New
#11
I am not saying it is automatically a good thing, nor am I capable to answer why Microsoft, TechNet, MSDN, Adobe and numerous others have decided to use Akamai Downloader in delivering their stuff.
What I tried to say in between the lines is that sometimes this security hype gets too far. Please do not misunderstand me, security is nothing to play carelessly with, but for instance in this OP's case I believe there's nothing wrong, no reason to panic. Nobody has cracked his router's and Windows' firewalls to steal his credit card information.
Yet, the combined forces of Seven Forums "run to rescue", to solve a non-issue.
Some background: If you allow cookies and you stream videos from a site which uses Flowplayer, you'll find some Akamai stuff in your AppData. The same if you watch Fox News on your Windows PC.
DOM Store is nothing but an advanced method to store cookie information. The fact that OP finds the URL of his / her credit card company most probably is because that site uses Akamai technology to store advanced cookie information in DOM Store.
Safety is one thing. Paranoia something else. If you allow cookies, if you subsribe MSDN or TechNet, if you buy and download something from Adobe, and so on, you need to accept the fact your AppData contains some information about you.
Kari
I ran both JRT and RogueKiller. JRT did its business and finished but did not issue a report that I could find. However, RogueKiller seemed to find some stuff. Its report:
RogueKiller V8.8.7 [Feb 11 2014] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : Adlice forum - Index
Website : RogueKiller download
Blog : Adlice Software | malware analysis
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Bob [Admin rights]
Mode : Scan -- Date : 02/16/2014 20:52:41
| ARK || FAK || MBR |
¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] svc.exe -- C:\Users\Bob\AppData\Roaming\Mozilla\Firefox\Profiles\bu4hwpmi.default\extensions\startup.service@mo zilla.com\svc.exe [-] -> KILLED [TermProc]
¤¤¤ Registry Entries : 8 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
[HJ SMENU][PUM] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Scheduled tasks : 0 ¤¤¤
¤¤¤ Startup Entries : 0 ¤¤¤
¤¤¤ Web browsers : 0 ¤¤¤
¤¤¤ Browser Addons : 0 ¤¤¤
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
¤¤¤ External Hives: ¤¤¤
-> D:\Users\Bob\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - NO_SYS] [Sys32 - NOT_FOUND] | USERINFO [Startup - NOT_FOUND]
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD5000AACS-00G8B1 ATA Device +++++
--- User ---
[MBR] 8b88a8b5c76d68ed48bc800281a3ab01
[BSP] 799d33b1fadcb0dd0284e55666c2139e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476939 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ IDE) ST3160812AS ATA Device +++++
--- User ---
[MBR] 6917538a49de681ef0a6d698b32154d1
[BSP] d08f1131eab0c0dc2336c014afdc8b33 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive2: (\\.\PHYSICALDRIVE2 @ IDE) ST3160811AS ATA Device +++++
--- User ---
[MBR] 701f2651c2abce488c4b6052a15877bb
[BSP] 99c81368f82de941fd0f7ce5932d9f80 : Empty MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152624 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: (\\.\PHYSICALDRIVE3 @ IDE) ST2000DM001-1CH164 ATA Device +++++
--- User ---
[MBR] b7368a7078f5313d807c0b109124b6fd
[BSP] 791f128b2fb88f8f8defe877f283aba1 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 1907726 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[0]_S_02162014_205241.txt >>
I did a reboot and no JRT file was on the desktop. I reran JRT and had the same results. Did a search and C:\Windows has a folder called ERUNT that has a folder JRT but every file in that folder is unreadable.
Try running this then run JRT again.
Please download Rkill by Grinler from one of the links below and save it to your desktop.
Link 1
Link 2
- On Windows XP double-click on the Rkill desktop icon to run the tool.
- On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
- A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
- If not, delete the file, then download and use the one provided in Link 2.
- If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
- If the tool does not run from any of the links provided, please let me know.
- Do not reboot the computer, you will need to run the application again.
One questions before this issue is closed: Why can't I find the DOMStore folder normally (without a search for something that may be in that folder)? I've got my folder properties to show all hidden folders but I can't find that one.
What was the exact error with I assume Norton Internet Security "NIS" ?
That I know of Norton should not have any issues with Malwarebytes,
You can download any scanner using Safe Mode with Networking at startup if having issues downloading it,
Run it using safe mode with networking and repeat the scan restarting normally as you always do,
https://www.sevenforums.com/tutorials/69585-safe-mode.html
http://windows.microsoft.com/en-US/windows7/Advanced-startup-options-including-safe-mode
Just a little information. I'm not fond of Peer-to- Peer of any kind.
Akamai Technologies - Wikipedia, the free encyclopedia
Let's see if cleaning temp files and Java will stop the problem:
Please download TFC by Old Timer TFC - Temp File Cleaner by OldTimer - Geeks to Go Forums and save it to your desktop.
Save any unsaved work. TFC will close ALL open programs including your browser!
Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.