Windows 7: malware?

I am running W 7 home Premium 64 bit and have the firewall enabled, use a router, have Avast, A2, etc. None show any problems.

But when perusing my registry file I find under EscDomains a whole list of sites that look like bad sites. I suspect these may be there to protect me from them but I am not sure if that is true or they mean I am infected with all these things.



Examples: kaaweb.it kacero.net karaweb.it

Suggestions for a second AV to use beside Avast (and microsoft's own ..I forget its name with updates every two weeks or so)? I tried to install Kaspersky but it took forever and would not install correctly on my system. So I removed it.

All you really need it is one real-time AV and one on-demand only AV such as MalwareBytes. Have you tried deleting all your cookies through your web browser?

1. Run MBAM to see what's going on.
2. MSE is a free AV program that I use and updates daily.
Let us know if we can provide more help!

Slow typist here! Petey

These are the only entries I have under that key:



I would delete all other entries apart from those. Remember to log on as each user and repeat this operation.

Restore Microsofts Host file with HostXpert


Download the HostsXpert 4.3 - Hosts File Manager.

• Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert
• Click HostsXpert.exe to Run HostsXpert 4.3 - Hosts File Manager from its new home
• Click "Make Hosts Writable?" in the upper right corner (If available).
• Click Restore Microsoft's Hosts file and then click OK.
• Click the X to exit the program.
  
• Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Now, go here and download a good Hosts file http://www.mvps.org/***********/hosts.htm

Cookies in both my main browser (Firefox) and IE which I use occasionally are all deleted.

I will download HostsXpert 4.3 and try it.

I am the only user on the system so with everyone else saying they do not have anything else under that registry key, I am now really worried. Also worried to just delete all this stuff from the registry. I suppose I would be safe if I backed the registry first.

For AV I have Avast running constantly and occasionally I run Malwarebytes. Neither find anything and yes I do update MB before running it. I also have run Spybot which found a couple of cookies but nothing anymore.

If a create a new hosts file I can always re-run Spybot to "immunize" it but I am worried about what else I need to add to it so as not to lose my internet connection. It was a real hassle getting that to work the first time around. Thanks everyone for helping.

Is this hosts file for W 7 64 bit or does it not matter? Where does it go?

Ran Malwarebytes: nothing found
Ran Spybot: nothing found.

I could create a new hosts file but what about all these registry entries?

Anyone know what the EscDomains key is about? The name suggests its entries (a long list of bad and porn sites) may actually be there to bypass these domains or does it mean they are "trusted zones"?

Where is the active hosts file in W 7 64 bit?

If it is the one in C:\Windows\System32\drivers\etc\hosts
Then on my PC it has right at the top:

# localhost name resolution is handled within DNS itself.
# 127.0.0.1 localhost
# ::1 localhost
# Start of entries inserted by Spybot - Search & Destroy
127.0.0.1 007guard.com - 007guard and Windows Vista
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 008k.com

and yet as the nslookup showed, 007Guard is still getting through!

Could that not be the right hosts file?

This is mine also
# 127.0.0.1 localhost
# ::1 localhost

Spybot s&d inserted it's Hosts files, so yes, re-immunize now.
You should be fine.
Read this for peace of mind hosts immunisation. www.007guard.com - Safer-Networking Forums