Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Transmission to strange website during startup

16 Feb 2014   #11
carwiz

Windows 7 Pro-x64
 
 

Quote   Quote: Originally Posted by Kari View Post
Quote   Quote: Originally Posted by rzn6jw View Post
I don't know if this is the correct group for this discussion but during startup of my PC this morning, I was watching the resource monitor from Task manager/Performance and noticed that svchost.exe was attached to a 'odd character group.odd character group.akamaitechnologies.com .
Geeks, let's not forget that a lot of respected companies use Akamai Download Manager to deliver their digital install media. Microsoft MSDN is a good example (Akamai Download Manager Help for MSDN Subscriptions), Adobe another (Akamai Download Manager FAQ).

For instance all my TechNet subscrition downloads done with IE are downloaded with Akamai Download Manager, which I had to install.

Kari
They may provide a good service in that regard but they're no angel of the network when it comes to personal privacy. IE already has a download manager. Why would ADM be necessary?


My System SpecsSystem Spec
.
16 Feb 2014   #12
Kari

Microsoft Community Contributor Award Recipient

 

Quote   Quote: Originally Posted by carwiz View Post
They may provide a good service in that regard but they're no angel of the network when it comes to personal privacy. IE already has a download manager. Why would ADM be necessary?

I am not saying it is automatically a good thing, nor am I capable to answer why Microsoft, TechNet, MSDN, Adobe and numerous others have decided to use Akamai Downloader in delivering their stuff.

What I tried to say in between the lines is that sometimes this security hype gets too far. Please do not misunderstand me, security is nothing to play carelessly with, but for instance in this OP's case I believe there's nothing wrong, no reason to panic. Nobody has cracked his router's and Windows' firewalls to steal his credit card information.

Yet, the combined forces of Seven Forums "run to rescue", to solve a non-issue.

Some background: If you allow cookies and you stream videos from a site which uses Flowplayer, you'll find some Akamai stuff in your AppData. The same if you watch Fox News on your Windows PC.

DOM Store is nothing but an advanced method to store cookie information. The fact that OP finds the URL of his / her credit card company most probably is because that site uses Akamai technology to store advanced cookie information in DOM Store.

Safety is one thing. Paranoia something else. If you allow cookies, if you subsribe MSDN or TechNet, if you buy and download something from Adobe, and so on, you need to accept the fact your AppData contains some information about you.

Kari
My System SpecsSystem Spec
16 Feb 2014   #13
rzn6jw

Windows 7 Pro 64-bit Service Pack 1
 
 

I ran both JRT and RogueKiller. JRT did its business and finished but did not issue a report that I could find. However, RogueKiller seemed to find some stuff. Its report:

RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : Adlice forum - Index
Website : RogueKiller download
Blog : Adlice Software | malware analysis

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bob [Admin rights]
Mode : Scan -- Date : 02/16/2014 20:52:41
| ARK || FAK || MBR |

Bad processes : 1
[SUSP PATH] svc.exe -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\bu4hwpmi.default\extensions\startup.service@mo zilla.com\svc.exe [-] -> KILLED [TermProc]

Registry Entries : 8
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

Scheduled tasks : 0

Startup Entries : 0

Web browsers : 0

Browser Addons : 0

Particular Files / Folders:

Driver : [NOT LOADED 0x0]

External Hives:
-> D:\Users\Bob\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]

Infection :

HOSTS File:
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AACS-00G8B1 ATA Device +++++
--- User ---
[MBR] 8b88a8b5c76d68ed48bc800281a3ab01
[BSP] 799d33b1fadcb0dd0284e55666c2139e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476939 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3160812AS ATA Device +++++
--- User ---
[MBR] 6917538a49de681ef0a6d698b32154d1
[BSP] d08f1131eab0c0dc2336c014afdc8b33 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3160811AS ATA Device +++++
--- User ---
[MBR] 701f2651c2abce488c4b6052a15877bb
[BSP] 99c81368f82de941fd0f7ce5932d9f80 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152624 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) ST2000DM001-1CH164 ATA Device +++++
--- User ---
[MBR] b7368a7078f5313d807c0b109124b6fd
[BSP] 791f128b2fb88f8f8defe877f283aba1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_02162014_205241.txt >>
My System SpecsSystem Spec
.

16 Feb 2014   #14
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Do a quick restart and it should open a JRT log on boot
My System SpecsSystem Spec
16 Feb 2014   #15
rzn6jw

Windows 7 Pro 64-bit Service Pack 1
 
 

I did a reboot and no JRT file was on the desktop. I reran JRT and had the same results. Did a search and C:\Windows has a folder called ERUNT that has a folder JRT but every file in that folder is unreadable.
My System SpecsSystem Spec
17 Feb 2014   #16
Devlin1888

Windows 7 Home Premium 64Bit
 
 

Try running this then run JRT again.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
My System SpecsSystem Spec
17 Feb 2014   #17
rzn6jw

Windows 7 Pro 64-bit Service Pack 1
 
 

One questions before this issue is closed: Why can't I find the DOMStore folder normally (without a search for something that may be in that folder)? I've got my folder properties to show all hidden folders but I can't find that one.
My System SpecsSystem Spec
17 Feb 2014   #18
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Quote   Quote: Originally Posted by rzn6jw View Post
Quote   Quote: Originally Posted by ThrashZone View Post
Use these free tools to see if they find anything,
Post the scan results,
Manually Update them before running full scans,
Try not to use your computer while the scans are running, (one at a time of course).
Uncheck the box to Active Free trial from the final install options,
http://www.malwarebytes.org/products/malwarebytes_free
http://www.superantispyware.com/?tag=SUPERANTISPYWARE
Uninstall Adwcleaner,
Open it again and click on Uninstall,
Cheers.
(I can't run MalwareBytes - it has a big conflict with NIS):
What was the exact error with I assume Norton Internet Security "NIS" ?
That I know of Norton should not have any issues with Malwarebytes,
You can download any scanner using Safe Mode with Networking at startup if having issues downloading it,
Run it using safe mode with networking and repeat the scan restarting normally as you always do,

http://www.sevenforums.com/tutorials/69585-safe-mode.html
http://windows.microsoft.com/en-US/windows7/Advanced-startup-options-including-safe-mode
My System SpecsSystem Spec
17 Feb 2014   #19
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Just a little information. I'm not fond of Peer-to- Peer of any kind.

Akamai Technologies - Wikipedia, the free encyclopedia
My System SpecsSystem Spec
17 Feb 2014   #20
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Let's see if cleaning temp files and Java will stop the problem:


Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
My System SpecsSystem Spec
Reply

 Transmission to strange website during startup




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Strange startup behavior
For the last few weeks, my morning startup has been hit or miss. Right after the blue Welcome screen, the desktop shows up and starts to populate with all the icons, then I will hear the Windows error bump sound, two or three times. I have a CPU monitor program and an ASUS GPU Tweak program that...
General Discussion
Startup Strange
Howdy Ive been doing some work on my friends computer. He has a Gigabyte Ultra Durable 3 Motherboard. (he has windows 7 ultimate x86) Firstly when you start it up it goes to the Gigabyte Ultra Durable 3 screen (normal) and then the display flashes off and then the Gigabyte Durable 3 screen...
Installation & Setup
Kana webhop website opening browser on startup without request
On startup, my browser has started automatically and attempted to open the page http://www.kana.webhop.net. I have tried searching the internet to find out what this relates to but there seems to be nothing mentioned. The website itself doesn't seem to exist (I get the normal 'This webpage is not...
Browsers & Mail
Website link returns strange messsage
I have sent a link to a website to 5 colleagues each as an individual email. Each message was slightly different but they all contained this link: Welcome All worked OK bar one who got this message: When I try the link in the email that is in my "Sent" folder I get the same message but...
Browsers & Mail
Strange startup bug?
When I turn on my computer, the HP logo flashes appears as normal, but instead of saying: "Windows is starting up" as normal, a strange series of colored dots appear at the top of the screen. The computer refuses to start up 2 times out of 3, and I have to force the computer to shut down, and then...
BSOD Help and Support
Why I want a manual transmission car....
Police: Carjackers foiled by manual transmission - U.S. news- msnbc.com
Chillout Room


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 08:15.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App