08.23
While I have searched around for a while, for some reason I cannot find any explanation for the custom:45000001 entry.
Can anyone offer an answer?
My theory… There is an entry being hidden from me either in the BCD or MBR possibly referring to a virtual device or drive.
I have reason to believe a rootkit is hiding on the machine – a targeted hack. When I installed XPUD, (just to gently touch the settings), on the next boot an entry appeared for Windows XP. That Windows XP entry has disappeared after only appearing that one time.
I am including plenty of data below. Detailed entries from EasyBCD and the output from ‘BCDEDIT /enum all /v”
Usually just a normal Vista laptop.
EASYBCD Data
====================
Windows Boot Manager
——————–
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {dfda5002-671b-11de-99f0-00235adea060}
resumeobject {dfda5003-671b-11de-99f0-00235adea060}
displayorder {dfda5002-671b-11de-99f0-00235adea060}
{9866d120-b87e-11e0-a4c1-b7d5bc228d71}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 10
resume No
custom:45000001 1
Windows Boot Loader
——————-
identifier {dfda5002-671b-11de-99f0-00235adea060}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {dfda5003-671b-11de-99f0-00235adea060}
nx OptOut
Real-mode Boot Sector
———————
identifier {9866d120-b87e-11e0-a4c1-b7d5bc228d71}
device partition=C:
path \grldr.mbr
description xPUD
Output from BCDEDIT /enum all /v
====================
Windows Boot Manager
——————–
identifier {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
default {dfda5002-671b-11de-99f0-00235adea060}
resumeobject {dfda5003-671b-11de-99f0-00235adea060}
displayorder {dfda5002-671b-11de-99f0-00235adea060}
{9866d120-b87e-11e0-a4c1-b7d5bc228d71}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 10
resume No
Windows Boot Loader
——————-
identifier {572bcd55-ffa7-11d9-aae0-0007e994107d}
device partition=\Device\HarddiskVolume1
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice partition=\Device\HarddiskVolume1
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes
Windows Boot Loader
——————-
identifier {dfda5002-671b-11de-99f0-00235adea060}
device partition=C:
path \Windows\system32\winload.exe
description Microsoft Windows Vista
locale en-US
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {572bcd55-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {dfda5003-671b-11de-99f0-00235adea060}
nx OptOut
Resume from Hibernate
———————
identifier {dfda5003-671b-11de-99f0-00235adea060}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No
Windows Memory Tester
———————
identifier {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes
Windows Legacy OS Loader
————————
identifier {466f5a88-0af2-4f76-9038-095b170dc21c}
device unknown
path \ntldr
description Earlier Version of Windows
Real-mode Boot Sector
———————
identifier {9866d120-b87e-11e0-a4c1-b7d5bc228d71}
device partition=C:
path \grldr.mbr
description xPUD
EMS Settings
————
identifier {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes
Debugger Settings
—————–
identifier {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
———–
identifier {5189b25c-5558-4bf2-bca4-289b11bd29e2}
Global Settings
—————
identifier {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}
Boot Loader Settings
——————–
identifier {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
Resume Loader Settings
———————-
identifier {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
No Comment.
Add Your Comment