Questions about HKEY_CURRENT_USER \Software\Microsoft\...\ZoneMap\Domains\
 

I spent part of yesterday defragging and running all my AV and spyware programs. Everything was clean until I ran PestPatrol, which found a pest named CWS.GoogleMS.3 located in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com. I Googled the xxxtoolbar to try to get some info on it, but all I could find were removal instructions, which I went through, but I didn't have any of the associated files. I set a reatore point and went ahead and deleted it. Here are my questions:

When I went into that Domains Registry, I was shocked by the long list of what appeared to be porn-related entries. I'd like to know
1.) Where could these have come from?
2.) Is there anything in that folder that should not be deleted?
3.) Is the folder itself necessary?

I tried to Google that Registry folder too, to find out it's purpose, but no luck with that either.

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 

I was just looking through the list more carefully and it's not all porn-related, there's a lot of typical spyware and adware stuff too. I don't see anything in the list that looks like it would be necessary.

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 

Moved to Security section

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 

Is it possible this is where the stuff Spyware Blaster installed is kept?

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 

Do you have ie-spyad installed? It enters over 4000 sites to your registry so that IE cannot go there.

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 

I don't have ie-spyad (though it appears a good thing to have), and there is not 4,000 entries there, I'd guess 100-200.

Is "...\Internet Settings\ZoneMap\Domains" the place where this type of information would be stored? Or should I delete all the entries there?

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 

Check out this link. http://www.jsiinc.com/subk/tip5100/rh5130.htm
It appears to be whatever is in your restricted zone so that IE cannot go there.

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
 

Thanks crunchie! That site is a bit complicated (for me), but you were able to find what I wasn't. After looking at the list, I suspected it was from SpyWareBlaster, and this confirms it. I updated SpyWareBlaster, had it enable all protection and, low and behold, xxx.toolbar.com (the one I originally deleted) is back! From now on, I know that if any of my anti-pest-ware programs find anything in here, I should just ignore it.

You can mark this one as solved! Thanks again!
(I would add to your rep again, but I have to 'spread it around' first. If anyone else reads this, give crunchie some cudos for me!)