Friday
2008-11-30, 14:57
The following instructions have been created to help you to get rid of "SpyFighter" manually.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
pups
Description:
SpyFighter gets advertised on malicous websites, which also advertise other bad antispyware products like Spysherrif and RazeSpyware. It has an insufficient privacy policy and detects parts of Spybot S&D as trojans.
Also SpyFighter connects to the internet when closing the application, this cannot not be prevented by the user.
Supposed Functionality:
SpyFighter pretends to be a valid antispyware software.
Removal Instructions:
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries named "SpyFighterMonitor".
Entries named "SpyFighterUpdate".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "{EDBEE973-9D78-4C4C-B7BB-20380314C8A3}".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$COMMONDESKTOP>\Spy Fighter.lnk".
The file at "<$WINDIR>\Installer\1257a1.msi".
A file with an unknown location named "AutoUpdate.exe".
A file with an unknown location named "LogRecorder.exe".
A file with an unknown location named "SetupCustomActions.exe".
A file with an unknown location named "SpyFighterSetup.exe".
A file with an unknown location named "SpyFighterProSetup.exe".
Make sure you set your file manager to display hidden and system files. If SpyFighter uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$COMMONPROGRAMS>\Spy Fighter".
The directory at "<$PROGRAMFILES>\SpyFighter".
The directory at "<$WINDIR>\Installer\{EDBEE973-9D78-4C4C-B7BB-20380314C8A3}".
The directory at "<$COMMONPROGRAMS>\Spy Fighter Pro".
The directory at "<$PROGRAMFILES>\SpyFighterPro".
The directory at "<$WINDIR>\Installer\{7BA3B75C-5601-4A6F-986C-47FEF17E8416}".
Make sure you set your file manager to display hidden and system files. If SpyFighter uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "SpyFighter" at "HKEY_CURRENT_USER\Software\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\002D10914E786E5AA97747718B9A6C42\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07F9161CE577347D8D06F8AAC8F4709A\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0957E30AE70BAC919C514D97098C1377\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20111BAFA86F96528A7386EDB2C82827\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\228E1837B8ACC7E7A0BF5F43CE258F35\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24093B47EE01E4CA21C21EDB9D97D7F0\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F87B57A4CE993BC2C6039CF7C14F9AE\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FA5A3D59FB24CE633B4A2F999EB1425\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3539394C1540FF598318E39D981467C6\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\379EEBDE87D9C4C47BBB028330418C3A\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\489AF3E77CD7AEA48D354937EE9ACA6B\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EAE5B8363E38400A827E42C83553754\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64BCA2A95739F0EC62E8D8587FDFD54D\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\666AFB44D8D418F7B43509D4782FD1F4\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C586FBD7C9E472A11018EFF7AF2CFFB\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FD287D47E9B5D23A45DA0ADBCD22BDE\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80BEEAB2878552E5B41D179DAE992C3C\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82842C92421EC44689FDC2FF81701515\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F98EC122C479EB95E82643D23E06620\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9ACE4CE33B53DF31D9A89D160927F416\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB27B45A83FA24F725F06789250FBED0\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC150E9DA971EF9E1E1EED1550F2C33F\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3ACFC0D986BBBFADDE1177949B3E8E7\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF8B8E7218774B36C372508AA818975A\".
Delete the registry value "Contact" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\379EEBDE87D9C4C47BBB028330418C3A\InstallProperties\".
Delete the registry value "DisplayName" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\379EEBDE87D9C4C47BBB028330418C3A\InstallProperties\".
Delete the registry key "SpyFighter" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "1CFEDC0A4A7ACF443AD1FA5DFECB759D" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\".
Delete the registry key "11A3E8A08E258EE3B9B710D884F74C24" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "2107855116DDAFE7412C10F01A30BC85" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "22651228E18A8CB48C245B09F9684540" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "363B0698098A7B10B123279DE60C9727" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "42210885FD98BF9028B5DE4435F694B1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "4410999C5E621BD8DF5A99976CC5D2C1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "619B3B3808BE3412CDDB49B8657776FF" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "67B2B0E63788C093A23674958E120F70" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "70F2D7AFC533D99D215F7B9A6BCB0DA0" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "730ED569DAFA5B94F9C1E062A66F8B49" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "73A24622708E42CCA42FF722F9016137" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "B2D37B4329E87BC20E2474E3807A3E4A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "B53D8A828D5A04652606705647B024DE" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "C57B3AB71065F6A489C674EF1FE74861" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "C7F528868D6A5132337A327A3BD52C17" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D51D4D764084FFCEE4F51D897C102E3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D700C411FAD36B8D0832749262D88724" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D778DD63BA313B112ADAA86F45FA0BFD" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D92560127161987437A850443AA60FCA" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "E4317406F389EE40DE67D4D6AEA1408B" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "E92D5425854FD54F4199681385D00941" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "EB03C99E6A8DC3BCA55F454036561FB8" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "FAC46383BFE789895CA7AA9CBB1FD58B" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "FB845E1FA9FA202300E833206B5BEB58" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "C57B3AB71065F6A489C674EF1FE74861" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\".
Delete the registry value "DisplayName" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7BA3B75C-5601-4A6F-986C-47FEF17E8416}\".
If SpyFighter uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.
Use this guide at your own risk; software should usually be better suited to remove malware, since it is able to look deeper.
If this guide was helpful to you, please consider donating towards this site (http://www.safer-networking.org/index.php?page=donate).
Threat Details:
Categories:
pups
Description:
SpyFighter gets advertised on malicous websites, which also advertise other bad antispyware products like Spysherrif and RazeSpyware. It has an insufficient privacy policy and detects parts of Spybot S&D as trojans.
Also SpyFighter connects to the internet when closing the application, this cannot not be prevented by the user.
Supposed Functionality:
SpyFighter pretends to be a valid antispyware software.
Removal Instructions:
Autorun:
Please use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd), RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) or msconfig.exe to remove the following autorun entries.
Entries named "SpyFighterMonitor".
Entries named "SpyFighterUpdate".
Installed Software List:
You can try to uninstall products with the names listed below; for items identified by other properties or to avoid malware getting active again on uninstallation, use Spybot-S&D (http://www.safer-networking.org/index.php?page=spybotsd) or RunAlyzer (http://www.safer-networking.org/index.php?page=runalyzer) to locate and get rid of these entries.
Products that have a key or property named "{EDBEE973-9D78-4C4C-B7BB-20380314C8A3}".
Files:
Please use Windows Explorer or another file manager of your choice to locate and delete these files.
The file at "<$COMMONDESKTOP>\Spy Fighter.lnk".
The file at "<$WINDIR>\Installer\1257a1.msi".
A file with an unknown location named "AutoUpdate.exe".
A file with an unknown location named "LogRecorder.exe".
A file with an unknown location named "SetupCustomActions.exe".
A file with an unknown location named "SpyFighterSetup.exe".
A file with an unknown location named "SpyFighterProSetup.exe".
Make sure you set your file manager to display hidden and system files. If SpyFighter uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify files!
Folders:
Please use Windows Explorer or another file manager of your choice to locate and delete these folders.
The directory at "<$COMMONPROGRAMS>\Spy Fighter".
The directory at "<$PROGRAMFILES>\SpyFighter".
The directory at "<$WINDIR>\Installer\{EDBEE973-9D78-4C4C-B7BB-20380314C8A3}".
The directory at "<$COMMONPROGRAMS>\Spy Fighter Pro".
The directory at "<$PROGRAMFILES>\SpyFighterPro".
The directory at "<$WINDIR>\Installer\{7BA3B75C-5601-4A6F-986C-47FEF17E8416}".
Make sure you set your file manager to display hidden and system files. If SpyFighter uses rootkit technologies, use our RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
You will have to use a global search for files without a name specified. Be extra careful, because just the name might not be enough to identify folders!
Registry:
You can use regedit.exe (included in Windows) to locate and delete these registry entries.
Delete the registry key "SpyFighter" at "HKEY_CURRENT_USER\Software\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\002D10914E786E5AA97747718B9A6C42\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07F9161CE577347D8D06F8AAC8F4709A\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0957E30AE70BAC919C514D97098C1377\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\20111BAFA86F96528A7386EDB2C82827\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\228E1837B8ACC7E7A0BF5F43CE258F35\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\24093B47EE01E4CA21C21EDB9D97D7F0\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2F87B57A4CE993BC2C6039CF7C14F9AE\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FA5A3D59FB24CE633B4A2F999EB1425\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3539394C1540FF598318E39D981467C6\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\379EEBDE87D9C4C47BBB028330418C3A\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\489AF3E77CD7AEA48D354937EE9ACA6B\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EAE5B8363E38400A827E42C83553754\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\64BCA2A95739F0EC62E8D8587FDFD54D\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\666AFB44D8D418F7B43509D4782FD1F4\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6C586FBD7C9E472A11018EFF7AF2CFFB\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FD287D47E9B5D23A45DA0ADBCD22BDE\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\80BEEAB2878552E5B41D179DAE992C3C\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\82842C92421EC44689FDC2FF81701515\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8F98EC122C479EB95E82643D23E06620\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9ACE4CE33B53DF31D9A89D160927F416\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB27B45A83FA24F725F06789250FBED0\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC150E9DA971EF9E1E1EED1550F2C33F\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C3ACFC0D986BBBFADDE1177949B3E8E7\".
Delete the registry value "379EEBDE87D9C4C47BBB028330418C3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DF8B8E7218774B36C372508AA818975A\".
Delete the registry value "Contact" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\379EEBDE87D9C4C47BBB028330418C3A\InstallProperties\".
Delete the registry value "DisplayName" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\379EEBDE87D9C4C47BBB028330418C3A\InstallProperties\".
Delete the registry key "SpyFighter" at "HKEY_LOCAL_MACHINE\SOFTWARE\".
Delete the registry key "1CFEDC0A4A7ACF443AD1FA5DFECB759D" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\".
Delete the registry key "11A3E8A08E258EE3B9B710D884F74C24" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "2107855116DDAFE7412C10F01A30BC85" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "22651228E18A8CB48C245B09F9684540" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "363B0698098A7B10B123279DE60C9727" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "42210885FD98BF9028B5DE4435F694B1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "4410999C5E621BD8DF5A99976CC5D2C1" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "619B3B3808BE3412CDDB49B8657776FF" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "67B2B0E63788C093A23674958E120F70" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "70F2D7AFC533D99D215F7B9A6BCB0DA0" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "730ED569DAFA5B94F9C1E062A66F8B49" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "73A24622708E42CCA42FF722F9016137" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "B2D37B4329E87BC20E2474E3807A3E4A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "B53D8A828D5A04652606705647B024DE" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "C57B3AB71065F6A489C674EF1FE74861" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "C7F528868D6A5132337A327A3BD52C17" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D51D4D764084FFCEE4F51D897C102E3A" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D700C411FAD36B8D0832749262D88724" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D778DD63BA313B112ADAA86F45FA0BFD" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "D92560127161987437A850443AA60FCA" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "E4317406F389EE40DE67D4D6AEA1408B" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "E92D5425854FD54F4199681385D00941" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "EB03C99E6A8DC3BCA55F454036561FB8" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "FAC46383BFE789895CA7AA9CBB1FD58B" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "FB845E1FA9FA202300E833206B5BEB58" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\".
Delete the registry key "C57B3AB71065F6A489C674EF1FE74861" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\".
Delete the registry value "DisplayName" at "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7BA3B75C-5601-4A6F-986C-47FEF17E8416}\".
If SpyFighter uses rootkit technologies, use our RegAlyzer (http://www.safer-networking.org/index.php?page=regalyzer), RootAlyzer (http://forums.spybot.info/downloads.php?id=8) or our Total Commander anti-rootkit plugins (http://forums.spybot.info/downloads.php?id=3).
Final Words:
If neither Spybot-S&D nor self help did resolve the issue or you would prefer one on one help,
Please read these instructions (http://forums.spybot.info/showthread.php?t=288) before requesting assistance,
Then start your own thread in the Malware Removal Forum (http://forums.spybot.info/forumdisplay.php?f=22) where a volunteer analyst will advise you as soon as available.