Yesterday I did a clean install of XP. After installing PGuard 3.2 it shows a message, everytime when I reboot, telling me the program is 'unable to ask user' to allow (or block) ins19.exe in C:\documents and settings\my name\local settings\temp.

The strange thing is however I do not see any file with that name in that directory and Google doesn't find anything either (for a change!). Could anybody tell me the meaning of this message and what to do with it?

My guess is that something early on in the bootup (hence unable to ask user) is creating and then removing the ins19.exe file. Can you go to the security tab and find an entry for ins19.exe and set it to allow always?

That 's no problem of course and I've already done so.

Yet I'm curious to know what this little file is doing exactly since I'm rather careful to activate the 'permit always' option for anything I don't know.

I suppose you could set ins19.exe to be blocked always and see what stopped working.

Yeah....that 's another option, didn't think about that (to careful.... ;) )
Anyway, I'll try it and let you know. Thanx.

EDIT: this is another strange one:
is-lu4r6.tmp c:\documents and settings\my name\local settings\temp\is-6q3k5.tmp
This file I can't find in the given directory either....must be part of an application which needs it only when starting up, but I don't have any idea which application that might be. Somebody else here?

From installing software, a temporary file. You should remove them when they are like the above (is-?????.tmp)

The INS19.exe however sounds suspicious, and temp files do not stay around and run again, thats not their purpose ! I suggest you upload and scan it at http://virusscan.jotti.org

-{ Quote: "I suggest you upload and scan it at http://virusscan.jotti.org" }-
I would like to, the problem is that the file doesn't exist anymore, though PGuard does mention it. Like SpikeyB already wrote: 'My guess is that something early on in the bootup (hence unable to ask user) is creating and then removing the ins19.exe file'.

In the security section I set it on 'deny always' and after rebooting my PC I tried quite a few (not all....) applications but didn't encounter any problem.

Just a thought, can you check through your PG logs and see what starts immediately before ins19.exe starts/is blocked. Does that give any clues?

Well, there were some other problems, for instance the logfile for applications in the Control Panel appeared to be damaged and not accessible. I'm not sure, but the problems seemed to be related to Sygate. Strange, didn't happen before.

To avoid further complications I decided to go for the easiest way and put back the Acronis-image I made right after the clean-install of last weekend. I'm still working on this configuration, with ZoneAlarm. So far so good. PGuard has not yet been installed, probably to-morrow, if there's some time left. May be later I'll find out what the files, mentioned in this thread, were all about.

Anyway, thanks for the replies :) .

Yesterday I finished the new configuration of XP with PGuard installed. To my surprise I got another 'unable to ask user' message of this little 'ins' thing, this time 'ins31'.

The logfile tells me:
21:32:20 [EXECUTION] "c:\docume~1\myname\locals~1\temp\ins31.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1280]
[EXECUTION] Commandline - [ "c:\docume~1\myname\locals~1\temp\ins31.exe" /onreboot /silent]

Started by explorer, it didn't look something dangerous to me, so I removed it from the list in the security section, after that it didn't show up again. I hope it was the right decision.