BOC running at startup

I stopped BOC (4.27) from loading at startup for a few startups and then added it back. Since then, it’s been running at startup even though that option is unchecked. Looking at Autoruns there are three BOC files listed:

  • boc427.exe
  • bocore.exe
  • bocdrive.sys

I assume the first loads the program. Do either of the others get it to run straight off, overriding the setting, or is the problem elsewhere? Thanks.

BOC427.exe runs the gui
Bocore.exe is the service
Bocdrive.sys is BOClean Kernel Monitor
Dennis

Thanks. So would one of them cause BOC run at startup, i.e., to bring up a long narrow popup, scanning files for a few minutes? It didn’t do this before the change back and forth.

I would think it would be Bocore.exe which runs the service if it runs the same as CPF3.
Dennis

Hi romath :slight_smile:

I am a little bit confused here :-\ BOClean doesn’t scan files ( except with " drag and drop " ).

Is it possible that you unchecked " Do NOT show automatic update screen " , and that is what you see shortly after booting ???

Greetz, Red.

No, it’s checked. It’s the same as if I had clicked on its desktop icon. The box title is BOC 427 and inside it says “Examining…”

Also check >Configure> lower left " DO NOT show startup scan screen"

Hmm, it is checked. So, I’ve got “automatically start” unchecked and “do not show” checked, and it still runs and the long box with “examine” still shows. After closing the small menu box, such as after checking my settings just now, that same long box comes up and BOC runs a short bit, going through a few files. All this after taking it out of startup for a day and then putting it back.

Have you tried unchecking the box reboot then check the box and reboot again to see if that clears it, otherwise you can uninstall and reinstall as the last option I can think of unless somebody else can think of a better idea.
Dennis

Hi romath :slight_smile:

Strange issue m8 :-\ Please open the BOC427.INI file ( C:\Windows\BOC427.INI ) with Notepad and post its contents :slight_smile:

Greetz, Red.

Here’s the 427 ini file, but I just noticed the 425 one is also in the Windows directory. Could that be causing any confusion? I assume it should be deleted.

Update: BOC 427 is not only running at startup for about 2 minutes, with a box showing both up top and in the toolbar, but at the very end of an extended startup, it shows again up top for about 10-15 seconds, examining more files. Perhaps it’s entirely coincidence, but three times now the first process has ended when I click on Process (email) in Mailwasher, and the second shorter run has started with minimizing my email client after looking at some of the mail and newsgroups. Odd.


[Prefs]
FileLoc=C:\PROGRA~1\Comodo\CBOClean
update=1196519
dataLoc=C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BOC427\BOC427.XVU
sweeps=0
startscrn=0
NThook=*
CRC128=110B
last=2008-09-20 14:04:42
Build=4.27.001
Gen=070708
NT=1
FIXEDlast=
CRC128 FAILED=
reportLoc=C:\Documents and Settings\All Users\Application Data\boc427
EvidenLoc=C:\Documents and Settings\All Users\Application Data\boc427
sizeX=161
sizeY=322
sizeZ=867
sizeW=98
scan1=
scan2=C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE -EXPRESSBOOT “C:\PROGRAM FILES\MICROSOFT INTELLIPOINT\IPOINT.EXE” “C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE” -HIDE C:\PROGRA~1\AVG\AVG8\AVGTRAY.EXE “C:\PROGRAM FILES\AD MUNCHER\ADMUNCH.EXE” /BT “C:\PROGRAM FILES\JAVA\JRE1.6.0_07\BIN\JUSCHED.EXE” “C:\PROGRAM FILES\VERDIEM\EDISON\EDISON.EXE” /AUTOLAUNCHED ALCMTR.EXE SM56HLPR.EXE RUNDLL32.EXE C:\WINDOWS\SYSTEM32\NVCPL.DLL,NVSTARTUP “C:\PROGRAM FILES\COBIAN BACKUP 9\CBINTERFACE.EXE” -SERVICE “C:\PROGRAM FILES\COMODO\FIREWALL\CFP.EXE” -H C:\PROGRA~1\COMODO\CBOCLEAN\BOC427.EXE “C:\PROGRAM FILES\COMODO\REGISTRY CLEANER\CRC.EXE”
scan3=C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\PROGRAM FILES\GIPO[ at ]UTILITIES\FILEUTILITIES.3\MOUNT.EXE /Z C:\PROGRAM FILES\SUPERANTISPYWARE\SUPERANTISPYWARE.EXE
scan4=
scan5=
scan6=
scan7=C:\PROGRA~1\COMODO\CBOCLEAN\BOC427.EXE “C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE” SYSTEM32\DRIVERS\ACPI.SYS “C:\PROGRAM FILES\COMMON FILES\ADOBE\ADOBE VERSION CUE CS3\SERVER\BIN\VERSIONCUECS3.EXE” -WIN32SERVICE ??\C:\WINDOWS\SYSTEM32\DRIVERS\AWRTPD.SYS SYSTEM32\DRIVERS\AEC.SYS \SYSTEMROOT\SYSTEM32\DRIVERS\AFD.SYS C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE C:\WINDOWS\SYSTEM32\ALG.EXE SYSTEM32\DRIVERS\AMDK8.SYS “C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE” C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETSVCS SYSTEM32\DRIVERS\ARP1394.SYS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE.EXE SYSTEM32\DRIVERS\ASYNCMAC.SYS SYSTEM32\DRIVERS\ATAPI.SYS SYSTEM32\DRIVERS\ATMARPC.SYS SYSTEM32\DRIVERS\AUDSTUB.SYS C:\PROGRA~1\AVG\AVG8\AVGEMC.EXE C:\PROGRA~1\AVG\AVG8\AVGWDSVC.EXE \SYSTEMROOT\SYSTEM32\DRIVERS\AVGLDX86.SYS \SYSTEMROOT\SYSTEM32\DRIVERS\AVGMFX86.SYS \SYSTEMROOT\SYSTEM32\DRIVERS\AVGTDIX.SYS \SYSTEMROOT\SYSTEM32\DRIVERS\BANTEXT.SYS ??\C:\PROGRAM FILES\COMODO\CBOCLEAN\BOCDRIVE.SYS C:\PROGRAM FILES\COMODO\CBOCLEAN\BOCORE.EXE SYSTEM32\DRIVERS\CDROM.SYS C:\WINDOWS\SYSTEM32\CISVC.EXE C:\WINDOWS\SYSTEM32\CLIPSRV.EXE C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\MSCORSVW.EXE “C:\PROGRAM FILES\COMODO\FIREWALL\CMDAGENT.EXE” SYSTEM32\DRIVERS\CMDGUARD.SYS SYSTEM32\DRIVERS\CMDHLP.SYS C:\PROGRAM FILES\COBIAN BACKUP 9\CBSERVICE.EXE C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-00805FC79235} C:\WINDOWS\SYSTEM32\SVCHOST -K DCOMLAUNCH SYSTEM32\DRIVERS\DISK.SYS C:\WINDOWS\SYSTEM32\DMADMIN.EXE /COM SYSTEM32\DRIVERS\DMBOOT.SYS SYSTEM32\DRIVERS\DMUSIC.SYS C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K DOT3SVC SYSTEM32\DRIVERS\DRMKAUD.SYS C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K EAPSVCS “C:\PROGRAM FILES\VERDIEM\EDISON\EDSVC.EXE” C:\WINDOWS\SYSTEM32\SERVICES.EXE SYSTEM32\DRIVERS\FDC.SYS “C:\PROGRAM FILES\COMMON FILES\MACROVISION SHARED\FLEXNET PUBLISHER\FNPLICENSINGSERVICE.EXE” SYSTEM32\DRIVERS\FLPYDISK.SYS SYSTEM32\DRIVERS\FLTMGR.SYS C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WPF\PRESENTATIONFONTCACHE.EXE SYSTEM32\DRIVERS\FTDISK.SYS SYSTEM32\DRIVERS\MSGPC.SYS “C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE” SYSTEM32\DRIVERS\HDAUDIO.SYS SYSTEM32\DRIVERS\HDAUDBUS.SYS SYSTEM32\DRIVERS\HTTP.SYS C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K HTTPFILTER SYSTEM32\DRIVERS\I8042PRT.SYS “C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\DRIVER\11\INTEL 32\IDRIVERT.EXE” “C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\INFOCARD.EXE” SYSTEM32\DRIVERS\IMAPI.SYS C:\WINDOWS\SYSTEM32\IMAPI.EXE SYSTEM32\DRIVERS\INSPECT.SYS SYSTEM32\DRIVERS\RTKHDAUD.SYS SYSTEM32\DRIVERS\IP6FW.SYS SYSTEM32\DRIVERS\IPFLTDRV.SYS SYSTEM32\DRIVERS\IPINIP.SYS SYSTEM32\DRIVERS\IPNAT.SYS SYSTEM32\DRIVERS\IPSEC.SYS SYSTEM32\DRIVERS\IRDA.SYS SYSTEM32\DRIVERS\IRENUM.SYS SYSTEM32\DRIVERS\IRSIR.SYS SYSTEM32\DRIVERS\ISAPNP.SYS SYSTEM32\DRIVERS\KBDCLASS.SYS SYSTEM32\DRIVERS\KMIXER.SYS C:\WINDOWS\SYSTEM32\MNMSRVC.EXE SYSTEM32\DRIVERS\MODEMCSA.SYS SYSTEM32\DRIVERS\MOUCLASS.SYS SYSTEM32\DRIVERS\MRXDAV.SYS SYSTEM32\DRIVERS\MRXSMB.SYS C:\WINDOWS\SYSTEM32\MSDTC.EXE ??\E:\INSTALL4\MSICPL.SYS C:\WINDOWS\SYSTEM32\MSIEXEC.EXE /V SYSTEM32\DRIVERS\MSKSSRV.SYS SYSTEM32\DRIVERS\MSPCLOCK.SYS SYSTEM32\DRIVERS\MSPQM.SYS SYSTEM32\DRIVERS\MSSMBIOS.SYS SYSTEM32\DRIVERS\NDISTAPI.SYS SYSTEM32\DRIVERS\NDISUIO.SYS SYSTEM32\DRIVERS\NDISWAN.SYS SYSTEM32\DRIVERS\NETBIOS.SYS SYSTEM32\DRIVERS\NETBT.SYS C:\WINDOWS\SYSTEM32\NETDDE.EXE C:\WINDOWS\SYSTEM32\LSASS.EXE “C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.0\WINDOWS COMMUNICATION FOUNDATION\SMSVCHOST.EXE” SYSTEM32\DRIVERS\NIC1394.SYS SYSTEM32\DRIVERS\NPF.SYS SYSTEM32\DRIVERS\NV4_MINI.SYS SYSTEM32\DRIVERS\NVATA.SYS SYSTEM32\DRIVERS\NVENETFD.SYS SYSTEM32\DRIVERS\NVNETBUS.SYS C:\WINDOWS\SYSTEM32\NVSVC32.EXE SYSTEM32\DRIVERS\NWLNKFLT.SYS SYSTEM32\DRIVERS\NWLNKFWD.SYS “C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\OFFICE12\ODSERV.EXE” SYSTEM32\DRIVERS\OHCI1394.SYS “C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\SOURCE ENGINE\OSE.EXE” SYSTEM32\DRIVERS\PARPORT.SYS ??\C:\PROGRAM FILES\MSI\PC ALERT 4\NTGLM7X.SYS SYSTEM32\DRIVERS\PCI.SYS SYSTEM32\DRIVERS\PCIIDE.SYS SYSTEM32\DRIVERS\POINT32.SYS SYSTEM32\DRIVERS\POLARUSB.SYS SYSTEM32\DRIVERS\RASPPTP.SYS SYSTEM32\DRIVERS\PROCESSR.SYS SYSTEM32\DRIVERS\PSCHED.SYS SYSTEM32\DRIVERS\PSI_MF.SYS SYSTEM32\DRIVERS\PTILINK.SYS SYSTEM32\DRIVERS\PXHELP20.SYS SYSTEM32\DRIVERS\RASACD.SYS SYSTEM32\DRIVERS\RASIRDA.SYS SYSTEM32\DRIVERS\RASL2TP.SYS SYSTEM32\DRIVERS\RASPPPOE.SYS SYSTEM32\DRIVERS\RASPTI.SYS SYSTEM32\DRIVERS\RDBSS.SYS SYSTEM32\DRIVERS\RDPCDD.SYS C:\WINDOWS\SYSTEM32\SESSMGR.EXE SYSTEM32\DRIVERS\REDBOOK.SYS SYSTEM32\DRIVERS\ROOTMDM.SYS C:\WINDOWS\SYSTEM32\LOCATOR.EXE C:\WINDOWS\SYSTEM32\SVCHOST -K RPCSS C:\WINDOWS\SYSTEM32\RSVP.EXE ??\C:\PROGRAM FILES\SUPERANTISPYWARE\SASDIFSV.SYS ??\C:\PROGRAM FILES\SUPERANTISPYWARE\SASENUM.SYS ??\C:\PROGRAM FILES\SUPERANTISPYWARE\SASKUTIL.SYS ??\C:\WINDOWS\SYSTEM32\DRIVERS\SBKUPNT.SYS C:\WINDOWS\SYSTEM32\SCARDSVR.EXE C:\WINDOWS\SYSTEM32\DRIVERS\SCSIPORT.SYS SYSTEM32\DRIVERS\SECDRV.SYS SYSTEM32\DRIVERS\SERENUM.SYS SYSTEM32\DRIVERS\SERIAL.SYS SYSTEM32\DRIVERS\SMSERIAL.SYS SYSTEM32\DRIVERS\SNAPMAN.SYS SYSTEM32\DRIVERS\SONYPVU1.SYS SYSTEM32\DRIVERS\SPLITTER.SYS C:\WINDOWS\SYSTEM32\SPOOLSV.EXE SYSTEM32\DRIVERS\SPTD.SYS SYSTEM32\DRIVERS\SR.SYS SYSTEM32\DRIVERS\SRV.SYS C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K IMGSVC C:\PROGRAM FILES\COMMON FILES\SUPPORTSOFT\BIN\SSRC.EXE SYSTEM32\DRIVERS\SWENUM.SYS SYSTEM32\DRIVERS\SWMIDI.SYS C:\WINDOWS\SYSTEM32\DLLHOST.EXE /PROCESSID:{4DFBDC66-8462-4207-A91E-40BFDB5DC09B} SYSTEM32\DRIVERS\SYSAUDIO.SYS C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE SYSTEM32\DRIVERS\TCPIP.SYS SYSTEM32\DRIVERS\TERMDD.SYS SYSTEM32\DRIVERS\TIFSFILT.SYS SYSTEM32\DRIVERS\TIMNTR.SYS SYSTEM32\DRIVERS\UPDATE.SYS C:\WINDOWS\SYSTEM32\UPS.EXE SYSTEM32\DRIVERS\USBEHCI.SYS SYSTEM32\DRIVERS\USBHUB.SYS SYSTEM32\DRIVERS\USBOHCI.SYS SYSTEM32\DRIVERS\USBSCAN.SYS SYSTEM32\DRIVERS\USBSTOR.SYS \SYSTEMROOT\SYSTEM32\DRIVERS\VGA.SYS C:\WINDOWS\SYSTEM32\VSSVC.EXE SYSTEM32\DRIVERS\WANARP.SYS SYSTEM32\DRIVERS\WDMAUD.SYS C:\WINDOWS\SYSTEM32\WFXSVC.EXE “C:\PROGRAM FILES\WINDOWS DEFENDER\MSMPENG.EXE” C:\WINDOWS\SYSTEM32\WBEM\WMIAPSRV.EXE C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE SYSTEM32\DRIVERS\WUDFPF.SYS SYSTEM32\DRIVERS\WUDFRD.SYS C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K WUDFSERVICEGROUP
scan8=
scan9=C:\WINDOWS\INF\UNREGMP2.EXE C:\WINDOWS\SYSTEM32\REGSVR32.EXE RUNDLL32.EXE RUNDLL32.EXE REGSVR32.EXE C:\WINDOWS\SYSTEM32\IE4UINIT.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\INF\UNREGMP2.EXE C:\WINDOWS\SYSTEM32\REGSVR32.EXE RUNDLL32.EXE RUNDLL32.EXE REGSVR32.EXE C:\WINDOWS\SYSTEM32\IE4UINIT.EXE C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
scanLast=
excludestyle=0
saved=0
noauto=yes
scan=1
create=1
keep=1
remote=0
reboot=0
hide=0
shares=0
flash=0
temp=1
zone=0
host=0
temper=1
styles=1
ActiveX=1
dlcheck=4
dlretry=24
hung=
BOCORE=contacted, running
[Updater]
final=C:\MYTEMP~1\BOC427.XVU
temp=C:\MYTEMP~1\BOC427.XVU
Vers=4.27.001
Date=07/07/08
Ops4=Have latest
Ops3=Have latest
Ops2=Have latest
UDsize=1196519
Ops=downloaded/createP
Closed=Successful update
Cl

It does show again after checking for updates twice if you are not connected to the internet, why you are getting a box in the toolbar I do not know.
The reason I have the scan box showing is my Vista comp. is a little short of memory, and I know after BOC has finished it’s scan that it is safe to open other programs without problems.
Dennis

Hi Romath :slight_smile:

You mixed up BOC427.INI file a little bit, but as far as my knowledge goes, I don’t see strange things. But the BOC425.INI file shouldn’t be in your C:\Windows map anymore. That could be an indication something went wrong during the uninstallation of version 4.25 ( Did you shut BOClean down before uninstallation ??? ). But I doubt that single file will interfere with your current 4.27 installation. So I suggest you proceed as follow :

  • Remove the BOC425.INI file, reboot, and see if that solves your problem.

If not :

  • Download a fresh copy of BOClean from here :

http://download.comodo.com/boc/download/CBO_Setup_4.27.exe

  • Shut down BOClean from its menu, or open the Task Manager ( press Ctrl-Alt-Del ) and shut down the BOCore.exe process.

  • Uninstall BOClean.

  • Search for any BOClean directories/files left, and remove them.

  • Install BOClean following the instructions for your Operating System from here :

https://forums.comodo.com/comodo_boclean_antimalware_faq/download_link_installuninstall_instructions_user_guide-t8442.0.html

  • Reboot.

Let us know if that helps you :slight_smile:

Greetz, Red.

Bottom line: Uninstall/reinstall solved the problem.

On the way: If the 427 uninstall is typical, there’s a whole lot of BOC-related items left in the registry - and that’s after running two reg cleaners, including Comodo’s! (after those I did a search and eliminated as much as possible) If I did uninstall 425, and the dual warnings are hard to miss, that would explain some of what I saw today.

Question: What does unchecking “Automatically start at boot up” do relative to having “Monitor System Continuously” enabled?

Thanks.

Hi romath :slight_smile:

I am glad it is solved :slight_smile:

Nothing realy :slight_smile: BOClean won’t start at bootup, and so it doesn’t monitor your system. In fact it is meant to be working the other way around : If you check “Automatically start at bootup” and uncheck “Monitor System Continuously”, BOClean will only run at bootup and than shut down :slight_smile:

Greetz, Red.