VirtualBox

Ticket #8427: VBoxService-splat-2.log

File VBoxService-splat-2.log, 420.0 KB (added by James Moe, 12 years ago)

vboxservice log file (partial, see comments)

Line 
1VBoxService 4.1.16 r78094 (verbosity: 4) win.x86 (May 22 2012 14:42:43) release log
200:00:00.016 main Log opened 2012-08-31T21:37:55.140625000Z
300:00:00.016 main OS Product: Windows XP Professional
400:00:00.016 main OS Release: 5.1.2600
500:00:00.016 main Executable: C:\WINDOWS\system32\VBoxService.exe
600:00:00.016 main Process ID: 888
700:00:00.016 main Package type: WINDOWS_32BITS_GENERIC
800:00:00.016 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--control-procs-max-kept not found
900:00:00.016 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-interval not found
1000:00:00.016 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-min-adjust not found
1100:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-latency-factor not found
1200:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-max-latency not found
1300:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-threshold not found
1400:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-start not found
1500:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-on-restore not found
1600:00:00.031 main 4.1.16 r78094 started. Verbose level = 4
1700:00:00.031 main Starting service dispatcher ...
1800:00:00.031 Registering service control handler ...
1900:00:00.031 Service control handler registered.
2000:00:00.047 Setting VBoxService status to 30
2100:00:00.047 Initializing services ...
2200:00:00.047 Service client ID: 0x3b
2300:00:00.047 VBoxServiceTimeSyncInit: Initially 156250 (100ns) units per 156250 (100 ns) units interval, disabled=1
2400:00:00.047 VMInfo: Property Service Client ID: 0x3c
2500:00:00.047 VBoxServiceBalloonInit
2600:00:00.047 MemBalloon: New balloon size 0 MB (R0 memory)
2700:00:00.047 VBoxServiceVMStatsInit
2800:00:00.047 VBoxStatsInit: New statistics interval 0 seconds
2900:00:00.047 VBoxStatsInit: gCtx.pfnNtQuerySystemInformation = 7c90d92e
3000:00:00.047 VBoxStatsInit: gCtx.GlobalMemoryStatusEx = 7c81f992
3100:00:00.047 VBoxStatsInit: gCtx.pfnGetPerformanceInfo= 76bf3e41
3200:00:00.047 VBoxServicePageSharingInit
3300:00:00.047 Starting services ...
3400:00:00.047 Starting service 'control' ...
3500:00:00.047 Starting service 'timesync' ...
3600:00:00.047 Starting service 'vminfo' ...
3700:00:00.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:37:56.735000000Z (MinAdjust: 100 ms)
3800:00:00.047 control Waiting for host msg ...
3900:00:00.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:37:55.171875000Z => 1 563 125 000 ns drift
4000:00:00.047 timesync VBoxServiceTimeSyncAdjust: Drift=1563ms
4100:00:00.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=156250, NewTA=171875, DiffNew=15625, DiffMax=78125
4200:00:00.047 Starting service 'memballoon' ...
4300:00:00.047 Starting service 'vmstats' ...
4400:00:00.063 Starting service 'pagesharing' ...
4500:00:00.063 All services started.
4600:00:00.063 Setting service status to: 4
4700:00:00.063 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
4800:00:00.063 Setting VBoxService status to 50
4900:00:00.063 Waiting in main thread
5000:00:00.063 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Product" = "Windows XP Professional"
5100:00:00.063 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Release" = "5.1.2600"
5200:00:00.078 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Version" = ""
5300:00:00.078 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/ServicePack" = "3"
5400:00:00.078 vminfo Writing guest property "/VirtualBox/GuestAdd/Version" = "4.1.16"
5500:00:00.078 vminfo Writing guest property "/VirtualBox/GuestAdd/VersionExt" = "4.1.16"
5600:00:00.078 vminfo Writing guest property "/VirtualBox/GuestAdd/Revision" = "78094"
5700:00:00.094 vminfo Writing guest property "/VirtualBox/GuestAdd/InstallDir" = "C:/Program Files/Oracle/VirtualBox Guest Additions"
5800:00:00.094 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxControl.exe" = "4.1.16r78094"
5900:00:00.094 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxHook.dll" = "4.1.16r78094"
6000:00:00.109 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxDisp.dll" = "4.1.16r78094"
6100:00:00.125 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxMRXNP.dll" = "4.1.16r78094"
6200:00:00.125 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxService.exe" = "4.1.16r78094"
6300:00:00.125 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxTray.exe" = "4.1.16r78094"
6400:00:00.234 vminfo GetFileVersionInfoSize(C:\WINDOWS\system32/VBoxGINA.dll) -> 1812 / VERR_NO_DATA
6500:00:00.234 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxGINA.dll" = "-"
6600:00:00.281 vminfo GetFileVersionInfoSize(C:\WINDOWS\system32/VBoxCredProv.dll) -> 1812 / VERR_NO_DATA
6700:00:00.281 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxCredProv.dll" = "-"
6800:00:00.281 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLarrayspu.dll" = "4.1.16r78094"
6900:00:00.297 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLcrutil.dll" = "4.1.16r78094"
7000:00:00.297 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLerrorspu.dll" = "4.1.16r78094"
7100:00:00.297 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLpackspu.dll" = "4.1.16r78094"
7200:00:00.313 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLpassthroughspu.dll" = "4.1.16r78094"
7300:00:00.313 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLfeedbackspu.dll" = "4.1.16r78094"
7400:00:00.313 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGL.dll" = "4.1.16r78094"
7500:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxGuest.sys" = "4.1.16r78094"
7600:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxMouse.sys" = "4.1.16r78094"
7700:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxSF.sys" = "4.1.16r78094"
7800:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxVideo.sys" = "4.1.16r78094"
7900:00:00.328 vminfo Found 2 sessions
8000:00:00.344 vminfo Handling session 0
8100:00:00.344 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
8200:00:00.344 vminfo Handling session 1
8300:00:00.344 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
8400:00:00.344 vminfo Found 0 unique logged-in user(s)
8500:00:00.344 vminfo cUsersInList: 0, pszUserList: <NULL>, rc=VINF_SUCCESS
8600:00:10.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:06.724000000Z (MinAdjust: 100 ms)
8700:00:10.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:06.171875000Z => 552 125 000 ns drift
8800:00:10.047 timesync VBoxServiceTimeSyncAdjust: Drift=552ms
8900:00:10.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=171875, NewTA=189062, DiffNew=17187, DiffMax=78125
9000:00:10.375 vminfo Found 4 sessions
9100:00:10.375 vminfo Handling session 0
9200:00:10.375 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
9300:00:10.375 vminfo Handling session 1
9400:00:10.375 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
9500:00:10.375 vminfo Handling session 2
9600:00:10.375 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
9700:00:10.375 vminfo Handling session 3
9800:00:10.375 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
9900:00:10.375 vminfo Found 0 unique logged-in user(s)
10000:00:10.375 vminfo cUsersInList: 0, pszUserList: <NULL>, rc=VINF_SUCCESS
10100:00:19.063 main Control handler: Control=0xe, EventType=0x5
10200:00:19.063 main Control handler: A user has logged on to a session (Session=0, Event=0x5)
10300:00:19.063 vminfo Found 6 sessions
10400:00:19.094 vminfo Handling session 0
10500:00:19.094 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
10600:00:19.094 vminfo Session LogonType=2 is supported -- looking up SID + type ...
10700:00:19.109 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
10800:00:19.109 vminfo Cannot query WTS connection state for user=sma-user5, error=1702
10900:00:19.109 vminfo Account User=sma-user5 is logged in
11000:00:19.109 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
11100:00:19.109 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
11200:00:19.109 vminfo Error: Unable to open process with PID=0, error=87
11300:00:19.109 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
11400:00:19.109 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
11500:00:19.109 vminfo PID=580: \SystemRoot\System32\smss.exe
11600:00:19.109 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
11700:00:19.109 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
11800:00:19.109 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
11900:00:19.109 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
12000:00:19.109 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
12100:00:19.109 vminfo PID=696: C:\WINDOWS\system32\services.exe
12200:00:19.109 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
12300:00:19.109 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
12400:00:19.109 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
12500:00:19.109 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
12600:00:19.109 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
12700:00:19.109 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
12800:00:19.109 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
12900:00:19.109 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
13000:00:19.109 vminfo PID=1020: (Interactive: false) 0:999 <-> 0:69081
13100:00:19.109 vminfo PID=1020: C:\WINDOWS\system32\logonui.exe
13200:00:19.109 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
13300:00:19.109 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
13400:00:19.109 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
13500:00:19.109 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
13600:00:19.109 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
13700:00:19.109 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
13800:00:19.109 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
13900:00:19.109 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
14000:00:19.109 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
14100:00:19.109 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
14200:00:19.109 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
14300:00:19.109 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14400:00:19.109 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
14500:00:19.109 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
14600:00:19.109 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
14700:00:19.109 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
14800:00:19.109 vminfo PID=1704: (Interactive: false) 0:999 <-> 0:69081
14900:00:19.109 vminfo PID=1704: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15000:00:19.109 vminfo PID=1896: (Interactive: false) 0:999 <-> 0:69081
15100:00:19.109 vminfo PID=1896: C:\Program Files\Google\Update\GoogleUpdate.exe
15200:00:19.109 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
15300:00:19.109 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
15400:00:19.109 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
15500:00:19.109 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
15600:00:19.109 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
15700:00:19.109 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
15800:00:19.109 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
15900:00:19.109 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
16000:00:19.109 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
16100:00:19.109 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
16200:00:19.109 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
16300:00:19.109 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
16400:00:19.109 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
16500:00:19.109 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
16600:00:19.109 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
16700:00:19.109 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
16800:00:19.109 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
16900:00:19.109 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
17000:00:19.109 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
17100:00:19.109 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
17200:00:19.109 vminfo Session 0 has 0 processes total
17300:00:19.109 vminfo Adding new user=sma-user5 (session 0) with 0 processes
17400:00:19.109 vminfo Handling session 1
17500:00:19.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
17600:00:19.109 vminfo Handling session 2
17700:00:19.109 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
17800:00:19.109 vminfo Handling session 3
17900:00:19.125 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
18000:00:19.125 vminfo Handling session 4
18100:00:19.125 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
18200:00:19.125 vminfo Handling session 5
18300:00:19.125 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
18400:00:19.125 vminfo Found 1 unique logged-in user(s)
18500:00:19.125 vminfo cUsersInList: 0, pszUserList: <NULL>, rc=VINF_SUCCESS
18600:00:20.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:16.725000000Z (MinAdjust: 200 ms)
18700:00:20.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:18.271843000Z => -1 546 843 000 ns drift
18800:00:20.047 timesync VBoxServiceTimeSyncAdjust: Drift=-1546ms
18900:00:20.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=189062, NewTA=170156, DiffNew=18906, DiffMax=78125
19000:00:22.078 main Control handler: Control=0xe, EventType=0x1
19100:00:22.078 main Control handler: A session was connected to the console terminal (Session=0, Event=0x1)
19200:00:22.078 vminfo Found 6 sessions
19300:00:22.078 vminfo Handling session 0
19400:00:22.078 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
19500:00:22.078 vminfo Session LogonType=2 is supported -- looking up SID + type ...
19600:00:22.094 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
19700:00:22.094 vminfo Account User=sma-user5, WTSConnectState=0 (4)
19800:00:22.094 vminfo Account User=sma-user5 using TCS/RDP, state=0
19900:00:22.094 vminfo Account User=sma-user5 is logged in
20000:00:22.094 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
20100:00:22.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
20200:00:22.094 vminfo Error: Unable to open process with PID=0, error=87
20300:00:22.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
20400:00:22.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
20500:00:22.094 vminfo PID=580: \SystemRoot\System32\smss.exe
20600:00:22.094 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
20700:00:22.094 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
20800:00:22.094 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
20900:00:22.094 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
21000:00:22.094 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
21100:00:22.094 vminfo PID=696: C:\WINDOWS\system32\services.exe
21200:00:22.094 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
21300:00:22.094 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
21400:00:22.094 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
21500:00:22.094 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
21600:00:22.094 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
21700:00:22.094 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
21800:00:22.094 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
21900:00:22.094 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
22000:00:22.094 vminfo PID=1020: (Interactive: false) 0:999 <-> 0:69081
22100:00:22.094 vminfo PID=1020: C:\WINDOWS\system32\logonui.exe
22200:00:22.094 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
22300:00:22.094 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
22400:00:22.094 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
22500:00:22.094 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
22600:00:22.094 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
22700:00:22.094 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
22800:00:22.094 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
22900:00:22.094 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
23000:00:22.094 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
23100:00:22.094 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
23200:00:22.094 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
23300:00:22.094 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23400:00:22.094 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
23500:00:22.094 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
23600:00:22.094 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
23700:00:22.094 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
23800:00:22.094 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
23900:00:22.094 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
24000:00:22.094 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
24100:00:22.094 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
24200:00:22.094 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
24300:00:22.094 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
24400:00:22.094 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
24500:00:22.094 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
24600:00:22.094 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
24700:00:22.094 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
24800:00:22.094 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
24900:00:22.094 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
25000:00:22.094 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
25100:00:22.094 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
25200:00:22.094 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
25300:00:22.094 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
25400:00:22.094 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
25500:00:22.094 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
25600:00:22.094 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
25700:00:22.094 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
25800:00:22.094 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
25900:00:22.094 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
26000:00:22.094 vminfo Session 0 has 0 processes total
26100:00:22.094 vminfo Adding new user=sma-user5 (session 0) with 0 processes
26200:00:22.094 vminfo Handling session 1
26300:00:22.094 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
26400:00:22.094 vminfo Handling session 2
26500:00:22.094 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
26600:00:22.094 vminfo Handling session 3
26700:00:22.094 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
26800:00:22.094 vminfo Handling session 4
26900:00:22.109 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
27000:00:22.109 vminfo Handling session 5
27100:00:22.109 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
27200:00:22.109 vminfo Found 1 unique logged-in user(s)
27300:00:22.109 vminfo cUsersInList: 0, pszUserList: <NULL>, rc=VINF_SUCCESS
27400:00:30.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:26.724000000Z (MinAdjust: 200 ms)
27500:00:30.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:29.161827000Z => -2 437 827 000 ns drift
27600:00:30.047 timesync VBoxServiceTimeSyncAdjust: Drift=-2437ms
27700:00:30.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=170156, NewTA=153141, DiffNew=17015, DiffMax=78125
27800:00:32.109 vminfo Found 6 sessions
27900:00:32.109 vminfo Handling session 0
28000:00:32.109 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
28100:00:32.109 vminfo Session LogonType=2 is supported -- looking up SID + type ...
28200:00:32.109 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
28300:00:32.125 vminfo Account User=sma-user5, WTSConnectState=0 (4)
28400:00:32.125 vminfo Account User=sma-user5 using TCS/RDP, state=0
28500:00:32.125 vminfo Account User=sma-user5 is logged in
28600:00:32.125 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
28700:00:32.125 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
28800:00:32.125 vminfo Error: Unable to open process with PID=0, error=87
28900:00:32.125 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
29000:00:32.125 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
29100:00:32.125 vminfo PID=580: \SystemRoot\System32\smss.exe
29200:00:32.125 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
29300:00:32.125 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
29400:00:32.125 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
29500:00:32.125 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
29600:00:32.125 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
29700:00:32.125 vminfo PID=696: C:\WINDOWS\system32\services.exe
29800:00:32.125 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
29900:00:32.125 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
30000:00:32.125 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
30100:00:32.125 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
30200:00:32.125 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
30300:00:32.125 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
30400:00:32.125 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
30500:00:32.125 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
30600:00:32.125 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
30700:00:32.125 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
30800:00:32.125 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
30900:00:32.125 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
31000:00:32.125 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
31100:00:32.125 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
31200:00:32.125 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
31300:00:32.125 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
31400:00:32.125 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
31500:00:32.125 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
31600:00:32.125 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
31700:00:32.125 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
31800:00:32.125 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
31900:00:32.125 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
32000:00:32.125 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
32100:00:32.125 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
32200:00:32.125 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
32300:00:32.125 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
32400:00:32.125 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
32500:00:32.125 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
32600:00:32.125 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
32700:00:32.125 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
32800:00:32.125 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
32900:00:32.125 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
33000:00:32.125 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
33100:00:32.125 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
33200:00:32.125 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
33300:00:32.125 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
33400:00:32.125 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
33500:00:32.125 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
33600:00:32.125 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
33700:00:32.125 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
33800:00:32.125 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
33900:00:32.125 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
34000:00:32.125 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
34100:00:32.125 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
34200:00:32.125 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
34300:00:32.125 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
34400:00:32.125 vminfo PID=2004: (Interactive: true ) 0:69081 <-> 0:69081
34500:00:32.125 vminfo PID=2004: C:\WINDOWS\system32\userinit.exe
34600:00:32.125 vminfo PID=2028: (Interactive: true ) 0:69081 <-> 0:69081
34700:00:32.125 vminfo PID=2028: C:\WINDOWS\system32\WgaTray.exe
34800:00:32.125 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
34900:00:32.125 vminfo PID=304: C:\WINDOWS\Explorer.EXE
35000:00:32.125 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
35100:00:32.125 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
35200:00:32.125 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
35300:00:32.125 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
35400:00:32.125 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
35500:00:32.125 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
35600:00:32.125 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
35700:00:32.125 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
35800:00:32.125 vminfo PID=448: (Interactive: true ) 0:69081 <-> 0:69081
35900:00:32.125 vminfo PID=448: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
36000:00:32.125 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
36100:00:32.125 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
36200:00:32.125 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
36300:00:32.125 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
36400:00:32.125 vminfo PID=1808: (Interactive: true ) 0:69081 <-> 0:69081
36500:00:32.125 vminfo PID=1808: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
36600:00:32.125 vminfo PID=1880: (Interactive: true ) 0:69081 <-> 0:69081
36700:00:32.125 vminfo PID=1880: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
36800:00:32.125 vminfo PID=1084: (Interactive: true ) 0:69081 <-> 0:69081
36900:00:32.125 vminfo PID=1084: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
37000:00:32.125 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
37100:00:32.125 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
37200:00:32.125 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
37300:00:32.125 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
37400:00:32.125 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
37500:00:32.125 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
37600:00:32.125 vminfo PID=2012: (Interactive: true ) 0:69081 <-> 0:69081
37700:00:32.125 vminfo PID=2012: C:\Documents and Settings\sma-user5\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
37800:00:32.125 vminfo PID=2068: (Interactive: true ) 0:69081 <-> 0:69081
37900:00:32.125 vminfo PID=2068: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
38000:00:32.125 vminfo PID=2088: (Interactive: true ) 0:69081 <-> 0:69081
38100:00:32.125 vminfo PID=2088: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
38200:00:32.125 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
38300:00:32.125 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
38400:00:32.125 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
38500:00:32.125 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
38600:00:32.125 vminfo Session 0 has 20 processes total
38700:00:32.125 vminfo Adding new user=sma-user5 (session 0) with 20 processes
38800:00:32.125 vminfo Handling session 1
38900:00:32.125 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
39000:00:32.125 vminfo Handling session 2
39100:00:32.125 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
39200:00:32.125 vminfo Handling session 3
39300:00:32.141 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
39400:00:32.141 vminfo Handling session 4
39500:00:32.156 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
39600:00:32.156 vminfo Handling session 5
39700:00:32.156 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
39800:00:32.156 vminfo Found 1 unique logged-in user(s)
39900:00:32.156 vminfo User sma-user5 has 20 processes (session 0)
40000:00:32.156 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
40100:00:40.063 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:36.739000000Z (MinAdjust: 200 ms)
40200:00:40.063 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:38.978165100Z => -2 239 165 100 ns drift
40300:00:40.063 timesync VBoxServiceTimeSyncAdjust: Drift=-2239ms
40400:00:40.063 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=153141, NewTA=137827, DiffNew=15314, DiffMax=78125
40500:00:42.250 vminfo Found 6 sessions
40600:00:42.250 vminfo Handling session 0
40700:00:42.250 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
40800:00:42.250 vminfo Session LogonType=2 is supported -- looking up SID + type ...
40900:00:42.250 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
41000:00:42.266 vminfo Account User=sma-user5, WTSConnectState=0 (4)
41100:00:42.266 vminfo Account User=sma-user5 using TCS/RDP, state=0
41200:00:42.266 vminfo Account User=sma-user5 is logged in
41300:00:42.266 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
41400:00:42.266 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
41500:00:42.266 vminfo Error: Unable to open process with PID=0, error=87
41600:00:42.266 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
41700:00:42.266 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
41800:00:42.266 vminfo PID=580: \SystemRoot\System32\smss.exe
41900:00:42.266 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
42000:00:42.266 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
42100:00:42.266 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
42200:00:42.266 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
42300:00:42.266 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
42400:00:42.266 vminfo PID=696: C:\WINDOWS\system32\services.exe
42500:00:42.266 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
42600:00:42.266 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
42700:00:42.266 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
42800:00:42.266 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
42900:00:42.266 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
43000:00:42.266 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
43100:00:42.266 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
43200:00:42.266 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
43300:00:42.266 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
43400:00:42.266 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
43500:00:42.266 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
43600:00:42.266 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
43700:00:42.266 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
43800:00:42.266 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
43900:00:42.266 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
44000:00:42.266 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
44100:00:42.266 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
44200:00:42.266 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
44300:00:42.266 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
44400:00:42.266 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
44500:00:42.266 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
44600:00:42.266 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
44700:00:42.266 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
44800:00:42.266 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
44900:00:42.266 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
45000:00:42.266 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
45100:00:42.266 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
45200:00:42.266 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
45300:00:42.266 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
45400:00:42.266 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
45500:00:42.266 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
45600:00:42.266 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
45700:00:42.266 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
45800:00:42.266 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
45900:00:42.266 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
46000:00:42.266 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
46100:00:42.266 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
46200:00:42.266 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
46300:00:42.266 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
46400:00:42.266 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
46500:00:42.266 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
46600:00:42.266 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
46700:00:42.266 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
46800:00:42.266 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
46900:00:42.266 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
47000:00:42.266 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
47100:00:42.266 vminfo PID=2004: (Interactive: true ) 0:69081 <-> 0:69081
47200:00:42.266 vminfo PID=2004: C:\WINDOWS\system32\userinit.exe
47300:00:42.266 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
47400:00:42.266 vminfo PID=304: C:\WINDOWS\Explorer.EXE
47500:00:42.266 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
47600:00:42.266 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
47700:00:42.266 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
47800:00:42.266 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
47900:00:42.266 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
48000:00:42.266 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
48100:00:42.266 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
48200:00:42.266 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
48300:00:42.266 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
48400:00:42.266 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
48500:00:42.266 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
48600:00:42.266 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
48700:00:42.266 vminfo PID=1880: (Interactive: true ) 0:69081 <-> 0:69081
48800:00:42.266 vminfo PID=1880: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
48900:00:42.266 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
49000:00:42.266 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
49100:00:42.266 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
49200:00:42.266 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
49300:00:42.266 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
49400:00:42.266 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
49500:00:42.266 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
49600:00:42.266 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
49700:00:42.266 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
49800:00:42.266 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
49900:00:42.266 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
50000:00:42.266 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
50100:00:42.266 vminfo Session 0 has 13 processes total
50200:00:42.266 vminfo Adding new user=sma-user5 (session 0) with 13 processes
50300:00:42.266 vminfo Handling session 1
50400:00:42.266 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
50500:00:42.266 vminfo Handling session 2
50600:00:42.281 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
50700:00:42.281 vminfo Handling session 3
50800:00:42.281 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
50900:00:42.281 vminfo Handling session 4
51000:00:42.281 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
51100:00:42.281 vminfo Handling session 5
51200:00:42.281 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
51300:00:42.281 vminfo Found 1 unique logged-in user(s)
51400:00:42.281 vminfo User sma-user5 has 13 processes (session 0)
51500:00:42.281 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
51600:00:50.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:46.739000000Z (MinAdjust: 200 ms)
51700:00:50.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:47.812875800Z => -1 073 875 800 ns drift
51800:00:50.078 timesync VBoxServiceTimeSyncAdjust: Drift=-1073ms
51900:00:50.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=137827, NewTA=124045, DiffNew=13782, DiffMax=78125
52000:00:52.297 vminfo Found 6 sessions
52100:00:52.297 vminfo Handling session 0
52200:00:52.297 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
52300:00:52.297 vminfo Session LogonType=2 is supported -- looking up SID + type ...
52400:00:52.297 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
52500:00:52.313 vminfo Account User=sma-user5, WTSConnectState=0 (4)
52600:00:52.313 vminfo Account User=sma-user5 using TCS/RDP, state=0
52700:00:52.313 vminfo Account User=sma-user5 is logged in
52800:00:52.313 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
52900:00:52.313 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
53000:00:52.313 vminfo Error: Unable to open process with PID=0, error=87
53100:00:52.313 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
53200:00:52.313 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
53300:00:52.313 vminfo PID=580: \SystemRoot\System32\smss.exe
53400:00:52.313 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
53500:00:52.313 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
53600:00:52.313 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
53700:00:52.313 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
53800:00:52.313 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
53900:00:52.313 vminfo PID=696: C:\WINDOWS\system32\services.exe
54000:00:52.313 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
54100:00:52.313 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
54200:00:52.313 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
54300:00:52.313 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
54400:00:52.313 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
54500:00:52.313 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
54600:00:52.313 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
54700:00:52.313 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
54800:00:52.313 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
54900:00:52.313 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
55000:00:52.313 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
55100:00:52.313 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
55200:00:52.313 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
55300:00:52.313 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
55400:00:52.313 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
55500:00:52.313 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
55600:00:52.313 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
55700:00:52.313 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
55800:00:52.313 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
55900:00:52.313 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
56000:00:52.313 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
56100:00:52.313 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
56200:00:52.313 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
56300:00:52.313 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
56400:00:52.313 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
56500:00:52.313 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
56600:00:52.313 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
56700:00:52.313 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
56800:00:52.313 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
56900:00:52.313 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
57000:00:52.313 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
57100:00:52.313 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
57200:00:52.313 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
57300:00:52.313 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
57400:00:52.313 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
57500:00:52.313 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
57600:00:52.313 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
57700:00:52.313 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
57800:00:52.313 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
57900:00:52.313 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
58000:00:52.313 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
58100:00:52.313 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
58200:00:52.313 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
58300:00:52.313 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
58400:00:52.313 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
58500:00:52.313 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
58600:00:52.313 vminfo PID=2004: (Interactive: true ) 0:69081 <-> 0:69081
58700:00:52.313 vminfo PID=2004: C:\WINDOWS\system32\userinit.exe
58800:00:52.313 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
58900:00:52.313 vminfo PID=304: C:\WINDOWS\Explorer.EXE
59000:00:52.313 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
59100:00:52.313 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
59200:00:52.313 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
59300:00:52.313 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
59400:00:52.313 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
59500:00:52.313 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
59600:00:52.313 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
59700:00:52.313 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
59800:00:52.313 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
59900:00:52.313 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
60000:00:52.313 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
60100:00:52.313 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
60200:00:52.313 vminfo PID=1880: (Interactive: true ) 0:69081 <-> 0:69081
60300:00:52.313 vminfo PID=1880: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
60400:00:52.313 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
60500:00:52.313 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
60600:00:52.313 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
60700:00:52.313 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
60800:00:52.313 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
60900:00:52.313 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
61000:00:52.313 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
61100:00:52.313 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
61200:00:52.313 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
61300:00:52.313 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
61400:00:52.313 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
61500:00:52.313 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
61600:00:52.313 vminfo Session 0 has 13 processes total
61700:00:52.313 vminfo Adding new user=sma-user5 (session 0) with 13 processes
61800:00:52.313 vminfo Handling session 1
61900:00:52.313 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
62000:00:52.313 vminfo Handling session 2
62100:00:52.313 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
62200:00:52.313 vminfo Handling session 3
62300:00:52.313 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
62400:00:52.313 vminfo Handling session 4
62500:00:52.313 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
62600:00:52.313 vminfo Handling session 5
62700:00:52.328 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
62800:00:52.328 vminfo Found 1 unique logged-in user(s)
62900:00:52.328 vminfo User sma-user5 has 13 processes (session 0)
63000:00:52.328 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
63100:01:00.063 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
63200:01:00.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:56.740000000Z (MinAdjust: 100 ms)
63300:01:00.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:55.751755800Z => 988 244 200 ns drift
63400:01:00.078 timesync VBoxServiceTimeSyncAdjust: Drift=988ms
63500:01:00.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=124045, NewTA=136449, DiffNew=12404, DiffMax=78125
63600:01:02.328 vminfo Found 6 sessions
63700:01:02.328 vminfo Handling session 0
63800:01:02.328 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
63900:01:02.328 vminfo Session LogonType=2 is supported -- looking up SID + type ...
64000:01:02.328 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
64100:01:02.328 vminfo Account User=sma-user5, WTSConnectState=0 (4)
64200:01:02.328 vminfo Account User=sma-user5 using TCS/RDP, state=0
64300:01:02.328 vminfo Account User=sma-user5 is logged in
64400:01:02.328 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
64500:01:02.344 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
64600:01:02.344 vminfo Error: Unable to open process with PID=0, error=87
64700:01:02.344 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
64800:01:02.344 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
64900:01:02.344 vminfo PID=580: \SystemRoot\System32\smss.exe
65000:01:02.344 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
65100:01:02.344 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
65200:01:02.344 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
65300:01:02.344 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
65400:01:02.344 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
65500:01:02.344 vminfo PID=696: C:\WINDOWS\system32\services.exe
65600:01:02.344 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
65700:01:02.344 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
65800:01:02.344 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
65900:01:02.344 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
66000:01:02.344 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
66100:01:02.344 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
66200:01:02.344 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
66300:01:02.344 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
66400:01:02.344 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
66500:01:02.344 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
66600:01:02.344 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
66700:01:02.344 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
66800:01:02.344 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
66900:01:02.344 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
67000:01:02.344 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
67100:01:02.344 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
67200:01:02.344 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
67300:01:02.344 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
67400:01:02.344 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
67500:01:02.344 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
67600:01:02.344 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
67700:01:02.344 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
67800:01:02.344 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
67900:01:02.344 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
68000:01:02.344 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
68100:01:02.344 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
68200:01:02.344 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
68300:01:02.344 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
68400:01:02.344 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
68500:01:02.344 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
68600:01:02.344 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
68700:01:02.344 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
68800:01:02.344 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
68900:01:02.344 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
69000:01:02.344 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
69100:01:02.344 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
69200:01:02.344 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
69300:01:02.344 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
69400:01:02.344 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
69500:01:02.344 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
69600:01:02.344 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
69700:01:02.344 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
69800:01:02.344 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
69900:01:02.344 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
70000:01:02.344 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
70100:01:02.344 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
70200:01:02.344 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
70300:01:02.344 vminfo PID=304: C:\WINDOWS\Explorer.EXE
70400:01:02.344 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
70500:01:02.344 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
70600:01:02.344 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
70700:01:02.344 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
70800:01:02.344 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
70900:01:02.344 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
71000:01:02.344 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
71100:01:02.344 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
71200:01:02.344 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
71300:01:02.344 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
71400:01:02.344 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
71500:01:02.344 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
71600:01:02.344 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
71700:01:02.344 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
71800:01:02.344 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
71900:01:02.344 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
72000:01:02.344 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
72100:01:02.344 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
72200:01:02.344 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
72300:01:02.344 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
72400:01:02.344 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
72500:01:02.344 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
72600:01:02.344 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
72700:01:02.344 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
72800:01:02.344 vminfo Session 0 has 11 processes total
72900:01:02.344 vminfo Adding new user=sma-user5 (session 0) with 11 processes
73000:01:02.344 vminfo Handling session 1
73100:01:02.344 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
73200:01:02.344 vminfo Handling session 2
73300:01:02.344 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
73400:01:02.344 vminfo Handling session 3
73500:01:02.344 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
73600:01:02.344 vminfo Handling session 4
73700:01:02.344 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
73800:01:02.344 vminfo Handling session 5
73900:01:02.344 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
74000:01:02.344 vminfo Found 1 unique logged-in user(s)
74100:01:02.344 vminfo User sma-user5 has 11 processes (session 0)
74200:01:02.344 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
74300:01:10.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:06.740000000Z (MinAdjust: 100 ms)
74400:01:10.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:04.484491800Z => 2 255 508 200 ns drift
74500:01:10.078 timesync VBoxServiceTimeSyncAdjust: Drift=2255ms
74600:01:10.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=136449, NewTA=150093, DiffNew=13644, DiffMax=78125
74700:01:12.344 vminfo Found 6 sessions
74800:01:12.344 vminfo Handling session 0
74900:01:12.344 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
75000:01:12.344 vminfo Session LogonType=2 is supported -- looking up SID + type ...
75100:01:12.344 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
75200:01:12.359 vminfo Account User=sma-user5, WTSConnectState=0 (4)
75300:01:12.359 vminfo Account User=sma-user5 using TCS/RDP, state=0
75400:01:12.359 vminfo Account User=sma-user5 is logged in
75500:01:12.359 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
75600:01:12.359 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
75700:01:12.359 vminfo Error: Unable to open process with PID=0, error=87
75800:01:12.359 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
75900:01:12.359 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
76000:01:12.359 vminfo PID=580: \SystemRoot\System32\smss.exe
76100:01:12.359 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
76200:01:12.359 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
76300:01:12.359 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
76400:01:12.359 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
76500:01:12.359 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
76600:01:12.359 vminfo PID=696: C:\WINDOWS\system32\services.exe
76700:01:12.359 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
76800:01:12.359 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
76900:01:12.359 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
77000:01:12.359 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
77100:01:12.359 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
77200:01:12.359 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
77300:01:12.359 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
77400:01:12.359 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
77500:01:12.359 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
77600:01:12.359 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
77700:01:12.359 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
77800:01:12.359 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
77900:01:12.359 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
78000:01:12.359 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
78100:01:12.359 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
78200:01:12.359 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
78300:01:12.359 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
78400:01:12.359 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
78500:01:12.359 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
78600:01:12.359 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
78700:01:12.359 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
78800:01:12.359 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
78900:01:12.359 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
79000:01:12.359 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
79100:01:12.359 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
79200:01:12.359 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
79300:01:12.359 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
79400:01:12.359 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
79500:01:12.359 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
79600:01:12.359 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
79700:01:12.359 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
79800:01:12.359 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
79900:01:12.359 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
80000:01:12.359 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
80100:01:12.359 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
80200:01:12.359 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
80300:01:12.359 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
80400:01:12.359 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
80500:01:12.359 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
80600:01:12.359 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
80700:01:12.359 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
80800:01:12.359 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
80900:01:12.359 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
81000:01:12.359 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
81100:01:12.359 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
81200:01:12.359 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
81300:01:12.359 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
81400:01:12.359 vminfo PID=304: C:\WINDOWS\Explorer.EXE
81500:01:12.359 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
81600:01:12.359 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
81700:01:12.359 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
81800:01:12.359 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
81900:01:12.359 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
82000:01:12.359 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
82100:01:12.359 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
82200:01:12.359 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
82300:01:12.359 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
82400:01:12.359 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
82500:01:12.359 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
82600:01:12.359 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
82700:01:12.359 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
82800:01:12.359 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
82900:01:12.359 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
83000:01:12.359 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
83100:01:12.359 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
83200:01:12.359 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
83300:01:12.359 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
83400:01:12.359 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
83500:01:12.359 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
83600:01:12.359 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
83700:01:12.359 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
83800:01:12.359 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
83900:01:12.359 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
84000:01:12.359 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
84100:01:12.359 vminfo Session 0 has 12 processes total
84200:01:12.359 vminfo Adding new user=sma-user5 (session 0) with 12 processes
84300:01:12.359 vminfo Handling session 1
84400:01:12.359 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
84500:01:12.359 vminfo Handling session 2
84600:01:12.359 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
84700:01:12.359 vminfo Handling session 3
84800:01:12.359 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
84900:01:12.359 vminfo Handling session 4
85000:01:12.359 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
85100:01:12.359 vminfo Handling session 5
85200:01:12.359 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
85300:01:12.359 vminfo Found 1 unique logged-in user(s)
85400:01:12.359 vminfo User sma-user5 has 12 processes (session 0)
85500:01:12.359 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
85600:01:20.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:16.740000000Z (MinAdjust: 100 ms)
85700:01:20.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:14.090443800Z => 2 649 556 200 ns drift
85800:01:20.078 timesync VBoxServiceTimeSyncAdjust: Drift=2649ms
85900:01:20.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=150093, NewTA=165102, DiffNew=15009, DiffMax=78125
86000:01:22.375 vminfo Found 6 sessions
86100:01:22.375 vminfo Handling session 0
86200:01:22.375 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
86300:01:22.375 vminfo Session LogonType=2 is supported -- looking up SID + type ...
86400:01:22.391 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
86500:01:22.391 vminfo Account User=sma-user5, WTSConnectState=0 (4)
86600:01:22.391 vminfo Account User=sma-user5 using TCS/RDP, state=0
86700:01:22.391 vminfo Account User=sma-user5 is logged in
86800:01:22.391 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
86900:01:22.391 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
87000:01:22.391 vminfo Error: Unable to open process with PID=0, error=87
87100:01:22.391 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
87200:01:22.391 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
87300:01:22.391 vminfo PID=580: \SystemRoot\System32\smss.exe
87400:01:22.391 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
87500:01:22.391 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
87600:01:22.391 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
87700:01:22.391 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
87800:01:22.391 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
87900:01:22.391 vminfo PID=696: C:\WINDOWS\system32\services.exe
88000:01:22.391 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
88100:01:22.391 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
88200:01:22.391 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
88300:01:22.391 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
88400:01:22.391 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
88500:01:22.391 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
88600:01:22.391 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
88700:01:22.391 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
88800:01:22.391 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
88900:01:22.391 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
89000:01:22.391 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
89100:01:22.391 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
89200:01:22.391 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
89300:01:22.391 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
89400:01:22.391 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
89500:01:22.391 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
89600:01:22.391 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
89700:01:22.391 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
89800:01:22.391 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
89900:01:22.391 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
90000:01:22.391 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
90100:01:22.391 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
90200:01:22.391 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
90300:01:22.391 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
90400:01:22.391 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
90500:01:22.391 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
90600:01:22.391 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
90700:01:22.391 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
90800:01:22.391 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
90900:01:22.391 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
91000:01:22.391 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
91100:01:22.391 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
91200:01:22.391 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
91300:01:22.391 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
91400:01:22.391 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
91500:01:22.391 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
91600:01:22.391 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
91700:01:22.391 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
91800:01:22.391 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
91900:01:22.391 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
92000:01:22.391 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
92100:01:22.391 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
92200:01:22.391 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
92300:01:22.391 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
92400:01:22.391 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
92500:01:22.391 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
92600:01:22.391 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
92700:01:22.391 vminfo PID=304: C:\WINDOWS\Explorer.EXE
92800:01:22.391 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
92900:01:22.391 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
93000:01:22.391 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
93100:01:22.391 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
93200:01:22.391 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
93300:01:22.391 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
93400:01:22.391 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
93500:01:22.391 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
93600:01:22.391 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
93700:01:22.391 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
93800:01:22.391 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
93900:01:22.391 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
94000:01:22.391 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
94100:01:22.391 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
94200:01:22.391 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
94300:01:22.391 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
94400:01:22.391 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
94500:01:22.391 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
94600:01:22.391 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
94700:01:22.391 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
94800:01:22.391 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
94900:01:22.391 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
95000:01:22.391 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
95100:01:22.406 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
95200:01:22.406 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
95300:01:22.406 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
95400:01:22.406 vminfo Session 0 has 12 processes total
95500:01:22.406 vminfo Adding new user=sma-user5 (session 0) with 12 processes
95600:01:22.406 vminfo Handling session 1
95700:01:22.406 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
95800:01:22.406 vminfo Handling session 2
95900:01:22.406 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
96000:01:22.406 vminfo Handling session 3
96100:01:22.406 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
96200:01:22.406 vminfo Handling session 4
96300:01:22.406 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
96400:01:22.406 vminfo Handling session 5
96500:01:22.406 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
96600:01:22.406 vminfo Found 1 unique logged-in user(s)
96700:01:22.406 vminfo User sma-user5 has 12 processes (session 0)
96800:01:22.406 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
96900:01:30.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:26.740000000Z (MinAdjust: 100 ms)
97000:01:30.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:24.656971800Z => 2 083 028 200 ns drift
97100:01:30.078 timesync VBoxServiceTimeSyncAdjust: Drift=2083ms
97200:01:30.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=165102, NewTA=181612, DiffNew=16510, DiffMax=78125
97300:01:32.422 vminfo Found 6 sessions
97400:01:32.422 vminfo Handling session 0
97500:01:32.422 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
97600:01:32.422 vminfo Session LogonType=2 is supported -- looking up SID + type ...
97700:01:32.438 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
97800:01:32.438 vminfo Account User=sma-user5, WTSConnectState=0 (4)
97900:01:32.438 vminfo Account User=sma-user5 using TCS/RDP, state=0
98000:01:32.438 vminfo Account User=sma-user5 is logged in
98100:01:32.438 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
98200:01:32.438 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
98300:01:32.438 vminfo Error: Unable to open process with PID=0, error=87
98400:01:32.438 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
98500:01:32.438 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
98600:01:32.438 vminfo PID=580: \SystemRoot\System32\smss.exe
98700:01:32.438 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
98800:01:32.438 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
98900:01:32.438 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
99000:01:32.438 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
99100:01:32.438 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
99200:01:32.438 vminfo PID=696: C:\WINDOWS\system32\services.exe
99300:01:32.438 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
99400:01:32.438 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
99500:01:32.438 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
99600:01:32.438 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
99700:01:32.438 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
99800:01:32.438 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
99900:01:32.438 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
100000:01:32.438 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
100100:01:32.438 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
100200:01:32.438 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
100300:01:32.438 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
100400:01:32.438 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
100500:01:32.438 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
100600:01:32.438 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
100700:01:32.438 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
100800:01:32.438 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
100900:01:32.438 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
101000:01:32.438 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
101100:01:32.438 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
101200:01:32.438 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
101300:01:32.438 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
101400:01:32.438 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
101500:01:32.438 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
101600:01:32.438 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
101700:01:32.438 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
101800:01:32.438 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
101900:01:32.438 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
102000:01:32.438 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
102100:01:32.438 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
102200:01:32.438 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
102300:01:32.438 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
102400:01:32.438 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
102500:01:32.438 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
102600:01:32.438 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
102700:01:32.438 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
102800:01:32.438 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
102900:01:32.438 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
103000:01:32.438 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
103100:01:32.438 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
103200:01:32.438 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
103300:01:32.438 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
103400:01:32.438 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
103500:01:32.438 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
103600:01:32.438 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
103700:01:32.438 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
103800:01:32.438 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
103900:01:32.438 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
104000:01:32.438 vminfo PID=304: C:\WINDOWS\Explorer.EXE
104100:01:32.438 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
104200:01:32.438 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
104300:01:32.438 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
104400:01:32.438 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
104500:01:32.438 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
104600:01:32.438 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
104700:01:32.438 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
104800:01:32.438 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
104900:01:32.438 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
105000:01:32.438 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
105100:01:32.438 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
105200:01:32.438 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
105300:01:32.438 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
105400:01:32.438 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
105500:01:32.438 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
105600:01:32.438 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
105700:01:32.438 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
105800:01:32.438 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
105900:01:32.438 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
106000:01:32.438 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
106100:01:32.438 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
106200:01:32.438 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
106300:01:32.438 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
106400:01:32.438 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
106500:01:32.438 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
106600:01:32.438 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
106700:01:32.438 vminfo Session 0 has 12 processes total
106800:01:32.438 vminfo Adding new user=sma-user5 (session 0) with 12 processes
106900:01:32.438 vminfo Handling session 1
107000:01:32.453 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
107100:01:32.453 vminfo Handling session 2
107200:01:32.453 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
107300:01:32.453 vminfo Handling session 3
107400:01:32.453 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
107500:01:32.453 vminfo Handling session 4
107600:01:32.453 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
107700:01:32.453 vminfo Handling session 5
107800:01:32.453 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
107900:01:32.453 vminfo Found 1 unique logged-in user(s)
108000:01:32.453 vminfo User sma-user5 has 12 processes (session 0)
108100:01:32.453 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
108200:01:40.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:36.740000000Z (MinAdjust: 100 ms)
108300:01:40.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:36.298301000Z => 441 699 000 ns drift
108400:01:40.094 timesync VBoxServiceTimeSyncAdjust: Drift=441ms
108500:01:40.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=181612, NewTA=199773, DiffNew=18161, DiffMax=78125
108600:01:42.453 vminfo Found 6 sessions
108700:01:42.453 vminfo Handling session 0
108800:01:42.453 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
108900:01:42.453 vminfo Session LogonType=2 is supported -- looking up SID + type ...
109000:01:42.469 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
109100:01:42.469 vminfo Account User=sma-user5, WTSConnectState=0 (4)
109200:01:42.469 vminfo Account User=sma-user5 using TCS/RDP, state=0
109300:01:42.469 vminfo Account User=sma-user5 is logged in
109400:01:42.469 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
109500:01:42.469 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
109600:01:42.469 vminfo Error: Unable to open process with PID=0, error=87
109700:01:42.469 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
109800:01:42.469 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
109900:01:42.469 vminfo PID=580: \SystemRoot\System32\smss.exe
110000:01:42.469 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
110100:01:42.469 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
110200:01:42.469 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
110300:01:42.469 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
110400:01:42.469 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
110500:01:42.469 vminfo PID=696: C:\WINDOWS\system32\services.exe
110600:01:42.469 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
110700:01:42.469 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
110800:01:42.469 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
110900:01:42.469 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
111000:01:42.469 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
111100:01:42.469 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
111200:01:42.469 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
111300:01:42.469 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
111400:01:42.469 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
111500:01:42.469 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
111600:01:42.469 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
111700:01:42.469 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
111800:01:42.469 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
111900:01:42.469 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
112000:01:42.469 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
112100:01:42.469 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
112200:01:42.469 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
112300:01:42.469 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
112400:01:42.469 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
112500:01:42.469 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
112600:01:42.469 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
112700:01:42.469 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
112800:01:42.469 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
112900:01:42.469 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
113000:01:42.469 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
113100:01:42.469 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
113200:01:42.469 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
113300:01:42.469 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
113400:01:42.469 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
113500:01:42.469 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
113600:01:42.469 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
113700:01:42.469 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
113800:01:42.469 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
113900:01:42.469 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
114000:01:42.469 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
114100:01:42.469 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
114200:01:42.469 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
114300:01:42.469 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
114400:01:42.469 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
114500:01:42.469 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
114600:01:42.469 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
114700:01:42.469 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
114800:01:42.469 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
114900:01:42.469 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
115000:01:42.469 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
115100:01:42.469 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
115200:01:42.469 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
115300:01:42.469 vminfo PID=304: C:\WINDOWS\Explorer.EXE
115400:01:42.469 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
115500:01:42.469 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
115600:01:42.469 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
115700:01:42.469 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
115800:01:42.469 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
115900:01:42.469 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
116000:01:42.469 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
116100:01:42.469 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
116200:01:42.469 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
116300:01:42.469 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
116400:01:42.469 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
116500:01:42.469 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
116600:01:42.469 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
116700:01:42.469 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
116800:01:42.469 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
116900:01:42.469 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
117000:01:42.469 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
117100:01:42.469 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
117200:01:42.469 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
117300:01:42.469 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
117400:01:42.469 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
117500:01:42.469 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
117600:01:42.469 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
117700:01:42.469 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
117800:01:42.469 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
117900:01:42.469 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
118000:01:42.469 vminfo Session 0 has 12 processes total
118100:01:42.469 vminfo Adding new user=sma-user5 (session 0) with 12 processes
118200:01:42.469 vminfo Handling session 1
118300:01:42.484 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
118400:01:42.484 vminfo Handling session 2
118500:01:42.484 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
118600:01:42.484 vminfo Handling session 3
118700:01:42.484 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
118800:01:42.484 vminfo Handling session 4
118900:01:42.484 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
119000:01:42.484 vminfo Handling session 5
119100:01:42.484 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
119200:01:42.484 vminfo Found 1 unique logged-in user(s)
119300:01:42.484 vminfo User sma-user5 has 12 processes (session 0)
119400:01:42.484 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
119500:01:50.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:46.740000000Z (MinAdjust: 200 ms)
119600:01:50.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:49.083773000Z => -2 343 773 000 ns drift
119700:01:50.094 timesync VBoxServiceTimeSyncAdjust: Drift=-2343ms
119800:01:50.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=199773, NewTA=179796, DiffNew=19977, DiffMax=78125
119900:01:52.484 vminfo Found 6 sessions
120000:01:52.484 vminfo Handling session 0
120100:01:52.484 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
120200:01:52.484 vminfo Session LogonType=2 is supported -- looking up SID + type ...
120300:01:52.500 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
120400:01:52.500 vminfo Account User=sma-user5, WTSConnectState=0 (4)
120500:01:52.500 vminfo Account User=sma-user5 using TCS/RDP, state=0
120600:01:52.500 vminfo Account User=sma-user5 is logged in
120700:01:52.500 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
120800:01:52.500 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
120900:01:52.500 vminfo Error: Unable to open process with PID=0, error=87
121000:01:52.500 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
121100:01:52.500 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
121200:01:52.500 vminfo PID=580: \SystemRoot\System32\smss.exe
121300:01:52.500 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
121400:01:52.500 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
121500:01:52.500 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
121600:01:52.500 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
121700:01:52.500 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
121800:01:52.500 vminfo PID=696: C:\WINDOWS\system32\services.exe
121900:01:52.500 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
122000:01:52.500 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
122100:01:52.500 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
122200:01:52.500 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
122300:01:52.500 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
122400:01:52.500 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
122500:01:52.500 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
122600:01:52.500 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
122700:01:52.500 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
122800:01:52.500 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
122900:01:52.500 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
123000:01:52.500 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
123100:01:52.500 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
123200:01:52.500 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
123300:01:52.500 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
123400:01:52.500 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
123500:01:52.500 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
123600:01:52.500 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
123700:01:52.500 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
123800:01:52.500 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
123900:01:52.500 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
124000:01:52.500 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
124100:01:52.500 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
124200:01:52.500 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
124300:01:52.500 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
124400:01:52.500 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
124500:01:52.500 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
124600:01:52.516 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
124700:01:52.516 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
124800:01:52.516 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
124900:01:52.516 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
125000:01:52.516 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
125100:01:52.516 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
125200:01:52.516 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
125300:01:52.516 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
125400:01:52.516 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
125500:01:52.516 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
125600:01:52.516 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
125700:01:52.516 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
125800:01:52.531 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
125900:01:52.531 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
126000:01:52.531 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
126100:01:52.531 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
126200:01:52.531 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
126300:01:52.531 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
126400:01:52.531 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
126500:01:52.531 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
126600:01:52.531 vminfo PID=304: C:\WINDOWS\Explorer.EXE
126700:01:52.531 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
126800:01:52.531 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
126900:01:52.531 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
127000:01:52.531 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
127100:01:52.531 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
127200:01:52.531 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
127300:01:52.531 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
127400:01:52.531 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
127500:01:52.531 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
127600:01:52.531 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
127700:01:52.531 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
127800:01:52.531 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
127900:01:52.531 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
128000:01:52.531 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
128100:01:52.531 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
128200:01:52.531 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
128300:01:52.531 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
128400:01:52.531 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
128500:01:52.531 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
128600:01:52.531 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
128700:01:52.531 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
128800:01:52.531 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
128900:01:52.531 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
129000:01:52.531 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
129100:01:52.531 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
129200:01:52.531 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
129300:01:52.531 vminfo Session 0 has 12 processes total
129400:01:52.531 vminfo Adding new user=sma-user5 (session 0) with 12 processes
129500:01:52.531 vminfo Handling session 1
129600:01:52.531 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
129700:01:52.531 vminfo Handling session 2
129800:01:52.531 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
129900:01:52.531 vminfo Handling session 3
130000:01:52.531 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
130100:01:52.531 vminfo Handling session 4
130200:01:52.531 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
130300:01:52.531 vminfo Handling session 5
130400:01:52.531 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
130500:01:52.531 vminfo Found 1 unique logged-in user(s)
130600:01:52.531 vminfo User sma-user5 has 12 processes (session 0)
130700:01:52.531 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
130800:02:00.063 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
130900:02:00.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:56.740000000Z (MinAdjust: 200 ms)
131000:02:00.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:00.590717000Z => -3 850 717 000 ns drift
131100:02:00.094 timesync VBoxServiceTimeSyncAdjust: Drift=-3850ms
131200:02:00.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=179796, NewTA=161817, DiffNew=17979, DiffMax=78125
131300:02:02.531 vminfo Found 6 sessions
131400:02:02.531 vminfo Handling session 0
131500:02:02.531 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
131600:02:02.531 vminfo Session LogonType=2 is supported -- looking up SID + type ...
131700:02:02.531 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
131800:02:02.531 vminfo Account User=sma-user5, WTSConnectState=0 (4)
131900:02:02.531 vminfo Account User=sma-user5 using TCS/RDP, state=0
132000:02:02.531 vminfo Account User=sma-user5 is logged in
132100:02:02.531 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
132200:02:02.531 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
132300:02:02.531 vminfo Error: Unable to open process with PID=0, error=87
132400:02:02.531 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
132500:02:02.531 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
132600:02:02.531 vminfo PID=580: \SystemRoot\System32\smss.exe
132700:02:02.531 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
132800:02:02.531 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
132900:02:02.531 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
133000:02:02.531 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
133100:02:02.531 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
133200:02:02.531 vminfo PID=696: C:\WINDOWS\system32\services.exe
133300:02:02.531 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
133400:02:02.547 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
133500:02:02.547 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
133600:02:02.547 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
133700:02:02.547 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
133800:02:02.547 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
133900:02:02.547 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
134000:02:02.547 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
134100:02:02.547 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
134200:02:02.547 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
134300:02:02.547 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
134400:02:02.547 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
134500:02:02.547 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
134600:02:02.547 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
134700:02:02.547 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
134800:02:02.547 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
134900:02:02.547 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
135000:02:02.547 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
135100:02:02.547 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
135200:02:02.547 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
135300:02:02.547 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
135400:02:02.547 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
135500:02:02.547 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
135600:02:02.547 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
135700:02:02.547 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
135800:02:02.547 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
135900:02:02.547 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
136000:02:02.547 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
136100:02:02.547 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
136200:02:02.547 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
136300:02:02.547 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
136400:02:02.547 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
136500:02:02.547 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
136600:02:02.547 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
136700:02:02.547 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
136800:02:02.547 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
136900:02:02.547 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
137000:02:02.547 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
137100:02:02.547 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
137200:02:02.547 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
137300:02:02.547 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
137400:02:02.547 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
137500:02:02.547 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
137600:02:02.547 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
137700:02:02.547 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
137800:02:02.547 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
137900:02:02.547 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
138000:02:02.547 vminfo PID=304: C:\WINDOWS\Explorer.EXE
138100:02:02.547 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081
138200:02:02.547 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe
138300:02:02.547 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
138400:02:02.547 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
138500:02:02.547 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
138600:02:02.547 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
138700:02:02.547 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
138800:02:02.547 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
138900:02:02.547 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
139000:02:02.547 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
139100:02:02.547 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
139200:02:02.547 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
139300:02:02.547 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
139400:02:02.547 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
139500:02:02.547 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
139600:02:02.547 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
139700:02:02.547 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
139800:02:02.547 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
139900:02:02.547 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
140000:02:02.547 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
140100:02:02.547 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
140200:02:02.547 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
140300:02:02.547 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
140400:02:02.547 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
140500:02:02.547 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
140600:02:02.547 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
140700:02:02.547 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
140800:02:02.547 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
140900:02:02.547 vminfo Session 0 has 13 processes total
141000:02:02.547 vminfo Adding new user=sma-user5 (session 0) with 13 processes
141100:02:02.547 vminfo Handling session 1
141200:02:02.547 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
141300:02:02.547 vminfo Handling session 2
141400:02:02.547 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
141500:02:02.547 vminfo Handling session 3
141600:02:02.547 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
141700:02:02.547 vminfo Handling session 4
141800:02:02.547 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
141900:02:02.547 vminfo Handling session 5
142000:02:02.547 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
142100:02:02.547 vminfo Found 1 unique logged-in user(s)
142200:02:02.547 vminfo User sma-user5 has 13 processes (session 0)
142300:02:02.547 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
142400:02:10.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:06.740000000Z (MinAdjust: 200 ms)
142500:02:10.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:10.947005000Z => -4 207 005 000 ns drift
142600:02:10.094 timesync VBoxServiceTimeSyncAdjust: Drift=-4207ms
142700:02:10.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=161817, NewTA=145636, DiffNew=16181, DiffMax=78125
142800:02:12.563 vminfo Found 6 sessions
142900:02:12.578 vminfo Handling session 0
143000:02:12.578 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
143100:02:12.578 vminfo Session LogonType=2 is supported -- looking up SID + type ...
143200:02:12.578 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
143300:02:12.578 vminfo Account User=sma-user5, WTSConnectState=0 (4)
143400:02:12.578 vminfo Account User=sma-user5 using TCS/RDP, state=0
143500:02:12.578 vminfo Account User=sma-user5 is logged in
143600:02:12.578 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
143700:02:12.578 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
143800:02:12.578 vminfo Error: Unable to open process with PID=0, error=87
143900:02:12.578 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
144000:02:12.578 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
144100:02:12.578 vminfo PID=580: \SystemRoot\System32\smss.exe
144200:02:12.578 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
144300:02:12.578 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
144400:02:12.578 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
144500:02:12.578 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
144600:02:12.578 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
144700:02:12.578 vminfo PID=696: C:\WINDOWS\system32\services.exe
144800:02:12.578 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
144900:02:12.578 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
145000:02:12.578 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
145100:02:12.578 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
145200:02:12.578 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
145300:02:12.578 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
145400:02:12.578 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
145500:02:12.578 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
145600:02:12.578 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
145700:02:12.578 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
145800:02:12.578 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
145900:02:12.578 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
146000:02:12.578 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
146100:02:12.578 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
146200:02:12.578 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
146300:02:12.578 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
146400:02:12.578 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
146500:02:12.578 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
146600:02:12.594 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
146700:02:12.594 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
146800:02:12.594 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
146900:02:12.594 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
147000:02:12.594 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
147100:02:12.594 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
147200:02:12.594 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
147300:02:12.594 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
147400:02:12.594 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
147500:02:12.594 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
147600:02:12.594 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
147700:02:12.594 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
147800:02:12.594 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
147900:02:12.594 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
148000:02:12.594 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
148100:02:12.594 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
148200:02:12.594 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
148300:02:12.594 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
148400:02:12.594 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
148500:02:12.594 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
148600:02:12.594 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
148700:02:12.594 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
148800:02:12.594 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
148900:02:12.594 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
149000:02:12.594 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
149100:02:12.594 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
149200:02:12.594 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
149300:02:12.594 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
149400:02:12.594 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
149500:02:12.594 vminfo PID=304: C:\WINDOWS\Explorer.EXE
149600:02:12.594 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
149700:02:12.594 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
149800:02:12.594 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
149900:02:12.594 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
150000:02:12.594 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
150100:02:12.594 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
150200:02:12.594 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
150300:02:12.594 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
150400:02:12.594 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
150500:02:12.594 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
150600:02:12.594 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
150700:02:12.594 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
150800:02:12.594 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
150900:02:12.594 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
151000:02:12.594 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
151100:02:12.594 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
151200:02:12.594 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
151300:02:12.594 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
151400:02:12.594 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
151500:02:12.594 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
151600:02:12.594 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
151700:02:12.594 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
151800:02:12.594 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
151900:02:12.594 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
152000:02:12.594 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
152100:02:12.594 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
152200:02:12.594 vminfo Session 0 has 13 processes total
152300:02:12.594 vminfo Adding new user=sma-user5 (session 0) with 13 processes
152400:02:12.594 vminfo Handling session 1
152500:02:12.594 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
152600:02:12.594 vminfo Handling session 2
152700:02:12.594 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
152800:02:12.594 vminfo Handling session 3
152900:02:12.594 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
153000:02:12.594 vminfo Handling session 4
153100:02:12.594 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
153200:02:12.594 vminfo Handling session 5
153300:02:12.594 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
153400:02:12.594 vminfo Found 1 unique logged-in user(s)
153500:02:12.594 vminfo User sma-user5 has 13 processes (session 0)
153600:02:12.594 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
153700:02:20.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:16.740000000Z (MinAdjust: 200 ms)
153800:02:20.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:20.267709000Z => -3 527 709 000 ns drift
153900:02:20.094 timesync VBoxServiceTimeSyncAdjust: Drift=-3527ms
154000:02:20.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=145636, NewTA=131073, DiffNew=14563, DiffMax=78125
154100:02:22.609 vminfo Found 6 sessions
154200:02:22.609 vminfo Handling session 0
154300:02:22.609 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
154400:02:22.609 vminfo Session LogonType=2 is supported -- looking up SID + type ...
154500:02:22.625 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
154600:02:22.625 vminfo Account User=sma-user5, WTSConnectState=0 (4)
154700:02:22.625 vminfo Account User=sma-user5 using TCS/RDP, state=0
154800:02:22.625 vminfo Account User=sma-user5 is logged in
154900:02:22.625 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
155000:02:22.625 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
155100:02:22.625 vminfo Error: Unable to open process with PID=0, error=87
155200:02:22.625 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
155300:02:22.625 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
155400:02:22.625 vminfo PID=580: \SystemRoot\System32\smss.exe
155500:02:22.625 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
155600:02:22.625 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
155700:02:22.625 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
155800:02:22.625 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
155900:02:22.625 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
156000:02:22.625 vminfo PID=696: C:\WINDOWS\system32\services.exe
156100:02:22.625 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
156200:02:22.625 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
156300:02:22.625 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
156400:02:22.625 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
156500:02:22.625 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
156600:02:22.625 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
156700:02:22.625 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
156800:02:22.625 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
156900:02:22.625 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
157000:02:22.625 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
157100:02:22.625 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
157200:02:22.625 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
157300:02:22.625 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
157400:02:22.625 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
157500:02:22.625 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
157600:02:22.625 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
157700:02:22.625 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
157800:02:22.625 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
157900:02:22.625 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
158000:02:22.625 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
158100:02:22.625 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
158200:02:22.625 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
158300:02:22.625 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
158400:02:22.625 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
158500:02:22.625 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
158600:02:22.625 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
158700:02:22.625 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
158800:02:22.625 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
158900:02:22.625 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
159000:02:22.625 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
159100:02:22.625 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
159200:02:22.625 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
159300:02:22.625 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
159400:02:22.625 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
159500:02:22.625 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
159600:02:22.625 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
159700:02:22.625 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
159800:02:22.625 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
159900:02:22.625 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
160000:02:22.625 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
160100:02:22.625 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
160200:02:22.625 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
160300:02:22.625 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
160400:02:22.625 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
160500:02:22.625 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
160600:02:22.625 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
160700:02:22.625 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
160800:02:22.625 vminfo PID=304: C:\WINDOWS\Explorer.EXE
160900:02:22.625 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
161000:02:22.625 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
161100:02:22.625 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
161200:02:22.625 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
161300:02:22.625 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
161400:02:22.625 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
161500:02:22.625 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
161600:02:22.625 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
161700:02:22.625 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
161800:02:22.625 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
161900:02:22.625 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
162000:02:22.625 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
162100:02:22.625 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
162200:02:22.641 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
162300:02:22.641 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
162400:02:22.641 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
162500:02:22.641 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
162600:02:22.641 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
162700:02:22.641 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
162800:02:22.641 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
162900:02:22.641 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
163000:02:22.641 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
163100:02:22.641 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
163200:02:22.641 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
163300:02:22.641 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
163400:02:22.641 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
163500:02:22.641 vminfo Session 0 has 13 processes total
163600:02:22.641 vminfo Adding new user=sma-user5 (session 0) with 13 processes
163700:02:22.641 vminfo Handling session 1
163800:02:22.641 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
163900:02:22.641 vminfo Handling session 2
164000:02:22.641 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
164100:02:22.641 vminfo Handling session 3
164200:02:22.641 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
164300:02:22.641 vminfo Handling session 4
164400:02:22.641 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
164500:02:22.641 vminfo Handling session 5
164600:02:22.641 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
164700:02:22.641 vminfo Found 1 unique logged-in user(s)
164800:02:22.641 vminfo User sma-user5 has 13 processes (session 0)
164900:02:22.641 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
165000:02:30.109 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:26.740000000Z (MinAdjust: 200 ms)
165100:02:30.109 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:28.669488300Z => -1 929 488 300 ns drift
165200:02:30.109 timesync VBoxServiceTimeSyncAdjust: Drift=-1929ms
165300:02:30.109 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=131073, NewTA=117966, DiffNew=13107, DiffMax=78125
165400:02:32.641 vminfo Found 6 sessions
165500:02:32.641 vminfo Handling session 0
165600:02:32.641 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
165700:02:32.641 vminfo Session LogonType=2 is supported -- looking up SID + type ...
165800:02:32.656 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
165900:02:32.656 vminfo Account User=sma-user5, WTSConnectState=0 (4)
166000:02:32.656 vminfo Account User=sma-user5 using TCS/RDP, state=0
166100:02:32.656 vminfo Account User=sma-user5 is logged in
166200:02:32.656 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
166300:02:32.656 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
166400:02:32.656 vminfo Error: Unable to open process with PID=0, error=87
166500:02:32.656 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
166600:02:32.656 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
166700:02:32.656 vminfo PID=580: \SystemRoot\System32\smss.exe
166800:02:32.656 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
166900:02:32.656 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
167000:02:32.656 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
167100:02:32.656 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
167200:02:32.656 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
167300:02:32.656 vminfo PID=696: C:\WINDOWS\system32\services.exe
167400:02:32.656 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
167500:02:32.656 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
167600:02:32.656 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
167700:02:32.656 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
167800:02:32.656 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
167900:02:32.656 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
168000:02:32.656 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
168100:02:32.656 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
168200:02:32.656 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
168300:02:32.656 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
168400:02:32.656 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
168500:02:32.656 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
168600:02:32.656 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
168700:02:32.656 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
168800:02:32.656 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
168900:02:32.656 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
169000:02:32.656 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
169100:02:32.656 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
169200:02:32.656 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
169300:02:32.656 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
169400:02:32.656 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
169500:02:32.656 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
169600:02:32.656 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
169700:02:32.656 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
169800:02:32.656 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
169900:02:32.656 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
170000:02:32.656 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
170100:02:32.656 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
170200:02:32.656 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
170300:02:32.656 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
170400:02:32.656 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
170500:02:32.656 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
170600:02:32.656 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
170700:02:32.656 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
170800:02:32.656 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
170900:02:32.656 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
171000:02:32.656 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
171100:02:32.656 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
171200:02:32.656 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
171300:02:32.656 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
171400:02:32.656 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
171500:02:32.656 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
171600:02:32.656 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
171700:02:32.656 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
171800:02:32.672 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
171900:02:32.672 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
172000:02:32.672 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
172100:02:32.672 vminfo PID=304: C:\WINDOWS\Explorer.EXE
172200:02:32.672 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
172300:02:32.672 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
172400:02:32.672 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
172500:02:32.672 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
172600:02:32.672 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
172700:02:32.672 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
172800:02:32.672 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
172900:02:32.672 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
173000:02:32.672 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
173100:02:32.672 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
173200:02:32.672 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
173300:02:32.672 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
173400:02:32.672 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
173500:02:32.672 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
173600:02:32.672 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
173700:02:32.672 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
173800:02:32.672 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
173900:02:32.672 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
174000:02:32.672 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
174100:02:32.672 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
174200:02:32.672 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
174300:02:32.672 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
174400:02:32.672 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
174500:02:32.672 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
174600:02:32.672 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
174700:02:32.672 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
174800:02:32.672 vminfo Session 0 has 13 processes total
174900:02:32.672 vminfo Adding new user=sma-user5 (session 0) with 13 processes
175000:02:32.672 vminfo Handling session 1
175100:02:32.672 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
175200:02:32.672 vminfo Handling session 2
175300:02:32.672 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
175400:02:32.672 vminfo Handling session 3
175500:02:32.672 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
175600:02:32.672 vminfo Handling session 4
175700:02:32.672 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
175800:02:32.672 vminfo Handling session 5
175900:02:32.672 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
176000:02:32.672 vminfo Found 1 unique logged-in user(s)
176100:02:32.672 vminfo User sma-user5 has 13 processes (session 0)
176200:02:32.672 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
176300:02:40.109 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:36.740000000Z (MinAdjust: 100 ms)
176400:02:40.109 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:36.219312300Z => 520 687 700 ns drift
176500:02:40.109 timesync VBoxServiceTimeSyncAdjust: Drift=520ms
176600:02:40.109 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=117966, NewTA=129762, DiffNew=11796, DiffMax=78125
176700:02:42.672 vminfo Found 6 sessions
176800:02:42.672 vminfo Handling session 0
176900:02:42.672 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
177000:02:42.672 vminfo Session LogonType=2 is supported -- looking up SID + type ...
177100:02:42.688 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
177200:02:42.688 vminfo Account User=sma-user5, WTSConnectState=0 (4)
177300:02:42.688 vminfo Account User=sma-user5 using TCS/RDP, state=0
177400:02:42.688 vminfo Account User=sma-user5 is logged in
177500:02:42.688 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
177600:02:42.688 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
177700:02:42.688 vminfo Error: Unable to open process with PID=0, error=87
177800:02:42.688 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
177900:02:42.688 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
178000:02:42.688 vminfo PID=580: \SystemRoot\System32\smss.exe
178100:02:42.688 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
178200:02:42.688 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
178300:02:42.688 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
178400:02:42.688 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
178500:02:42.688 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
178600:02:42.688 vminfo PID=696: C:\WINDOWS\system32\services.exe
178700:02:42.688 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
178800:02:42.688 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
178900:02:42.688 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
179000:02:42.688 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
179100:02:42.688 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
179200:02:42.688 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
179300:02:42.688 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
179400:02:42.688 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
179500:02:42.688 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
179600:02:42.688 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
179700:02:42.688 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
179800:02:42.688 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
179900:02:42.688 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
180000:02:42.688 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
180100:02:42.688 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
180200:02:42.688 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
180300:02:42.688 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
180400:02:42.688 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
180500:02:42.688 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
180600:02:42.688 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
180700:02:42.688 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
180800:02:42.688 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
180900:02:42.688 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
181000:02:42.688 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
181100:02:42.688 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
181200:02:42.688 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
181300:02:42.688 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
181400:02:42.688 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
181500:02:42.688 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
181600:02:42.688 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
181700:02:42.688 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
181800:02:42.688 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
181900:02:42.688 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
182000:02:42.688 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
182100:02:42.688 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
182200:02:42.688 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
182300:02:42.688 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
182400:02:42.688 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
182500:02:42.688 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
182600:02:42.688 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
182700:02:42.688 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
182800:02:42.688 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
182900:02:42.688 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
183000:02:42.688 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
183100:02:42.688 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
183200:02:42.688 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
183300:02:42.688 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
183400:02:42.688 vminfo PID=304: C:\WINDOWS\Explorer.EXE
183500:02:42.688 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
183600:02:42.688 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
183700:02:42.688 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
183800:02:42.688 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
183900:02:42.688 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
184000:02:42.688 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
184100:02:42.688 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
184200:02:42.688 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
184300:02:42.688 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
184400:02:42.688 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
184500:02:42.688 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
184600:02:42.688 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
184700:02:42.688 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
184800:02:42.688 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
184900:02:42.688 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
185000:02:42.688 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
185100:02:42.688 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
185200:02:42.703 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
185300:02:42.703 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
185400:02:42.703 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
185500:02:42.703 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
185600:02:42.703 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
185700:02:42.703 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
185800:02:42.703 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
185900:02:42.703 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
186000:02:42.703 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
186100:02:42.703 vminfo Session 0 has 13 processes total
186200:02:42.703 vminfo Adding new user=sma-user5 (session 0) with 13 processes
186300:02:42.703 vminfo Handling session 1
186400:02:42.703 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
186500:02:42.703 vminfo Handling session 2
186600:02:42.703 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
186700:02:42.703 vminfo Handling session 3
186800:02:42.703 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
186900:02:42.703 vminfo Handling session 4
187000:02:42.703 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
187100:02:42.703 vminfo Handling session 5
187200:02:42.703 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
187300:02:42.703 vminfo Found 1 unique logged-in user(s)
187400:02:42.703 vminfo User sma-user5 has 13 processes (session 0)
187500:02:42.703 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
187600:02:50.109 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:46.740000000Z (MinAdjust: 100 ms)
187700:02:50.109 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:44.524080300Z => 2 215 919 700 ns drift
187800:02:50.109 timesync VBoxServiceTimeSyncAdjust: Drift=2215ms
187900:02:50.109 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=129762, NewTA=142738, DiffNew=12976, DiffMax=78125
188000:02:52.719 vminfo Found 6 sessions
188100:02:52.719 vminfo Handling session 0
188200:02:52.719 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
188300:02:52.719 vminfo Session LogonType=2 is supported -- looking up SID + type ...
188400:02:52.719 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
188500:02:52.734 vminfo Account User=sma-user5, WTSConnectState=0 (4)
188600:02:52.734 vminfo Account User=sma-user5 using TCS/RDP, state=0
188700:02:52.734 vminfo Account User=sma-user5 is logged in
188800:02:52.734 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
188900:02:52.734 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
189000:02:52.734 vminfo Error: Unable to open process with PID=0, error=87
189100:02:52.734 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
189200:02:52.734 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
189300:02:52.734 vminfo PID=580: \SystemRoot\System32\smss.exe
189400:02:52.734 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
189500:02:52.734 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
189600:02:52.734 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
189700:02:52.734 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
189800:02:52.734 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
189900:02:52.734 vminfo PID=696: C:\WINDOWS\system32\services.exe
190000:02:52.734 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
190100:02:52.734 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
190200:02:52.734 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
190300:02:52.734 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
190400:02:52.734 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
190500:02:52.734 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
190600:02:52.734 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
190700:02:52.734 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
190800:02:52.734 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
190900:02:52.734 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
191000:02:52.734 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
191100:02:52.734 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
191200:02:52.734 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
191300:02:52.734 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
191400:02:52.734 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
191500:02:52.734 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
191600:02:52.734 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
191700:02:52.734 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
191800:02:52.734 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
191900:02:52.734 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
192000:02:52.734 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
192100:02:52.734 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
192200:02:52.734 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
192300:02:52.734 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
192400:02:52.734 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
192500:02:52.734 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
192600:02:52.734 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
192700:02:52.734 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
192800:02:52.734 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
192900:02:52.734 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
193000:02:52.734 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
193100:02:52.734 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
193200:02:52.734 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
193300:02:52.734 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
193400:02:52.734 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
193500:02:52.734 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
193600:02:52.734 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
193700:02:52.734 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
193800:02:52.734 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
193900:02:52.734 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
194000:02:52.734 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
194100:02:52.734 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
194200:02:52.734 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
194300:02:52.734 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
194400:02:52.734 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
194500:02:52.734 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
194600:02:52.734 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
194700:02:52.734 vminfo PID=304: C:\WINDOWS\Explorer.EXE
194800:02:52.734 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
194900:02:52.734 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
195000:02:52.734 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
195100:02:52.734 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
195200:02:52.734 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
195300:02:52.734 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
195400:02:52.734 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
195500:02:52.734 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
195600:02:52.734 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
195700:02:52.734 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
195800:02:52.734 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
195900:02:52.734 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
196000:02:52.734 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
196100:02:52.734 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
196200:02:52.734 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
196300:02:52.734 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
196400:02:52.734 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
196500:02:52.734 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
196600:02:52.734 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
196700:02:52.734 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
196800:02:52.734 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
196900:02:52.734 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
197000:02:52.734 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
197100:02:52.734 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
197200:02:52.734 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
197300:02:52.734 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
197400:02:52.734 vminfo Session 0 has 13 processes total
197500:02:52.734 vminfo Adding new user=sma-user5 (session 0) with 13 processes
197600:02:52.734 vminfo Handling session 1
197700:02:52.734 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
197800:02:52.734 vminfo Handling session 2
197900:02:52.734 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
198000:02:52.734 vminfo Handling session 3
198100:02:52.734 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
198200:02:52.734 vminfo Handling session 4
198300:02:52.734 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
198400:02:52.734 vminfo Handling session 5
198500:02:52.750 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
198600:02:52.750 vminfo Found 1 unique logged-in user(s)
198700:02:52.750 vminfo User sma-user5 has 13 processes (session 0)
198800:02:52.750 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
198900:03:00.078 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
199000:03:00.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:56.740000000Z (MinAdjust: 100 ms)
199100:03:00.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:53.673586100Z => 3 066 413 900 ns drift
199200:03:00.125 timesync VBoxServiceTimeSyncAdjust: Drift=3066ms
199300:03:00.125 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=142738, NewTA=157011, DiffNew=14273, DiffMax=78125
199400:03:02.766 vminfo Found 6 sessions
199500:03:02.766 vminfo Handling session 0
199600:03:02.766 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
199700:03:02.766 vminfo Session LogonType=2 is supported -- looking up SID + type ...
199800:03:02.766 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
199900:03:02.766 vminfo Account User=sma-user5, WTSConnectState=0 (4)
200000:03:02.766 vminfo Account User=sma-user5 using TCS/RDP, state=0
200100:03:02.766 vminfo Account User=sma-user5 is logged in
200200:03:02.766 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
200300:03:02.766 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
200400:03:02.766 vminfo Error: Unable to open process with PID=0, error=87
200500:03:02.766 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
200600:03:02.781 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
200700:03:02.781 vminfo PID=580: \SystemRoot\System32\smss.exe
200800:03:02.781 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
200900:03:02.781 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
201000:03:02.781 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
201100:03:02.781 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
201200:03:02.781 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
201300:03:02.781 vminfo PID=696: C:\WINDOWS\system32\services.exe
201400:03:02.781 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
201500:03:02.781 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
201600:03:02.781 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
201700:03:02.781 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
201800:03:02.781 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
201900:03:02.781 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
202000:03:02.781 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
202100:03:02.781 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
202200:03:02.781 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
202300:03:02.781 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
202400:03:02.781 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
202500:03:02.781 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
202600:03:02.781 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
202700:03:02.781 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
202800:03:02.781 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
202900:03:02.781 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
203000:03:02.781 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
203100:03:02.781 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
203200:03:02.781 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
203300:03:02.781 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
203400:03:02.781 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
203500:03:02.781 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
203600:03:02.781 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
203700:03:02.781 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
203800:03:02.781 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
203900:03:02.781 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
204000:03:02.781 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
204100:03:02.781 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
204200:03:02.781 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
204300:03:02.781 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
204400:03:02.781 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
204500:03:02.781 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
204600:03:02.781 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
204700:03:02.781 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
204800:03:02.781 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
204900:03:02.781 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
205000:03:02.781 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
205100:03:02.781 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
205200:03:02.781 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
205300:03:02.781 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
205400:03:02.781 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
205500:03:02.781 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
205600:03:02.781 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
205700:03:02.781 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
205800:03:02.781 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
205900:03:02.781 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
206000:03:02.781 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
206100:03:02.781 vminfo PID=304: C:\WINDOWS\Explorer.EXE
206200:03:02.781 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
206300:03:02.781 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
206400:03:02.781 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
206500:03:02.781 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
206600:03:02.781 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
206700:03:02.781 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
206800:03:02.781 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
206900:03:02.781 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
207000:03:02.781 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
207100:03:02.781 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
207200:03:02.781 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
207300:03:02.781 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
207400:03:02.781 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
207500:03:02.781 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
207600:03:02.781 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
207700:03:02.781 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
207800:03:02.781 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
207900:03:02.781 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
208000:03:02.781 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
208100:03:02.781 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
208200:03:02.781 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
208300:03:02.781 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
208400:03:02.781 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
208500:03:02.781 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
208600:03:02.781 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
208700:03:02.781 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
208800:03:02.781 vminfo Session 0 has 13 processes total
208900:03:02.781 vminfo Adding new user=sma-user5 (session 0) with 13 processes
209000:03:02.781 vminfo Handling session 1
209100:03:02.797 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
209200:03:02.797 vminfo Handling session 2
209300:03:02.797 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
209400:03:02.797 vminfo Handling session 3
209500:03:02.797 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
209600:03:02.797 vminfo Handling session 4
209700:03:02.797 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
209800:03:02.797 vminfo Handling session 5
209900:03:02.797 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
210000:03:02.797 vminfo Found 1 unique logged-in user(s)
210100:03:02.797 vminfo User sma-user5 has 13 processes (session 0)
210200:03:02.797 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
210300:03:10.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:06.740000000Z (MinAdjust: 100 ms)
210400:03:10.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:03.722290100Z => 3 017 709 900 ns drift
210500:03:10.125 timesync VBoxServiceTimeSyncAdjust: Drift=3017ms
210600:03:10.125 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=157011, NewTA=172712, DiffNew=15701, DiffMax=78125
210700:03:12.797 vminfo Found 6 sessions
210800:03:12.797 vminfo Handling session 0
210900:03:12.797 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
211000:03:12.797 vminfo Session LogonType=2 is supported -- looking up SID + type ...
211100:03:12.797 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
211200:03:12.813 vminfo Account User=sma-user5, WTSConnectState=0 (4)
211300:03:12.813 vminfo Account User=sma-user5 using TCS/RDP, state=0
211400:03:12.813 vminfo Account User=sma-user5 is logged in
211500:03:12.813 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
211600:03:12.813 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
211700:03:12.813 vminfo Error: Unable to open process with PID=0, error=87
211800:03:12.813 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
211900:03:12.813 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
212000:03:12.813 vminfo PID=580: \SystemRoot\System32\smss.exe
212100:03:12.813 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
212200:03:12.813 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
212300:03:12.813 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
212400:03:12.813 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
212500:03:12.813 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
212600:03:12.813 vminfo PID=696: C:\WINDOWS\system32\services.exe
212700:03:12.813 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
212800:03:12.813 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
212900:03:12.813 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
213000:03:12.813 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
213100:03:12.813 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
213200:03:12.813 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
213300:03:12.813 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
213400:03:12.813 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
213500:03:12.813 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
213600:03:12.813 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
213700:03:12.813 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
213800:03:12.813 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
213900:03:12.813 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
214000:03:12.813 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
214100:03:12.813 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
214200:03:12.813 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
214300:03:12.813 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
214400:03:12.813 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
214500:03:12.813 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
214600:03:12.813 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
214700:03:12.813 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
214800:03:12.813 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
214900:03:12.813 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
215000:03:12.813 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
215100:03:12.813 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
215200:03:12.813 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
215300:03:12.813 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
215400:03:12.813 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
215500:03:12.813 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
215600:03:12.813 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
215700:03:12.813 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
215800:03:12.813 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
215900:03:12.813 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
216000:03:12.813 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
216100:03:12.813 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
216200:03:12.813 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
216300:03:12.813 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
216400:03:12.813 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
216500:03:12.813 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
216600:03:12.813 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
216700:03:12.813 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
216800:03:12.813 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
216900:03:12.813 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
217000:03:12.813 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
217100:03:12.813 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
217200:03:12.813 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
217300:03:12.813 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
217400:03:12.813 vminfo PID=304: C:\WINDOWS\Explorer.EXE
217500:03:12.813 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
217600:03:12.813 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
217700:03:12.813 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
217800:03:12.813 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
217900:03:12.813 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
218000:03:12.813 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
218100:03:12.813 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
218200:03:12.813 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
218300:03:12.813 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
218400:03:12.813 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
218500:03:12.813 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
218600:03:12.813 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
218700:03:12.813 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
218800:03:12.813 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
218900:03:12.813 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
219000:03:12.813 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
219100:03:12.813 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
219200:03:12.828 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
219300:03:12.828 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
219400:03:12.828 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
219500:03:12.828 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
219600:03:12.828 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
219700:03:12.828 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
219800:03:12.828 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
219900:03:12.828 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
220000:03:12.828 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
220100:03:12.828 vminfo Session 0 has 13 processes total
220200:03:12.828 vminfo Adding new user=sma-user5 (session 0) with 13 processes
220300:03:12.828 vminfo Handling session 1
220400:03:12.828 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
220500:03:12.828 vminfo Handling session 2
220600:03:12.828 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
220700:03:12.828 vminfo Handling session 3
220800:03:12.828 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
220900:03:12.828 vminfo Handling session 4
221000:03:12.828 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
221100:03:12.828 vminfo Handling session 5
221200:03:12.828 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
221300:03:12.828 vminfo Found 1 unique logged-in user(s)
221400:03:12.828 vminfo User sma-user5 has 13 processes (session 0)
221500:03:12.828 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
221600:03:20.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:16.740000000Z (MinAdjust: 100 ms)
221700:03:20.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:14.775858100Z => 1 964 141 900 ns drift
221800:03:20.125 timesync VBoxServiceTimeSyncAdjust: Drift=1964ms
221900:03:20.125 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=172712, NewTA=189983, DiffNew=17271, DiffMax=78125
222000:03:22.828 vminfo Found 6 sessions
222100:03:22.828 vminfo Handling session 0
222200:03:22.828 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
222300:03:22.828 vminfo Session LogonType=2 is supported -- looking up SID + type ...
222400:03:22.828 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
222500:03:22.828 vminfo Account User=sma-user5, WTSConnectState=0 (4)
222600:03:22.828 vminfo Account User=sma-user5 using TCS/RDP, state=0
222700:03:22.828 vminfo Account User=sma-user5 is logged in
222800:03:22.828 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
222900:03:22.828 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
223000:03:22.828 vminfo Error: Unable to open process with PID=0, error=87
223100:03:22.828 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
223200:03:22.844 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
223300:03:22.844 vminfo PID=580: \SystemRoot\System32\smss.exe
223400:03:22.844 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
223500:03:22.844 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
223600:03:22.844 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
223700:03:22.844 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
223800:03:22.844 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
223900:03:22.844 vminfo PID=696: C:\WINDOWS\system32\services.exe
224000:03:22.844 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
224100:03:22.844 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
224200:03:22.844 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
224300:03:22.844 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
224400:03:22.844 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
224500:03:22.844 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
224600:03:22.844 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
224700:03:22.844 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
224800:03:22.844 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
224900:03:22.844 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
225000:03:22.844 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
225100:03:22.844 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
225200:03:22.844 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
225300:03:22.844 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
225400:03:22.844 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
225500:03:22.844 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
225600:03:22.844 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
225700:03:22.844 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
225800:03:22.844 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
225900:03:22.844 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
226000:03:22.844 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
226100:03:22.844 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
226200:03:22.844 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
226300:03:22.844 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
226400:03:22.844 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
226500:03:22.844 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
226600:03:22.844 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
226700:03:22.844 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
226800:03:22.844 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
226900:03:22.844 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
227000:03:22.844 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
227100:03:22.844 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
227200:03:22.844 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
227300:03:22.844 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
227400:03:22.844 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
227500:03:22.844 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
227600:03:22.844 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
227700:03:22.844 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
227800:03:22.844 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
227900:03:22.844 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
228000:03:22.844 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
228100:03:22.844 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
228200:03:22.844 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
228300:03:22.844 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
228400:03:22.844 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
228500:03:22.844 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
228600:03:22.844 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
228700:03:22.844 vminfo PID=304: C:\WINDOWS\Explorer.EXE
228800:03:22.844 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
228900:03:22.844 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
229000:03:22.844 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
229100:03:22.844 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
229200:03:22.844 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
229300:03:22.844 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
229400:03:22.844 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
229500:03:22.844 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
229600:03:22.844 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
229700:03:22.844 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
229800:03:22.844 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
229900:03:22.844 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
230000:03:22.844 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
230100:03:22.844 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
230200:03:22.844 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
230300:03:22.844 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
230400:03:22.844 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
230500:03:22.844 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
230600:03:22.844 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
230700:03:22.844 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
230800:03:22.844 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
230900:03:22.844 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
231000:03:22.844 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
231100:03:22.844 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
231200:03:22.844 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
231300:03:22.844 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
231400:03:22.844 vminfo Session 0 has 13 processes total
231500:03:22.844 vminfo Adding new user=sma-user5 (session 0) with 13 processes
231600:03:22.844 vminfo Handling session 1
231700:03:22.844 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
231800:03:22.844 vminfo Handling session 2
231900:03:22.844 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
232000:03:22.844 vminfo Handling session 3
232100:03:22.844 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
232200:03:22.844 vminfo Handling session 4
232300:03:22.844 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
232400:03:22.844 vminfo Handling session 5
232500:03:22.844 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
232600:03:22.844 vminfo Found 1 unique logged-in user(s)
232700:03:22.844 vminfo User sma-user5 has 13 processes (session 0)
232800:03:22.844 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
232900:03:30.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:26.740000000Z (MinAdjust: 200 ms)
233000:03:30.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:26.934770100Z => -194 770 100 ns drift
233100:03:30.125 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
233200:03:32.859 vminfo Found 6 sessions
233300:03:32.859 vminfo Handling session 0
233400:03:32.859 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
233500:03:32.859 vminfo Session LogonType=2 is supported -- looking up SID + type ...
233600:03:32.859 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
233700:03:32.875 vminfo Account User=sma-user5, WTSConnectState=0 (4)
233800:03:32.875 vminfo Account User=sma-user5 using TCS/RDP, state=0
233900:03:32.875 vminfo Account User=sma-user5 is logged in
234000:03:32.875 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
234100:03:32.875 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
234200:03:32.875 vminfo Error: Unable to open process with PID=0, error=87
234300:03:32.875 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
234400:03:32.875 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
234500:03:32.875 vminfo PID=580: \SystemRoot\System32\smss.exe
234600:03:32.875 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
234700:03:32.875 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
234800:03:32.875 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
234900:03:32.875 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
235000:03:32.875 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
235100:03:32.875 vminfo PID=696: C:\WINDOWS\system32\services.exe
235200:03:32.875 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
235300:03:32.875 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
235400:03:32.875 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
235500:03:32.875 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
235600:03:32.875 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
235700:03:32.875 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
235800:03:32.875 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
235900:03:32.875 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
236000:03:32.875 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
236100:03:32.875 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
236200:03:32.875 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
236300:03:32.875 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
236400:03:32.875 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
236500:03:32.875 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
236600:03:32.875 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
236700:03:32.875 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
236800:03:32.875 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
236900:03:32.875 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
237000:03:32.875 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
237100:03:32.875 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
237200:03:32.875 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
237300:03:32.875 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
237400:03:32.875 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
237500:03:32.875 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
237600:03:32.875 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
237700:03:32.875 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
237800:03:32.875 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
237900:03:32.875 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
238000:03:32.875 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
238100:03:32.875 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
238200:03:32.875 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
238300:03:32.875 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
238400:03:32.875 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
238500:03:32.875 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
238600:03:32.875 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
238700:03:32.875 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
238800:03:32.875 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
238900:03:32.875 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
239000:03:32.875 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
239100:03:32.875 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
239200:03:32.875 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
239300:03:32.875 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
239400:03:32.875 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
239500:03:32.875 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
239600:03:32.875 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
239700:03:32.875 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
239800:03:32.875 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
239900:03:32.875 vminfo PID=304: C:\WINDOWS\Explorer.EXE
240000:03:32.875 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
240100:03:32.875 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
240200:03:32.875 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
240300:03:32.875 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
240400:03:32.875 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
240500:03:32.875 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
240600:03:32.875 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
240700:03:32.875 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
240800:03:32.875 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
240900:03:32.875 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
241000:03:32.875 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
241100:03:32.875 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
241200:03:32.875 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
241300:03:32.875 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
241400:03:32.875 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
241500:03:32.875 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
241600:03:32.875 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
241700:03:32.875 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
241800:03:32.875 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
241900:03:32.875 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
242000:03:32.875 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
242100:03:32.875 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
242200:03:32.875 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
242300:03:32.875 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
242400:03:32.875 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
242500:03:32.875 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
242600:03:32.875 vminfo Session 0 has 13 processes total
242700:03:32.891 vminfo Adding new user=sma-user5 (session 0) with 13 processes
242800:03:32.891 vminfo Handling session 1
242900:03:32.891 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
243000:03:32.891 vminfo Handling session 2
243100:03:32.891 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
243200:03:32.891 vminfo Handling session 3
243300:03:32.891 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
243400:03:32.891 vminfo Handling session 4
243500:03:32.891 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
243600:03:32.891 vminfo Handling session 5
243700:03:32.891 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
243800:03:32.891 vminfo Found 1 unique logged-in user(s)
243900:03:32.891 vminfo User sma-user5 has 13 processes (session 0)
244000:03:32.891 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
244100:03:40.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:36.740000000Z (MinAdjust: 200 ms)
244200:03:40.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:36.934770100Z => -194 770 100 ns drift
244300:03:40.125 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
244400:03:42.906 vminfo Found 6 sessions
244500:03:42.906 vminfo Handling session 0
244600:03:42.906 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
244700:03:42.906 vminfo Session LogonType=2 is supported -- looking up SID + type ...
244800:03:42.906 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
244900:03:42.906 vminfo Account User=sma-user5, WTSConnectState=0 (4)
245000:03:42.906 vminfo Account User=sma-user5 using TCS/RDP, state=0
245100:03:42.906 vminfo Account User=sma-user5 is logged in
245200:03:42.906 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
245300:03:42.922 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
245400:03:42.922 vminfo Error: Unable to open process with PID=0, error=87
245500:03:42.922 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
245600:03:42.922 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
245700:03:42.922 vminfo PID=580: \SystemRoot\System32\smss.exe
245800:03:42.922 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
245900:03:42.922 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
246000:03:42.922 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
246100:03:42.922 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
246200:03:42.922 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
246300:03:42.922 vminfo PID=696: C:\WINDOWS\system32\services.exe
246400:03:42.922 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
246500:03:42.922 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
246600:03:42.922 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
246700:03:42.922 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
246800:03:42.922 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
246900:03:42.922 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
247000:03:42.922 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
247100:03:42.922 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
247200:03:42.922 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
247300:03:42.922 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
247400:03:42.922 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
247500:03:42.922 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
247600:03:42.922 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
247700:03:42.922 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
247800:03:42.922 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
247900:03:42.922 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
248000:03:42.922 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
248100:03:42.922 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
248200:03:42.922 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
248300:03:42.922 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
248400:03:42.922 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
248500:03:42.922 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
248600:03:42.922 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
248700:03:42.922 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
248800:03:42.922 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
248900:03:42.922 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
249000:03:42.922 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
249100:03:42.922 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
249200:03:42.922 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
249300:03:42.922 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
249400:03:42.922 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
249500:03:42.922 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
249600:03:42.922 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
249700:03:42.922 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
249800:03:42.922 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
249900:03:42.922 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
250000:03:42.922 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
250100:03:42.922 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
250200:03:42.922 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
250300:03:42.922 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
250400:03:42.922 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
250500:03:42.922 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
250600:03:42.922 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
250700:03:42.922 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
250800:03:42.922 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
250900:03:42.922 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
251000:03:42.922 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
251100:03:42.922 vminfo PID=304: C:\WINDOWS\Explorer.EXE
251200:03:42.922 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
251300:03:42.922 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
251400:03:42.922 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
251500:03:42.922 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
251600:03:42.922 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
251700:03:42.922 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
251800:03:42.922 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
251900:03:42.922 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
252000:03:42.922 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
252100:03:42.922 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
252200:03:42.922 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
252300:03:42.922 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
252400:03:42.922 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
252500:03:42.922 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
252600:03:42.922 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
252700:03:42.922 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
252800:03:42.922 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
252900:03:42.922 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
253000:03:42.922 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
253100:03:42.922 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
253200:03:42.922 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
253300:03:42.922 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
253400:03:42.922 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
253500:03:42.922 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
253600:03:42.922 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
253700:03:42.922 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
253800:03:42.922 vminfo Session 0 has 13 processes total
253900:03:42.922 vminfo Adding new user=sma-user5 (session 0) with 13 processes
254000:03:42.922 vminfo Handling session 1
254100:03:42.922 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
254200:03:42.922 vminfo Handling session 2
254300:03:42.922 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
254400:03:42.922 vminfo Handling session 3
254500:03:42.922 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
254600:03:42.922 vminfo Handling session 4
254700:03:42.922 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
254800:03:42.922 vminfo Handling session 5
254900:03:42.938 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
255000:03:42.938 vminfo Found 1 unique logged-in user(s)
255100:03:42.938 vminfo User sma-user5 has 13 processes (session 0)
255200:03:42.938 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
255300:03:50.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:46.740000000Z (MinAdjust: 200 ms)
255400:03:50.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:46.950395100Z => -210 395 100 ns drift
255500:03:50.141 timesync VBoxServiceTimeSyncAdjust: Drift=-210ms
255600:03:50.141 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=156250, NewTA=140625, DiffNew=15625, DiffMax=78125
255700:03:52.938 vminfo Found 6 sessions
255800:03:52.938 vminfo Handling session 0
255900:03:52.938 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
256000:03:52.938 vminfo Session LogonType=2 is supported -- looking up SID + type ...
256100:03:52.938 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
256200:03:52.938 vminfo Account User=sma-user5, WTSConnectState=0 (4)
256300:03:52.938 vminfo Account User=sma-user5 using TCS/RDP, state=0
256400:03:52.938 vminfo Account User=sma-user5 is logged in
256500:03:52.938 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
256600:03:52.938 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
256700:03:52.938 vminfo Error: Unable to open process with PID=0, error=87
256800:03:52.938 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
256900:03:52.938 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
257000:03:52.938 vminfo PID=580: \SystemRoot\System32\smss.exe
257100:03:52.938 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
257200:03:52.938 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
257300:03:52.938 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
257400:03:52.938 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
257500:03:52.938 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
257600:03:52.938 vminfo PID=696: C:\WINDOWS\system32\services.exe
257700:03:52.938 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
257800:03:52.953 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
257900:03:52.953 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
258000:03:52.953 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
258100:03:52.953 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
258200:03:52.953 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
258300:03:52.953 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
258400:03:52.953 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
258500:03:52.953 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
258600:03:52.953 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
258700:03:52.953 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
258800:03:52.953 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
258900:03:52.953 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
259000:03:52.953 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
259100:03:52.953 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
259200:03:52.953 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
259300:03:52.953 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
259400:03:52.953 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
259500:03:52.953 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
259600:03:52.953 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
259700:03:52.953 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
259800:03:52.953 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
259900:03:52.953 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
260000:03:52.953 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
260100:03:52.953 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
260200:03:52.953 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
260300:03:52.953 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
260400:03:52.953 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
260500:03:52.953 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
260600:03:52.953 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
260700:03:52.953 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
260800:03:52.953 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
260900:03:52.953 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
261000:03:52.953 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
261100:03:52.953 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
261200:03:52.953 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
261300:03:52.953 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
261400:03:52.953 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
261500:03:52.953 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
261600:03:52.953 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
261700:03:52.953 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
261800:03:52.953 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
261900:03:52.953 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
262000:03:52.953 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
262100:03:52.953 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
262200:03:52.953 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
262300:03:52.953 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
262400:03:52.953 vminfo PID=304: C:\WINDOWS\Explorer.EXE
262500:03:52.953 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
262600:03:52.953 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
262700:03:52.953 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
262800:03:52.953 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
262900:03:52.953 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
263000:03:52.953 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
263100:03:52.953 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
263200:03:52.953 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
263300:03:52.953 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
263400:03:52.953 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
263500:03:52.953 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
263600:03:52.953 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
263700:03:52.953 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
263800:03:52.953 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
263900:03:52.953 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
264000:03:52.953 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
264100:03:52.953 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
264200:03:52.953 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
264300:03:52.953 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
264400:03:52.953 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
264500:03:52.953 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
264600:03:52.953 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
264700:03:52.953 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
264800:03:52.953 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
264900:03:52.953 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
265000:03:52.953 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
265100:03:52.953 vminfo Session 0 has 13 processes total
265200:03:52.953 vminfo Adding new user=sma-user5 (session 0) with 13 processes
265300:03:52.953 vminfo Handling session 1
265400:03:52.953 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
265500:03:52.953 vminfo Handling session 2
265600:03:52.953 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
265700:03:52.953 vminfo Handling session 3
265800:03:52.953 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
265900:03:52.953 vminfo Handling session 4
266000:03:52.953 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
266100:03:52.953 vminfo Handling session 5
266200:03:52.953 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
266300:03:52.953 vminfo Found 1 unique logged-in user(s)
266400:03:52.953 vminfo User sma-user5 has 13 processes (session 0)
266500:03:52.953 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
266600:04:00.078 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
266700:04:00.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:56.740000000Z (MinAdjust: 100 ms)
266800:04:00.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:55.950395100Z => 789 604 900 ns drift
266900:04:00.141 timesync VBoxServiceTimeSyncAdjust: Drift=789ms
267000:04:00.141 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=140625, NewTA=154687, DiffNew=14062, DiffMax=78125
267100:04:02.969 vminfo Found 6 sessions
267200:04:02.969 vminfo Handling session 0
267300:04:02.969 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
267400:04:02.969 vminfo Session LogonType=2 is supported -- looking up SID + type ...
267500:04:02.969 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
267600:04:02.969 vminfo Account User=sma-user5, WTSConnectState=0 (4)
267700:04:02.969 vminfo Account User=sma-user5 using TCS/RDP, state=0
267800:04:02.969 vminfo Account User=sma-user5 is logged in
267900:04:02.969 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
268000:04:02.969 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
268100:04:02.969 vminfo Error: Unable to open process with PID=0, error=87
268200:04:02.969 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
268300:04:02.969 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
268400:04:02.969 vminfo PID=580: \SystemRoot\System32\smss.exe
268500:04:02.969 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
268600:04:02.969 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
268700:04:02.969 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
268800:04:02.969 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
268900:04:02.969 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
269000:04:02.969 vminfo PID=696: C:\WINDOWS\system32\services.exe
269100:04:02.969 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
269200:04:02.984 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
269300:04:02.984 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
269400:04:02.984 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
269500:04:02.984 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
269600:04:02.984 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
269700:04:02.984 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
269800:04:02.984 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
269900:04:02.984 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
270000:04:02.984 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
270100:04:02.984 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
270200:04:02.984 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
270300:04:02.984 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
270400:04:02.984 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
270500:04:02.984 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
270600:04:02.984 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
270700:04:02.984 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
270800:04:02.984 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
270900:04:02.984 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
271000:04:02.984 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
271100:04:02.984 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
271200:04:02.984 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
271300:04:02.984 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
271400:04:02.984 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
271500:04:02.984 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
271600:04:02.984 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
271700:04:02.984 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
271800:04:02.984 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
271900:04:02.984 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
272000:04:02.984 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
272100:04:02.984 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
272200:04:02.984 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
272300:04:02.984 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
272400:04:02.984 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
272500:04:02.984 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
272600:04:02.984 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
272700:04:02.984 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
272800:04:02.984 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
272900:04:02.984 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
273000:04:02.984 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
273100:04:02.984 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
273200:04:02.984 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
273300:04:02.984 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
273400:04:02.984 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
273500:04:02.984 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
273600:04:02.984 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
273700:04:02.984 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
273800:04:02.984 vminfo PID=304: C:\WINDOWS\Explorer.EXE
273900:04:02.984 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
274000:04:02.984 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
274100:04:02.984 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
274200:04:02.984 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
274300:04:02.984 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
274400:04:02.984 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
274500:04:02.984 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
274600:04:02.984 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
274700:04:02.984 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
274800:04:02.984 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
274900:04:02.984 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
275000:04:02.984 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
275100:04:02.984 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
275200:04:02.984 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
275300:04:02.984 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
275400:04:02.984 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
275500:04:02.984 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
275600:04:02.984 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
275700:04:02.984 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
275800:04:02.984 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
275900:04:02.984 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
276000:04:02.984 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
276100:04:02.984 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
276200:04:02.984 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
276300:04:02.984 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
276400:04:02.984 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
276500:04:02.984 vminfo Session 0 has 13 processes total
276600:04:02.984 vminfo Adding new user=sma-user5 (session 0) with 13 processes
276700:04:02.984 vminfo Handling session 1
276800:04:02.984 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
276900:04:02.984 vminfo Handling session 2
277000:04:02.984 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
277100:04:02.984 vminfo Handling session 3
277200:04:02.984 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
277300:04:02.984 vminfo Handling session 4
277400:04:02.984 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
277500:04:02.984 vminfo Handling session 5
277600:04:02.984 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
277700:04:02.984 vminfo Found 1 unique logged-in user(s)
277800:04:02.984 vminfo User sma-user5 has 13 processes (session 0)
277900:04:02.984 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
278000:04:10.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:06.740000000Z (MinAdjust: 100 ms)
278100:04:10.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:05.850363100Z => 889 636 900 ns drift
278200:04:10.141 timesync VBoxServiceTimeSyncAdjust: Drift=889ms
278300:04:10.141 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=154687, NewTA=170155, DiffNew=15468, DiffMax=78125
278400:04:13.000 vminfo Found 6 sessions
278500:04:13.000 vminfo Handling session 0
278600:04:13.000 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
278700:04:13.000 vminfo Session LogonType=2 is supported -- looking up SID + type ...
278800:04:13.000 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
278900:04:13.000 vminfo Account User=sma-user5, WTSConnectState=0 (4)
279000:04:13.000 vminfo Account User=sma-user5 using TCS/RDP, state=0
279100:04:13.000 vminfo Account User=sma-user5 is logged in
279200:04:13.000 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
279300:04:13.000 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
279400:04:13.000 vminfo Error: Unable to open process with PID=0, error=87
279500:04:13.000 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
279600:04:13.000 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
279700:04:13.016 vminfo PID=580: \SystemRoot\System32\smss.exe
279800:04:13.016 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
279900:04:13.016 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
280000:04:13.016 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
280100:04:13.016 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
280200:04:13.016 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
280300:04:13.016 vminfo PID=696: C:\WINDOWS\system32\services.exe
280400:04:13.016 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
280500:04:13.016 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
280600:04:13.016 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
280700:04:13.016 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
280800:04:13.016 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
280900:04:13.016 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
281000:04:13.016 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
281100:04:13.016 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
281200:04:13.016 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
281300:04:13.016 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
281400:04:13.016 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
281500:04:13.016 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
281600:04:13.016 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
281700:04:13.016 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
281800:04:13.016 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
281900:04:13.016 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
282000:04:13.016 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
282100:04:13.016 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
282200:04:13.016 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
282300:04:13.016 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
282400:04:13.016 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
282500:04:13.016 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
282600:04:13.016 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
282700:04:13.016 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
282800:04:13.016 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
282900:04:13.016 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
283000:04:13.016 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
283100:04:13.016 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
283200:04:13.016 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
283300:04:13.016 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
283400:04:13.016 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
283500:04:13.016 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
283600:04:13.016 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
283700:04:13.016 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
283800:04:13.016 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
283900:04:13.016 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
284000:04:13.016 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
284100:04:13.016 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
284200:04:13.016 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
284300:04:13.016 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
284400:04:13.016 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
284500:04:13.016 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
284600:04:13.016 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
284700:04:13.016 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
284800:04:13.016 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
284900:04:13.016 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
285000:04:13.016 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
285100:04:13.016 vminfo PID=304: C:\WINDOWS\Explorer.EXE
285200:04:13.016 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
285300:04:13.016 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
285400:04:13.016 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
285500:04:13.016 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
285600:04:13.016 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
285700:04:13.016 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
285800:04:13.016 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
285900:04:13.016 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
286000:04:13.016 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
286100:04:13.016 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
286200:04:13.016 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
286300:04:13.016 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
286400:04:13.016 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
286500:04:13.016 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
286600:04:13.016 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
286700:04:13.016 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
286800:04:13.016 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
286900:04:13.016 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
287000:04:13.016 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
287100:04:13.016 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
287200:04:13.016 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
287300:04:13.016 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
287400:04:13.016 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
287500:04:13.016 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
287600:04:13.016 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
287700:04:13.016 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
287800:04:13.016 vminfo Session 0 has 13 processes total
287900:04:13.016 vminfo Adding new user=sma-user5 (session 0) with 13 processes
288000:04:13.016 vminfo Handling session 1
288100:04:13.016 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
288200:04:13.016 vminfo Handling session 2
288300:04:13.031 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
288400:04:13.031 vminfo Handling session 3
288500:04:13.031 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
288600:04:13.031 vminfo Handling session 4
288700:04:13.031 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
288800:04:13.031 vminfo Handling session 5
288900:04:13.031 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
289000:04:13.031 vminfo Found 1 unique logged-in user(s)
289100:04:13.031 vminfo User sma-user5 has 13 processes (session 0)
289200:04:13.031 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
289300:04:20.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:16.740000000Z (MinAdjust: 100 ms)
289400:04:20.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:16.740283100Z => -283 100 ns drift
289500:04:20.141 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
289600:04:23.047 vminfo Found 6 sessions
289700:04:23.047 vminfo Handling session 0
289800:04:23.047 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
289900:04:23.047 vminfo Session LogonType=2 is supported -- looking up SID + type ...
290000:04:23.047 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
290100:04:23.047 vminfo Account User=sma-user5, WTSConnectState=0 (4)
290200:04:23.047 vminfo Account User=sma-user5 using TCS/RDP, state=0
290300:04:23.047 vminfo Account User=sma-user5 is logged in
290400:04:23.047 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
290500:04:23.047 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
290600:04:23.047 vminfo Error: Unable to open process with PID=0, error=87
290700:04:23.047 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
290800:04:23.047 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
290900:04:23.063 vminfo PID=580: \SystemRoot\System32\smss.exe
291000:04:23.063 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
291100:04:23.063 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
291200:04:23.063 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
291300:04:23.063 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
291400:04:23.063 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
291500:04:23.063 vminfo PID=696: C:\WINDOWS\system32\services.exe
291600:04:23.063 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
291700:04:23.063 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
291800:04:23.063 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
291900:04:23.063 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
292000:04:23.063 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
292100:04:23.063 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
292200:04:23.063 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
292300:04:23.063 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
292400:04:23.063 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
292500:04:23.063 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
292600:04:23.063 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
292700:04:23.063 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
292800:04:23.063 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
292900:04:23.063 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
293000:04:23.063 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
293100:04:23.063 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
293200:04:23.063 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
293300:04:23.063 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
293400:04:23.063 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
293500:04:23.063 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
293600:04:23.063 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
293700:04:23.063 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
293800:04:23.063 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
293900:04:23.063 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
294000:04:23.063 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
294100:04:23.063 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
294200:04:23.063 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
294300:04:23.063 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
294400:04:23.063 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
294500:04:23.063 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
294600:04:23.063 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
294700:04:23.063 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
294800:04:23.063 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
294900:04:23.063 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
295000:04:23.063 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
295100:04:23.063 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
295200:04:23.063 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
295300:04:23.063 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
295400:04:23.063 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
295500:04:23.063 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
295600:04:23.063 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
295700:04:23.078 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
295800:04:23.078 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
295900:04:23.078 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
296000:04:23.078 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
296100:04:23.078 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
296200:04:23.078 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
296300:04:23.078 vminfo PID=304: C:\WINDOWS\Explorer.EXE
296400:04:23.078 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
296500:04:23.078 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
296600:04:23.078 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
296700:04:23.078 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
296800:04:23.078 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
296900:04:23.078 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
297000:04:23.078 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
297100:04:23.078 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
297200:04:23.078 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
297300:04:23.078 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
297400:04:23.078 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
297500:04:23.078 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
297600:04:23.078 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
297700:04:23.078 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
297800:04:23.078 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
297900:04:23.078 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
298000:04:23.078 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
298100:04:23.078 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
298200:04:23.078 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
298300:04:23.078 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
298400:04:23.078 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
298500:04:23.078 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
298600:04:23.078 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
298700:04:23.078 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
298800:04:23.078 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
298900:04:23.078 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
299000:04:23.078 vminfo Session 0 has 13 processes total
299100:04:23.078 vminfo Adding new user=sma-user5 (session 0) with 13 processes
299200:04:23.078 vminfo Handling session 1
299300:04:23.078 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
299400:04:23.078 vminfo Handling session 2
299500:04:23.078 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
299600:04:23.078 vminfo Handling session 3
299700:04:23.078 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
299800:04:23.078 vminfo Handling session 4
299900:04:23.078 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
300000:04:23.078 vminfo Handling session 5
300100:04:23.078 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
300200:04:23.078 vminfo Found 1 unique logged-in user(s)
300300:04:23.078 vminfo User sma-user5 has 13 processes (session 0)
300400:04:23.078 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
300500:04:30.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:26.740000000Z (MinAdjust: 200 ms)
300600:04:30.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:26.755908100Z => -15 908 100 ns drift
300700:04:30.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
300800:04:33.078 vminfo Found 6 sessions
300900:04:33.078 vminfo Handling session 0
301000:04:33.078 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
301100:04:33.078 vminfo Session LogonType=2 is supported -- looking up SID + type ...
301200:04:33.094 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
301300:04:33.094 vminfo Account User=sma-user5, WTSConnectState=0 (4)
301400:04:33.094 vminfo Account User=sma-user5 using TCS/RDP, state=0
301500:04:33.094 vminfo Account User=sma-user5 is logged in
301600:04:33.094 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
301700:04:33.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
301800:04:33.094 vminfo Error: Unable to open process with PID=0, error=87
301900:04:33.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
302000:04:33.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
302100:04:33.094 vminfo PID=580: \SystemRoot\System32\smss.exe
302200:04:33.094 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
302300:04:33.094 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
302400:04:33.094 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
302500:04:33.094 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
302600:04:33.094 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
302700:04:33.094 vminfo PID=696: C:\WINDOWS\system32\services.exe
302800:04:33.094 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
302900:04:33.094 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
303000:04:33.094 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
303100:04:33.094 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
303200:04:33.094 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
303300:04:33.094 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
303400:04:33.094 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
303500:04:33.094 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
303600:04:33.094 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
303700:04:33.094 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
303800:04:33.094 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
303900:04:33.094 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
304000:04:33.094 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
304100:04:33.094 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
304200:04:33.094 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
304300:04:33.094 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
304400:04:33.094 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
304500:04:33.094 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
304600:04:33.094 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
304700:04:33.094 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
304800:04:33.094 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
304900:04:33.094 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
305000:04:33.094 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
305100:04:33.094 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
305200:04:33.094 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
305300:04:33.094 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
305400:04:33.094 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
305500:04:33.094 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
305600:04:33.094 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
305700:04:33.094 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
305800:04:33.094 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
305900:04:33.094 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
306000:04:33.094 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
306100:04:33.094 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
306200:04:33.094 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
306300:04:33.094 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
306400:04:33.094 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
306500:04:33.094 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
306600:04:33.094 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
306700:04:33.094 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
306800:04:33.094 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
306900:04:33.094 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
307000:04:33.094 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
307100:04:33.094 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
307200:04:33.094 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
307300:04:33.094 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
307400:04:33.094 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
307500:04:33.094 vminfo PID=304: C:\WINDOWS\Explorer.EXE
307600:04:33.094 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
307700:04:33.109 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
307800:04:33.109 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
307900:04:33.109 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
308000:04:33.109 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
308100:04:33.109 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
308200:04:33.109 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
308300:04:33.109 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
308400:04:33.109 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
308500:04:33.109 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
308600:04:33.109 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
308700:04:33.109 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
308800:04:33.109 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
308900:04:33.109 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
309000:04:33.109 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
309100:04:33.109 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
309200:04:33.109 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
309300:04:33.109 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
309400:04:33.109 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
309500:04:33.109 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
309600:04:33.109 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
309700:04:33.109 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
309800:04:33.109 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
309900:04:33.109 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
310000:04:33.109 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
310100:04:33.109 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
310200:04:33.109 vminfo Session 0 has 13 processes total
310300:04:33.109 vminfo Adding new user=sma-user5 (session 0) with 13 processes
310400:04:33.109 vminfo Handling session 1
310500:04:33.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
310600:04:33.109 vminfo Handling session 2
310700:04:33.109 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
310800:04:33.109 vminfo Handling session 3
310900:04:33.109 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
311000:04:33.109 vminfo Handling session 4
311100:04:33.109 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
311200:04:33.109 vminfo Handling session 5
311300:04:33.109 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
311400:04:33.109 vminfo Found 1 unique logged-in user(s)
311500:04:33.109 vminfo User sma-user5 has 13 processes (session 0)
311600:04:33.109 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
311700:04:40.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:36.740000000Z (MinAdjust: 200 ms)
311800:04:40.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:36.755908100Z => -15 908 100 ns drift
311900:04:40.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
312000:04:43.109 vminfo Found 6 sessions
312100:04:43.109 vminfo Handling session 0
312200:04:43.109 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
312300:04:43.109 vminfo Session LogonType=2 is supported -- looking up SID + type ...
312400:04:43.125 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
312500:04:43.125 vminfo Account User=sma-user5, WTSConnectState=0 (4)
312600:04:43.125 vminfo Account User=sma-user5 using TCS/RDP, state=0
312700:04:43.125 vminfo Account User=sma-user5 is logged in
312800:04:43.125 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
312900:04:43.125 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
313000:04:43.125 vminfo Error: Unable to open process with PID=0, error=87
313100:04:43.125 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
313200:04:43.125 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
313300:04:43.125 vminfo PID=580: \SystemRoot\System32\smss.exe
313400:04:43.125 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
313500:04:43.125 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
313600:04:43.125 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
313700:04:43.125 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
313800:04:43.125 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
313900:04:43.125 vminfo PID=696: C:\WINDOWS\system32\services.exe
314000:04:43.125 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
314100:04:43.125 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
314200:04:43.125 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
314300:04:43.125 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
314400:04:43.125 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
314500:04:43.125 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
314600:04:43.125 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
314700:04:43.125 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
314800:04:43.125 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
314900:04:43.125 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
315000:04:43.125 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
315100:04:43.125 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
315200:04:43.125 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
315300:04:43.125 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
315400:04:43.125 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
315500:04:43.125 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
315600:04:43.125 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
315700:04:43.125 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
315800:04:43.125 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
315900:04:43.125 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
316000:04:43.125 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
316100:04:43.125 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
316200:04:43.125 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
316300:04:43.125 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
316400:04:43.125 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
316500:04:43.125 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
316600:04:43.125 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
316700:04:43.125 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
316800:04:43.125 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
316900:04:43.125 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
317000:04:43.125 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
317100:04:43.125 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
317200:04:43.125 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
317300:04:43.125 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
317400:04:43.125 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
317500:04:43.125 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
317600:04:43.125 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
317700:04:43.125 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
317800:04:43.125 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
317900:04:43.125 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
318000:04:43.125 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
318100:04:43.125 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
318200:04:43.125 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
318300:04:43.125 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
318400:04:43.125 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
318500:04:43.125 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
318600:04:43.125 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
318700:04:43.125 vminfo PID=304: C:\WINDOWS\Explorer.EXE
318800:04:43.125 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
318900:04:43.125 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
319000:04:43.125 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
319100:04:43.125 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
319200:04:43.125 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
319300:04:43.125 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
319400:04:43.125 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
319500:04:43.125 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
319600:04:43.125 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
319700:04:43.125 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
319800:04:43.125 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
319900:04:43.125 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
320000:04:43.125 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
320100:04:43.125 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
320200:04:43.125 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
320300:04:43.125 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
320400:04:43.141 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
320500:04:43.141 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
320600:04:43.141 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
320700:04:43.141 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
320800:04:43.141 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
320900:04:43.141 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
321000:04:43.141 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
321100:04:43.141 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
321200:04:43.141 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
321300:04:43.141 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
321400:04:43.141 vminfo Session 0 has 13 processes total
321500:04:43.141 vminfo Adding new user=sma-user5 (session 0) with 13 processes
321600:04:43.141 vminfo Handling session 1
321700:04:43.141 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
321800:04:43.141 vminfo Handling session 2
321900:04:43.141 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
322000:04:43.141 vminfo Handling session 3
322100:04:43.141 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
322200:04:43.141 vminfo Handling session 4
322300:04:43.141 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
322400:04:43.141 vminfo Handling session 5
322500:04:43.141 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
322600:04:43.141 vminfo Found 1 unique logged-in user(s)
322700:04:43.141 vminfo User sma-user5 has 13 processes (session 0)
322800:04:43.141 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
322900:04:50.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:46.741000000Z (MinAdjust: 200 ms)
323000:04:50.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:46.755908100Z => -14 908 100 ns drift
323100:04:50.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
323200:04:53.141 vminfo Found 6 sessions
323300:04:53.141 vminfo Handling session 0
323400:04:53.141 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
323500:04:53.141 vminfo Session LogonType=2 is supported -- looking up SID + type ...
323600:04:53.141 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
323700:04:53.141 vminfo Account User=sma-user5, WTSConnectState=0 (4)
323800:04:53.141 vminfo Account User=sma-user5 using TCS/RDP, state=0
323900:04:53.141 vminfo Account User=sma-user5 is logged in
324000:04:53.156 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
324100:04:53.156 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
324200:04:53.156 vminfo Error: Unable to open process with PID=0, error=87
324300:04:53.156 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
324400:04:53.156 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
324500:04:53.156 vminfo PID=580: \SystemRoot\System32\smss.exe
324600:04:53.156 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
324700:04:53.156 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
324800:04:53.156 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
324900:04:53.156 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
325000:04:53.156 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
325100:04:53.156 vminfo PID=696: C:\WINDOWS\system32\services.exe
325200:04:53.156 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
325300:04:53.156 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
325400:04:53.156 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
325500:04:53.156 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
325600:04:53.156 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
325700:04:53.156 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
325800:04:53.156 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
325900:04:53.156 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
326000:04:53.156 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
326100:04:53.156 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
326200:04:53.156 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
326300:04:53.156 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
326400:04:53.156 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
326500:04:53.156 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
326600:04:53.156 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
326700:04:53.156 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
326800:04:53.156 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
326900:04:53.156 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
327000:04:53.156 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
327100:04:53.156 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
327200:04:53.156 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
327300:04:53.156 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
327400:04:53.156 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
327500:04:53.156 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
327600:04:53.156 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
327700:04:53.156 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
327800:04:53.156 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
327900:04:53.156 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
328000:04:53.156 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
328100:04:53.156 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
328200:04:53.156 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
328300:04:53.156 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
328400:04:53.156 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
328500:04:53.156 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
328600:04:53.156 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
328700:04:53.156 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
328800:04:53.156 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
328900:04:53.156 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
329000:04:53.156 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
329100:04:53.156 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
329200:04:53.156 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
329300:04:53.156 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
329400:04:53.156 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
329500:04:53.156 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
329600:04:53.156 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
329700:04:53.156 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
329800:04:53.156 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
329900:04:53.156 vminfo PID=304: C:\WINDOWS\Explorer.EXE
330000:04:53.156 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
330100:04:53.156 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
330200:04:53.156 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
330300:04:53.156 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
330400:04:53.156 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
330500:04:53.156 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
330600:04:53.156 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
330700:04:53.172 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
330800:04:53.172 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
330900:04:53.172 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
331000:04:53.172 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
331100:04:53.172 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
331200:04:53.172 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
331300:04:53.172 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
331400:04:53.172 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
331500:04:53.172 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
331600:04:53.172 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
331700:04:53.172 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
331800:04:53.172 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
331900:04:53.172 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
332000:04:53.172 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
332100:04:53.172 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
332200:04:53.172 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
332300:04:53.172 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
332400:04:53.172 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
332500:04:53.172 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
332600:04:53.172 vminfo Session 0 has 13 processes total
332700:04:53.172 vminfo Adding new user=sma-user5 (session 0) with 13 processes
332800:04:53.172 vminfo Handling session 1
332900:04:53.172 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
333000:04:53.172 vminfo Handling session 2
333100:04:53.172 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
333200:04:53.172 vminfo Handling session 3
333300:04:53.172 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
333400:04:53.172 vminfo Handling session 4
333500:04:53.172 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
333600:04:53.172 vminfo Handling session 5
333700:04:53.172 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
333800:04:53.172 vminfo Found 1 unique logged-in user(s)
333900:04:53.172 vminfo User sma-user5 has 13 processes (session 0)
334000:04:53.172 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
334100:05:00.078 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
334200:05:00.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:56.740000000Z (MinAdjust: 200 ms)
334300:05:00.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:56.755908100Z => -15 908 100 ns drift
334400:05:00.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
334500:05:03.172 vminfo Found 6 sessions
334600:05:03.172 vminfo Handling session 0
334700:05:03.172 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
334800:05:03.172 vminfo Session LogonType=2 is supported -- looking up SID + type ...
334900:05:03.188 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
335000:05:03.188 vminfo Account User=sma-user5, WTSConnectState=0 (4)
335100:05:03.188 vminfo Account User=sma-user5 using TCS/RDP, state=0
335200:05:03.188 vminfo Account User=sma-user5 is logged in
335300:05:03.188 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
335400:05:03.188 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
335500:05:03.188 vminfo Error: Unable to open process with PID=0, error=87
335600:05:03.188 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
335700:05:03.188 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
335800:05:03.188 vminfo PID=580: \SystemRoot\System32\smss.exe
335900:05:03.188 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
336000:05:03.188 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
336100:05:03.188 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
336200:05:03.188 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
336300:05:03.188 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
336400:05:03.188 vminfo PID=696: C:\WINDOWS\system32\services.exe
336500:05:03.188 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
336600:05:03.188 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
336700:05:03.188 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
336800:05:03.188 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
336900:05:03.188 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
337000:05:03.188 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
337100:05:03.188 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
337200:05:03.188 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
337300:05:03.188 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
337400:05:03.188 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
337500:05:03.188 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
337600:05:03.188 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
337700:05:03.188 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
337800:05:03.188 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
337900:05:03.188 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
338000:05:03.188 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
338100:05:03.188 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
338200:05:03.188 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
338300:05:03.188 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
338400:05:03.188 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
338500:05:03.188 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
338600:05:03.188 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
338700:05:03.188 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
338800:05:03.188 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
338900:05:03.188 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
339000:05:03.188 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
339100:05:03.188 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
339200:05:03.188 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
339300:05:03.188 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
339400:05:03.188 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
339500:05:03.188 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
339600:05:03.203 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
339700:05:03.203 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
339800:05:03.203 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
339900:05:03.203 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
340000:05:03.203 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
340100:05:03.203 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
340200:05:03.203 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
340300:05:03.203 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
340400:05:03.203 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
340500:05:03.203 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
340600:05:03.203 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
340700:05:03.203 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
340800:05:03.203 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
340900:05:03.203 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
341000:05:03.203 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
341100:05:03.203 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
341200:05:03.203 vminfo PID=304: C:\WINDOWS\Explorer.EXE
341300:05:03.203 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
341400:05:03.203 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
341500:05:03.203 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
341600:05:03.203 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
341700:05:03.203 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
341800:05:03.203 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
341900:05:03.203 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
342000:05:03.203 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
342100:05:03.203 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
342200:05:03.203 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
342300:05:03.203 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
342400:05:03.203 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
342500:05:03.203 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
342600:05:03.203 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
342700:05:03.203 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
342800:05:03.203 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
342900:05:03.203 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
343000:05:03.203 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
343100:05:03.203 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
343200:05:03.203 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
343300:05:03.203 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
343400:05:03.203 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
343500:05:03.203 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
343600:05:03.203 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
343700:05:03.203 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
343800:05:03.203 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
343900:05:03.203 vminfo Session 0 has 13 processes total
344000:05:03.203 vminfo Adding new user=sma-user5 (session 0) with 13 processes
344100:05:03.203 vminfo Handling session 1
344200:05:03.203 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
344300:05:03.203 vminfo Handling session 2
344400:05:03.219 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
344500:05:03.219 vminfo Handling session 3
344600:05:03.219 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
344700:05:03.219 vminfo Handling session 4
344800:05:03.219 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
344900:05:03.219 vminfo Handling session 5
345000:05:03.219 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
345100:05:03.219 vminfo Found 1 unique logged-in user(s)
345200:05:03.219 vminfo User sma-user5 has 13 processes (session 0)
345300:05:03.219 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
345400:05:10.172 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:06.741000000Z (MinAdjust: 200 ms)
345500:05:10.172 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:06.771533100Z => -30 533 100 ns drift
345600:05:10.172 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
345700:05:13.234 vminfo Found 6 sessions
345800:05:13.234 vminfo Handling session 0
345900:05:13.234 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
346000:05:13.234 vminfo Session LogonType=2 is supported -- looking up SID + type ...
346100:05:13.234 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
346200:05:13.250 vminfo Account User=sma-user5, WTSConnectState=0 (4)
346300:05:13.250 vminfo Account User=sma-user5 using TCS/RDP, state=0
346400:05:13.250 vminfo Account User=sma-user5 is logged in
346500:05:13.250 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
346600:05:13.250 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
346700:05:13.250 vminfo Error: Unable to open process with PID=0, error=87
346800:05:13.250 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
346900:05:13.250 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
347000:05:13.250 vminfo PID=580: \SystemRoot\System32\smss.exe
347100:05:13.250 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
347200:05:13.250 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
347300:05:13.250 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
347400:05:13.250 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
347500:05:13.250 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
347600:05:13.250 vminfo PID=696: C:\WINDOWS\system32\services.exe
347700:05:13.250 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
347800:05:13.250 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
347900:05:13.250 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
348000:05:13.250 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
348100:05:13.250 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
348200:05:13.250 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
348300:05:13.250 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
348400:05:13.250 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
348500:05:13.250 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
348600:05:13.250 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
348700:05:13.250 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
348800:05:13.250 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
348900:05:13.250 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
349000:05:13.250 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
349100:05:13.250 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
349200:05:13.250 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
349300:05:13.250 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
349400:05:13.250 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
349500:05:13.250 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
349600:05:13.250 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
349700:05:13.250 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
349800:05:13.250 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
349900:05:13.250 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
350000:05:13.250 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
350100:05:13.250 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
350200:05:13.250 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
350300:05:13.250 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
350400:05:13.250 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
350500:05:13.250 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
350600:05:13.250 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
350700:05:13.250 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
350800:05:13.250 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
350900:05:13.250 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
351000:05:13.250 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
351100:05:13.250 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
351200:05:13.250 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
351300:05:13.250 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
351400:05:13.250 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
351500:05:13.250 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
351600:05:13.250 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
351700:05:13.250 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
351800:05:13.266 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
351900:05:13.266 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081
352000:05:13.266 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe
352100:05:13.266 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
352200:05:13.266 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
352300:05:13.266 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
352400:05:13.266 vminfo PID=304: C:\WINDOWS\Explorer.EXE
352500:05:13.266 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
352600:05:13.266 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
352700:05:13.266 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
352800:05:13.266 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
352900:05:13.266 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
353000:05:13.266 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
353100:05:13.266 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
353200:05:13.266 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
353300:05:13.266 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
353400:05:13.266 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
353500:05:13.266 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
353600:05:13.266 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
353700:05:13.266 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
353800:05:13.266 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
353900:05:13.266 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
354000:05:13.266 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
354100:05:13.266 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
354200:05:13.266 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
354300:05:13.266 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
354400:05:13.266 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
354500:05:13.266 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
354600:05:13.266 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
354700:05:13.266 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
354800:05:13.266 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
354900:05:13.266 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
355000:05:13.266 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
355100:05:13.266 vminfo Session 0 has 13 processes total
355200:05:13.266 vminfo Adding new user=sma-user5 (session 0) with 13 processes
355300:05:13.266 vminfo Handling session 1
355400:05:13.266 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
355500:05:13.266 vminfo Handling session 2
355600:05:13.266 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
355700:05:13.266 vminfo Handling session 3
355800:05:13.266 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
355900:05:13.266 vminfo Handling session 4
356000:05:13.266 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
356100:05:13.266 vminfo Handling session 5
356200:05:13.266 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
356300:05:13.266 vminfo Found 1 unique logged-in user(s)
356400:05:13.266 vminfo User sma-user5 has 13 processes (session 0)
356500:05:13.266 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
356600:05:20.172 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:16.740000000Z (MinAdjust: 200 ms)
356700:05:20.172 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:16.771533100Z => -31 533 100 ns drift
356800:05:20.172 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
356900:05:23.281 vminfo Found 6 sessions
357000:05:23.281 vminfo Handling session 0
357100:05:23.281 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
357200:05:23.281 vminfo Session LogonType=2 is supported -- looking up SID + type ...
357300:05:23.281 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
357400:05:23.297 vminfo Account User=sma-user5, WTSConnectState=0 (4)
357500:05:23.297 vminfo Account User=sma-user5 using TCS/RDP, state=0
357600:05:23.297 vminfo Account User=sma-user5 is logged in
357700:05:23.297 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
357800:05:23.297 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
357900:05:23.297 vminfo Error: Unable to open process with PID=0, error=87
358000:05:23.297 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
358100:05:23.297 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
358200:05:23.297 vminfo PID=580: \SystemRoot\System32\smss.exe
358300:05:23.297 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
358400:05:23.297 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
358500:05:23.297 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
358600:05:23.297 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
358700:05:23.297 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
358800:05:23.297 vminfo PID=696: C:\WINDOWS\system32\services.exe
358900:05:23.297 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
359000:05:23.297 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
359100:05:23.297 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
359200:05:23.297 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
359300:05:23.297 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
359400:05:23.297 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
359500:05:23.297 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
359600:05:23.297 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
359700:05:23.297 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
359800:05:23.297 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
359900:05:23.297 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
360000:05:23.297 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
360100:05:23.297 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
360200:05:23.297 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
360300:05:23.297 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
360400:05:23.297 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
360500:05:23.297 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
360600:05:23.297 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
360700:05:23.297 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
360800:05:23.297 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
360900:05:23.297 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
361000:05:23.297 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
361100:05:23.297 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
361200:05:23.297 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
361300:05:23.297 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
361400:05:23.297 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
361500:05:23.297 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
361600:05:23.297 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
361700:05:23.297 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
361800:05:23.297 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
361900:05:23.297 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
362000:05:23.297 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
362100:05:23.297 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
362200:05:23.297 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
362300:05:23.297 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
362400:05:23.297 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
362500:05:23.297 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
362600:05:23.297 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
362700:05:23.297 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
362800:05:23.297 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
362900:05:23.297 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
363000:05:23.297 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
363100:05:23.297 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
363200:05:23.297 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
363300:05:23.297 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
363400:05:23.297 vminfo PID=304: C:\WINDOWS\Explorer.EXE
363500:05:23.297 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081
363600:05:23.297 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe
363700:05:23.297 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
363800:05:23.297 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
363900:05:23.297 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081
364000:05:23.297 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
364100:05:23.297 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
364200:05:23.297 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
364300:05:23.297 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
364400:05:23.297 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
364500:05:23.297 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
364600:05:23.297 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
364700:05:23.297 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
364800:05:23.297 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
364900:05:23.297 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
365000:05:23.297 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
365100:05:23.297 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
365200:05:23.297 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
365300:05:23.297 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
365400:05:23.313 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
365500:05:23.313 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
365600:05:23.313 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
365700:05:23.313 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
365800:05:23.313 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
365900:05:23.313 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
366000:05:23.313 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
366100:05:23.313 vminfo Session 0 has 13 processes total
366200:05:23.313 vminfo Adding new user=sma-user5 (session 0) with 13 processes
366300:05:23.313 vminfo Handling session 1
366400:05:23.313 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
366500:05:23.313 vminfo Handling session 2
366600:05:23.313 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
366700:05:23.313 vminfo Handling session 3
366800:05:23.313 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
366900:05:23.313 vminfo Handling session 4
367000:05:23.313 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
367100:05:23.313 vminfo Handling session 5
367200:05:23.313 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
367300:05:23.313 vminfo Found 1 unique logged-in user(s)
367400:05:23.313 vminfo User sma-user5 has 13 processes (session 0)
367500:05:23.313 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
367600:05:30.172 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:26.740000000Z (MinAdjust: 200 ms)
367700:05:30.172 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:26.771533100Z => -31 533 100 ns drift
367800:05:30.172 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
367900:05:33.313 vminfo Found 6 sessions
368000:05:33.313 vminfo Handling session 0
368100:05:33.313 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
368200:05:33.313 vminfo Session LogonType=2 is supported -- looking up SID + type ...
368300:05:33.328 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
368400:05:33.328 vminfo Account User=sma-user5, WTSConnectState=0 (4)
368500:05:33.328 vminfo Account User=sma-user5 using TCS/RDP, state=0
368600:05:33.328 vminfo Account User=sma-user5 is logged in
368700:05:33.328 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
368800:05:33.328 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
368900:05:33.328 vminfo Error: Unable to open process with PID=0, error=87
369000:05:33.328 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
369100:05:33.328 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
369200:05:33.328 vminfo PID=580: \SystemRoot\System32\smss.exe
369300:05:33.328 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
369400:05:33.328 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
369500:05:33.328 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
369600:05:33.328 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
369700:05:33.328 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
369800:05:33.328 vminfo PID=696: C:\WINDOWS\system32\services.exe
369900:05:33.328 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
370000:05:33.328 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
370100:05:33.328 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
370200:05:33.328 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
370300:05:33.328 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
370400:05:33.328 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
370500:05:33.328 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
370600:05:33.328 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
370700:05:33.328 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
370800:05:33.328 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
370900:05:33.328 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
371000:05:33.328 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
371100:05:33.328 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
371200:05:33.328 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
371300:05:33.328 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
371400:05:33.328 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
371500:05:33.328 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
371600:05:33.328 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
371700:05:33.328 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
371800:05:33.328 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
371900:05:33.328 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
372000:05:33.328 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
372100:05:33.328 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
372200:05:33.328 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
372300:05:33.328 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
372400:05:33.328 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
372500:05:33.328 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
372600:05:33.328 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
372700:05:33.328 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
372800:05:33.328 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
372900:05:33.328 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
373000:05:33.328 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
373100:05:33.328 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
373200:05:33.328 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
373300:05:33.328 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
373400:05:33.328 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
373500:05:33.328 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
373600:05:33.328 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
373700:05:33.328 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
373800:05:33.328 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
373900:05:33.328 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
374000:05:33.328 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
374100:05:33.328 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
374200:05:33.344 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
374300:05:33.344 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
374400:05:33.344 vminfo PID=304: C:\WINDOWS\Explorer.EXE
374500:05:33.344 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
374600:05:33.344 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
374700:05:33.344 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
374800:05:33.344 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
374900:05:33.344 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
375000:05:33.344 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
375100:05:33.344 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
375200:05:33.344 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
375300:05:33.344 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
375400:05:33.344 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
375500:05:33.344 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
375600:05:33.344 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
375700:05:33.344 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
375800:05:33.344 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
375900:05:33.344 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
376000:05:33.344 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
376100:05:33.344 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
376200:05:33.344 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
376300:05:33.344 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
376400:05:33.344 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
376500:05:33.344 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
376600:05:33.344 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
376700:05:33.344 vminfo Session 0 has 11 processes total
376800:05:33.344 vminfo Adding new user=sma-user5 (session 0) with 11 processes
376900:05:33.344 vminfo Handling session 1
377000:05:33.344 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
377100:05:33.344 vminfo Handling session 2
377200:05:33.344 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
377300:05:33.344 vminfo Handling session 3
377400:05:33.344 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
377500:05:33.344 vminfo Handling session 4
377600:05:33.344 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
377700:05:33.344 vminfo Handling session 5
377800:05:33.344 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
377900:05:33.344 vminfo Found 1 unique logged-in user(s)
378000:05:33.344 vminfo User sma-user5 has 11 processes (session 0)
378100:05:33.344 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
378200:05:40.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:36.740000000Z (MinAdjust: 200 ms)
378300:05:40.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:36.787158100Z => -47 158 100 ns drift
378400:05:40.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
378500:05:43.359 vminfo Found 6 sessions
378600:05:43.359 vminfo Handling session 0
378700:05:43.359 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
378800:05:43.359 vminfo Session LogonType=2 is supported -- looking up SID + type ...
378900:05:43.375 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
379000:05:43.375 vminfo Account User=sma-user5, WTSConnectState=0 (4)
379100:05:43.375 vminfo Account User=sma-user5 using TCS/RDP, state=0
379200:05:43.375 vminfo Account User=sma-user5 is logged in
379300:05:43.375 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
379400:05:43.375 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
379500:05:43.375 vminfo Error: Unable to open process with PID=0, error=87
379600:05:43.375 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
379700:05:43.375 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
379800:05:43.375 vminfo PID=580: \SystemRoot\System32\smss.exe
379900:05:43.375 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
380000:05:43.375 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
380100:05:43.375 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
380200:05:43.375 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
380300:05:43.375 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
380400:05:43.375 vminfo PID=696: C:\WINDOWS\system32\services.exe
380500:05:43.375 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
380600:05:43.375 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
380700:05:43.375 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
380800:05:43.375 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
380900:05:43.375 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
381000:05:43.375 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
381100:05:43.375 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
381200:05:43.375 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
381300:05:43.375 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
381400:05:43.375 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
381500:05:43.375 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
381600:05:43.375 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
381700:05:43.375 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
381800:05:43.375 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
381900:05:43.375 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
382000:05:43.375 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
382100:05:43.375 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
382200:05:43.375 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
382300:05:43.375 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
382400:05:43.375 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
382500:05:43.375 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
382600:05:43.375 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
382700:05:43.375 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
382800:05:43.375 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
382900:05:43.375 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
383000:05:43.375 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
383100:05:43.375 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
383200:05:43.375 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
383300:05:43.375 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
383400:05:43.391 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
383500:05:43.391 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
383600:05:43.391 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
383700:05:43.391 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
383800:05:43.391 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
383900:05:43.391 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
384000:05:43.391 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
384100:05:43.391 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
384200:05:43.391 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
384300:05:43.391 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
384400:05:43.391 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
384500:05:43.391 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
384600:05:43.391 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
384700:05:43.391 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
384800:05:43.391 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
384900:05:43.391 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
385000:05:43.391 vminfo PID=304: C:\WINDOWS\Explorer.EXE
385100:05:43.391 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
385200:05:43.391 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
385300:05:43.391 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
385400:05:43.391 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
385500:05:43.391 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
385600:05:43.391 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
385700:05:43.391 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
385800:05:43.391 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
385900:05:43.391 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
386000:05:43.391 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
386100:05:43.391 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
386200:05:43.391 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
386300:05:43.391 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
386400:05:43.391 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
386500:05:43.391 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
386600:05:43.391 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
386700:05:43.391 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
386800:05:43.391 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
386900:05:43.391 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
387000:05:43.391 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
387100:05:43.391 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
387200:05:43.391 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
387300:05:43.391 vminfo Session 0 has 11 processes total
387400:05:43.391 vminfo Adding new user=sma-user5 (session 0) with 11 processes
387500:05:43.391 vminfo Handling session 1
387600:05:43.391 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
387700:05:43.391 vminfo Handling session 2
387800:05:43.391 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
387900:05:43.391 vminfo Handling session 3
388000:05:43.391 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
388100:05:43.391 vminfo Handling session 4
388200:05:43.391 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
388300:05:43.391 vminfo Handling session 5
388400:05:43.391 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
388500:05:43.391 vminfo Found 1 unique logged-in user(s)
388600:05:43.391 vminfo User sma-user5 has 11 processes (session 0)
388700:05:43.391 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
388800:05:50.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:46.724000000Z (MinAdjust: 200 ms)
388900:05:50.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:46.787158100Z => -63 158 100 ns drift
389000:05:50.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
389100:05:53.406 vminfo Found 6 sessions
389200:05:53.406 vminfo Handling session 0
389300:05:53.406 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
389400:05:53.406 vminfo Session LogonType=2 is supported -- looking up SID + type ...
389500:05:53.406 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
389600:05:53.406 vminfo Account User=sma-user5, WTSConnectState=0 (4)
389700:05:53.406 vminfo Account User=sma-user5 using TCS/RDP, state=0
389800:05:53.406 vminfo Account User=sma-user5 is logged in
389900:05:53.406 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
390000:05:53.406 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
390100:05:53.406 vminfo Error: Unable to open process with PID=0, error=87
390200:05:53.406 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
390300:05:53.406 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
390400:05:53.406 vminfo PID=580: \SystemRoot\System32\smss.exe
390500:05:53.406 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
390600:05:53.422 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
390700:05:53.422 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
390800:05:53.422 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
390900:05:53.422 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
391000:05:53.422 vminfo PID=696: C:\WINDOWS\system32\services.exe
391100:05:53.422 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
391200:05:53.422 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
391300:05:53.422 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
391400:05:53.422 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
391500:05:53.422 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
391600:05:53.422 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
391700:05:53.422 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
391800:05:53.422 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
391900:05:53.422 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
392000:05:53.422 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
392100:05:53.422 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
392200:05:53.422 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
392300:05:53.422 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
392400:05:53.422 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
392500:05:53.422 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
392600:05:53.422 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
392700:05:53.422 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
392800:05:53.422 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
392900:05:53.422 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
393000:05:53.422 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
393100:05:53.422 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
393200:05:53.422 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
393300:05:53.422 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
393400:05:53.422 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
393500:05:53.422 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
393600:05:53.422 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
393700:05:53.422 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
393800:05:53.422 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
393900:05:53.422 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
394000:05:53.422 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
394100:05:53.422 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
394200:05:53.422 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
394300:05:53.422 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
394400:05:53.422 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
394500:05:53.422 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
394600:05:53.422 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
394700:05:53.422 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
394800:05:53.422 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
394900:05:53.422 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
395000:05:53.422 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
395100:05:53.422 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
395200:05:53.422 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
395300:05:53.422 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
395400:05:53.422 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
395500:05:53.422 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
395600:05:53.422 vminfo PID=304: C:\WINDOWS\Explorer.EXE
395700:05:53.422 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
395800:05:53.422 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
395900:05:53.422 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
396000:05:53.422 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
396100:05:53.422 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
396200:05:53.422 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
396300:05:53.422 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
396400:05:53.422 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
396500:05:53.422 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
396600:05:53.422 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
396700:05:53.422 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
396800:05:53.422 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
396900:05:53.422 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
397000:05:53.422 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
397100:05:53.422 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
397200:05:53.422 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
397300:05:53.422 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
397400:05:53.422 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
397500:05:53.422 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
397600:05:53.422 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
397700:05:53.422 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
397800:05:53.422 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
397900:05:53.422 vminfo Session 0 has 11 processes total
398000:05:53.422 vminfo Adding new user=sma-user5 (session 0) with 11 processes
398100:05:53.422 vminfo Handling session 1
398200:05:53.422 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
398300:05:53.422 vminfo Handling session 2
398400:05:53.422 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
398500:05:53.422 vminfo Handling session 3
398600:05:53.422 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
398700:05:53.422 vminfo Handling session 4
398800:05:53.422 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
398900:05:53.422 vminfo Handling session 5
399000:05:53.422 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
399100:05:53.422 vminfo Found 1 unique logged-in user(s)
399200:05:53.422 vminfo User sma-user5 has 11 processes (session 0)
399300:05:53.422 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
399400:06:00.094 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
399500:06:00.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:56.724000000Z (MinAdjust: 200 ms)
399600:06:00.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:56.787158100Z => -63 158 100 ns drift
399700:06:00.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
399800:06:03.438 vminfo Found 6 sessions
399900:06:03.438 vminfo Handling session 0
400000:06:03.438 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
400100:06:03.438 vminfo Session LogonType=2 is supported -- looking up SID + type ...
400200:06:03.438 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
400300:06:03.453 vminfo Account User=sma-user5, WTSConnectState=0 (4)
400400:06:03.453 vminfo Account User=sma-user5 using TCS/RDP, state=0
400500:06:03.453 vminfo Account User=sma-user5 is logged in
400600:06:03.453 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
400700:06:03.453 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
400800:06:03.453 vminfo Error: Unable to open process with PID=0, error=87
400900:06:03.453 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
401000:06:03.453 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
401100:06:03.453 vminfo PID=580: \SystemRoot\System32\smss.exe
401200:06:03.453 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
401300:06:03.453 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
401400:06:03.453 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
401500:06:03.453 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
401600:06:03.453 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
401700:06:03.453 vminfo PID=696: C:\WINDOWS\system32\services.exe
401800:06:03.453 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
401900:06:03.453 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
402000:06:03.453 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
402100:06:03.453 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
402200:06:03.453 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
402300:06:03.453 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
402400:06:03.453 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
402500:06:03.453 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
402600:06:03.453 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
402700:06:03.453 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
402800:06:03.453 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
402900:06:03.453 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
403000:06:03.453 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
403100:06:03.453 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
403200:06:03.453 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
403300:06:03.453 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
403400:06:03.453 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
403500:06:03.453 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
403600:06:03.453 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
403700:06:03.453 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
403800:06:03.453 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
403900:06:03.453 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
404000:06:03.453 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
404100:06:03.453 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
404200:06:03.453 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
404300:06:03.453 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
404400:06:03.453 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
404500:06:03.453 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
404600:06:03.453 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
404700:06:03.453 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
404800:06:03.453 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
404900:06:03.453 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
405000:06:03.453 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
405100:06:03.453 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
405200:06:03.453 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
405300:06:03.453 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
405400:06:03.453 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
405500:06:03.453 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
405600:06:03.453 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
405700:06:03.453 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
405800:06:03.453 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
405900:06:03.453 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
406000:06:03.453 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
406100:06:03.453 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
406200:06:03.453 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
406300:06:03.453 vminfo PID=304: C:\WINDOWS\Explorer.EXE
406400:06:03.453 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
406500:06:03.453 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
406600:06:03.453 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
406700:06:03.453 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
406800:06:03.453 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
406900:06:03.453 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
407000:06:03.453 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
407100:06:03.453 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
407200:06:03.453 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
407300:06:03.453 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
407400:06:03.453 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
407500:06:03.453 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
407600:06:03.453 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
407700:06:03.453 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
407800:06:03.453 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
407900:06:03.453 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
408000:06:03.453 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
408100:06:03.453 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
408200:06:03.453 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
408300:06:03.469 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
408400:06:03.469 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
408500:06:03.469 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
408600:06:03.469 vminfo Session 0 has 11 processes total
408700:06:03.469 vminfo Adding new user=sma-user5 (session 0) with 11 processes
408800:06:03.469 vminfo Handling session 1
408900:06:03.469 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
409000:06:03.469 vminfo Handling session 2
409100:06:03.469 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
409200:06:03.469 vminfo Handling session 3
409300:06:03.469 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
409400:06:03.469 vminfo Handling session 4
409500:06:03.469 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
409600:06:03.469 vminfo Handling session 5
409700:06:03.469 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
409800:06:03.469 vminfo Found 1 unique logged-in user(s)
409900:06:03.469 vminfo User sma-user5 has 11 processes (session 0)
410000:06:03.469 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
410100:06:10.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:06.724000000Z (MinAdjust: 200 ms)
410200:06:10.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:06.787158100Z => -63 158 100 ns drift
410300:06:10.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
410400:06:13.469 vminfo Found 6 sessions
410500:06:13.469 vminfo Handling session 0
410600:06:13.469 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
410700:06:13.469 vminfo Session LogonType=2 is supported -- looking up SID + type ...
410800:06:13.469 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
410900:06:13.469 vminfo Account User=sma-user5, WTSConnectState=0 (4)
411000:06:13.469 vminfo Account User=sma-user5 using TCS/RDP, state=0
411100:06:13.469 vminfo Account User=sma-user5 is logged in
411200:06:13.469 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
411300:06:13.469 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
411400:06:13.469 vminfo Error: Unable to open process with PID=0, error=87
411500:06:13.484 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
411600:06:13.484 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
411700:06:13.484 vminfo PID=580: \SystemRoot\System32\smss.exe
411800:06:13.484 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
411900:06:13.484 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
412000:06:13.484 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
412100:06:13.484 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
412200:06:13.484 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
412300:06:13.484 vminfo PID=696: C:\WINDOWS\system32\services.exe
412400:06:13.484 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
412500:06:13.484 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
412600:06:13.484 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
412700:06:13.484 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
412800:06:13.484 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
412900:06:13.484 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
413000:06:13.484 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
413100:06:13.484 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
413200:06:13.484 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
413300:06:13.484 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
413400:06:13.484 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
413500:06:13.484 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
413600:06:13.484 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
413700:06:13.484 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
413800:06:13.484 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
413900:06:13.484 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
414000:06:13.484 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
414100:06:13.484 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
414200:06:13.484 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
414300:06:13.484 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
414400:06:13.484 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
414500:06:13.484 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
414600:06:13.484 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
414700:06:13.484 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
414800:06:13.484 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
414900:06:13.484 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
415000:06:13.484 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
415100:06:13.484 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
415200:06:13.484 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
415300:06:13.484 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
415400:06:13.484 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
415500:06:13.484 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
415600:06:13.484 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
415700:06:13.484 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
415800:06:13.484 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
415900:06:13.484 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
416000:06:13.484 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
416100:06:13.484 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
416200:06:13.484 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
416300:06:13.484 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
416400:06:13.484 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
416500:06:13.484 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
416600:06:13.484 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
416700:06:13.484 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
416800:06:13.484 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
416900:06:13.484 vminfo PID=304: C:\WINDOWS\Explorer.EXE
417000:06:13.484 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
417100:06:13.484 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
417200:06:13.484 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
417300:06:13.484 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
417400:06:13.484 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
417500:06:13.484 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
417600:06:13.484 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
417700:06:13.484 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
417800:06:13.484 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
417900:06:13.484 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
418000:06:13.484 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
418100:06:13.484 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
418200:06:13.484 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
418300:06:13.484 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
418400:06:13.484 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
418500:06:13.484 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
418600:06:13.484 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
418700:06:13.484 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
418800:06:13.484 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
418900:06:13.484 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
419000:06:13.484 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
419100:06:13.484 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
419200:06:13.484 vminfo Session 0 has 11 processes total
419300:06:13.484 vminfo Adding new user=sma-user5 (session 0) with 11 processes
419400:06:13.484 vminfo Handling session 1
419500:06:13.484 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
419600:06:13.484 vminfo Handling session 2
419700:06:13.500 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
419800:06:13.500 vminfo Handling session 3
419900:06:13.500 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
420000:06:13.500 vminfo Handling session 4
420100:06:13.500 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
420200:06:13.500 vminfo Handling session 5
420300:06:13.500 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
420400:06:13.500 vminfo Found 1 unique logged-in user(s)
420500:06:13.500 vminfo User sma-user5 has 11 processes (session 0)
420600:06:13.500 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
420700:06:20.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:16.724000000Z (MinAdjust: 200 ms)
420800:06:20.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:16.802783100Z => -78 783 100 ns drift
420900:06:20.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
421000:06:23.516 vminfo Found 6 sessions
421100:06:23.516 vminfo Handling session 0
421200:06:23.516 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
421300:06:23.516 vminfo Session LogonType=2 is supported -- looking up SID + type ...
421400:06:23.516 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
421500:06:23.531 vminfo Account User=sma-user5, WTSConnectState=0 (4)
421600:06:23.531 vminfo Account User=sma-user5 using TCS/RDP, state=0
421700:06:23.531 vminfo Account User=sma-user5 is logged in
421800:06:23.531 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
421900:06:23.531 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
422000:06:23.531 vminfo Error: Unable to open process with PID=0, error=87
422100:06:23.531 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
422200:06:23.531 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
422300:06:23.531 vminfo PID=580: \SystemRoot\System32\smss.exe
422400:06:23.531 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
422500:06:23.531 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
422600:06:23.531 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
422700:06:23.531 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
422800:06:23.531 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
422900:06:23.531 vminfo PID=696: C:\WINDOWS\system32\services.exe
423000:06:23.531 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
423100:06:23.531 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
423200:06:23.531 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
423300:06:23.531 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
423400:06:23.531 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
423500:06:23.531 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
423600:06:23.531 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
423700:06:23.531 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
423800:06:23.531 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
423900:06:23.531 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
424000:06:23.531 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
424100:06:23.531 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
424200:06:23.531 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
424300:06:23.531 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
424400:06:23.531 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
424500:06:23.531 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
424600:06:23.531 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
424700:06:23.531 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
424800:06:23.531 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
424900:06:23.531 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
425000:06:23.531 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
425100:06:23.531 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
425200:06:23.531 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
425300:06:23.531 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
425400:06:23.531 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
425500:06:23.531 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
425600:06:23.531 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
425700:06:23.531 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
425800:06:23.531 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
425900:06:23.531 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
426000:06:23.531 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
426100:06:23.531 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
426200:06:23.531 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
426300:06:23.531 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
426400:06:23.531 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
426500:06:23.531 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
426600:06:23.531 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
426700:06:23.531 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
426800:06:23.531 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
426900:06:23.531 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
427000:06:23.531 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
427100:06:23.547 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
427200:06:23.547 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
427300:06:23.547 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
427400:06:23.547 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
427500:06:23.547 vminfo PID=304: C:\WINDOWS\Explorer.EXE
427600:06:23.547 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
427700:06:23.547 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
427800:06:23.547 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
427900:06:23.547 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
428000:06:23.547 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
428100:06:23.547 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
428200:06:23.547 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
428300:06:23.547 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
428400:06:23.547 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
428500:06:23.547 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
428600:06:23.547 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
428700:06:23.547 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
428800:06:23.547 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
428900:06:23.547 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
429000:06:23.547 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
429100:06:23.547 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
429200:06:23.547 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
429300:06:23.547 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
429400:06:23.547 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
429500:06:23.547 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
429600:06:23.547 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
429700:06:23.547 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
429800:06:23.547 vminfo Session 0 has 11 processes total
429900:06:23.547 vminfo Adding new user=sma-user5 (session 0) with 11 processes
430000:06:23.547 vminfo Handling session 1
430100:06:23.547 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
430200:06:23.547 vminfo Handling session 2
430300:06:23.547 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
430400:06:23.547 vminfo Handling session 3
430500:06:23.547 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
430600:06:23.547 vminfo Handling session 4
430700:06:23.547 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
430800:06:23.547 vminfo Handling session 5
430900:06:23.547 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
431000:06:23.547 vminfo Found 1 unique logged-in user(s)
431100:06:23.547 vminfo User sma-user5 has 11 processes (session 0)
431200:06:23.547 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
431300:06:30.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:26.724000000Z (MinAdjust: 200 ms)
431400:06:30.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:26.802783100Z => -78 783 100 ns drift
431500:06:30.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
431600:06:33.547 vminfo Found 6 sessions
431700:06:33.547 vminfo Handling session 0
431800:06:33.547 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
431900:06:33.547 vminfo Session LogonType=2 is supported -- looking up SID + type ...
432000:06:33.563 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
432100:06:33.563 vminfo Account User=sma-user5, WTSConnectState=0 (4)
432200:06:33.563 vminfo Account User=sma-user5 using TCS/RDP, state=0
432300:06:33.563 vminfo Account User=sma-user5 is logged in
432400:06:33.563 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
432500:06:33.563 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
432600:06:33.563 vminfo Error: Unable to open process with PID=0, error=87
432700:06:33.563 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
432800:06:33.563 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
432900:06:33.563 vminfo PID=580: \SystemRoot\System32\smss.exe
433000:06:33.563 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
433100:06:33.563 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
433200:06:33.563 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
433300:06:33.563 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
433400:06:33.563 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
433500:06:33.563 vminfo PID=696: C:\WINDOWS\system32\services.exe
433600:06:33.563 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
433700:06:33.563 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
433800:06:33.563 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
433900:06:33.563 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
434000:06:33.563 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
434100:06:33.563 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
434200:06:33.563 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
434300:06:33.563 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
434400:06:33.563 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
434500:06:33.563 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
434600:06:33.563 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
434700:06:33.563 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
434800:06:33.563 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
434900:06:33.563 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
435000:06:33.563 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
435100:06:33.563 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
435200:06:33.563 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
435300:06:33.563 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
435400:06:33.563 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
435500:06:33.563 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
435600:06:33.563 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
435700:06:33.563 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
435800:06:33.563 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
435900:06:33.563 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
436000:06:33.563 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
436100:06:33.563 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
436200:06:33.563 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
436300:06:33.563 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
436400:06:33.563 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
436500:06:33.563 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
436600:06:33.563 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
436700:06:33.578 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
436800:06:33.578 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
436900:06:33.578 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
437000:06:33.578 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
437100:06:33.578 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
437200:06:33.578 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
437300:06:33.578 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
437400:06:33.578 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
437500:06:33.578 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
437600:06:33.578 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
437700:06:33.578 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
437800:06:33.578 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
437900:06:33.578 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
438000:06:33.578 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
438100:06:33.578 vminfo PID=304: C:\WINDOWS\Explorer.EXE
438200:06:33.578 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
438300:06:33.578 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
438400:06:33.578 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
438500:06:33.578 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
438600:06:33.578 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
438700:06:33.578 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
438800:06:33.578 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
438900:06:33.578 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
439000:06:33.578 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
439100:06:33.578 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
439200:06:33.578 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
439300:06:33.578 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
439400:06:33.578 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
439500:06:33.578 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
439600:06:33.578 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
439700:06:33.578 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
439800:06:33.578 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
439900:06:33.578 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
440000:06:33.578 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
440100:06:33.578 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
440200:06:33.578 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
440300:06:33.578 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
440400:06:33.578 vminfo Session 0 has 11 processes total
440500:06:33.578 vminfo Adding new user=sma-user5 (session 0) with 11 processes
440600:06:33.578 vminfo Handling session 1
440700:06:33.578 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
440800:06:33.578 vminfo Handling session 2
440900:06:33.578 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
441000:06:33.578 vminfo Handling session 3
441100:06:33.578 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
441200:06:33.578 vminfo Handling session 4
441300:06:33.578 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
441400:06:33.578 vminfo Handling session 5
441500:06:33.578 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
441600:06:33.578 vminfo Found 1 unique logged-in user(s)
441700:06:33.578 vminfo User sma-user5 has 11 processes (session 0)
441800:06:33.578 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
441900:06:40.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:36.724000000Z (MinAdjust: 200 ms)
442000:06:40.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:36.802783100Z => -78 783 100 ns drift
442100:06:40.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
442200:06:43.594 vminfo Found 6 sessions
442300:06:43.594 vminfo Handling session 0
442400:06:43.594 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
442500:06:43.594 vminfo Session LogonType=2 is supported -- looking up SID + type ...
442600:06:43.594 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
442700:06:43.609 vminfo Account User=sma-user5, WTSConnectState=0 (4)
442800:06:43.609 vminfo Account User=sma-user5 using TCS/RDP, state=0
442900:06:43.609 vminfo Account User=sma-user5 is logged in
443000:06:43.609 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
443100:06:43.609 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
443200:06:43.609 vminfo Error: Unable to open process with PID=0, error=87
443300:06:43.609 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
443400:06:43.609 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
443500:06:43.609 vminfo PID=580: \SystemRoot\System32\smss.exe
443600:06:43.609 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
443700:06:43.609 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
443800:06:43.609 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
443900:06:43.609 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
444000:06:43.609 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
444100:06:43.609 vminfo PID=696: C:\WINDOWS\system32\services.exe
444200:06:43.609 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
444300:06:43.609 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
444400:06:43.609 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
444500:06:43.609 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
444600:06:43.609 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
444700:06:43.609 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
444800:06:43.609 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
444900:06:43.609 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
445000:06:43.609 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
445100:06:43.609 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
445200:06:43.609 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
445300:06:43.609 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
445400:06:43.609 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
445500:06:43.609 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
445600:06:43.609 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
445700:06:43.609 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
445800:06:43.609 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
445900:06:43.609 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
446000:06:43.609 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
446100:06:43.609 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
446200:06:43.609 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
446300:06:43.609 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
446400:06:43.609 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
446500:06:43.609 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
446600:06:43.609 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
446700:06:43.609 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
446800:06:43.609 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
446900:06:43.609 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
447000:06:43.609 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
447100:06:43.609 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
447200:06:43.609 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
447300:06:43.609 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
447400:06:43.609 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
447500:06:43.609 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
447600:06:43.609 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
447700:06:43.609 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
447800:06:43.609 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
447900:06:43.609 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
448000:06:43.609 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
448100:06:43.609 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
448200:06:43.609 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
448300:06:43.609 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
448400:06:43.609 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
448500:06:43.609 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
448600:06:43.609 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
448700:06:43.609 vminfo PID=304: C:\WINDOWS\Explorer.EXE
448800:06:43.609 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
448900:06:43.609 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
449000:06:43.609 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
449100:06:43.609 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
449200:06:43.609 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
449300:06:43.609 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
449400:06:43.609 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
449500:06:43.609 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
449600:06:43.609 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
449700:06:43.609 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
449800:06:43.609 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
449900:06:43.625 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
450000:06:43.625 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
450100:06:43.625 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
450200:06:43.625 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
450300:06:43.625 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
450400:06:43.625 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
450500:06:43.625 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
450600:06:43.625 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
450700:06:43.625 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
450800:06:43.625 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
450900:06:43.625 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
451000:06:43.625 vminfo Session 0 has 11 processes total
451100:06:43.625 vminfo Adding new user=sma-user5 (session 0) with 11 processes
451200:06:43.625 vminfo Handling session 1
451300:06:43.625 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
451400:06:43.625 vminfo Handling session 2
451500:06:43.625 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
451600:06:43.625 vminfo Handling session 3
451700:06:43.625 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
451800:06:43.625 vminfo Handling session 4
451900:06:43.625 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
452000:06:43.625 vminfo Handling session 5
452100:06:43.625 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
452200:06:43.625 vminfo Found 1 unique logged-in user(s)
452300:06:43.625 vminfo User sma-user5 has 11 processes (session 0)
452400:06:43.625 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
452500:06:50.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:46.724000000Z (MinAdjust: 200 ms)
452600:06:50.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:46.802783100Z => -78 783 100 ns drift
452700:06:50.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
452800:06:53.625 vminfo Found 6 sessions
452900:06:53.625 vminfo Handling session 0
453000:06:53.625 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
453100:06:53.625 vminfo Session LogonType=2 is supported -- looking up SID + type ...
453200:06:53.625 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
453300:06:53.625 vminfo Account User=sma-user5, WTSConnectState=0 (4)
453400:06:53.625 vminfo Account User=sma-user5 using TCS/RDP, state=0
453500:06:53.625 vminfo Account User=sma-user5 is logged in
453600:06:53.625 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
453700:06:53.625 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
453800:06:53.625 vminfo Error: Unable to open process with PID=0, error=87
453900:06:53.625 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
454000:06:53.625 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
454100:06:53.625 vminfo PID=580: \SystemRoot\System32\smss.exe
454200:06:53.625 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
454300:06:53.641 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
454400:06:53.641 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
454500:06:53.641 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
454600:06:53.641 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
454700:06:53.641 vminfo PID=696: C:\WINDOWS\system32\services.exe
454800:06:53.641 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
454900:06:53.641 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
455000:06:53.641 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
455100:06:53.641 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
455200:06:53.641 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
455300:06:53.641 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
455400:06:53.641 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
455500:06:53.641 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
455600:06:53.641 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
455700:06:53.641 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
455800:06:53.641 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
455900:06:53.641 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
456000:06:53.641 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
456100:06:53.641 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
456200:06:53.641 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
456300:06:53.641 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
456400:06:53.641 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
456500:06:53.641 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
456600:06:53.641 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
456700:06:53.641 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
456800:06:53.641 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
456900:06:53.641 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
457000:06:53.641 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
457100:06:53.641 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
457200:06:53.641 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
457300:06:53.641 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
457400:06:53.641 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
457500:06:53.641 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
457600:06:53.641 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
457700:06:53.641 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
457800:06:53.641 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
457900:06:53.641 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
458000:06:53.641 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
458100:06:53.641 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
458200:06:53.641 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
458300:06:53.641 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
458400:06:53.641 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
458500:06:53.641 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
458600:06:53.641 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
458700:06:53.641 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
458800:06:53.641 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
458900:06:53.641 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
459000:06:53.641 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
459100:06:53.641 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
459200:06:53.641 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
459300:06:53.641 vminfo PID=304: C:\WINDOWS\Explorer.EXE
459400:06:53.641 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
459500:06:53.641 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
459600:06:53.641 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
459700:06:53.641 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
459800:06:53.641 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
459900:06:53.641 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
460000:06:53.641 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
460100:06:53.641 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
460200:06:53.641 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
460300:06:53.641 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
460400:06:53.641 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
460500:06:53.641 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
460600:06:53.641 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
460700:06:53.641 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
460800:06:53.641 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
460900:06:53.641 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
461000:06:53.641 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
461100:06:53.641 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
461200:06:53.641 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
461300:06:53.641 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
461400:06:53.641 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081
461500:06:53.641 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe
461600:06:53.641 vminfo PID=2412: (Interactive: true ) 0:69081 <-> 0:69081
461700:06:53.641 vminfo PID=2412: C:\WINDOWS\system32\dumprep.exe
461800:06:53.641 vminfo Session 0 has 12 processes total
461900:06:53.641 vminfo Adding new user=sma-user5 (session 0) with 12 processes
462000:06:53.641 vminfo Handling session 1
462100:06:53.641 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
462200:06:53.641 vminfo Handling session 2
462300:06:53.641 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
462400:06:53.641 vminfo Handling session 3
462500:06:53.641 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
462600:06:53.641 vminfo Handling session 4
462700:06:53.641 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
462800:06:53.641 vminfo Handling session 5
462900:06:53.656 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
463000:06:53.656 vminfo Found 1 unique logged-in user(s)
463100:06:53.656 vminfo User sma-user5 has 12 processes (session 0)
463200:06:53.656 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
463300:07:00.109 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
463400:07:00.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:56.724000000Z (MinAdjust: 200 ms)
463500:07:00.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:56.818408100Z => -94 408 100 ns drift
463600:07:00.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
463700:07:03.672 vminfo Found 6 sessions
463800:07:03.672 vminfo Handling session 0
463900:07:03.672 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
464000:07:03.672 vminfo Session LogonType=2 is supported -- looking up SID + type ...
464100:07:03.688 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
464200:07:03.688 vminfo Account User=sma-user5, WTSConnectState=0 (4)
464300:07:03.688 vminfo Account User=sma-user5 using TCS/RDP, state=0
464400:07:03.688 vminfo Account User=sma-user5 is logged in
464500:07:03.688 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
464600:07:03.688 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
464700:07:03.688 vminfo Error: Unable to open process with PID=0, error=87
464800:07:03.688 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
464900:07:03.688 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
465000:07:03.688 vminfo PID=580: \SystemRoot\System32\smss.exe
465100:07:03.688 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
465200:07:03.688 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
465300:07:03.688 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
465400:07:03.688 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
465500:07:03.688 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
465600:07:03.688 vminfo PID=696: C:\WINDOWS\system32\services.exe
465700:07:03.688 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
465800:07:03.688 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
465900:07:03.688 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
466000:07:03.688 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
466100:07:03.688 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
466200:07:03.688 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
466300:07:03.688 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
466400:07:03.688 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
466500:07:03.688 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
466600:07:03.688 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
466700:07:03.688 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
466800:07:03.688 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
466900:07:03.688 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
467000:07:03.688 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
467100:07:03.688 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
467200:07:03.688 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
467300:07:03.688 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
467400:07:03.688 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
467500:07:03.688 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
467600:07:03.688 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
467700:07:03.688 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
467800:07:03.688 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
467900:07:03.688 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
468000:07:03.688 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
468100:07:03.688 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
468200:07:03.688 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
468300:07:03.688 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
468400:07:03.688 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
468500:07:03.688 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
468600:07:03.688 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
468700:07:03.688 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
468800:07:03.688 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
468900:07:03.688 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
469000:07:03.688 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
469100:07:03.688 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
469200:07:03.703 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
469300:07:03.703 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
469400:07:03.703 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
469500:07:03.703 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
469600:07:03.703 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
469700:07:03.703 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
469800:07:03.703 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
469900:07:03.703 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
470000:07:03.703 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
470100:07:03.703 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
470200:07:03.703 vminfo PID=304: C:\WINDOWS\Explorer.EXE
470300:07:03.703 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081
470400:07:03.703 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
470500:07:03.703 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081
470600:07:03.703 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
470700:07:03.703 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
470800:07:03.703 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
470900:07:03.703 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
471000:07:03.703 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
471100:07:03.703 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
471200:07:03.703 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
471300:07:03.703 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
471400:07:03.703 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
471500:07:03.703 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
471600:07:03.703 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
471700:07:03.703 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
471800:07:03.703 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
471900:07:03.703 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
472000:07:03.703 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
472100:07:03.703 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081
472200:07:03.703 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe
472300:07:03.703 vminfo PID=2412: (Interactive: true ) 0:69081 <-> 0:69081
472400:07:03.703 vminfo PID=2412: C:\WINDOWS\system32\dumprep.exe
472500:07:03.703 vminfo PID=2428: (Interactive: true ) 0:69081 <-> 0:69081
472600:07:03.703 vminfo PID=2428: C:\WINDOWS\system32\dwwin.exe
472700:07:03.703 vminfo Session 0 has 12 processes total
472800:07:03.703 vminfo Adding new user=sma-user5 (session 0) with 12 processes
472900:07:03.703 vminfo Handling session 1
473000:07:03.703 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
473100:07:03.703 vminfo Handling session 2
473200:07:03.703 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
473300:07:03.703 vminfo Handling session 3
473400:07:03.703 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
473500:07:03.703 vminfo Handling session 4
473600:07:03.703 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
473700:07:03.703 vminfo Handling session 5
473800:07:03.703 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
473900:07:03.703 vminfo Found 1 unique logged-in user(s)
474000:07:03.703 vminfo User sma-user5 has 12 processes (session 0)
474100:07:03.703 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
474200:07:10.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:06.725000000Z (MinAdjust: 200 ms)
474300:07:10.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:06.818408100Z => -93 408 100 ns drift
474400:07:10.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
474500:07:13.703 vminfo Found 6 sessions
474600:07:13.703 vminfo Handling session 0
474700:07:13.703 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
474800:07:13.703 vminfo Session LogonType=2 is supported -- looking up SID + type ...
474900:07:13.703 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
475000:07:13.703 vminfo Account User=sma-user5, WTSConnectState=0 (4)
475100:07:13.703 vminfo Account User=sma-user5 using TCS/RDP, state=0
475200:07:13.703 vminfo Account User=sma-user5 is logged in
475300:07:13.703 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
475400:07:13.703 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
475500:07:13.703 vminfo Error: Unable to open process with PID=0, error=87
475600:07:13.703 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
475700:07:13.703 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
475800:07:13.703 vminfo PID=580: \SystemRoot\System32\smss.exe
475900:07:13.703 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
476000:07:13.703 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
476100:07:13.703 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
476200:07:13.703 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
476300:07:13.703 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
476400:07:13.703 vminfo PID=696: C:\WINDOWS\system32\services.exe
476500:07:13.703 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
476600:07:13.703 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
476700:07:13.703 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
476800:07:13.703 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
476900:07:13.703 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
477000:07:13.703 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
477100:07:13.719 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
477200:07:13.719 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
477300:07:13.719 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
477400:07:13.719 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
477500:07:13.719 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
477600:07:13.719 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
477700:07:13.719 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
477800:07:13.719 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
477900:07:13.719 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
478000:07:13.719 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
478100:07:13.719 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
478200:07:13.719 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
478300:07:13.719 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
478400:07:13.719 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
478500:07:13.719 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
478600:07:13.719 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
478700:07:13.719 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
478800:07:13.719 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
478900:07:13.719 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
479000:07:13.719 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
479100:07:13.719 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
479200:07:13.719 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
479300:07:13.719 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
479400:07:13.719 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
479500:07:13.719 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
479600:07:13.719 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
479700:07:13.719 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
479800:07:13.719 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
479900:07:13.719 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
480000:07:13.719 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
480100:07:13.719 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
480200:07:13.719 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
480300:07:13.719 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
480400:07:13.719 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
480500:07:13.719 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
480600:07:13.719 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
480700:07:13.719 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
480800:07:13.719 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
480900:07:13.719 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081
481000:07:13.719 vminfo PID=304: C:\WINDOWS\Explorer.EXE
481100:07:13.719 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081
481200:07:13.719 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe
481300:07:13.719 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081
481400:07:13.719 vminfo PID=1080: D:\iTunes\iTunesHelper.exe
481500:07:13.719 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081
481600:07:13.719 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe
481700:07:13.719 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081
481800:07:13.719 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe
481900:07:13.719 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081
482000:07:13.719 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
482100:07:13.719 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081
482200:07:13.719 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE
482300:07:13.719 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
482400:07:13.719 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
482500:07:13.719 vminfo PID=2636: (Interactive: false) 0:999 <-> 0:69081
482600:07:13.719 vminfo PID=2636: C:\WINDOWS\system32\logonui.exe
482700:07:13.719 vminfo Session 0 has 7 processes total
482800:07:13.719 vminfo Adding new user=sma-user5 (session 0) with 7 processes
482900:07:13.719 vminfo Handling session 1
483000:07:13.719 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
483100:07:13.719 vminfo Handling session 2
483200:07:13.719 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
483300:07:13.719 vminfo Handling session 3
483400:07:13.719 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
483500:07:13.719 vminfo Handling session 4
483600:07:13.719 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
483700:07:13.719 vminfo Handling session 5
483800:07:13.719 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
483900:07:13.719 vminfo Found 1 unique logged-in user(s)
484000:07:13.719 vminfo User sma-user5 has 7 processes (session 0)
484100:07:13.719 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS
484200:07:20.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:16.724000000Z (MinAdjust: 200 ms)
484300:07:20.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:16.818408100Z => -94 408 100 ns drift
484400:07:20.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
484500:07:21.078 main Control handler: Control=0xe, EventType=0x6
484600:07:21.078 main Control handler: A user has logged off the session (Session=0, Event=0x6)
484700:07:21.078 vminfo Found 6 sessions
484800:07:21.094 vminfo Handling session 0
484900:07:21.094 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2
485000:07:21.094 vminfo Session LogonType=2 is supported -- looking up SID + type ...
485100:07:21.094 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W
485200:07:21.094 vminfo Account User=sma-user5, WTSConnectState=0 (4)
485300:07:21.094 vminfo Account User=sma-user5 using TCS/RDP, state=0
485400:07:21.094 vminfo Account User=sma-user5 is logged in
485500:07:21.094 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM
485600:07:21.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081
485700:07:21.094 vminfo Error: Unable to open process with PID=0, error=87
485800:07:21.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081
485900:07:21.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081
486000:07:21.109 vminfo PID=580: \SystemRoot\System32\smss.exe
486100:07:21.109 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081
486200:07:21.109 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
486300:07:21.109 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081
486400:07:21.109 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
486500:07:21.109 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081
486600:07:21.109 vminfo PID=696: C:\WINDOWS\system32\services.exe
486700:07:21.109 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081
486800:07:21.109 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
486900:07:21.109 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081
487000:07:21.109 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
487100:07:21.109 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081
487200:07:21.109 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
487300:07:21.109 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081
487400:07:21.109 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
487500:07:21.109 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081
487600:07:21.109 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
487700:07:21.109 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081
487800:07:21.109 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
487900:07:21.109 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081
488000:07:21.109 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
488100:07:21.109 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081
488200:07:21.109 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
488300:07:21.109 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081
488400:07:21.109 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
488500:07:21.109 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081
488600:07:21.109 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
488700:07:21.109 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081
488800:07:21.109 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
488900:07:21.109 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081
489000:07:21.109 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
489100:07:21.109 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081
489200:07:21.109 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
489300:07:21.109 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081
489400:07:21.109 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
489500:07:21.109 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081
489600:07:21.109 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
489700:07:21.109 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081
489800:07:21.109 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
489900:07:21.109 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081
490000:07:21.109 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
490100:07:21.109 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081
490200:07:21.109 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
490300:07:21.109 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081
490400:07:21.109 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
490500:07:21.109 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081
490600:07:21.109 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
490700:07:21.109 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081
490800:07:21.109 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
490900:07:21.109 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081
491000:07:21.109 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
491100:07:21.109 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081
491200:07:21.109 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
491300:07:21.109 vminfo PID=2636: (Interactive: false) 0:999 <-> 0:69081
491400:07:21.109 vminfo PID=2636: C:\WINDOWS\system32\logonui.exe
491500:07:21.109 vminfo Session 0 has 0 processes total
491600:07:21.109 vminfo Adding new user=sma-user5 (session 0) with 0 processes
491700:07:21.109 vminfo Handling session 1
491800:07:21.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
491900:07:21.109 vminfo Handling session 2
492000:07:21.109 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
492100:07:21.109 vminfo Handling session 3
492200:07:21.109 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
492300:07:21.109 vminfo Handling session 4
492400:07:21.109 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
492500:07:21.109 vminfo Handling session 5
492600:07:21.109 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
492700:07:21.109 vminfo Found 1 unique logged-in user(s)
492800:07:21.109 vminfo cUsersInList: 0, pszUserList: <NULL>, rc=VINF_SUCCESS
492900:07:30.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:26.724000000Z (MinAdjust: 200 ms)
493000:07:30.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:26.818408100Z => -94 408 100 ns drift
493100:07:30.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
493200:07:31.125 vminfo Found 5 sessions
493300:07:31.125 vminfo Handling session 0
493400:07:31.125 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
493500:07:31.125 vminfo Handling session 1
493600:07:31.125 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
493700:07:31.125 vminfo Handling session 2
493800:07:31.125 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
493900:07:31.125 vminfo Handling session 3
494000:07:31.141 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
494100:07:31.141 vminfo Handling session 4
494200:07:31.141 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
494300:07:31.141 vminfo Found 0 unique logged-in user(s)
494400:07:31.141 vminfo cUsersInList: 0, pszUserList: <NULL>, rc=VINF_SUCCESS
494500:07:33.953 main Control handler: Control=0xe, EventType=0x5
494600:07:33.953 main Control handler: A user has logged on to a session (Session=0, Event=0x5)
494700:07:33.953 vminfo Found 6 sessions
494800:07:33.969 vminfo Handling session 0
494900:07:33.969 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
495000:07:33.969 vminfo Session LogonType=2 is supported -- looking up SID + type ...
495100:07:33.969 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
495200:07:33.984 vminfo Account User=Admin, WTSConnectState=0 (4)
495300:07:33.984 vminfo Account User=Admin using TCS/RDP, state=0
495400:07:33.984 vminfo Account User=Admin is logged in
495500:07:33.984 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
495600:07:33.984 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
495700:07:33.984 vminfo Error: Unable to open process with PID=0, error=87
495800:07:33.984 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
495900:07:33.984 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
496000:07:34.000 vminfo PID=580: \SystemRoot\System32\smss.exe
496100:07:34.000 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
496200:07:34.000 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
496300:07:34.000 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
496400:07:34.000 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
496500:07:34.000 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
496600:07:34.000 vminfo PID=696: C:\WINDOWS\system32\services.exe
496700:07:34.000 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
496800:07:34.000 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
496900:07:34.000 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
497000:07:34.000 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
497100:07:34.000 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
497200:07:34.000 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
497300:07:34.000 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
497400:07:34.000 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
497500:07:34.000 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
497600:07:34.000 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
497700:07:34.000 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
497800:07:34.000 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
497900:07:34.000 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
498000:07:34.000 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
498100:07:34.000 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
498200:07:34.000 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
498300:07:34.000 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
498400:07:34.000 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
498500:07:34.000 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
498600:07:34.000 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
498700:07:34.000 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
498800:07:34.000 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
498900:07:34.000 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
499000:07:34.000 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
499100:07:34.000 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
499200:07:34.000 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
499300:07:34.000 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
499400:07:34.000 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
499500:07:34.000 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
499600:07:34.000 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
499700:07:34.000 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
499800:07:34.000 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
499900:07:34.000 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
500000:07:34.016 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
500100:07:34.016 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
500200:07:34.016 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
500300:07:34.016 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
500400:07:34.031 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
500500:07:34.031 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
500600:07:34.031 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
500700:07:34.031 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
500800:07:34.031 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
500900:07:34.031 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
501000:07:34.047 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
501100:07:34.047 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
501200:07:34.047 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
501300:07:34.047 vminfo PID=2636: (Interactive: false) 0:999 <-> 0:351673
501400:07:34.047 vminfo PID=2636: C:\WINDOWS\system32\logonui.exe
501500:07:34.047 vminfo Session 0 has 0 processes total
501600:07:34.047 vminfo Adding new user=Admin (session 0) with 0 processes
501700:07:34.047 vminfo Handling session 1
501800:07:34.047 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
501900:07:34.047 vminfo Handling session 2
502000:07:34.047 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
502100:07:34.047 vminfo Handling session 3
502200:07:34.047 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
502300:07:34.047 vminfo Handling session 4
502400:07:34.047 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
502500:07:34.047 vminfo Handling session 5
502600:07:34.047 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
502700:07:34.047 vminfo Found 1 unique logged-in user(s)
502800:07:34.047 vminfo cUsersInList: 0, pszUserList: <NULL>, rc=VINF_SUCCESS
502900:07:40.234 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:36.726000000Z (MinAdjust: 200 ms)
503000:07:40.234 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:36.834033100Z => -108 033 100 ns drift
503100:07:40.234 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
503200:07:44.078 vminfo Found 6 sessions
503300:07:44.078 vminfo Handling session 0
503400:07:44.078 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
503500:07:44.078 vminfo Session LogonType=2 is supported -- looking up SID + type ...
503600:07:44.078 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
503700:07:44.094 vminfo Account User=Admin, WTSConnectState=0 (4)
503800:07:44.094 vminfo Account User=Admin using TCS/RDP, state=0
503900:07:44.094 vminfo Account User=Admin is logged in
504000:07:44.094 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
504100:07:44.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
504200:07:44.094 vminfo Error: Unable to open process with PID=0, error=87
504300:07:44.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
504400:07:44.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
504500:07:44.094 vminfo PID=580: \SystemRoot\System32\smss.exe
504600:07:44.094 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
504700:07:44.094 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
504800:07:44.094 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
504900:07:44.094 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
505000:07:44.094 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
505100:07:44.094 vminfo PID=696: C:\WINDOWS\system32\services.exe
505200:07:44.094 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
505300:07:44.094 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
505400:07:44.094 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
505500:07:44.094 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
505600:07:44.094 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
505700:07:44.094 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
505800:07:44.094 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
505900:07:44.094 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
506000:07:44.094 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
506100:07:44.094 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
506200:07:44.094 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
506300:07:44.094 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
506400:07:44.094 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
506500:07:44.094 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
506600:07:44.094 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
506700:07:44.094 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
506800:07:44.094 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
506900:07:44.094 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
507000:07:44.094 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
507100:07:44.094 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
507200:07:44.094 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
507300:07:44.109 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
507400:07:44.109 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
507500:07:44.109 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
507600:07:44.109 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
507700:07:44.109 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
507800:07:44.109 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
507900:07:44.109 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
508000:07:44.109 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
508100:07:44.109 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
508200:07:44.109 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
508300:07:44.109 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
508400:07:44.109 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
508500:07:44.109 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
508600:07:44.109 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
508700:07:44.109 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
508800:07:44.109 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
508900:07:44.109 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
509000:07:44.109 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
509100:07:44.109 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
509200:07:44.109 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
509300:07:44.109 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
509400:07:44.109 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
509500:07:44.109 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
509600:07:44.109 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
509700:07:44.109 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
509800:07:44.109 vminfo PID=1212: (Interactive: true ) 0:351673 <-> 0:351673
509900:07:44.109 vminfo PID=1212: C:\WINDOWS\system32\userinit.exe
510000:07:44.109 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
510100:07:44.109 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
510200:07:44.109 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673
510300:07:44.109 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe
510400:07:44.109 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
510500:07:44.109 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
510600:07:44.109 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
510700:07:44.109 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
510800:07:44.109 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
510900:07:44.109 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
511000:07:44.109 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
511100:07:44.109 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
511200:07:44.109 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
511300:07:44.109 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
511400:07:44.109 vminfo PID=3480: (Interactive: true ) 0:351673 <-> 0:351673
511500:07:44.109 vminfo PID=3480: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
511600:07:44.109 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
511700:07:44.109 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
511800:07:44.109 vminfo PID=1324: (Interactive: true ) 0:351673 <-> 0:351673
511900:07:44.109 vminfo PID=1324: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe
512000:07:44.109 vminfo PID=3516: (Interactive: true ) 0:351673 <-> 0:351673
512100:07:44.109 vminfo PID=3516: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
512200:07:44.109 vminfo PID=3160: (Interactive: true ) 0:351673 <-> 0:351673
512300:07:44.109 vminfo PID=3160: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
512400:07:44.109 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
512500:07:44.109 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
512600:07:44.109 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
512700:07:44.109 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
512800:07:44.109 vminfo PID=3588: (Interactive: true ) 0:351673 <-> 0:351673
512900:07:44.109 vminfo PID=3588: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
513000:07:44.109 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
513100:07:44.109 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
513200:07:44.109 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
513300:07:44.109 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
513400:07:44.109 vminfo Session 0 has 17 processes total
513500:07:44.109 vminfo Adding new user=Admin (session 0) with 17 processes
513600:07:44.109 vminfo Handling session 1
513700:07:44.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
513800:07:44.109 vminfo Handling session 2
513900:07:44.125 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
514000:07:44.125 vminfo Handling session 3
514100:07:44.125 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
514200:07:44.125 vminfo Handling session 4
514300:07:44.125 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
514400:07:44.125 vminfo Handling session 5
514500:07:44.125 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
514600:07:44.125 vminfo Found 1 unique logged-in user(s)
514700:07:44.125 vminfo User Admin has 17 processes (session 0)
514800:07:44.125 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS
514900:07:50.234 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:46.724000000Z (MinAdjust: 200 ms)
515000:07:50.234 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:46.834033100Z => -110 033 100 ns drift
515100:07:50.234 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
515200:07:54.141 vminfo Found 6 sessions
515300:07:54.141 vminfo Handling session 0
515400:07:54.141 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
515500:07:54.141 vminfo Session LogonType=2 is supported -- looking up SID + type ...
515600:07:54.156 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
515700:07:54.156 vminfo Account User=Admin, WTSConnectState=0 (4)
515800:07:54.156 vminfo Account User=Admin using TCS/RDP, state=0
515900:07:54.156 vminfo Account User=Admin is logged in
516000:07:54.156 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
516100:07:54.156 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
516200:07:54.156 vminfo Error: Unable to open process with PID=0, error=87
516300:07:54.156 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
516400:07:54.156 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
516500:07:54.156 vminfo PID=580: \SystemRoot\System32\smss.exe
516600:07:54.156 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
516700:07:54.156 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
516800:07:54.156 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
516900:07:54.156 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
517000:07:54.156 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
517100:07:54.156 vminfo PID=696: C:\WINDOWS\system32\services.exe
517200:07:54.156 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
517300:07:54.156 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
517400:07:54.156 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
517500:07:54.156 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
517600:07:54.156 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
517700:07:54.156 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
517800:07:54.156 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
517900:07:54.156 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
518000:07:54.156 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
518100:07:54.156 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
518200:07:54.156 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
518300:07:54.156 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
518400:07:54.156 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
518500:07:54.156 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
518600:07:54.156 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
518700:07:54.156 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
518800:07:54.156 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
518900:07:54.156 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
519000:07:54.156 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
519100:07:54.156 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
519200:07:54.156 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
519300:07:54.156 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
519400:07:54.156 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
519500:07:54.156 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
519600:07:54.156 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
519700:07:54.172 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
519800:07:54.172 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
519900:07:54.172 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
520000:07:54.172 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
520100:07:54.172 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
520200:07:54.172 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
520300:07:54.172 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
520400:07:54.172 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
520500:07:54.172 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
520600:07:54.172 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
520700:07:54.172 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
520800:07:54.172 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
520900:07:54.172 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
521000:07:54.172 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
521100:07:54.172 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
521200:07:54.172 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
521300:07:54.172 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
521400:07:54.172 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
521500:07:54.172 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
521600:07:54.172 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
521700:07:54.172 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
521800:07:54.172 vminfo PID=1212: (Interactive: true ) 0:351673 <-> 0:351673
521900:07:54.172 vminfo PID=1212: C:\WINDOWS\system32\userinit.exe
522000:07:54.172 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
522100:07:54.172 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
522200:07:54.172 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673
522300:07:54.172 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe
522400:07:54.172 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
522500:07:54.172 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
522600:07:54.172 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
522700:07:54.172 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
522800:07:54.172 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
522900:07:54.172 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
523000:07:54.172 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
523100:07:54.172 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
523200:07:54.172 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
523300:07:54.172 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
523400:07:54.172 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
523500:07:54.172 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
523600:07:54.172 vminfo PID=3160: (Interactive: true ) 0:351673 <-> 0:351673
523700:07:54.172 vminfo PID=3160: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe
523800:07:54.172 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
523900:07:54.172 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
524000:07:54.172 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
524100:07:54.172 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
524200:07:54.172 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
524300:07:54.172 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
524400:07:54.172 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
524500:07:54.172 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
524600:07:54.172 vminfo PID=2676: (Interactive: true ) 0:351673 <-> 0:351673
524700:07:54.172 vminfo PID=2676: C:\WINDOWS\regedit.exe
524800:07:54.172 vminfo Session 0 has 14 processes total
524900:07:54.172 vminfo Adding new user=Admin (session 0) with 14 processes
525000:07:54.172 vminfo Handling session 1
525100:07:54.172 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
525200:07:54.172 vminfo Handling session 2
525300:07:54.172 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
525400:07:54.172 vminfo Handling session 3
525500:07:54.172 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
525600:07:54.172 vminfo Handling session 4
525700:07:54.172 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
525800:07:54.172 vminfo Handling session 5
525900:07:54.172 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
526000:07:54.172 vminfo Found 1 unique logged-in user(s)
526100:07:54.172 vminfo User Admin has 14 processes (session 0)
526200:07:54.172 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS
526300:08:00.109 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0
526400:08:00.234 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:56.724000000Z (MinAdjust: 200 ms)
526500:08:00.234 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:56.834033100Z => -110 033 100 ns drift
526600:08:00.234 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
526700:08:04.188 vminfo Found 6 sessions
526800:08:04.188 vminfo Handling session 0
526900:08:04.188 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
527000:08:04.188 vminfo Session LogonType=2 is supported -- looking up SID + type ...
527100:08:04.203 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
527200:08:04.203 vminfo Account User=Admin, WTSConnectState=0 (4)
527300:08:04.203 vminfo Account User=Admin using TCS/RDP, state=0
527400:08:04.203 vminfo Account User=Admin is logged in
527500:08:04.203 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
527600:08:04.203 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
527700:08:04.203 vminfo Error: Unable to open process with PID=0, error=87
527800:08:04.203 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
527900:08:04.203 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
528000:08:04.203 vminfo PID=580: \SystemRoot\System32\smss.exe
528100:08:04.203 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
528200:08:04.203 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
528300:08:04.203 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
528400:08:04.203 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
528500:08:04.203 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
528600:08:04.203 vminfo PID=696: C:\WINDOWS\system32\services.exe
528700:08:04.203 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
528800:08:04.203 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
528900:08:04.203 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
529000:08:04.203 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
529100:08:04.203 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
529200:08:04.203 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
529300:08:04.203 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
529400:08:04.203 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
529500:08:04.203 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
529600:08:04.203 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
529700:08:04.203 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
529800:08:04.203 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
529900:08:04.203 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
530000:08:04.203 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
530100:08:04.203 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
530200:08:04.203 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
530300:08:04.203 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
530400:08:04.203 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
530500:08:04.203 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
530600:08:04.203 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
530700:08:04.203 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
530800:08:04.203 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
530900:08:04.203 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
531000:08:04.203 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
531100:08:04.203 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
531200:08:04.203 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
531300:08:04.203 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
531400:08:04.203 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
531500:08:04.203 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
531600:08:04.203 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
531700:08:04.203 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
531800:08:04.203 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
531900:08:04.203 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
532000:08:04.219 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
532100:08:04.219 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
532200:08:04.219 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
532300:08:04.219 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
532400:08:04.219 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
532500:08:04.219 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
532600:08:04.219 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
532700:08:04.219 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
532800:08:04.219 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
532900:08:04.219 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
533000:08:04.219 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
533100:08:04.219 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
533200:08:04.219 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
533300:08:04.219 vminfo PID=1212: (Interactive: true ) 0:351673 <-> 0:351673
533400:08:04.219 vminfo PID=1212: C:\WINDOWS\system32\userinit.exe
533500:08:04.219 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
533600:08:04.219 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
533700:08:04.219 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673
533800:08:04.219 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe
533900:08:04.219 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
534000:08:04.219 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
534100:08:04.219 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
534200:08:04.219 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
534300:08:04.219 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
534400:08:04.219 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
534500:08:04.219 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
534600:08:04.219 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
534700:08:04.219 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
534800:08:04.219 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
534900:08:04.219 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
535000:08:04.219 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
535100:08:04.219 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
535200:08:04.219 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
535300:08:04.219 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
535400:08:04.219 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
535500:08:04.219 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
535600:08:04.219 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
535700:08:04.219 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
535800:08:04.219 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
535900:08:04.219 vminfo PID=2676: (Interactive: true ) 0:351673 <-> 0:351673
536000:08:04.219 vminfo PID=2676: C:\WINDOWS\regedit.exe
536100:08:04.219 vminfo Session 0 has 13 processes total
536200:08:04.219 vminfo Adding new user=Admin (session 0) with 13 processes
536300:08:04.219 vminfo Handling session 1
536400:08:04.219 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
536500:08:04.219 vminfo Handling session 2
536600:08:04.219 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
536700:08:04.219 vminfo Handling session 3
536800:08:04.219 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
536900:08:04.219 vminfo Handling session 4
537000:08:04.219 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
537100:08:04.219 vminfo Handling session 5
537200:08:04.219 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
537300:08:04.219 vminfo Found 1 unique logged-in user(s)
537400:08:04.219 vminfo User Admin has 13 processes (session 0)
537500:08:04.219 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS
537600:08:10.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:06.724000000Z (MinAdjust: 200 ms)
537700:08:10.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:06.849658100Z => -125 658 100 ns drift
537800:08:10.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
537900:08:14.234 vminfo Found 6 sessions
538000:08:14.234 vminfo Handling session 0
538100:08:14.234 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
538200:08:14.234 vminfo Session LogonType=2 is supported -- looking up SID + type ...
538300:08:14.234 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
538400:08:14.234 vminfo Account User=Admin, WTSConnectState=0 (4)
538500:08:14.234 vminfo Account User=Admin using TCS/RDP, state=0
538600:08:14.234 vminfo Account User=Admin is logged in
538700:08:14.234 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
538800:08:14.234 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
538900:08:14.234 vminfo Error: Unable to open process with PID=0, error=87
539000:08:14.234 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
539100:08:14.234 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
539200:08:14.234 vminfo PID=580: \SystemRoot\System32\smss.exe
539300:08:14.234 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
539400:08:14.234 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
539500:08:14.234 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
539600:08:14.234 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
539700:08:14.234 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
539800:08:14.234 vminfo PID=696: C:\WINDOWS\system32\services.exe
539900:08:14.234 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
540000:08:14.234 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
540100:08:14.234 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
540200:08:14.234 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
540300:08:14.234 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
540400:08:14.250 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
540500:08:14.250 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
540600:08:14.250 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
540700:08:14.250 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
540800:08:14.250 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
540900:08:14.250 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
541000:08:14.250 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
541100:08:14.250 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
541200:08:14.250 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
541300:08:14.250 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
541400:08:14.250 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
541500:08:14.250 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
541600:08:14.250 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
541700:08:14.250 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
541800:08:14.250 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
541900:08:14.250 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
542000:08:14.250 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
542100:08:14.250 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
542200:08:14.250 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
542300:08:14.250 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
542400:08:14.250 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
542500:08:14.250 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
542600:08:14.250 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
542700:08:14.250 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
542800:08:14.250 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
542900:08:14.250 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
543000:08:14.250 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
543100:08:14.250 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
543200:08:14.250 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
543300:08:14.250 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
543400:08:14.250 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
543500:08:14.250 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
543600:08:14.250 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
543700:08:14.250 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
543800:08:14.250 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
543900:08:14.250 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
544000:08:14.250 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
544100:08:14.250 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
544200:08:14.250 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
544300:08:14.250 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
544400:08:14.250 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
544500:08:14.250 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
544600:08:14.250 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
544700:08:14.250 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673
544800:08:14.250 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe
544900:08:14.250 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
545000:08:14.250 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
545100:08:14.250 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
545200:08:14.250 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
545300:08:14.250 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
545400:08:14.250 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
545500:08:14.250 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
545600:08:14.250 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
545700:08:14.250 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
545800:08:14.250 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
545900:08:14.250 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
546000:08:14.250 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
546100:08:14.250 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
546200:08:14.250 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
546300:08:14.250 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
546400:08:14.266 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
546500:08:14.266 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
546600:08:14.266 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
546700:08:14.266 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
546800:08:14.266 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
546900:08:14.266 vminfo Session 0 has 11 processes total
547000:08:14.266 vminfo Adding new user=Admin (session 0) with 11 processes
547100:08:14.266 vminfo Handling session 1
547200:08:14.266 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
547300:08:14.266 vminfo Handling session 2
547400:08:14.266 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
547500:08:14.266 vminfo Handling session 3
547600:08:14.266 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
547700:08:14.266 vminfo Handling session 4
547800:08:14.266 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
547900:08:14.266 vminfo Handling session 5
548000:08:14.266 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
548100:08:14.266 vminfo Found 1 unique logged-in user(s)
548200:08:14.266 vminfo User Admin has 11 processes (session 0)
548300:08:14.266 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS
548400:08:20.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:16.724000000Z (MinAdjust: 200 ms)
548500:08:20.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:16.849658100Z => -125 658 100 ns drift
548600:08:20.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
548700:08:24.266 vminfo Found 6 sessions
548800:08:24.266 vminfo Handling session 0
548900:08:24.266 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
549000:08:24.266 vminfo Session LogonType=2 is supported -- looking up SID + type ...
549100:08:24.281 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
549200:08:24.281 vminfo Account User=Admin, WTSConnectState=0 (4)
549300:08:24.281 vminfo Account User=Admin using TCS/RDP, state=0
549400:08:24.281 vminfo Account User=Admin is logged in
549500:08:24.281 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
549600:08:24.281 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
549700:08:24.281 vminfo Error: Unable to open process with PID=0, error=87
549800:08:24.281 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
549900:08:24.281 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
550000:08:24.281 vminfo PID=580: \SystemRoot\System32\smss.exe
550100:08:24.281 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
550200:08:24.281 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
550300:08:24.281 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
550400:08:24.281 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
550500:08:24.281 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
550600:08:24.281 vminfo PID=696: C:\WINDOWS\system32\services.exe
550700:08:24.281 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
550800:08:24.281 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
550900:08:24.281 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
551000:08:24.281 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
551100:08:24.281 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
551200:08:24.281 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
551300:08:24.281 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
551400:08:24.281 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
551500:08:24.281 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
551600:08:24.281 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
551700:08:24.281 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
551800:08:24.281 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
551900:08:24.281 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
552000:08:24.281 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
552100:08:24.281 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
552200:08:24.281 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
552300:08:24.281 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
552400:08:24.281 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
552500:08:24.281 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
552600:08:24.281 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
552700:08:24.281 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
552800:08:24.281 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
552900:08:24.281 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
553000:08:24.281 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
553100:08:24.281 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
553200:08:24.281 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
553300:08:24.281 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
553400:08:24.281 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
553500:08:24.281 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
553600:08:24.281 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
553700:08:24.281 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
553800:08:24.281 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
553900:08:24.281 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
554000:08:24.281 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
554100:08:24.281 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
554200:08:24.281 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
554300:08:24.281 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
554400:08:24.281 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
554500:08:24.281 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
554600:08:24.281 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
554700:08:24.281 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
554800:08:24.297 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
554900:08:24.297 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
555000:08:24.297 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
555100:08:24.297 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
555200:08:24.297 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
555300:08:24.297 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
555400:08:24.297 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
555500:08:24.297 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673
555600:08:24.297 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe
555700:08:24.297 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
555800:08:24.297 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
555900:08:24.297 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
556000:08:24.297 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
556100:08:24.297 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
556200:08:24.297 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
556300:08:24.297 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
556400:08:24.297 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
556500:08:24.297 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
556600:08:24.297 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
556700:08:24.297 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
556800:08:24.297 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
556900:08:24.297 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
557000:08:24.297 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
557100:08:24.297 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
557200:08:24.297 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
557300:08:24.297 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
557400:08:24.297 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
557500:08:24.297 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
557600:08:24.297 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
557700:08:24.297 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673
557800:08:24.297 vminfo PID=824: C:\WINDOWS\system32\cmd.exe
557900:08:24.297 vminfo Session 0 has 12 processes total
558000:08:24.297 vminfo Adding new user=Admin (session 0) with 12 processes
558100:08:24.297 vminfo Handling session 1
558200:08:24.297 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
558300:08:24.297 vminfo Handling session 2
558400:08:24.297 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
558500:08:24.297 vminfo Handling session 3
558600:08:24.297 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
558700:08:24.297 vminfo Handling session 4
558800:08:24.297 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
558900:08:24.297 vminfo Handling session 5
559000:08:24.297 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
559100:08:24.297 vminfo Found 1 unique logged-in user(s)
559200:08:24.297 vminfo User Admin has 12 processes (session 0)
559300:08:24.297 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS
559400:08:30.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:26.724000000Z (MinAdjust: 200 ms)
559500:08:30.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:26.849658100Z => -125 658 100 ns drift
559600:08:30.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
559700:08:34.297 vminfo Found 6 sessions
559800:08:34.297 vminfo Handling session 0
559900:08:34.297 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
560000:08:34.297 vminfo Session LogonType=2 is supported -- looking up SID + type ...
560100:08:34.313 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
560200:08:34.313 vminfo Account User=Admin, WTSConnectState=0 (4)
560300:08:34.313 vminfo Account User=Admin using TCS/RDP, state=0
560400:08:34.313 vminfo Account User=Admin is logged in
560500:08:34.313 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
560600:08:34.313 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
560700:08:34.313 vminfo Error: Unable to open process with PID=0, error=87
560800:08:34.313 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
560900:08:34.313 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
561000:08:34.313 vminfo PID=580: \SystemRoot\System32\smss.exe
561100:08:34.313 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
561200:08:34.313 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
561300:08:34.313 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
561400:08:34.313 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
561500:08:34.313 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
561600:08:34.313 vminfo PID=696: C:\WINDOWS\system32\services.exe
561700:08:34.313 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
561800:08:34.313 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
561900:08:34.313 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
562000:08:34.313 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
562100:08:34.313 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
562200:08:34.313 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
562300:08:34.313 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
562400:08:34.313 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
562500:08:34.313 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
562600:08:34.313 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
562700:08:34.313 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
562800:08:34.313 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
562900:08:34.313 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
563000:08:34.313 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
563100:08:34.313 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
563200:08:34.313 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
563300:08:34.313 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
563400:08:34.313 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
563500:08:34.313 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
563600:08:34.313 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
563700:08:34.313 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
563800:08:34.313 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
563900:08:34.313 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
564000:08:34.313 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
564100:08:34.313 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
564200:08:34.313 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
564300:08:34.313 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
564400:08:34.313 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
564500:08:34.313 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
564600:08:34.313 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
564700:08:34.313 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
564800:08:34.313 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
564900:08:34.313 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
565000:08:34.313 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
565100:08:34.313 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
565200:08:34.313 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
565300:08:34.313 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
565400:08:34.313 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
565500:08:34.313 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
565600:08:34.313 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
565700:08:34.313 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
565800:08:34.328 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
565900:08:34.328 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
566000:08:34.328 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
566100:08:34.328 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
566200:08:34.328 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
566300:08:34.328 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
566400:08:34.328 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
566500:08:34.328 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673
566600:08:34.328 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe
566700:08:34.328 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
566800:08:34.328 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
566900:08:34.328 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
567000:08:34.328 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
567100:08:34.328 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
567200:08:34.328 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
567300:08:34.328 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
567400:08:34.328 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
567500:08:34.328 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
567600:08:34.328 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
567700:08:34.328 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
567800:08:34.328 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
567900:08:34.328 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
568000:08:34.328 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
568100:08:34.328 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
568200:08:34.328 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
568300:08:34.328 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
568400:08:34.328 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
568500:08:34.328 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
568600:08:34.328 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
568700:08:34.328 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673
568800:08:34.328 vminfo PID=824: C:\WINDOWS\system32\cmd.exe
568900:08:34.328 vminfo Session 0 has 12 processes total
569000:08:34.328 vminfo Adding new user=Admin (session 0) with 12 processes
569100:08:34.328 vminfo Handling session 1
569200:08:34.328 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
569300:08:34.328 vminfo Handling session 2
569400:08:34.328 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
569500:08:34.328 vminfo Handling session 3
569600:08:34.328 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
569700:08:34.328 vminfo Handling session 4
569800:08:34.328 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
569900:08:34.328 vminfo Handling session 5
570000:08:34.328 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
570100:08:34.328 vminfo Found 1 unique logged-in user(s)
570200:08:34.328 vminfo User Admin has 12 processes (session 0)
570300:08:34.328 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS
570400:08:40.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:36.724000000Z (MinAdjust: 200 ms)
570500:08:40.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:36.849658100Z => -125 658 100 ns drift
570600:08:40.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
570700:08:44.328 vminfo Found 6 sessions
570800:08:44.328 vminfo Handling session 0
570900:08:44.328 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
571000:08:44.328 vminfo Session LogonType=2 is supported -- looking up SID + type ...
571100:08:44.344 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
571200:08:44.344 vminfo Account User=Admin, WTSConnectState=0 (4)
571300:08:44.344 vminfo Account User=Admin using TCS/RDP, state=0
571400:08:44.344 vminfo Account User=Admin is logged in
571500:08:44.344 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
571600:08:44.344 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
571700:08:44.344 vminfo Error: Unable to open process with PID=0, error=87
571800:08:44.344 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
571900:08:44.344 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
572000:08:44.344 vminfo PID=580: \SystemRoot\System32\smss.exe
572100:08:44.344 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
572200:08:44.344 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
572300:08:44.344 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
572400:08:44.344 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
572500:08:44.344 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
572600:08:44.344 vminfo PID=696: C:\WINDOWS\system32\services.exe
572700:08:44.344 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
572800:08:44.344 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
572900:08:44.344 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
573000:08:44.344 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
573100:08:44.344 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
573200:08:44.344 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
573300:08:44.344 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
573400:08:44.344 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
573500:08:44.344 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
573600:08:44.344 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
573700:08:44.344 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
573800:08:44.344 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
573900:08:44.344 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
574000:08:44.344 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
574100:08:44.344 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
574200:08:44.344 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
574300:08:44.344 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
574400:08:44.344 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
574500:08:44.344 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
574600:08:44.344 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
574700:08:44.344 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
574800:08:44.344 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
574900:08:44.344 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
575000:08:44.344 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
575100:08:44.344 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
575200:08:44.344 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
575300:08:44.344 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
575400:08:44.344 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
575500:08:44.344 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
575600:08:44.344 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
575700:08:44.344 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
575800:08:44.359 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
575900:08:44.359 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
576000:08:44.359 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
576100:08:44.359 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
576200:08:44.359 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
576300:08:44.359 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
576400:08:44.359 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
576500:08:44.359 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
576600:08:44.359 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
576700:08:44.359 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
576800:08:44.359 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
576900:08:44.359 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
577000:08:44.359 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
577100:08:44.359 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
577200:08:44.359 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
577300:08:44.359 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
577400:08:44.359 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
577500:08:44.359 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673
577600:08:44.359 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe
577700:08:44.359 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
577800:08:44.359 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
577900:08:44.359 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
578000:08:44.359 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
578100:08:44.359 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
578200:08:44.359 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
578300:08:44.359 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
578400:08:44.359 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
578500:08:44.359 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
578600:08:44.359 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
578700:08:44.359 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
578800:08:44.359 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
578900:08:44.359 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
579000:08:44.359 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
579100:08:44.359 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
579200:08:44.359 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
579300:08:44.359 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
579400:08:44.359 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
579500:08:44.359 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
579600:08:44.359 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
579700:08:44.359 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673
579800:08:44.359 vminfo PID=824: C:\WINDOWS\system32\cmd.exe
579900:08:44.359 vminfo Session 0 has 12 processes total
580000:08:44.359 vminfo Adding new user=Admin (session 0) with 12 processes
580100:08:44.359 vminfo Handling session 1
580200:08:44.359 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
580300:08:44.359 vminfo Handling session 2
580400:08:44.359 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
580500:08:44.359 vminfo Handling session 3
580600:08:44.359 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
580700:08:44.359 vminfo Handling session 4
580800:08:44.359 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
580900:08:44.359 vminfo Handling session 5
581000:08:44.359 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
581100:08:44.359 vminfo Found 1 unique logged-in user(s)
581200:08:44.359 vminfo User Admin has 12 processes (session 0)
581300:08:44.359 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS
581400:08:50.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:46.725000000Z (MinAdjust: 200 ms)
581500:08:50.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:46.849658100Z => -124 658 100 ns drift
581600:08:50.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled.
581700:08:54.375 vminfo Found 6 sessions
581800:08:54.375 vminfo Handling session 0
581900:08:54.375 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2
582000:08:54.375 vminfo Session LogonType=2 is supported -- looking up SID + type ...
582100:08:54.391 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W
582200:08:54.391 vminfo Account User=Admin, WTSConnectState=0 (4)
582300:08:54.391 vminfo Account User=Admin using TCS/RDP, state=0
582400:08:54.391 vminfo Account User=Admin is logged in
582500:08:54.391 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM
582600:08:54.391 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673
582700:08:54.391 vminfo Error: Unable to open process with PID=0, error=87
582800:08:54.391 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673
582900:08:54.391 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673
583000:08:54.391 vminfo PID=580: \SystemRoot\System32\smss.exe
583100:08:54.391 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673
583200:08:54.391 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe
583300:08:54.391 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673
583400:08:54.391 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe
583500:08:54.391 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673
583600:08:54.391 vminfo PID=696: C:\WINDOWS\system32\services.exe
583700:08:54.391 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673
583800:08:54.391 vminfo PID=708: C:\WINDOWS\system32\lsass.exe
583900:08:54.391 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673
584000:08:54.391 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe
584100:08:54.391 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673
584200:08:54.391 vminfo PID=932: C:\WINDOWS\system32\svchost.exe
584300:08:54.391 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673
584400:08:54.391 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe
584500:08:54.391 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673
584600:08:54.391 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe
584700:08:54.391 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673
584800:08:54.391 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe
584900:08:54.391 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673
585000:08:54.391 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe
585100:08:54.391 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673
585200:08:54.391 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe
585300:08:54.391 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673
585400:08:54.391 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe
585500:08:54.391 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673
585600:08:54.391 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
585700:08:54.391 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673
585800:08:54.391 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe
585900:08:54.391 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673
586000:08:54.406 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe
586100:08:54.406 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673
586200:08:54.406 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe
586300:08:54.406 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673
586400:08:54.406 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
586500:08:54.406 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673
586600:08:54.406 vminfo PID=252: C:\WINDOWS\System32\svchost.exe
586700:08:54.406 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673
586800:08:54.406 vminfo PID=408: C:\WINDOWS\System32\svchost.exe
586900:08:54.406 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673
587000:08:54.406 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
587100:08:54.406 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673
587200:08:54.406 vminfo PID=604: C:\WINDOWS\system32\svchost.exe
587300:08:54.406 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673
587400:08:54.406 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe
587500:08:54.406 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673
587600:08:54.406 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe
587700:08:54.406 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673
587800:08:54.406 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe
587900:08:54.406 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673
588000:08:54.406 vminfo PID=1388: C:\WINDOWS\System32\alg.exe
588100:08:54.406 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673
588200:08:54.406 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe
588300:08:54.406 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673
588400:08:54.406 vminfo PID=3240: C:\WINDOWS\Explorer.EXE
588500:08:54.406 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673
588600:08:54.406 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe
588700:08:54.406 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673
588800:08:54.406 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
588900:08:54.406 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673
589000:08:54.406 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
589100:08:54.406 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673
589200:08:54.406 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
589300:08:54.406 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673
589400:08:54.406 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe
589500:08:54.406 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673
589600:08:54.406 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe
589700:08:54.406 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673
589800:08:54.406 vminfo PID=3520: D:\iTunes\iTunesHelper.exe
589900:08:54.406 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673
590000:08:54.406 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe
590100:08:54.406 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673
590200:08:54.406 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe
590300:08:54.406 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673
590400:08:54.406 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE
590500:08:54.406 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673
590600:08:54.406 vminfo PID=824: C:\WINDOWS\system32\cmd.exe
590700:08:54.406 vminfo Session 0 has 12 processes total
590800:08:54.406 vminfo Adding new user=Admin (session 0) with 12 processes
590900:08:54.406 vminfo Handling session 1
591000:08:54.406 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3
591100:08:54.406 vminfo Handling session 2
591200:08:54.406 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5
591300:08:54.406 vminfo Handling session 3
591400:08:54.406 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5
591500:08:54.406 vminfo Handling session 4
591600:08:54.406 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0
591700:08:54.406 vminfo Handling session 5
591800:08:54.406 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0
591900:08:54.406 vminfo Found 1 unique logged-in user(s)
592000:08:54.406 vminfo User Admin has 12 processes (session 0)
592100:08:54.406 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy