I scanned these with Virustotal, 2 came up as 0 detection, 5 came up about 1 detection (which I think was false positive, things like secure web detecting something but the rest not) and one which there was mixed views on whether it was adware or not where symantec labeled it as adware and Kaspersky labeled it as not-a-virus:WebToolbar.Win32.Zango.ca.
I do remember going to the Zango website, and clicking the agree but, but I dont remember completing the installation. I just clicked the “agree” button and then closed it.
I removed most of them, but I just scanned my computer again and their were more reported threats, which looks to be sytem volume information for windows xp codecs, stellar phoenix system restore and one unknown which could be stellar.
here are the locations of the older one:
C:\Program Files\Stellar Phoenix NTFS Data Recovery\casper.dll
C:\Program Files\Stellar Phoenix NTFS Data Recovery\cks.exe
C:\Program Files\Stellar Phoenix NTFS Data Recovery\cki32k.dll
C:\System Volume Information*\A0018525.exe
C:\System Volume Information*\A0017882.exe
C:\System Volume Information*\A0011490.exe
C:\System Volume Information*\A0011276.exe
C:\System Volume Information*\A0007409.exe
replace long code of digits and numbers and restore_ with a *.