After uninstalling ie-spyad, before going to update it I noticed that theres still a few left over registry keys from the first install in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Setttings\ZoneMap\Domains\ Is this normal?

Unless there's a typo or other error in a particular release of IE-SpyAd, which has happened one or two times in its history, it generally removes exactly the same entries it added. (I believe he uses a script that simply lists the remove commands for the same elements he adds in each release.)

Are you sure that those other entries are not things that were added either by yourself, (that registry key is where all trusted and restricted sites are stored, not just those added by IE-SpyAd), or by other security software?

Im pretty sure there from ie-spyad, they werent added by me. Ive never touched the restricted IE settings before untill installing ie-spyad. The only other security software I have is spywareblaster and im pretty sure that program dosnt add to that reg key

and SpyBot immunize, I dont know if that has anything to do with it

Well, all I can say is maybe there was an error in this case. What were the entries and what kit (from what date) were you using? I have most of them and a database of the entries I use to verify differences from kit to kit.

tonight ill install ie-spyad again, just formated comp yesterday and ill post the entries it leaves behind in my registry. Just to note theres nothing in my restricted IE zone and in the domains reg key before installing ie-spyad. Maybe its me but everytime I uninstall that program it always leaves reg keys in domains

alright I installed ie-spyad and uninstalled, after uninstalling guess what tons of domains still left behind just to name a few... 1gb.ru 1se.ru addr.com all-net.com american-teens.net aol.com arena.ne.jp box.sk chely.org cnn.net com.au com.br com.com freewebs.com forbes.com.........just about a couple hundred more also

LowWaterMark all the sites I gave examples to are all main sites with sub catagories (+) in them in the registry. I installed again and all the sites that were left behind in the registry were those....I guess those dont get removed during a uninstall

lvhkyjr2:

The IE-SPYAD uninstaller does indeed leave some keys behind in the Registry. Here's why.

When adding a subdomain such people.1gb.ru to the Restricted sites zone, IE-SPYAD adds a Registry entry such as the following to the Registry:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru\people]
"*"=dword:00000004

Notice the sub-key \people. Internet Explorer automatically creates a "parent" key as well:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru]

The uninstaller removes the following:

[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\1gb.ru\people]

...leaving the parent key for 1gb.ru. The entry people.1gb.ru is removed from the Restricted sites zone, but the "parent" key remains behind in the Registry.

Now, I could create an uninstaller that would remove the parent key as well, but that would mean dealing with a nasty potential problem: inadvertently removing entries that users had manually added to various zones, including the Trusted sites zone.

IE-SPYAD targets many subdomains of larger domains. Users may have manually added other sub-domains to the Restricted or Trusted sites zone. If IE-SPYAD removes the "parent" key, it will remove all sub-domains, not just the sub-domains that IE-SPYAD added.

Since I have no way of knowing in advance what sub-domains users may have added, the safest thing for me to do is leave the parent key, and thus any sub-keys (and thus sub-domains) that the user may have created.

Obviously, this arrangement is not ideal, and the problem stems from the way IE adds entries to the Domains key. My choice is to leave a little clutter in the Registry yet protect users' manual zone additions, or scrub the Domains key clean and wax user's own zone entries in the process. I've chosen to play it on the safe side.

Best,

Eric L. Howes

Thanks for coming by and responding on this Eric!

-{ Quote: "The entry people.1gb.ru is removed from the Restricted sites zone, but the "parent" key remains behind in the Registry." }-

I've looked at the specific example you used (people.1gb.ru) on my system and see what you mean about what's left if you uninstall. While the "1gb.ru" parent key is indeed left behind, it is not assigned to any zone and therefore will not effect browser usage if the person goes to that site. (Basically, the structure remains but it has no zone assignment.)

Thanks for the clarification.