Computer Support Forum

conhost.exe and csrss.exe not digitally signed virus

Question: conhost.exe and csrss.exe not digitally signed virus

From what I know if these progams are running and they aren't digitally signed then they are most likely a form of a virus. I can manually find the official conhost.exe from windows/system32 and run it, that creates a separate instance of it running, making two, the official and the supposed virus. Neither of the supposed virus executables do not open any properties when I right click and select properties from the task manager, which is another red flag. I ran a fully updated malwarebytes scan and an avast scan outside of windows and had no returns of an infection. I could not find the location of the virus executables and I am looking for some help. Thanks.
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.45.2
Run by OJoe at 14:19:41 on 2014-01-10
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.16333.12327 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\SysWOW64\ASGT.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\VIA_XHCI\usb3Monitor.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\OJoe\Desktop\OTL.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.196\deploy\LoLLauncher.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\a394d7bd-c693-4500-a525-11c93fbc4d27.exe /check
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
StartupFolder: C:\Users\OJoe\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SAMSUN~1.LNK - C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{52FF29D8-3720-40AD-ABA7-C7DE0D24ECA9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{52FF29D8-3720-40AD-ABA7-C7DE0D24ECA9}\9545953534746495D2F47756E637 : DHCPNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [VIAxHCUtl] C:\VIA_XHCI\usb3Monitor.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-9-21 65336]
R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-9-21 204880]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-9-21 1030952]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-9-21 378944]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-9-21 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-9-21 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-9-21 46808]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1494304]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-9-21 15129376]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-17 39200]
R3 rzdaendpt;Razer DeathAdder end point;C:\Windows\System32\drivers\rzdaendpt.sys [2013-9-13 33464]
R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2013-9-13 142008]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;C:\Windows\System32\drivers\rzvkeyboard.sys [2013-9-13 30904]
R3 VUSB3HUB;VIA USB 3 Root Hub Service;C:\Windows\System32\drivers\ViaHub3.sys [2013-12-8 204800]
R3 xhcdrv;VIA USB eXtensible Host Controller Service;C:\Windows\System32\drivers\xhcdrv.sys [2013-12-8 256000]
R4 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2013-9-29 23680]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-8 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-12 111616]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-21 19456]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Te.Service;Te.Service;D:\ProgramFiles\WindowsSDK\Testing\Runtimes\TAEF\Wex.Services.exe [2013-8-22 119808]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-21 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-9-21 1255736]
.
=============== File Associations ===============
.
FileExt: .reg: regfile=regedit.exe "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2014-01-10 18:50:27 10315576 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F885C1D4-875E-41B2-8B1F-1CC0AC7F4D86}\mpengine.dll
2014-01-08 21:27:59 -------- d-----w- C:\Users\OJoe\AppData\Roaming\Malwarebytes
2014-01-08 21:27:48 -------- d-----w- C:\ProgramData\Malwarebytes
2014-01-08 21:27:47 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-01-08 21:27:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-08 06:28:38 -------- d-----w- C:\NVIDIA
2013-12-31 04:59:04 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls
2013-12-28 21:31:43 -------- d-----w- C:\Users\OJoe\MTG cards
2013-12-19 17:20:22 590112 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-12-18 04:45:40 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2013-12-18 04:45:40 32544 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2013-12-17 06:36:43 -------- d-----w- C:\Program Files (x86)\Linksys
2013-12-17 05:59:34 -------- d-----w- C:\Users\OJoe\AppData\Local\CrashRpt
2013-12-12 08:01:59 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2013-12-12 08:01:59 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2013-12-12 08:01:58 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2013-12-12 08:01:57 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
.
==================== Find3M  ====================
.
2014-01-09 07:52:50 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-09 07:52:50 280792 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-01-09 07:51:49 280856 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-12-31 07:42:20 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2013-12-19 18:53:46 6671648 ----a-w- C:\Windows\System32\nvcpl.dll
2013-12-19 18:53:46 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-12-19 18:53:44 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-12-19 18:53:44 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-12-19 18:53:44 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2013-12-19 05:01:48 3539040 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-12-10 18:48:01 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-12-10 18:48:01 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-10 02:13:11 982232 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2013-12-10 02:13:01 1100248 ----a-w- C:\Windows\System32\nvspcap64.dll
2013-12-05 08:42:26 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-23 19:26:48 1884448 ----a-w- C:\Windows\System32\nvdispco6433193.dll
2013-11-23 19:26:48 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433193.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-11-19 08:33:38 267936 ------w- C:\Windows\System32\MpSigStub.exe
2013-11-14 11:55:24 1884448 ----a-w- C:\Windows\System32\nvdispco6433182.dll
2013-11-14 11:55:24 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433182.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-02 21:52:56 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2013-10-30 02:32:01 335360 ----a-w- C:\Windows\System32\msieftp.dll
2013-10-30 02:19:52 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2013-10-30 01:24:31 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
2013-10-19 02:18:57 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-10-19 01:36:59 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-10-16 00:48:05 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
2013-10-16 00:48:05 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
.
============= FINISH: 14:19:52.02 ===============

Relevance 100%
Preferred Solution: conhost.exe and csrss.exe not digitally signed virus

I recommend downloading and running Reimage. It's a computer repair tool that has been proven to identify and fix many Windows problems with a high level of success.

I've used it in the past to identify and fix everything from blue screens (BSOD's), ActiveX errors, corrupt files and processes, dll/exe/sys errors, recover lost memory, Windows update problems, defragging, malware removal etc.

You can download it direct from this link http://downloadreimage.com/download.php. (This link will automatically start a download of Reimage that you can save to your computer.)

Answer: conhost.exe and csrss.exe not digitally signed virus

Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/520358 <<< CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.DDS.com Download LinkDouble click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found HERE.As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

9 more replies
Relevance 90.2%

Help! I think my Wife got this computer infected. Here are the logs requested in the praparation guide. I have x64 Windows 7 so I didn't include the GMER log. I appreciate any help I can get :-)DDS Scan Log:DDS (Ver_2011-07-14.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22Run by Jimmah at 8:26:07 on 2011-07-15Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.1894 [GMT -7:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\system32\conhost.exeC:\Windows\System32\spoolsv.... Read more

Answer:csrss.exe conhost.exe dwm.exe virus?

Forgot to attach this.

8 more replies
Relevance 90.2%

Hi, yesterday my Norton Antivirus did a scan and picked up a Backkdoor.cycbot or something in that name. After Norton removed the virus I noticed my laptop is not functioning like normal. First of all is my Google Chrome won't launch when I double click it. Even after restart it won't run for some reason. Next is when I search the internet with my Firefox, sometime it redirect my search to some random antivirus site. And then sometime I can't connect to the internet because some problem related to using a proxy server which I'd never used before.

After searching up the symptoms I think that my laptop is infected with the Dwm, Csrss, Conhost.exe virus because in my task manager I found that there are two Dwm.exe and Csrss.exe running. Also I found Conhost.exe in my AppData\Microsoft file which is not the correct place it need to be.

I did a ComboFix run with my antivirus disable and it run perfectly. I'm not sure if my laptop is still infected with the Dwm, Csrss, Conhost virus so I was wondering is there anyway to check if ComboFix fixed everything?

Thank you

Answer:Dwm, Csrss, Conhost virus

I look around on the forum and saw that I need to run the DDS in order to get some help so here is my DDS.txt

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Run by BombSauce at 16:19:40 on 2011-06-14
Microsoft? Windows Vista™ Home Premium 6.0.6002.2.1258.84.1033.18.1982.870 [GMT -7:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:... Read more

19 more replies
Relevance 89.38%

i have deleted a few trojans using MBAM but it just keeps respawning back

Here is the hijack log when i scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:40:01 PM, on 7/9/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Owner\Application Data\dwm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\Owner\Application Data\Microsoft\conhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM7\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:&... Read more

Answer:csrss.exe conhost.exe dwm.exe trojan virus

Hi,Please do the following:Open HiJackThisClick on Do a system scan onlyCheck the boxes next to ONLY the entries listed below (if still present):R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:51717F3 - REG:win.ini: load=C:\DOCUME~1\Owner\LOCALS~1\Temp\csrss.exeO2 - BHO: (no name) - {FD0263EB-79B5-25ED-3394-C5694701C6CF} - (no file)O4 - HKLM\..\Run: [conhost] C:\Documents and Settings\Owner\Application Data\Microsoft\conhost.exeO4 - HKCU\..\Run: [Microsoft Windows Update] C:\WINDOWS\system32\WinUpdating.exeO4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\WINDOWS\system32\install\msdvp.exeO20 - Winlogon Notify: btwdlns - btwdiw32.dll (file missing)O23 - Service: Logical Disk Manager (dmserver32) - Unknown owner - C:\WINDOWS\system32\nvrsar32.exe (file missing)Close all windows except Hijackthis and click Fix CheckedClick Yes when promptedClose HijackThis.NEXTPlease download DDS from either of these linksLINK 1 LINK 2and save it to your desktop.Disable any script blocking protection Double click dds to run the tool. When done, two DDS.txt's will open. Save both reports to your desktop.---------------------------------------------------Please include the contents of the following in your next reply:DDS.txtAttach.txt. NEXTPlease download aswMBR ( 511KB ) to your ... Read more

2 more replies
Relevance 89.38%

I'm getting the same virus this guy had: Dwm, Csrss, Conhost virus

I removed all those programs and corresponding registry and I don't see them starting anymore. But my Firefox proxy setting is still getting changed. I also followed the steps from that thread but it does not work.

Port for the connection is 61455. I don't get redirected to the ad sites because the proxy server program doesn't run in background anymore, but then I get error when I browse the web sometimes because settings get changed periodically (can't connect to proxy error).

This clearly means my system is still infected even though those 3 major programs don't run. I can still browse the web normally because I can just use foxyproxy to bypass Firefox original proxy settings.

But still, please help me get rid of the virus. Thank you for reading. Appreciate any help.

Regards
Howard

Answer:[SOLVED] Dwm, Csrss, Conhost virus

Sorry but I don't know how to edit my post. I forgot to mention that I also ran sfc to check for system files integrity and everything was normal.

12 more replies
Relevance 89.38%

Hi, I think the 3 things i posted above are infected with a trojan. One of them is this C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe that i think might be infected but im not sure. Everytime I go on google and try to click on the link I get redirected and kaspersky says something like this:

"4/10/2011 3:50:24 PM CSRSS.EXE Denied: zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9Piwo2L2GUr0%2BbGscfRsX%2BaIwr51gW1f447DrXf0eU2S%2BsSodOFuTLiv0agD9WRN6I3FqHT9a07m%2FMKiA%2FFpSufuxq00sD0OpLjRqAO3bVKv975Xlm5G (analysis using the database of suspicious URLs) zonedg.com/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfNpX%2BP9h%2BI0sDkX9Piwo2L2GUr0%2BbGscfRsX%2BaIwr51gW1f447DrXf0eU2S%2BsSodOFuTLiv0agD9WRN6I3FqHT9a07m%2FMKiA%2FFpSufuxq00sD0OpLjRqAO3bVKv975Xlm5G URL found in the database"

But i still get redircted.
I have deleted a few trojans with mbam and kaspersky but they seem to just keep respawning right away.
I really need help so anyone that can help please give me any info that you have.
Here is the Hijackthis log when i scan:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:52:58 PM, on 4/10/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16722)
Boot mode: Normal

Running processes:
C:\Users\Sammy\AppData\Local\Temp\csrss.exe
C:\Users\Sammy\AppData\Roaming\Microsoft\conhost.exe
C:\Program Files (x86... Read more

Answer:csrss.exe conhost.exe dwm.exe trojan virus

Hello sam_man ! Welcome to BleepingComputer Forums! My name is Georgi and and I will be helping you with your computer problems. Before we begin, please note the following:I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.The logs can take some time to research, so please be patient with me.Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.Instructions that I give are for your system only!Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.Please perform all steps in the order received. If you can't understand something don't hesitate to ask.Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.We need to run an OTL Custom ScanPlease download OTL from the link below:This is THE MirrorSave it to your desktop.Double click on the icon on your desktop.OTL should now start. Change the following settings:
- Click on Scan All Users checkbox given at the top.Copy and Paste the following code into the textbox.

netsvcs
%systemroot%\system32\*.dll /lockedfiles
Push the button.Two reports will open, copy and paste them in a reply here:OTL.txt <-- Will be openedExtra.tx... Read more

36 more replies
Relevance 79.95%
Relevance 79.95%

I'm looking at my DirectX Diagnostic tool and it says for a few things
"The file ati2dvag.dll is not digitally signed" under Video, and "The file RtkHDAud.sys is not digitally signed" under sound 1 and 2. is this a serious problem? it might help solve why I've had a few crashes when playing games maybe? If anyone can help I will be very grateful, especially by telling me how to get these "signed"

My stats are
XP Home Edition (5.1 Build 2600)
1390 RAM 3.33 GHz
Radeon Xpress 200 series
 

Answer:Not Digitally signed?

I know very little about this kind of stuff but I think it just means it's a driver that hasn't been registered with Microsoft, or something along those lines. I don't believe it affects the operation of the thing.
 

1 more replies
Relevance 78.72%

Hey guys can somebody please help me im trying to install a vodafone 3G modem on my HP Pavilion DV7 laptop but i cant it says driver not digitally signed. Im using windows 7 home premium 64 bit

Answer:driver not digitally signed

Hello Tokelo and welcome to the forums.

Your best bet is try this - Disable Driver Signing in Windows 7

I have not tried it myself but it may help.

Report back with your findings.

Lucky

1 more replies
Relevance 78.72%

How would I go about turning off the Warning message that comes up when you are installing device drivers that are not signed by Microsoft.

I have already found the reg value:

HKEY_CURRENT_USER\Software\Policies\Microsoft\Wind ows NT\Driver Signing

BehaviorOnFailedVerify = 0

Is there any other ways. I also have been told that the above method doesn't stop all of the pop-ups...does anyone know why?

-Aaron

Answer:Digitally Signed Drivers

right click on "my computer", click properties, select the hardware page, there is a button with "driver signing"

9 more replies
Relevance 78.72%

I tried to run sigverif.exe on XP professional edition and found there are over 2000+ system files not digitally signed. How do I get those systems files (i.e. *.dll, *.sys) digitally signed by Microsoft as signer?Angus

Answer:how to get Microsoft digitally signed?

WOW !!! My computer works, but now I should worry about unsigned files.Now is the time to throw computer out the windowhttp://www.computerhope.com/cgi-bin...What is sigverif.exe?

3 more replies
Relevance 78.72%

I have had to reinstall Windows 7 64-bit edition, and when I go to install PCWizard or Everest Home Edition, I keep getting an error about drivers not being digitally signed, and Windows will not install them. Before I reinstalled Windows 7, I had both of these programs running just fine. Is there anyway I can change the fact that Windows 7 will let me install those drivers?

Answer:Digitally Signed Drivers?

The only way for 64 bit versions of Vista or Win7 to work without digitally signed drivers is to start them up using F8 to get teh Advanced Startup and disable the Digitally Signed Driver service.

If you had them working before did you make sure all your drivers now are current?

3 more replies
Relevance 78.72%

Dear All,
A vendor website sporadically release's MSI's which are digitally signed (plugins to run the content). These are required for the website to function.
Users are more in number so we can't manually install the MSI and time is a constraint.
Packaging / Repackaging is not a quick solution
App-locker doesn't bypass UAC, AUTO IT didn't help, Manifest and shim are only for Exe's.
We are looking for a solution where in since these are digitally signed MSI's Users should be able to install them automatically without being asked for the credentials.
Regards,
C

More replies
Relevance 78.72%

Most of you know by now I hope that Vista requires it's drivers to be digitally signed by Microsoft. Is there a way to bypass this when the final product is released or do you think MS will back down due to public rage?

More replies
Relevance 78.72%

Hi,

I'm trying to install XP Pro SP1 from a combined update file. After the update the log file says "not digitally signed and will not be replaced" on lots of the files. Is there a way to fix this problem?

Thanks,

Docfxit
 

More replies
Relevance 78.72%

The file aticfx64,aticfx64,aticfx64,amdxc64,aticfx32,aticfx32,aticfx32,amdxc32,atiumd64,atidxx64,atidxx64,atiumdag,atidxx32,atidxx32,atiumdva,atiumd6a,atitmm64 is not digitally signed, which means that it has not been tested by Microsoft's Windows Hardware
Quality Labs (WHQL). You may be able to get a WHQL logo'd driver from the hardware manufacturer I am using windows 10 with directX12 and I had to update my dedicated gpu cause I couldn't see the switchable graphics button ON ... and most of my usual games
witch I had played before now they were moving in slow motion very badly after I solved this problem with the official amdcatalyst software and drivers updated I get this annoying message on directx12 that says I need to get a WHQL logo driver ... any sollutions???
THANK YOU

More replies
Relevance 78.72%

Am trying to install HP Deskjet 630c printer and it keeps telling me this driver is not digitally signed. I just put Windows xp on the computer. What does this mean and can I get help? I am not very computer literate and any help would greatly appreciated. Many thanks Paula.

Answer:driver is not digitally signed

"Not digitally signed" means Microsoft have not tested this driver and verified it to be compatible with Win XP.  This does not mean it will not work, you should click on the "continue anyway" to install your print driver.  If this is a concern you should check the HP web site for newer driver tested by MS.Kim

1 more replies
Relevance 78.72%

Hi Guys, I did a search of my OS, and found some Drivers not digitally signed.Is that a problem,as my PC is functioning OK.Thanks for any advice.

Answer:Digitally Signed Drivers.

Hi D,
Your ok for the most part. A driver that lacks a valid digital signature, or that was altered after it was signed, can't be installed on x64-based versions of Windows. As a result, you will see this message ( Windows cannot install this driver ) if you are running an x64-based version of Windows.

The only other time (I think) may be if you updat a driver. again you may get that can't install it error. You can visit the device manufacturer's support website to obtain a digitally signed driver for your device.

5 more replies
Relevance 77.9%

I'am having problems with viatech usb 2.0 drivers on win xp home edition. They're not digitally signed for one and these are the drivers they sent me with my asus a7v333 motherboard which is designed for amd xp processors and windows xp!! I cant find anything on asus's site or viatechs site about drivers for xp and my computer is hanging up alot and everytime I try to shut down I get the debuglog.dll end program message. also Ive been having problems playing games online which Im not sure if its the usb drivers causing it but I thought it might be since I have dsl and the modem plugs into the usb port. Any help would be greatly appreciated.
 

Answer:Viatech Usb 2.0 Drivers Not Digitally Signed???

Hi there!

If XP says they're not signed...just install them anyway! XP just implemented USB 2.0 in SP-1.

When you get that message...just click "Continue Anyway" and load them up!

They should work fine!
 

1 more replies
Relevance 77.9%

G'day. I'm trying to install my old VisionPLus DVB-T card into a Windows 7 O/S box and it won't recognise any of the old drivers. When I try to install the TwinHan Digital tv software, Windows can't/ won't install them.

I've downloaded and tried the latest (DigitalTV 3.4 Build 19-02_20090212) and windows comes up with "Driver not found". I've tried to install in compatability mode but still no good.

When installing the above, it identifies my card as &#8220;PCI CX-87A with MCU DVB-S/-C/-T/ATSC card&#8221;.

Out of all the available drivers on Twinhan's site, which would be the best for my card?

Thanks
 

Answer:Driver not digitally signed so won't install

64bit Windows 7?

http://suffolk757.com/blog/2009/03/05/installing-unsigned-drivers-in-windows-7/

Out of all the available drivers on Twinhan's site, which would be the best for my card?
Click to expand...

The one written for Vista would be my choice, probably not one for W7 yet, may never be.

Looks like MS ha removed a way to disable unsigned drivers protection in Vista64, so probably is the same for 7
http://www.mydigitallife.info/2008/...-cause-drivers-not-found-in-64-bit-vista-x64/
The issue is known to affect PeerGuardian, TV tuner cards, Gigabit Ethernet adapters, CD/DVD-ROM/RW drives, and many other devices.Click to expand...

Looks like unsigned drivers are a no go for x64 Vista and Windows 7, well there are some workarounds in the article above, sounds like a hassle.
Not sure if this software will work with W7
http://www.tipandtrick.net/2008/per...iver-signature-signing-with-readydriver-plus/
 

3 more replies
Relevance 77.9%

Hello All,

We have an Excel spread sheet that contains macros, that is shared through out our company. We have issued our own certificate to go with this spread sheet.

We have a Windows 2000 Active Directory running in Native mode. We are trying to push this certificate to become a "trusted source" w/in MS office. Does anyone have any experience with this?

Thanks,

Adam
 

Answer:Digitally Signed Certficate Troubles.

Nobody has any experience w/ Digital Signatures?

(i spoke to MS and aparently they don't either. they said no one has tried this before.)
 

2 more replies
Relevance 77.9%

I am trying to use my recovery disks after installing a new hard drive. I keep getting these messages saying my drivers aren't digitally signed. Not sure how to fix this! Maybe corrupted recovery disks?

Answer:Digitally Signed Drivers with Recovery

hi again not sure if this will help you http://www.jablotron.com/upload/down...dows7Vista.pdf

9 more replies
Relevance 77.9%

Hello,
first to apologize if there is such thread and it's in wrong section, I was unable to find it. My problem is: I have V560  model name: 20069, MO Number: WB xxxxxxxx, and I installed w7 x64 ultimate. When I'm installing drivers from dvd that I received in box, I got message: driver is not digitally signed.... It's happening when installing bluetooth, wireless, camera. (I'm installing proper drivers).
I also tried to dowload from web site, but also got this message.
Did any one had this kind of problem and how did you solved??
 
Thanks for help.
 
Mironso.
 
Moderator Note; s/n edited for member's own protection

Answer:V560 drivers for w7 x64 not digitally signed

Hi mironso,
 
Thanks for posting and welcome to the Lenovo Community,
 
I?d like to help you with your issue and I need to ask you the DVD which came with the machine does it have any stickers indicating for which windows version is it windows 7 32bit or 64bit ?
 
And please check the below links for the drivers from the website and let us know when you install them what happen and if you can see the same error message:
 
For the Bluetooth:
 
http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS012335
 
For the Wireless:
 
http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS011532
 
http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS007871
 
http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS012239
 
 
For the Camera:
 
http://support.lenovo.com/en_US/downloads/detail.page?DocID=DS008927
 
Hope the information helps. Let us know.
 
Regards
 

Soha






Did someone help you today? Press the star on the left to thank them with a Kudo!If you find a post helpful and it answers your question, please mark it as an "Accepted Solution"! This will help the rest of the Community with similar issues identify the verified solution and benefit from it.Follow @LenovoForums on Twitter!

2 more replies
Relevance 77.9%

OK GUYS HERE WE GO

I HAVE AN IBM R31 LAPTOP THINKPAD, EVERYTHING WAS WORKING
FINE YESTERDAY UNTIL I UPDATEDTHE DRIVERS FROM IBM.I DID NOT BACK
UP MY SYSTEM TO RETRIEVE MY OLD DRIVERS IN CASE A MISTAKE HAPPENED
TO ME, WHICH I REALLY REGRET DOING NOW. MY COMPUTER HAS A MATSHITA UJDA720 DVD/CDRW.WHEN CHECKING THE PROPERITES IN MY COMPUTER ON THE DRIVER IT COMES UP THAT THE FOLLOWING DRIVERS OR PARTS THEREOF ARE NOT WINDOWS DIGITALLY SIGNED #1- C:\WINDOWS\system32\drivers\cdrbsvsd.sys #2- C:WINDOWS\System32\DRIVERS\PxHelp20.sys. I WAS WONDERING IF THERE IS A WAY I CAN GO BACK TO MY OLD DRIVERS I HAD BEFORE WHICH WERE WORKING FINE OR IF THERE IS SOMEWHERE I CAN FINE THESE TWO FILES WHICH ARE DIGITALLY SIGNED BY WINDOWS AND HOW TO INSTALL SUCH.

NOT SURE IF I'M IN RIGHT FORUM OR NOT ANY HELP WOULD BE GREATLLY
APPRECIATED.I AM RUNNING WINDOWS XP HOME

THANKS ALOT
 

Answer:Windows Drivers Digitally Signed

The fact that the drivers are not certified by Microsoft merely means that the vendor did not submit them for testing and pay the bill to do so.

Many perfectly good drivers are not certified -- so do not worry about that unless you actually have problems with the hardware.

Having said that there are two ways you can restore the old drivers in XP. One is to go to the Device in question in the Device Manager, open its properties dialog (double click it) and select "rollback driver" on the driver tab. Windows XP backs these up automatically when you make a change.

The second is to use System Restore to return to a prior date.
 

1 more replies
Relevance 77.9%

Hey,

So I just upgrade to Vista x64 and 4GB of memory (courtesy of OCZ).

However, when installing the x64 version of MagicDisc/MagicISO I get the following error:

Can I get around this?
 

Answer:Required Digitally Signed Driver?

Uhmmm... yes, you can by pressing F8 at boot time and choosing to ignore the warnings about unsigned drivers, but you have to do it each and every time you boot. There is a way to permanently disable that driver signing requirement but I'm leery to give out the info anymore since it hosed a few people's machines recently.

It wasn't my fault that they chose to continue using shitty old drivers, but they blamed me for the mistake they made anyway.

Vista x64 is a more secure and stable OS than the 32 bit version, and that's one of the primary reasons why: the driver signing requirement. Disabling it or 'getting around it' will more than likely end up causing you issues at some point.

Google can find the specific method to disable the signing requirement permanently, or a search here might find it since it's been posted about 3 times over the past 4 months or so.

Good luck, either way...
 

5 more replies
Relevance 77.9%

I have NVIDIA GeForce 8800 GT with which I have had some driver issues. While checking the Driver details in Device Manager I noticed that some Driver files are not digitally signed. These are: C:\Windows\System32\nvcpl.cplC:\Windows\System32\nvcplui.exeC:\Windows\System32\nvcpluir.dllC:\Windows\System32\nvexpbar.dllCould this be causing problems with my drivers?

Answer:Driver files not digitally signed

It is my view that you should always download drivers form the Manufacturers website. To update your current drivers go hereclick here

3 more replies
Relevance 77.9%

I cant connect to the net with a hardwired conection. I have the correct drivers for my wireless adaptor however it blocks the install because its not signed. I could have sworn that users could turn that off. Any ideas? Bet im missing something stupid.

Answer:lynksys ae1000 not digitally signed?

I switched to my laptop. Problem solved lol

1 more replies
Relevance 77.9%

Just as the title says, i got this game Tomb Raider - Underworld that wont work properly. I installed the game and the game starts but once it starts it crashes and i get a error. I reported the problem to the games manufacture and they said this =

We apologize for having difficulty with our game. Your system does meet the minimum requirements to play this game.
Unfortunately the problem is that your drivers are not digitally signed. In order for us to forward your information
we will need you to update your drivers. After you have updated the drivers please send up an updated DXDiag report
and we will forward your information to our product development team.

My PC is costumed built so i really can't contact a PC manufacture.
Can you help me?
 

Answer:How to make your drivers digitally signed?

13 more replies
Relevance 77.9%

Good evening,

I just reinstalled XP on a friends machine that was pooched. It is a Dell DIM4400. Everything is working except for the sound card. It is a built in sound card. When the computer boots up the new hardware wizard comes up asking for a driver for a realtek AC97 Audio device. I have tried everything I can to install the driver but each time I try I get an error that the driver is not digitally signed and it won't install. If I try in safe mode it installs but I get a blue screen upon startup and have to reboot. I do not have the orignial Dell cd but I have tried every driver from the Dell site that should work on this model of computer. I have updated the chip set drivers on the motherboard etc. I just can't get this sound card to work. Any advice??
 

More replies
Relevance 77.08%

Um... So how do I remove/disable this stupid "feature" that only allows digitally signed drivers to be installed?
Most the drivers for my hardware is third party with no "proper" signed drivers.
 

Answer:Vista x64 forces digitally signed drivers?

Whenever i run across a non-digital signed driver i just get prompted. Its done that since XP SP2 i believe
 

22 more replies
Relevance 77.08%

downloaded samsung magician and installed it. it started up and apparently i need some sort of digitally signed driver now?

"program compatibility assistant"

"samsung magician application resource
samsung india software operations

windows blocked installation of a digitally unsigned driver. uninstall the program that uses the driver, and control releasers website to get a signed version of the driver"

Answer:samsung magician need digitally signed driver

You don't need Magician for the drive to work just fine. You may not get all the advanced features, but the drive will be plenty fast.

9 more replies
Relevance 77.08%

Trying to create a silent install package for the latest 32 bit video drivers (83d527ww.exe) and cannot because the drivers aren't digitally signed so you have to manually install them.  Is there a way to get the older driver Version 8.15.10.2321 which does not have this issue?













Solved!

Go to Solution.

Answer:X220 Video Drivers not digitally signed

I had to uninstall and delete the older ones. Then I could install it

6 more replies
Relevance 77.08%

Hello everyone,

I am trying to install windows and I have a MSI 890FXA-GD70 [product page] that is setup with a functioning RAID 0 configuration. My issue is when I get to the step where you select your hard drive, it doesn't show up.

So I click "Load Drivers" and select the x64 raid driver I got from MSI. It shows up, then I click next and then the error message comes up: "To continue installation, use the Load Driver option to install 32-bit and signed 64-bit drivers....etc"

I restarted and spammed f8 to get into advance startup options. I selected "Disable digital driver signing"

However that did not fix the problem.

Does anyone have any tips or a solution?

Answer:Digitally Signed Raid Drivers bypass [MSI, x64]

I have rt seven lite, I was going to load a custom registry file but my laptop has 7 home so no gpedit.msc

1 more replies
Relevance 77.08%

They say too much knowledge can be a dangerous thing. I'm probably living proof of that.. someone told me how to run a Microsoft diagnostic that shows which system files do not contain digital signatures. According to the scan, 35 of my files are suspect. Should I be concerned about this? I religiously scan for viruses, spyware and rootkits using three different apps for each. Everything is supposed to be okay. Here is the list of unsigned system files:

Microsoft Signature Verification

Log file generated on 8/18/2007 at 4:27 PM
OS Platform: Windows XP Service Pack 2
Scan Results: Unsigned: 35

File Modified Version
--------------- --------- -----------
dxmasf.dll 8/22/2006 6.4.9.1133
mfc40u.dll 11/1/2006 4.1.0.6141
mxdwdrv.dll 3/22/2007 0.3.6000.0
mxdwdui.dll 3/22/2007 0.3.6000.16438
mxdwdui.gpd 8/31/2006 None
mxdwdui.ini 4/21/2006 None
nv4_disp.dll 4/19/2007 6.14.10.9424
nv4_mini.sys 4/19/2007 6.14.10.9424
nvapi.dll 4/19/2007 6.14.10.9424
nvcpl.hlp 4/19/2007 None
nvcod.dll 4/19/2007 1.0.0.35
nvcodins.dll 4/19/2007 1.0.0.35
nvcpl.dll 4/19/2007 6.14.10.9... Read more

Answer:[SOLVED] System Files Not Digitally Signed

Hi TomGab and welcome to TSf !

You don't have to worry about system files that are not digitally signed, it only means microsoft hasn't run extensive tests on them. The file owner (nvidia for most of your nvxxx.dll files for instance) will have tested them to make sure they would work fine with XP so you shouldn't have any problem.

4 more replies
Relevance 77.08%

I've been having problems with BSODs (0x09F - happens before sleep mode, or during and 0x0E6 - which happens while I use the computer; it seems to happen when I'm downloading and/or installing anything) so I ran File Signature Verification, and rtnicprop64.dll came up as the only file not digitally signed, and 2 more files weren't scanned. Is there anything I can do?

Answer:Diver Verification: rtnicprop64.dll not digitally signed

hi follow this : BSOD posting instrucs: http://www.sevenforums.com/crashes-d...tructions.html
so someone can hopefully help you, even perhaps me.

4 more replies
Relevance 77.08%

I have a macro in a .doc file developed in word 2002.
It runs OK with security settings "Run All" or "Ask before run", but if I sign the file with a certificate that I made myself (with SELFCERT.EXE), change the setting to "only run signed macros" the doc file will open without warnings, but the macro won´t run.
What is missing?
With regards
/David
 

More replies
Relevance 77.08%

Hi

The last few times I started my computer, the system comes with the warning:

"Windows requires a digitally signed driver
Driver: Broadcom NetDetect Driver
Service: BASFND
Publisher: Broadcom Corporation
Location: C:\Program Files\Bra...\BASFND.sys"

Windows suggests to uninstall the program or device that uses this driver and check the publishers support site to get a digitally signed driver.

The problem is that I have no idea of which program or hardware is using this driver. All the drivers I have installed in my computer are from the computer manufacturer.
I have also been at Broadcoms homepage and there is plenty of things to download there. But I dont want to ruin anything.

Suggestions on what to do?

System: Windows Vista 64
 

Answer:Windows requires a digitally signed driver

Broadcom is your onboard ethernet, I don't see why it would suddenly complain unless there was an update.:confused You can disable driver signing but it only cures the symptom and not the cause.
 

2 more replies
Relevance 77.08%

I cannot use the CD drive on my Laptop, the device manager shows the a yellow triangle with an exclamation mark in it. I have updated the driver but it still wont load and I get the following message from the device manager: Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39).

Any suggestions as to how to fix the problem?

Answer:CD drive of Satellite Pro A200 is not digitally signed?

Did you tried to remove the drive in the device manager?? That helps sometimes, because windows reinstalls in the most cases the previously removed (deleted) hardware.

Since when does the problem occur that your drive cannot be recognized?

Greeets

3 more replies
Relevance 77.08%

Why is everyone saying Vista 64-bit won't install unsigned drivers? I installed the latest beta driver from nvidia and Vista warned that it was unsigned but gave me an option to install anyway.

Am I missing something/misinterpretting this or was this only the case in the Beta/RC verisons of Vista and everyone keeps bringing it up (kind of like requiring UAC for changing backgrounds; people still say Vista does it)?
 

Answer:Digitally signed drivers required under Vista 64-bit?

Short answer: The effects of FUD.

Long answer: The truth is, it was never stated on any official documents that Vista wouldn't accept unsigned drivers. The real mechanism is how Vista handles such drivers, in that the permission level changes, but that's such a 'behind the scenes' object that some ppl though it cooler to just say, "NOEZ, the sky is falling!".
 

6 more replies
Relevance 77.08%

I'm trying to install a program, but I says I can't install an unsigned driver.






Quote:
Driver: CPU Core Temperature Monitor
Service: Logitech CPU Core Tempurature (not a typo)


I've tried Disable Driver Signature Enforcement in my bios, and DDISABLE_INTEGRITY_CHECKS in cmd.

Neither works.

Answer:Need to bypass digitally signed driver requirement.

Go to Start Menu > Run and type the following command: bcdedit /set nointegritychecks ON
Restart the PC and install the unsigned driver
After installation go to Start Menu > Run and type the following command: bcdedit /set nointegritychecks OFF
Restart your PC

4 more replies
Relevance 77.08%
Answer:Digitally signed printer drivers with windows XP

I have a home network. All my machines were running Windows ME. I have an HP Deskjet895Cxi printer attached to one of the machines. I could print to the printer from any machine. Now I have a new machine running Windows XP and the printer is attached to this machine. I can print OK from the XP machine but none of the other ME machines can. I see in the printer properties that I can add a printer driver for ME but every time I try this (using the latest ME driver from HP)I get the message that the driver is not digitally signed and the driver is not loaded. How do I get a digitally signed driver for my printer?Alan

4 more replies
Relevance 77.08%

Bought a Clicksmart 310 Logitech cam for my new xp Toshiba, Satellite model. When I try to install, pop-up says the cam is not digitally signed and it may harm my hardware either now or in the future. This is the 2nd cam I bought and got the same message on the first one. Please help me. [email protected]
 

Answer:Webcam not digitally signed. The Box says it is xp compatible, but a warning pop-up.

This means that Microsoft has not certified the drivers themselves. If logitech is telling you it works in XP that means they have tested it. Make sure you are installing the latest drivers for the camera.
 

1 more replies
Relevance 77.08%

Hi all,

please can someone help me.....

I am trying to install my Adaptec 1430SA controller card, for use with Win7 64bit, i have been trying for hours !

I have now got as far as windows seeing the right driver for the card, but windows refusing the driver because it is not digitally signed... i have downloaded the correct driver from adpatec.com ensuring it was the driver for use with win7 64 bit...

i dont know what i should do now, ive tried booting from an ms dos diskette and loading the drivers that way, but nothing seems to work....

PLEASE HELP ME !!!

Answer:HELP! Driver is NOT digitally signed for Adaptec 1430SA

Hi press F8 when windows is starting and you can deactivate it for the time you are on, alas you have to do
it each time you reboot. Have to go will try help later.

4 more replies
Relevance 77.08%

Hi all, hoping this is the right subforum

I built a HTPC a few years ago and it had suited my needs fine. Relevant parts used are:
i3-3225 CPU,Scythe Big Shuriken 2 RevB,Asus P8-H77 Pro,2 x 4GB G.Skill Ares DDR3 1600 RAM,Samsung 830 Series 64Gb SSD (OS HDD),WD Cavier Green 2TB (Media HDD),

I tried to upgrade to Windows 10 but kept receiving errors, such as the partition was not GPT (0xc000021a). The one error that happens every time I tried to upgrade or install Windows 10 was winload.exe was not digitally signed. I wiped the drive, reformatted it as NTFS, converted to GPT and installed W10 from blank and still had the same winload.exe error. Right now I have put W7 Ultimate 64bit back on and am installing all the windows updates.

My question is, does anyone know why I keep get a winload.exe not digitally signed error? I have downloaded the W10 upgrade files numerous times, redownloaded the media creation tool, set clean boot, even tried downloading the upgrade and creating a usb drive with it from a different PC but same error.

Is there perhaps some upgrades that I should make my HTPC?

Answer:W7 Upgrade error - winload.exe is not digitally signed

Try turning secure boot off in bios.

5 more replies
Relevance 77.08%

help !!!! i was uninstalling what i thought were unimportant stuff & accidentaly uninstalled my sound manager can anyone tell me where i can find a Windows XP digitally signed Realtek AC?97 driver

Answer:help i need a Windows XP digitally signed Realtek AC’97 driver

Hi mate,
check what make/model is your Motherboard, visit manufacturers web site and download sound driver for that type of Motherboard...

2 more replies
Relevance 77.08%

I recently purchased a new pc that came with win vista 64 bit premium home installed. I am now reloading all my old programs and I keep getting ?windows requires a digitally signed driver" error message. I also can't seem to play my old movie files, all of which played fine when I had Win XP. Apparently Vista does not want me to make my own decisions, so I am wondering how I might go about disabling all this extra secure vista crap. Can I go into Control panel and disable the BitLocker Drive Encryption? Or do I need uninstall 64bit and install the Vista 32 bit? Would that be a smooth transition? Would all my stuff work again if I had the less securitized 32bit Vista? Thanks for any help you may provide.
Regards,
William

Answer:windows requires digitally signed driver

Welcome to the Vista forums

1) You don't want to disable UAC (User Account Control) as it does a lot to protect your computer from various malware. If you really feel the urge to turn it off, then you can in control panel in the User Account section. Once turned off, you'll get the red shield in the bottom right saying it's disabled. Disable security warnings by opening security centre and going to "change how security centre warns me" or something and choose the "no warnings" option.

2) Just download the Vista codec pack (just Google it and you should find it) and DivX and you should have no problems watching videos.

3) You can install unsigned drivers on Vista 64 bit, do this by running an elevated command prompt (right click on command prompt in Start menu and click "run as administrator".

Type this and press enter bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS

When you reboot, you should be able to install unsigned drivers.
Also, I looked on the HP website for your computer, and it has 6GB RAM, so going to Vista 32bit would only allow you to use about 3.5GB RAM. I also saw it only has an Nvidia 6150e onboard graphic card. Are you using this? As if you upgraded this to a graphic card, you'd notice better performance on Vista as well.

2 more replies
Relevance 77.08%

downloaded samsung magician and installed it. it started up and apparently i need some sort of digitally signed driver now?

"program compatibility assistant"

"samsung magician application resource
samsung india software operations

windows blocked installation of a digitally unsigned driver. uninstall the program that uses the driver, and control releasers website to get a signed version of the driver"

Answer:samsung magician need digitally signed driver

You don't need Magician for the drive to work just fine. You may not get all the advanced features, but the drive will be plenty fast.

1 more replies
Relevance 77.08%

is it necessary to sign driver in win xp 32 sp2.

when i google i got that it is necessary for win vista , win7 and other upper version.

Answer:windows require a digitally signed driver xp 32 sp2

A signed driver is not necessary in Windows. It is an extra security layer, as drivers can become corrupt by malware. If you obtained the driver from a trusted source (like the device manufacturer's website), you can go ahead and tell Windows to install it.

3 more replies
Relevance 76.26%

I'm really getting tired of having to f8 every time I boot up to game to turn off digitally signed drivers so I can use rivatuner. This is BS and I would really like to disable this permanently.

Help is VERY much appreciated!

Thanks in advance
 

Answer:How can I permanently force digitally signed drivers OFF in vista 64?

Remove updates KB938979 and KB938194
Command line / run as administrator
type: bcdedit /set loadoptions DDISABLE_INTEGRITY_CHECKS
restart PC
 

11 more replies
Relevance 76.26%

Hi all, Following device:ThinkPad E531Graphics: Intel HD 4000System: Win7 Pro Following problem:1) Approx. 2 month ago a windows update caused a problem with the hdmi at my laptop. There was no connection to the TV possible anymore (I tried the TV, the cable and the hdmi device already).2) I installed a new driver (origin: Lenovo support page). Result: Windows messages that the driver is not digitally signed...Hence, the device "vga save" was set. What I've already tried, everything as admin:1) look for older drivers: Got only one and it didn't work2) Tried to install a driver directly from Intel: Didn't work3) Tried to disable the signing (GPEdit.msc -  code signature ...). Here I had the problem that I even have no line with the code signature to set the ignore property4) Tried to install the drivers (Intel and Lenovo) in the testmode. The waring message about unsigned drivers came5) Tried to create a certificate. Here the cmd said the command is not known.6) Tried to install the drivers (Intel and Lenovo) after setting the "TESTSIGNING" off (BCDEdit). The waring message about unsigned drivers came My question:Any ideas or similar experiences?I can not believe that the Lenovo or Intel drivers are not signed. But why Windows does not accept them?Is the available update to Win10 an option? Generally: Failure F40 (the failure is 40 cm in front of the monitor) is not excluded  Thank you very much in advance.Regards,Stefan 

More replies
Relevance 76.26%

I have x220 with Windows 7 Pro 64 bit. Device manager shows under Storage Controllers "Ricoh PCIe SDXC/MMC host controller," but there is a yellow triangle with "!" and a Device Status Code 52 message "Windows cannot verify the digital signature for the drivers required for this device." I checked in C:\Drivers\WIN\Multicard and found two *.cat files--which, I understand, are required to confirm digital signature. Each of them (ridisk.cat and risdxc.cat) has a signed and valid certificate! So what is going on? Will the card reader work? Is there something wrong with how Windows 7 is treating the Ricoh driver, which I downloaded from the Lenovo site? Why should I be getting this grief?













Solved!

Go to Solution.

Answer:Ricoh card reader driver-not digitally signed?

Hello,
 
Perhaps the driver is damaged?
 
Try deleting the Ricoh PCIe SDXC/MMC host controller from the Device Manager and then restarting the computer in order to let the Device Manager re-detect it and re-install the device drivers.  Does that solve the problem?
 
Regards,
 
Aryeh Goretsky
 

5 more replies
Relevance 76.26%

Someone else had this issue but their thread was closed with no answer posted on the forum. I have recently upgraded to Outlook 2010 from Outlook 2000. I am running Windows XP SP3. I am familiar with the proper way to exchange digitally signed and encrypted emails and have done it for a long time and it always worked fine on Outlook 2000. Since upgrading to Outlook 2010, I get no error message and neither do the recipients of my emails, however, the emails that I receive have no text in the body of the emails. I If the email is only signed and not encrypted, I can read the body of the email on my blackberry though, therefore, I know the text is there. If on my computer (and therefore on my outlook 2010) the body is blank. An encrypted email is unreadable on my blackberry.

I am NOT running Outlook Exchange and that is the only information I can find on the web. It is too bad that the other gentleman asking the same question in January 2011 did not post the solution to his problem on this forum, or maybe he never got a solution? Hope someone can help me. Thanks-
 

More replies
Relevance 76.26%

Does anyone have a concise explanation for this? Thanks for any info!

(just the digital signing (signature), not encrypting the file.)
 

Answer:Solved: How is data rendered unforgeable after its digitally signed?

If I remember correctly, it's has like a code, so it will know who is legit and whos not.
 

3 more replies
Relevance 76.26%

hi

i have problem with some of the messages received from out of my organisation.When i try to open

these messages in outlook 2003, it is showing a error message"Can't open this item. Your Digital ID

name can not be found by the underlying security system.". But this is not the case if i open the

message using Outlook Web Access.

Can any body help me in this regard.
Thanks
 

More replies
Relevance 76.26%

Hello,
I'm at my wits end. Anyone who can help would be my hero.

Acer 5253 laptop, Win7 Home Premium 64bit SP1, AMD C-50.

Trying to use a USB mouse. I have 3 logitech mice. None work because hidclass.sys and hidusb.sys are not digitally signed. If I f8 and disable driver signing enforcement, all 3 mice work, so I'm pretty certain that's the issue.

Tried "Update Driver" via device manager. Windows determined that I already had the best driver and wouldn't do anything.

Logitech does not furnish drivers for Win7. They rely on the native drivers.

Acer does not furnish mouse drivers. They refer you to the manufacturer of the mouse.

Tried copying the files in question from a 64bit machine that showed them to be digitally signed. Renamed the ones on my machine and pasted the ones from the "good" machine. Resolved nothing.

chkdsk /r found problems and repaired them. Didn't help.

sfc /scannow found problems that it could not resolve. Looked in CBS.log and found no references to either of the sys files in question. No resolution.

System Restore only had one restore point, and it was from 2 days ago. Problem was already noticed by then. I suspect that it's been this way since I purchased the laptop a couple of months ago anyway, but if there had been a restore point back at the very beginning, I'd have tried that.

I don't know much about digital signing of drivers. I've seen in a couple of threads that I might be able to sign the drivers myself, ... Read more

Answer:Windows mouse driver files not digitally signed

Mike

Obviously many more problems than just the mouse driver.

You can use earlier drivers (ie from vista, or even XP) if you install them in compatibility mode
[right click the installer>properties>compatibility>chose OS]

The other system problems need a repair install.

4 more replies
Relevance 76.26%

Windows Vista x64 decided to implement a 'security measure' by which all drivers must be 'digitally signed' to be allowed to install and run. I have a program which is compatible with Vista and x64 bit operating systems, however as its drivers are not digitally signed I cannot run it correctly - I recieve the message 'Windows requires a digitally signed driver' and access to the driver is blocked.

Is there a method of bypassing this?

Answer:'Windows requires a digitally signed driver' - How can I bypass this?

When you boot your system hit F8 and you can bypass it there. You will have to do this every boot. There are a couple applications out there that will do this for you but the names escape me right now.

4 more replies
Relevance 75.85%

I am trying to clean up this computer for a friend - unfortunately someone else has already been messing around with it and trying to sort it out (I found various cleanup programs on the desktop) but to no avail.

As far as I can see/have been told the symptoms have been
- Hiding all documents (e.g. word)
- My Pictures and My Videos and My Music are inaccessible as "Access is Denied"
- Redirecting from Google to random sites
- Playing music/noise at random and with no program running
- System generally running slowly

I have noticed that under task manager there are duplicate copies of dwm.exe and csrss.exe running, but not from system32 but from user\appdata\roaming. Similarly for conhost.exe although there is not a legit version of this on machine.

There were about 5 different anti-virus programmes running, I have stripped it all out to just AVG, but it will not update due to a "general error". Nor can I install the 2011 version, as it says that I am not connected to the internet and to specify what proxy server I am using... I have read around and this may be due to the conhost.exe etc?

Also not sure whether there is a windows cd available.

Many thanks.


.
DDS (Ver_11-03-05.01) - NTFSx86
Run by James at 18:28:05.63 on 08/05/2011
Internet Explorer: 8.0.6001.18904
Microsoft? Windows Vista? Home Premium 6.0.6000.0.1252.44.1033.18.1918.1076 [GMT 1:00]
.
.
============== Running Processes ===============
.
C:\Windows\syste... Read more

Answer:dwm.exe / csrss.exe / conhost.exe?

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the quotebox into Notepad:


Quote:




@echo off
if exist log.txt del /s/q log.txt
dir /a /s "c:\volsnap.sys" > log.txt
notepad log.t... Read more

19 more replies
Relevance 75.44%

This is more of a bug report rather than a question.


When installing the latest version of Message Analyzer 1.4 (Build 4.0.8110.0) on a clean installation of Windows 10 Pro (Build 14393.222), it shows an error saying 'A Digitally Signed Driver Is Required' Message Analyzer -- WFP Callout Driver.
I'm guessing maybe due to the new driver signing requirements in Windows 10 1607 Anniversary Update...
https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/

More replies
Relevance 75.44%

Hello,

I Recently upgraded several XP sp3 workstations from Outlook 2000 to 2010. When receiving an email with a digital certificate from a existing sender the contents of the email are blank but also get no certificate error messages. Email correspondence before with Outlook 2000 on same PCs was fine. Any help in this matter will be much appreciated.
Thanks,
Karl
 

More replies
Relevance 75.44%

Hi.I am having a Z580 (Windows 7 65 bit home premium) laptop.Recently I am experincing many problems with my wireless adapter.After a few seconds of switching on, wireless symbol will show "Limited Access". I will try troubleshooting, but the system will hang and i have to force it to shutdown.So I have un-installed the wireless driver and re-installed it. But now the same "Limited Access" happens and when i troubelshoot, (Reseting wireless adapter) the adapter goes off and it is shown that "Adapter is experiencing driver or hardware related problems". When i looked into device manager it is shown that ""This device cannot start .Code10"". Also when i checked the details, it is showing that "'the driver is not digitally signed"".Please help me solve this issue asap.

Answer:Wireless Adapter is not working (Code 10) "Driver is not digitally signed"

Update : If i put laptop in sleep after wireless becomes "Limited access"  after 10-15 mins if i reopen it, wifi is connected normally and it works! but for a period less than 10 mins.. After that again "Limited access" is coming and nothing will load!!! it is becoming a serious issue plz help

1 more replies
Relevance 75.03%

Huge virus problems ? help needed !

Running Vista ? have three processes on task manager which every time I end they just keep restarting themselves ? causing browser hijack and all files to be hidden ? although I got around this by enabling viewing of hidden files.

The three processes are conhost.exe, dwm.exe and csrss.exe. ? googling has told me these are viruses yet I cant update my McAfee or AVG as the virus doesn?t let either update and I cant install Malwarebytes either on normal or safe mode as I get a ?access is denied message?

Really am struggling and any help would be invaluable.

Thanks

Faz

Answer:HELP! csrss, conhost and dwm viruses!

Hello and welcome to TSF.

We want all our members to perform the steps outlined in the link given below, before posting for assistance. There's a sticky at the top of this forum, and a
Quote:




Having problems with spyware and pop-ups? First Steps




link at the top of each page.

Please follow our pre-posting process outlined below. Use a USB flash drive to download and transfer the tools to the affected machine, if necessary. You might like to run the Flash_Disinfector.exe on the clean machine and the flash drive first to protect against any possible transfer of infection via USB.


NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post them in a new topic, as this one shall be closed.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

Please note that the Virus/Trojan/Spyware Help forum is extremely busy, and it may take a while to receive a reply.

1 more replies
Relevance 74.62%

When I downloaded/installed Everest Home Edition I got and error message shown in the attached image although Everest seems to work fine. How do I make Vista accept non-digitally signed drivers that I trust?This is on my HP 6715b in specs, Vista Business x64[regaining space - attachment deleted by admin]

Answer:Everest Home Edition download. Message = driver not digitally signed

To be on the safe side, reckon the download was ruined by some kind of malicious software. Perhaps on your system.Ask a friend to download it and see if he gets the same thing.EDIT:Just did download from the majorgeeks. Works on both XP and Vista. Scanned with Avast and no threat found.You have malware. Or a bad download.

8 more replies
Relevance 74.21%

I got this virus after a legit-looking pop-up asked me to update Adobe Flash, then McAffe blocked Conhost.exe as a "risky connection." McAffe deleted some trojans after a full scan but didn't fix it. It keeps blocking Conhost, DWM (and something with a similar name), and CSRSS from connecting to the internet (I know it's a fake Conhost.exe since it's in C:\documents and settings\administrator\application data\microsoft\). I also tried System Restore a few times, but whenever the computer restarted, it would say that it only worked partially, so I guess it failed. I can still access Google if I double click links, but any single click redirects to ads. I also only have internet on the Administrator profile. Please help.
Here is my DDS log:

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_21
Run by Administrator at 18:29:18 on 2011-07-10
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2302.1310 [GMT -4:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explo... Read more

Answer:Conhost, DWM, CSRSS Redirect Trojan

Hi,Please do the following:Download ComboFix from either of these locations:Link 1 Link 2 VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here Double click on ComboFix.exe & follow the prompts.As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware.When finished, it shall produce a log for you. Please include the C:\Combo... Read more

15 more replies
Relevance 74.21%

Hi
I have seen two copies of csrss.exe in the run of Process Explorer, and can't figure out why there are two. Also is csrss.exe supposed to have this extra stuff on after the .exe part? (the added stuff looks like opening ports for sharing which is off)

=====
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
=====

The same file is loading up with csrss.exe it is conhost.exe and each occurrence of the conhost file has a different set of numbers after the .exe part as well.

=====(NT Authority/System in PE)
\??\C:\Windows\system32\conhost.exe "-19462917881928618761-14517701611313678421-1909588746-743542847-290976386389256608
=====
and the other is:
=====(NT Authority/Network Service in PE)
\??\C:\Windows\system32\conhost.exe "251829604-254933148129903086818709497291982502722-82799778550413321-274352356
=====

What is all this extra stuff after the .exe part of each file?
Any help would be great or is someone could look at their copies of these files in the system32 folder(win 7 64bit)

Answer:Dual csrss.exe and conhost.exe are they virited?

Everything you are seeing is normal.

Starting with Vista there will be one instance of csrss.exe for the system session plus one for each logged in user. This is done for security reasons. The only time there will be only one is when there is no logged in user, but then there would be no one to see it.

It is not unusual to see one or more instances of conhost.exe.

The data following the process name is the command line passing required information to the process when it starts. Many of the details are undocumented.

It is not unusual to see multiple instances of some other processes as well. There may be a dozen or more instances of svchost.exe.

3 more replies
Relevance 74.21%

Hi all - I've recently been (hopefully) paranoid about two instances of conhost.exe which Process Explorer tells me were opened through the two csrss.exe processes running on my system, one conhost each.
One conhost runs under the NETWORK SERVICE username and the other under the SYSTEM username.
Their command lines look like this - "\??\C:\Windows\system32\conhost.exe "-2013950787-902614538-19052251514614952552040908587-741964379504759799-2145496768"
I looked on another forum and there seemed to be a wide variety of different responses, including someone on sevenforums.com with the exact same issue, with some argument over whether or not infection could be the culprit but most saying that as long as all the processes are running from Windows/System32, which they are in my case, then they're probably genuine.
The funny thing is, whilst all the other computer systems I've checked tend to have two csrss.exe processes running with a similar program setup, they don't spawn conhost.exe processes each like my PC does.
I can close both instances of conhost.exe without issue, however they reappear whenever I log back into my account - i.e. from initially logging in, logging off and back on or coming back from sleep mode.
I recently reformatted my PC and reinstalled Windows after fearing the worst from this, however shortly after installing (to my memory) Avast, Malwarebytes, NVIDIA Drivers, Firefox and Comodo Firewall, all of which I was certain came from those programs' official webs... Read more

Answer:Two csrss.exe and conhost.exe from startup? Win7

click here fully explained.

2 more replies
Relevance 73.8%

Hi all,
I am wondering how do I digitally sign my driver so that it can be installed on a Win7 Ultimate SP1 in a VMWare virtual machine. I have used Visual Studio 2013 to sign my driver and cat files using a certificate I obtained from GlobalSign. Both of these
files passed the signtool check, but when trying to install in this virtual machine it generates an error code 52.
Thanks in advance for any help

More replies
Relevance 72.57%

Hello!
 
I'm asking help for this issue (please be patient, it's my first time doing this!): I have noticed that there are some processes in my Task Manager that don't show their user name, their location and their command line. I'm using Windows 7 64 bit. The processes are:
 
atkosd.exe
conhost.exe
csrss.exe
hcontrol.exe
nvstreamsvc.exe
nvxdsync.exe
wdc.exe
winlogon.exe
 
If i check the option "Show processes from all users", the information about the previously mentioned processes magically appear. All are run by SYSTEM, all seems to have a proper folder location, and all seems legit. What makes me suspicious is:
 
1 - I noticed this issue after my MBAM Pro ended, however I can't surely say it didn't happened before the ending of the licence;
 
2 - when MBAM Pro was active, it sometime blocked an IP that tried to connect to my computer; I tried a solution to solved this issue and it seemed to work, but some time later i got again similar warnings until they disappeared without taking any furhter action. Unfortunately, I don't remember the IP address nor the solution I applied to solve the warnings;
 
3 - before noticing the processes without information, I checked sometime the Task Manager and I remember for sure that I could see only 1 csrss.exe process with his name, location and key; nowadays, looking at all the processes in Task Manager I see 2 csrss.exe and 4 conhost.exe (I see only 1 csrss.exe if I don't check "Show processes from all use... Read more

Answer:Processes in Task Manager without User Name: conhost, csrss & others...

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Your logs are clean of malware.This is just a cleanup.Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.Or Press the windows key + r on your keyboard at the same time. This will also open your Notepad.

start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Toolbar: HKU\S-1-5-21-345862167-945495104-181563441-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-19]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.The location is listed in the 3rd line of the Farbar log you have submitted.Run FRST and click Fix only once and wait.Restart the computer normally to reset the registry.The tool will create... Read more

5 more replies
Relevance 72.57%

This driver (or part of it) is not digitally signed, hence during silent install in SCCM TS Windows 7 x64 it will "hang" waiting to accept the unsigned driver (NOT during Apply drivers, but Sequence that runs setup.exe - I install ALL graphics drivers this way!)

http://www.dell.com/support/home/us/en/04/Drivers/DriversDetails?driverId=D4HM1
Had top revert to previous version
Intel HD, 5300, 5500, 6000, 515, 520, 530, P530, Iris 540 Graphics Driver, 20.19.15.4390, A05
to be able to do silent install!
Somebody else might have noticed?
Seb

More replies
Relevance 70.52%

I was unable to get a DDS log. When I double click on dds.scr, I get a security warning stating that "The publisher could not be verified" and I click on "Run" to run it anyway. The dds.exe *32 appears in the task manager for about 12 seconds getting up to about 3,240KB, the command prompt window appears and instantly closes, and the dds.exe process disappears as well.

Since I'm running a x64 machine, I can't get a GMER log.

I've run Malware Bytes and it removed 1 malware and I ran it after rebooting and it's showing clean now. Trend-Micro doesn't show any issues. I've also run the Kaspersky Virus Removal Tool and it didn't show anything. I've also run TDSSKiller and it didn't find anything..

Even though MalwareBytes isn't showing any threats, I have seen a couple of notices from the taskbar where it has blocked outbound communication with a maliciious website.

Edit: DDS ran and here's the log:
Edit2: Just had another popup from MalwareBytes where it says it's trying to contact a malicious website. This one had a different port number, but the IP address is the same and it's still the csrss.exe that's showing up in the message.
I just saw another popup from MalwareBytes and this one was from coreserviceshell.exe. It popped up multiple times trying to following bing links in Chrome. I then get a message that says "Unable to load the webpage because the server sent no data."

I'... Read more

Answer:Zero Access malware? Extra csrss.exe, multiple conhost.exe processes, google redirects

Hello and Welcome to the forums! My name is Gringo and I'll be glad to help you with your computer problems. Somethings to remember while we are working together.Do not run any other tool untill instructed to do so!please Do not Attach logs or put in code boxes.Tell me about any problems that have occurred during the fix.Tell me of any other symptoms you may be having as these can help also.Do not run anything while running a fix.Do not run any other tool untill instructed to do so!Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the r... Read more

12 more replies
Relevance 68.47%

Hello everyone.

Recently I kept getting this popup saying *A digitally signed driver is required*

How do I find out what program is using this unsigned driver to remove this popup?

Answer:How to solve "digitally signed driver is required"

Any warnings in Device Manager ?

more replies
Relevance 68.47%

Hello everyone.

Recently I kept getting this popup saying *A digitally signed driver is required*

How do I find out what program is using this unsigned driver to remove this popup?

Answer:How to solve "digitally signed driver is required"

Any warnings in Device Manager ?

0 more replies
Relevance 64.78%

Hi All
I've been given a PC to sort out that has "a csrss.exe virus"
Well after investigating it does indeed have a dodgy looking file csrss.exe in the
D:\DOCUMENTS AND SETTINGS\JULIE\LOCAL SETTINGS\TEMP folder

and also a dodgy conhost.exe with no version information, the wrong size and in the wrong place

D:\DOCUMENTS AND SETTINGS\JULIE\APPLICATION DATA\MICROSOFT\

I've removed them a few times and they both reappear.
So I've followed the instruction in the sticky which *appeared* to find things but the problem still exists.
The logs are as follows..

Any help and\or advice GREATLY received.

Thwack
 

Answer:csrss.exe and conhost.exe in "wrong" place

..and the last log file :-D

thanks

Thwack
 

4 more replies
Relevance 59.86%

i have found multiple csrss.exe files, along with some csrss.exe.mui files, malwarebites doesnt detect anything wrong, spyhunter would not even install.
then i found this forum with people posting similar problems as i have, and i have seen the first thing ill be instructed to do is download the farbar recover scan tool, after downloading the FRST, i attempted to install it, but was given an error, it reads as followed:
AutoIt Error
                   Line 18555 (File ""):
                  Error: This keyword cannot be used after a "Then" keyword.
 
so now im posting here to hopefully figure this out. i read somewhere theres an email notification option for when theres a reply on the forum, ill try and see if i can find that again and set that, and ill link my email to my tablet so i can try to reply as fast and often as i can, im highly motivated to fix this problem, and will be extreamly appreciative for any and all help. thanks in advance for your time and effort.
 
i run 64bit windows 7
 
-Cody
attached is a screenshot of the error.

Answer:csrss.exe or csrss.exe.mui virus taking over

ok i have had some progress, i got malwarebytes to install, it resulted nothing in search, got spyhunter 4 to install as well, it yielded 57 results, but couldnt remove, the program wanted me to pay for it, then i finally got the frst64.exe to run, i did a scan and got these 2 files i think is what are needed for diagnosing?
 
noty sure how to upload these, not seeing the options for it now...ill try adding it to the original post.
i cannot upload for some reason cant find how to....i posted as plain text and im sorry, i know you prefer if be in file format, im trying so hard to figure this out, any help much appreciated.

2 more replies
Relevance 56.99%

Yesterday I got a notification from avg 2011 saying that my computer was infected with the spyware.password.xgen virus and asked if I want to move it to the vault or ignore it. In the next couple of hours, I keep on getting notifications from avg 2011 saying that my computer is infected. While reading other threads for solutions, I found out that I have the conhost.exe virus. Also, I keep on getting pages such as "Cannot redirect." I had to go change my proxy settings in order to load internet pages. Can anyone please help me? Thanks.

Answer:Spyware.password.xgen virus and conhost.exe virus, help please!

Welcome aboard Download Security Check from HERE, and save it to your Desktop. * Double-click SecurityCheck.exe * Follow the onscreen instructions inside of the black box. * A Notepad document should open automatically called checkup.txt; please post the contents of that document.=============================================================================Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsList content of HostsList IP configurationList last 10 Event Viewer logList Users, Partitions and Memory sizeClick Go and post the result.=============================================================================Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop. * Double-click mbam-setup.exe and follow the prompts to install the program. * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select Perform quick scan, then click Scan. * When the scan is complete, click OK, then Show Results to view the results. * Be sure that everything is checked, and click Remove Selected. * When completed, a log will open in Notepad. * Post the log back here.Be sure to restart the computer.The log can also be found here:C:\Documents and Set... Read more

9 more replies
Relevance 56.17%
Question: Conhost Virus

My husband has been having a lot of issues with his computer. Running excessively slow, and having high processes running. From what I understand the max should be around 88 processes at most, but he'll have as high as 129 processes. When checking I noticed the conhost.exe I had never seen before and dwm.exe. I've heard mixed things. Some saying virus other saying normal processes and some saying there's both so be careful on removing. I noticed that they'll be running a lot of the cpu coverage and though internet explorer hasn't been opened it'll show as many as 8 running as though opened and surfing the web somewhere. Also our Mcafee isn't catching anything. My husband's file count is increasing daily. And now something has closed off his firewall. We'll try to turn it back on and it instantly turns off the second you click to turn on. Need help asap.

Answer:Conhost Virus

Download and run wipe  and system ninja,
 
https://privacyroot.com/software/www/en/wipe.php
https://singularlabs.com/software/system-ninja/
 
Then.....
 
Go ahead and install ccleaner Now that you have the program installed go ahead and run the cleaner function.
https://www.piriform.com/ccleaner/download
Now that you have cleaned out some temp files, lets go ahead and disable all of the items starting up with your machine except your antivirus. To do this you will need to click on tools then start up select each item then disable.
Now that you have disabled those un-needed start ups lets go into the settings, we will have Ccleaner run when your machine boots, so that you will never have to worry about cleaning temp files again.To do this:
Hit options.
Settings.
Place a tick to run Ccleaner when the computer starts.

Now go to the advanced tab, and select close program after cleaning, now run the cleaner again this will close Ccleaner.
 
Reboot your machine and then follow the  instructions below.
 
Step 1: eScanAV.
 
Disable your antivirus prior to this scan.
http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/
Download the eScanAV Anti-Virus Toolkit (MWAV)http://www.escanav.com/english/content/products/downloadlink/downloadcounter.asp?pcode=MWAV&src=english_dwn&type=alter
 
Source
http://www.escanav.com/english/content/products/downloadlink/downloadp... Read more

1 more replies
Relevance 56.17%
Question: conhost.exe virus

How do I remove the conhost.exe virus?

Answer:conhost.exe virus

Hello and Welcome to TSF.
I'm nasdaq

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

We want all our members to perform the steps outlined here:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

After running through all the steps, you shall have a proper set of logs. Please post the logs in your next reply for my review. It's the only way I can suggest sound advice.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.

2 more replies
Relevance 56.17%

Hi,
 
For the past few days I've been having trouble with screen toggling on my computer. By this I mean I'll be working in a program and see its program bar flash as if I'm switching to another program. When trying to type in my browser (I use Chrome), I have to reselect the text field I'm working with every few characters because the computer thinks I've clicked out of it. My task manager shows a conhost.exe constantly flashing off and on, could this be it?

Answer:Possible conhost.exe virus (or something else)

Hello JCTconhost is a completely legitimate executable, as long as it’s running from the system32 folder, and is signed by Microsoft.Lets look at some logs.Please download MiniToolBox, save it to your desktop and run it.Checkmark the following checkboxes:Flush DNSReport IE Proxy SettingsReset IE Proxy SettingsReport FF Proxy SettingsReset FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Users, Partitions and Memory size.Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.Note: When using "Reset FF Proxy Settings" option Firefox should be closed.Download TDSSKiller and save it to your desktop.Extract (unzip) its contents to your desktop.Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.If an infected file is detected, the default action will be Cure, click on Continue.If a suspicious file is detected, the default action will be Skip, click on Continue.It may ask you to reboot the computer to complete the process. Click on Reboot Now.If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here....ADW CleanerPlease download ... Read more

4 more replies
Relevance 56.17%

Hello,... I started having crashes a few days ago (Blue screen of death).. and judging by what I was seeing I just thought my video card was going bad until AVG picked up a few virus which I can't seem to remove.

********************
"";"C:\Windows\System32\taskhost.exe (2140):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
"";"C:\Windows\System32\conhost.exe (4616):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
"";"C:\Windows\explorer.exe (2436):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
"";"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (3584):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
"";"C:\Program Files (x86)\AVG\AVG2012\avgscana.exe (4192):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
"";"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (4032):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
"";"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (2432):\memory_00010000";"Trojan horse Agent3.ATLI";"Infected"
*********************... Read more

Answer:Possible conhost.exe virus

Just an update.. I'm still having the same issues and still require help when you're able to provide it.. thanks again..

17 more replies
Relevance 56.17%
Question: Conhost.exe virus

Hello there, I'd like a little help here
There are dozens of conhost.exe instances running, dozens of cmd.exe, ctfmon even notepad and others system processes, I can't stop them, I cant kill the processes outside the safe mode, in the safe mode I can kill all of them, and after some seconds one will appear and will start to replicate into others.

They are drawing almost 100% from CPU. The PC is really slow, I am using anti-virus ESET NOD32 Antivirus 8, the scans do not detect viruses, they dont even detect most of the processes running, I am fightining against this thing already for ten hours, no "normal way" can make it go away. (it will only run if the internet is on)
I think they are downloading more viruses; malwarebytes anti malware detected more than 30 viruses named trojanfakeMS.ed and is still finding more since last night, sometimes pops out that it blocked a suspicious internet adress, they are always different (the adresses).

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-05-2015
Ran by TheThunderT (administrator) on THETHUNDERTMACH on 11-05-2015 01:19:43
Running from C:\Users\TheThunderT\Downloads
Loaded Profiles: TheThunderT (Available profiles: TheThunderT & Thunder`s Disciple)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/for... Read more

Answer:Conhost.exe virus

#############################################ADDITION

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-05-2015
Ran by TheThunderT at 2015-05-11 01:21:01
Running from C:\Users\TheThunderT\Downloads
Boot Mode: Normal
==========================================================
==================== Accounts: =============================

Administrator (S-1-5-21-954720486-3091679152-3473616162-500 - Administrator - Disabled)
Guest (S-1-5-21-954720486-3091679152-3473616162-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-954720486-3091679152-3473616162-1002 - Limited - Enabled)
TheThunderT (S-1-5-21-954720486-3091679152-3473616162-1001 - Administrator - Enabled) => C:\Users\TheThunderT
Thunder`s Disciple (S-1-5-21-954720486-3091679152-3473616162-1003 - Limited - Enabled) => C:\Users\Thunder`s Disciple

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-954720486-3091679152-3473... Read more

2 more replies
Relevance 55.76%

Hi,
I was infected with the conhost.exe and PresentationHost.exe virus yesterday and ran the attached scans. The computer CPU usage is running near or at 100% usage and the computer is very sluggish.
Thanks.
 

Answer:conhost and PresentationHost virus

Re run Hitman Pro and have it remove all that it finds.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Attach JRT.txt to your next message.

How are things running?
 

16 more replies
Relevance 55.76%

I've tried the antivirus I have, microsoft security essentials, and while it seemingly is catching trojans i dont think its catching the main culprit. Randomly usually at night for me (PST) my computer's cpu/memory gets used up by PresentationHost and Conhost and an additional assortment of programs I can't end process on or even open file location or check properties, attached is a JRT.
 

Answer:Conhost And Presentationhost Virus

Hi there and welcome.

If you wish for me to check for malware then you'll need to follow the below instructions. Upload all of the requested logs once done.

READ & RUN ME FIRST - Malware Removal Guide
 

17 more replies
Relevance 55.76%

How do I vanquish this troublemaker? I hear my GPU fans spinning up to max so I check processes, when I stop it from running everything returns to normal. I think it's mining bitcoins for somebody.

Answer:Infected with Conhost virus

 
 

 Install and run MBAM
Information about MBAM: http://www.bleepingcomputer.com/virus-removal/how-to-use-malwarebytes-anti-malware-tutorial
If this scan has been done, please post the the log into your next reply.
 

  Running TDSSKiller to obtain log
 
Note: Don't cure or delete a threat, but choose skip for all instead.
Please download TDSSKiller from here and save it to your Desktop
Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters

In the Additional options: Check Detect TDLFS file system
Click Start Scan and allow the scan process to run

Choose for all threats to Skip for all of them.
Click Continue
Please post the TDSSKiller.[Version]_[Date]_[Time]_log.txt found in your root directory (typically c:\)
===================================================
 
 ESET Online Scanner
==================
Note: If your AV is blocking Eset online scanner, please temporarily disable your AV.
 
I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the  button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to y... Read more

12 more replies
Relevance 55.76%

I need some advice in trying to delete the conhost.exe
Since this virus had infiltrated my computer, I can not be able to go to any websites even though my internet is still running.

Answer:How to delete conhost.exe virus?

conhost.exe is a legit process: http://www.howtogeek.com/howto/4996/what-is-conhost.exe-and-why-is-it-running/
Why do you call it a virus?

23 more replies
Relevance 55.76%

I just found several infections 134 to be exact on my Inspiron 3542 Windows 7 laptop. I did the scan with maleware bytes. It quenteened them asked to restart I did not because I was going to shut down and boot back up. It was applying some updates and then shut down. I booted it back up it finished with the updates and then did clean up then just a black screen. I noticed conhost.exe running in services after hitting ctrl alt delete. It looks like I am locked out. I need some help here I have not tried safe mode yet. Thanks

Answer:conhost.exe virus in services

Here is the 1st step, more steps will be needed.Run HitmanPro Kickstart. Note: You will need a USB flash/thumb/pen drive to use this method. http://www.surfright.nl/en/kickstartCreate a HitmanPro.Kickstart USB flash drive on a good comp, then insert the flash drive in the faulty comp.Boot & go into the bios & change the boot order to the thumb drive first. F10 to Save & Exit.HitmanPro.Kickstart user manual / guidehttp://antimalwaresoftware.nl/handl...The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.http://www.zippyshare.com/Instructions on how to use ZippyShare.http://i.imgur.com/naG6t2T.gifhttp://i.imgur.com/Vi9ZdIh.gifhttp://i.imgur.com/1IZu5kP.gifDownload 32-bit HitmanPro 3.7 with Kickstart http://dl.surfright.nl/HitmanPro.exeHitmanPro 3.7 with Kickstart (64-bit) http://dl.surfright.nl/HitmanPro_x6...

25 more replies
Relevance 55.76%

Hello I have been infected with these virus's and they make my cpu run at 100% and barely able to function. I looked at a previous thread : http://forums.majorgeeks.com/index.php?threads/conhost-and-presentationhost-virus.293259/

I followed the instructions and have uploaded the various logs that I believe may be of use.

Thanks for your help!
 

Answer:Conhost And Presentationhost.exe Virus

Welcome to Major Geeks!

Download this attached fixlist.txt file found at the bottom of this message and save fixlist.txt on your Desktop. Make sure you save it as a txt file.
You should now have both fixlist.txt and FRST64.exe on your Desktop.
Now I want you to disconnect your PC connection to the internet by unplugging the cable ( if it is wireless then temporarily shutdown the wireless network ).
Run FRST64.exe by right clicking on it and selecting Run As Adminstrator
Click the Fix button just once and wait.
Your computer should reboot after the fix runs.
Reconnect your internet connection after reboot so you can come back here to continue.
The tool will make a log on the Desktop (Fixlog.txt) please attach this new log to your next reply (attach
Now properly follow our malware cleaning instructions given in the below link:

READ & RUN ME FIRST Malware Removal Guide (incl. spyware, virus, trojan, hijacker)
 

1 more replies
Relevance 55.35%

google chrome keeps crashing, i used resmon to see what was making it crash (right click on google chrome, click analyse wait chain) and it said csrss.exe . So i opened task manager and saw it was using about 6000k memory and it had no description, and the name was just csrss.exe . I used a command promt to see how many csrss files i have and it said two, one in system32 and, one here
C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_b4d8d57efdc6b4f3
So i right clicked the csrss.exe in task manager and clicked open file location and it opened the folder location above. so do i have the wrong csrss.exe being used by my computer and is it a virus? or did Microsoft do a bad job of naming files, descriptions, locations etc.

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Thomas at 3:16:37.94 on Sun/02/Jan/2011
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3071.1561 [GMT 0:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPC... Read more

More replies
Relevance 54.94%

Hey, was recently having some issues with a infinitely replicating Conhost issue. Did some research then and heard it can be due to just a bug of something else. After some simple cleanup it went away. But today I had a PresentationHost.exe pop up that had a skyrocketing memory usage. I found a thread on this forum where someone got a similar/same problem fixed. I've been following along with it but found some posts that mention fix texts made specifically for them. So I'm opening a thread to see if I can get this fixed. Here's the closed thread I've been referencing.

http://forums.majorgeeks.com/showthread.php?t=293259

The HitmanPro Log might show a time after the combo fix log. On the first run I didn't realize you had to manually save its log, so I ran it again afterwards.
 

Answer:Conhost and PresentationHost Malware/Virus

Welcome to MajorGeeks!

Please follow the instructions in the below link.

READ & RUN ME FIRST. Malware Removal Guide
 

3 more replies
Relevance 54.94%

Hi all,Instigated by a low performance of my laptop, I discovered a bunch of 'fake' processes running background.... Am I quite sure the laptop is infected with some type of malware. Will you be able to help me with this?I attached the log of FRST as per http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/Thank you,S.

Answer:conhost.exe, presentationhost.exe, ... How to remove these Virus?

Hello, Welcome to BleepingComputer.I'm nasdaq and will be helping you.If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.===Press the windows key + r on your keyboard at the same time. This will open the RUN BOX.Type Notepad and and click the OK key.Please copy the entire contents of the code box below to the a new file. 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKLM -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
SearchScopes: HKU\S-1-5-21-653478955-3067283134-999092648-53289 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-653478955-3067283134-999092648-53289 -> {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL =
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll [No File]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
CHR Plugin: (Shockwave Flash) - C:\Users\fhen3366.MCS\AppData\Local\Google\Chrome\Application\47.0.2526.80\gcswf32.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.... Read more

14 more replies
Relevance 54.94%

Hi all,
 
Instigated by a low performance of my laptop, I discovered a bunch of 'fake' processes running background.... Am I quite sure the laptop is infected with some type of malware. Will you be able to help me with this?

Answer:conhost.exe, presentationhost.exe, .... How to remove these Virus?

Welcome aboard   Download Security Check from here or here and save it to your Desktop. Double-click SecurityCheck.exe Follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document.NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.Make sure the following options are checked:
Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows DefenderOther ServicesPress "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and paste the log to your reply. Please download MiniToolBox and run it.Checkmark following boxes:Report IE Proxy SettingsReport FF Proxy SettingsList content of HostsList IP configurationList Winsock EntriesList last 10 Event Viewer logList Installed ProgramsList Devices (do NOT change any settings here)List Users, Partitions and Memory sizeList Restore PointsClick Go and post the result. Please download Malwarebytes Anti-Malware (MBAM) to your desktop.NOTE. If you already have MBAM 2.0 installed scr... Read more

5 more replies
Relevance 54.94%

A few days ago I noticed that my computer was blue screening and performing a file dump then restarting. It would do this every 20 minutes or so. I ran AVG and got rid of some infected files. I did some searching and thought I had ZLOB, but I wasn't finding any of the files associated with it. Now AVG has quit scanning and firefox was set up to use some sort of proxy that I don't remember setting up. First it was liking me to spam websites from Google and then began to tell me that the proxy wasn't allowing connections. I set the network to auto-detect and I can surf the net without any problems, but AVG is still acting funny and will throw threat detections at after start-up occasionally. Help!?

More replies
Relevance 54.94%

Hi and thanks for the help.
I'm running Windows 7 64-bit, and I got the Conhost virus yesterday.
I was alerted to this by Spybot Resident when it asked me for permission and I denied it. Here is the log of the entry:

07/04/11 5:00:25 PM Denied (based on user decision) value "conhost" (new data: "C:\Users\Bill\AppData\Roaming\Microsoft\conhost.exe") added in System Startup user entry!

I looked it up and discovered it was a virus and I deleted the file.

I ran spybot and it came up empty.

I also ran Malwarebytes and it came up with this:
Memory Processes Infected:
c:\Users\Bill\AppData\Local\Temp\0.695828128486159.exe (Spyware.Passwords.XGen) -> 3064 -> Unloaded process successfully.

Files Infected:
c:\Users\Bill\AppData\Local\Temp\0.695828128486159.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

After they were deleted, Malwarebytes came up clean.

Now for the unusual problem, IE8 will NOT open up any web page, but I can open them up in Firefox. In IE8, I get the message after doing diagnostics that says "The device or resource (security.symantec.com) is not set up to accept connections on port &... Read more

Answer:Conhost virus and IE8 connection problem

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed. Let me know your intentions for an antivirus program.

------------------------------------------------------

It appears you didn't attach the second dds log, Attach.txt, to your initial reply.

Press the Windows logo key and the "R" key and copy/paste the following into the Run box and click OK:

%temp%\Attach.txt

A text file should open. Save it to your desktop then attach that file to your next reply.

------------------------------------------------------

5 more replies