, 0x01E, and 0x50 Errors
http://support.microsoft.com/kb/183169/en

0x8050EEF5
http://www.geekstogo.com/forum/index.php?act=ST&f=5&t=154710
http://www.google.com.mx/search?hl=es&q=0x8050EEF5&btnG=Búsqueda&meta=

Old versions of Everest Home
http://www.oldversion.com/program.php?n=everesthome

So after all the research, the error numbers seem to point to one or more of
the following:
.. Hardware failure (memory, processor, or motherboard).
.. Anti-virus software that is running on your computer.
.. Drivers installed by third party software.

So disconnect the computer from the Internet or network and disable the
antivirus to see if it makes a difference... later install Everest Home and
check if it shows any problem caused by hardware and change the CD-ROM
driver (again) to see if that make any difference. Get these cleared out
before you format and reinstall or you may find yourself in the same
situation sooner than you think.

My guess is that the same malware is still in the system or you have a
hardware problem which should be continuous, so it's more likely that the
bug is still in your system.... so check which driver is installed on the
CD-ROM with Process Explorer which is more accurate than the Device Manager,
which shows several drivers in alphabetical order but doesn't say which is
the one installed. Do as I described above, it appears and disappears
quickly in Process Explorer so keep your eye on the screen, once you ID the
driver, delete it.. As you delete the driver from the System32 folder, wait
to see if it is restored by the system... you may have to unprotect it to
delete it for good.. See the instructions for that. And disable System
Restore so the malware won't come back.

Disable Windows File Protection (Windows 2000/XP)
http://www.pctools.com/guides/registry/detail/790/

Another thing, some malware or viruses go from file to file, you delete one
and they keep jumping to other files, and as it seems, this one may be one
of those, so I hope you can get it this time.

-----------------------------------------

 

[Guest]

Ronaldo,

Thank you for writing back.

No.
The removal of this file (GEARAspiWDM.sys) was successfully done. After
repeated reboots, the file has not returned in the Device Manager listings
for both optical drives. However, the problem still remains.

I have also tried this with another CD-ROM from another system and placed it
on both of the IDE controllers with the same results. At one point, I
thought that this could be a different type of driver issue dealing with the
chipset on the motherboard. A reload of the motherboard's chipset drivers
was done, but this did not help.

I also downloaded Security Task Manager and watched as I opened, loaded,
played, switched tracks, stopped and even ejected a music CD. No additional
services or programs ever popped up.

Since this seems to be an issue that appears in all modes of Windows, even
safe mode, and using "msconfig" for a selective boot, this has to be a core
Windows problem that is being loaded on Windows startup that Windows Update
is not seeing or cannot correct for. My feeling about the software on this
system is nothing out of the ordinary, however, little can be done to correct
a corrupted file in Windows without reloading it. Since I only have a
Windows XP (SP1) CD as my latest version, it would be better to wipe the C:\
drive and reload the full backup that was made last year. Updates to the
programs and Windows can be done in a few hours because I do have a
high-speed connection to the Internet.

I thought it was funny that your search had only turned up 2 of these
occurrences; one of them is actually this posting. As a final note, if this
was a hardware failure on the motherboard, I would have seen differences in
the PCI Bridge that is used to connect to the CD-ROM drives. However, the
fact still remains that this address (0x8050EEF5) is not changing and is part
of an address range used by the system. That part of the motherboard is
directly controlled by the operating system. Remember, everything on the
computer system is working, even the optical drives. The system just will
not shut down without an error.

I will know more one I apply this complete "bare-metal" reload of the C:\
drive. Right now I am collecting data on the programs and moving personal
files to her other HDD. That disk will be unplugged before the C:\ drive is
wiped. Working in electronics for 30 years, I know how to wipe a HDD the
proper way.

Right now, this will need to done between several other important tasks that
require my presence, namely, my father is in the hospital again for his
cancer, and that my friend will always be more important than a computer.
Please leave this posting up here and when I have completed my reload and
updates, I will report back what I have found. Again, if this is a core
Windows component that has gone corrupt, it only deals with optical drives
during shut-down. That process which is followed my Windows is quite
extensive, any number of issues can happen during that time. My issue is
just a point within that procedure that is not being completed.

Thanks again.
We'll talk soon.

 

[Guest]

Ronaldo,

After completing the restore, I was able to get things working until
.............
It seems that we have a problem with an update, a Microsoft update.
After getting all of my programs for security in place and updated, I turned
Windows update loose.
Bingo!
The system will not shut down.
I plan on removing some of these updates until I find which one is causing it.
Once I do, I'll let you know.
Both the wife and I agree that this is tied in with iTunes being on her
machine.
You think after all these years, Steve and Bill would stop fighting!!

I'll be in touch.

 

[Ronaldo]

Crooked updates?. Why is that I'm not surprised?.. Take for example the
svchost/wuauclt CPU problem which is related to Automatic Updates, and there
have been many other problems related to updates, I personally have never
had a problem with updates, until the svchost problem which is now fairly
taken care of (I hope).



I can't give you a comment on iTunes from experience, but I would not be
surprised.. I guess being rival companies they can make their software
conflict with eachother.. only problem is the end user has to take the
trouble caused on "his" computer.







Check the Shutdown & Restart Troubleshooter; hope you find something there
that helps with your problem.



TROUBLESHOOTING
WINDOWS STOP MESSAGES
http://aumha.org/a/stop.htm

WINDOWS XP
SHUTDOWN & RESTART
TROUBLESHOOTING
http://www.aumha.org/win5/a/shtdwnxp.php

WINDOWS SHUTDOWN & RESTART CENTER
TROUBLESHOOTING in 15 STEPS
http://www.aumha.org/win4/a/shutdown.htm



----------------------------------------

 

[Guest]

Ronaldo,

Thanks for the info, but I have already been to these sites as well.

As a note, this system has been in operation for years.
The only upgraded hardware was the sound card in 2005. (SB Live! 24-Bit)
All of this hardware has been working just fine until the day after patch
Tuesday.
Remember, any of the Windows modes I use,the problem is still there.
This means it's a Windows XP core file.

I have already been told that not all of the patches released are good ones.
Reason being that some of them combine with others to form only one patch.
Think of it like this.
Patch 1 and 2 are installed and working just fine on your system.
Along comes patch 3 and combines 1 and 2 together with parts of 3.
Now you have only one patch and it doesn't work.
Even System Restore cannot split them up to go back!!

Nope!
It looks like I will have to go one by one to find this.
Also, it may take a few days for me to do this since I have been very busy.
If it's a Windows Update, I'll find it.

 

[Guest]

Ronaldo,

I have an update for you on this error.

By now, I have no doubt that this update, whichever the one it is, is behind
this optical drive issue I have. Judging by several othe shut-down STOP
errors listed on this newsgroup, I am not the only one with the parameter 4
(0x805#####) being listed. Below is my first attempt at trying to nail this
down to a specific update.

After restoring the C:\ drive back to 10/12/2006, I proceeded to update and
install two of the three basic protections software items that I have on all
of my machines. They are, NAV 2007 and BlackICE. For the sake of arguement,
I did not remove the "GEARAspiWDM.sys" file or any of the downloaded cab
files that contain this. It does not seem to be an issue in this case.
After all was ready, I installed a registered copy of "RegCure" and cleaned
up the registry of all known problems and then rebooted. A clean "System
Restore Point" was created in the hopes that the system could be rolled back
to a point before a failure occurred. I don't have much faith in this, but
it was done none the less.

Now, to the updates, which were installed in a random order pick from the
listed 27 shown. Here is the outcome.

Update # Function
Shut-Down
928090 Cumulative Update for IE6
Yes
923694 Cumulative Update for O.E. (virus checker)
Yes
927978 MSXML 4.0 SP2 Security Update
Yes
925398 Security Update for Windows Media Player 6.4
Yes
905474 Windows Genuine Advantage Notifications
Yes
Note: This was already listed as being installed on 7/1/2006
931836 Update for Windows XP (daylight sav. time clock adj.)
Rebooted

The "Reboot on Failure" switch was turned off and the system was shut down
again to display the BSOD. Here is the entire string.

STOP: 0x0000000A
(0x000000B0, 0x00000002, 0x00000000, 0x8050E33D)

This makes sense to me because I was installing these updates one by one.
Had the Automatic Updates program do this entire update, the error would be
the same, except for parameter # 4 (0x8050EEF5). A quick check of the
optical drives showed that they were both working fine with no errors listed
anywhere in Device Manager. Both optical drives were then unplugged while
the system was up and then Windows was told to shut down. IT DID. No
surprise there. An attempt to remove (KB931836) was made with good results
using the Add - Remove Programs utility, but the system still would not shut
down. The (KB905474) was listed that it could not be removed. As a last
attempt, a system restore was started to roll back the system to the point
where I made one just before starting these updates. The two optical drives
were once again powered off by removing their power plugs and the restore was
started. Before the system could even shut down, the system restore utility
came back with an error that it could not retsore the system, although it did
offer to try again with a different date. It didn't matter which one I
chose, they all came back as failures. What a piece of junk!!

I am now attempting a third backup restore of C:\ drive, except this time, I
will actually make another backup of the system with all of the other
protection software in place but, less any Windows updates. I will start
again with the same list as I did before, but this time, (KB905474) and
(KB931836) will be dropped from the list. Most of the next groups of updates
are all security updates for Windows. We'll see what happens next.

Please ask around about that parameter # 4 address that I mentioned. It is
still in a very high area of memory where Windows XP has many of its core
processes loaded. I can only hope that Microsoft gets this message about
these updates causing problems on people's machines. Strangely enough, I
have 5 machines in the house, and this is the only one that wont shut down if
fully updated.

I'll let you know how things go on this try.

 

[Ronaldo]

Peter, most articles I've read seem to indicate the problem is due to memory
management... something to do with the physical and paged memory..
The article says the "no_less_nor_equal" message has to with
RAM-IRQ-Paging file or a driver..

http://aumha.org/a/stop.htm

Ken Schaefer
http://www.adopenstatic.com/cs/blog...-bugcheck_2F00_blue-screen-_2D00_-Part-1.aspx

Troubleshooting a Stop 0x0000000A error in Windows XP
http://support.microsoft.com/?kbid=314063&sd=RMVP

Hardware Troubleshooting
http://www.elephantboycomputers.com/page2.html#Hardware_Tshoot

They mention another Windows update that may cause the error, it's supposed
to fix it but seems to make it worse at least according to one user's
experience.
BSOD, Another IRQL_NOT_LESS_OR_EQUAL problem with update KB929338
http://www.geekstogo.com/forum/index.php?act=ST&f=5&t=154710

This is the update mentioned in last link.
Stop error message in Windows XP with Service Pack 2: "STOP 0x0000001a:
MEMORY_MANAGEMENT" or "STOP 0x0000000a: IRQL_NOT_LESS_OR_EQUAL"
http://support.microsoft.com/kb/929338/en-us


---------------------------------------

 

[Guest]

Ronaldo,

I thank you for all of your help on this one, but this is not going to work
out. So far I have had to reload my backup 4 times, three of which required
a call to Microsoft to re-activate Windows. At this point, whatever was
defective in Windows could not be fixed in the common sense, not even with
the recovery console. So I was then forced into another course of action,
one that was affecting my computer more than a year ago. That was updating
the drivers for my botherboard. This update went in fine using SP1, but the
system crashed and was not recoverable when you attempted to install SP2.
That solution was to load only the chipset drivers needed to get connected to
the Internet and install Windows XP SP2 first, before any programs and any
additional drivers for hardware. One of those programs was the ABIT µGuru
to which SP2 tried to overwrite a reserved area of memory for the drivers
that allowed the program to monitor all of the different points around the
board. By installing Windows XP SP2 first, this area was written first, but
then reallocated by the program. It worked.

I have already been able to install all of the patches and updates for
Windows on my wife's system. Also, I have added Office and a few minor
programs along with both video and audio drives and programs as well. The
machine has shown speed and always seems to shut down or restarts when told.
I plan to do a full backup tomorrow to save what has taken a better part of
an afternoon and evening to complete. My wife needs this machine back for
school, so it needs to be put back in operation now. So far, so good on the
full reload from scratch.

Again, thank you for your help. I feel that whatever this was, it must have
been buried so deep into the system that I may have never found it. Thus the
need to reload from scratch.