PG went into learning mode

Discussion in 'ProcessGuard' started by Chris12923, Jan 3, 2005.

Thread Status:
Not open for further replies.
  1. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    I installed Registry Mechanic 4 and allowed a couple items I thought were related to Registry Mechanic install to run and on next boot PG went into learning mode.

    This is the only thing that stood out.

    Mon 03 - 08:31:52 [EXECUTION] "c:\windows\is-0gice.exe" was allowed to run
    [EXECUTION] Started by "c:\windows\explorer.exe" [600]
    [EXECUTION] Commandline - [ "c:\windows\is-0gice.exe" /reg ]

    I do not know what is-Ogice is but RegRun caught it trying to attach to runonce at startup I allowed because again I thought it was related to Registry Mechanic install. Anyone have ideas?

    Thanks,

    Chris
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Chris, Maybe an email to Registry Mechanic 4 developers will shed some light as googling for that is-0gice.exe gets no hits but it could have been a tempory file used by the Reg Mech's installer.

    Pilli
     
  3. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    Hi Chris12923,

    I tested the Registry Mechanic 4 (trial version) installation and did not see that behavior. Nothing executed from the C:\windows directory and no RunOnce key was created before or after enabling the various "scan at startup" options. Rebooted a couple of times but PG did not go into Learning Mode. I saved copies (in case you want to see them) of the PG and RegRun logs, and the unins000.dat from the Registry Mechanic directory before I re-imaged the system.

    Nick
     
  4. Chris12923

    Chris12923 Registered Member

    Joined:
    May 31, 2004
    Posts:
    1,097
    Thanks. I couldn't repro after restoring so I am not sure what is was. I did send it off to a friend for examination though. Thanks for your help.


    Thanks,

    Chris
     
  5. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    hi Chris,
    can you post a value of your registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\Diamond Computer Systems\ProcessGuard v3.0\Reboots

    Ty

    Andreas
     
Thread Status:
Not open for further replies.