Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: System Configuration shows AppData\Roaming\Microsoft\conhost.exe


26 May 2014   #1

Windows 7 x64
 
 
System Configuration shows AppData\Roaming\Microsoft\conhost.exe

I was removing some old, unnecessary programs from Startup and I noticed this "conhost" and was trying to find out if it was something I need on Startup. Upon further reading, I saw a few people say that "conhost" is trouble unless it's in the system folder.

I went to C:\Users\Ashley\AppData\Roaming\Microsoft and there is NO "conhost" to be found. Now I am worried. Nothing out of the usual has been happening with my computer, I just randomly found this and was curious.

Is this something I need to worry about? Should I uncheck this from startup? How can I find & remove "conhost" from the above mentioned folder if it doesn't even show up in there?

Thank you for any help,

Ashley

My System SpecsSystem Spec
.

29 May 2014   #2

Windows 7 Professional x64 Sp1
 
 

Lets try herdprotect to see if it can locate it:

1.) Download herdprotect: (choose the portable version)

Download herdProtect - Free Anti-Malware Platform

2.) Run the scan.

3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

Attached Images
My System SpecsSystem Spec
02 Jun 2014   #3

Windows 7 x64
 
 
Scan

Here is the scan from herdProtect! Thank you!


Attached Files
File Type: txt Scan_2014-5-29-19-1.txt (54.6 KB, 4 views)
My System SpecsSystem Spec
.


02 Jun 2014   #4

Windows 7 Professional x64 Sp1
 
 

Looks Like conduit has visited your pc.

I need you to rerun a scan with herdprotect and remove the following items:

(To remove a item, click the item and choose action-remove)

Code:
File path: 		c:\program files (x86)\conduitengine\conduitengine.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			d9a0ce26ada5bd15b1b03a752ddf14a6
SHA-1: 			419716f712489099b040ab846b565d808119b5e8
Created: 		4/28/2011 7:15:04 AM
Detections: 		3
Determination: 		Adware
Code:
File path: 		c:\users\ashley\appdata\local\microsoft\windows\temporary internet files\content.ie5\myuhpxd0\allin1convert.exe
Publisher: 		
Signer: 		Mindspark Interactive Network
MD5: 			01314532072c943e81fe1904ca77ef51
SHA-1: 			683a82f783d81c8f2b07354f429ca2be93df303f
Created: 		5/7/2014 7:03:51 PM
Detections: 		8
Determination: 		Adware
Code:
File path: 		c:\users\ashley\downloads\fctbsetup.exe
Publisher: 		Applian Technologies Inc.
Signer: 		Applian Technologies Inc.
MD5: 			edebf702de9fc32459c2edb6184c4b44
SHA-1: 			d175ed59aeaa678a2dff1cfc2ccb35172b9a76d4
Created: 		6/20/2011 7:23:50 AM
Detections: 		3
Code:
File path: 		c:\users\ashley\appdata\roaming\mozilla\firefox\profiles\5apqulze.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\npconduitfirefoxplugin.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			28493abd37256b669cb50468f5134a87
SHA-1: 			a011dfd8d93bba7b75833c0f85ff6e1d25594b84
Created: 		2/18/2014 3:15:00 PM
Detections: 		4
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\conduitengine\conduitenginehelper.exe
Publisher: 		
Signer: 		Conduit Ltd.
MD5: 			a320df2b47cfcaf98d06eb59cd72084c
SHA-1: 			ed0a3155e7256b1ee3daea9b5251a4a3141592dc
Created: 		4/28/2011 7:15:04 AM
Detections: 		2
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\conduitengine\conduitengineuninstall.exe
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			df465be110dc0f7e5329d1b8065a405f
SHA-1: 			4cbea1adf328e3daf17de451c4dedb9ff17dea43
Created: 		4/28/2011 7:15:04 AM
Detections: 		3
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\bittorrentbar\bittorrentbartoolbarhelper.exe
Publisher: 		
Signer: 		Conduit Ltd.
MD5: 			a320df2b47cfcaf98d06eb59cd72084c
SHA-1: 			ed0a3155e7256b1ee3daea9b5251a4a3141592dc
Created: 		4/28/2011 7:15:01 AM
Detections: 		2
Determination: 		Adware
Code:
File path: 		c:\program files (x86)\conduit\community alerts\alert.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			2a2935ce273513f881439d2feca78e51
SHA-1: 			743cf6f7c346a3cf7bb0b81442dc14a7f3da352d
Created: 		4/28/2011 7:15:06 AM
Detections: 		4
Determination: 		Adware

I also notice you also have bittorent on your pc. I highly recommend you uninstall it. Torrents are a major distributor of malware.

When the items are removed, please post a new log following the same instructions as before.
My System SpecsSystem Spec
02 Jun 2014   #5

Windows 7 Professional x64 Sp1
 
 

As for conhost.exe, read this:

What is conhost.exe and Why Is It Running?

Does what he is listing there apply to what you find?
My System SpecsSystem Spec
Reply

 System Configuration shows AppData\Roaming\Microsoft\conhost.exe




Thread Tools



Similar help and support threads for2: System Configuration shows AppData\Roaming\Microsoft\conhost.exe
Thread Forum
APPDATA/ROAMING downloaded in to the wrong file. Software
Solved task manager shows extra cmd.exe/conhost/explorer - why? General Discussion
What is the purpose of the AppData/Roaming folder? General Discussion
AppData\Roaming\.exe problem General Discussion
AppData Roaming Disappeared General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:44 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33