Posts by gerbil

What is this toolbar which is changing colour? The taskbar?
Is your TCP/IP protocol set to obtain Ip & DNS server addresses automatically? It should be if you used the network wizard...
In Device Manager, View, click Show hidden devices... check for errors [red or yellow icons].
"The only other software I think I have is the intel software related to the intel wireless 3945ABGNet and that is disabled." -if Windows XP detects this then it will not use its wireless configuration utility; you should use the Intel software.

Mr Cz, use hijackthis to fix these entries:
R3 - URLSearchHook: (no name) - *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
R3 - URLSearchHook: (no name) - *{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearc...US_ZS6628X44US

You could remove via CP > Add, Remove Pgms the AVG toolbar. And the AIM toolbar. Up to you, I feel they just take up too much screen space, and duplicate functions your browser and search sites already give you.
Now apart from having had most of the world's adware on your sys I don't see anything in your ipconfig reports that indicate a problem. Sure, the DNS and ping timeouts are not good, but it comes down to what was causing the web delays. Your DNS server is configured - when working and you run nslookup its Reverse DNS lookup finds the server name associated with the IP address.
So, is your sys still having the loss-of-internet fits? And if it does, check that your AVG firewall is not interfering by momentarily switching it off.

You are going to need a scart adapter and an amplifier. The audio-out adapter would be no more than 5USD.

cheri, do you have a Motherboard cd with chipset drivers? If so, load it and run the Ethernet driver installation.
No? Then try going to Device Manager [run devmgmt.msc], expand Network Adapters by lclicking the +, then rclick your adapter, choose Properties.
Go to Driver tab, press Roll back driver.
If that does not work, navigate to the same page, but instead press Driver details button. Note the driver names, gurgle for them and dl from a reputable site [you can dl them to a flashdrive etc]. If you require more than one driver file they may all come in a zipped package.
Finally go back to that DM page but press Update driver.... force the wizard [ie. do not go to Windows update site] to look in the folder or drive to where you dl'd them.

It is usually better to create your own thread with a few details, like the mb make, model, ethernet model... :). I mean, I've gone to more trouble than you did.

I can only think that you for some reason changed your desktop, application backgrounds and fonts to black. You can do that on that page in DP.
Okay....
-drag your mouse down to the bottom left [yeah, I know you cannot see it, or the following...], then lclick once. Now...
-type r
-enter desk.cpl
-press ctrl-tab 3 times
-press the left direction key once
-press Alt-a
-after 5secs, press Enter.
Anything happen? If not, do it again from the start but press instead the right direction key once.

OR.. using a more definite actions control:
-press the Windows key
-type r
-enter desk.cpl ,2 [note that space before the comma!!!]
-press the left direction key once
-press Alt-a
-after 5secs, press Enter.

Obfuscate any web address in the body of the email.

WinToFlash. Free. Works.

There are a few problems there that need to be removed first. Lets try this... firstly:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
I am not sure that scan will clean all the malware, but I don't wish you to run Combofix if it is not necesary because it changes so many basic settings that it makes the resultant, cleaner system annoying to have to revert.
Next...
start hijackthis again, click Scan, in the window that opens place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll …

This tells you how, edie.
http://support.microsoft.com/kb/2286198

The WintoFlash post hit the wrong thread; sorry.
He gets way past the stage where a Sata driver is required by Setup. And it is failing to install on IDE drives [in his post].
Do you have any USB devices connected whilst attempting Setup? Disconnect your router [is it connected via USB, btw?].

Okay. I'm happy to assume then that this [Admin Password Scrambler (APS) - Unknown owner - C:\WINNT\System32\apss.exe] is something that is in-house with your company.
Do you still have that MBAM log? I would like to see it. If you do not have it, then please follow these instructions [otherwise wait till I read that MBAM log]:
==Download this file to your DESKTOP: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
.....or this file: http://subs.geekstogo.com/ComboFix.exe
-IMPORTANT! : close other applications and save work, turn off your Antivirus, Antispyware and Firewall for the duration of this scan.
- to run it dclick the Combofix.exe icon and follow the prompts to start it. If you do not have it installed already, Combofix will download and install the Recovery Console on your system.
A word of caution - do not touch your mouse/keyboard until the scan has completed [your computer will restart automatically] when a log, C:\Combofix.txt , will pop onto your desktop - post that log in your next reply.
The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs reboot to restore the desktop.

A simple one is WinToFlash. Free, too.

I did reply in your other thread. And turning off the warning is great for when you visit a spoofed site with your credit card and don't see any warning an get ripped grand. We face choices in life.
But pros can forge certificates anyway....

Okay. And what is the IP address that you get... run ipconfig /all to see it, both when good and when bad. It should be one supplied by the router.

Hi. You MUST uninstall Avast then. I know it is good, but two AV services can open your system up to problems. Having more than one is a practice that is totally NOT recommended.
apss.exe .. it entered your sys on July 20; when did you start having this problem with the website?

You can solve it by placing those sites in your trusted zone, but that is a practice that is not recommended - it means then that those sites can pour all sorts of tripe into your system. Cause is that they are tardy in renewing their security certificates [they have to pay], so the certificates are out of date. Best bet is to put up with it, accept the sites you trust by clicking as the warnings pop.

Nope, that's clear enough, It. If you ran recovery software you will have had your registry set back to the virgin state, without any application keys in it. Those programs you listed store data and run information in their own registry keys which are now gone, so although the programs' files still exist there is startup and run information missing. The only way out is to reinstall those applications.

Hello, Jared. Please start hijackthis again, click Scan, in the window that opens place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
O4 - HKCU\..\Run: [Configuring] rundll32.exe E:\WINDOWS\TEMP\1239968.dll,W
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
Done? Okay, delete this file:
E:\WINDOWS\TEMP\1239968.dll
Now get this tool, and use it regularly. Executable files should only run from temp locations during an application installation.. but good installers will then delete them. This one is malware.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.
[To customize file cleaning select the options you wish to use via the Windows and Applications tabs ..]

Say how your sys is performing now.

Hi, nil. Start hijackthis again, click Scan, in the window that opens place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKLM\..\Run: [SWFAss] c:\winnt\SYSTEM32\KIX32.exe /i c:\winnt\SWFAss.KIX
O4 - HKLM\..\Run: [45A41D] C:\WINNT\system32\B2BABE\45A41D.EXE
Good; now delete these two files and the folder B2BABE.
c:\winnt\SWFAss.KIX
C:\WINNT\system32\B2BABE\45A41D.EXE

What is Consolehookloader.dll? Search for it.; in Properties, who is listed as its provider?
And this: Service: Admin Password Scrambler (APS) - Unknown owner - C:\WINNT\System32\apss.exe - I cannot find any information about it. Check the properties of this file, C:\WINNT\System32\apss.exe and report its provider.
A big problem though is that you are running two Antivirus Services, Symantec and Avast. I don't know if you are paying for Avast, but you must remove one of them. They interfere.
Pleas run and then post a fresh hijackthis log, with your opinions.

Baby D, I use Avast Free Edition, Avira Free is also very good, perhaps better. AVG scores somewhat lower now. I should add Comodo.. they also have a free AV service which includes their firewall . I do not know how their AV service rates in testing.
==Get CCleaner from http://www.ccleaner.com/ - and install it in a new folder. You should keep this one for general use. I set the installation checkboxes only to open from the recycle bin. It's neater that way.
Now run CCleaner from the recycle bin rclick menu using its default settings [if you set up CCleaner as i suggested, rclicking the bin icon should give you the Open CCleaner option...].
If you have FireFox open the Applications tab and ensure at least that Cookies and Cache are checked.
Select the Cleaner icon, press Run Cleaner.
Run CCleaner in any other Accounts.
[To customize file cleaning select the options you wish to use via the Windows and Applications tabs ..]
Now please run hijackthis again and post that fresh log.. I wish to check if that file and its keys were completely removed.

No cd or USB functionality? Oops. First, I'd try resetting BIOS to its default values [restart and enter bios... Alt-F2?]. If that did not get the peripherals running I'd reset CMOS [open the lappie, near the lil round CMOS batter there is a 3 pin plug with a jumper, move it to pins 1,2 for 5 or so secs, then replace it.
And try again. Still the cd and USB don't work? Not a lot of point reinstalling to it. Anyway...
Place your hdd into another computer and load the OS onto it, install the correct drivers... ?
Your BIOS obviously has network [PXE] boot [it recognises that the NIC is so capable]... so read this: http://winner.windowsdream.com/ . Or this: http://www.ultimatedeployment.org/index.html
Or go to www.boot-land.net/forums and learn about tftpd32 eg http://www.boot-land.net/forums/index.php?showtopic=2322
There is a ton of stuff out there if you search "XP install via network".
Tell us how you get on; I've not tried it.

Please.. formatting and reinstalling is so very much the absolute last resort...

And if you go CP > Windows firewall > Advanced tab, and click Default settings button, what do you get?
If that fails then firstly uninstall the Firewall service, Windows Firewall/Internet Connection Sharing (ICS): in its properties first Stop it, then disable its Startup type, then type into a cmd window:
sc delete SharedAccess
Secondly, reinstall by going CP > Windows firewall.... a reinstall box will pop. If that doesn't work go to a cmd window again with:
rundll32 setupapi,InstallHinfSection Ndi-Steelhead 132 %windir%\inf\netrass.inf
After restarting your sys, next cmd is...
netsh firewall reset
[those two cmds are from M$]
Say how it goes.

Whoops... command is
combofix /uninstall

Hello, BabyD, no matter, good that it is working better, but there are a few oddities about your AVG installation and we should fix those, you still have remnants of Symantec and so I shall guide you to remove those, but there is still malware, and a winlogon entry is not quite right.
Firstly then, start hijackthis, click Scan, in the window that opens place checkmarks against all the entries listed below that still exist, and then press Fix Checked.
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O4 - HKUS\S-1-5-18\..\Run: [ypeyluwe] C:\Documents and Settings\NetworkService\Local Settings\Application Data\txnkbdldt\ijadbqdtssd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ypeyluwe] C:\Documents and Settings\NetworkService\Local Settings\Application Data\txnkbdldt\ijadbqdtssd.exe (User 'Default user')
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Baby D\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)

Good. Now find this file and delete it:
C:\Documents and Settings\NetworkService\Local Settings\Application Data\txnkbdldt\ijadbqdtssd.exe
[if it will not delete then in hijackthis find the Misc Tools section via either Main Menu or Config buttons, press Delete a File on Reboot and in the window which opens browse to the file, press Open and then restart... ]

To cleanly uninstall Norton/Symantec AV services get the correct tool from.... http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039
Finally, AVG - it appears to be installed badly, with files in strange folders; I suggest that after the above procedure you uninstall AVG 9 and …

Hi. Just so I can have a quick idea that there is no malware running there could you please do this:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
And then so we can see what is running:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then...
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
There. Two logs to post. Also rclick on your drive C: [or where you OS is], and from Properties say how …

That is a good start, Baby D. And the other log, please?
How is your computer running at the moment?

That was certainly a lot of runs you did with Combofix. It would have been good to have seen the first log, the last is fairly useless in telling me what you had. Anyway... run this to cleanup and remove Combofix:
combofix /u
Cheers.

That is a nice, clean Combofix log. Nice work!
Registry cleaners.... urg. They all use different [the best in the business] detection/cleaning engines. Your registry is huge.... mine occupies 28MB the last time i looked..if you consider each value might contain only a few or possibly a few hundred bytes, each subkey a few names, then that allows for many tens of thousands of keys, possibly a couple hundred thou, and approaching a million data names. Depending, of course.
Your registry contains entries that will be cycled out as new info arrives into those areas, all cleaners love to point out that they have found those cos there are hundreds of such things... every search, every file you delete, move... and unused file suffixes. Then they try to find entries which point to files which no longer exist... data ones are easy, with applications they fail miserably. And occasionally, they tell you to remove something absolutely vital.
Crash.

Setup is a weird, unknowable animal [to me, at least]. I try to sort out some of its tricks, though. Right, you are getting boot files in the drive you want free of any OS files; it is not marked Active, and Setup has now denoted it as C:.
Boy. One thing, if it has placed boot files there again, it is going to need to be Active finally [but I bet Setup won't mark it as such this time]. But anyway, let's step back a bit. To what I understand. One of the first things Setup does is examine your hdd for any Microsoft OSes [this is how it decides whether to offer to Repair existing installations]. It would do this by examining existing partitions recorded in the MBR and then going into each and reading the Master File Table. Fine. Setup locates the files, checks they are not corrupt. When you delete a file its body remains where it was on the hdd, its filename remains in the MFT but the records [in the MFT] of disk sectors used by that file are marked as useable. I have the distinct impression that Setup ignores the deletion markings on Windows files. It's going to rewrite the MFT anyway. Those entries in the MFT remain because you cannot do a [quick] format - that would destroy the boot file records in the MFT... fine.. but lose your data. Not fine.
So here's something you could try.. you're having …

Aw, heck, that second link I posted, just agree to the terms, click the audio driver link, give the code and download the driver file directly. Extract, open the folder and dclick the file SETUP.EXE - that will start the installer. There is no need to run any hardware-checking tool from the site. That is the driver for SiS 661FX. Shuttle surely didn't rework the chipset.

So it's not password protected .. did you actually Move the My Documents folder on the old installation, or is this a copy of it you are try ing to access? From a cmd window can you do a dir on that S: drive, see the files?
Can you do this to take Ownership?: Because you have XP Home, restart in Safe mode [you must in order to get the Security tab on folders to appear], log on with an account that has administrative rights. Rclick a folder on the drive, select properties, > security tab, > advanced tab, click owner, click edit, click your user name in the list [or Administrator] and check Replace owner on subcontainers and object, and Ok. Answer Yes to the question regarding replacing permissions.

This is a standard post I use... you must be an XP Pro user; substitute S: for C:...
All you need to do as an administrator is to take control of those folders/files. If you go to C:\Documents and Settings you should still see your old profile named there. User profiles are given a unique Security Identifier. So even if on a new installation you create a user with the same name the account will not have the same SID. My Documents folder is a special Windows folder; it is related to the owner by SID. So if you can see it under C:\ you can take possession of it [if XP Pro] by using the Security tab in Properties. If XP Home just copy the contents to your own My Docs, and delete the original folder - it does not belong to any user now.

...and then it was time for bed.
Length is not a problem. Use Advanced editor to attach it, the Combofix log.

:). Combofix was to be my next step, because I believed that One-Care had not found all the malware. Could I see the log, please?

Hmm.. the first one was just a safe, normal Yahoo orphan adrift in a registry sea... no harm.
The others are Java related [next time you update Java it will fix itself] and an Acrobat IE add-on. Normally you remove ActiveX add-ons from IE > Tools > Manage Add-ons - that way you properly unregister the dlls etc.
sfc /checknow.... profuse apologies, too many commands to remember... it is sfc /scannow. Grr.... when it completes it will just close, no fanfare. Luckily, you can run it from Safe mode also.

DHCP: you could go cmd > ipconfig /all - it will show status of DHCP Enabling.
Something else you could try is this wizard: go CP, Network Connections > New connection wizard; Set up a Home or Small Office Network, and follow through. It does all the checking, installing etc.

http://www.softwarepatch.com/utilities/sis7012.html
http://www.sis.com/download/agreement.php?url=/download/ ... it's the only audio driver, one size fits all. I'd use this site first.

If an uninstaller bugs out, you can always reinstall the software and try to uninstall again.
The hijackthis log run in normal mode shows no unwanted entries. From what you say, I can have no idea of the problem... a first suggestion would be to run the file checker to correct corruption in monitored files. Go Start, run, enter...
sfc /checknow
You most likely will be asked to point to the i386 folder, eg on an installation cd or a folder in your sys.
But there is something else lurking which starts in normal mode and disturbs IE and your networking. To see the blue screen error codes go to CP > System > Advanced tab > Startup n Recovery Settings, uncheck Automatically Restart.
Report the error code and any subsystem mentioned.

If an uninstaller bugs out, you can always reinstall the software and try to uninstall again.
The hijackthis log run in normal mode shows no unwanted entries. From what you say, I can have no idea of the problem... a first suggestion would be to run the file checker to correct corruption in monitored files. Go Start, run, enter...
sfc /checknow
You most likely will be asked to point to the i386 folder, eg on an installation cd or a folder in your sys.
But there is something else lurking which starts in normal mode and disturbs IE and your networking. After sfc we can work on that.

You must make this change..

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\SafeMode\Components]
"DeskHtmlVersion"=dword:00000000

..not, as you sometimes see on the web, a change to ...\Internet Explorer\Desktop\Components]. This possibly gets put up cos people read of the fix, check their registry, find they do not have such a \Safemode\Components key, and assume then that the fix is incorrect.
-If you restore to a time before you make the change you will undo it.
-You must make the changes per user, too.[HKEY_CURRENT_USER\....], so if you game under a different login then you can have problems.
Any other information you can give?

Hello Aracely,
try not to run programs like Registry Booster when you think your sys may have an infection. And you most likely still do. Please re-run Hijackthis in Normal mode; in Safe mode it is of vastly reduced usefulness because many malwares are only started by processes in the Normal mode. But do this before you re-run Hijackthis :
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].

Ok, if you don't recognise any, search for them. And is your DHCP client service set to automatic, and started at boot?

That mb has a SiS 661FX chipset? The audio driver would be found by gurgling SiS 661FX audio.
Or it may be an Intel chipset.... you check.
Caper, a tool I prefer for sys specs is siw.exe.

Since you are using netsh, does netsh winsock show catalog contain all valid files?

Grin, something pretty basic is going wrong here, and it is either the hdd or RAM. chkdsk /r is not reporting errors on the hdd when you rerun it? Then it is well worth doing a RAM test; it takes as long as you want it to. This site, http://www.memtest.org/ has Memtest86+ in bootable form for cd [.iso], flashdrive and floppy. I prefer the floppy version if a drive is available.
There is no way your sys could have suffered that much file corruption without it being software-based [virus...].
Because you can now use the Recovery Console [can get in, and it recognises an installation], and because you have used the \repair hives already, there is really no reason why you should not run a Windows Repair [NOT a OEM Recovery... that would blast your installation back to the stone ages - you'd lose everything]. With a Repair you have to reload all updates, but your data files will remain intact. Some softwares will be unhinged anyway because of the hive reversion.

Oh dear... there are a lot of files in system32 for the sys to be unhappy with.... one at a time...:)
Anyway.... use RC to first rename ntfs.sys to ntfssys.old, then copy in a new one with:
copy x:\i386\ntfs.sys c:\windows\system32\drivers
I wonder if the file table is damaged? Or if your RAM is faulty [needs reseating]... cos I cannot think why you are getting these file problems.

You don't really want sys32.exe to load. You have yourself a problem there... it is a worm or trojan file. Got a Recovery Console handy? Then load it, go into system32 folder and delete [or rename if you don't trust me] sys32.exe, check and delete it also if found in the windows folder.
Try to boot into normal mode, else safe mode with networking. Get and run this:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon, and UPDATE it.
Select "Perform QUICK Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you when it completes... do not click the Save Logfile button.
Examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Copy and post that log [it is also saved under Logs tab in MBAM].
-then this:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then...
-in that folder start HijackThis by dclicking the .exe
-CLOSE ALL OTHER APPLICATIONS and any open windows …

Hi, Skitzo... It's good to check and be sure.
Do make sure you leave your System drive [where the boot files are] set as Active, otherwise restarting will be tough. [BIOS loads the MBR from the Master hdd [or Sata 1], or from where you set in BIOS config, the MBR then directs loading of the boot files from the Active partition, from there boot.ini directs loading of system files from wherever they may be...]

Hello, Grin.... no access to RC... yeah, that was always going to happen with an OEM installation , but with no hives showing in your config folder it was worth a try. It's something to do with the way OEMs create/load their OSes into the systems they sell, I do not know the details, but there is something incompatible with their SAM hive and RC. Of course, if sometime after they set their sys up just the way they wanted it people then did a system save they would get new \repair hives which reflected that. Anyway...
What we need to do now is reset the SAM hive passwords for the System Administrator account [the one RC requests], and also your adminstrator account. Easy as.. just get this tool, cd080802.zip from here: http://pogostick.net/~pnh/ntpasswd/
-get the cd iso [zipped], unzip it, burn that image [the.iso] to a cd.
-restart your sys to boot from the cd [hit F8 to get the one-time boot menu];
-when the pgm starts answer the questions, mostly you will type 1 [remember Numlock]
-change both account passwords in the one run [CLEAR them, do NOT set new passwords] by repeating that section
-quit and save [type y when asked if it should write the changes to SAM].
Try the RC with a blank password [Enter].
I know that pgm works with standard installations, it should also work with OEMs like yours.
I cannot figure out …