HAWKI

Member
  • Content Count

    181
  • Joined

  • Last visited

  • Days Won

    3

Everything posted by HAWKI

  1. Ummm, Where do I find the crash dump ? :-)
  2. As requested Scan Log: Emsisoft Internet Security - Version 9.0 Last update: 10/19/2014 8:23:58 PM Scan settings: Scan type: Quick Scan Objects: Rootkits, Memory, Traces Detect PUPs: On Scan archives: Off ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 10/19/2014 8:24:09 PM Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Scanned 57850 Found 30 Scan end: 10/19/2014 8:24:36 PM Scan time: 0:00:27 Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN Quarantined Setting.NoRun (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD Quarantined Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD Quarantined Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD Quarantined Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD Quarantined Setting.DisableCMD (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD Quarantined Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR Quarantined Setting.DisableTaskMgr (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-21-25319738-912403360-1657140702-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS Quarantined Setting.NoFolderOptions (A) Quarantined 25
  3. Last night I ran a Scan and EMSI identified 30 "suspicious" files all of which are categorized as "no risk." What's the best action to take with these files. How can they be suspicious and be categorized as "no risk?" On re-scan of the Quarantine no files were restored. What should this not very tech savy user do? I have no idea what these files are part of and what they do and if having them quarantined will prevent some safe operation on my PC." Submit file did not seem to do anything.
  4. In the latest AV Comparatives Sept Real World Test Emisoft AntiMalware put in a good showing by detecting 99.6% possibly malicious files . Of these 96.3% were blocked and 3.2% required "User Intervention" How does the warning pop-up describe theses and does it include a reccommendation or give any guidance?
  5. Ummm, What do I do with the registry entries? - where in my registry should I put them? Do you neeed a "full crash dump?" "Windows Vista/2008/7/8: Since Windows Vista application crashes are no longer handled by Dr. Watson, but by a component called Windows Error Reporting. Unfortunately there is no convenient way to set up Windows Error Reporting, instead you need to change certain registry entries. To make things more convenient, we have provided you with a set of registry files you can import in order to enable mini dumps, full dumps or disable crash dumps completely:- Download Crash Dump registry scripts for Windows Vista, 7, 8, and 8.1 Download the above file to your system and unpack it to a location of your choice. The names of the registry files are pretty self explanatory: "enable_mini_crash_dumps.reg" will enable mini crash dumps for all application crashes and is the setting we recommend during testing. "enable_full_crash_dumps.reg" will enable full crash dumps for all application crashes and should only be used after a developer requests a full crash dump. "disable_all_crash_dumps.reg" will disable all crash dump generation and is the Windows default behavior. The settings become active immediately, no reboot is required. The crash dumps will be stored inside the "CrashDumps" sub-directory of your public profile (usually C:\Users\Public\CrashDumps)."
  6. I'll do my best to get you the crash dump, but the reason I reinstalled EMIS had nothing to do with EMSI. After the damage done to my system by that lousy driver updater it just made me feel better to do a clean reinstall of EMIS :-)
  7. I'll try to find the time to do the do the crash dumps but I'm 99% certain the problem is my PC and not EMIS. Used a new driver updater Monday night, totally messed up my PC. Updated drivers slowed my PC to a crawl and some programs would not open at all. What was very aggravating was that the restore of the backup only reinstalled 4 the backed up version of 4 out of the 21 newly installed drivers. Through system restore and reinstalling some programs, including EMIS I was able to get my PC functioning close to normal, though I have noticed a couple of errors in my Windows log about Diskeeper being unable to connect to a missing driver. Wonderful. Surprisingly the updater comes from a well established software company with a solid reputation. So I am more concerned about the state of my PC than I am with the stability of EMIS. Still feeling very good about having EMIS installed on my PC :-) PC runs smooth and fast with EMIS and I have a great amount of confidence in it's protection capabilities.
  8. I guess I am going to have to do that. I know it won't help but the windows event viewer say: Faulting application name: a2start.exe, version: 9.0.0.4570, time stamp: 0x543c0095 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3 Exception code: 0xc0000005 Fault offset: 0x0001e20a Faulting process id: 0x6d0 Faulting application start time: 0x01cfe7950b1c5bca Faulting application path: C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll Report Id: 671fd691-53a4-11e4-bee2-4487fcd17048 Faulting package full name:
  9. What occurred in the post immediately above happened again. I had done a full scan overnight. When I closed the scan screen I got a pop up warning thate Emisoft ............ Has Stopped working" giving me the option to "close program.", I'm not sure of the actual wording - if it was Emisoft Security or Emisoft Security Center Stopped working. I had uninstalled my process explorer so I am not able to determine exactly which process,if any, actually turned off.
  10. Umm. I may have spoken too soon about it not happening again. I just got a pop up warning that Emisoft Security Had Stopped Working. I immediately shut down my PC. I checked my process log. It shows that a2start.exe started spontaneously and then stopped 47 seconds later. Isn' a2start,exe the scanning engine? a2start.exe shows a2guard.exe as it's parent and a2guard.exe is shownas being Emisoft Anti Malware. I have no scheduled scans. What was that? I have checked back further. a2guard.exe when does that run as an active process?. I see where in a space of 3 seconds it started and stopped 4 times. Does that only run when you open a file or go to a website??? These 4 seconds were proceeded by a Werfault. What was that??
  11. No Problem. It has not happenned again. And I use a manual update to have the Action Center properly reflect that EMIS is on for reassurance. BTW: What's the matter with EMIS? You guys are slipping. There is a YouTube reviewer who does extensive detection test reviews. 45 minutes each, solely testing detection. EMIS 9 only detected 99.5% including all VBS Scripts :-) The next closest was 95% and that program could not detect and remove all VBS Scripts. While it could stop their malicious actions, it left them running using valuable CPU time. The new all-in one kid on the block detected 85% and was very weak at detecting VBS Scripts. This reviewer also tests the detection of a program's behavior blocker. The 85% detection includes all detection by it's "improved" behavior blocker - no wonder it won't submit to independant comparative detection tests. Love EMIS 9 for many reasons and feel very comfortable knowing it's installed on my PC. I have active licenses for two other IS Suites but my choice to use is EMIS 9. Congratz on a great, soon to be award-winning program :-) HAWKI
  12. I see now that Werfault.exe. is the Windows Error Reporting App. SO WHAT HAPPENED TO A2GUARD? Does Werfault.exe temporarily disable it? Was Werfault.exe reporting on an error that had caused a2guard to terminate? The Event Log Shows the Following: "Faulting application name: a2start.exe, version: 9.0.0.4546, time stamp: 0x54351812 Faulting module name: KERNELBASE.dll, version: 6.3.9600.17055, time stamp: 0x532943a3 Exception code: 0xc0000005 Fault offset: 0x0001e20a Faulting process id: 0x964 Faulting application start time: 0x01cfe5e6cfd8bec8 Faulting application path: C:\PROGRAM FILES (X86)\EMSISOFT INTERNET SECURITY\a2start.exe Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll Report Id: 9552c7b3-520b-11e4-bed9-4487fcd17048 Faulting package full name: Faulting package-relative application ID:" Preceeding the Error Entry in the Event Viewer I see severeral information listings saying that the Windos Security Centrt Could Not Stop Windows Defender. While I see several of these Information Postings about WD, Prior to a2guard.exe shutting down there were four of these WD entried every 2-5 seconds. The other similar entries were mostly sporadic, seperated by hours. I just bought and installed EMIS last night and I see these sporadic entries occurring while I had another security product installed. I also see a few instances of several seconds apart while the other product was installed, so it is not clear that they are the cause of the shut down of a2guard.exe
  13. Hi :-) At one point this morning I got a red bordered pop-up warning that Emisoft Protectection had turned off. I did not get a Windows Warning Flag. I use Process Lasso and it keeps a record of all activity respcting the actions of processes on your PC. I checked and it showed that a2guard had in fact terminated for for eighteen seconds and then re-started. I did a manual update this AM, but I can't recall if it was shortly before the shutdown of a2guard but I believe it was. Was this brief shutdown initiated by EMIS for installation of the update? I see a process named WerFault.exe started 11 seconds before a2guard.exe termiinated and that Werfault.exe terminated four seconds before a2guard re-launched. Is WerFault the EMSI update process?? Also, how many processes should show for EMIS. I see a2guard.exe listed as a process and I see a2sevice.exe listed as an active service. Is that how it should be? Update--I see now that Werfault.exe. is the Windows Error Reporting App. SO WHAT HAPPENED TO A2GUARD? Does Werfault.exe temporarily disable it? Was Werfault.exe reporting on an error that had caused a2guard to terminate?
  14. I have this same problem with the latest non-beta version of AM. The OA exclusion "fix" does seem to work OK, but I am wondering with such a glaring,though hopefully non-function impairing, bug there is no "official" word from Emsisoft or an Emsisoft employee confirming that this is the "officially" recommended work-around for this issue.
  15. Hi stapp :-) Nope, have not installed it yet. Was looking for some reassurance before I did :-)
  16. Hi:-) Might there be any issues of compatibility between Firefox 9 and Anti Malware and/or Online Armor?