- Community Home
- >
- Servers and Operating Systems
- >
- Legacy
- >
- Networking
- >
- Re: Remote desktop disconnects after logging in.
Networking
1753844
Members
7380
Online
108806
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2007 03:23 AM
тАО02-19-2007 03:23 AM
I am experiencing something i can not reproduce on other computers at our office. I work as the admin from a remote office and use a vpn connection with the Administrative Remote Desktop console to connect to workstations at the head office. Up until recently, all of this has worked without any problems. Now all of a sudden one machine will disconnect about a minute after supplying the login credentials. There is no error message displayed, nothing warning you that "you dont have sufficient rights" or "local policy does not permit". The screen goes from logging on, to black, to disconnecting. This happens both, when I try connecting as the local user or administrator. I know that the users do have access to connect, so that is not the problem.
Now, if i have the user restart the computer, and then i connect before they log on, then Remote Desktop works. however, when the user leaves for the day, and does a Shutdown, Log Off. The problem reoccurs.
I don't know what is causing this disconnection to happen, and can not find any other cases of people experiencing this sort of problem.
TIA,
Matt
Now, if i have the user restart the computer, and then i connect before they log on, then Remote Desktop works. however, when the user leaves for the day, and does a Shutdown, Log Off. The problem reoccurs.
I don't know what is causing this disconnection to happen, and can not find any other cases of people experiencing this sort of problem.
TIA,
Matt
if you dont ask, you will never know :)
Solved! Go to Solution.
18 REPLIES 18
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-19-2007 07:16 AM
тАО02-19-2007 07:16 AM
Re: Remote desktop disconnects after logging in.
Sounds like your user may be infected with something that starts with his login that does not want you to log in. Make a Hijackthis log when logged in first and have the user make one when you are not logged in. Then post both logs in a reply.
Ron
Installing HijackThis:
Click http://www.thespykiller.co.uk/files/HJTsetup.exe
OR
http://security-central.us/downloads/HJTsetup.exe
to download HJTsetup.exe
1. Save HJTsetup.exe to your desktop.
2. Open Notepad > Click on Format > Uncheck Word Wrap, if checked.
3. Double-click on the desktop icon for HJTsetup.exe and by default it will automatically install to C:\Program Files\HijackThis.
4. Continue to click Next to accept the default settings in the setup dialogue boxes until you get to the "Select Additional Tasks" dialogue.
5. Put a check by Create a desktop icon then click Next and continue accepting the default suggestions.
6. At the final dialogue box click Finish and HijackThis (HJT) will launch.
7. Click on the "Do a system scan and save a logfile" button"; A log showing the results should open in Notepad.
8. Click on Edit > Select All (or CTRL+A) then click on Edit > Copy (or CTRL+C) to copy the contents of the log.
Ron
Installing HijackThis:
Click http://www.thespykiller.co.uk/files/HJTsetup.exe
OR
http://security-central.us/downloads/HJTsetup.exe
to download HJTsetup.exe
1. Save HJTsetup.exe to your desktop.
2. Open Notepad > Click on Format > Uncheck Word Wrap, if checked.
3. Double-click on the desktop icon for HJTsetup.exe and by default it will automatically install to C:\Program Files\HijackThis.
4. Continue to click Next to accept the default settings in the setup dialogue boxes until you get to the "Select Additional Tasks" dialogue.
5. Put a check by Create a desktop icon then click Next and continue accepting the default suggestions.
6. At the final dialogue box click Finish and HijackThis (HJT) will launch.
7. Click on the "Do a system scan and save a logfile" button"; A log showing the results should open in Notepad.
8. Click on Edit > Select All (or CTRL+A) then click on Edit > Copy (or CTRL+C) to copy the contents of the log.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2007 03:00 AM
тАО02-20-2007 03:00 AM
Re: Remote desktop disconnects after logging in.
Hi Matthew,
It will be interesting to see what the logs show.
Without knowing more about your use of policy this is just a thought. Are you running the UPHClean tool from microsoft? If not, you might want to try it as it may help in other ways too.
http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
It will be interesting to see what the logs show.
Without knowing more about your use of policy this is just a thought. Are you running the UPHClean tool from microsoft? If not, you might want to try it as it may help in other ways too.
http://www.microsoft.com/downloads/details.aspx?FamilyID=1B286E6D-8912-4E18-B570-42470E2F3582&displaylang=en
---------------------------------------------
I work for HP, but my posts and replies are my own.
I work for HP, but my posts and replies are my own.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2007 04:07 AM
тАО02-20-2007 04:07 AM
Re: Remote desktop disconnects after logging in.
Hi Ron,
I downloaded HJT and have pasted the report below. this report was based on me rebooting the computer and logging in through RD after a reboot.
-----
Logfile of HijackThis v1.99.1
Scan saved at 12:05:17 PM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\MouPter.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Track4Win Monitor\STMonitor.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Library Bound Group Policy User
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [mMouse] MouPter.exe
O4 - HKLM\..\Run: [SetMou] SetMou.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [tfwmon] C:\Program Files\Track4Win Monitor\STMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: accounting_copy_email.cmd.lnk = EMAIL\CMD\accounting_copy_email.cmd
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ca
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\Software\..\Telephony: DomainName = LBI.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{41EE5B77-3E57-46C6-ACF5-B55FECA3653A}: NameServer = 192.1.1.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LBI.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
-----
let me know if you see anything of importance.
Matt
I downloaded HJT and have pasted the report below. this report was based on me rebooting the computer and logging in through RD after a reboot.
-----
Logfile of HijackThis v1.99.1
Scan saved at 12:05:17 PM, on 2/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\MouPter.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Track4Win Monitor\STMonitor.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Library Bound Group Policy User
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [mMouse] MouPter.exe
O4 - HKLM\..\Run: [SetMou] SetMou.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [tfwmon] C:\Program Files\Track4Win Monitor\STMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: accounting_copy_email.cmd.lnk = EMAIL\CMD\accounting_copy_email.cmd
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ca
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\Software\..\Telephony: DomainName = LBI.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{41EE5B77-3E57-46C6-ACF5-B55FECA3653A}: NameServer = 192.1.1.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LBI.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
-----
let me know if you see anything of importance.
Matt
if you dont ask, you will never know :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2007 04:10 AM
тАО02-20-2007 04:10 AM
Re: Remote desktop disconnects after logging in.
Dennis,
I also installed the tool you suggested.
thanks.
I also installed the tool you suggested.
thanks.
if you dont ask, you will never know :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-20-2007 04:45 AM
тАО02-20-2007 04:45 AM
Re: Remote desktop disconnects after logging in.
I don't see much in your log.
O4 - HKLM\..\Run: [mMouse] MouPter.exe
O4 - HKLM\..\Run: [SetMou] SetMou.exe
These are probably the remote mouse tho it is not something I see very often and google doesn't have many hits. Appears they live in C:\windows. Can you look in the folder and see if the files show up? If you hover over them it should say who makes them. Or you can rightclick on them and look at the properties.
I also wonder why I see two
C:\WINDOWS\system32\winlogon.exe
and why I see
C:\WINDOWS\system32\userinit.exe
in the processes list (it's usually running just not visible)
but I suppose it's because you are coming in remotely and your user has logged in too.
Can you get the user to make an HJT log too (preferably when you are not logged in)? The HKCU entries are specific to a user and may change depending on who is logged in.
You might also look in the Event Viewer and see if there is an event that corresponds to your login failure. That may tell us something.
Check the Event logs for errors:
Start, Run, eventvwr.msc, OK then select System. Look for red marked files that have a time stamp about the time of the failed login. Open the event then click on the bottom of the three buttons to copy the text. Move to a reply and Edit, Paste. Repeat for any other different errors that happened about the same time. Please don't go back to the beginning of time and no events from a Safe Mode boot. Repeat for Application and Security. If your PC speaks something other than English don't translate it unless it doesn't use the Latin alphabet and then please include the timestamps.
Ron
O4 - HKLM\..\Run: [mMouse] MouPter.exe
O4 - HKLM\..\Run: [SetMou] SetMou.exe
These are probably the remote mouse tho it is not something I see very often and google doesn't have many hits. Appears they live in C:\windows. Can you look in the folder and see if the files show up? If you hover over them it should say who makes them. Or you can rightclick on them and look at the properties.
I also wonder why I see two
C:\WINDOWS\system32\winlogon.exe
and why I see
C:\WINDOWS\system32\userinit.exe
in the processes list (it's usually running just not visible)
but I suppose it's because you are coming in remotely and your user has logged in too.
Can you get the user to make an HJT log too (preferably when you are not logged in)? The HKCU entries are specific to a user and may change depending on who is logged in.
You might also look in the Event Viewer and see if there is an event that corresponds to your login failure. That may tell us something.
Check the Event logs for errors:
Start, Run, eventvwr.msc, OK then select System. Look for red marked files that have a time stamp about the time of the failed login. Open the event then click on the bottom of the three buttons to copy the text. Move to a reply and Edit, Paste. Repeat for any other different errors that happened about the same time. Please don't go back to the beginning of time and no events from a Safe Mode boot. Repeat for Application and Security. If your PC speaks something other than English don't translate it unless it doesn't use the Latin alphabet and then please include the timestamps.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-21-2007 10:41 AM
тАО02-21-2007 10:41 AM
Re: Remote desktop disconnects after logging in.
nothing in the security log. one successful audit FROM 2004!
reran the hjt today
Logfile of HijackThis v1.99.1
Scan saved at 6:38:06 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\MouPter.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Track4Win Monitor\STMonitor.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Library Bound Group Policy User
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [mMouse] MouPter.exe
O4 - HKLM\..\Run: [SetMou] SetMou.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [tfwmon] C:\Program Files\Track4Win Monitor\STMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: accounting_copy_email.cmd.lnk = EMAIL\CMD\accounting_copy_email.cmd
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ca
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\Software\..\Telephony: DomainName = LBI.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{41EE5B77-3E57-46C6-ACF5-B55FECA3653A}: NameServer = 192.1.1.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LBI.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
reran the hjt today
Logfile of HijackThis v1.99.1
Scan saved at 6:38:06 PM, on 2/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\rdpclip.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\MouPter.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Track4Win Monitor\STMonitor.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Rainlendar\Rainlendar.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.compaq.com/1Q00CDT/0409/bl7.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Library Bound Group Policy User
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [mMouse] MouPter.exe
O4 - HKLM\..\Run: [SetMou] SetMou.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [tfwmon] C:\Program Files\Track4Win Monitor\STMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: accounting_copy_email.cmd.lnk = EMAIL\CMD\accounting_copy_email.cmd
O4 - Startup: Rainlendar.lnk = C:\Program Files\Rainlendar\Rainlendar.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.ca
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\Software\..\Telephony: DomainName = LBI.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{41EE5B77-3E57-46C6-ACF5-B55FECA3653A}: NameServer = 192.1.1.7
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = LBI.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = LBI.local
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
if you dont ask, you will never know :)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 04:18 AM
тАО02-22-2007 04:18 AM
Re: Remote desktop disconnects after logging in.
Maybe if you can get the security log to work it will tell you why it drops you.
Start, (Settings), Control Panel> Administrative Tools>Local Security Policy>Local Policies>Audit Policy and Audit for both Success and Failure.
Ron
Start, (Settings), Control Panel> Administrative Tools>Local Security Policy>Local Policies>Audit Policy and Audit for both Success and Failure.
Ron
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-22-2007 05:09 AM
тАО02-22-2007 05:09 AM
Solution
A few things.
WUAUCLT was running on the first log. WUAUCLT ONLY runs when the system is trying to do Microsoft updates.
System is still running IE6.
I'm guessing that the workstation may be in a "wedged" state. Probably someone selected "Install updates amd shutdown" when rebooting the system, and some of the updates did not finish correctly (partial install).
By now, IE7 should have been prompted for an install, but it hasn't been installed.
The machine may have to be brought up under the local admin logon, and the updates applied manually. Have them also select CHKDSK to run at the next reboot, and then reboot the system.
Oh... Last note. Make sure that Windows Defender is the RTM (released) version, and NOT still the Beta release.
Let us know how it works out.
Jon
WUAUCLT was running on the first log. WUAUCLT ONLY runs when the system is trying to do Microsoft updates.
System is still running IE6.
I'm guessing that the workstation may be in a "wedged" state. Probably someone selected "Install updates amd shutdown" when rebooting the system, and some of the updates did not finish correctly (partial install).
By now, IE7 should have been prompted for an install, but it hasn't been installed.
The machine may have to be brought up under the local admin logon, and the updates applied manually. Have them also select CHKDSK to run at the next reboot, and then reboot the system.
Oh... Last note. Make sure that Windows Defender is the RTM (released) version, and NOT still the Beta release.
Let us know how it works out.
Jon
"Do or do not. There is no try!" - Yoda
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-26-2007 09:05 AM
тАО02-26-2007 09:05 AM
Re: Remote desktop disconnects after logging in.
hi all. just an update on this. after rerunning the OS updates we were able to get to ie7, and all necessary patches. the user was then able to connect that night from home, woo-whoo you say. yes and no. two days later it was back to the same thing. logging on then being kicked off.
i also updated the M$ defender to the released version.
i will update further with information from the event viewer.
i also updated the M$ defender to the released version.
i will update further with information from the event viewer.
if you dont ask, you will never know :)
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP