Does anyone have advice on how to get rid of this malware that puts defender.exe in the Application Data folder and doesn’t seem to respond to Spybot?
Spybot?.....useless program.....if you want to remove more then cookies and adware
check for malware with this
Malwarebytes Anti-Malware 1.51. http://filehippo.com/download_malwarebytes_anti_malware/
make sure the program is updated before you scan
click on the remove selected button to quarantine anything found
post the scan log here
I can’t use Malware Bytes because the license is only for personal use, not business. 
Hi lets go for the manual removal then
Download OTL to your Desktop
[*]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[*]Select All Users
[*]Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
[*]Post both logs
THEN
Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the “Scan” button to start scan
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRScan.gif
On completion of the scan click save log, save it to your desktop and post in your next reply
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRsavelog.gif
Thanks!
I didn’t get an Extras.txt file but here are the other two files.
Hmm two for the price of one
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
:OTL O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKU\S-1-5-21-1384069658-2117807069-441284377-1050\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\TEMP\csrss.exe) - File not found F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\TEMP\csrss.exe) - File not found [2011/08/23 10:22:04 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\knichols\Desktop\Shortcut to Defender.exe.lnk [2011/06/07 07:28:56 | 000,016,120 | -HS- | C] () -- C:\Documents and Settings\knichols\Local Settings\Application Data\3uev25kt22f6b4b0py7rq2v2wwu4227n1ix345cl7o6d6cb [2011/06/07 07:28:56 | 000,016,120 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3uev25kt22f6b4b0py7rq2v2wwu4227n1ix345cl7o6d6cb [2011/05/04 01:23:11 | 000,004,044 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\8510.5B6 [2011/04/26 16:31:40 | 000,017,002 | -HS- | C] () -- C:\Documents and Settings\knichols\Local Settings\Application Data\l5f6ntrchw38qg10wh40w [2011/04/26 16:31:40 | 000,017,002 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\l5f6ntrchw38qg10wh40w:Files
ipconfig /flushdns /c
C:\WINDOWS\kwuspc.dll:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
.
THEN
Re-Run aswMBR
Click Scan
On completion of the scan
Click theFix Button
http://i1224.photobucket.com/albums/ee362/Essexboy3/aswMBR%20shots/aswMBRFix.gif
Save the log as before and post in your next reply