Cookie that refuses to delete using Vista

Hi i went to a website called blog.laptopmag.com looking for some stuff that i was going to link for a thread. I don't know if this site is linked to laptopmag.com, it might be but i can't remember.

Now this cookie refuses to be deleted and it is driving me a bit to distraction now.

I have used system restore but that never worked
I tried flushing the temp folder by inputing the code directly into the run box.
I downloaded CC Cleaner but still no good.
I also downloaded something called MoveonBoot but as you would gather it didn't work either.
I also tried using safe mode as well.

I looked in the registry but i can't find anything.
file is cookie:[email protected]
location is: C:\Users\Rachel\AppData\Local\Microsoft\Windows\Temporary Internet Files
Cache name rachel(at)blog.laptopmag[2].txt

I am using Vista Ultimate

I'm thinking that the cookie might not even be in there?

I also don't have any anti virus because i never really download stuff online and i'm careful about sites that I visit and not had a problem for years.

Any help is appreciated.
Thanks

 

Well, I don't think its a virus Rachel (but who knows) - an Antivirus is recommended however - also because good sites can be infected.

Avira is a good free one.

 

DetlevCM thanks for your help. I tend to not any anti-virus software permanetly because it tends to slow down your system. However, i will try one and see if it picks up anything.

 

I don't notice any slowdows with Kaspersky - but couldn't you disable it if it truly slows you down?

And I'm curiuos - how are you getting an individual cookie reported? CCleaner?
It is really strange if it can't be deleted - especially with safe-mode...

 

Thanks
I looked in temp settings view files folder and i saw it there. I tried to delete it manually but I can't.

I also looked in my registry and found listed under domains something for blog.laptopmag. I deleted two parts but one part it would not allow me to alter it completely.

 

...that is strange... very strange.

Is that in Safe Mode too? Admin rights (naturally)?

 

Thanks

I think it might be malicious.
I booted into safe mode and had a look at my registry and i found out that the dailymail, blog.laptopmag and fujistu simens had permissions to read on my computer. Well i blocked them and managed to delete the folder. I've now blocked all cookies.
The laptopmag one remains now and i have another cookie that won't allow me to delete it.
I'm going to download some virus protection tomorrow and see if it picks anything up. I will try the one you recommended.

 

OK. This does sound strange.

Good luck!
Avira is a very good free one, Kaspersky is my favorite - but that costs, except if you have Barclays Online Banking - they give you a free license.

 

Comodo is also another very good (you can also set your stances for av or fw etc) free too.

Is uac on? This is primarily its job, to stop unauthorised attempts i think.

 

Catacylsm thanks. I turned of the UAC quite some time ago because i was getting fed up with having to click twice for things. Now i just turned it back on.
I will try Comodo also if the other one recommended does not do the trick.
Thanks

 

I recommend you Malwarebytes' Anti-Malware and SpyBot Search & Destroy to scan throughly through the Computer and the Registry, that way, so that there are absolutely no traces left!

 

Aeris thank you for your help. I have tried all the four recommendations that were made for me but I haven't been able to remove the cookies.
I have another one now that i cannot get rid of bing.com, which is some kind of search engine i believe.
Spybot found one double click cookie.
The recommendation that catacylsm gave me found stuff that was connected to Nvidia drivers so i did not delete what was found.
I also downloaded and installed IE8 hoping that would help but it didn't. I have now removed it.

I am having a new drive fitted soon and i wanted to use Norton Ghost to just copy my info over to my new drive. It seems like i won't be able to do this and will have to spend hours setting up my laptop again. This is not the best time for this as i have many links in my favourites that I have bookmarked that i need to help me write a project.

 

Bing.com ist Microsofts new search engine - this is getting strange...

 

I am dead-tired and my vision is blurry, but I have enough time to make a last suggestion before going to bed...

Run HiJack This! and post the log here, I can give it a try to help you later today!

Good luck, Rachel.

 

Aeris, thanks for your help.
This is my log with me connected to the internet and this site. I can't see anything in there but may be you can?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:35:23, on 14/06/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Protector Suite QL\psqltray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Windows\system32\conime.exe
C:\Program Files\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Safer Networking\RegAlyzer\RegAlyzer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O2 - BHO: CutePDF Form Filler - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\stacsv.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7718 bytes

 

Have you uploaded the log to the hijackthis website Rache? That would give you a first idea.

 

DetlevCM, can you explain this uploading thing a bit to me? If i upload it to them how will I know the outcome of my results? I uploaded it and nothing happened.

 

Then something went wrong...

If all goes well after it uploads you should get a new site which will give you some information about every entry.

Did you try uploading a file or copied the text?

(I think copying the text works best - but I'm not sure at the mometn)

Edit:
I just tested the copy & paste method - it worked

Edit 2:

Just tried with your log - the cabinet file return a warning on some ActiveX

 

Thanks
The ActiveX is software stuff is ok i think. I can see what the software they are related to. It is the CutePDF software i bought online. I have had it for a while and this problem only presented itself recently.

 

Unless it was vulnurable to an attack - which I would doubt.

If you can - maybe completely remove it an reinstal it?

 

The HiJack This! log looks clean, nothing out of the ordinary, a question:

Do you use an Asian Language?, conime.exe is only used when you use an Asian Language on Windows.

I have thought about it, I have had this kind of problem with non-deletable cookies, especially with Opera, and sometimes, it is a Browser Application protecting them by keeping them loaded in memory...

Since they are Internet Explorer cookies, try this:

1.- Go into the Tools Tab within Internet Explorer.

2.- Go into Internet Options, then into the Advanced tab.

3.- Once there, you will see a "Reset..." button, press it, and in the Notification Window, click "Reset".

4.- Check if the Cookies were cleared.

I read about this fix in another site, but I do not really think that the cookies are actually malicious in nature, but, rather, bad programming, made to be persistent, or the browser has got them loaded.

 

Are you sure about that?

I have "conime.exe" running - and it says "Console IEM" - German OS, doesn't sound like language related to me.

Oh, and could you stop changing thread titles?

 

Thank you all for your help.
I finally managed to delete them. I must have tried about 5 different malware/virus applications.
This is what i did, some files were hidden and i made them viewable. I didn't start thinking in that direction until this afternoon. I then logged into safe mode again for about the 4th time and took ownership of my temp folder. It was read only before. I then deleted it.

Lucky escape.

It would have been hard for to reinstall everything because I downloaded Vista Ultimate online through the biggest steal deal or something that Microsoft had going for students.

I do have Vista Ultimate and that does come with language packs, it could be connected?

 

Well, yes, conime.exe is used to display Asian Characters, and may be installed in Windows if you download a Windows Package to see them.

Sure, no problem.

Those are some quite good news to hear, Rachel, good, it turned out to be a permission problem rather than a malware problem, that is quite relieving.

The Ultimate Steal is a good offer; good, you did not have to reinstall Windows after all!, I had an issue a month ago, and I almost ended up re-installing Windows too... I did not know what to do!

Not connected at all, Language Packs install conime.exe by default, nothing to worry about, anyway, I am glad that I could be of assistance and I am happy to hear that your problems were solved, Rachel!

If you need any further assistance, I will make sure to check the Antivirus / Security threads more often.

 

I doubt its the language packs - I just think conime.exe has nothing to do with laguages.
Anyway I'm glad to hear you sorted out your problem

The Microsoft Ultimate Steal - you may want to contact MS and see if you can buy a disc as you have a license - there may be a small fee involved, but try - it would be handy for you.

 

Thanks DetlevCM

Aeris I looked to see if i could find the size file for the conmine.exe file but i can longer find it. I deleted quite a bit in trying to sort out this problem. I could well have deleted it.

 

It's all good, the chances that it was a malicious software trying to camouflage itself as conime.exe are really low, because Windows would not have let it delete the real conime.exe from Windows\System32.

I see, the only con of deleting conime.exe is that some languages' characters would not display, but you can fix this by installing the Language Pack that you want manually, no other cons.

To re-inforce your computer's defenses, I'd recommend you to keep:

Avast! or Avira (Avira is user friendlier, while Avast! is more customizable).

Comodo Firewall Professional minus Antivirus (Not So User Friendly, Can Be Annoying With Its UAC-Like Pop-Up's)

Malwarebytes' Anti-Malware and SpyBot Search & Destroy.

Those will do to keep your computer safe from any future menaces!