Using BCEDIT

[Mongoid]

Hi folks,

I received a machine with Win 7 Ultimate 32bit installed from a neighbor to look at as he was having issues and it turned out he had a bad stick of RAM. Usually no big deal but I noticed he had a TEST MODE watermark showing on the lower right of his screen. He had several of his friends look aqt the machine before me so I assumed one of them had mistakenly used BCEDIT to turn testsigning off while messing with drivers. It turns out one of them had decided his problems could be fixed by patching my neighbors legitimate Ultimate installation's kernel with some Russian patched one. The kernel is listed as ntkrlstaforce in BCedit. Similar to this I think: UNAWAVE - 32-bit Windows 7 with full 4 GB or 8 GB RAM support
Anyhow the "testsigning on" is needed obviously for this modified kernel to load. His windows installation will not start or repair or restore. I need to be able to turn back on testsigning in BCEDIT and am having zero luck getting the command to complete successfully from the repair command prompt.
I used bcedit /set testsigning off to turn it off from the command prompt in windows before i rebooted.
I am totally lost using bcedit from the Windows Repair Command Prompt. Can anyone help me to get testsigning turned back on. I cant even get bcedit to list the boot options for me to see if there are mutiple boot options like in the patch i linked to earlier. Maybe just delete the option to use the modified bootloader?

Thanks to anyone and all in advance

Mongoid

 

[karlsnooks]

Hi Mongoid and welcome to SevenForums.

What you need to do is perform a clean install of Win 7 on his system, complete with zeroing out the hard disk as explained in the first link I give.

Clean Install - Prepare a drive for
Clean Install Windows 7

 

[Mongoid]

Really?

Thanks so much for that solution, Mr. 5000 posts. Exactly what i was looking for....sigh.

 

[Mongoid]

OK got it

If anyone is interested, I fixed the issue eventually after some more reading. After booting off the Ultimate DVD and choosing the option to repair, I chose command prompt. The commands are actually fairly simple and I was making it far more difficult than needed. I used the command bcdedit.exe /enum all. This listed all the objects in the store but more importantly gave me the GUID of the non-patched installation.
Once i found the guid that was using winloader instead of ntkrlstaforce i used the command bcdedit.exe /default {GUID}. This set the non patched version as first in the boot sequence and allowed me to get back into the non patched version. Now i will set about removing the patch entirely from the machine.

I have read a lot of informed answers here (including excellent info about bcedit) however; that being said, I must say i am diappointed by the lone reply I received from karlsnooks above. I mean really? All that status here and his first advice is to format and do a clean install? If i was less informed as most people are who search for help on the net, I may have followed his ludicrous directions. You guys have no way of filtering out post whores?

Y'all have a nice day

Mongoid

 

[Pierre50]

Hello Mongoid,

If you are somewhat certain that the system has not been compromised by the 'modified kernel', it's all Good!

Glad you found what you needed to recover the system... BCEDIT can appear rather intimidating at times...

 

[mjf]

Mongoid
Ever heard the saying "Beggars can't be choosers"

 

[xboxhaxorz]

Mongoid
Ever heard the saying "Beggars can't be choosers"

hes not begging, simply asking for help. maybe where your from help is considered begging, i would hate to be your kid.

 

[Mongoid]

S'all Good

@mjf ...its a good thing this beggar was a chooser....saved me a pile of unnecessary work Sorry if i seemed unappreciative to you, but an average user (the type that mostly read these posts) may assume from all the decorations and posts on karls avatar that his was an authoritative solution. To state that a zeroing of the drive is THE first and only solution....well I dont much appreciate that.

@pierre50...thanks....i'm pretty sure as long as the actual patched kernel file is deleted and any reference to it is removed using bcedit, it reverts to loading the usual kernel and its all good....not a peep from the neighbor and its been a couple of weeks.

Thanks again folks

Mongoid