bjm__

Yes, on-demand scan....before n' after extract, is my practice. Just saying.

FWIW ~ KMSpicko-setup file is Zip'd = KMSpico-setup.zip .... so Emsisoft may only scan setup.zip on the surface (if at all). On demand setup.zip scan may/will scan n' detect different. Note: KMSpico-setup.zip extract is password protected. My on-demand scan KMSpico-setup.zip with my current resident security (not Emsisoft) reports No threats found. My current resident security (not Emsisoft) did not report on the KMSpico-setup.zip download....however, did detect n' quarantine KMSpico-setup.exe as Threat name: PUA.Keygen.KMS & PUA.Keygen.KMS!g3 Granted Threat names are not relevant. File: KMSpico-setup.zip File size: 3.05 MB (3,194,701 bytes) MD5 checksum: B1212B7DB00725AFB7E3E64D6BBA7921 SHA256 checksum: 9C5FA44E371B28A0A1A710B2438FBAB1D2F2F3120951E80A3603B69D3209339A Filename: KMSpico-setup.exe Threat name: PUA.Keygen.KMSFull Path: C:\Users\bjm\Desktop\KMSpico-setup\KMSpico-setup.exe File Thumbprint - SHA:64c731adbe1b96cb5765203b1e215093dcf268d020b299445884a4ae62ed2d3a File Thumbprint - MD5:a02164371a50c5ff9fa2870ef6e8cfa3 Just my $.02 Zip'd samples need extra scrutiny. Edit: about an hour later on a routine automatic quick scan. File: C:\Users\bjm\Desktop\ KMSpico-setup.zip Threat Removed

@GT500 Impressive support from Emsisoft email support & Emsisoft Forum support. Regards w Respect Edit: this suggests one year to activate https://www.wilderssecurity.com/threads/emsisoft-anti-malware-emsisoft-internet-security-12.388577/page-25#post-2720988

Um, so since you cannot answer my questions. Um, who may answer...? 1) Does license period start when purchased or when first activated? 2) Does Emsisoft license and/or Ashampoo license have an activate by (expire) date? 3) Does renewal loyalty discount go against the then full retail price or against what I paid ...e.g., 50% off ? 4) May I save this e.g., 50% off key to use (some time in the future) as renewal key? Um, how would I distinguish this https://shop.emsisoft.com/34/purl-BF2017 from an Official offering? Looks darn Official to me. Just saying. Um, btw Cleverbridge told me to ask Emsisoft Support my questions.

RE: https://shop.emsisoft.com/34/purl-BF2017 1) Does license period start when purchased or when first activated? 2) Does Emsisoft license and/or Ashampoo license have an activate by (expire) date? 3) Does renewal loyalty discount go against the then full retail price or against what I paid ...e.g., 50% off ? 4) May I save this e.g., 50% off key to use (some time in the future) as renewal key?

Hello again, I'll have to find email notification option (if there is one). Great, so....EEK fits my current need. Imagine EEK has a reason for detecting Group Policies. Perhaps, malware re-write Policy. ....and if our scanner detects suggests detecting Group Policies is not norm...? Thank you, Regards

Hello, Sorry for delay in responding. I did not get email notice of your reply. Thank you. I am familar with relevant information about EEK at this link. That's how I was introduced to EEK. I've read EAM may run as companion on-demand scanner in freeware mode. Although, I have no insight into how/why EEK is very different than EAM, even when it is running in freeware mode. So, to my OP question > For second opinion on-demand scanner, whether EEK is okay or EAM (free) would be more appropriate. And how/why is EAM different from EEK when EAM is running in freeware mode. I'm trying to introduce myself to Emsisoft. Since you prompt paste. I'll paste. Emsisoft Emergency Kit - Version 10.0 Last update: 10/25/2015 12:14:28 PM User account: BJM-PCW8\bjms Scan settings: Scan type: Custom Scan Objects: Rootkits, Memory, Traces, C:\, D:\ Detect PUPs: On Scan archives: On ADS Scan: On File extension filter: Off Advanced caching: On Direct disk access: Off Scan start: 10/25/2015 12:32:22 PM C:\Users\bj\AppData\Roaming\Mozilla\Firefox\Profiles\x8gadp9d.default\Searchplugins\safesearch.xml detected: Application.SearchPlug (A) C:\Users\bjms\AppData\Roaming\Mozilla\Firefox\Profiles\br0fgu8r.default\Searchplugins\safesearch.xml detected: Application.SearchPlug (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR detected: Setting.DisableTaskMgr (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLECMD detected: Setting.DisableCMD (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A) Key: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A) Key: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} detected: Application.Win32.WSearch (A) Value: HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-19\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-20\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-21-2084490526-3157944608-823130631-1004\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_USERS\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS detected: Setting.NoFolderOptions (A) Scanned 318410 Found 34 Scan end: 10/25/2015 1:09:34 PM Scan time: 0:37:12

Hello EMSI Community, Newbie questions regarding EEK v10.0.0.5488 EEK install / update / run / report appear to be okay. Curious as to why EEK Help File points to EAM/EIS. Is EEK esentially the same as EAM after 30 day Trial. For second opinion on-demand scanner, whether EEK is okay or EAM (free) would be more appropriate. EEK scans find 34 detections with 4 No Risk and 30 without any Risk Level information. 30 appear to be reg keys. What may/does the absence of "Risk Level" info denote. May I attach scan report here or should I go to "Help, my PC is infected! Thanks...(sorry, don't find editor spell check)