Smitfraud-C, Hotbar, Zango

I decided to do a Spy-Bot scan today just to make sure I didnt have any baddies, and Spy-Bot found Smitfraud-C, Zango, and Hotbar. It deleted Smitfraud and Hotbar, but it said it couldnt delete Zango because it was still in use in memory and it would delete it on reboot. So when I rebooted Spy-Bot still is finding Zango. Ad-Aware found traces of Zango but it deleted.them. So I ran Spy-Bot for a third time and it continues to find Zango. Here are my logs.

 

I ran the entire procudure for Smitfraud-C removal. Heres the SmitRem file and a new Hijack This log.

One thing that I ran on the procedure below
Now use Windows Explorer to locate and delete any of the below if found:
c:\wp.exe
Came up with 3 files, but they dont seem to be malware, heres a screenshot. What should I do with them?

 

Those files are legit, not everything smitfraud fix finds is bad. Your HJT log is also clean.

Can you attach the Spybot results?

 

I cant attach the log from Spybot as I dont know how to but heres a screenshot of what it removed. I still believe Zango is on my pc.

 

Run the scan again, once it complete right click and select "Save Results" and then attach this so we can do a manual removal.

 

Zango is still in use by memory and cant be removed till reboot, but I reboot it and its till there.

heres the log.

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

I treid the registry fix, but Spybot continues to find Zango. Would running Spybot in Safe Mode and deleting them from there help?
Also I used RegSeeker and looked up "zango'' and found the following keys. Should I just delete them all?

 

Have you tried their uninstaller? If not try it here HERE and then run another Spybot scan see if they return. I can only remove what I'm given in logs.

 

Have tried the Zango uninstaller, those 2 registry keys still continue to appear. tried to run spybot in Safe Mode, it found the 2 keys, but then it said that they were in memory still and that on reboot..well you know. Any other options?

 

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fixme1.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fixme1.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

Thanks bjgarrick for the help so far
Unfortunately I applied the registry patch, and I rebooted my pc, and Spybot still finds Zango.
Those same 2 registry keys.
Why is Zango being so stubborn?
If you can provide other options it will be greatly appreciated.

 

Also, before you do this, be sure no antispy programs are running as some block registry changes.

Click Start > Run > type in regedit

Manually navigate to the following keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\zango

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZangoToolbarWebTools

Right click on zango and ZangoToolbarWebTools and select "Permissions". In the list click on "Everyone" and at the bottom, check the box next to "Full Control. Click OK to exit.

Now right click on zango and ZangoToolbarWebTools and delete it. If you get any errors let me know!


After you complete this, reboot and see if Spybot still detects these entries.

 

Tried to look for "everyone" but only got this.
Also when I try to delete it gives me an error.
Even if I put full control for System or the other one it wont let me delete them, both in Normal and Safe Mode.

 

You have to create "Everyone" and then check full control. Then you can delete these manually. Click Add and type "Everyone" once it appears select it and check all the boxes on the left under Allow.

 

That seems to have worked. Time to run the final scan and see if Zango is gone.

 

Yes, Zango is gone finally. Thnak you very much bjgarrick for puttin up with my problem. Appreciate it.

 

Your Welcome!