This is very odd. I installed processguard & restarted. The autorun worked properly & brought up the tips. As soon as closing this or clicking anything, my computer instantly reset itself & the harddisks shut down with no bluescreens or error messages of any kind. I've never seen this happen before. I had tested pg on a virtual machiene under identical conditions and its worked flawlessly for months, but this is the first time i'd tried it on my host. I used it in there because i wanted to control my processes without having to waste ram on putting an antivirus/firewall on my guest os, So the only differance here was nod32 & zonealarm (possible conflicts i guess.) Anyways after failing like 3 times i figured my computer was rendered unbootable even in safe mode. I ran the pg uninstaller after booting from my bartpe disk, but this failed to remove the diamondcs service. Computer still wouldn't boot even after running chkdsk! Finally i managed to boot from last known good. BUT this totally messed up my hardware configuration and reverted my default services config to an ancient one that i hadn't used for like a year. I spent tons of time on configuring my hardware config & it seems to have overwritten it. This means my nod32 no longer works & a lot of other programs that installed new services and drivers won't work. I'd have to re-install all these things and go through every service again to configure it properly. There are also services here from drivers that no longer exist. why in the world does this overwrite the default hardware config when there is default and last known good!! Now both configs are set to the same old bad services. This really sucks, but at least i can boot! So my question is, is there any way to recover my old good hardware & services configuration? and if so, where can i find a list of regestry entries, dlls, sys files, etc, that i can remove manually that the uninstaller failed to remove under the crap pe. I fear theres still reminants of the kernal part of pg leftover messing with things too since i have trouble booting. I might have to just re-install windows as a last resort. What i really should have done was just to remove the autorun from the regestry and run the uninstaller under safemode. (note i don't have restore points... ive tried it many times, never seems to do any good, or anything at all for that matter, so i just disabled it to keep my disk fragmentation in better condition.) EDIT: oops, i had 'automatically restart' checked under 'startup and recovery', must have just bypassed the bluescreen. I assume pg was causing some sort of buffer overrun or some similar problem.
smorg... I had similar problems, though not as severe, and read other threads for possible advice...be patient, they tend to be very helpful here!!!
Sorry, it is probably too late to recover any setup of yours now that the damaged has been done. Do you have any backups, preferably a backup image of your drive that you can restore from? As to Process Guard, did you run it in Learning Mode for any length of time to allow it to "learn" and compensate for your setup before protecting it?
You didn't read carefully. The OP said he couldn't run it! The computer reset itself just after showing "tips". So, how could he have run in learning mode? I had this very thing happen. What version were you trying to run? 3.15 runs great. Stay away from the new version.
I tried 3.15, run in learning mode, then re-boot. Twice it failed to load & gave "mutex failed to load". It worked well on one re-install, beyond learning-mode, but on a later re-boot, 3-4 days later, I got the same error. I'll have to wait for next version...
yeah my problem really doesn't have much to do with processguard anymore. its just that for some reason in attempting to recover, instead of reverting to the real 'last known good', all of my drivers, configs, and services got rolled back to the way they were like a year ago. I'll most likely re-install windows, all my software, and re-download all updates (on dialup... omg) :-/ Yeah pg runs by default in learning mode until you specify. Its weird that I could run it under emulation but it messes up my real cpu. Wish i had a stop error for you guys but i think it was lost unless you wanna see my memory dump. I was using pg v3.50, xp pro sp 2... For future reference if pg does something catestrophic... never try to 'force' running the uninstaller. Instead, use recovery console, safe mode, livecd, etc to remove the startup entry from the regestry & set the Diamondcs service to disabled. Then if possible, add/remove programs from a normal windows boot. (most likely the cleanest removal option) Kinda sucks, i use pg to keep blizzard's warden module from reading my au3 scripts memory. Maybe full emulation is a more secure solution to a kernal blocker... although this is so attractive because vms suck so much cpu :-/ Maybe if anyone knows about rootkits this could help
Just a few questions ... 1 - was a previous version of PG ever installed on your system? 2 - If yes, did you uninstall it and delete the .DAT files? (DAT files from older versions aren't compatible with any of the new betas) Also, ProcessGuard does not run during a safe-mode boot (unless you manually changed its driver to load at Boot, although we don't recommend anyone do that unless they're sure they know what they're doing) Best regards, Wayne
Wayne, Why not add a data structure check for pguard.dat and pghash.dat such that if PG finds the structure incorrect on startup, PG will "force reset" these two files, alert the user what has happened and that the user needs to re-invoke Learning mode.
Because the only explicit change to the DAT files is the 'Ignore Change' option in pghash.dat, and that is added in such a way that it shouldn't be causing any compatibility issues (ie. previous versions just ignore that area of an entry in the file). As such, PG won't be able to detect any structure differences, as the problem occurs before any entry has a detectable difference. We could change the structure slightly again just to provide this ability, but we're not anticipating too many more versions of PG3 as PG4 is on the near horizon, so we're concentrating our time and efforts into making PG3 as stable as possible in its current form so we can move onto PG4 development.
