I got a java exploit virus/trojan recently - either through a fake update or hitting the "x" on one of those annoying pop-ups. Anyway, I've run Trend Micro & Security Essentials and both tell me they've found the problem & have cleaned it... daily. Meaning, there is something hiding which those programs cannot find. I found a couple of suspicious entries in "hkey_current_user software microsoft windows currentversion internet settings\zonemap\domains" - and want to be sure they're configured corrrectly - or whether I should delete them. The sites listed are ones I plugged into the restricted cookies section under IE - but they are not all of the sites listed in IE. The registry DWord value is "4" (0x00000004 (4)), but I am not certain that means "block" or not - and, I am not sure why only these 5 sites show up in the 'Domains' registry, and not all of the sites on my IE restrictions page (suspicious). Thoughts?