Cannot Terminate Default Browser AND smhost.exe

bmmiller · Jul 30, 2006

I'd really appreciate any input and/or help with my issue. Thanks in advance.

I was having a problem with a couple things recently. First of all, whenever I reboot I get the following that shows up in the upper left hand corner every time, I tried googling smhost.exe with very little results.

Occationally, my computer will hang up recently and I would like to think this is part of the problem. Would anyone know what is going on with this? Seen it before? Know what to try? I've looked in and out o safe mode and cannot find smhost.exe within the Windows directory. I do however see a smhost w/o extention and a smhost value in the prefetch folder. I tried deleting those with little change in my hang ups. Here is also my hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:03:03 AM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Active SMART\ActiveSMART.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.xbox-scene.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: Active SMART.lnk = C:\Program Files\Active SMART\ActiveSMART.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1148921058570
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

Everything looked fine to me. I'm also having an issue with the default browser. I use Firefox 1.5.0.5 and IE7 beta, and each will do the following error. When I boot up at first there is about a ~3k in resources process running of the default browser whether I have it running or not. If I do start up the default browser it will create a second instance that runs normal. If the ~3k instance is ever terminated it comes right back. I had a temporary fix where I tricked it into not having a default browser, but that really doesn't solve the underlying problem. I was wondering if there is a relation to these two, or if anyone had experienced one of the single issues on their own.

To sum up, my current situation is a hang up every so often, and an extra instance of the deault browser. I have ran AdAware, Spyware Doctor, and NOD32 all in and out of safe mode all come up empty and all have latest defitions and versions.

It would be very great if someone could help me out.

bmmiller · Jul 30, 2006

I also should note I have next to nothing in my startup. Neither problem is not a process I can just remove w/ msconfig settings.

I also realised that I should point out that when I deleted the smhost w/o extention and the value in the prefetch folder, I still received the image I posted when I boot up or logon.

Niobis · Jul 30, 2006

The image doesn't work. Can you please repost another?

The_Fiend · Jul 30, 2006

It would have been better of you posted this in the Anti virus/anti spyware forum, the guys there know their stuff when it comes to windows processes and hijackthis.
I'll ask the moderators to move this for you.

bmmiller · Jul 30, 2006

http://img.photobucket.com/albums/v221/Maverick0984/smhost.jpg is the image, and sorry about th wrong section, i don't want to double post the same thing, hopefully they move it

Nephilim · Jul 30, 2006

Teleported

bmmiller · Jul 30, 2006

I fixed it, I had asked this on another bored for Firefox actually since at first I was under the suspesion that it was a Firefox issue, I'm not sure if I can post the link to those forums, so I'm going to qutoe myself from those forums, just incase others need help with this issue. I was one of many who had this isssue on those forums :-/

Alright I fixed my problem. I'm not sure if it is similar to all of yours but here is what I did. I had noticed that when I rebooted or logged in a box would show up for a split second in the upper left hand corner. It looked like this (i had to print screen in order to view it was so fast). In addition to this problem, I was having the problem of an instance of browser starting up on it's own coming in at around ~3k in recourses, as well as occational hang ups.

http://img.photobucket.com/albums/v221/Maverick0984/smhost.jpg

Googling smhost.exe turned up zilch, so after many different attempts at different scanners and whatnot, I finally figured out what to do.

(1) Using the link that was provided above by eisecc: http://www.sysinternals.com/Utilities/Autoruns.html i downloaded this application and unzipped to desktop.
(2) Booted into safe mode by use of F8 during boot up.
(3) Open up Autoruns.exe that should be on your desktop from the download
(4) Go to the explorer tab
(5) In there you should find smhost.exe, straight deleting the entry wasn't enough, so what I did was right click the entry, and went to Jump-to
(6) This opened up the registry, when doing this be careful, you can really screw things up, making a backup is always nice. I now see this offset for smhost.exe.
*I should note that in the normal File Explorer I was never able to actually find a smhost.exe, just a smhost w/o extention file.
(7) Deleting it at this time won't work either, I renamed it to smhost1.exe and exited, and rebooted.
(8) Now in normal XP I opend up Autoruns.exe again, and this time it said it couldn't find the smhost1.exe file, now if you delete it, it won't come back and that should be it.

Inside my C:\windows\ directory there was a smhost file that i deleted (not exe), and in C:\windows\prefetch there was another smhost related file i then deleted.

Now the "Applying settings" box doesn't come up when I reboot, and the extra instance of the default browser, firefox for most of us, no longer shows up. I also haven't had any hang ups anymore, but I just fixed this maybe 15 minutes ago, so there hasn't been a whole lot of time to prove that that is okay, but I'm hoping it will be.

Looking at the smhost file it looks like it was attempting to log keystrokes and places I had been at since I noticed Names of webpages as well as the word "backspace" numerous times. Seems like it was some sort of malware that has yet to be identified fully or at all. Good luck, I still have this thread subscribed so if you have questions let me know....hopefully I won't be back saying it's no longer fixed.
Click to expand...

Log in or Sign up

Cannot Terminate Default Browser AND smhost.exe

bmmiller Member

bmmiller Member

Niobis Active member

The_Fiend Guest

bmmiller Member

Nephilim Moderator Staff Member

bmmiller Member

Share This Page

Log in or Sign up

Cannot Terminate Default Browser AND smhost.exe

bmmiller Member

bmmiller Member

Niobis Active member

The_Fiend Guest

bmmiller Member

Nephilim Moderator Staff Member

bmmiller Member

Share This Page

Useful Searches