Friday
2008-11-29, 18:45
The following instructions have been created to help you to get rid of "Fraud.ProtectionBar" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
Description:
There is no Eula or pirvacy poliy shown during installation . Toolbar only has links to a trojanwebsite which advertises rogue or malicious antispyware/antivirus tools.
Supposed Functionality:
supposed to be a protection toolbar for the Internet Explorer
Removal Instructions:
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$PROGRAMFILES>\VideoCompressionCodec\iesplugin.dll".
The file at "C:\Program Files\VideoCompressionCodec\iesplugin.dll".
A file with an unknown location named "splug.dll".
A file with an unknown location named "iesplugin.dll".
A file with an unknown location named "splug.dll".
A file with an unknown location named "iesbpl.dll".
A file with an unknown location named "iesplugin.dll".
The file at "<$PROGRAMFILES>\intcodec\iesplugin.dll".
Make sure you set your file manager to display hidden and system files. If Fraud.ProtectionBar uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry value "{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}" at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{1C3C4699-B285-475F-BE47-0B26088CE876}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{1C3C4699-B285-475F-BE47-0B26088CE876}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{CDE8EAB9-CEF3-4885-B12F-26960A25C800}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CDE8EAB9-CEF3-4885-B12F-26960A25C800}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{36ADA89D-2440-4DC4-820A-3A05E8630935}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry value "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\".
Delete the registry value "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{860C2F6B-CA82-4282-9187-BECCBB66F0AF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{74A49269-9779-48B4-A0E6-3A5AF2A3ADE6}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry value "{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry key "{96EBBE6A-2864-4345-B32B-26EE9BE524B5}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{8AED5DF3-6E0B-4930-B1A5-F8AA8D757497}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{a2595f37-48d0-46a1-9b51-478591a97764}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{bf1ced2c-4b3f-4079-a330-864eda5a4cff}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{8AED5DF3-6E0B-4930-B1A5-F8AA8D757497}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{bf1ced2c-4b3f-4079-a330-864eda5a4cff}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{96ebbe6a-2864-4345-b32b-26ee9be524b5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{96EBBE6A-2864-4345-B32B-26EE9BE524B5}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{96ebbe6a-2864-4345-b32b-26ee9be524b5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{d1ac752e-883f-4ed8-8828-b618c3a72152}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D1AC752E-883F-4ED8-8828-B618C3A72152}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{d1ac752e-883f-4ed8-8828-b618c3a72152}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{D1AC752E-883F-4ED8-8828-B618C3A72152}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{d1ac752e-883f-4ed8-8828-b618c3a72152}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
If Fraud.ProtectionBar uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Browser:
There are more browser plugins or items that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
trojan
Description:
There is no Eula or pirvacy poliy shown during installation . Toolbar only has links to a trojanwebsite which advertises rogue or malicious antispyware/antivirus tools.
Supposed Functionality:
supposed to be a protection toolbar for the Internet Explorer
Removal Instructions:
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$PROGRAMFILES>\VideoCompressionCodec\iesplugin.dll".
The file at "C:\Program Files\VideoCompressionCodec\iesplugin.dll".
A file with an unknown location named "splug.dll".
A file with an unknown location named "iesplugin.dll".
A file with an unknown location named "splug.dll".
A file with an unknown location named "iesbpl.dll".
A file with an unknown location named "iesplugin.dll".
The file at "<$PROGRAMFILES>\intcodec\iesplugin.dll".
Make sure you set your file manager to display hidden and system files. If Fraud.ProtectionBar uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Important: There are more files that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry value "{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}" at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{1C3C4699-B285-475F-BE47-0B26088CE876}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{1C3C4699-B285-475F-BE47-0B26088CE876}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{CDE8EAB9-CEF3-4885-B12F-26960A25C800}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{CDE8EAB9-CEF3-4885-B12F-26960A25C800}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{F06E2ABE-3A50-4079-BE25-FC100D9EAA25}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{CC18AE76-7E65-4258-A193-9EA0C52DA6B8}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{5DDE5591-A8AB-4897-93EF-1E4E943F85A7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{36ADA89D-2440-4DC4-820A-3A05E8630935}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{B8C5186E-EC37-4889-9C2E-F73649FFB7BB}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{29C5A3B6-9A8D-4FA0-B5AD-3E20F4AA5C00}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry value "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\".
Delete the registry value "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{F0993251-2512-4710-AF6E-0A13EA199D02}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{31615D5C-5126-448A-818A-A7CDFEE85A9B}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{DF4E7A0C-E233-4906-B4C1-A404356541FF}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{860C2F6B-CA82-4282-9187-BECCBB66F0AF}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{74A49269-9779-48B4-A0E6-3A5AF2A3ADE6}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{5D4831E0-5A7C-4A46-AFD5-A79AB8CE36C2}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry value "{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{44D22A64-2399-4EDF-8B32-F2C729C1E8A7}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{0D045BAA-4BD3-4C94-BE8B-21536BD6BD9F}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{D61D7E1A-6613-49CA-B6F9-51DB248E209D}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{34E6F97C-34E0-4CE5-B92B-F83634BEDC01}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{FE2D25C1-C1DB-4B5E-9390-AF1CB5302F32}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{5d4831e0-5a7c-4a46-afd5-a79ab8ce36c2}" at "HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{1a29a79a-b9c8-44a9-bedf-7fadde3cf33f}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{1A29A79A-B9C8-44A9-BEDF-7FADDE3CF33F}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{84938242-5C5B-4A55-B6B9-A1507543B418}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry key "{96EBBE6A-2864-4345-B32B-26EE9BE524B5}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{8AED5DF3-6E0B-4930-B1A5-F8AA8D757497}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{a2595f37-48d0-46a1-9b51-478591a97764}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry key "{bf1ced2c-4b3f-4079-a330-864eda5a4cff}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{8AED5DF3-6E0B-4930-B1A5-F8AA8D757497}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{BF1CED2C-4B3F-4079-A330-864EDA5A4CFF}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{74a49269-9779-48b4-a0e6-3a5af2a3ade6}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{8aed5df3-6e0b-4930-b1a5-f8aa8d757497}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry value "{bf1ced2c-4b3f-4079-a330-864eda5a4cff}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{96ebbe6a-2864-4345-b32b-26ee9be524b5}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{96EBBE6A-2864-4345-B32B-26EE9BE524B5}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{96ebbe6a-2864-4345-b32b-26ee9be524b5}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
Delete the registry key "{d1ac752e-883f-4ed8-8828-b618c3a72152}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\".
Delete the registry key "{D1AC752E-883F-4ED8-8828-B618C3A72152}" at "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\".
Delete the registry key "{d1ac752e-883f-4ed8-8828-b618c3a72152}" at "HKEY_CLASSES_ROOT\CLSID\".
Delete the registry value "{D1AC752E-883F-4ED8-8828-B618C3A72152}" at "HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\".
Delete the registry value "{d1ac752e-883f-4ed8-8828-b618c3a72152}" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\".
If Fraud.ProtectionBar uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Browser:
There are more browser plugins or items that cannot be safely described in simple words. Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) to remove them.
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.