# Windows 2000 Pro *very* slow



## pianoman1949 (Feb 7, 2005)

Ok, here's a weird one: my wife's computer is very slow. We can't explain it, and nothing we do seems to fix it. Thanks in advance for your patience and help.

She has a Dell Pentium III 500 MHz with 256Mb RAM, running Windows 2000 Pro. After working fine for years, it is suddenly now taking at least 30-45 seconds to respond to almost any mouse-click or keystroke, and to do things during boot-up that should only take a couple seconds. 

Here's an example: in Windows Explorer, the window opens pretty quickly, but for like 20 seconds the only part of the tree shown is the C: partition (where the operating system is). The cursor is not an hourglass, but *something* is obviously still "thinking". It takes another 20-30 seconds or so for the other partitions on the primary drive to show up, and then even longer after that for the 2nd hard drive partitions to appear. 

We get a similar response with every program we run.

This really has us scratching our heads. The processor percentage is negligible (like 2%). There are no rogue processes hogging resources. The hard drive is not flailing away. We shut off the firewall (NIS 2005). We've done scans with Norton Antivirus, Ad-Aware, Spybot, etc., and don't see evidence of any malware. I checked the Event Log under My Computer --> Manage and saw nothing significant. I even booted into Safe Mode and that did *not* make the problem go away. This would seem to rule out a driver problem, resource conflict or attempt to access the internet. And it's not like it hangs forever; things get done correctly, just very slowly. 

Besides, the problem doesn't appear to be specific to a particular hard drive, partition or OS installation. We have a second installation of Windows 2000 on another partition, and it acquired the same problem at the same time. 

The primary hard disk partition was re-formatted and the operating system re-installed. Later, we also recovered to a couple of earlier partition backups (which did not have this problem when the backup was made). I refreshed the ESCD (extended system configuration data). None of these measures helped. 

I am leaning toward some kind of hardware failure since it doesn't appear to be software-related, but I am at a loss how to pinpoint it. (Is it possible for malware to infect something other than the hard drive?)

I did find a Microsoft RAM tester, and it claims RAM is ok. The machine does act as if it is very short on RAM, but what I see in Task Manager doesn't seem to support that.

I should back up and mention a couple of prior weird events that are probably related; I just have no idea how:

She recently installed a whole suite of Roxio / Adaptec CD burning software, and started using a Plextor external CD/DVD burner. Shortly thereafter, we replaced the internal CD burner. 

The first big sign of trouble was not too long after that, when she saw a BSOD when trying to boot into Windows, some kind of very serious "hard" STOP error. I was not there to write it down the exact message. 

The next day, it would not start Windows at all. I booted to DOS from a floppy, and when I tried to do a "dir" in the C: partition, it said the FAT was bad. Somehow out of the blue, that primary partition got destroyed. 

At the time I figured the hard drive just failed, even though it is relatively new. But then it got even weirder: she has been alternating between two primary hard drives, an old one and one "under construction". A day or two later, the exact same symptom (a fried C: partition) appeared on the other drive (!!!). 

Is this a coincidence? I can't imagine what would destroy the FAT on both those drives at almost the same time. 

This is what forced us to re-format and re-install Windows. The other partitions on both those hard drives are readable and appear to be fine. And after the reformat and re-install, the primary partition is fine (at least so far), and Windows works fine .... eventually. 

Last night, we went back to the way things used to be, as much as we know how: we put the old CD burner back in and recovered the primary os partition to a backup made before Roxio was installed. Still slower than molasses in January. 

Please tell me any ideas or theories you may have, or anything you think we can try; it may save our marriage! 

Thanks so much,
Ted
email: taketwo at columbus.rr.com


----------



## whodat (Mar 13, 2005)

greetings

a few things come to mind with your problem:

you are asking alot with 256 of ram and ms2000....should be 512

get rid of the resource pig norton and try ewido or avg

you have an old system there, and obviously and old power supply, it could be suspect

lastly, disable or uninstall norton and try other scans: housecall, ewido, avg or panda. and run cleanup, the links are below

post back


----------



## pianoman1949 (Feb 7, 2005)

Thanks so much for responding. I appreciate your thoughts. However, when trying to pinpoint the cause of a problem, I think it makes more sense to minmize change, rather than uproot everything and basically start over. I hate to guess; there are too many possible wrong answers.

This machine has been running Windows 2000, Norton SystemWorks and Person Firewall fine for years with pretty decent response and no problems.

Update: Since a second Windows installation on another partition had the same problem (meaning the problem was not specific to a particular partition or Windows installation), I assumed the problem was not hard-drive-specific, that there was probably a hardware problem somewhere else in the machine. So I figured it would be a waste of time to repeat the "primary partition reformat and Windows install" process on the other drive.

I was wrong. I re-formatted and re-installed Windows on the other drive and the problem went away. So now my wife has a working computer, but I am pretty mystified. 

It would be easy to blame HDD hardware failure, but that doesn't explain the problem with the second drive. I have no idea what caused two separate drives to lose their primary partitions at almost the same time, or what caused one of them to suddenly start working very slowly (but not the other one). <shrug>

When I get time I will probably completely zero out the bad drive and rebuild it, and see if the problem goes away (meaning it was software- and not hardware-related). 

I am always reluctant to consider it, but I suppose this could be blamed on (1) malware that somehow managed to hide itself from detection, probably in the mbr, (2) a nasty power surge, or (3) gremlins. 

I hope to understand it eventually, because unanswered questions, despite a workaround, invariably come back to bite us in the behind later.

Thanks.


----------



## jgvernonco (Sep 13, 2003)

There is malware out there that hides in the boot sector. Therefore, unless you overwrite the crive completely, it will come back to haunt you.

When you have everything in order, I would completely overwrite the drive in questiuon and see what you come up with.

I have seen malware do what you have described. The timing in either coincidental, or very important information.

Good luck to you. I am very glad that you are, at least, up and running.


----------



## pianoman1949 (Feb 7, 2005)

Thanks very much. I hate questions for which definitive answers can't be found.

It's hard for me to imagine how something like that could be hidden. Norton Antivirus does scan the boot records. Not sure about Spybot, Ad-Aware, etc. We shall see. In situations like this, I definitely do zero out the entire drive (including the mbr) with a manufacturer's utility.


----------



## T24win2k (Oct 20, 2007)

I found this topic in a search on google trying to find out whats happening. While my computer has not lost any partitions yet, I experience exactly what is described above in the behaviors of my computer. I run 512 mb ram, and processor is 566 mhz and win 2000 pro. Yes old, but has always ran well until recently. I show clean on spyware scans and anti virus scans. I will save alot of ink here and just say ditto to what piano man wrote originally only add sometimes while booting it never goes past the black screen just before loading windows and I manually shut it off and keep the mouse moving the whole time and it boots usually, though slow. Whatever got his computer has to be the same as whats happened to mine. I wonder since this was posted two years ago if new light has come to this? 

I run avast, comodo, sg, advanced windows care, and freeram xp pro. I had norton the hog still installed for a long time. Then this started and switched to avast and comodo trying to get some speed back which made unmeasurable difference. I recently installed freeram so I could monitor how the memory was acting constantly which is usually showing a free 340mb. SG has been on here for a very long time. I tried windows care recently to see if it could sort it out, another unmeasurable difference. I added some microsoft updates and hotfixes shortly after this started and if anything it seemed slower not faster. I quit updating it in fear of the big crash. 

Not sure what else I can tell you guys other than I only have self learning experience so im not savy on computer terms and how to get into normally unfamiliar parts of the computer to check things. I dont want to try anything that would possibly make this thing crash until I can afford a new drive and back up some information I dont want to lose. Much like the piano man, I too want to understand the mechanics of what caused this.

Thanks for ANY help you will offer,

Terry


----------



## JustAnotherDude (Oct 31, 2007)

These kind of problems are always tough. And "completely wiping your drive" is NOT the answer - not saying it would not work, but so would buying a new computer, and that would in fact be easier and less time consuming.

Anyway, a couple points:

Anything by Norton is a problem. Sorry to say that, as the name Norton was once synonymous with excellence. But the truth is, it causes severs system performance degradation, frequent instability, and sometimes just gets "confused" and can manifest all types of symptoms. It is also extremely difficult to remove via "typical" uninstall procedure, so much so that the company was forced to create a separate uninstall tool that you can download at their web site.

You mention BSOD and that you missed the message. Go look in the eventlog, and it will be there with a fair, though not detailed, explanation of what happened. It could provide important clues.

Sometimes something as simple as running Microsoft Regclean will fix "slow" computers, though I concur with other posted that the symptom is more like what is caused by malware - and Norton misses a LOT of malware. I have a lot of customers who bring their machine in, infected, despite having the most recent version of Norton installed.
Use ESET NOD32 for the best protection. And it has the added benefit of a very small footprint, so it will not hog you system resources.

They have a free online scanner that is very good, as does Trend Micro, and it would be worth the time to scan the machine. But be aware that online scanners are not perfect, and that some malware is smart enough to not let the scanner do it'd job properly. When all else fails, boot into safe mode and run a clean up-to-date scanner locally, with no internet connection active.

There are some very clever applications to help you uncover malware, and some good "specific" cleaners too, such as "smitfraudfix", available at 
http://siri.geekstogo.com/SmitfraudFix.php

Sometimes that one utility can fix odd malware problems. It does not check for everything, but what it does check for, it is very good at finding and cleaning.

To see if anything "bad" is being launched during start-up, run the Belarc Advisor, and then run SilentRunners. They are both excellent tools, and you will have a very good understanding of what's going on in your system after reviewing their reports. Note that they do NOT fix nor do they change anything - they only report.

Good luck with it!


----------



## T24win2k (Oct 20, 2007)

Dude, I understand why malware is suspect. Its slow so thats pry the most common, and others like programs running, registry needs cleaned, a virus, needs defragged ect. But lets say for a minute its some really super man malware that my avg, spybot sd, adaware scanners arent finding. Now, still its gotta get past my spyware blaster, spyware guard (sg), and newly added my advanced windows care. So say it made its way through all that and is causing my system to run slower in regular mode than in safe mode now. How do you explain malware as the culprit when every time I restart I have to manually hit the button 2 or 3 times before it actually goes into loading windows? I dont mechanically understand how malware can mess the booting process if its inside of windows and windows hasnt loaded? I understand how it can make the computer slow once windows is loaded. 

I just wanna make sure were not gonna go through a whole bunch of un needed or already done motions. Id like to focus on why this puppy wont boot until I manually hit the switch 2-3 times to start. The most common thing on the searches ive done say its either a bad power supply or a wrong graphics driver or setting. Well, I cant recall any changes ive made that would make a graphics anything suddenly go hay wire. Thoughts? (ill be trying out the stuff you mentioned above and repost back tomorrow) thank you for helping me Dude!


----------



## JustAnotherDude (Oct 31, 2007)

>> How do you explain malware as the culprit when every time I
>> restart I have to manually hit the button 2 or 3 times before
>> it actually goes into loading windows?

You mean the power button? That's not any malware I've heard of.
If by chance you live in a humid region, then it could be as simple as slightly oxidized metals in the switch, or in the connectors on the switch wire. Of course, sometimes a power supply will fail, and sometimes in very strange ways. Luckily, they are quite inexpensive and easy to swap out, and most stores even have a return policy, so if you didn't really need it you could return it.
Somehow I missed that in earlier posts, so was not aware of that symptom.


Please don't view these next comments as negative - they are not intended to be negative...

>> some really super man malware that my avg, spybot sd, adaware
>> scanners arent finding. Now, still its gotta get past my spyware
>> blaster, spyware guard (sg), and newly added my advanced windows care.

Believe it or not, if you're running all those there could be software conflicts.
And frankly, I'm impressed that you can run Win2000 Pro on a Pentium III with 256MB of memory AND run all that stuff, and NOT see serious system performance degradation. If anything, that's a testament to the quality of Win2000 Pro.

But the kind of malware that *might* (perhaps unlikely, given all the info) have caused the trouble you had would not have been detected by spybot sd, adaware, spyware blaster, spyware guard or advanced windows care, because it's not "spyware". That leaves AVG, and frankly AVG just isn't that good.
It is possible that a rootkit could have caused trouble to both your drives. I'm no statistician, but I am thinking it's equally possible that some electrical anomaly could also have caused the issue - rootkits are terribly wide spread yet, thankfully. Recent new variants of the old Netsky code are on the loose, however, and that could have been the problem (which is why I suggested the smitfraud software - it cleans up even the September 2007 variants successfully).

>> I dont mechanically understand how malware can mess the booting
>> process if its inside of windows and windows hasnt loaded?
It can, because malware is not always "inside" Windows. Simply altering the boot.ini file can cause some very odd things to happen. You can read about boot.ini at these (and many other ) pages...
http://mirror.href.com/thestarman/asm/mbr/bootini.htm
http://support.microsoft.com/kb/330184
http://support.microsoft.com/kb/289022

There are tons of other tricks that malware can use, and it gets more and more sophisticated every day.

Regarding your software load...
Personally, I would get rid of advanced windows care immediately. I have not personally had any problems with it, though I've barely played with it so far. But a high number of customers report odd system behavior after using it, and "normal" behavior after removing it. That alone makes me wary of it.
And all that other spyware stuff is way overkill. There's products like ewido, which I have little experience with since the merge with Grisoft, but was an excellent product, so I have no reason to believe it is not still. One thing I liked about it is that you can download the engine and the latest signature files, burn then to CD or other media, and run it on an infected machine in safe mode to do clean-up. It was always very effective.
For antivirus, I recommend ESET NOD32. I've tinkered with a large number of products, and use NOD32 all my Windows and Linux machines now. It is not free, however.

For the record, I do not work for nor do I have any vested interest in any of the products I've mentioned. I am semi-retired, working part time for a place that does computer repairs and clean-up, and web pages for local businesses. Currently, I am learning PHP, and finding it fun! I also do network security consulting on the side. My "home office" has 20 computers, running Solaris, Linux, VxWorks, various flavors of Windows, and they are all networked. I was an embedded systems engineer, and worked mostly on robotic weapons systems, telecommunications systems and various large parallel computing projects for the past 10 years. Prior to that I developed software for guidance systems, geospatial intelligence systems and mapping software for military navigation. One thing I've really learned over the years is that the more I learn, the more I realize I don't know. Windows systems really bring that out, too.
Regardless of my background, my recommendations are not necessarily "right", and I understand that many people hold different views. My reasons for liking or disliking any given software are quite possibly different than another persons reasons. As with most things in life, we gather our information and make decisions based on that information. So, as a sometimes cranky old man, I will try to provide information when I'm able, and try to be objective about it. I like these forums because of all the questions. It's a great way to learn new things.


----------



## JustAnotherDude (Oct 31, 2007)

NOTE that in previous post, "..rootkits are terribly wide spread yet.." was supposed to be "..rootkits are NOT terribly wide spread yet.."


----------



## T24win2k (Oct 20, 2007)

Here is the way I see it. You are the one who is helping me and to get to the bottom of this I will do what you say to do, and I will rid and install the programs that you suggest. That is the best chance at resolving this issue. Also, piano man who originally started this thread had the 256 ram and pentium 3. I have 512 ram and 566 mhz intel celeron. I will get started on this asap and post back my findings tonight. Thanks again Dude.


----------



## JustAnotherDude (Oct 31, 2007)

You're welcome... and I will try to read more closely in the future!


----------



## T24win2k (Oct 20, 2007)

Sorry I couldnt get back to you the other night. Here is what ive done. Downloaded smitfraud and ran it also in safe mode. Downloaded the symantec uninstaller and ran it. I removed all of my security programs except for comodo firewall and spybot s&d. Then restarted and ran regseeker and cleaned the registry twice. Installed nod32 and did an in depth scan which came up clean. I installed belarc and silent runners and ran both. I dont see anything that I dont recognize running however belarc says im missing alot of hotfixes. I prefer not to go downloading all them until we figure this out if ok?

My power button is ok. Ill try my best shot at explaing this. When booting windows 2000 you get to a black screen where there is a task bar across the bottom that shows windows starting up. When I restart, it gets to that black screen and never does anything. So manually I hit the power button and between 2-4 times it will finally start loading windows and then everything is fine except sometimes it starts slower than normal. 

I went to ewido and found that its no longer available. Its been replaced by avg which they claim is even better. 

A couple other things that happen with this is ill copy something like this post that I just had to completely rewrite again. It doesnt retain when I copy something some of the time and ill go to paste but cant. It also seems to work at a decent speed right after a reboot and then falls off to very slow in 20 minutes time. Its slow at opening programs at that point, and slow on the internet as well. Everything gets slow and the available ram isnt changing and is sufficient. 

The next thing im gonna do is run safe mode with the internet unplugged and if something is found ill post it. Otherwise whats the next move? 

Also ill be sending you a private message with my silent runners text for you to look over incase theres something there that shouldnt be. Thanks again Dude.


----------



## T24win2k (Oct 20, 2007)

It appears my helper has abandoned me. Is there a moderator or someone with a commitment to helping people on this site that can review this thread and continue helping me? Please?


----------



## T24win2k (Oct 20, 2007)

Would I be better off going to another help forum? It seems rather busy or understaffed here. Anyone????


----------

