How to reinstall Win2K?

My computer used to be running Windows 98 until about a year ago when I decided to upgrade to Windows 2000. I purchased the W2K upgrade software and installed with no problem. Now I find my windows is acting flaky and slow. Im sure that it's time to do a reinstall to give it a fresh start. My problem is that if I wipe out the old version to start with a clean HD, I'll no longer to be able to reinstall W2K since I only have W2K upgrade and not the full version. How will the install be able to take place since there will be nothing on the hard drive to tell windows to go ahead and upgrade to 2K. In other words, the software wont see windows 98 or any previous version on the HD. There must be some logical way of doing it short of having to go out and buy the full version.

 

What you have with the 'upgrade' is a full version with a little piece in it that checks for an existing, qualifying OS version so if you still have a 9X/ME CD, you can put that in when asked so your 2K upgrade can verify that you own a full OS version. The install will then proceed.

However, it might be more instructive to fix the current one. If you want to take a shot at that and have some time, we can certainly give you some ideas.

I know some folks just like to do a clean load and start over but lots of us opt for repair. I do have to say that I have yet to find a working system (i.e., the OS will load and you can log in) that couldn't be put to as good or better than when it was first loaded.

 

re: How to reinstall Win2k

Thanks for the response, Newt. I'm willing to have a go at it. The actual symtom Im experiencing is as follows: When I first boot everything works normally for awhile. Then the longer the computer stays on and the more programs I open and close, the slower it gets. Sometimes it can take a full minute or two for a program to load up and start. Finally things get so slow that I have to do a restart to get it so respond faster. If I check task manager, I see that cpu usage is at close to 100 percent even when just sitting idle. I have tried various memory managers in an attempt to free more ram and get things to work faster. It doesnt seem to help. If you need any other info, let me know. Thanks again for your kind offer.

PS another, perhaps unrelated problem is that oftentimes it takes 3 or four times for boot up to complete. The system gets hungup on "searching" or "loading network configuration" and hangs there. Im not sure if that's the exact wording of the message but close.

 

re: How to reinstall Win2k

One other bit of info: I just checked windows task manager processes window and saw that just sitting here idle, my web browser (the only thing open) was using 95-100 percent of the cpu. Now as Im typing this note, it has shifted and the System Idle Process reads 98 percent cpu.

 

Sounds like you are afflicted with some spyware and maybe the odd trojan or two or three.

From Quicklinks in my signature, download, install, update, and run first Ad-aware SE (full scan rather than smart scan) and remove all it finds. Then Spybot and a scan with removal plus set it to immunize.

Start => run => cleanmgr.exe and let it search then remove. I'm guessing you don't run this often so it may appear to stall and may take as much as an hour or more to run to completion. Just give it time.

Quicklinks again and get a copy of the latest version of Hijackthis v1.99. Unzip it to a normal folder so not a temp folder and not the desktop. Close all open windows and run HJT to scan and create a log file. Post the log file here so we can see what is still hanging around after the above cleaning measures.

When we get the log posted I'll move this to the spyware removal section.

 

re: How to reinstall Win2K

Youre right. It sounds exactly like I have some kind of virus or trojan or malware floating around. Which is why I keep a healthy collection of spyware scanners on hand. I did in fact have Ad Aware and SpyBot S&D as well as Pest Patrol, Norton Antivirus, Spy Sweeper and Hijack this. I just finished running them all once again and found only a handful of data miner type things which I deleted. I ran the Cleanmgr but it yeilded 0 kb. Here is what Hijack This reported:

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\NORTON~1\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\SLEE503.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINNT\StartupMonitor.exe
C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.med.stanford.edu/local
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.med.stanford.edu/local
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [Run StartupMonitor] StartupMonitor.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\WebRoot\Spy Sweeper\SpySweeper.exe" /0
O4 - Startup: BHODemon 2.0.lnk = C:\Program Files\BHODemon 2\BHODemon.exe
O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: PD - {042A57FD-22C8-4272-A270-4AEB5E34097E} - C:\Program Files\Popup Defender\pd.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O23 - Service: Acronis Scheduler2 Service - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Crypkey License - Unknown - crypserv.exe (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Logical Disk Manager Administrative Service - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GFI Network Server Monitor - GFI Software Ltd. - C:\Program Files\GFI\Network Server Monitor\Server\GfiNmSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection - Symantec Corporation - C:\PROGRA~1\NORTON~1\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Steganos Live Encryption Engine (Version 503) [Service] - Unknown - C:\WINNT\system32\SLEE503.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe

What d'ya think?

 

I think these need to go away

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing

This looks like a leftover from NetZany (not an applet I like very much)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

and it would sorta be nice to see the stuff you left out of the HJT log you posted.

Overall though, it certainly does seem like you are pretty well protected. I do suggest a run with an online AV scan just on the chance that something has sneaked in and managed to disable some of your onboard protection. Probably not but worth a scan I think.