I installed Registry Mechanic 4 and allowed a couple items I thought were related to Registry Mechanic install to run and on next boot PG went into learning mode. This is the only thing that stood out. Mon 03 - 08:31:52 [EXECUTION] "c:\windows\is-0gice.exe" was allowed to run [EXECUTION] Started by "c:\windows\explorer.exe" [600] [EXECUTION] Commandline - [ "c:\windows\is-0gice.exe" /reg ] I do not know what is-Ogice is but RegRun caught it trying to attach to runonce at startup I allowed because again I thought it was related to Registry Mechanic install. Anyone have ideas? Thanks, Chris
Hi Chris, Maybe an email to Registry Mechanic 4 developers will shed some light as googling for that is-0gice.exe gets no hits but it could have been a tempory file used by the Reg Mech's installer. Pilli
Hi Chris12923, I tested the Registry Mechanic 4 (trial version) installation and did not see that behavior. Nothing executed from the C:\windows directory and no RunOnce key was created before or after enabling the various "scan at startup" options. Rebooted a couple of times but PG did not go into Learning Mode. I saved copies (in case you want to see them) of the PG and RegRun logs, and the unins000.dat from the Registry Mechanic directory before I re-imaged the system. Nick
Thanks. I couldn't repro after restoring so I am not sure what is was. I did send it off to a friend for examination though. Thanks for your help. Thanks, Chris
hi Chris, can you post a value of your registry: HKEY_LOCAL_MACHINE\SOFTWARE\Diamond Computer Systems\ProcessGuard v3.0\Reboots Ty Andreas