System Configuration shows AppData\Roaming\Microsoft\conhost.exe


  1. ashleydsumner
    Posts : 2
    Windows 7 x64
       New #1

    System Configuration shows AppData\Roaming\Microsoft\conhost.exe


    I was removing some old, unnecessary programs from Startup and I noticed this "conhost" and was trying to find out if it was something I need on Startup. Upon further reading, I saw a few people say that "conhost" is trouble unless it's in the system folder.

    I went to C:\Users\Ashley\AppData\Roaming\Microsoft and there is NO "conhost" to be found. Now I am worried. Nothing out of the usual has been happening with my computer, I just randomly found this and was curious.

    Is this something I need to worry about? Should I uncheck this from startup? How can I find & remove "conhost" from the above mentioned folder if it doesn't even show up in there?

    Thank you for any help,

    Ashley
      My Computer
    Quote Quote

  3. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #2

    Lets try herdprotect to see if it can locate it:

    1.) Download herdprotect: (choose the portable version)

    Download herdProtect - Free Anti-Malware Platform

    2.) Run the scan.

    3.) When the scan finishes, save the results per the screenshot below. Then upload the log here.

    DO NOT REMOVE ANYTHING YET. I will advise if anything needs removed when I receive the log.

    Attached Images
      My Computer
    Quote Quote

  4. ashleydsumner
    Posts : 2
    Windows 7 x64
    Thread Starter
       New #3

    Scan


    Here is the scan from herdProtect! Thank you!
    System Configuration shows AppData\Roaming\Microsoft\conhost.exe Attached Files
      My Computer
    Quote Quote

  6. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #4

    Looks Like conduit has visited your pc.

    I need you to rerun a scan with herdprotect and remove the following items:

    (To remove a item, click the item and choose action-remove)

    Code:
    File path: 		c:\program files (x86)\conduitengine\conduitengine.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			d9a0ce26ada5bd15b1b03a752ddf14a6
SHA-1: 			419716f712489099b040ab846b565d808119b5e8
Created: 		4/28/2011 7:15:04 AM
Detections: 		3
Determination: 		Adware
    Code:
    File path: 		c:\users\ashley\appdata\local\microsoft\windows\temporary internet files\content.ie5\myuhpxd0\allin1convert.exe
Publisher: 		
Signer: 		Mindspark Interactive Network
MD5: 			01314532072c943e81fe1904ca77ef51
SHA-1: 			683a82f783d81c8f2b07354f429ca2be93df303f
Created: 		5/7/2014 7:03:51 PM
Detections: 		8
Determination: 		Adware
    Code:
    File path: 		c:\users\ashley\downloads\fctbsetup.exe
Publisher: 		Applian Technologies Inc.
Signer: 		Applian Technologies Inc.
MD5: 			edebf702de9fc32459c2edb6184c4b44
SHA-1: 			d175ed59aeaa678a2dff1cfc2ccb35172b9a76d4
Created: 		6/20/2011 7:23:50 AM
Detections: 		3
    Code:
    File path: 		c:\users\ashley\appdata\roaming\mozilla\firefox\profiles\5apqulze.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\plugins\npconduitfirefoxplugin.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			28493abd37256b669cb50468f5134a87
SHA-1: 			a011dfd8d93bba7b75833c0f85ff6e1d25594b84
Created: 		2/18/2014 3:15:00 PM
Detections: 		4
Determination: 		Adware
    Code:
    File path: 		c:\program files (x86)\conduitengine\conduitenginehelper.exe
Publisher: 		
Signer: 		Conduit Ltd.
MD5: 			a320df2b47cfcaf98d06eb59cd72084c
SHA-1: 			ed0a3155e7256b1ee3daea9b5251a4a3141592dc
Created: 		4/28/2011 7:15:04 AM
Detections: 		2
Determination: 		Adware
    Code:
    File path: 		c:\program files (x86)\conduitengine\conduitengineuninstall.exe
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			df465be110dc0f7e5329d1b8065a405f
SHA-1: 			4cbea1adf328e3daf17de451c4dedb9ff17dea43
Created: 		4/28/2011 7:15:04 AM
Detections: 		3
Determination: 		Adware
    Code:
    File path: 		c:\program files (x86)\bittorrentbar\bittorrentbartoolbarhelper.exe
Publisher: 		
Signer: 		Conduit Ltd.
MD5: 			a320df2b47cfcaf98d06eb59cd72084c
SHA-1: 			ed0a3155e7256b1ee3daea9b5251a4a3141592dc
Created: 		4/28/2011 7:15:01 AM
Detections: 		2
Determination: 		Adware
    Code:
    File path: 		c:\program files (x86)\conduit\community alerts\alert.dll
Publisher: 		Conduit Ltd.
Signer: 		Conduit Ltd.
MD5: 			2a2935ce273513f881439d2feca78e51
SHA-1: 			743cf6f7c346a3cf7bb0b81442dc14a7f3da352d
Created: 		4/28/2011 7:15:06 AM
Detections: 		4
Determination: 		Adware

    I also notice you also have bittorent on your pc. I highly recommend you uninstall it. Torrents are a major distributor of malware.

    When the items are removed, please post a new log following the same instructions as before.
      My Computer
    Quote Quote

  7. andrew129260
    Posts : 4,566
    Windows 10 Pro
       New #5

    As for conhost.exe, read this:

    What is conhost.exe and Why Is It Running?

    Does what he is listing there apply to what you find?
      My Computer
    Quote Quote

 

  Related Discussions
I was running the system cleaning tool Rogue Killer and it stopped at: Users > <Mysystem > Appdata > roaming > Microsoft > Windows > Recent > (various content) Things in there are all .lnk shortcut files. Can these be cleaned out? Does Seven Forums have a cleaning routine similar to...
I've been using an SSD for about 2.5 months and I've noticed a significant increase in writes from both firefox and chrome, I used to have a 2-3Gb/day max write now its going between 10-20Gb and its mostly from chrome and firefox, Im using SSD ready to monitor the writes on my SSD and it points...
I'm running Win7 x64 and noticed I was down to the last 7 GB of storage on my 120GB app disk. I've only got about 50 GB of apps so it looked like something was amiss. I did some poking around and discovered the Users/username/AppData/Roaming folder had 41 GB of stuff in it. 36 GB is in one...
AppData\Roaming\.exe problem
in General Discussion

Could anyone tell me what is happening to my laptop it start popping up....
AppData Roaming Disappeared
in General Discussion

The Roaming Folder in my Win 7 Ult. 64 bit machine has disappeared. Local and LocalLow are still there and I've checked to make certain that Invisible files and folders is set to show in folder options. All my settings, preferences etc. are in place but the folder is invisible. I know it's...
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

 © Designer Media Ltd
All times are GMT -5. The time now is 20:25.
Find Us