Bargain Buddy using a service

Go to Start, Run, type in
services.msc
Click OK .

Scroll down to the ISEXEng service
Highlight, right-click and select: Properties
Select "Service Status" option to "Stop"
Select: "Startup type" set it to "Disabled", click Apply, OK
Close the Services Editor.

Download the attachment to this post. bargbudserv.reg contains the text below:

-------------------------------------------------------------------------

REGEDIT4

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_ISEXENG]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISEXEng]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_ISEXENG]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ISEXEng]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ISEXENG]

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ISEXEng]

---------------------------------------------------------------------------

In HijackThis fix these items:

O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINNT\system32\nvms.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINNT\system32\mscb.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINNT\system32\msbe.dll

Reboot the system to Safe Mode. Doubleclick bargbudserv.reg and
confirm you want to merge it with the registry.

using Windows Explorer, find and delete the following files, if present:

C:\WInnt\System32\angelex.exe
C:\Winnt\system32\nvms.dll
C:\Winnt\system32\mscb.dll
C:\WInnt\system32\msbe.dll
C:\Winnt\System32\ex***.exe ( * are random characters)

And these folders:

C:\Program Files\NaviSearch
C:\Program Files\CashBack

Empty all Temp folder and the Recycle Bin

In HijackThis logs from version 1.99 and up this will show up as:
O23 - Service: ISEXEng - Unknown - C:\WINDOWS\System32\angelex.exe

Credits: TonyKlein and Winhelp2002