tracking cookies that won't permanently go away ... (incl. 2o7)

This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.


Thread Starter
Apr 20, 2010
i am having trouble permanently getting rid of several tracking cookies. i know that they are relatively harmless and they are easy to get rid of but my issue is that it seems like no matter what method i use to get rid of them they keep coming back.

this started about a month ago when i got hit with a handful of viruses which at least one of them installed malware / spyware onto my system and i was finding them attached to normally trustworthy programs and even programs that when you are hit with malicious software you turn to to fix the problem (spybot, AVG, webroot spysweeper, etc).

and lots of browser hijackers and whatnot...

after about a weeks worth of research and fruitless efforts to permanently solve the problem i resorted to reformatting and starting over.

i was problem free until i imported my saved bookmarks from in firefox using the restore option (JSON file) and then i started getting bombarded with tracking cookie alerts from resident shields, etc.

long story shorter, i haven't had a recurrence of the initial virus(es) but one cookie in particular - 2o7 - & a handful of others were going [email protected]&*!


so my issue is this ... none of the software / sites i've tried or forums i've read have been able to tell me what is causing this, why i can't permanently get rid of it, where it hides or how it remanifests itself when AVG, spybot, webroot, malware, etc all tell me it's gone.

it's not the cookies i'm concerned about as much as it's the fact that something somewhere is pulling my PC's strings and i'm powerlesss to stop it. and i know that some malicious software can sit dormant for months until triggered by an action or on a timer or whatever.

at this point i'd be happy just to finally be permanently rid of this SOB but i'd REALLY like to know the what and where of it if i could because IMHO the creator is a genius. i've been DIY of my personal geeky universe for about 15 yrs and i haven't had something give me this much trouble since back in the early days when i was still learning or was playing with fire and got burned.

to wrap up, i have logs for: AVG, hijackthis, and webroot spysweeper just begging to be viewed ;)

thanks in advance


oh and the virus that i think might have been the culprit was SHeur3.GPZ if that's any help


Thread Starter
Apr 20, 2010
i'm not sure why i didn't go ahead and post the hijackthis log since that is generally the 1st thing most ppl want to see ... also since i posted i have dl'd & run SUPERAntispyware Free Edition as well as malwarebytes (FYI)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:04:37 AM, on 4/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\Program Files\ImageShack\QuickShot\QuickShot.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [ImageShackUtil] C:\Program Files\ImageShack\QuickShot\QuickShot.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPHUPD08] "C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Angela\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [RegistryMechanic] "C:\Program Files\Registry Mechanic\RegMech.exe" /S
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
O15 - Trusted Zone:
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - PC Tools - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. ( - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

End of file - 9649 bytes


Retired Moderator Retired Malware Specialist
Dec 14, 2002
cookies are harmless and you will get tracking cookies whenever you surf the net

moved to general security as not a malware issue


Sep 12, 2008
Dear Hewee,
Quote" Get a hosts file and that will block most bad and tracking sites" Unquote. That's it!(y)(y)

My thought exactly!

Dear angdall,
kindly visit this site to download the MVPS Hosts file : If you peruse the Hosts file ,you will see many of the sites like "tribalfusion"etc, which will be prevented fro playing again in your "pool".

As advised before, kindly install SpywareBlaster from :
Best wishes.:)


Jul 2, 2005
Since you say you are kind of techie, you should look into Privoxy. I use it routinely. It enables you to block all kinds of internet annoyances.
Jan 22, 2007

Thanks he wee and perfume I've saved your information its top drawer.. (y)

Oct 26, 2001
You're welcome.

I never worry about cookies.

Well only now in then if I have trouble getting a site to set a cookie because I block things so many ways from hosts file, NoScript, Cookie safe.


Sep 12, 2008
Dear hogndog,
Most welcome! It was hewee who made me take the first "infant steps" into understanding and putting "Hosts File" to good use! One can manually update the Hosts file or go the automatic route. Hosts Man is one such tool. BUT, when in the right-click context it did not score well, i am not having it in my arsenal. Kindly see my next post, which will follow immediately.:p(y)
Apr 21, 2010
I am using Privoxy to speed up my internet connection. I really didn't know it can do others for me.


Sep 12, 2008
Since you say you are kind of techie, you should look into Privoxy. I use it routinely. It enables you to block all kinds of internet annoyances.
Dear jimI8,
Since your post followed mine, i am wearing the "Boss Suit" if a techie, which i am not:D! It's Hewee who's the guy, most unpretensious and ever helpful who is the tech-boss!(y)

I have used Privoxy! I have used Tor! I have used Vidalia! The internet slows down so much , that you feel like you are on your way back home in Bangkok at rush time! Now, i am using Ultra VPN, an open source and free tool which is a"Chunnel", propelling your Bentley along! But, i have seen some connectivity probs. with "Ultra". Don't try any other free VPNs, as all of them are compromised by every kind of"ware". I am chugging along fine and phantom010 already says i have "overkill in real-time and otherwise too". He knows what he's saying, so i have to dump some! Best wishes.

PS: This, i promised in the previous post! Get WinPatrol! It is a gem for which you need not dig deep! Site :


Sep 12, 2008
I am using Privoxy to speed up my internet connection. I really didn't know it can do others for me.
Dear EmilyRTM,
Ah! We meet again! This particular part about Privoxy should be of interest! " You can verify that Privoxy is running, and your browser is correctly configured by entering the special URL: http://p.p/. This should take you to a page titled "This is Privoxy.." with access to Privoxy's internal configuration. If you see this, then you are good to go. If you receive a page saying "Privoxy is not running", then the browser is not set up to use your Privoxy installation. If you receive anything else (probably nothing at all), it could either be that the browser is not set up correctly, or that Privoxy is not running at all"

Have you gone to the site mentioned above by the developers to check out whether you are actually running "Proxy"?
Now, here's something to smile about(some may guffaw!) "
"4.25. I've noticed that Privoxy changes "Microsoft" to "MicroSuck"! Why are you manipulating my browsing?

We're not. The text substitutions that you are seeing are disabled in the default configuration as shipped. You have either manually activated the "fun" filter which is clearly labeled "Text replacements for subversive browsing fun!" or you are using an older Privoxy version and have implicitly activated it by choosing the "Advanced" profile in the web-based editor. Please upgrade ".

Now that makes my day! I have learnt that there is a "fun" filter somewhere! You see, dear Emily, if you enter as a novice ( which i still am, but improving daily), you will learn things which nobody can teach you anywhere! This much i can promise you! But some people come to teach and will usually fall flat, because the knowledge base of this site is gigantic! You will make friends and some, you will learn to respect for their knowledge and more importantly"WISDOM". This site has saved my physical health and mentally propped me up many a times, in ways which only i know!:)(y)Best wishes!


Jul 2, 2005
Actually, I think that microsoft/microsuck thing was in direct response to me.

I've use Privoxy since shortly after it was released, and I used internet junkbuster (Privoxy's direct ancestor) before that.

Time was, that "fun" filter was set to "on" by default, and I encountered that microsoft/microsuck thing. When I encountered it, I contacted the website owner and suggested his site had been compromised. He checked, and told me that it hadn't been. So I did some simple tests and found that privoxy had done it.

I then flamed Privoxy all over the net, and blasted the developers directly, both publicly and in email, for doing that. Their response was rather huffy, that I should have known enough to turn off the filter...

I let 'em have it for that too, and wondered aloud what other insidious things that rogue software was doing. So now, it is shipped with the filter turned off as it should be.

But Privoxy won't slow down your internet connection. If anything, it will speed it up because it blocks the download of advertisements and prevents a lot of the javascript annoyances that suck up bandwidth (such as predictive downloading).
Oct 26, 2001
perfume, I used the hosts file foe years before it hit me that I was not controlling cookies the best way and after I changed so I use the Exceptions list to control the cookies I said wow what took you so long to make the change. The Exceptions list only has sites listed that I need to be there so all others do not.

With spywareblaster the blocking for Firefox I have disabled because it is not needed. For Firefox all spywareblaster does is add all those sites it blocks to the Exceptions list and marks them as block.
But my cookies setting all sites are blocked by default so no need to add them to the Exceptions list.
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online