The Cellar - View Single Post

tw · 09-27-2006, 02:56 AM

Zango sounds similar to spyware programs made intentionally undeleteable so that information on your machine is constantly sent to a third party computer, et al.

Files to look for:
clientax21.exe
animer.exe
mediagateway.exe
installer.exe
gimmysmile.exe
fev.exe
180sainstalleradperform.exe
mt-uninstaller.exe
sac186.exe
qpij.exe
setup.exe
updater.exe
sv.exe
zangomesse.exe
zangotbuninstaller.exe
zangotbinstaller.exe
zangoinstaller.exe
%program_files%\zango\zango.exe
zanu.exe
180sainstalleradperform.exe
180solutions.cab
a7f284ec20.dll
animer.exe
clientax21.exe
fev.exe
gimmysmile.exe
installer.exe
mediagatew.ex_
18014.mht
18018.mht
mediagateway.exe
mt-uninstaller.exe
npclntax.dll
open library.url
qpij.exe
res12.tmp
sac186.exe
saix.dll
setup.exe
sv.exe
uninstall zango instructions.lnk
updater.exe
zango customer support.url
zango.com.url
zango.exe
zango.ico
zango_kyf.dat
zangoau.dat
zangohook.dll
zangoinstaller.exe
zangomesse.exe
zangotb.dll
zangotbinstaller.exe
%program_files%\zango\zangohook.dll
%programs%\zango programs\zango.com.url
%programs%\zango\uninstall zango instructions.lnk
%programs%\zango\zango customer support.url
%programs%\zango\zango.com.url
zanu.exe
zanu_kyf.dat
zanuau.dat
zanuhook.dll
%common_programs%\zango\open library.url
%common_programs%\zango\uninstall zango instructions.lnk
%common_programs%\zango\zango customer support.url
%common_programs%\zango\zango.com.url
zangotbuninstaller.exe
%program_files%\zango programs\common\libraries\cryptoapi.dll
%program_files%\zango programs\common\zango.ico
%program_files%\zango\zango.exe
%program_files%\zango\zango_gdf.dat
%program_files%\zango\zango_hpk.dat
%program_files%\zango\zango_kyf.dat
%program_files%\zango\zango_kyf_update.dat
%program_files%\zango\zangoau.dat

Registry entries (execte REGEDIT to find these):
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zanu
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zango
HKEY_CLASSES_ROOT\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}
HKEY_CLASSES_ROOT\appid\{f1f040d5-e8f8-4680-b101-9334e9773841}
HKEY_CLASSES_ROOT\appid\zangotoolbar.dll
HKEY_CLASSES_ROOT\appid\zangotoolbar.dll appid
HKEY_CLASSES_ROOT\clientax.zangoclientax
HKEY_CLASSES_ROOT\clientax.zangoclientax.1
HKEY_CLASSES_ROOT\clientax.zangoclientax.1\clsid
HKEY_CLASSES_ROOT\clientax.zangoclientax\clsid
HKEY_CLASSES_ROOT\clientax.zangoclientax\curver
HKEY_CLASSES_ROOT\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a}
HKEY_CLASSES_ROOT\clsid\{391b0aa4-1e17-485f-b635-0fe26219e87e}
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\control
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\miscstatus
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\miscstatus\1
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\progid
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\programmable
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\toolboxbitmap32
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\typelib
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\version
HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\versionindependentprogid
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\control
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\miscstatus
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\miscstatus\1
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\progid
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\programmable
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\toolboxbitmap32
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\version
HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\versionindependentprogid
HKEY_CLASSES_ROOT\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a} appid
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\inprocserver32
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\inprocserver32 threadingmodel
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\progid
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\programmable
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\typelib
HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\versionindependentprogid
HKEY_CLASSES_ROOT\interface\{d5175f49-39e5-4af1-ba98-e2234869276d}
HKEY_CLASSES_ROOT\interface\{dd469a88-316c-441d-b712-783d9b9a6707}
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\0
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\0\win32
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\flags
HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\helpdir
HKEY_CLASSES_ROOT\typelib\{15ea8944-438e-471e-860d-6743d4383a37}
HKEY_CLASSES_ROOT\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a}
HKEY_CLASSES_ROOT\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}
HKEY_CURRENT_USER\software\zango
HKEY_CURRENT_USER\software\zango actionurl_current_version
HKEY_CURRENT_USER\software\zango actionurl_last_full_version
HKEY_CURRENT_USER\software\zango cdata
HKEY_CURRENT_USER\software\zango geourl_current_version
HKEY_CURRENT_USER\software\zango geourl_last_full_version
HKEY_CURRENT_USER\software\zango keyword_current_version
HKEY_CURRENT_USER\software\zango keyword_last_chunk
HKEY_CURRENT_USER\software\zango keyword_last_full_version
HKEY_CURRENT_USER\software\zango keyword_updating_ver
HKEY_CURRENT_USER\software\zango last_conn_h
HKEY_CURRENT_USER\software\zango last_conn_l
HKEY_CURRENT_USER\software\zango timeoffset
HKEY_CURRENT_USER\software\zango we
HKEY_CURRENT_USER\software\zanu
HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1 expdescription
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar {ea0d26bd-9029-431a-86e0-83152d67828a}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zango
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56f1d444-11bf-4879-a12b-79cf0177f038}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\documents and settings\all users\start menu\programs\zango programs\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\common\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\common\libraries\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\zango tv times\
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zango
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zanu
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\mediagatewayx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{c1b52e99-7ee0-4217-a072-e4742850e517}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango displayicon
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango displayname
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango uninstallstring
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zanu
HKEY_LOCAL_MACHINE\software\zango
HKEY_LOCAL_MACHINE\software\zango cvf
HKEY_LOCAL_MACHINE\software\zango duid
HKEY_LOCAL_MACHINE\software\zango partner_id
HKEY_LOCAL_MACHINE\software\zango product_id
HKEY_LOCAL_MACHINE\software\zango umt
HKEY_LOCAL_MACHINE\software\zanu

Variations of above summaries will exist. If malware, some registry and file entries would be deleted only to reappear. NY State Attorney General is suing some companies for doing software
"which advertised "free" software available for download, including screensavers, screen cursors and games. The Attorney General found that along with these programs, Intermix secretly downloaded a number of ad-delivery programs. One such program was called "KeenValue" and it delivered pop-up ads to its unsuspecting users. Another program, "IncrediFind," redirected web addresses to Intermix's proprietary search engine. Other programs placed advertising "toolbars" on users' screens".

Search for special software dedicated to only removing that malware. Without that software, history says - your fried. Your computer integrity remains way too dangerous to use for anything secure - ie bank account, Amazon, credit cards, etc.

Last time I fixed one of these computers, it was sending information to computers in Ukraine and Russia.

09-27-2006, 02:56 AM	#9
tw Read? I only know how to write. Join Date: Jan 2001 Posts: 11,933	Zango sounds similar to spyware programs made intentionally undeleteable so that information on your machine is constantly sent to a third party computer, et al. Files to look for: clientax21.exe animer.exe mediagateway.exe installer.exe gimmysmile.exe fev.exe 180sainstalleradperform.exe mt-uninstaller.exe sac186.exe qpij.exe setup.exe updater.exe sv.exe zangomesse.exe zangotbuninstaller.exe zangotbinstaller.exe zangoinstaller.exe %program_files%\zango\zango.exe zanu.exe 180sainstalleradperform.exe 180solutions.cab a7f284ec20.dll animer.exe clientax21.exe fev.exe gimmysmile.exe installer.exe mediagatew.ex_ 18014.mht 18018.mht mediagateway.exe mt-uninstaller.exe npclntax.dll open library.url qpij.exe res12.tmp sac186.exe saix.dll setup.exe sv.exe uninstall zango instructions.lnk updater.exe zango customer support.url zango.com.url zango.exe zango.ico zango_kyf.dat zangoau.dat zangohook.dll zangoinstaller.exe zangomesse.exe zangotb.dll zangotbinstaller.exe %program_files%\zango\zangohook.dll %programs%\zango programs\zango.com.url %programs%\zango\uninstall zango instructions.lnk %programs%\zango\zango customer support.url %programs%\zango\zango.com.url zanu.exe zanu_kyf.dat zanuau.dat zanuhook.dll %common_programs%\zango\open library.url %common_programs%\zango\uninstall zango instructions.lnk %common_programs%\zango\zango customer support.url %common_programs%\zango\zango.com.url zangotbuninstaller.exe %program_files%\zango programs\common\libraries\cryptoapi.dll %program_files%\zango programs\common\zango.ico %program_files%\zango\zango.exe %program_files%\zango\zango_gdf.dat %program_files%\zango\zango_hpk.dat %program_files%\zango\zango_kyf.dat %program_files%\zango\zango_kyf_update.dat %program_files%\zango\zangoau.dat Registry entries (execte REGEDIT to find these): HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zanu HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zango HKEY_CLASSES_ROOT\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472} HKEY_CLASSES_ROOT\appid\{f1f040d5-e8f8-4680-b101-9334e9773841} HKEY_CLASSES_ROOT\appid\zangotoolbar.dll HKEY_CLASSES_ROOT\appid\zangotoolbar.dll appid HKEY_CLASSES_ROOT\clientax.zangoclientax HKEY_CLASSES_ROOT\clientax.zangoclientax.1 HKEY_CLASSES_ROOT\clientax.zangoclientax.1\clsid HKEY_CLASSES_ROOT\clientax.zangoclientax\clsid HKEY_CLASSES_ROOT\clientax.zangoclientax\curver HKEY_CLASSES_ROOT\clsid\{144b9c7e-235a-4316-9eb3-5e393714c77a} HKEY_CLASSES_ROOT\clsid\{391b0aa4-1e17-485f-b635-0fe26219e87e} HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9} HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\control HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\inprocserver32 threadingmodel HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\miscstatus HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\miscstatus\1 HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\progid HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\programmable HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\toolboxbitmap32 HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\typelib HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\version HKEY_CLASSES_ROOT\clsid\{51cf80dc-a309-4735-bb11-ef18bf4e3ad9}\versionindependentprogid HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038} HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\control HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\inprocserver32 threadingmodel HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\miscstatus HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\miscstatus\1 HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\progid HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\programmable HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\toolboxbitmap32 HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\version HKEY_CLASSES_ROOT\clsid\{56f1d444-11bf-4879-a12b-79cf0177f038}\versionindependentprogid HKEY_CLASSES_ROOT\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a} HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a} appid HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\inprocserver32 HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\inprocserver32 threadingmodel HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\progid HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\programmable HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\typelib HKEY_CLASSES_ROOT\clsid\{ea0d26bd-9029-431a-86e0-83152d67828a}\versionindependentprogid HKEY_CLASSES_ROOT\interface\{d5175f49-39e5-4af1-ba98-e2234869276d} HKEY_CLASSES_ROOT\interface\{dd469a88-316c-441d-b712-783d9b9a6707} HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3} HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0 HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\0 HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\0\win32 HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\flags HKEY_CLASSES_ROOT\typelib\{01bf19c2-59d3-43e9-a2cc-c2d62d8878d3}\1.0\helpdir HKEY_CLASSES_ROOT\typelib\{15ea8944-438e-471e-860d-6743d4383a37} HKEY_CLASSES_ROOT\typelib\{91e523db-2a1c-4231-bb06-9be27c28739a} HKEY_CLASSES_ROOT\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5} HKEY_CURRENT_USER\software\zango HKEY_CURRENT_USER\software\zango actionurl_current_version HKEY_CURRENT_USER\software\zango actionurl_last_full_version HKEY_CURRENT_USER\software\zango cdata HKEY_CURRENT_USER\software\zango geourl_current_version HKEY_CURRENT_USER\software\zango geourl_last_full_version HKEY_CURRENT_USER\software\zango keyword_current_version HKEY_CURRENT_USER\software\zango keyword_last_chunk HKEY_CURRENT_USER\software\zango keyword_last_full_version HKEY_CURRENT_USER\software\zango keyword_updating_ver HKEY_CURRENT_USER\software\zango last_conn_h HKEY_CURRENT_USER\software\zango last_conn_l HKEY_CURRENT_USER\software\zango timeoffset HKEY_CURRENT_USER\software\zango we HKEY_CURRENT_USER\software\zanu HKEY_LOCAL_MACHINE\software\gimmysmileys\favorites\1 expdescription HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar {ea0d26bd-9029-431a-86e0-83152d67828a} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\zango HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{56f1d444-11bf-4879-a12b-79cf0177f038} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\documents and settings\all users\start menu\programs\zango programs\ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\common\ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\common\libraries\ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\folders c:\program files\zango programs\zango tv times\ HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zango HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run zanu HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls c:\windows\downloaded program files\mediagatewayx.dll HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{c1b52e99-7ee0-4217-a072-e4742850e517} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango displayicon HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango displayname HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zango uninstallstring HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\zanu HKEY_LOCAL_MACHINE\software\zango HKEY_LOCAL_MACHINE\software\zango cvf HKEY_LOCAL_MACHINE\software\zango duid HKEY_LOCAL_MACHINE\software\zango partner_id HKEY_LOCAL_MACHINE\software\zango product_id HKEY_LOCAL_MACHINE\software\zango umt HKEY_LOCAL_MACHINE\software\zanu Variations of above summaries will exist. If malware, some registry and file entries would be deleted only to reappear. NY State Attorney General is suing some companies for doing software "which advertised "free" software available for download, including screensavers, screen cursors and games. The Attorney General found that along with these programs, Intermix secretly downloaded a number of ad-delivery programs. One such program was called "KeenValue" and it delivered pop-up ads to its unsuspecting users. Another program, "IncrediFind," redirected web addresses to Intermix's proprietary search engine. Other programs placed advertising "toolbars" on users' screens". Search for special software dedicated to only removing that malware. Without that software, history says - your fried. Your computer integrity remains way too dangerous to use for anything secure - ie bank account, Amazon, credit cards, etc. Last time I fixed one of these computers, it was sending information to computers in Ukraine and Russia.