Rick
2007-01-27 00:01:02 UTC
Sorry, I originally posted this in the wrong group...
Hi all, my admin account keeps getting locked out every time I reboot one of
my servers (recently changed my password). I have no manually mapped drives,
no cached login infor in keymgr.cpl and non of the services are configured to
use my admin account. I also checked all object in DCOM and non use my
account.
Here's the alockout log:
Thu Jan 25 12:36:55 2007, PID: 716, Thread: 720, Image
winlogon.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:56 2007, PID: 768, Thread: 772, Image
C:\WINDOWS\system32\services.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:56 2007, PID: 780, Thread: 784, Image
C:\WINDOWS\system32\lsass.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1020, Thread: 1028, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1072, Thread: 1080, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1152, Thread: 1160, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1168, Thread: 1172, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1228, Thread: 1232, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1304, Thread: 1308, Image C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:36:59 2007, PID: 1364, Thread: 1368, Image C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:05 2007, PID: 1704, Thread: 1708, Image
C:\WINDOWS\system32\spoolsv.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:05 2007, PID: 1732, Thread: 1736, Image
C:\WINDOWS\system32\msdtc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:07 2007, PID: 1924, Thread: 1928, Image C:\Program
Files\compaq\cpqacuxe\Bin\hpacubin.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:07 2007, PID: 1984, Thread: 1988, Image
C:\hp\hpsmh\data\cgi-bin\vcrepository\cpqsrhmo.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 2000, Thread: 2004, Image
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 2036, Thread: 2040, Image D:\program
files\sav\Symantec AntiVirus\Symantec AntiVirus\DefWatch.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 308, Thread: 296, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 336, Thread: 340, Image
C:\WINDOWS\system32\grovel.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 436, Thread: 440, Image C:\Program
Files\HP\Performance Management Pack 4\pmp.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 460, Thread: 464, Image C:\Program
Files\HP\Performance Management Pack 4\PMPTools\pmptools.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 512, Thread: 412, Image
C:\PROGRA~1\HP\SYSTEM~2\lbin\hpsimsvc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 556, Thread: 560, Image C:\Program
Files\HP\Systems Insight Manager\lbin\mxdtf,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 564, Thread: 592, Image C:\Program
Files\HP\HP Virtualization Management Software\bin\hpvmmsvc.exe,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 648, Thread: 652, Image
C:\WINDOWS\system32\inetsrv\inetinfo.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 676, Thread: 680, Image
C:\WINDOWS\system32\cba\pds.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 932, Thread: 784, Image C:\Program
Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 1284, Thread: 1256, Image C:\Program
Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:10 2007, PID: 1592, Thread: 1596, Image C:\Program
Files\Microsoft SQL Server\MSSQL$WSUS\Binn\sqlservr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:10 2007, PID: 1600, Thread: 924, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:10 2007, PID: 1696, Thread: 1700, Image
..\jrewindows\bin\hpvmmsvcj.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:11 2007, PID: 2088, Thread: 2092, Image C:\Program
Files\HP\Systems Insight Manager\lbin\mxdomainmgr,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:13 2007, PID: 2248, Thread: 2252, Image
D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:13 2007, PID: 2340, Thread: 2344, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:14 2007, PID: 2340, Thread: 2344, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:17 2007, PID: 2548, Thread: 2556, Image
d:\Repository\psp-7.51.w2k3.i386.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:17 2007, PID: 2660, Thread: 2664, Image
C:\PROGRA~1\POWERC~1\pcns.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:24 2007, PID: 2872, Thread: 2876, Image ,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:24 2007, PID: 2960, Thread: 2964, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:25 2007, PID: 3048, Thread: 3052, Image
c:\inetpub\wwwroot\SMSComponent\SMSRPH.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:25 2007, PID: 3100, Thread: 3108, Image
C:\WINDOWS\System32\snmp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:26 2007, PID: 3152, Thread: 3156, Image D:\program
files\sav\Symantec AntiVirus\Symantec AntiVirus\Rtvscan.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:26 2007, PID: 2912, Thread: 2988, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:27 2007, PID: 3256, Thread: 3260, Image
C:\hp\hpsmh\bin\smhstart.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:27 2007, PID: 2960, Thread: 3036, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:27 2007, PID: 3332, Thread: 3340, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3344, Thread: 3352, Image
C:\WINDOWS\system32\tftpd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3392, Thread: 3400, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3384, Thread: 3388, Image C:\Program
Files\The Open Group\WMI Mapper\bin\WbemCons.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3584, Thread: 3588, Image C:\Program
Files\RealVNC\VNC4\WinVNC4.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3624, Thread: 3628, Image C:\Program
Files\The Open Group\WMI Mapper\bin\WMIServer.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:29 2007, PID: 3664, Thread: 3668, Image c:\program
files\update services\service\bin\wsusservice.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:29 2007, PID: 3704, Thread: 3708, Image
MsgSys.EXE,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:30 2007, PID: 3828, Thread: 3832, Image
D:\SMS_CCM\CLICOMP\RemCtrl\Wuser32.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:30 2007, PID: 3876, Thread: 3880, Image C:\Program
Files\VERITAS\Backup Exec\NT\beremote.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 3928, Thread: 3932, Image C:\Program
Files\VERITAS\Backup Exec\NT\benetns.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 3940, Thread: 3944, Image
C:\hp\hpsmh\bin\hpsmhd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 3972, Thread: 3976, Image C:\Program
Files\VERITAS\Backup Exec\NT\pvlsvr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 4008, Thread: 4012, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 4016, Thread: 4020, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:32 2007, PID: 3392, Thread: 3540, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:32 2007, PID: 4048, Thread: 4056, Image
C:\WINDOWS\system32\tcpsvcs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:32 2007, PID: 660, Thread: 964, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:32 2007, PID: 1000, Thread: 1328, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:33 2007, PID: 4092, Thread: 300, Image
D:\SMS_CCM\CcmExec.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:33 2007, PID: 1760, Thread: 1756, Image
C:\hp\hpsmh\bin\hpsmhd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 1588, Thread: 2240, Image
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 2352, Thread: 2356, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 2244, Thread: 2232, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 2464, Thread: 2340, Image
C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:35 2007, PID: 2628, Thread: 2236, Image
C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:35 2007, PID: 2692, Thread: 2696, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:35 2007, PID: 2712, Thread: 2720, Image
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:36 2007, PID: 4632, Thread: 4636, Image
C:\WINDOWS\system32\ams_ii\iao.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:37 2007, PID: 4684, Thread: 4688, Image
C:\WINDOWS\system32\cba\xfr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:39 2007, PID: 4832, Thread: 4836, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:41 2007, PID: 4740, Thread: 4744, Image
D:\SMS\bin\i386\smsexec.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5144, Thread: 5148, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5152, Thread: 5156, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5172, Thread: 5176, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5172, Thread: 5176, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:42 2007, PID: 5152, Thread: 5156, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:42 2007, PID: 5232, Thread: 5236, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5248, Thread: 5252, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:43 2007, PID: 5264, Thread: 5268, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:44 2007, PID: 5336, Thread: 5340, Image
D:\SMS\bin\i386\sitecomp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5368, Thread: 5372, Image
C:\WINDOWS\system32\sysdown.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5144, Thread: 5196, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:45 2007, PID: 5392, Thread: 5396, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5264, Thread: 5288, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:45 2007, PID: 5400, Thread: 5404, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5248, Thread: 5252, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:46 2007, PID: 5232, Thread: 5236, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:46 2007, PID: 5464, Thread: 5468, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:46 2007, PID: 5536, Thread: 5540, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:46 2007, PID: 5592, Thread: 5596, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:47 2007, PID: 2548, Thread: 2556, Image
d:\Repository\psp-7.51.w2k3.i386.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:52 2007, PID: 5592, Thread: 5636, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:52 2007, PID: 5400, Thread: 5504, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:52 2007, PID: 5536, Thread: 5540, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:53 2007, PID: 5464, Thread: 5468, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:53 2007, PID: 5516, Thread: 5520, Image C:\Program
Files\VERITAS\Backup Exec\NT\beserver.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5896, Thread: 5900, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5912, Thread: 5916, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5912, Thread: 5916, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:54 2007, PID: 5896, Thread: 5900, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:54 2007, PID: 5928, Thread: 5932, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5936, Thread: 5940, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5944, Thread: 5948, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:56 2007, PID: 6084, Thread: 6088, Image
c:\windows\system32\inetsrv\w3wp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:56 2007, PID: 6016, Thread: 6116, Image
C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:57 2007, PID: 5944, Thread: 6000, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:57 2007, PID: 5936, Thread: 5940, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:58 2007, PID: 5928, Thread: 5932, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:58 2007, PID: 540, Thread: 3160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:58 2007, PID: 4660, Thread: 4696, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:58 2007, PID: 4708, Thread: 4712, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:01 2007, PID: 4708, Thread: 4784, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:01 2007, PID: 4660, Thread: 4696, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:02 2007, PID: 5380, Thread: 5228, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:02 2007, PID: 540, Thread: 3160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:03 2007, PID: 5424, Thread: 5428, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5236, Thread: 5232, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5236, Thread: 5232, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:03 2007, PID: 5424, Thread: 5428, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:03 2007, PID: 2552, Thread: 2560, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5252, Thread: 5248, Image C:\Program
Files\VERITAS\Backup Exec\NT\bengine.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5580, Thread: 5584, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5588, Thread: 5604, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:04 2007, PID: 4740, Thread: 5568, Image
D:\SMS\bin\i386\smsexec.exe,***WNetUseConnectionW Failed!*** (1), Local:
(null), Remote: \\KIL-ITADMIN\A$, Password: Password was NULL, Window Title:
, RC was: The network name cannot be found. (67), GLE was: The network name
cannot be found. (67)
Thu Jan 25 12:38:05 2007, PID: 4740, Thread: 5568, Image
D:\SMS\bin\i386\smsexec.exe,***WNetUseConnectionW Failed!*** (2), Local:
(null), Remote: \\KIL-ITADMIN\E$, Password: Password was NULL, Window Title:
, RC was: The device is not ready. (21), GLE was: The device is not ready.
(21)
Thu Jan 25 12:38:05 2007, PID: 5648, Thread: 5644, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:05 2007, PID: 716, Thread: 856, Image
winlogon.exe,***StartServiceW Failed!*** (0), Service: Failed to get Service
name, RC was: Incorrect function. (1), GLE was: The operation completed
successfully. (0)
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe,***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,* Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:06 2007, PID: 5588, Thread: 5660, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: Windows Management Instrumentation (C:\WINDOWS\system32\svchost.exe
-k netsvcs), RC was: The operation completed successfully. (0), GLE was: An
instance of the service is already running. (1056)
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: Background Intelligent Transfer Service
(C:\WINDOWS\system32\svchost.exe -k netsvcs), RC was: Incorrect function.
(1), GLE was: The operation completed successfully. (0)
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: System Event Notification (C:\WINDOWS\system32\svchost.exe -k
netsvcs), RC was: The operation completed successfully. (0), GLE was: An
instance of the service is already running. (1056)
Thu Jan 25 12:38:06 2007, PID: 6096, Thread: 6124, Image
userinit.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:06 2007, PID: 5580, Thread: 5584, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: Windows Installer (C:\WINDOWS\system32\msiexec.exe /V), RC was:
Incorrect function. (1), GLE was: The operation completed successfully.
(0)
Thu Jan 25 12:38:06 2007, PID: 2552, Thread: 2560, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:07 2007, PID: 2212, Thread: 2444, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:07 2007, PID: 6056, Thread: 6052, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:07 2007, PID: 5992, Thread: 5988, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:07 2007, PID: 2228, Thread: 5132, Image
C:\WINDOWS\System32\WScript.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:08 2007, PID: 4712, Thread: 4784, Image
c:\windows\system32\inetsrv\w3wp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:10 2007, PID: 5724, Thread: 5720, Image
d:\Repository\psp-7.60.w2k3.i386.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:11 2007, PID: 5992, Thread: 5028, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 6068, Thread: 6132, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:38:11 2007, PID: 6056, Thread: 6052, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 2784, Thread: 6136, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:38:11 2007, PID: 2212, Thread: 2444, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 2228, Thread: 5132, Image
C:\WINDOWS\System32\WScript.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 6096, Thread: 6124, Image
userinit.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 4788, Thread: 4796, Image
userinit.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6156, Thread: 6160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 4788, Thread: 4796, Image
userinit.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6180, Thread: 6184, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6068, Thread: 6132, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6180, Thread: 6184, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6156, Thread: 6160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6204, Thread: 6208, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6212, Thread: 6216, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6236, Thread: 6240, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:14 2007, PID: 2784, Thread: 6136, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6236, Thread: 6268, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6212, Thread: 6216, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6204, Thread: 6208, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6400, Thread: 6404, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:16 2007, PID: 6408, Thread: 6412, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:16 2007, PID: 6424, Thread: 6428, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:17 2007, PID: 6452, Thread: 6456, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:19 2007, PID: 6424, Thread: 6448, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:19 2007, PID: 6408, Thread: 6412, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:19 2007, PID: 6400, Thread: 6404, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:20 2007, PID: 6604, Thread: 6608, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:20 2007, PID: 6612, Thread: 6616, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:21 2007, PID: 6612, Thread: 6616, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:21 2007, PID: 6604, Thread: 6608, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:21 2007, PID: 6640, Thread: 6644, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:21 2007, PID: 6648, Thread: 6652, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:21 2007, PID: 6676, Thread: 6680, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:22 2007, PID: 6728, Thread: 6732, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:25 2007, PID: 6676, Thread: 6716, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:25 2007, PID: 6648, Thread: 6652, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:25 2007, PID: 6640, Thread: 6644, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:25 2007, PID: 6904, Thread: 6908, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:26 2007, PID: 6920, Thread: 6924, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:27 2007, PID: 7048, Thread: 7052, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:28 2007, PID: 7192, Thread: 7196, Image
winlogon.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:29 2007, PID: 7268, Thread: 7272, Image
C:\WINDOWS\system32\WBEM\MOFCOMP,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:29 2007, PID: 7268, Thread: 7272, Image
C:\WINDOWS\system32\WBEM\MOFCOMP,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:32 2007, PID: 7048, Thread: 7248, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:32 2007, PID: 6920, Thread: 6924, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:32 2007, PID: 6904, Thread: 6908, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:33 2007, PID: 7580, Thread: 7584, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:33 2007, PID: 7612, Thread: 7616, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:34 2007, PID: 7612, Thread: 7616, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:34 2007, PID: 7580, Thread: 7584, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:34 2007, PID: 7632, Thread: 7636, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:34 2007, PID: 7640, Thread: 7644, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:34 2007, PID: 7648, Thread: 7652, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:36 2007, PID: 7648, Thread: 7672, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:36 2007, PID: 7640, Thread: 7644, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:36 2007, PID: 7632, Thread: 7636, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:36 2007, PID: 7756, Thread: 7760, Image
I also noticed the following security event right before my account gets
locked (not sure if it's related):
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,58034}
Process ID: 768
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: MYSERVER$
Primary Domain: MYDOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: NETWORK SERVICE
Client Domain: NT AUTHORITY
Client Logon ID: (0x0,0x3E4)
Accesses: READ_CONTROL
Connect to service controller
Lock service database for exclusive access
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x20009
Hi all, my admin account keeps getting locked out every time I reboot one of
my servers (recently changed my password). I have no manually mapped drives,
no cached login infor in keymgr.cpl and non of the services are configured to
use my admin account. I also checked all object in DCOM and non use my
account.
Here's the alockout log:
Thu Jan 25 12:36:55 2007, PID: 716, Thread: 720, Image
winlogon.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:56 2007, PID: 768, Thread: 772, Image
C:\WINDOWS\system32\services.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:56 2007, PID: 780, Thread: 784, Image
C:\WINDOWS\system32\lsass.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1020, Thread: 1028, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1072, Thread: 1080, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1152, Thread: 1160, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1168, Thread: 1172, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1228, Thread: 1232, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:36:58 2007, PID: 1304, Thread: 1308, Image C:\Program
Files\Common Files\Symantec Shared\ccSetMgr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:36:59 2007, PID: 1364, Thread: 1368, Image C:\Program
Files\Common Files\Symantec Shared\ccEvtMgr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:05 2007, PID: 1704, Thread: 1708, Image
C:\WINDOWS\system32\spoolsv.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:05 2007, PID: 1732, Thread: 1736, Image
C:\WINDOWS\system32\msdtc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:07 2007, PID: 1924, Thread: 1928, Image C:\Program
Files\compaq\cpqacuxe\Bin\hpacubin.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:07 2007, PID: 1984, Thread: 1988, Image
C:\hp\hpsmh\data\cgi-bin\vcrepository\cpqsrhmo.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 2000, Thread: 2004, Image
C:\hp\hpsmh\data\cgi-bin\vcagent\vcagent.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 2036, Thread: 2040, Image D:\program
files\sav\Symantec AntiVirus\Symantec AntiVirus\DefWatch.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 308, Thread: 296, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 336, Thread: 340, Image
C:\WINDOWS\system32\grovel.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 436, Thread: 440, Image C:\Program
Files\HP\Performance Management Pack 4\pmp.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:08 2007, PID: 460, Thread: 464, Image C:\Program
Files\HP\Performance Management Pack 4\PMPTools\pmptools.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 512, Thread: 412, Image
C:\PROGRA~1\HP\SYSTEM~2\lbin\hpsimsvc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 556, Thread: 560, Image C:\Program
Files\HP\Systems Insight Manager\lbin\mxdtf,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 564, Thread: 592, Image C:\Program
Files\HP\HP Virtualization Management Software\bin\hpvmmsvc.exe,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 648, Thread: 652, Image
C:\WINDOWS\system32\inetsrv\inetinfo.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 676, Thread: 680, Image
C:\WINDOWS\system32\cba\pds.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 932, Thread: 784, Image C:\Program
Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:09 2007, PID: 1284, Thread: 1256, Image C:\Program
Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:10 2007, PID: 1592, Thread: 1596, Image C:\Program
Files\Microsoft SQL Server\MSSQL$WSUS\Binn\sqlservr.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:10 2007, PID: 1600, Thread: 924, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:10 2007, PID: 1696, Thread: 1700, Image
..\jrewindows\bin\hpvmmsvcj.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:11 2007, PID: 2088, Thread: 2092, Image C:\Program
Files\HP\Systems Insight Manager\lbin\mxdomainmgr,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:13 2007, PID: 2248, Thread: 2252, Image
D:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:13 2007, PID: 2340, Thread: 2344, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:14 2007, PID: 2340, Thread: 2344, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:17 2007, PID: 2548, Thread: 2556, Image
d:\Repository\psp-7.51.w2k3.i386.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:17 2007, PID: 2660, Thread: 2664, Image
C:\PROGRA~1\POWERC~1\pcns.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:24 2007, PID: 2872, Thread: 2876, Image ,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:24 2007, PID: 2960, Thread: 2964, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:25 2007, PID: 3048, Thread: 3052, Image
c:\inetpub\wwwroot\SMSComponent\SMSRPH.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:25 2007, PID: 3100, Thread: 3108, Image
C:\WINDOWS\System32\snmp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:26 2007, PID: 3152, Thread: 3156, Image D:\program
files\sav\Symantec AntiVirus\Symantec AntiVirus\Rtvscan.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:26 2007, PID: 2912, Thread: 2988, Image
C:\WINDOWS\system32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:27 2007, PID: 3256, Thread: 3260, Image
C:\hp\hpsmh\bin\smhstart.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:27 2007, PID: 2960, Thread: 3036, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:27 2007, PID: 3332, Thread: 3340, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3344, Thread: 3352, Image
C:\WINDOWS\system32\tftpd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3392, Thread: 3400, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3384, Thread: 3388, Image C:\Program
Files\The Open Group\WMI Mapper\bin\WbemCons.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3584, Thread: 3588, Image C:\Program
Files\RealVNC\VNC4\WinVNC4.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:28 2007, PID: 3624, Thread: 3628, Image C:\Program
Files\The Open Group\WMI Mapper\bin\WMIServer.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:29 2007, PID: 3664, Thread: 3668, Image c:\program
files\update services\service\bin\wsusservice.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:29 2007, PID: 3704, Thread: 3708, Image
MsgSys.EXE,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:30 2007, PID: 3828, Thread: 3832, Image
D:\SMS_CCM\CLICOMP\RemCtrl\Wuser32.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:30 2007, PID: 3876, Thread: 3880, Image C:\Program
Files\VERITAS\Backup Exec\NT\beremote.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 3928, Thread: 3932, Image C:\Program
Files\VERITAS\Backup Exec\NT\benetns.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 3940, Thread: 3944, Image
C:\hp\hpsmh\bin\hpsmhd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 3972, Thread: 3976, Image C:\Program
Files\VERITAS\Backup Exec\NT\pvlsvr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 4008, Thread: 4012, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:31 2007, PID: 4016, Thread: 4020, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:32 2007, PID: 3392, Thread: 3540, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:32 2007, PID: 4048, Thread: 4056, Image
C:\WINDOWS\system32\tcpsvcs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:32 2007, PID: 660, Thread: 964, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:32 2007, PID: 1000, Thread: 1328, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:33 2007, PID: 4092, Thread: 300, Image
D:\SMS_CCM\CcmExec.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:33 2007, PID: 1760, Thread: 1756, Image
C:\hp\hpsmh\bin\hpsmhd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 1588, Thread: 2240, Image
C:\WINDOWS\system32\CPQNiMgt\cpqnimgt.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 2352, Thread: 2356, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 2244, Thread: 2232, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:34 2007, PID: 2464, Thread: 2340, Image
C:\WINDOWS\system32\CPQMgmt\CqMgServ\cqmgserv.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:35 2007, PID: 2628, Thread: 2236, Image
C:\WINDOWS\system32\CPQMgmt\CqMgStor\cqmgstor.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:35 2007, PID: 2692, Thread: 2696, Image
C:\hp\hpsmh\bin\rotatelogs.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:35 2007, PID: 2712, Thread: 2720, Image
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:36 2007, PID: 4632, Thread: 4636, Image
C:\WINDOWS\system32\ams_ii\iao.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:37 2007, PID: 4684, Thread: 4688, Image
C:\WINDOWS\system32\cba\xfr.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:39 2007, PID: 4832, Thread: 4836, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:41 2007, PID: 4740, Thread: 4744, Image
D:\SMS\bin\i386\smsexec.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5144, Thread: 5148, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5152, Thread: 5156, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5172, Thread: 5176, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5172, Thread: 5176, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:42 2007, PID: 5152, Thread: 5156, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:42 2007, PID: 5232, Thread: 5236, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:42 2007, PID: 5248, Thread: 5252, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:43 2007, PID: 5264, Thread: 5268, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:44 2007, PID: 5336, Thread: 5340, Image
D:\SMS\bin\i386\sitecomp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5368, Thread: 5372, Image
C:\WINDOWS\system32\sysdown.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5144, Thread: 5196, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:45 2007, PID: 5392, Thread: 5396, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5264, Thread: 5288, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:45 2007, PID: 5400, Thread: 5404, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:45 2007, PID: 5248, Thread: 5252, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:46 2007, PID: 5232, Thread: 5236, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:46 2007, PID: 5464, Thread: 5468, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:46 2007, PID: 5536, Thread: 5540, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:46 2007, PID: 5592, Thread: 5596, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:47 2007, PID: 2548, Thread: 2556, Image
d:\Repository\psp-7.51.w2k3.i386.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:52 2007, PID: 5592, Thread: 5636, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:52 2007, PID: 5400, Thread: 5504, Image C:\Program
Files\HP\Systems Insight Manager\bin\mxpassword,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:37:52 2007, PID: 5536, Thread: 5540, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:53 2007, PID: 5464, Thread: 5468, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:53 2007, PID: 5516, Thread: 5520, Image C:\Program
Files\VERITAS\Backup Exec\NT\beserver.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5896, Thread: 5900, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5912, Thread: 5916, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5912, Thread: 5916, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:54 2007, PID: 5896, Thread: 5900, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:54 2007, PID: 5928, Thread: 5932, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5936, Thread: 5940, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:54 2007, PID: 5944, Thread: 5948, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:56 2007, PID: 6084, Thread: 6088, Image
c:\windows\system32\inetsrv\w3wp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:56 2007, PID: 6016, Thread: 6116, Image
C:\WINDOWS\system32\CPQMgmt\CqMgHost\cqmghost.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:37:57 2007, PID: 5944, Thread: 6000, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:57 2007, PID: 5936, Thread: 5940, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:37:58 2007, PID: 5928, Thread: 5932, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:37:58 2007, PID: 540, Thread: 3160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:37:58 2007, PID: 4660, Thread: 4696, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:37:58 2007, PID: 4708, Thread: 4712, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:01 2007, PID: 4708, Thread: 4784, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:01 2007, PID: 4660, Thread: 4696, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:02 2007, PID: 5380, Thread: 5228, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:02 2007, PID: 540, Thread: 3160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:03 2007, PID: 5424, Thread: 5428, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5236, Thread: 5232, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5236, Thread: 5232, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:03 2007, PID: 5424, Thread: 5428, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:03 2007, PID: 2552, Thread: 2560, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5252, Thread: 5248, Image C:\Program
Files\VERITAS\Backup Exec\NT\bengine.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5580, Thread: 5584, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:03 2007, PID: 5588, Thread: 5604, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:04 2007, PID: 4740, Thread: 5568, Image
D:\SMS\bin\i386\smsexec.exe,***WNetUseConnectionW Failed!*** (1), Local:
(null), Remote: \\KIL-ITADMIN\A$, Password: Password was NULL, Window Title:
, RC was: The network name cannot be found. (67), GLE was: The network name
cannot be found. (67)
Thu Jan 25 12:38:05 2007, PID: 4740, Thread: 5568, Image
D:\SMS\bin\i386\smsexec.exe,***WNetUseConnectionW Failed!*** (2), Local:
(null), Remote: \\KIL-ITADMIN\E$, Password: Password was NULL, Window Title:
, RC was: The device is not ready. (21), GLE was: The device is not ready.
(21)
Thu Jan 25 12:38:05 2007, PID: 5648, Thread: 5644, Image
C:\WINDOWS\System32\svchost.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:05 2007, PID: 716, Thread: 856, Image
winlogon.exe,***StartServiceW Failed!*** (0), Service: Failed to get Service
name, RC was: Incorrect function. (1), GLE was: The operation completed
successfully. (0)
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:05 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe, * Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe,
***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe,***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,* Service Failure - See System Log for
Details (ID: 7000) *
Thu Jan 25 12:38:06 2007, PID: 5588, Thread: 5660, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1108, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: Windows Management Instrumentation (C:\WINDOWS\system32\svchost.exe
-k netsvcs), RC was: The operation completed successfully. (0), GLE was: An
instance of the service is already running. (1056)
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1164, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: Background Intelligent Transfer Service
(C:\WINDOWS\system32\svchost.exe -k netsvcs), RC was: Incorrect function.
(1), GLE was: The operation completed successfully. (0)
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,***********************************************************
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 1052, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: System Event Notification (C:\WINDOWS\system32\svchost.exe -k
netsvcs), RC was: The operation completed successfully. (0), GLE was: An
instance of the service is already running. (1056)
Thu Jan 25 12:38:06 2007, PID: 6096, Thread: 6124, Image
userinit.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:06 2007, PID: 5580, Thread: 5584, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:06 2007, PID: 1020, Thread: 3576, Image
C:\WINDOWS\system32\svchost.exe,***StartServiceW Failed!*** (0), Service:
Service: Windows Installer (C:\WINDOWS\system32\msiexec.exe /V), RC was:
Incorrect function. (1), GLE was: The operation completed successfully.
(0)
Thu Jan 25 12:38:06 2007, PID: 2552, Thread: 2560, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:07 2007, PID: 2212, Thread: 2444, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:07 2007, PID: 6056, Thread: 6052, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:07 2007, PID: 5992, Thread: 5988, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:07 2007, PID: 2228, Thread: 5132, Image
C:\WINDOWS\System32\WScript.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:08 2007, PID: 4712, Thread: 4784, Image
c:\windows\system32\inetsrv\w3wp.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:10 2007, PID: 5724, Thread: 5720, Image
d:\Repository\psp-7.60.w2k3.i386.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:11 2007, PID: 5992, Thread: 5028, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 6068, Thread: 6132, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:38:11 2007, PID: 6056, Thread: 6052, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 2784, Thread: 6136, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
DLL_PROCESS_ATTACH
Thu Jan 25 12:38:11 2007, PID: 2212, Thread: 2444, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 2228, Thread: 5132, Image
C:\WINDOWS\System32\WScript.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 6096, Thread: 6124, Image
userinit.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:11 2007, PID: 4788, Thread: 4796, Image
userinit.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6156, Thread: 6160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 4788, Thread: 4796, Image
userinit.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6180, Thread: 6184, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6068, Thread: 6132, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6180, Thread: 6184, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6156, Thread: 6160, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:12 2007, PID: 6204, Thread: 6208, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6212, Thread: 6216, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:12 2007, PID: 6236, Thread: 6240, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:14 2007, PID: 2784, Thread: 6136, Image
c:\windows\microsoft.net\framework\v1.1.4322\csc.exe,ALOCKOUT.DLL -
dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6236, Thread: 6268, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6212, Thread: 6216, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6204, Thread: 6208, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:16 2007, PID: 6400, Thread: 6404, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:16 2007, PID: 6408, Thread: 6412, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:16 2007, PID: 6424, Thread: 6428, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:17 2007, PID: 6452, Thread: 6456, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:19 2007, PID: 6424, Thread: 6448, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:19 2007, PID: 6408, Thread: 6412, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:19 2007, PID: 6400, Thread: 6404, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:20 2007, PID: 6604, Thread: 6608, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:20 2007, PID: 6612, Thread: 6616, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:21 2007, PID: 6612, Thread: 6616, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:21 2007, PID: 6604, Thread: 6608, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:21 2007, PID: 6640, Thread: 6644, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:21 2007, PID: 6648, Thread: 6652, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:21 2007, PID: 6676, Thread: 6680, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:22 2007, PID: 6728, Thread: 6732, Image
C:\WINDOWS\system32\wbem\wmiprvse.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:25 2007, PID: 6676, Thread: 6716, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:25 2007, PID: 6648, Thread: 6652, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:25 2007, PID: 6640, Thread: 6644, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:25 2007, PID: 6904, Thread: 6908, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:26 2007, PID: 6920, Thread: 6924, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:27 2007, PID: 7048, Thread: 7052, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:28 2007, PID: 7192, Thread: 7196, Image
winlogon.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:29 2007, PID: 7268, Thread: 7272, Image
C:\WINDOWS\system32\WBEM\MOFCOMP,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:29 2007, PID: 7268, Thread: 7272, Image
C:\WINDOWS\system32\WBEM\MOFCOMP,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:32 2007, PID: 7048, Thread: 7248, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:32 2007, PID: 6920, Thread: 6924, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:32 2007, PID: 6904, Thread: 6908, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:33 2007, PID: 7580, Thread: 7584, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:33 2007, PID: 7612, Thread: 7616, Image
hostname,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:34 2007, PID: 7612, Thread: 7616, Image
hostname,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:34 2007, PID: 7580, Thread: 7584, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:34 2007, PID: 7632, Thread: 7636, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:34 2007, PID: 7640, Thread: 7644, Image cmd,ALOCKOUT.DLL
- DLL_PROCESS_ATTACH
Thu Jan 25 12:38:34 2007, PID: 7648, Thread: 7652, Image
mxpassword,ALOCKOUT.DLL - DLL_PROCESS_ATTACH
Thu Jan 25 12:38:36 2007, PID: 7648, Thread: 7672, Image
mxpassword,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:36 2007, PID: 7640, Thread: 7644, Image cmd,ALOCKOUT.DLL
- dll_process_detatch
Thu Jan 25 12:38:36 2007, PID: 7632, Thread: 7636, Image
C:\WINDOWS\system32\cmd.exe,ALOCKOUT.DLL - dll_process_detatch
Thu Jan 25 12:38:36 2007, PID: 7756, Thread: 7760, Image
I also noticed the following security event right before my account gets
locked (not sure if it's related):
Object Open:
Object Server: SC Manager
Object Type: SC_MANAGER OBJECT
Object Name: ServicesActive
Handle ID: -
Operation ID: {0,58034}
Process ID: 768
Image File Name: C:\WINDOWS\system32\services.exe
Primary User Name: MYSERVER$
Primary Domain: MYDOMAIN
Primary Logon ID: (0x0,0x3E7)
Client User Name: NETWORK SERVICE
Client Domain: NT AUTHORITY
Client Logon ID: (0x0,0x3E4)
Accesses: READ_CONTROL
Connect to service controller
Lock service database for exclusive access
Privileges: -
Restricted Sid Count: 0
Access Mask: 0x20009