Posts by gerbil

Okay, now we are getting somewhere. ISpyNow uses files it places under Documents & Settings, in various folders. And it rewrites them if they are damaged.
Start hijackthis, select Scan Only, place checkmarks against all the entries listed below that still exist, and then press Fix Checked.

O4 - HKCU\..\Run: [nah_Shell] C:\Documents and Settings\c\nah_jpde.exe
O4 - HKCU\..\Run: [HPseti] "C:\Documents and Settings\c\Application Data\Google\runhh6110411.exe"

Delete:
C:\Documents and Settings\c\nah_jpde.exe
C:\Documents and Settings\c\Application Data\Google\runhh6110411.exe

Then search D & S for files with these names , they will have similar file modification times:
learn32.dll
rehh
vigrs
Ina
comm3
fsh1
mscscc.dll
run611041
..and delete them also. Restart, and see if they have stayed deleted. Post back with a list of files that you found and deleted, please. You might order the files in each folder by Modification Time, and note any other files with the same time.

codec stands for coder/decoder. As an example, a music file will be encoded, possibly mp3.. the codec unpacks the music from the encoded file, and can also create an mp3 file.
Codecs install to [or should be placed in] the folder of the program which will use them. Windows standard codecs are in system32.
Boot.ini parameter, /MININT
This option is used by Windows PE (Preinstallation Environment) and causes the Configuration Manager to load the Registry SYSTEM hive as a volatile hive such that changes made to it in memory are not saved back to the hive image.
I do not know why your Recovery Console is listing D:\I386, which is the Recovery Console itself. Is there a C:\I386 also, by some chance?
Your problem was not a bad MBR because your sys is trying to boot, ie, going past that stage. Its failure comes at a stage when it is trying to initialise drivers and services.
I wonder if Minint is a leftover from a failed installation? It should have been removed by the installation process.
I would start RC in C:\Windows and run:
chkdsk /p -then try to restart.
{If it will not, go back into RC and run: chkdsk /r }
While you are in RC you should check your boot.ini file. Use :
bootcfg /list
As an example, mine looks like this:
[boot loader]
timeout=4
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows …

Gautam, I need to see that MBAM log, please... [it is saved under Logs tab in Program Files\MBAM].
also:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Post both logs, please. I am blind without them.
Did you try the Bitdefender online scan? Post that log also... that scan will remove your autorun.inf trojan if that is what you have.

Ah, sorry CompvsMe... I didn't follow the relocation of your thread over to this forum, but spotted your PM urging me to look. I tend to haunt the other forum, mostly.
Right, you say MBAm froze - we will rerun it later. But first, please do in this order:
==Please copy the text in the box to a notepad [format/wordwrap unchecked] and save as C:\fixkey.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

==Download Avenger from http://swandog46.geekstogo.com/avenger.zip
You must be in an Administrator-privileged account to run this procedure... and do not be concerned as it shuts down and restarts your computer a couple of times when it runs.
-unzip it to your desktop and start it;
-copy the text in the box below and paste into the Script Input window as one block ALL the text in the box:-

Files to delete:
C:\WINDOWS\system32\jqeceyns.dll
C:\WINDOWS\system32\enryfm.dll
C:\WINDOWS\system32\idoape.dll
C:\WINDOWS\system32\nggmsy.dll
C:\WINDOWS\system32\lwoaxz.dll
C:\WINDOWS\system32\pfpfyb.dll

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run | b89e6646

Programs to launch on reboot:
C:\fixkey.reg

...and click Execute.
[The files, etc., that you asked Avenger to delete are zipped to C:\avenger\backup.zip.]
Avenger creates a log file that should open with the results of its actions. This file is located at C:\avenger.txt

Please post that log file.

Now MBAM, update it and try another quick scan, check the log for any Delete on Reboot notations and reboot if present.
Post that log plus the Avenger report with a fresh hijackthis …

Hello, ranger, start with this:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
Then:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.
Post those logs and we'll go from there.

I think you may have been infected by what was once a simple worm which disables that option so to hide itself.
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon.
Select "Perform Quick Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
Check the results.... if MBAM does not detect and delete autorun.inf then please...
==Run a BitDefender online scan: http://www.bitdefender.com/scan8/ie.html -use the Download button for the 30 Days Trial product; post the results, please.

We have a solution to the (too much pie) problem, if you need it...?

And since you have one drive out try slaving it in another PC - that will test the software issue.

Umm.. yes they did: "noticed that one of his hdd on his raid 1 had gone bad..."
It could be that your RAID controller is having a near-death experience, like the vid card. It may be having trouble doing dual disk reads? I would split the array, back out of RAID and see if one disk alone will work correctly.

Start with this:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application,
-ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
When it completes examine the log: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].
Then:
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post the log here.

Well, no, not without knowing what it was doing. What you have is just a name composed of random letters or groups of letters from a selection the trojan uses. Could be a downloader, backdoor, worm... cannot say without knowing its actions.

for the cmd problem, best I can suggest is running..
sfc /scannow
to check nd replace any corrupt protected system files. Or just try copying in cmd.exe from your installation cd. It is in I386, you need to expand it thus:
expand "cd drive letter"\i386\cmd.ex_ %systemdrive%\system32\cmd.exe

attrib is a command, it will not run from the run window because it is not a pgm.
May we have a glance at your boot.ini file, please?
Go Start, Run, paste in ..
control sysdm.cpl,,3 -and press Enter. Go Startup n Recovery Settings, press Edit button. Paste here the notepad that pops.

Caper, don't do that! Bring back the crook chook.
Hello, Mr Wanderer, lessee if this works for MBAM: go into Program Files\Malwarebytes A-M and rename mbam.exe to myjam.exe. Then dclick it to see if it is still blocked [it should set up for the scan]. Make sure to Update it before scanning!!
If you experience trouble with the update then dl the latest updates file: http://www.gt500.org/malwarebytes/mbam-rules.exe , to a thumbdrive. Next, dclick that mbam-rules.exe file, it will install into MBAM.
But start MBAM by dclicking myjam.exe [the icon will not work unless retargeted to myjam.exe].
Rename hijackthis.exe to imabunny.exe...

Julia, believe jb on RegCure. A waste of money, imo. What it detects are benign and useless things like unassigned file extensions, stored "history" items like MRU [most recently used] lists for applications, and some of the keys and values for uninstalled apps. It won't actually fix anything except by pure chance. Your registry is huge, 1400 items are as nothing. And they probably rarely get read by anything; some are revolved out.
Save the firefox 3.04 file to another computer, transfer it by thumbdrive, run it to install; if FF will browse it will give us an idea as to which direction the fault lies.
Turning off your firewall and turning on the Windows firewall may help, may not.
A problem may arise in that all? browsers use a lot of native Windows OS files so the fault may carry over to FF. But we shall see. Opera is another good browser.
MBAM will be difficult to update without a connection, if you wish to employ it as a check. But download, save the installer file from http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html, then dl this latest updates file: http://www.gt500.org/malwarebytes/mbam-rules.exe , both to a thumdrive.
Run the installer, when it completes uncheck the Launch and Update boxes. Next, dclick the mbam-rules.exe file, it will install into MBAM.
Start MBAM via the icon and ...
Select "Perform Quick Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that …

I think what you may be looking at is a minor disastor. Or a big one... stuff is likely destroyed by a power spike which got through your PS.
Swap in a working monitor.
Same no-go? Then BIOS is likely not running. If you have a video card, remove it so as to use on-board graphics. Leave only one stick of RAM, unplug any other unnecessary devices, like even your CD/DVD ROM, all other drives [yep, even your main hd], other cards.
Try again... swap RAM sticks,... nothing? Okay, now it is a big disaster. When all you have plugged is a PS, mb with RAM and a monitor, and you don't see BIOS run, what you need is a shop.
Good luck with it.

I think I understand... you have installed the software and it works, but only for administrators. You wish it to work for regular users, but they get the error.
This may work: go C:\Docs and Setts, then find in the user folders [it is probably under your folder as an administrator] in Start menu\Programs the link to the pgm, Autocad. Drag a copy of that link into All Users\Start menu\Programs.
It may not work, either. But try it.

Ah! At last.. full screen text width, better space utilisation... someone IS awake at the wheel. Ripper job.

What ws the beginning of the message. some process or other should have been referred to... and if it is new software you are installing there is almost no way you could know what info to load into reistry using regedit etc.

Heh... well, thanks, James. I just enjoy discovering things, exploring... I found those pgms and others some time back, they just help me learn more about disk structure and stuff. Glad I could put them to use. Your disk is okay, no actual damage to it [only some data got altered in the "index", and we fixed that] so keep using it. The structures as shown in your third shot [with the E extended and X extended lines] are all correct - it is just the way the partition table is built.
May I sugggest you give some thought to getting the precious stuff onto cds or dvds? CD Rewritables are good. I use an extra harddrive for just backups, too. Syncback free is as good as you need.
Gratitude? Show it to the writer of Testdisk, not me.
And you're welcome. It's been fun.

Yes, it does do that.. just to save the double checking of "two" firewalls. Comodo does not, so you do it yourself.

James.. just going back to your last screenshot of testdisk-6.10 folder... if you expand that folder in the left margin, click on testdisk-doc-6.10 you will see that a doc folder exists inside it.... drag the doc folder to testdisk-6.10 folder. Then my help .cmd file will apply.
documentation.html is no use to us.
Note that if at any stage in this you get lost or confused you can q your way back and out to start again.
Anyway... your Seagate is detected correctly [shot 1]. In shot 2 it reads the MBR partition table and linked logical partitions' tables and shows a primary partition P, type LANstep [FEhex], not bootable, but the Extended partition and 2 logical partitions are missing. Next, the physical search of the disk sectors reveals [in shot 3] three partitions:
Primary 41381kB 40GB Photo Album
Logical 62915kB 60GB Support Files
Logical 15735kB 15GB Backup
... so we may conclude that the MBR partition table is corrupted.
At the point where you took the shot 3 you must check that your directories and files exist in eg. your Photo Album partition - so start Testdisk, go back to that same screen which is the result of the Quick Search [green text], highlight the top partition and press p. In the new screen you should see your directories and files. If you highlight a directory and press the right arrow you will see files etc inside that.... Do they appear …

Try:
==This one is a general purpose deleter, Unlocker: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.

Heya, sam... could be a baddie there. First, I need to make sure that you followed my instructions because I should not be seeing No Action Taken against found malware items. So, please UPDATE MBAM, then...
Select "Perform Quick Scan", then click Scan; the application will guide you through the remaining steps.
ENSURE that EVERYTHING found has a CHECKMARK against it, then click Remove Selected.
If malware has been found [and removed] MBAM will automatically produce a log for you... do not click the Save Logfile button.
==download hijackthis: http://www.majorgeeks.com/download5554.html
-copy it to a new FOLDER placed either alongside your program files or on your desktop and then... rename hijackthis.exe to imabunny.exe
-in that folder start HijackThis by dclicking the .exe; now close ALL other applications and any open windows including the explorer window containing HijackThis.
-click the Scan and Save a Logfile button. Post both the logs here.

James, to get the ball rolling could you give me these three screenshots, please?
Start Testdisk, choose Create a logfile, shoot the next screen with your disks shown. Save it.
Select the bad drive [Seagate], choose Proceed, then Intel, then Analyse, shoot and save the next screen.
Then choose Quick Search, N for No to Vista.... let it run. Shoot the next screen.
That will do for me for the moment, press q until you are out. Or play if you wish, you will not do any damage unless you agree to Delete or Write etc queries somewhere in there.
Post those three shots, combine them into one if you will.

If it IS aliens... post the pics.

Hang on.. almost there.... lessee, you dl the file testdisk-6.10.win.zip. That extracts to give a folder called testdisk-6.10 containing some files plus dos, ico and win folders. You may delete the dos folder. Okay, you've done all that.
**The doc folder is inside that testdisk-doc-6.10 (tar file)] - drag the doc folder into the testdisk-6.10 folder alongside ico and win folders.
Next, drag the testdisk-6.10 folder into your new parent folder. You've done that.
If you call your parent folder Disk Management you will have to change the paths in my lil .cmd files. Go with Disk Tools.. easier.
Scratch Pad folders are just my own very temp stores. Hang onto the .zip and .bz2 files for the moment, leave them in your dl folder.
I deleted some of those files... my testdisk-6.10 folder contains:
ico, doc, win folders[all contents untouched], plus only changelog and NEWS files.
Check your paths in the cmd files are correct and they should work.
Note... I use Opera on this site [for most browsing, actually]. Firefox has issues with it, IE I don't use.

I do understand, gogetta, but don't know the answer. I could make one point... do other USB devices that make a substantial power drain on the USB host work on your machine? Not thinking thumbdrives here, but maybe a wireless receiver or somesuch.

Hello, James, that is sad. Well we can leave MBRWhiskey now. Time to get another tool, and this one will take an effort by you. It is not a straightforward download and run software package, so I will give you some instructions. Basically with this tool, Testdisk 6.10, we can bypass the MBR's partition table and just search for the physical partitions on the disk, then bypass file tables to copy out directories complete with files, or individual files.
This tool can also image a disk so that you have a complete backup [complete with errors] if you have a spare disk with at least the same capacity as the Seagate.
PhotoRec ignores basic disk structures and simply hunts for image files.
From this site: http://www.cgsecurity.org/wiki/TestDisk_Download
- download the Windows zip file of Testdisk 6.10, currently the 2nd from top.
- download the documentation bz2 archive.
Create a new folder, name it Disk Tools.
Extract contents of the zip file to a scratch folder, then drag the folder TestDisk-6.10 to Disk Tools, then delete the empty parent TestDisk-6.10-win folder.
Extract "to here" the documentation .tar file from the .bz2 file you downloaded, then extract "to here" from the .tar file the folder testdisk-6.10.
Drag the doc folder from that to Disk Tools\ testdisk-6.10
Easy? You should have:
X:\Disk Tools\TestDisk-6.10\doc + ico + win\.. [you can delete the dos folder]? I dunno what drive you put it on, …

Mmm.. the drive is USB... so SATA etc should not come into the equation? It would be entirely up to the disk controller to deal with disk interfacing from USB. And USB 2.0 drivers were incorporated in SP! and SP2.
I like this bit: "as it'd take longer to fix than to reinstall...?

Sam, those are per user settings, so you need to be in this key, and this will make one change you desire:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001

But there is a piece of malware tha makes these changes so I suggest you run this first:
==Please download Malwarebytes' Anti-Malware
from: http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html
or: http://www.besttechie.net/tools/mbam-setup.exe
=Dclick that file, mbam-setup.exe, to install the application, then ensure that it is set to update and start, else start it via the icon.
Select "Perform Full Scan", then click Scan; the application will guide you through the remaining steps.
Make sure that everything found is checked, and click Remove Selected.
When it completes MBAM will produce a log; examine it: if some files are listed as Delete on Reboot then restart your machine before continuing.
Post the Notepad log [it is also saved under Logs tab in MBAM].

Sure to be, jb... and I may read up on it properly one day, but it's not something I want to do because I feel that some parts of a profile in Application Data and Local Settings\Application Data should stay close to the OS. And the templates path is recorded in registry for any application that puts its templates there. It all adds up to too much interference. But I support moving a lot of the folders out of there, especially those that contain very temporary data - they just fragment the OS too much.

To set the record straight for those who may read this thread, I miscoded my Registry scripts..eg, this won't work:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs]
"C:\WINDOWS\system32\zobubabe.dll"=-
"c:\windows\system32\ritibiji.dll"=-
"c:\windows\system32\kedohugu.dll"=-

..and also my instructions for Avenger of this type:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs | C:\WINDOWS\system32\zobubabe.dll

They should read like this - process is delete the name and hence its data then recreate the name thus:
So, the script:
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
...would do the job, and the Avenger instruction:
Registry values to delete:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs
...would remove the name[or value] and hence the paths of the bad files, but it would be necessary to then make a script to replace the name AppInit_DLLS as above.

Gotcha. And that previous post wasn a lot of work, just scraps from something I worked up for another thread, and some bits I noted for myself , so no problem. What happens if you move the user profile folders and then change the paths in this key HKEY_LOCAL_MACHINE \ SOFTWARE\ Microsoft\ Windows NT \ CurrentVersion \ ProfileList
You would need to change ProfilesDirectory and ProfileImagePaths. But there is sure to be a multitude of other references to the original paths... I wouldn't try it. Maybe on a test drive with its own OS.....
So if it all blows up, I was never here.

Sorry, I don't use Norton, but you will have to remove all partitions from the new drive, make a boot cd with ghost, and use the Copy Drive feature. Don't run it thru your Windows, don't make any partitions on it with your Windows....

That is what I wanted to see, James. Give this a shot... back into MBRWhiskey, Disk:1, highlight Partition 0 [the only one listed]]... see the type is 44hex? We need to change that to 07, so go Partition > Change type, type 07 into the New type(hex) box, Ok it.
As a side note... in that .ini file you made I believe there is an error [not yours or your disks]: where it says EndSector it should say SectorLength. don't worry about it now.. I just added this in case you use the tool on a multi-partition drive and the info does not add up.. :)

Mary, i have no ideas on that.. I would try various gaming sites devoted to Xbox.
Because you are using a wireless receiver be sure the device is connected to a normal, powered USB port [one that is hooked to the mb sockets], and not a hub, otherwise it may not have sufficient power to operate the radio?

You cn move tons of stuff out of C: and away from Windows. It is a good idea. But some stuff should be left alongside Windows.. OE andIE will duplicate some of their files back in C:\Program Files if you move them.. so don't bother, but the OE data files can move. Local Settings... some Windows Application data should remain... Here is a rough I have been preparing, don't have time to poplish it, but this contains all the things I have moved. I have a batch file which automates it..
Moving stuff. First decide what you wish to move out of C: -
I would suggest from User take Application Data, Cookies, Favourites, My Documents, Recent [My Recent Documents];
from Local Settings I would take History, Temp, Templates, Temporary Internet Files, leaving behind the actual Local Settings directory.
I would also relocate Outlook Express mail folders, Opera cache and Firefox cache.
And tell the sys the new default applications path. I think that's about it. Deep breath, now....
Step one - build your desired directory structure on PAPER. I would go something like:
(D:) Ephemera
\Downloads **
\Scratch Pad **
\User Documents and Data **
\\Don **
\\\My Documents
\\\Application Data **
\\\Cookies **
\\\Favourites **
\\\Firefox
\\\History **
\\\Opera Cache4
\\\Outlook Express **
\\\Recent
\\\Temp **
\\\Templates **
\\\Temporary Internet Files **
-on paper, …

Orright! Clean as... don't you also love it when you win one?
I have no idea how you actually ppicked that infection up.. could have been an email, something you clicked on in an infected site, a dodgy download... but the fact is, you invited it in. So be careful out there.
If you do not use the AOL Search item that shows up in your rclick context menu you can remove it by fixing this entry:
O8 - Extra context menu item: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html

Anyway, good luck, Mary C.,... and enjoy the hockey games. Win one, now n then.

Heh... don't you just love it when anti-malware pgms find quarantined malware files, and quarantine them themselves?

O4 - HKUS\S-1-5-19\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [mazayefoha] Rundll32.exe "C:\WINDOWS\system32\yojonaso.dll",s (User 'NETWORK SERVICE')

These two are still there. It's disappointing that Panda did not spot them.
Start hijackthis, select Scan Only, place checkmarks against those two if they still exist, and then press Fix Checked.
And post another hijackthis log....
{A note for those looking on over our shoulders: the Firefox vs Opera comment arose because FF cannot properly render large posts on this site, it leaves blanks or gaps with missing content. Opera works just fine.]

Okaayy.. I just updated 7Zip and WINRAR.... & 7.Zip seems to be the winner for me.. it does iso files now. But I have both. And I am not a software reviewer, just a user of stuff, so I am not making choices based on vanishing margins or other esoterica.

Hello, James.. I'm not stressing here.. :)
Pleas use the link I gave you and not some other you found - you will get both files.
The .7z unzips to give two files [an html and an inf] plus a folder called files. Inside files you will find MBRWhiskey. Other download sites may not have this.
And off you go with it....
Info: WinRAR and 7-Zip are two file compressor/decompressor softwares, similar to WinZip but dealing with differing compression algorithms. WINRAR is possibly the most comprehensive, but comes with a nag. 7.Zip uses possibly the best algorithms, WinZip is simple but most restricted... argh.. look, the 3 are all different, and you can mostly get by with only 7-Zip. No nag. And straightforward as, it just does the job. Most formats you will come across are covered, but not .iso. So for that you need WinRAR or IsoBuster. Sigh. Have, then, &-Zip and WinRAR.

..and svchost needs access, cos it controls some aspects of networking. Mine maintains a UDP connection with my ISP, it listens on 135 [TCP], does DNS requests, FTP, handles shared access for http....

Easy as...
My Documents: Create a new My Documents folder, close ALL documents!! then rclick on My Documents link above My Computer, properties, press Move, browse to the new location, and OK.

You should not have let your Windows "see" the new drive.... it gave it a signature and a drive letter, and your OS now knows that that disk exists. Your OS does not recognise the disk [partitions, actually] by its drive letter but by the signature in the MBR and other charateristics, these are written into the registry and it is how the OS knows the drives [you can change the drive letters any time you like , but Windows still knows the disk and its contents..]. When you cloned to it it realised that it is on a disk it knows , and it won't make it C:, or let it be C:. It gets confused. Most of the registry entries will refer to C: as the System [and Boot] drive but the drive it is on will have the drive letter that Windows gave it when it first saw the drive. You can change that, but not to C:, it won't be an option. So your OS is then very unhappy. It can work while the original C: drive is connected because then it can use it, access the files it knows on it.
Start over is the simplest solution... there is a lot of reg stuff to change otherwise. Do-able, but re-ghosting may be the quickest. simplest option.

Well, you don't say what graphics you are running... ie your motherboard graohics or vid card... but rclick a blank space on your desktop, choose Graphics Properties or somesuch... else Properties, Settings, Advanced, then your graphics driver tab... and you should be in a menu like that of the first option if it existed. Rotating the screen display will be there.
Somewhere.

Clean so far! Carry out my requests in my other post, #33, and we'll see where we stand. There is a remote possibility that some of your software may contain bundled adware and that it will complain, but you can then choose to simply reinstall it.

Hi, James... re that linked page : I often try to give the author's home page to simply give him credit. Bart PE plugin is so that you can integrate the pgm with Bart's PE disc - we are not interested in that. Yep, that is the correct file, it's a .7z, and WINRAR or 7-Zip [both free] will both cope with that. It contains both the GUI and the commandline pgms.
"4. I have tried to use DM to make the C: Drive Active, but when I click on it the "Mark Partition as Active" is greyed out" - it already is Active, so that is fine.
The screenshot: dclick MBRWhiskey.exe to start it; in the HDD box click the down slider, select Drive:1 and the window will populate. Shoot it.
Then go Extra, Write Disk Structure & Part info to file..., Save it to MyDisksPartInf.ini.. drag to a notepad and post it. I have a feeling that this will show that the partition is hidden, or somehow corrupted.
What you could do yourself is read the partition window for Disk:1, and see if any partitions show as hidden. If one does, then simply:
-select that partition in the window,
-go Partition, Unhide.

I could add that the window does not fill until you select a disk; when you select Disk1 [the seagate] a screenshot of the populated window would be nice.

Hello, James.
-Your C: drive is the System drive, it IS being used to boot the system, it is Active [hence that option is greyed out]... I just wished to check before getting you to remove the Active status of the PA drive [seagate]. No active drive woulda made things unnecessarily complicated.
-Re the MBR partition style shown in Volumes tab... that is fine - it is the method Windows hard drives use to record the partition information of the drive, ie. the MBR records the start and length of all partitions on the drive. There is no problem there with files from its previous life.
We can look at the partition information; it may be corrupted. Take care with this tool you will download, don't misuse it. Delete means delete, and so on. But it is easy to use.
Get MBRWhiskey from: http://red.boot-land.net/index.html
Extract the files, MBRWhiskey.exe is the one we are interested in [MBRWiz.exe is command-line only].
Orright, start it [dclick the exe].
=Select Disk:0; go Disk, Save MBR to file, name it MBR_SaveDisk0.dat
=Select Disk:1:, and save its MBR also.
That was for safety, and you can keep those files until you change the disks' partitioning.
=go Extra, Write Disk Structure & Part info to file..., Save it to MyDisksPartInf.ini
Do not be tempted to Repair the MBR - it will only do it for the Active disk, anyway, and that one is okay.