Re: STOP on shut-down, optical drives or drivers?

Tech-Archive recommends: Fix windows errors by optimizing your registry

Ronaldo,

Thank you for writing back.

No.
The removal of this file (GEARAspiWDM.sys) was successfully done. After
repeated reboots, the file has not returned in the Device Manager listings
for both optical drives. However, the problem still remains.

I have also tried this with another CD-ROM from another system and placed it
on both of the IDE controllers with the same results. At one point, I
thought that this could be a different type of driver issue dealing with the
chipset on the motherboard. A reload of the motherboard's chipset drivers
was done, but this did not help.

I also downloaded Security Task Manager and watched as I opened, loaded,
played, switched tracks, stopped and even ejected a music CD. No additional
services or programs ever popped up.

Since this seems to be an issue that appears in all modes of Windows, even
safe mode, and using "msconfig" for a selective boot, this has to be a core
Windows problem that is being loaded on Windows startup that Windows Update
is not seeing or cannot correct for. My feeling about the software on this
system is nothing out of the ordinary, however, little can be done to correct
a corrupted file in Windows without reloading it. Since I only have a
Windows XP (SP1) CD as my latest version, it would be better to wipe the C:\
drive and reload the full backup that was made last year. Updates to the
programs and Windows can be done in a few hours because I do have a
high-speed connection to the Internet.

I thought it was funny that your search had only turned up 2 of these
occurrences; one of them is actually this posting. As a final note, if this
was a hardware failure on the motherboard, I would have seen differences in
the PCI Bridge that is used to connect to the CD-ROM drives. However, the
fact still remains that this address (0x8050EEF5) is not changing and is part
of an address range used by the system. That part of the motherboard is
directly controlled by the operating system. Remember, everything on the
computer system is working, even the optical drives. The system just will
not shut down without an error.

I will know more one I apply this complete "bare-metal" reload of the C:\
drive. Right now I am collecting data on the programs and moving personal
files to her other HDD. That disk will be unplugged before the C:\ drive is
wiped. Working in electronics for 30 years, I know how to wipe a HDD the
proper way.

Right now, this will need to done between several other important tasks that
require my presence, namely, my father is in the hospital again for his
cancer, and that my friend will always be more important than a computer.
Please leave this posting up here and when I have completed my reload and
updates, I will report back what I have found. Again, if this is a core
Windows component that has gone corrupt, it only deals with optical drives
during shut-down. That process which is followed my Windows is quite
extensive, any number of issues can happen during that time. My issue is
just a point within that procedure that is not being completed.

Thanks again.
We'll talk soon.

--
Regards,

Peter K.


"Ronaldo" wrote:

But can you still find the same driver installed in the CD-ROM drive (Device
Manager?)... Some malware can restore themselves, and to prevent it, System
Restores has to be disabled... look for the same driver or the driver that's
now installed could be the same bug now disguising as the new driver. Try a
scan with HijackThis http://www.majorgeeks.com/downloads31.html scan in
safe mode to see if you can delete it for good.

You can also scan the computer from an antivirus or anti-spyware online
scanner. http://www.kaspersky.com/virusscanner
http://www.precisesecurity.com/antivirus/online-scan.htm

You can also install Process Explorer and open it, and see if you can make
the CD-ROM driver act up by inserting a CD in the drive while watching
Process Explorer, the driver running the drive highlights in red
momentarily, if you look close enough you can catch the driver name and
maybe delete it and letter replace it with a fresh driver.
http://www.microsoft.com/technet/sysinternals/default.mspx

Don't know of any system error recorder software, though some System
Information application like Everest Home may provide information that may
be useful in some way.

Everest Home
http://www.majorgeeks.com/download4181.html

Possible Resolutions to STOP 0x0A, 0x01E, and 0x50 Errors
http://support.microsoft.com/kb/183169/en

0x8050EEF5
http://www.geekstogo.com/forum/index.php?act=ST&f=5&t=154710
http://www.google.com.mx/search?hl=es&q=0x8050EEF5&btnG=B%C3%BAsqueda&meta=

Old versions of Everest Home
http://www.oldversion.com/program.php?n=everesthome

So after all the research, the error numbers seem to point to one or more of
the following:
.. Hardware failure (memory, processor, or motherboard).
.. Anti-virus software that is running on your computer.
.. Drivers installed by third party software.

So disconnect the computer from the Internet or network and disable the
antivirus to see if it makes a difference... later install Everest Home and
check if it shows any problem caused by hardware and change the CD-ROM
driver (again) to see if that make any difference. Get these cleared out
before you format and reinstall or you may find yourself in the same
situation sooner than you think.

My guess is that the same malware is still in the system or you have a
hardware problem which should be continuous, so it's more likely that the
bug is still in your system.... so check which driver is installed on the
CD-ROM with Process Explorer which is more accurate than the Device Manager,
which shows several drivers in alphabetical order but doesn't say which is
the one installed. Do as I described above, it appears and disappears
quickly in Process Explorer so keep your eye on the screen, once you ID the
driver, delete it.. As you delete the driver from the System32 folder, wait
to see if it is restored by the system... you may have to unprotect it to
delete it for good.. See the instructions for that. And disable System
Restore so the malware won't come back.

Disable Windows File Protection (Windows 2000/XP)
http://www.pctools.com/guides/registry/detail/790/

Another thing, some malware or viruses go from file to file, you delete one
and they keep jumping to other files, and as it seems, this one may be one
of those, so I hope you can get it this time.

-----------------------------------------
"turbotronic" <turbotronic@xxxxxxxxxxxxxxxxxxxxxxxxx> escribió en el mensaje
news:5843AB3A-8DFE-47EA-BB73-DF342DBDA83D@xxxxxxxxxxxxxxxx
Ronaldo,

Well, it seems that I have jumped the gun here and was hoping for the
best.
As it has turned out, this file is out of my wife's machine and the CD-ROM
was working as before, just fine, until.....
The system still has the very same stop error "0x0A", and parameter 4
still
shows "0x8050EEF5", same as before. Same for "Safe Mode", and now, even
if I
perform a clean cold boot using msconfig and de-selecting everything. Yet
still, if the CD-ROM is unplugged before I boot, the machine will shut
down
normally. I might be forced into wiping her C:\ drive and restoring from
a
backup made by me last year. Only thing is she never has enough time to
give
me when a backup should be done. I know, her fault. At least I have her
placing her data onto another hard drive.

Any other ideas?
Are there any utilities out there that can record a shut-down process?
Dealing with "dumpchk" is such a pain.

Thank you again for trying.
--
Regards,

Peter K.


"turbotronic" wrote:

Ronaldo,

Thank you for your insight on this.

I have explained to my wife what I have read on the sights that you have
supplied. She understands that something may have come in during a
download.
What has surprised me was that Spybot S & D did not find this malware.
Being hidden in the C:\Windows\System32 directory could be a clue I need
to
check my settings of this product. Maybe by default it does not check
in
this location.

The driver and its cabinets were deleted along with a careful manual
cleaning of the system registry was all that was needed. I was able to
set a
Restore Point before I attempted the reconnection of the CDU5211 CD-ROM
drive. All went according to plan and the CD-ROM is now connected with
ONLY
the MS drivers being shown. I can only hope that the system will shut
down
after I complete a quick defrag. If it does, the re-installation of the
DRU710A DVD/CD drive should be okay as well.

The last thing has me worried, that is the software that is currently
loaded. She has Nero 6 that came with the Sony DRU710A and iTunes which
she
may have downloaded from somewhere to support her Nano music hunger. I
have
been told that her iTunes software could be uninstalled and
re-downloaded
directly from Apple to ensure that things are clean. A wise choice.
Nero,
on the other hand will be a different story.

Your information has been shared with friends at work who have indicated
strange happenings with their systems as well. Now that we know what we
are
looking for, the rest is just a hunt.

Thanks again!!

--
Regards,

Peter K.


"Ronaldo" wrote:

That "driver" is probably a malware, the way it interferes with normal
functions, leaves no doubt.. it apparently hijacks your optical
drives, you
have to delete it. The system drivers should be inside the
C:\WINDOWS\System32\Drivers folder, do a search in the C:\WINDOWS
folder, if
you find it in this folder or in C:\WINDOWS\system32, delete it or
install
anti-spyware scanners. Check the links for more complete information.

What is GearAspiWDM.sys? Is GearAspiWDM.sys spyware or a virus?
http://www.neuber.com/taskmanager/process/gearaspiwdm.sys.html

GearAspiWDM.sys file information
Some malware camouflage themselves as GearAspiWDM.sys, particularly if
they
are located in c:\windows or c:\windows\system32 folder.
http://www.file.net/process/gearaspiwdm.sys.html

Download Adaware SE and Spybot Search& Destroy.
http://www.majorgeeks.com/downloads31.html

-----------------------------------------
"turbotronic" <turbotronic@xxxxxxxxxxxxxxxxxxxxxxxxx> escribió en el
mensaje
news:AE8D9AF6-7693-4F79-8B30-A81D7343A0BE@xxxxxxxxxxxxxxxx
A sudden change has occurred to my wife's computer after last
Tuesday's
updates were loaded. Not only did Microsoft have updates, but
several
other
programs did as well. Another was Norton Anti-Virus.

When the computer is asked to shut down it will just reboot.
"Reboot on
Failure" was disabled to allow for BSOD to appear. Stop error
(Parameter
4
is always showing 0x8050EEF5) for the address.

So far, the only thing I have been able to do is unplug both of the
Sony
drives and the problem goes away.
CD-ROM > Sony CDU5211
DVD/CD Burner > Sony DRU710A
If both drives are connected and Windows XP (SP2) is allowed to boot
normally, everything works just fine, until you shut down. Same
error
happens if booted into "SAFE MODE". The system is clean and up to
date
with
all of the software, but something has changed that just will not
allow
these
drives to let Windows shut down. Device Manager ID's both drives
and
shows
no conflicts of any kind. Disk Management shows both drives as they
have
been for years, "R:\" & "S:\". Windows was asked to delete the
drivers
and a
scan for new hardware then just re-installs them with no effect.
Even the
registry and the BIOS have the correct information about each drive.

Before I go out and spend any money on new drives, could this just
be a
registry issue with a load that is never loading? Other than a
handful of
mini-dumps that occur, the system still works. I am not discounting
that
both drives could have gone bad at the same time, but I am still
leaning
toward a bad driver. One of these drivers (GEARAspiWDM.sys) has me
wondering. But if removed by renaming it, neither of the drives
will
work.

NOTE: Machine and software updates require both drives to be
unplugged
because of a necessary reboot.

Any ideas?

--
Regards,

Peter K.













.

Relevant Pages

  • Re: CHKDSK NTFS file system corruption boot screen message flooding (SOLVED)
    ... Your Installation Specialist ... Windows XP SP3 detects a disk problem at boot time and runs chkdsk. ... or registry fix for large LBA drives, ... older Microsoft-certified ultra.sys driver. ...
    (microsoft.public.windowsxp.general)
  • [2.6 patch] remove the documentation for the legacy CDROM drivers
    ... This patch removes the documentation for the removed legacy CDROM drivers. ... SC1200 WDT DRIVER ... LaTeX document on standardizing the CD-ROM programming interface. ... THIS DRIVER WILL WORK WITH THE CD-ROM DRIVES LISTED, ...
    (Linux-Kernel)
  • Re: Hot Swapping a SATA drive in Windows 2000 and XP.
    ... Using the ICHR5 chipset on Windows XP MCE (just an addon to ... > enclosures for the drives. ... and driver you have used because it is driving me crazy. ...
    (microsoft.public.windowsxp.hardware)
  • Re: Unable to Access CD/DVD drives
    ... All is well with that machine -- I'm now wondering if the windows drivers are ... device manager and let windows redetect them. ... Here are the Driver Details: ... For both the Sony & TSSC Drives: ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: PC Crashing
    ... Windows has encountered a problem it cannot recover from and it needs to be ... driver for one of the hardware devices in the computer? ... Take the drive out of the computer and install it as a slave drive in another Windows XP or 2000 computer. ... Create a bootable CD from that, boot from it, and copy the data to USB drive or flash drive, or if the computer has two CD drives, one of which is a burner, then use the k3b burning program on the Knoppix CD to burn the data to CD. ...
    (microsoft.public.windowsxp.general)