Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System Configuration shows AppData\Roaming\Microsoft\conhost.exe

26 May 2014   #1
ashleydsumner

Windows 7 x64
 
 
System Configuration shows AppData\Roaming\Microsoft\conhost.exe

I was removing some old, unnecessary programs from Startup and I noticed this "conhost" and was trying to find out if it was something I need on Startup. Upon further reading, I saw a few people say that "conhost" is trouble unless it's in the system folder.

I went to C:\Users\Ashley\AppData\Roaming\Microsoft and there is NO "conhost" to be found. Now I am worried. Nothing out of the usual has been happening with my computer, I just randomly found this and was curious.

Is this something I need to worry about? Should I uncheck this from startup? How can I find & remove "conhost" from the above mentioned folder if it doesn't even show up in there?

Thank you for any help,

Ashley


My System SpecsSystem Spec
.

29 May 2014   #2
andrew129260

Windows 7 Professional x64 Sp1
 
 

Lets try herdprotect to see if it can locate it:

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images
My System SpecsSystem Spec
02 Jun 2014   #3
ashleydsumner

Windows 7 x64
 
 
Scan

Here is the scan from herdProtect! Thank you!


Attached Files
File Type: txt Scan_2014-5-29-19-1.txt (54.6 KB, 4 views)
My System SpecsSystem Spec
.


02 Jun 2014   #4
andrew129260

Windows 7 Professional x64 Sp1
 
 

Looks Like conduit has visited your pc.

I need you to rerun a scan with herdprotect and remove the following items:

(To remove a item, click the item and choose action-remove)

Code:
File path: 		c:\program files (x86)\conduitengine\conduitengine.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			d9a0ce26ada5bd15b1b03a752ddf14a6
SHA-1: 			419716f712489099b040ab846b565d808119b5e8
Created: 		4/28/2011 7:15:04 AM
Detections: 		3
Determination: 		Adware
Code:
File path: 		c:\users\ashley\appdata\local\microsoft\windows\temporary internet files\content.ie5\myuhpxd0\allin1convert.exe
Publisher: 		
Signer: 		Mindspark Interactive Network
MD5: 			01314532072c943e81fe1904ca77ef51
SHA-1: 			683a82f783d81c8f2b07354f429ca2be93df303f
Created: 		5/7/2014 7:03:51 PM
Detections: 		8
Determination: 		Adware
Code:
File path: 		c:\users\ashley\downloads\fctbsetup.exe
Publisher: 		Applian Technologies Inc.
Signer: 		Applian Technologies Inc.
MD5: 			edebf702de9fc32459c2edb6184c4b44
SHA-1: 			d175ed59aeaa678a2dff1cfc2ccb35172b9a76d4
Created: 		6/20/2011 7:23:50 AM
Detections: 		3
Code:
File path: 		c:\users\ashley\appdata\roaming\mozilla\firefox\profiles\5apqulze.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\npconduitfirefoxplugin.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			28493abd37256b669cb50468f5134a87
SHA-1: 			a011dfd8d93bba7b75833c0f85ff6e1d25594b84
Created: 		2/18/2014 3:15:00 PM
Detections: 		4
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\conduitengine\conduitenginehelper.exe
Publisher: 		
Signer: 		Conduit Ltd.
MD5: 			a320df2b47cfcaf98d06eb59cd72084c
SHA-1: 			ed0a3155e7256b1ee3daea9b5251a4a3141592dc
Created: 		4/28/2011 7:15:04 AM
Detections: 		2
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\conduitengine\conduitengineuninstall.exe
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			df465be110dc0f7e5329d1b8065a405f
SHA-1: 			4cbea1adf328e3daf17de451c4dedb9ff17dea43
Created: 		4/28/2011 7:15:04 AM
Detections: 		3
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\bittorrentbar\bittorrentbartoolbarhelper.exe
Publisher: 		
Signer: 		Conduit Ltd.
MD5: 			a320df2b47cfcaf98d06eb59cd72084c
SHA-1: 			ed0a3155e7256b1ee3daea9b5251a4a3141592dc
Created: 		4/28/2011 7:15:01 AM
Detections: 		2
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\conduit\community alerts\alert.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			2a2935ce273513f881439d2feca78e51
SHA-1: 			743cf6f7c346a3cf7bb0b81442dc14a7f3da352d
Created: 		4/28/2011 7:15:06 AM
Detections: 		4
Determination: 		Adware

I also notice you also have bittorent on your pc. I highly recommend you uninstall it. Torrents are a major distributor of malware.

When the items are removed, please post a new log following the same instructions as before.
My System SpecsSystem Spec
02 Jun 2014   #5
andrew129260

Windows 7 Professional x64 Sp1
 
 

As for conhost.exe, read this:

What is conhost.exe and Why Is It Running?

Does what he is listing there apply to what you find?
My System SpecsSystem Spec
Reply

 System Configuration shows AppData\Roaming\Microsoft\conhost.exe




Thread Tools





Similar help and support threads
Thread Forum
getting error appdata\roaming\babsolution\shared\NTredirect.dll
My computer crashes as soon as it's opened. I'm getting two different errors. One is in the title. The other is err: Ct3302909\plugins\tbverifier.dll I've just been searching the net to find a fix. I read a thread that instructed another user to upload and run a couple of programs, FRST64 and...
General Discussion
Moving the /appdata and /roaming for firefox and chrome
I've been using an SSD for about 2.5 months and I've noticed a significant increase in writes from both firefox and chrome, I used to have a 2-3Gb/day max write now its going between 10-20Gb and its mostly from chrome and firefox, Im using SSD ready to monitor the writes on my SSD and it points...
Browsers & Mail
What is the purpose of the AppData/Roaming folder?
I'm running Win7 x64 and noticed I was down to the last 7 GB of storage on my 120GB app disk. I've only got about 50 GB of apps so it looked like something was amiss. I did some poking around and discovered the Users/username/AppData/Roaming folder had 41 GB of stuff in it. 36 GB is in one...
General Discussion
AppData\Roaming\.exe problem
Could anyone tell me what is happening to my laptop it start popping up....
General Discussion
When does a file/folder go to AppData\ Local, LocalLow and Roaming?
Under C:\Users\<username>\AppData, there are three folders. Local LocalLow Roaming Then under Local, there's Local\VirtualStore What are the factors and considerations that Windows 7 uses when it determines and allocates a particular file/folder to one of the three main folders?
General Discussion
AppData Roaming Disappeared
The Roaming Folder in my Win 7 Ult. 64 bit machine has disappeared. Local and LocalLow are still there and I've checked to make certain that Invisible files and folders is set to show in folder options. All my settings, preferences etc. are in place but the folder is invisible. I know it's...
General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 23:18.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App