Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Folder with #2 sub folders, one BCD file


  • Please log in to reply
5 replies to this topic

#1 trimmer1

trimmer1

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:07:55 PM

Posted 29 September 2014 - 03:05 PM

I have a folder I never seen before showing, after I ran ComboFix a few weeks ago. "\Device\HarddiskVolume1\Boot BCD" (file).  - I thought it was created by ComboFix so I moved it to a USB I have. I'd like to know where this folder goes or what to do with.

 

I did some reading and searching in my PC, in this path "HKEY_LOCAL_MACHINE\SYSTEM\Setup". #1 String Value name "CmdLine"  "ValueData" is "C:\Program Files (x86)\jv16 PowerTools 2012\RegCompact\RegCompact.exe". #1 other String Value "SystemPartition" "ValueData" has "\Device\HarddiskVolume1". I moved "\Device\HarddiskVolume1\Boot BCD" to "D:HP_RECOVERY" i.e. "D:\Device\HarddiskVolume1\Boot BCD". I assume jv16 Power Tools 2012 Registry Compact uses this folder(?) because I ran it yesterday and on reboot/compacting it ran so long, it seems. I turned the PC off. I then moved that folder "\Device\HarddiskVolume1\Boot BCD" to "D:\", ran RegCompact again and all went fair. My PC seems to boot slower and run slower. - I've looked high & low to resolve this w/o asking for help, until today. Running W7 x64, Thanks in advance,
-Dale



BC AdBot (Login to Remove)

 


#2 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 29 September 2014 - 03:40 PM

The BCD is short for Boot Configuration Data. It took the place of boot.ini in XP. The BCD registry file is located at \Boot\Bcd on the active partition. If you have the 100MB System Reserved Partition it would be there. I am no Combofix expert but I assume it created a copy of the BCD store.



#3 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:07:55 PM

Posted 29 September 2014 - 06:39 PM

When I open Macrium Reflect I see "MRB Disc 1 [D62E49A5] - WDC" and just below that is
"1 System (None) NTFS Active" and lower in the box is "24.6 MB" it's stacked on top of "100.0 MB". The "HP_RECOVERY (D)" is where I have "\Device\HarddiskVolume1\Boot BCD" - Properties on D: are "10.1 GB 1.39 Free Space". I don't see this 100 MB partition...only in Macrium backup. Sorry, I'm a bit slow, would "\Device\HarddiskVolume1\Boot BCD" be OK in "HP_RECOVERY (D)" - I'm using W7 x64, I never owned XP OS. Regards,

-D.W.



#4 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 29 September 2014 - 08:13 PM

System (None) NTFS Active" and lower in the box is "24.6 MB" it's stacked on top of "100.0 MB" is your System Reserved Partition. The System Reserved Partition is hidden from normal view. You can see it in Disk Management. Right click Computer > Manage > Disk Management. You should see the 100MB System Reserved Partition at the beginning of the disk. This partition is marked active. The BCD is in this partition. I don't know why \Device\HarddiskVolume1\Boot BCD is in your Recovery Partition. It would not hurt just to leave it.



#5 trimmer1

trimmer1
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Tennessee
  • Local time:07:55 PM

Posted 29 September 2014 - 11:51 PM

In  Disk Management there's > 8GB(J:) (Layout) Simple > Type (Basic) File System (FAT32) Status (Healthy (Active, Primary Partition). The #4 others are HP_RECOVERY (D:) > OS (C:) > SYSTEM > Toshiba Canvio Hard Drive (K:) all with >NTFS instead of FAT32, as with my 8GB (J:) thumb drive.
 
I see the "SYSTEM" properties are 34.1 MB free space with 65.8 MB used space, all total 99.9 MB. OK, the reason "\Device\HarddiskVolume1\Boot BCD" is on my Recovery Partition is because I had never seen it and didn't know where it went. Like I said, I moved it to a USB drive. It was only when I found it in the registry, after jv16 wouldn't finish RegCompact, I moved it from my USB thumb drive to > D:\
 
I don't think it should be in > HP_RECOVERY (D:) either, but I do think jv16 needs it. As you do, I don't think it'll do any harm wherever it's at, I think it's just a copy. I'm going to rename it and the next time I use jv16 RegCompact see what happens. I have to show all hidden OS System files to see it, I made it a hidden file using > attrib +h +s "{Path_To_Folder}" - If you could or know, what it the reverse to that command, to unhide the folder. It's not that important, I just want to know how.
 
Thanks very much,
-Dale


#6 JohnC_21

JohnC_21

  • Members
  • 24,295 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:55 PM

Posted 30 September 2014 - 07:29 AM

I would not know why any program other than windows would need BCD. In order to reverse the hidden file use attrib -h -s "{Path_To_Folder}".




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users