"BOC-425" empties key in HKLM/Run reg

Hi to all,

I noted a weird behavior regard Boclean in the system registry (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run).

I use a file vbs to start applications subsequently with a certain delay to allow CAVS, Boclean and CPF does not to have problems during the start of Windows.

I put the file vbs in the system folder “C:\WINNT\startupdelay.vbs”, with a call from the registry key for start it at startup.

The content of the vbs file is the following one:

SecondsToDelay = "5"
ProgramToRun = "C:\Programmi\Comodo\Comodo AntiVirus\CMain.exe"
Wscript.Sleep(SecondsToDelay * 1000)
Prog = Chr(34) & ProgramToRun & Chr(34)
CreateObject("WScript.Shell").Run(Prog)

SecondsToDelay = "10"
ProgramToRun = "C:\Programmi\Comodo\Firewall\CPF.exe"
Wscript.Sleep(SecondsToDelay * 1000)
Prog = Chr(34) & ProgramToRun & Chr(34) & "/background"
CreateObject("WScript.Shell").Run(Prog)

SecondsToDelay = "20"
ProgramToRun = "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe"
Wscript.Sleep(SecondsToDelay * 1000)
Prog = Chr(34) & ProgramToRun & Chr(34) & "/minimized"
CreateObject("WScript.Shell").Run(Prog)

SecondsToDelay = "25"
ProgramToRun = "C:\Programmi\RegWAtch\RegWatcher.exe"
Wscript.Sleep(SecondsToDelay * 1000)
Prog = Chr(34) & ProgramToRun & Chr(34) & "1"
CreateObject("WScript.Shell").Run(Prog)

SecondsToDelay = "30"
ProgramToRun = "C:\WINNT\anvshell.exe"
Wscript.Sleep(SecondsToDelay * 1000)
Prog = Chr(34) & ProgramToRun & Chr(34)
CreateObject("WScript.Shell").Run(Prog)

SecondsToDelay = "35"
ProgramToRun = "C:\WINNT\system32\dslagent.exe"
Wscript.Sleep(SecondsToDelay * 1000)
Prog = Chr(34) & ProgramToRun & Chr(34) & "USB"
CreateObject("WScript.Shell").Run(Prog)

While for Boclean I allow to start it directly from HKLM/Run called of registry, so as to protect the system start from eventual malware.

The weird thing is that I noted that during the system start, magically appears in the registry the key “BOC-425" entirely empty, although it is already present a call to Boclean.

Is this normal?

[attachment deleted by admin]

here is what my “startup” looks like…

http://img207.imageshack.us/img207/6491/regstartup1gq9.jpg

the BOC entries do not look right, to me… i would delete them and, then, if necessary, you can regenerate the BOC startup regkey from within BOC’s “configuration”, by checking “run automatically”…

maybe the problem is that you created a BOC startup regkey that isn’t using the default data and then, when you bootup, BOC tries to recreate its startup regkey, but the problem is that there is already another regkey for starting the same program, and so, when BOC tries to recreate the startup regkey, since the data is already associated with another regkey, it is left blank… do you follow? i think that is what is happening…

i have a program that logs some registry activity and i frequently see programs, including BOC, trying to recreate their startup regkeys, at bootup… i guess that is just a security feature…

i would go into BOC’s configuration and uncheck “run automatically”… then, delete the BOC regkeys in question… then, go back into BOC’s “configuration” and check “run automatically”, again, to regenerate the startup regkey…

imo, it probably isn’t necessary to use the VBS script to delay the starting of the various programs that run at startup…

Yes, it is!

You have right; I canceled the counterfeit key and allowed Boclean to recreate the original key from its configuration and now goes all well.

The right key was:
“BOC-425” “REG_SZ” “C:\PROGRA~1\Comodo\CBOClean\BOC425.EXE” (Boclean automatic config)

end not:
“Boclean” “REG_SZ” “C:\Programmi\Comodo\CBOClean\BOC425.EXE” (my edit)

Thank you so mutch Redwolfe :slight_smile:

I apply this solution because the CAVS HIPS gave some problems and blocked start of the programs, while so goes all well…