BargainBuddy

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·

Overview
Summary:	BargainBuddy is a Browser Helper Object that watches the pages your browser requests and the terms you enter into a search engine web form. If a term matches a preset list of sites or keywords, BargainBuddy will display an ad. A process that is invoked at machine startup will check a remote server for updates to the software and ads that will be displayed.Bargain Buddy consists of an IE Browser Helper Object, and a process set to run at startup. The BHO monitors web pages requested and terms entered into forms. If there is a match with a preset list of sites and keywords, an advertisement may be shown. The process can contact its maker's server to download updates to the list of adverts and to the software itself.
Vendor Notes:	"The eXact Advertising Network has been in existence since 2000 as the advertising sales division of Net2Phone Inc. In May 2002, the management team that ran the Net2Phone Ad Network completed a buyout of the division. What was born was a new company with years of experience & success as its foundation." [ source] 'Bargain Buddy is installed on your computer and delivers relevant contextual information to you in the form of advertisements based on URLs and/or search terms you enter when navigating the Internet.' --- From the End User License Agreement.
Alias:	[default], Acup (internal name), adp.exe (after the installer included with some versions), Adware/ExactSearch [Panda], Bargain Buddy, Bargains (process name), Bullseye Network, Ikena (the server it connects to), Spyware/BargainBuddy [Panda]
Category:	Adware: Software that displays popup/popunder ads when the primary user interface is not visible or which do not appear to be assocaited with the product. Browser Helper Object: (BHO). A component that Internet Explorer will load whenever it starts, shares IE's memory context, can perform any action on the available windows and modules. A BHO can detect events, create windows to display additional information on a viewed page, monitor messages and actions. Microsoft calls it "a spy we send to infiltrate the browser's land." BHOs are not stopped by personal firewalls, because they are seen by the firewall as your browser itself. Some exploits of this technology search all pages you view in IE and replace banner advertisements with other ads. Some monitor and report on your actions. Some change your home page. Search Hijacker: Any software that resets your browser's settings to point to other sites when you perform a search. Hijacks may reroute your info and address requests through an unseen site, capturing that info. In such hijacks, your browser may behave normally, but be slower. Search results when such a hijacker is running will sometimes differ from non-hijacked results. Toolbar: A group of buttons which perform common tasks. A toolbar for Internet Explorer is nomally located below the menu bar at the top of the form. Toolbars may be created by Browser Helper Objects.
Similar Pests:	Adware · Browser Helper Object · Search Hijacker · Toolbar
Origins
Group:	eXact Advertising LLC
Vendor:	eXact Advertising
Mailing Address:	eXact Advertising, LLC PMB 2392, 101 W. 23rd Street, New York NY 10011-5629 US
Phone:	646-223-1227 or 646 223 1200
Date of Origin:	August, 2002
Distribution
Distribution:	BargainBuddy/adp may be installed by Alerts and vCatch. BargainBuddy/Apuc may be installed by some versions of LimeWire and by FavoriteMan. BargainBuddy/CC_Versn is included in Net2Phone CommCenter. Later versions of Net2Phone install the BHO DLL inside their own folder in Program Files, instead of the 'Bargain Buddy' folder.
Prevalence:	BargainBuddy: 1.6% More Info
Clot Factor:	BargainBuddy: 18 The "Clot Factor" is a measure of how much a pest "gums up" a machine by adding registry entries, files, and directories. As more objects are placed in a machine, manual removal becomes more difficult and more error-prone.
Growth:	BargainBuddy: Insufficient data to report growth
Operation
Advertising:	Yes. If you enter a url or keyword from Bargain Buddy's built-in list, you will see a pop-up ad served by DoubleClick. Such ads are not generally "bargains." 'By downloading the Bargain Buddy, you accept the Bargain Buddy License Agreement, which gives eXact Advertising LLC permission to display relevant contextual information.' -- from the End User License Agreement.
Storage Required:	BargainBuddy: at least 15177 KB
Browser Performance:	Likely to slow performance of Internet Explorer.
Risks
Privacy Issues:	Yes. When an advertisement is displayed, the advertiser will likely know which site was visited/keyword was entered, and DoubleClick can track these with cookies.
Privacy Policy:	No privacy policy could be located on exactadvertising.com.
Security Issues:	Yes. BargainBuddy updates itself silently through connections to adp.ikena.com.
Stability Issues:	None known.
Detection and Removal
Automatic Removal:	PestPatrol detects this. PestPatrol removes this.
Manual Removal:	Some versions can be removed from the Add/Remove Programs option in the Control Panel. This option seems to be missing in the newer Net2Phone version. Try this: Exit Bargain Buddy from your Tray Bar, if it is present. Press CTRL + ALT + DEL to remove Bargain Buddy from your task manager (if it is present). Proceed to Start -> Control Panel -> Add / Remove Programs, and remove Bargain Buddy. If the uninstall for Bargain Buddy isn't present in the Add / Remove Programs Window, the Uninstaller may be listed in your Program Files (accessible from the Start Menu). Before you can delete it, the DLL file must be deregistered. In older versions, this DLL is inside the 'Bargain Buddy' folder in 'Program Files'. Here there will be one or more 'bin' folders, one of which will contain a file called apuc.dll. If, for example, it's in 'bin2' the following command will work for Windows 95/98/Me: `"%WinDir%\SYSTEM\regsvr32.exe" /u "C:\Program Files\Bargain Buddy\bin2\apuc.dll"` (If your 'Program Files' directory has a different name (for example, on a non-English version of Windows), or is on a different drive, you'll have to substitute that in the path above.) Or for Windows NT/2000/XP simply: `regsvr32 /u "%ProgramFiles%\Bargain Buddy\bin2\apuc.dll"` If you have the new Net2Phone variant, the file you have to get rid of is instead called 'CC_Versn.dll', and it's inside the 'Net2Phone CommCenter' folder in Program Files. The command to get rid of it would be (for Win95/98/Me): `"%WinDir%\SYSTEM\regsvr32.exe" /u "C:\Program Files\Net2Phone CommCenter\CC_Versn.dll"` Or for Windows NT/2000/XP: `regsvr32 /u "%ProgramFiles%\Net2Phone CommCenter\CC_Versn.dll"` Next, end the 'Bargains' process from the Task Manager (ctrl-alt-delete). You should now be able to delete the entire 'Bargain Buddy' folder. Remove the following registry entries if present: HKEY_CLASSES_ROOT\apuc.urlcatcher HKEY_CLASSES_ROOT\apuc.urlcatcher.1 HKEY_CLASSES_ROOT\clsid\{014da6c4-189f-421a-88cd-07cfe51cff10} HKEY_CLASSES_ROOT\clsid\{014da6c5-189f-421a-88cd-07cfe51cff10} HKEY_CLASSES_ROOT\clsid\{49c3014f-03ed-4634-9fb2-2881f2c7a057} HKEY_CLASSES_ROOT\clsid\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} HKEY_CLASSES_ROOT\clsid\{4f9d4163-23f0-42e1-afda-4c1a6f8607e7} HKEY_CLASSES_ROOT\clsid\{60f8fb2a-9915-4202-967d-1fa694a8bcf5} HKEY_CLASSES_ROOT\clsid\{676058db-89bd-11d6-8a8c-0050ba8452c0} HKEY_CLASSES_ROOT\clsid\{676058e3-89bd-11d6-8a8c-0050ba8452c0} HKEY_CLASSES_ROOT\clsid\{676058e4-89bd-11d6-8a8c-0050ba8452c0} HKEY_CLASSES_ROOT\clsid\{6e1c7285-263b-431d-8b83-c3cbce301704} HKEY_CLASSES_ROOT\clsid\{72f81209-6c73-4de7-a3dc-408a8bd472fb} HKEY_CLASSES_ROOT\clsid\{974cc25e-d62c-4278-84e6-a806726e37bc} HKEY_CLASSES_ROOT\clsid\{9d1b86c7-1b93-4586-9009-ea3bd0ad63a5} HKEY_CLASSES_ROOT\clsid\{9dbafccf-592f-ffff-ffff-00608cec297b} HKEY_CLASSES_ROOT\clsid\{b8afa251-4efb-4703-87d4-da7d2435ba5e} HKEY_CLASSES_ROOT\clsid\{be35582c-9796-4cf1-aed9-556ada120b38} HKEY_CLASSES_ROOT\clsid\{c6906a23-4717-4e1f-b6fd-f06ebed14177} HKEY_CLASSES_ROOT\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_CLASSES_ROOT\clsid\{cf1e49b3-24a6-4b17-94be-c25102e3bf04} HKEY_CLASSES_ROOT\clsid\{df7d760c-b7e2-4735-bb77-f5a1a9745e16} HKEY_CLASSES_ROOT\clsid\{f94c0089-9394-4e44-b4ea-58dba1f7b84e} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177} HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\classes\clsid\{000004cc-e4ff-4f2c-bc30-dbef0b983bc9} HKEY_LOCAL_MACHINE\software\classes\clsid\{00000ef1-34e3-4633-87c6-1aa7a44296da} HKEY_LOCAL_MACHINE\software\classes\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\clsid\{014da6c2-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\clsid\{014da6c3-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\clsid\{014da6c5-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\clsid\{014da6c7-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\clsid\{014da6cb-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\clsid\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} HKEY_LOCAL_MACHINE\software\classes\clsid\{136a9d1d-1f4b-43d4-8359-6f2382449255} HKEY_LOCAL_MACHINE\software\classes\clsid\{49c3014f-03ed-4634-9fb2-2881f2c7a057} HKEY_LOCAL_MACHINE\software\classes\clsid\{4f9d4163-23f0-42e1-afda-4c1a6f8607e7} HKEY_LOCAL_MACHINE\software\classes\clsid\{676058e4-89bd-11d6-8a8c-0050ba8452c0} HKEY_LOCAL_MACHINE\software\classes\clsid\{6e1c7285-263b-431d-8b83-c3cbce301704} HKEY_LOCAL_MACHINE\software\classes\clsid\{730f2451-a3fe-4a72-938c-fc8a74f15978} HKEY_LOCAL_MACHINE\software\classes\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_LOCAL_MACHINE\software\classes\clsid\{cf1e49b3-24a6-4b17-94be-c25102e3bf04} HKEY_LOCAL_MACHINE\software\classes\clsid\{d7f2fd62-6c1b-4b52-85b1-f65a414bf050} HKEY_LOCAL_MACHINE\software\classes\clsid\{e5dfb380-3988-4c07-8afb-8a47769d9db5} HKEY_LOCAL_MACHINE\software\classes\interface\{014da6c4-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\interface\{014da6c6-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\interface\{014da6ca-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\interface\{014da6cc-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\interface\{297afc77-2039-4d3c-bef9-598819eb2c8a} HKEY_LOCAL_MACHINE\software\classes\interface\{676058e3-89bd-11d6-8a8c-0050ba8452c0} HKEY_LOCAL_MACHINE\software\classes\interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} HKEY_LOCAL_MACHINE\software\classes\interface\{9d1b86c7-1b93-4586-9009-ea3bd0ad63a5} HKEY_LOCAL_MACHINE\software\classes\interface\{b8afa251-4efb-4703-87d4-da7d2435ba5e} HKEY_LOCAL_MACHINE\software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177} HKEY_LOCAL_MACHINE\software\classes\interface\{df7d760c-b7e2-4735-bb77-f5a1a9745e16} HKEY_LOCAL_MACHINE\software\classes\interface\{f94c0089-9394-4e44-b4ea-58dba1f7b84e} HKEY_LOCAL_MACHINE\software\classes\typelib\{014da6c0-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} HKEY_LOCAL_MACHINE\software\classes\typelib\{60f8fb2a-9915-4202-967d-1fa694a8bcf5} HKEY_LOCAL_MACHINE\software\classes\typelib\{676058db-89bd-11d6-8a8c-0050ba8452c0} HKEY_LOCAL_MACHINE\software\classes\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1b} HKEY_LOCAL_MACHINE\software\classes\typelib\{974cc25e-d62c-4278-84e6-a806726e37bc} HKEY_LOCAL_MACHINE\software\classes\typelib\{be35582c-9796-4cf1-aed9-556ada120b38} HKEY_LOCAL_MACHINE\software\classes\typelib\{ef100607-f409-426a-9e7c-cb211f2a9030} HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{6e1c7285-263b-431d-8b83-c3cbce301704} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/winnt/downloaded program files/istactivex.dll\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bargains HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\dkry HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall Partial installs An installer executable may be included with the host application which attempts to download enough of the software to run so that it then updates itself fully. If this fails or has not yet run, you will only have the 'bargains' process. Kill this from the Task Manager (ctrl-alt-del) and remove the 'Run' value mentioned above, then you can delete the entire Bargain Buddy directory manually.
	Stop Running Processes: Kill these running processes with Task Manager: bargain3.exe bargain4.exe bbi8032.exe c:\buddy.exe c:\temp\bargains.exe igudyn.exe manager.exe newupdate.exe programfilesdir+\bargain buddy\bbchk.exe programfilesdir+\bargain buddy\bbi8015.exe programfilesdir+\bargain buddy\bbi8018.exe programfilesdir+\bargain buddy\bbi8024.exe programfilesdir+\bargain buddy\bin\bargains.exe programfilesdir+\bargain buddy\bin\cb.exe programfilesdir+\bargain buddy\bin2\bargains.exe programfilesdir+\bargain buddy\bin2\cb.exe programfilesdir+\bargain buddy\uninst.exe programfilesdir+\blue haven media\kazoom\bargainbuddy.exe programfilesdir+\bullseye network\adp8035.exe programfilesdir+\bullseye network\bin\adv.exe programfilesdir+\bullseye network\bin\adx.exe programfilesdir+\bullseye network\bin\bargains.exe programfilesdir+\bullseye network\uninstall.exe programfilesdir+\crazymates\euni_bbi8015.exe programfilesdir+\crazymates\fleok\msbb.exe programfilesdir+\crazymates\isinstalldonecrazy.exe programfilesdir+\crazymates\kahlisetup_demo.exe programfilesdir+\crazymates\keenpostback.exe programfilesdir+\crazymates\keenvalueinstall.exe programfilesdir+\crazymates\msbb.exe programfilesdir+\crazymates\nlnp49.exe programfilesdir+\crazymates\oskasetup_demo.exe programfilesdir+\crazymates\tahnisetup_demo.exe programfilesdir+\neoaudio\nnstp_bbi6009.exe sprite.exe systemroot+\ahadp.exe systemroot+\system32\angelex.exe systemroot+\system32\bbchk.exe systemroot+\system32\exclean.exe systemroot+\system32\exdl.exe systemroot+\system32\exdl0.exe systemroot+\system32\exdl1.exe systemroot+\system32\exul.exe systemroot+\system32\exul1.exe systemroot+\system32\instsrv.exe systemroot+\system32\msexreg.exe systemroot+\system32\q17i9a4j.exe systemroot+\zeta.exe update.exe
	Remove AutoRun Reference: Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\apd, delete it and reboot the machine immediately. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bargains, delete it and reboot the machine immediately. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bullseye network, delete it and reboot the machine immediately. If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\epakucmzh\c:\winnt\epakucmzh.exe, delete it and reboot the machine immediately.
	Unregister DLLs: Unregister these DLLs with Regsvr32, then reboot: 5de1097bc22d2117da82ee85603c38b1.dll nvms.dll programfilesdir+\bargai~1\bin\apuc.dll programfilesdir+\bargain buddy\bin\apuc.dll programfilesdir+\bargain buddy\bin2\apuc.dll programfilesdir+\crazymates\msbbhook.dll systemroot+\system\apuc.dll systemroot+\system32\apuc.dll systemroot+\system32\msbb.dll systemroot+\system32\msbb1.dll systemroot+\system32\mset_bbi8010.dll systemroot+\system32\mset_bbi80101.dll systemroot+\system32\mset_bbi80102.dll systemroot+\system32\mset_bbi80103.dll systemroot+\system32\qh4mkbv9.dll systemroot+\temp\backup-20040105-225929-414.dll webabout.dll zmscb.dll
	Clean Registry: Remove these registry items (if present) with RegEdit: HKEY_CLASSES_ROOT\adp.urlcatcher HKEY_CLASSES_ROOT\adp.urlcatcher.1 HKEY_CLASSES_ROOT\adp.urlcatcher.1\adp urlcatcher class HKEY_CLASSES_ROOT\adp.urlcatcher.1\clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} HKEY_CLASSES_ROOT\adp.urlcatcher\adp urlcatcher class HKEY_CLASSES_ROOT\adp.urlcatcher\clsid\{f4e04583-354e-4076-be7d-ed6a80fd66da} HKEY_CLASSES_ROOT\apuc.urlcatcher HKEY_CLASSES_ROOT\apuc.urlcatcher.1 HKEY_CLASSES_ROOT\apuc.urlcatcher\clsid HKEY_CLASSES_ROOT\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_CLASSES_ROOT\clsid\{014da6c4-189f-421a-88cd-07cfe51cff10} HKEY_CLASSES_ROOT\clsid\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} HKEY_CLASSES_ROOT\clsid\{60f8fb2a-9915-4202-967d-1fa694a8bcf5} HKEY_CLASSES_ROOT\clsid\{676058db-89bd-11d6-8a8c-0050ba8452c0} HKEY_CLASSES_ROOT\clsid\{676058e3-89bd-11d6-8a8c-0050ba8452c0} HKEY_CLASSES_ROOT\clsid\{6e1c7285-263b-431d-8b83-c3cbce301704} HKEY_CLASSES_ROOT\clsid\{72f81209-6c73-4de7-a3dc-408a8bd472fb} HKEY_CLASSES_ROOT\clsid\{79849612-a98f-45b8-95e9-4d13c7b6b35c}\control HKEY_CLASSES_ROOT\clsid\{974cc25e-d62c-4278-84e6-a806726e37bc} HKEY_CLASSES_ROOT\clsid\{9d1b86c7-1b93-4586-9009-ea3bd0ad63a5} HKEY_CLASSES_ROOT\clsid\{9dbafccf-592f-ffff-ffff-00608cec297b} HKEY_CLASSES_ROOT\clsid\{b8afa251-4efb-4703-87d4-da7d2435ba5e} HKEY_CLASSES_ROOT\clsid\{be35582c-9796-4cf1-aed9-556ada120b38} HKEY_CLASSES_ROOT\clsid\{c6906a23-4717-4e1f-b6fd-f06ebed14177} HKEY_CLASSES_ROOT\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_CLASSES_ROOT\clsid\{df7d760c-b7e2-4735-bb77-f5a1a9745e16} HKEY_CLASSES_ROOT\clsid\{f94c0089-9394-4e44-b4ea-58dba1f7b84e} HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\ixyz HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\proxystubclsid\{00020424-0000-0000-c000-000000000046} HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\proxystubclsid32\{00020424-0000-0000-c000-000000000046} HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564e5678}\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} HKEY_CLASSES_ROOT\interface\{8eee58d5-130e-4cbd-9c83-35a0564ea119} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\iurlcatcher HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\proxystubclsid\{00020424-0000-0000-c000-000000000046} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\proxystubclsid32\{00020424-0000-0000-c000-000000000046} HKEY_CLASSES_ROOT\interface\{c6906a23-4717-4e1f-b6fd-f06ebed15678}\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3} HKEY_CLASSES_ROOT\rsp.bizlgk\clsid HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\0\win32\c:\windows\system32\msbe.dll HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\adp 1.0 type library HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\flags\0 HKEY_CLASSES_ROOT\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516b2c3}\1.0\helpdir\c:\windows\system32\ HKEY_LOCAL_MACHINE\software\bargains HKEY_LOCAL_MACHINE\software\classes\f1.organizer HKEY_LOCAL_MACHINE\software\classes\f1.organizer.1 HKEY_LOCAL_MACHINE\software\classes\f1.organizer\clsid HKEY_LOCAL_MACHINE\software\classes\f1.organizer\curver HKEY_LOCAL_MACHINE\software\classes\interface\{226a045e-fd4e-4632-b51d-a112bd8254e5} HKEY_LOCAL_MACHINE\software\classes\interface\{297afc77-2039-4d3c-bef9-598819eb2c8a} HKEY_LOCAL_MACHINE\software\classes\interface\{676058e3-89bd-11d6-8a8c-0050ba8452c0} HKEY_LOCAL_MACHINE\software\classes\interface\{8eee58d5-130e-4cbd-9c83-35a0564ea119} HKEY_LOCAL_MACHINE\software\classes\interface\{9388907f-82f5-434d-a941-bb802c6dd7c1} HKEY_LOCAL_MACHINE\software\classes\interface\{f6fbfe07-ca76-438e-b34e-4f4dc41f0123} HKEY_LOCAL_MACHINE\software\classes\interface\{f94c0089-9394-4e44-b4ea-58dba1f7b84e} HKEY_LOCAL_MACHINE\software\classes\ipinsigt.ipinsigtobj.1 HKEY_LOCAL_MACHINE\software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3} HKEY_LOCAL_MACHINE\software\classes\typelib\{676058db-89bd-11d6-8a8c-0050ba8452c0} HKEY_LOCAL_MACHINE\software\classes\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1b} HKEY_LOCAL_MACHINE\software\classes\typelib\{974cc25e-d62c-4278-84e6-a806726e37bc} HKEY_LOCAL_MACHINE\software\classes\typelib\{be35582c-9796-4cf1-aed9-556ada120b38} HKEY_LOCAL_MACHINE\software\classes\typelib\{ef100607-f409-426a-9e7c-cb211f2a9030} HKEY_LOCAL_MACHINE\software\classesc\wusn_id HKEY_LOCAL_MACHINE\software\crazymates\install_dir HKEY_LOCAL_MACHINE\software\euniverse\install_guid HKEY_LOCAL_MACHINE\software\euniverse\vbarry\1.0\email HKEY_LOCAL_MACHINE\software\euniverse\vbarry\1.0\lastname HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{6e1c7285-263b-431d-8b83-c3cbce301704} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\app management\arpcache\bargain buddy HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{f4e04583-354e-4076-be7d-ed6a80fd66da} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browserhelperobjects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\apd HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bargains HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\bullseye network HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\epakucmzh\c:\winnt\epakucmzh.exe HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\{21c555b1-43b9-45e3-929f-258e64772372} HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bargain buddy HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bargain buddy\displayname HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bargain buddy\uninstallstring HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\bargainbuddy HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\cashback HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whenusaveuniv\displayicon HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whenusaveuniv\displayname HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whenusaveuniv\displayversion HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whenusaveuniv\helplink HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whenusaveuniv\publisher HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whenusaveuniv\uninstallstring HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\whenusaveuniv\urlinfoabout HKEY_LOCAL_MACHINE\software\navisearch HKEY_LOCAL_MACHINE\system\currentcontrolset\services\zesoft
	Remove Files: Remove these files (if present) with Windows Explorer: 5de1097bc22d2117da82ee85603c38b1.dll ad.dat bargain3.exe bargain4.exe bargainbuddy.txt bbi8032.exe c:\buddy.exe c:\temp\bargains.exe c:\temp\bb_auto_wider.swf c:\temp\bb_click_wider.swf c:\temp\bb_welcome.html c:\temp\bb_welcome1.swf c:\temp\blank.gif c:\temp\extmp0.html c:\temp\icon.gif c:\temp\logo.gif data.mnu fiz1 igudyn.exe keenvaluelog.txt kv002.dat listing.txt manager.exe msbb.log newupdate.exe nvms.dll oska deskmate.lnk programfilesdir+\bargai~1\bin\apuc.dll programfilesdir+\bargain buddy\bbchk.exe programfilesdir+\bargain buddy\bbi8015.exe programfilesdir+\bargain buddy\bbi8018.exe programfilesdir+\bargain buddy\bbi8024.exe programfilesdir+\bargain buddy\bin\apuc.dll programfilesdir+\bargain buddy\bin\bargains.exe programfilesdir+\bargain buddy\bin\cb.exe programfilesdir+\bargain buddy\bin2\apuc.dll programfilesdir+\bargain buddy\bin2\bargains.exe programfilesdir+\bargain buddy\bin2\cb.exe programfilesdir+\bargain buddy\uninst.exe programfilesdir+\blue haven media\kazoom\bargainbuddy.exe programfilesdir+\bullseye network\adp8035.exe programfilesdir+\bullseye network\bin\adv.exe programfilesdir+\bullseye network\bin\adx.exe programfilesdir+\bullseye network\bin\bargains.exe programfilesdir+\bullseye network\uninstall.exe programfilesdir+\crazymates\euni_bbi8015.exe programfilesdir+\crazymates\fleok\msbb.exe programfilesdir+\crazymates\isinstalldonecrazy.exe programfilesdir+\crazymates\kahlisetup_demo.exe programfilesdir+\crazymates\keenpostback.exe programfilesdir+\crazymates\keenvalueinstall.exe programfilesdir+\crazymates\msbb.exe programfilesdir+\crazymates\msbbhook.dll programfilesdir+\crazymates\nlnp49.exe programfilesdir+\crazymates\oskasetup_demo.exe programfilesdir+\crazymates\tahnisetup_demo.exe programfilesdir+\ebatesmoemoneymaker\system\code\b.class programfilesdir+\ebatesmoemoneymaker\system\code\ba.class programfilesdir+\ebatesmoemoneymaker\system\code\bb.class programfilesdir+\ebatesmoemoneymaker\system\code\bc.class programfilesdir+\ebatesmoemoneymaker\system\code\bd.class programfilesdir+\ebatesmoemoneymaker\system\code\be.class programfilesdir+\ebatesmoemoneymaker\system\code\bf.class programfilesdir+\ebatesmoemoneymaker\system\code\bg.class programfilesdir+\ebatesmoemoneymaker\system\code\bh.class programfilesdir+\neoaudio\nnstp_bbi6009.exe sprite.exe systemroot+\ahadp.exe systemroot+\system\apuc.dll systemroot+\system32\angelex.exe systemroot+\system32\apuc.dll systemroot+\system32\bbchk.exe systemroot+\system32\exclean.exe systemroot+\system32\exdl.exe systemroot+\system32\exdl0.exe systemroot+\system32\exdl1.exe systemroot+\system32\exul.exe systemroot+\system32\exul1.exe systemroot+\system32\instsrv.exe systemroot+\system32\javexulm.vxd systemroot+\system32\msbb.dll systemroot+\system32\msbb1.dll systemroot+\system32\mset_bbi8010.dll systemroot+\system32\mset_bbi80101.dll systemroot+\system32\mset_bbi80102.dll systemroot+\system32\mset_bbi80103.dll systemroot+\system32\msexreg.exe systemroot+\system32\netut80ex.vxd systemroot+\system32\q17i9a4j.exe systemroot+\system32\q17i9a4j.ini systemroot+\system32\qh4mkbv9.dll systemroot+\temp\backup-20040105-225929-414.dll systemroot+\zeta.exe tahni deskmate.lnk ub.dat uninstall oska.lnk uninstall tahni.lnk update.exe webabout.dll zmscb.dll
	Remove Directories: Remove these directories (if present) with Windows Explorer: programfilesdir+\bargain buddy programfilesdir+\bullseye network programfilesdir+\cashback programfilesdir+\crazymates programfilesdir+\iemenuextension
	Restore Settings: After following the instructions above, you will still need to restore your original settings and prevent this from happening again. Here''s how.
Research
File Analyses:	BargainBuddy: 5de1097bc22d2117da82ee85603c38b1.dll · ad.dat · adv.exe · adx.exe · angelex.exe · apuc.dll · bargain3.exe · bargain4.exe · bargainbuddy.txt · bargains.exe · bbi8015.exe · bbi8032.exe · buddy.exe · cb.exe · data.mnu · exclean.exe · fiz1 · igudyn.exe · isinstalldonecrazy.exe · keenpostback.exe · keenvaluelog.txt · kv002.dat · listing.txt · manager.exe · msbb.log · mset_bbi8010.dll · msexreg.exe · netut80ex.vxd · newupdate.exe · nvms.dll · oska deskmate.lnk · oskasetup_demo.exe · sprite.exe · tahni deskmate.lnk · tahnisetup_demo.exe · ub.dat · uninst.exe · uninstall oska.lnk · uninstall tahni.lnk · uninstall.exe · update.exe · webabout.dll · zmscb.dll
More Info:	AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
Research By:	Andrew Clover and Benjamin Googins PestPatrol's Pest Research Center
Last Revised:	April 15, 2005

BargainBuddy

· Overview · · Origins · · Distribution · · Operation · · Risks · · Detection and Removal · · Research ·

Overview

Summary:

Vendor Notes:

Alias:

Category:

Similar Pests:

Origins

Group:

Vendor:

Mailing Address:

Phone:

Date of Origin:

Distribution

Distribution:

Prevalence:

Clot Factor:

Growth:

Operation

Advertising:

Storage Required:

Browser Performance:

Risks

Privacy Issues:

Privacy Policy:

Security Issues:

Stability Issues:

Detection and Removal

Automatic Removal:

Manual Removal:

Research

File Analyses:

More Info:

Research By:

Last Revised:

· Overview ·
· Origins ·
· Distribution ·
· Operation ·
· Risks ·
· Detection and Removal ·
· Research ·