Troj/Multidr-AH

Please follow the instructions for removing Trojans.

Troj/Multidr-AH installs and executes the Trojan Troj/QHosts1-D and a number of executables associated with adware products.

The following files and folders are created:

CSV5P072.exe
edow.exe
EXACTADVERTISING.exe
ezStub.exe
july14_loader.exe
Overpro323.exe
WildMedia.exe
<Program Files>\ClearSearch\Loader.exe
<Program Files>\MaxSpeed\Privacy Info.url
<Program Files>\MaxSpeed\Terms and Conditions.url
<Program Files>\MaxSpeed\Uninstall Instructions.url
<Program Files>\ToPicks\Bin\FileVersions.ini
<Program Files>\ToPicks\Bin\HtCheck2.dll
<Program Files>\ToPicks\Bin\Idhost.exe
<Program Files>\ToPicks\Bin\IdmUP.dll
<Program Files>\ToPicks\Bin\Topicks.reg
<Program Files>\ToPicks\Bin\TPReg.dll
<Program Files>\TopPicks\Graphics\
<Windows>\<System>\datastore.dll
<Windows>\<System>\dp-him.exe
<Windows>\<System>\IEHost.EXE
<Windows>\<System>\master.dll
<Windows>\<System>\ms.exe
<Windows>\<System>\SearchBar.htm
<Windows>\<System>\Searchx.htm
<Windows>\<System>\sub.dll
<Windows>\<System>\terrabyte.exe
<Windows>\<System>\uninstall.exe

The following registry entries are created:

HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
eZstub = C:\ezStub.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AutoLoadermsvcp60 = C:\july14_loader.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Bakra = <Windows>\<System>\IEHost.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ClrSchLoader = <Program Files>\ClearSearch\Loader.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Dsi = <Windows>\<System>\dp-him.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ToPicks Starter = <Program Files>\ToPicks\Bin\Idhost.exe

HKCR\Software\ToPicks

HKLM\Software\ClrSch