Over 1 million tech questions and answers.

LocalBox for home use is remotely manipulated via Bios and BCDedit changes

Q: LocalBox for home use is remotely manipulated via Bios and BCDedit changes

I have some strong IT Background and had a career in the IT Field installing networks for the past 3 years.  That being said this problem has me completely stumped and I have no clue how to reconfigure this machine back to normal. 
  It appears that the Virus or Malware is embedded within the high ram.  Performing memory dumps, pulling the RAM and CMOS for 24 - 36 hours,  has yielded no different results.  I have tried the following in addition:
Mem Wipe software utilities
Reinstall Windows via Windows 7 Home Disk (purchased from a retail store)
Reinstall Windows via USB Drive containing Windows 7 Pro
Reinstall Windows from a completely different image created using Norton Ghost (base image was Sysprep for any random machine)
Reinstall Windows from another unique image created with Acronis (base image was also sysprepped for any machine)
Used Motherboard CD to reinstall drivers each time. 
Machine has Norton 360 on it. 
Used WipeDrive CD to clear HD of all data and attempted to reinstall windows.
The last bit of info - What I am experiencing on this machine is also affected any device plugged into my network.  I have a kindle (HD 7), windows phone (Nokia Lumi 1020), and 3 Windows Desktops.
These all show the same symptoms. 
*edit* BCDedit shows globalsettings instead of default for boot manager in 2 sections
*edit* Rasman, Lanman, RCPdialer, and other remote utilities that ive never put on this or any other box are all installed on the 3 desktops. Many other programs that I have no clue what they would be used for - I assume for managing domains or virtual machines.
*edit* Folders for Certificates and other credential stores show certs and files that I have never seen before on any machine I've had in my life.   I see redirects in web addresses and find seemingly random log files regarding SQLlite and named pipe shares such as; ..\\.\namedpipe\s-1-5 ....  and so on.  I didn't install SQL anywhere on these machines. 
Workgroups still display in system properties but the local machine is actually in a Domain.  This is identified by attempting to change the account password in Control->User Accounts Control.  You cannot change a password or remove a password in the control UAC, only with Cntrl+Alt_Del ->Change Password.
Pausing the bios information on boot shows ACHI drives and disabling this feature in the bios results in BSOD after Bios Checks finish. 
Reboot to safemode + cmd prompt, with all services disabled and startup disabled - HOSTNAME.exe shows a remote hostname, PINGPATH.exe shows ip configuration not set by my router or local box. 
GNU + Linux with .bash commands are available when booting with the HD that was cleaned using DoD specs 3x R/WR Delete + 1 Verify
Modem: Motorola Surfboard SB516  
Bandwidth: 30 down and 5 up
Routers: Netgear FVS318n(updated Netgear Firmware)->Asus RT N66R (latest Merlin Build)->Cisco(updated Cisco Firmware) e2000
Local Machines: 3 x Win 7 64 bit Home Premium SP1
Thank you for your time in assisting me with this issue. 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17041
Run by Anita at 19:33:03 on 2014-05-25
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8190.6117 [GMT -4:00]
AV: Norton 360 *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton 360 *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton 360 *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
============== Running Processes ===============
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\\ips\ipsbho.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\\coieplg.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Turbo Key] "C:\Program Files (x86)\ASUS\Turbo Key\TurboKey.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink: //go.microsoft.com/fwlink/?LinkID=122915  /build:7601
StartupFolder: C:\Users\Anita\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Users\Anita\Desktop\Logitech\Ereg\eReg.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SKYPE-~1.LNK - C:\Program Files (x86)\Skype\Phone\Skype.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
TCP: NameServer =
TCP: Interfaces\{51E8B31F-288D-4459-B105-CDB468572647} : DHCPNameServer =
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\\coieplg.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\\coieplg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
============= SERVICES / DRIVERS ===============
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1503000.00C\symds64.sys [2014-5-20 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1503000.00C\symefa64.sys [2014-5-20 1148120]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-6-28 677480]
S1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [2014-5-9 1530160]
S1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1503000.00C\ccsetx64.sys [2014-5-20 162392]
S1 ccSet_NZ;Norton Zone Settings Manager;C:\Windows\System32\drivers\NZx64\02005F0.006\ccsetx64.sys [2014-4-14 162392]
S1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\\Definitions\IPSDefs\20140523.001\IDSviA64.sys [2014-5-23 525016]
S1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\ironx64.sys [2014-5-20 264280]
S1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys [2014-5-20 593112]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
S2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-20 59648]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2013-6-28 90112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\\n360.exe [2014-5-20 265040]
S2 NZ;Norton Zone;C:\Program Files (x86)\Norton Zone\Engine\\nz.exe [2014-4-14 522592]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-1-4 137648]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-18 111616]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-1-6 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-1-6 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-6-28 1255736]
=============== Created Last 60 ================
2014-05-21 03:09:55 875736 ----a-w- C:\Windows\System32\drivers\N360x64\1503000.00C\srtsp64.sys
2014-05-21 03:09:55 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1503000.00C\symnets.sys
2014-05-21 03:09:55 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\symds64.sys
2014-05-21 03:09:55 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\srtspx64.sys
2014-05-21 03:09:55 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\ironx64.sys
2014-05-21 03:09:55 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\symelam.sys
2014-05-21 03:09:55 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1503000.00C\ccsetx64.sys
2014-05-21 03:09:55 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1503000.00C\symefa64.sys
2014-05-21 03:09:52 -------- d-----w- C:\Windows\System32\drivers\N360x64\1503000.00C
2014-05-19 21:42:38 162392 ----a-r- C:\Windows\System32\drivers\NZx64\0200610.00C\ccsetx64.sys
2014-05-19 21:42:36 -------- d-----w- C:\Windows\System32\drivers\NZx64\0200610.00C
2014-05-14 11:36:55 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-14 11:36:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-06 15:56:10 -------- d-s---w- C:\Windows\System32\CompatTel
2014-04-18 16:23:59 -------- d-sh--w- C:\Users\Anita\AppData\Local\EmieUserList
2014-04-18 16:23:59 -------- d-sh--w- C:\Users\Anita\AppData\Local\EmieSiteList
2014-04-14 22:00:40 162392 ----a-r- C:\Windows\System32\drivers\NZx64\02005F0.006\ccsetx64.sys
2014-04-14 22:00:39 -------- d-----w- C:\Windows\System32\drivers\NZx64\02005F0.006
==================== Find6M  ====================
2014-05-13 22:40:49 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-13 22:40:49 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:35:56 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-02-04 02:35:49 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-02-04 02:35:35 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:28:36 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-02-04 02:00:39 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-24 02:37:55 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-19 04:50:06 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36 78432 ----a-w- C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14 71704 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10 143304 ----a-w- C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46 126336 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00 115512 ----a-w- C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38 98496 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52 1318552 ----a-w- C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04 1100216 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16 9753752 ----a-w- C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50 8406024 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00 8287008 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10 6630232 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20 8927704 ----a-w- C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54 7751920 ----a-w- C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14 13207552 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:49:18 51200 ----a-w- C:\Windows\System32\kdbsdk64.dll
2013-12-06 21:44:26 38912 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2013-12-06 21:38:52 230912 ----a-w- C:\Windows\System32\clinfo.exe
2013-12-06 21:38:34 99840 ----a-w- C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28 83968 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
============= FINISH: 19:33:10.25 ===============

dds.txt 16.03KB

Preferred Solution: LocalBox for home use is remotely manipulated via Bios and BCDedit changes

I recommend downloading and running DAP. It can help sort out any driver and firmware related issues on your system

It's worked out well for many of us in the past.

You can download it direct from this link http://downloaddap.org. (This link will open the download page of DAP so you can save a copy to your computer.)

A: LocalBox for home use is remotely manipulated via Bios and BCDedit changes

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/535514 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

Read other 9 answers

As the title suggest, I no longer see the option "Factory Image Restore" in the Advanced Boot Windows 10.

Dell Inspiron 7559
Processor: 6th Gen Intel? Core? i7-6700HQ Quad Core Processor 2.6GHz
Memorry: 8GB Dual Channel DDR3L 1600MHz (8GB x 1)
Graphic Card: NVIDIA? GeForce? GTX 960M, 4GB GDDR5 video memory

Back Story
Two days ago I tried to install hackintosh on the laptop while Windows 10 Home is intact. I installed it in a different partition on the same harddrive. So the Windows was at C and the Mac OS Sierra was at E while D is used for data storage.In the process of installation, I press F4 while highlighting the Mac OS installation and then tried to boot it. But I couldn't boot it. The hackintosh failed.I gave up, and then boot from the Windows 10 but it also failed. It showed that there is no bootable device.I made a usb bootable windows 10 to recover the bcd using the command prompt option in the installation but it still failed to boot.I ended up installing the new windows 10 on the E drive (wiping out the failed hackintosh). After doing this, I succeeded.I am able to boot to the new windows as well as the old windows.

To keep things clean, I want to do a factory image restore. The problem is that because I used bcdedit before (see 4), I couldn't find the option to do the factory image restore.

I read online that I can fix the bcd using the visual bcd editor. I have no clue how to use it.

Here's a screenshot of the bcd visual editor on my c... Read more

Read other answers


i have 2 computers in my mini-offfice place and it's like too far from each other (had to place them that way 'coz of the phone ports for DSL)
and i'm having a hard time going back and forth to do work.

the first computer is for my own personal use.
the second one, other people also use it.

i have an admin account on both of the computers (running Win XP) and the 2 comps are connected to a router (via wireless and the other is thru cable).

i was just wondering if i can control the second computer from my 'personal' computer remotely through the router without having to do something on the second computer.

I tried the "remote assistance" service in XP but i still have to start it on the second computer before i can control it on my personal computer.

is there a software that can do this? like a software that just listens over the LAN and then activate it when asked by the other computer..


A:> remotely using another computer through home LAN

Read other 16 answers

Is it possible to remotely shutdown a windows xp home machine. I have tried everything that I can thing of and it doesnt seem to work. Is this a limitation of xp home? I have two xp home machines and a server 2000 and I would like the server 2000 machine to be able to power the xp machines down from the command line if possible. I have tried the shutdown command and it says it cant find the machine that I am referencing but I can ping the addy and I can browse using file mananger to those machines.


A:Remotely Shutting down XP Home

You could put up a VNC server on the computer and then shut it down remotely using the VNC client.



Read other 3 answers

Can Messages in Outlook E-mail Archive Files be Manipulated

I'm a new member, and have searched the threads to see if there are posts on this topic, but have not found any, so I'm posting as a new thread --

System: WIN 98
Outlook version: 2000

While working with my Outlook 2000 E-mail to reduce the size of my folders on our LAN, I have created a number of different .pst Archive files on my hard disk (experimenting to learn how Archive works), but now I want to combine messages between them and/or delete some of them after moving the messages. However, I don't want to lose any of the original messages that were archived in these files. There are files with duplicate messages, etc., and I need to clean things up.

Problem is, it seems that once an archive file is created in Outlook, the messages that were archived there are not easy to move to another .pst archive file. It's easy to move messages between Outlook Folders (vrs. files) in Outlook itself, but moving the messages between Outlook folders does not change the path to the file from where they originated. I have experimented extensively to learn this. It's as if Outlook was designed for the user to establish permanent Archive files, and has no mechanism to easily move messages between files after they are created?

I have tried a couple of approaches to no avail: e.g. Trying to use the Archive feature to move messages between previously established .pst files does not work. Moving messages m... Read more

A:Can Messages in Outlook -mail Archive Files be Manipulated

The best way I have found to do this is to export all of them to another email program like outlook express, then delete the ones you don't want and save the rest.

That is the easiest way I know of and also the best way I know of not losing any of them.

Read other 3 answers

To satisfy one of our new security requirements, I have to install BIOS passwords on 2300 network clients. Anyone know of a simple way to touch BIOS settings over the wire? I really don't want to have to visit each of these machines. Vast majority of my network are Dell/Microsoft clients.

A:Set BIOS passwords remotely

Read other 13 answers


Is it possible to access my home network while away from home: to be able to browse the network, access PCs, and access my file server? If so, how can it be done? Is doing this different from using software like PCAnywhere?

My home network system consists of a cable modem with a Linksys 4-port Router (BESRU31).


A:Remotely Connecting to Home Network?

Remote access software like pcAnywhere let you take over a computer that is on your network. What you see on the screen is what would be seen on the remote computer. If that is good enough then programs like pcAnywhere, RADMIN, NetOP or VNC would work fine. Be aware there a differences in performance, stability and features between them.

If you want to access your home network as if it was a LAN, you would need VPN for that. You would see the remote VPN server as another mapped drive like on a regular network. XP Pro has VPN server built in but only allows one connection at a time.

Read other 1 answers

I have xp pro at work with satellite internet on our lan. I want to try using remote access to access and help a friend running xp HOME. Does RA come with xp home? Is it something she can download from microsoft and install anyway? She's a total noob when it comes to computers, so I was thinking to be able to help her this way.

May end up using PC Anywhere but... I was looking for a reason to delve into remote access, which I've never used. I signed up for the trial of gotomypc, which I am NOT going to keep because of the VPN lag of satellite connections. But she would also have to have it for me to try using it.

Although, maybe she could sign up for the trial and cancel once I've looked at her system.

A:Remotely Accessing an XP Home Puter

Read other 6 answers

A few days ago, I suddenly needed some important files which were stored only at my computer at home. But very unfortunately, I was very far away from it. To avoid future issues, I am thinking to set up a connection which enables me to access ( perfect if I can even modify files) my drive at home. Now I need some networking opinions on my current idea and/or some better ideas.

I can't leave my computer on while away from home. So I am thinking to get a NAS and install a hard drive in it. This NAS must have a function that allows remotely access to the drive in it, correct?? And it should let me set up a username and password for accessing.

But, I have a few worries on it. Is this this kind of connection easy to be hacked? Can I install any security software to protect my drive from being infected and hacked? I don't know if I can cuz there's no OS installed in it. Will any of my files be stored on the internet cuz i am getting it via internet? It's a reason why I dont want to use online storage. Finally, does every NAS has a remote access function or do only some NASs have it?

If anyone have opinions or better ideas, please leave them here. Your words are definitely helpful and valuable to my set up. I highly appreciate it!

A:Accessing At-home Drive Remotely

Read other 16 answers

I am just wondering if there is an easy way to take control of my home PC from say my PC at work? Both are behind firewalls and routers but times like now when it's quiet in work I could be changing things on my home PC.

Is this possible?

A:Solved: Remotely connect to home PC

Read other 7 answers

I have roughly 100 M920q's that I want to set up with an identical BIOS config. Whilst I could do them all manually, this will take a significant amount of time.I looked at the Lenovo BIOS Config Tool, but this doesn't seem to apply settings from the config files to any of the several machine models I tried.I then went to look at the Windows BIOS Setting tool. The first tool; SRWIN.exe (& x64 version) errors out with the followingStartService Error: 5
CreateFile Error: 2
Unable to get bios driver handle.The second tool CFGWIN.exe (& x64 version) works but doesn't provide the same level of functionality as the first tool.Please, could someone help me out, as I don't want to have to manually set ~100 PCs.

Read other answers

Hi, how can i upgrade BIOS version of ThinkCentre M remotely. Could you please inform me? 

Read other answers


I'm currently looking for a way to change all of our Laptop & Workstation (Approx 250+ machines) BIOS passwords using a remote tool if possible. The majority of laptops are Latitude and the workstations OptiPlex although most of the laptops have BitLocker activated.
We also use Empirum software to push out software if this would be of any help.

I have been looking around and into using the Dell Client Configuration Utility and also the OpenManage tool although I'm not too sure if they would work for us due to us using BitLocker.

Any help would be much appreciated.

Thanks in advance.

A:Changing BIOS Passwords Remotely

i'm afraid we cannot help with password on our forum
as you will see from the rules - you agreed to when you joined


Passwords - Please do not ask for assistance with (or ways to bypass) a forgotten or unknown password, personal identification number (PIN) or any other type of access code that may be required on a computer, mobile device or web site. As there is no way to verify the actual situation or intent, no assistance will be provided and any such threads will be closed.Click to expand...

closing post

Read other 1 answers

My home computer uses windows XP Pro SP3

My work laptop uses windows 2000 and I don't see a remote desktop connection anywhere.

Can this be done, and if so , can you please help me!


A:remotely connect to my home desktop from work (different OSs)

Read other 10 answers

In my previous topic, I explained how this hacker was making my life hell. Please help me catch him! I've got myself pretty well backed up and he can't hurt me by deleting anything, so rather than remove his access, I'd like to see if we can find out who he is, and get evidence enough to get a conviction. He has spent months terrorizing my wife, and even my children are emotionally damaged because of this guy.


Here is my log:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Gaylen at 8:38:45 on 2013-01-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3069.1736 [GMT -7:00]
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
============== Running Processes ===============
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalService... Read more

A:Hacker Remotely controlling 2 pc's on my home network

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. To help Bleeping Computer better assist you please perform the following steps:*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/481261 <<< CLICK THIS LINK If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.*************************************************** If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lo... Read more

Read other 2 answers

Hi All-

I currently have VNC set up on my network to work on the three machines well. I would like to use VNC Viewer elsewhere to control my machines.

The problem is this-

All three machines are behind a modem and router, so I don't know what to use as an IP addy for VNC Viewer.

Anyone have any idea how to do this?



A:Solved: Remotely control home machine

Read other 7 answers

My laptop at home runs on Vista, and my pc at work runs on XP. What is the best way of connecting these two remotely so that I can view my work files/emails from home and how do I proceed on doing this?

A:I need help connecting to my work pc from home laptop remotely

"how do I proceed on doing this?"

Ask your work's IT department.

"What is the best way of connecting these two remotely"

Ask your work's IT department.

Read other 3 answers

I have 2 network printers connected to my router, I'd like to be able to print to them remotely when I am away from home without having to keep a computer on 24/7 at home. I think this should be possible by configuring the ports on the router but I'm not sure exactly where to begin. Any help will be greatly appreciated. Thanks!

Read other answers

Is it possible to setup a Windows XP Home machine as a host so that I can remotely connect to that machine?

I read an article on Microsoft's website about this, but it say's it works only for Windows XP Professional Edition as the host. Is that true, can I not have an XP Home edition machine as a host?

Anyway, what I would like to do is remotely connect to a Windows XP Home machine (host) (this machine does not have broadband, only a dialup internet connection) from a Windows XP Professional machine (remote) (this machine does have a broadband internet connection).

If this is possible what are the steps I need to take to get this working?

Thanks in advance for any help.

A:Remotely connect to Windows XP Home Edition Machine

There is a free open source program called RealVNC that works wonderful for remote access across the Internet and ona local network. The only thing with dial-up is you would need to have someone else at the "host" to connect it and tell you what the assigned IP address is for you to connect to it. And I don't think this is what your looking for.

I thought Microsoft Messenger allowed remote access. Is this not the case with Home Edition? I had a Windows 2000 machine that I set up as a RAS(Remote Access Server) that allowed me to dial my home phone, the PC modem would answer and establish a connection and then I could browse and access files on my network.

Again, not sure if Home Edition can do this (doubt it). You might have to upgrade to Professional.

Read other 1 answers

I am using Remote Desktop Access to access my PC at work from my laptop at home which is behind a security enabled Linksys WRT54G wireless router.

Although I have enabled my PC at work to be remotely accessed and I have been successful in accessing it when I am on the WEP secured wireless network at work, I cannot access it when I am home.

I have seen several posts related to this but nothing seems to work. A step by step directions to get this solved would be great.

I am sure everything is in order in the work computer but there is probably some configuration with the Linksys router that is not allowing me to use Remote Desktop Access.

A:Accessing work PC remotely from behind a Linksys router at home

Read other 9 answers

Hello BC, some of you probably don't know me as My Computer is Pwned.  I didn't want to bother recovering the password to that account, and I'd rather use this name instead.  Also, this time, it's not my computer that's pwned.
You see, my mother has a problem with her Vista laptop.  Someone seems to have taken over control of it, or something.  Firefox randomly started flipping out, closing tabs she didn't close, randomly highlighting & unhighlighting text she didn't even go near, and so on.  When she went to check her history, a box came up that said "clear all history" instead.  When she went to view it from the menu bar, the menu disappeared and the highlight on the dropdown kept flashing irregularly, much like the highlighted text.  After disconnecting from the network and closing FF, the trouble seemed to continue on the desktop.  After removing the network adapter and rebooting, first in safe mode (had to reboot to install MBAM), the trouble seems to have stopped.
Also, a few hours ago, she heard a "click" sound effect while watching a video saved to the computer, even though she hadn't clicked on anything.
MBAM is scanning now, albeit with what it says is a 200+ day out of date database (even though I just downloaded it to a thumb drive off their site less than an hour ago), and now I'm afraid to put that thumb drive back in this computer, which is annoying because it has a lot of my files, many... Read more

A:Vista Home Premium SP2 - acting as if remotely controlled

Hello, lets see what MBAM and these say then we will move along.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here..

Read other 1 answers

Hello, we've quite a few Thin Clients and they are doing a good job. But i need to change some BIOS settings. Is there a way I can remotely change BIOS settings on the T520's? Or do I have to visit each machine  and manualy change them? Thanks for your help!  Kind regardsturnitoffandon

Read other answers

Microsoft article

'NOTE: before setting BCDEdit options you might need to disable or suspend BitLocker and Secure Boot on the computer"
We are changing bcdedit /set settings via a group policy startup repair script. For BitLocker-enabled computer, we have specifically included in the startup script to -disable & -enable BitLocker:

The startup script looks like this:

bcdedit /set {default} recoveryenabled No
bcdedit /set {default} bootstatuspolicy ignoreallfailure
bcdedit /set {default} displaybootmenu No

manage-bde -protectors -disable c:
manage-bde -protectors -enable c:

BitLocker enabled computers Information:
BitLocker version : Windows 7
Converstion Status: Fully Encrypted
Percentage Encrypted: 100%
Encryption Method: AES 235
Protection Statu: PRotection On
Locl Status: Unlock
Identification Field: Non
Key Protectors: TPM      Numerical Password

Question: We have disable & enable BitLcoker.  Do we also need to disable or suspend Secure Boot? how do we do that?

Thank you

Best Regards,

Read other answers
Q: bcdedit

Opening as elevated permission however it comes back saying
the requested system device could not be found.


Have you tried rebooting the machine?

Read other 4 answers

I am trying to add a second hard drive to my HP laptop, both drives have Windows Vista and are healthy.  I can see both drives in Windows Explorer and access the files of both.  They are both listed on the Computer Management and Device Manager.  My BIOS does not show the option for a second hard drive to be used for booting.  In order to add the device I have tried to use BCDEDIT.  The error I keep getting is that "a description for the new entry must be specified".  Here is what my log shows:
Microsoft Windows [Version 6.0.6002]
Copyright © 2006 Microsoft Corporation.  All rights reserved.
Windows Boot Manager
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {f9fef231-d622-11dc-a957-b443ad44f611}
displayorder            {current}
toolsdisplayorder       {bdbdbd00-6057-11e0-a7f3-ce9adfd72001}
                       ... Read more

A:BCDEDIT / Trying to add 2nd HDD

I believe this won't work since you are trying to boot from two identical OSs. also, unless the second HD came out of an identical HP computer it almost certainly won't have the correct and necessary drivers on it. further, I would have to ask what is the point of trying to boot from either of two copies of the same OS ?  Would you not be better just formatting this second drive and using it for additional data storage ?
I run Win 7 and I have run XP in a VM on my 'C' drive and my own computer dual boots into Win 7 or Linux Mint but Mint is installed on a separate hard drive, although it would work just as well in a separate partition. Are you trying to fit this HS internally or via a USB connection ?
Chris Cosgrove

Read other 1 answers

I was having trouble with a paint shop pro plugin freezing up vista, so I googled the problem. The fix was to go to the dos command prompt and type: "bcdedit.exe /set {current} nx AlwaysOff"

I did this and now windows won't even start! I have a Dell studio 1735, running Home Premium Vista. I have run the diagnosis commands over and over and windows can't seem to find the problem. Does anyone know how I reverse this command???

A:I messed up = bcdedit.exe

Hi, see if safe mode works then use command prompt OR F8 at boot to access recovery and a command prompt OR borrow a copy of Vista and use "repair your computer" to access command prompt. Have a look at this site Note the proper way to do what you wanted, and what command you need to undue it.


Read other 1 answers

Been having fun with having dual booting on my machine now, but here's a question I'm wondering if you can do, and if you can do it, how. I read that you can boot off of a DVD as well. So can you boot off of a external drive as well? I know my computer will allow me to boot off of a usb, but what would like to do is this. #1: Turn on computer and have it go directly to the C drive and boot normal.
#2: Turn on computer and tell it to boot off of the USB and have the USB act as the C drive while I'm doing things.


A:BCDEDIT Question

You will have difficulty booting windows 7 from a usb connected drive.

It can be done - best left to the geeks.

Read other 5 answers

I need to run bcdedit on my Windows 8 To Go installation, but I'm not sure how to do that. Any assistance would be greatly appreciated. Thanks!

A:Need to run bcdedit on Windows 8 To Go

Don't know exactly what yo are trying to do, but this may help:

Startup Options - Enable or Disable in Windows 8

Welcome to Windows 8 Forums!

Read other 5 answers

Hi All,

I would need some help. Because a game of mine, Total War Shogun 2 crashes continuously at one point in the game when a turn is ending, I went online and checked out some possible tweaks and/or solutions. Most people appeared to be saying that the trick was to increase allocated memory by going into BCDEdit and increasing the memory allocation. I did this by typing the following in the cmd window after running it as an Administrator :

bcdedit/set increaseuserva 2500

The command line worked. Except, I have Windows 7 64bit, and it seems that this wasn't something that was needed to be done since the 64bit version already allocates sufficiently high amounts of RAM for running applications.

Where I need your help is to restore the original settings that were present before I increased RAM allocation.

I tried writing this : bcdedit /deletevalue increaseuserva

This didn't work because that command line doesn't seem recognised right now by my OS. It gives me an error of sorts.

Can I just write something like
bcdedit/set increaseuserva 8000 ???

I have 12GB or RAM.

I had noticed that my computer struggled opening some applications after doing that first increaseuserva.

Any help would be appreciated.

P.S. That also didn't help to fix the game crash, so I guess double whammy for me.

A:Played around with BCDedit and now need help

bcdedit/enum all

look carefully. Do you see increaseuserva?
There's no need to set this setting on x64 win7! Please delete it

Read other 5 answers

Alright, I got a way around for the problem I posted in
Windows 7 and slackware ? Everything failed.
I won't tell how (Its large!)
Now there is just one problem.
I have windows and slackware (13) installed but there is no menu to boot into slackware.
Can anyone tell me how to configure bcdedit so that I can boot into slack?

A:Help me configure my bcdedit !

Quote: Originally Posted by aaryan0077

Alright, I got a way around for the problem I posted in
Windows 7 and slackware ? Everything failed.
I won't tell how (Its large!)
Now there is just one problem.
I have windows and slackware (13) installed but there is no menu to boot into slackware.
Can anyone tell me how to configure bcdedit so that I can boot into slack?

Hi and welcome

There are some really good tutorials here . Instructions for bcdedit and its use are here BCDEDIT - How to Use

let us know if you need help

Ken J+

Read other 2 answers

If one has activated the /3G switch at a command prompt using the command: BCDEDIT.EXE /SET INCREASEUSERVA 3072, how would I go about returning this setting to original settings?

A:BCDEDIT settings

bcdedit.exe /set increaseuserva 2048

Read other 3 answers

I have a Windows 7 installed on a SSD-GPT partitioned disk which is booting normally (the BCD store is on the ESP partition). Further on the disk I created an ext4 /boot partition and LVM where I have correctly installed CentOS 6.5.
Afterward I've added an entry to boot Linux with Bootice "New RealMode entry (Grub/Linux)" which create the entry with :
ApplicationDevice = (hd1,5) that corresponds to the ext4 /boot partition
ApplicationPath = \grldr.mbr that corresponds to nothing on the partition
and does not boot

Does someone know if it is possible to boot Linux (CentOS) whith BCD ?

Any help would be appreciated...

Read other answers

I have the following partitions:

1. Windows Vista
2. Windows XP
3. Documents

I can boot both windows vista or windows xp by setting each partition to active using a bootable disk i have.

I however want to add a bcdedit entry that will allow me to boot to the xp partition as i would if it were active for vista.

I have given it a go and many sites suggest odd things about the path being "\ntldr". I dont really understand how it works when i have no folder called that but still i tried it and i set the "device" option to "partition=D:"

I added entry to displayorder and tried to start xp from the boot menu. On doing so the computer restarts. I also tried setting the path to "" (blank) and also to "\" with no luck.

How would i go about this ?

ps. on my xp partition i use boot.ini to have more than one entry...so after selecting xp on the vista boot loader i would prefer it to show the boot.ini list..

am i trying to do sumthing not possible here. I understand xp's botting system but not vista at all really.

any help appreciated. Thanks.

A:Vista and XP BCDEDIT

In addition when i tried using "vistabootpro" it set it up the same.

WHen like this the result is the computer actually restarts when u select xp

Read other 2 answers

I dont understand why im installing W7 in a second hard drive, The temporary installation source X:\windowsis present. After copying installation files, SSD Is ready to be installed.

After rebooting,the old hdd has the new bootmgr of the SSD.
Im saying this because my present Windows is in french and my ssd should be in enlglish.
I saw when I booted in a useable windows

In my Rampage Formula 3 Mobo, into the Bios, in the boot option then chosing hard disk drive, all HDD were toggled on.In boot sector I can see only once hdd and dvd burner example or USB bootable key, I can chose the first hdd where was written in hard disk drive feature.

To resume, the boot tab in bios own Hard disk option. In boot tab I have to chose the bood device priority. In hard disk drive, this menu give me to chose my X hdd or Y hdd in first to see it in Boot but had all hdd in hard disk drive menu.

I suppose maybe if I installed my OS into the ssd while the bios option hard disk drive menu were off in Boot tab.
So maybe the Bootmgr wouldn't have mixed into the wrong drive ?


When you're installing Windows onto an SSD. Make sure the old hard drive is unplugged. Or the System Reserved hidden partition will be installed on that.

Read other 9 answers

I have Win 7 64 bit build 7100 installed. While checking on a problem, I opened BCD and noticed that there is no path line. Is this a problem? If so, how do I repair it? Screen captures of the BCD and disk manager are attached.

A:no path in bcdedit

Hello Soon2bexpat,

This is normal to not have a path item under the Windows Boot Manager section in BCDEDIT. You will only have one under the Windows Boot Loader section.

Read other 1 answers

Noticed that without including {default} - the two commands managed to edit the bcdedit settings.
bcdedit /set recoveryenable no
bcdedit /set bootstatuspolicy ignoreallfailure

just wondering, the <id> -- {default} - this is mandatory or it is ok not to include it?
without including {default} / {current}  --- what are the impact?

Thank you

Best Regards,

Read other answers

My old PC could boot into either of two completely independent OS's - Windows XP and Windows 2000. Selection was controlled by the boot.ini file on the XP partition.

Neither OS could see the other. So when I booted into WinXP, XP became my C: drive whereas Win2K had no drive letter assigned. Conversely, when I booted into Win2K, 2K became my C: drive whereas WinXP had no drive letter assigned.

I'd like to replicate this arrangement on my new PC which currently has only Windows 7 installed (but I'd like to add WinXP as a second bootable OS).

As I understand it, Windows 7 no longer uses boot.ini. Instead, it uses a command line utility called bcdedit. However, unless I've missed something, bcdedit cannot boot from a drive unless Windows 7 has allocated it a drive letter. This is a seriously backward step from the old boot.ini philosophy, since it makes it impossible to have two boot OS's completely isolated from each other.

What am I missing here? Surely this isn't true??

A:BCDEDIT confusion

Hello johne53.

If you want to 'hide' one OS from another in a Windows managed dual boot; once both are installed ...

In Windows 7 remove the XP drive letter.

In XP remove the Windows 7 drive letter, if Windows 7 is the "System" partition XP may not let you remove its drive letter.

The real way to 'hide' one OS/HDD from another is to install each OS to its own Hard Disk Drive (HDD) one at a time.

Start by disconnecting all HDDs except the one to install Windows 7 to from the motherboard; when that's installed, disconnect that one and connect a second HDD to install XP to; then power down the PC and connect both HDDs; then set the OS/HDD you want as default in the BIOS, then when you want to boot/start the second OS/HDD use the BIOS one-time boot menu specific to your mobo to make the selection.Asus - F8
HP/Compaq - Esc
Sony - F2
Acer - F2
Gateway - F10
eMachnes - F10
Toshiba - F12
Dell - F12
IBM/Lenovo - the blue Thinkvantage button

Read other 9 answers

hello fren...

I have a C: partition with the contents of windows xp
and I have a D: partition with the contents of windows 7
then I accidentally delete the C: partition in order to remove XP
then I made ​​the drive D: set of active primaries for the purpose of my laptop can boot into windows 7 directly.

(with active disk boot)

happens next is
BOOTMGR is missing

so I hv copied BOOTMGR file from BOOTMGR Active disk boot.
but next happens is BOOT\BCd bla.. bla.. bla..

I found that I delete the partition boot folder c:

any idea how i create my boot folder (with windows7 repair cmd of course).

some tutorials just explain usability of bcdedit /xxx or /xxx. hey my dear can help me step by step.
my eyes are hot read articles and tutorials or I have not found a proper reading

thanks for the prof.;

A:create BCD with BCDedit

Take a look at this tutorial:
Partition : Recover Space Used by an Older OS

Read other 4 answers

Is there a way to make "Start Windows Normally" the default option without disabling recovery? I would like to be able to still use winre.

A:bcdedit question

So ONLY thing you want is: change the default menu option to "current running win7 system"? If so Elevated Command Prompt then

bcdedit/default {current}
Post results

Read other 6 answers


i am trying to made a hard drive bootable by using the bcdedit commands.

i have executed all entries successfuly but still i am not seeing it in boot menu as "Window 7 setup".

Can anybody help me?

A:bcdedit problem

Hello maifs.

Please be very specific about what you are trying to accomplish so we can help you; have you seen the tutorial at the link below?

BCDEDIT - How to Use

Read other 4 answers

Scenario: Unbootable W7 computer (that originally had a dual-boot setup)

To cut a VERY long story short, the attachment shows what I see after I run a W7 Recovery disc and get Admin access to BCDEdit via the command line.

As you'll see from the attached .doc (Word 2003) file, the CMD title screen shows 'Administrator: x:windows\system32\cmd.exe'.

At the bottom, the prompt shows 'x:windows\system32>'. So, 'X'. Why is that?

If I remove the Repair Disc and reboot I get the message:
BOOTMGR is missing. Press Ctrl+Alt+Del to restart.

Anyone able to help me with editing BCDEdit to solve this situation?

Cheers :-)

Read other answers

Hi,Thanks in advance for any help you may be able to provide.I am running Windows XP SP3 (fully patched) on a PC and have lately noticed a copy of bcdedit.exe in folder C:\WINDOWS\Temp which has made me a little suspicious that I may have inadvertantly picked up some malware. This file seems to be modified on every boot judging by the file's properties.Until recently I used ZAISS for protection, with regular on-demand scans using MalwareByes and SpyBot, and haven't had a virus for many years. I have recently changed to PrivateFirewall with Avast Free AV which seem to be working well together and I wonder whether the appearance of bcdedit.exe in the WINDOWS Temp folder may be linked to these installs. I've searched online with no luck apart from a response in German (http://www.trojaner-board.de/146341-bcdedit-exe-c-windows-temp.html) which appears to indicate bcdedit's OK in C:\WINDOWS\Temp - but I'm not convinced. There's nothing on the Avast nor PrivateFrewall forums either.I have run scans with Avast, TDSSKiller, ASWMBR, MalwareBytes and GMER but they've found nothing.Anyhow,I've run DDS (as instructed) and can provide the log file. Could you please check whether there appears to be anything untoward with my machine?Kind regards,Rock Edit: Moved topic from Windows XP to the more appropriate forum with DDS log edited out of original topic. ~ Animal


I see you removed the DDS log.  This type of log is not to be posted in the Windows forums, they should be posted in the Security forums.
If you think you may be infected I would suggest starting a topic in the Am I Infected? What Do I Do? forum.  This is a centralized place where advanced members and staff can provide initial assistance with malware removal. If your issues cannot be resolved there, then you will receive further instructions as to what you need to do.
Please be patient, I will have a Moderator move your topic to the appropriate forum.

Read other 7 answers

Hi everyone.

I have a fully up todate pc that has XP P (32bit) on one partition and W7 P (64bit) on the other partition. (same HD)

Both Operating systems are fine.

My problem is that for some reason between switching the pc off and back on the following morning the mouse and keyboard do not work so I cannot tab between which operating system I want. (the keyboard and mouse work fine once either operating system is loaded, so its not faulty gear or connections

Set that aside for the moment, as my real question is..

Last Time, I let the pc default boot into W7 and used BCDEDIT to change the boot so it defaulted into XP, now I want to change it back to default into W7 how do I do this in W XP ? Please.

I will sort the keyboard and mouse out later but obviously I cannot get into the bios either.

A:BCDEDIT changing defaults

If the Windows 7 is 32bit then you can try this.

You will need to find where the BCD file is located, drive and path. On the root of the drive you will find the file bootmgr and the folder boot, the BCD file should be found in the boot folder. If XP was installed first then it'll probably be on the XP drive. These are hidden system files so you will need to open folder options and set to show them.

Next browse to the Windows folder for Win 7, hold down Shift, right click System32 and click "Open command window here".

Type "bcdedit /store [Path to the BCD file]" and press enter, eg. "bcdedit /store C:\boot\bcd".

Look for the Windows Boot Loader entry for Windows 7 and copy the Identifier for the next command. Make sure to include the curly braces in the identifier.

Next type bcdedit /store [Path to the BCD file] /default [Identifier for Win 7]

Now hopefully that works. If you get any access denied or file in use errors you may need to boot from the Win 7 DVD if you can without the keyboard.

Read other 7 answers

Hi, I've been trying to modify the W7 bootmanger to show my XP drive.
I have XP on D: (sata)
W7 on C: (ide)

These are the changes I made to the default

bcdedit /create {ntldr} /d "XP"
bcdedit /set {ntldr} device partition=D:
bcdedit /set {ntldr} path \ntldr
bcdedit /displayorder {ntldr} /addfirst
bcdedit /default {ntldr}
bcdedit /timeout 5

Everything worked apart from when XP was selected it gives the error NTLDR is missing or corrupt.
However I am able to boot XP if I change it to the primary boot drive in the BIOS.

I also tried setting it to C, just in case the drive lettering was incorrect according to W7.

Any ideas on why this isn't working?

A:BCDEDIT - NTLDR not found

Copy file of win XP "boot.ini" and "NTDETECT.COM" in the partition of win 7 "C:\"

Read other 2 answers

hello every body, I want to help about bcdedit, thanks so much.
now the bcdedit info. is:

Windows Boot Manager
identifier {bootmgr}
device partition=\Device\HarddiskVolume1 (here is what I want to change to partition=C
path \bootmgr
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {7effb452-9910-11df-b7da-b1ebfe0c7e6d}
displayorder {7effb453-9910-11df-b7da-b1ebfe0c7e6d}
toolsdisplayorder {memdiag}
timeout 5

Windows Boot Loader
identifier {7effb453-9910-11df-b7da-b1ebfe0c7e6d}
device partition=\Device\HarddiskVolume1
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {7effb454-9910-11df-b7da-b1ebfe0c7e6d}
recoveryenabled Yes
osdevice partition=\Device\HarddiskVolume1
systemroot \Windows
resumeobject {7effb452-9910-11df-b7da-b1ebfe0c7e6d}
nx OptIn

Real-mode Boot Sector
identifier {7effb456-9910-11df-b7da-b1ebfe0c7e6d}
device partition=\Device\HarddiskVol... Read more

A:bcdedit HELP, please. about boot windows 7

The easiest way to do it is remove the old hard drive and boot into the Windows 7 disc and repair from there.

"bootrec /fixmbr" or "bootrec /fixboot" should work when in the command prompt.

Read other 8 answers