Windows 7 booting SLOW - no malware, please help!

Yeah, the RAM voltage thing sounded a little farfetched to me too, as I haven't added RAM to this computer or ever fiddled with it in any way.

The laptop is a dv4-2145x, if that helps. The graphics drivers listed on the HP site are an AMD video driver (there are two entries for this but as far as I can tell they are the same) and an ATI Mobility Radeon HD 3200/3450/4200/4330 Graphics driver, which I assume is the one I would want to replace. However, I have no idea how I go about finding this driver on my computer - do I need to uninstall the device that uses this driver? Or do I just download the new driver file from HP and allow it to execute?

Thanks again for all of your help - you have the patience of a saint!!!

 

Yes, that download page for your model feels really messed up, the 112MB download looks like it's the correct one (two) though

There's no chipset or storage driver download there (except for the card reader) and the specification page also feels lacking, no mention of chipset there either. I guess we'll have to assume that the chipset/storage driver is either standard Microsoft (which would probably work anyway for the IDE/SATA ports), or it's ATI/AMD and installed with the graphics software (back to the atipcie.sys thing).

I just cannot be definitive on this, I don't have the hands on experience of this problem to draw on and searching the 'net for real answers is a minefield. I would uninstall the current drivers via the Device manager, on reboot (assuming you're prompted to), run the new installer and install the 'older' drivers and test.

 

Ok, so in Device Manager, which device do I need to uninstall? The only thing that looks like it sort of matches the drivers on the HP website is found under Display Adaptors, AMD M880G with ATI Mobility Radeon HD 4200. Is that it, or is there something I'm missing? Do I need to uninstall the device, or just the drivers?

As for installing the 'older' drivers from the HP site, do I need to download them before uninstalling the device/driver and then somehow force the computer to use the new driver? Or can I reboot with the driver uninstalled and then download and and install the new one? Sorry to be such a pain - I just have no idea how any of this works!

 

I'd download the new drivers ahead of any uninstall, just to be on the safe(r) side. Yes, it would be the display adapter but to rid yourself of the atipcie too you may need to uninstall all ATI stuff from Programs in Control panel as well.

Have I asked you to run MSInfo32 yet, then save the results (when they finish, it might take several minutes) as the default and zip and attach the results? If not, do so and I'll try to glean further info from there - don't expect an immediate reply, it's passed my bedtime now.

 

You did ask me to run msinfo32 before but I just ran it again, in case anything has changed - the results are attached. My computer installed a Windows update earlier this evening and seems to be running better since then - could it be that it fixed itself??? :confused

ETA - My primary ATA channel is in Ultra DMA mode, without me having done anything to get it there...a good sign???

 

Argh, spoke too soon - the laptop just went to sleep and when I woke it up, it reverted back to PIO mode. Will the fun never end? :cry

 

Hmm, the only thing that's leaping out at me here is the large numbers of storage drivers loaded on your laptop, why this is, I don't know - you would normally have around 3x 3rd party related to your hardware chipset and a similar number of standard Windows drivers that they work with - I see a big range of drivers loaded that cannot be related to your hardware and I can't think of a reason for them to be loaded and running.

These are all drivers that might directly conflict with atipcie.sys and your ATA drivers.

I think I must ask you to work carefully through the Read & Run me malware routine and post the resulting logs in a new thread in the malware forum so the experts can check that there isn't something nasty behind all this.

 

Thanks Satrow. I actually already did the Malware removal process recommended on this site - here is the thread I started. http://forums.majorgeeks.com/showthread.php?t=260227

They sent me over here because all of my logs were coming up clean; however, I can definitely go through the process again if you think there's something I may have missed.

As for the drivers you noticed, are they something that I can uninstall without fear of messing something up?

 

Ah yes, I think you mentioned having done the malware procedure about 50 posts ago.

The drivers are all built in to the Windows install routine, they're 3rd party but part of Windows (without the Windows DVD having these drivers, many installs wouldn't begin - no hard drive found). Windows should not install any of theses extra drivers to run at startup without the hardware - you don't have the hardware. It's quite a puzzle - unless, of course, it was part of the HP drive cloning process ...

 

Hm, weird. I've been researching this issue online all day and there are two "solutions" that keep popping up - one is to do a system restore, the other is to rename that driver with .old at the end and then do a reboot from either a System Recovery disk or drive. Do either of those sound like a viable plan?

 

Well I just got over my allergy to reading the output in MGlogs zips, I checked your running drivers from the malware thread against those from a more recent Toshiba W7 SP1 laptop and that only had the necessary drivers loaded and running, unlike yours (in mscinfo.txt, System Drivers Seen From WMI section, about halfway down the file if you're interested).

I do remember seeing a similar case some weeks ago, no idea where that is or how it turned out though; might it be something that a Windows Repair install does - have you run a Repair install?

If atipcie.sys really is needed and you rename it, Windows is unlikely to startup - it'll need that driver to access the hard drive properly.

 

I have not done a repair install - is that the same thing as a reinstall of the operating system, or something I do by booting from the System Recovery drive?

 

Found another possible clue - I noticed today that the volume control on my keyboard is not working. I have sound, and if I click the speaker icon in the taskbar I can turn it up and down, but the actual little scroll bar and mute button above my keyboard are not working. Might there be a driver involved there that is messed up?

 

Yes, multimedia buttons are usually controlled by a driver that loads on boot.

 

Yeah, that's what I thought. So, what would you suggest I try first? System restore? Repair install? System recovery boot? Throw the damn thing out the window? :-D

 

Ok, I downloaded the "good" drivers from the HP site and saved them in a file on my computer, then uninstalled (but did not delete) the drivers for the Display Adapter. I was under the impression that I would be asked which drivers I wanted to install upon restart. However, the computer simply defaulted to the old driver and reinstalled that. Do I need to completely delete that driver to force it to prompt me to tell it which driver to install?

BTW, the restart after reinstalling the device/old drivers took 8 minutes, so no improvement there...

 

Right after I posted I got a blue screen, joy. Restarted in safe mode, which again paused for about 4 mins on atipcie.sys. Unsure how to proceed!

 

If you go to Windows\Minidump and copy the latest dump to your Desktop, zip and attach it to a reply, I can take a look at it.

I think the best chance we have of replacing the atipcie.sys driver is to install the latest AMD Catalyst drivers from here (155MB), they're Beta but should work fine; I'm hoping they'll update or replace the problematic driver and we see a change in behaviour. Fingers crossed, eh?

 

Here's the DMP file. As for the drivers, I read the directions on the AMD site you posted and it seems straightforward - however, I'd love to know what I did wrong when I tried to install the new driver from the HP site. Should I have deleted the old driver instead of just uninstalling? Should I delete it before installing the one from the AMD site (even though their directions don't say to)?

 

Uninstalling the older drivers first is the best way to go.

 

Okay, but do I just uninstall or do I fully delete the old driver?

 

http://support.amd.com/us/kbarticle...tallationInstructionforMicrosoftWindows7.aspx doesn't give any recommended method, it just shows how to install them, go ahead and install them over the top, if the atipcie.sys file date doesn't change afterwards, we'll need to rethink.

The crash was a 0xA:

The driver blamed is aswSP.sys, the
Avast! Self Protection Driver.

The crash happened 16 minutes after boot up, can you describe exactly what was running and what you were doing in the minute or so before it happened?

Code:

Debug session time: Sun Jul 15 20:50:26.514 2012 (UTC + 1:00)
System Uptime: 0 days 0:16:10.199
Loading Kernel Symbols
...............................................................
................................................................
................................................................
............
Loading User Symbols
Loading unloaded module list
.....
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck A, {0, 2, 0, fffff800090a1915}

*** WARNING: Unable to verify timestamp for aswSP.SYS
*** ERROR: Module load completed but symbols could not be loaded for aswSP.SYS
*** WARNING: Unable to verify timestamp for win32k.sys
*** ERROR: Module load completed but symbols could not be loaded for win32k.sys
Probably caused by : aswSP.SYS ( aswSP+6871 )

Followup: MachineOwner
---------

1: kd> !analyze -v
*******************************************************************************
*                                                                             *
*                        Bugcheck Analysis                                    *
*                                                                             *
*******************************************************************************

IRQL_NOT_LESS_OR_EQUAL (a)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high.  This is usually
caused by drivers using improper addresses.
If a kernel debugger is available get the stack backtrace.
Arguments:
Arg1: 0000000000000000, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, bitfield :
	bit 0 : value 0 = read operation, 1 = write operation
	bit 3 : value 0 = not an execute operation, 1 = execute operation (only on chips which support this level of status)
Arg4: fffff800090a1915, address which referenced memory

Debugging Details:
------------------


READ_ADDRESS: GetPointerFromAddress: unable to read from fffff800092cc100
GetUlongFromAddress: unable to read from fffff800092cc1c0
 0000000000000000 Nonpaged pool

CURRENT_IRQL:  2

FAULTING_IP: 
nt!KeSetEvent+1e3
fffff800`090a1915 488b00          mov     rax,qword ptr [rax]

CUSTOMER_CRASH_COUNT:  1

DEFAULT_BUCKET_ID:  WIN7_DRIVER_FAULT

BUGCHECK_STR:  0xA

PROCESS_NAME:  System

TRAP_FRAME:  fffff8800371b630 -- (.trap 0xfffff8800371b630)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa8004cb1a08
rdx=0000000000000001 rsi=0000000000000000 rdi=0000000000000000
rip=fffff800090a1915 rsp=fffff8800371b7c0 rbp=0000000000000002
 r8=0000000000000000  r9=0000000000000000 r10=0000000000000000
r11=fffffa8004083480 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0         nv up ei pl nz ac pe cy
nt!KeSetEvent+0x1e3:
fffff800`090a1915 488b00          mov     rax,qword ptr [rax] ds:00000000`00000000=????????????????
Resetting default scope

LAST_CONTROL_TRANSFER:  from fffff8000909c769 to fffff8000909d1c0

STACK_TEXT:  
fffff880`0371b4e8 fffff800`0909c769 : 00000000`0000000a 00000000`00000000 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`0371b4f0 fffff800`0909b3e0 : fffffa80`05d39b90 00000000`00000000 fffff880`0371b6e0 fffffa80`04cb1a00 : nt!KiBugCheckDispatch+0x69
fffff880`0371b630 fffff800`090a1915 : 00004e0e`0000ab58 00000000`00000000 fffffa80`06e30e60 fffff880`010d7775 : nt!KiPageFault+0x260
fffff880`0371b7c0 fffff880`04652871 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KeSetEvent+0x1e3
fffff880`0371b830 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 fffffa80`056a45d0 : aswSP+0x6871


STACK_COMMAND:  kb

FOLLOWUP_IP: 
aswSP+6871
fffff880`04652871 ??              ???

SYMBOL_STACK_INDEX:  4

SYMBOL_NAME:  aswSP+6871

FOLLOWUP_NAME:  MachineOwner

MODULE_NAME: aswSP

IMAGE_NAME:  aswSP.SYS

DEBUG_FLR_IMAGE_TIMESTAMP:  4ff31a5f

FAILURE_BUCKET_ID:  X64_0xA_aswSP+6871

BUCKET_ID:  X64_0xA_aswSP+6871

Followup: MachineOwner
---------

 

Ok, I installed the new drivers from AMD last night - it took FOREVER. I had to leave it to do its thing overnight, but when I woke up it said that installation was complete, so I restarted. Restart took 11 minutes and I am still getting regular "Firefox is not responding" messages, lagginess, etc.

As for the blue screen, I only had Firefox running and was actually just posting a message here in the minute before the crash. The other pages I had open were hotmail, gmail and facebook. I run Avast and Comodo for AV/Firewall.

 

Part/all of that lagginess and the crash trigger may be the Avast!/Comodo/Firefox/Flash combination, too much potential crossover interference with each other. I'd uninstall Comodo fully, there's a walkthrough on how to ensure it's all gone somewhere on their forum.

Then enable the built-in Windows firewall, or check that it's been reactivated, then set Avast! so that it doesn't auto-sandbox, so that it asks you each time - that way you get a little more control. The latest 11.3 versions of the Flash plugin have their own sandboxing method now.

If you still get the same lagging in Firefox after doing all the above, uninstall Avast! using aswClear and use MSE instead, at least for testing.

Can you check for the date of the atipcie.sys driver in Device Manager now, it will probably be called AMD PCIE Filter Driver for ATI PCIE chipset. Reset the PIO too, if it's still stuck.

 

Hm. I've never had lag issues from the Avast/Comodo combo before, and I've been running since day one with this laptop. I did uninstall and reinstall Avast when this problem started, though, because I thought it may have been taken over by some type of virus or malware. It didn't help.

As for the driver, I don't know where to find it in Device Manager - when I right click the device and select properties and then view the driver details, there are a whole bunch of files listed but none of them are atipcie.sys or anything resembling AMD PCIE filter driver.

 

I just checked my C:Windows\System 32\Drivers folder (where atipcie.sys lives according to another thread on Majorgeeks) and it's still dated 2009. I assume the device is now using the new drivers, but perhaps the old ones are still there for rollback purposes and are still jamming up my works?

 

Another thing I just realized - my fan has not come on since all of this drama started - the laptop doesn't feel particularly hot, but it is rather strange that it hasn't come on at all, as this laptop fan has always been relatively active.

 

Ok, I think I may have figured at least a little something out. The file that seems to be gumming up the works at startup (or at least the one I can identify in safe mode) is actually not associated with the display adapter. I was going through the other AMD devices in device manager and I see that the atipcie.sys file in question is actually the driver for my amd pci express (3gio) filter, which is a device listed under System Devices. Is this something I can install and reinstall for a quick fix, or is there some better way to update this device?

 

The problem I have is that I have zero hands on experience with a problematic atipcie.sys (3gio) driver, I really don't know what to expect if you uninstall, rename or disable it. What I can say, is that for some similar drivers, forcing Device Manager to use standard Windows drivers instead will work - my 'board is nVidia -based, but I now use standard Windows drivers for my PCI ATA controllers; nVidia is still listed for my nForce PCI management system but there are no drivers loaded for it, Windows must manage it natively. These drivers seem to be roughly the equivalent of your atipcie.sys drivers - but I've no idea if the standard driver method will work or even allow the computer to boot at all, if they were force -installed.

If you haven't already uninstalled Comodo/Avast! and replaced them with MSE as per post #74 - it might move the 'problem' elsewhere, if so, hopefully to something easier to deal with.

 

Hm. I'm researching online, and it seems like uninstalling the AMD PCI Filter and allowing it to reinstall itself doesn't solve anything. When you uninstall and actually delete a driver, what happens when the computer reboots? Does it ask you to tell it where to find driver software, or does it direct you to find the driver you need online? I'm about ready to just reinstall the operating system entirely!

As for Comodo/Avast, I did uninstall Comodo and I'm about to uninstall Avast. However, the lagginess while browsing, annoying as it is, isn't the problem I'm most concerned about - I am more worried about the fact that the computer takes 10 minutes to restart. I'll report back once I've got Avast uninstalled...

 

Comodo and Avast uninstalled - no improvement. Argh!

 

Sorry I lost sight of this thread, summer was very busy for me.

This may never be read, but I thought I'd offer my proposed solution.

What it seems to me is that this roughly two year old laptop should not be running on ATAPI/IDE/UDMA. This baby should have a SATA drive, and be running on AHCI. And I'll wager it ain't SCSI.

I think the root of the problem is in the BIOS, and that was mentioned in a prior post. Last time I checked UDMA would throttle a SATAIII drive back to 512 MB/s.

This looks like a hardware settings/driver issue to me, but as always I could be mistaken.

:major

 

Hi The Mekanic - thanks for your reply. I was actually planning on starting a new thread soon, as this problem is not entirely resolved. A couple of windows updates have improved the lagging issue somewhat, but the computer is definitely not running optimally despite me having uninstalled various components and drivers. I've been considering a clean install of the operating system, but I've been too lazy to pull the trigger. What would you suggest I try?

 

What is your exact make, and model of laptop?

 

It's an HP Pavilion dv4-2145dx Entertainment Notebook.

 

I'm hoping this will help. Boot the laptop, and press Esc. This will bring you to a menu where you press F10 to enter BIOS. In the BIOS Setup utility, select the Exit tab. Select Load Setup Defaults. Select Save Changes and Exit (pressing F5 and the Enter key will also load the Setup Defaults).
Press Esc and then Enter to exit Setup.

Boot it through to Windows, and see it that helps with the disk mode issue. In reality a less than two year old laptop with a SATAIII drive should not be running in DMA-6, or PIO mode. AHCI would be the preferable mode.

If it doesn't, upon reboot, Esc / F10 again and get back into the UEFI BIOS. If you feel comfortable making a small adjustment you'll need to get into the advanced menu. Under the hard drive options, you should have the choice to run it in AHCI mode. If you need more guidance I will try to help, but resources regarding the menu steps in this BIOS are not available.

 

Hey there, sorry I dropped off the face of the earth - I was traveling and didn't want to futz with my computer on the road. Anyway, I just tried your fix - I don't think it improved the situation. The reboot still took about 5 minutes and I'm still having lots of lagging issues. Device Manager says I'm still in PIO mode on channel 0, DMA on channel 1, etc.

I haven't started in safe mode in a while, but I'm guessing that atipcie.sys is still part of the problem, especially given that the driver update I tried to install didn't really work. I get odd CMD popups on startup now, sometimes, and other weird error messages. I'm thinking that a windows reinstall might be the only answer - but the prospect of doing that just makes me want to go buy a new computer altogether! Any other suggestions that might help?

 

In fact, I just got an error message: EXT_framebuffer_object extension was not found. This pops up pretty regularly.