944,150 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet
Ad:
Permalink
Sep 15th, 2004
0

Questions about HKEY_CURRENT_USER \Software\Microsoft\...\ZoneMap\Domains\

Expand Post »
I spent part of yesterday defragging and running all my AV and spyware programs. Everything was clean until I ran PestPatrol, which found a pest named CWS.GoogleMS.3 located in: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xxxtoolbar.com. I Googled the xxxtoolbar to try to get some info on it, but all I could find were removal instructions, which I went through, but I didn't have any of the associated files. I set a reatore point and went ahead and deleted it. Here are my questions:

When I went into that Domains Registry, I was shocked by the long list of what appeared to be porn-related entries. I'd like to know
1.) Where could these have come from?
2.) Is there anything in that folder that should not be deleted?
3.) Is the folder itself necessary?

I tried to Google that Registry folder too, to find out it's purpose, but no luck with that either.
Similar Threads
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 15th, 2004
0

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

I was just looking through the list more carefully and it's not all porn-related, there's a lot of typical spyware and adware stuff too. I don't see anything in the list that looks like it would be necessary.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 15th, 2004
0

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Moved to Security section
Team Colleague
Reputation Points: 229
Solved Threads: 149
Grandad
Catweazle is offline Offline
3,826 posts
since Mar 2004
Permalink
Sep 16th, 2004
0

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Is it possible this is where the stuff Spyware Blaster installed is kept?
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 17th, 2004
0

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Do you have ie-spyad installed? It enters over 4000 sites to your registry so that IE cannot go there.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,165 posts
since Feb 2004
Permalink
Sep 17th, 2004
0

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

I don't have ie-spyad (though it appears a good thing to have), and there is not 4,000 entries there, I'd guess 100-200.

Is "...\Internet Settings\ZoneMap\Domains" the place where this type of information would be stored? Or should I delete all the entries there?
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
Sep 18th, 2004
0

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Check out this link. http://www.jsiinc.com/subk/tip5100/rh5130.htm
It appears to be whatever is in your restricted zone so that IE cannot go there.
Moderator
Featured Poster
Reputation Points: 1142
Solved Threads: 982
Most Valuable Poster
crunchie is offline Offline
12,165 posts
since Feb 2004
Permalink
Sep 18th, 2004
0

Re: Questions about HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet

Thanks crunchie! That site is a bit complicated (for me), but you were able to find what I wasn't. After looking at the list, I suspected it was from SpyWareBlaster, and this confirms it. I updated SpyWareBlaster, had it enable all protection and, low and behold, xxx.toolbar.com (the one I originally deleted) is back! From now on, I know that if any of my anti-pest-ware programs find anything in here, I should just ignore it.

You can mark this one as solved! Thanks again!
(I would add to your rep again, but I have to 'spread it around' first. If anyone else reads this, give crunchie some cudos for me!)
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: help stopping spyware
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: NPF Driver?!





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC