VBoxService 4.1.22 r80657 (verbosity: 4) win.x86 (Sep 7 2012 18:01:00) release log 00:00:00.000 main Log opened 2012-09-21T11:52:54.073700800Z 00:00:00.000 main OS Product: Windows XP Professional 00:00:00.000 main OS Release: 5.1.2600 00:00:00.000 main Executable: C:\XP\system32\VBoxService.exe 00:00:00.000 main Process ID: 624 00:00:00.000 main Package type: WINDOWS_32BITS_GENERIC 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--control-procs-max-kept not found 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-interval not found 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-min-adjust not found 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-latency-factor not found 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-max-latency not found 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-threshold not found 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-start not found 00:00:00.000 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-on-restore not found 00:00:00.000 main 4.1.22 r80657 started. Verbose level = 4 00:00:00.000 main Starting service dispatcher ... 00:00:00.000 Registering service control handler ... 00:00:00.010 Service control handler registered. 00:00:00.010 Setting VBoxService status to 30 00:00:00.010 Initializing services ... 00:00:00.010 Service client ID: 0x34 00:00:00.010 VBoxServiceTimeSyncInit: Initially 100144 (100ns) units per 100144 (100 ns) units interval, disabled=1 00:00:00.010 VMInfo: Property Service Client ID: 0x35 00:00:00.010 VBoxServiceBalloonInit 00:00:00.010 MemBalloon: New balloon size 0 MB (R0 memory) 00:00:00.010 VBoxServiceVMStatsInit 00:00:00.010 VBoxStatsInit: New statistics interval 0 seconds 00:00:00.010 VBoxStatsInit: gCtx.pfnNtQuerySystemInformation = 7c90d910 00:00:00.010 VBoxStatsInit: gCtx.GlobalMemoryStatusEx = 7c81f97a 00:00:00.010 VBoxStatsInit: gCtx.pfnGetPerformanceInfo= 76bf3e41 00:00:00.010 VBoxServicePageSharingInit 00:00:00.010 Starting services ... 00:00:00.010 Starting service 'control' ... 00:00:00.010 control Waiting for host msg ... 00:00:00.010 Starting service 'timesync' ... 00:00:00.010 Starting service 'vminfo' ... 00:00:00.010 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:52:35.788000000Z (MinAdjust: 200 ms) 00:00:00.010 Starting service 'memballoon' ... 00:00:00.010 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Product" = "Windows XP Professional" 00:00:00.010 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:52:54.083715200Z => -18 295 715 200 ns drift 00:00:00.010 timesync VBoxServiceTimeSyncAdjust: Drift=-18295ms 00:00:00.010 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=100144, NewTA=90130, DiffNew=10014, DiffMax=50072 00:00:00.010 Starting service 'vmstats' ... 00:00:00.010 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Release" = "5.1.2600" 00:00:00.010 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Version" = "" 00:00:00.020 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/ServicePack" = "3" 00:00:00.020 Starting service 'pagesharing' ... 00:00:00.020 vminfo Writing guest property "/VirtualBox/GuestAdd/Version" = "4.1.22" 00:00:00.020 vminfo Writing guest property "/VirtualBox/GuestAdd/VersionExt" = "4.1.22" 00:00:00.020 All services started. 00:00:00.020 Setting service status to: 4 00:00:00.020 vminfo Writing guest property "/VirtualBox/GuestAdd/Revision" = "80657" 00:00:00.020 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:00:00.020 vminfo Writing guest property "/VirtualBox/GuestAdd/InstallDir" = "C:/Program Files/Oracle/VirtualBox Guest Additions" 00:00:00.030 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxControl.exe" = "4.1.22r80657" 00:00:00.030 Setting VBoxService status to 50 00:00:00.030 Waiting in main thread 00:00:00.030 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxHook.dll" = "4.1.22r80657" 00:00:00.030 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxDisp.dll" = "4.1.22r80657" 00:00:00.030 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxMRXNP.dll" = "4.1.22r80657" 00:00:00.030 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxService.exe" = "4.1.22r80657" 00:00:00.030 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxTray.exe" = "4.1.22r80657" 00:00:00.060 vminfo GetFileVersionInfoSize(C:\XP\system32/VBoxGINA.dll) -> 1812 / VERR_NO_DATA 00:00:00.060 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxGINA.dll" = "-" 00:00:00.070 vminfo GetFileVersionInfoSize(C:\XP\system32/VBoxCredProv.dll) -> 1812 / VERR_NO_DATA 00:00:00.070 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxCredProv.dll" = "-" 00:00:00.070 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLarrayspu.dll" = "4.1.22r80657" 00:00:00.070 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLcrutil.dll" = "4.1.22r80657" 00:00:00.080 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLerrorspu.dll" = "4.1.22r80657" 00:00:00.080 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLpackspu.dll" = "4.1.22r80657" 00:00:00.090 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLpassthroughspu.dll" = "4.1.22r80657" 00:00:00.090 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLfeedbackspu.dll" = "4.1.22r80657" 00:00:00.090 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGL.dll" = "4.1.22r80657" 00:00:00.090 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxGuest.sys" = "4.1.22r80657" 00:00:00.100 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxMouse.sys" = "4.1.22r80657" 00:00:00.100 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxSF.sys" = "4.1.22r80657" 00:00:00.100 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxVideo.sys" = "4.1.22r80657" 00:00:00.100 vminfo Found 2 sessions 00:00:00.100 vminfo Handling session 0 00:00:00.100 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:00:00.110 vminfo Handling session 1 00:00:00.110 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:00:00.110 vminfo Found 0 unique logged-in user(s) 00:00:00.110 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:10.014 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:52:45.787000000Z (MinAdjust: 200 ms) 00:00:10.014 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:03.087702200Z => -17 300 702 200 ns drift 00:00:10.014 timesync VBoxServiceTimeSyncAdjust: Drift=-17300ms 00:00:10.014 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=90130, NewTA=81117, DiffNew=9013, DiffMax=50072 00:00:10.124 vminfo Found 5 sessions 00:00:10.124 vminfo Handling session 0 00:00:10.124 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:00:10.124 vminfo Handling session 1 00:00:10.124 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:10.124 vminfo Handling session 2 00:00:10.124 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:10.124 vminfo Handling session 3 00:00:10.124 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:00:10.124 vminfo Handling session 4 00:00:10.124 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:00:10.124 vminfo Found 0 unique logged-in user(s) 00:00:10.124 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:20.019 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:52:55.792000000Z (MinAdjust: 200 ms) 00:00:20.019 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:11.191290500Z => -15 399 290 500 ns drift 00:00:20.019 timesync VBoxServiceTimeSyncAdjust: Drift=-15399ms 00:00:20.019 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=81117, NewTA=73006, DiffNew=8111, DiffMax=50072 00:00:20.129 vminfo Found 5 sessions 00:00:20.129 vminfo Handling session 0 00:00:20.129 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:00:20.129 vminfo Handling session 1 00:00:20.129 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:20.129 vminfo Handling session 2 00:00:20.129 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:20.129 vminfo Handling session 3 00:00:20.129 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:00:20.129 vminfo Handling session 4 00:00:20.129 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:00:20.129 vminfo Found 0 unique logged-in user(s) 00:00:20.129 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:30.023 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:53:05.796000000Z (MinAdjust: 200 ms) 00:00:30.023 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:18.484589900Z => -12 688 589 900 ns drift 00:00:30.023 timesync VBoxServiceTimeSyncAdjust: Drift=-12688ms 00:00:30.023 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=73006, NewTA=65706, DiffNew=7300, DiffMax=50072 00:00:30.133 vminfo Found 5 sessions 00:00:30.133 vminfo Handling session 0 00:00:30.133 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:00:30.133 vminfo Handling session 1 00:00:30.133 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:30.133 vminfo Handling session 2 00:00:30.133 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:30.133 vminfo Handling session 3 00:00:30.133 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:00:30.133 vminfo Handling session 4 00:00:30.133 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:00:30.133 vminfo Found 0 unique logged-in user(s) 00:00:30.133 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:40.027 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:53:15.801000000Z (MinAdjust: 200 ms) 00:00:40.027 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:25.048619300Z => -9 247 619 300 ns drift 00:00:40.027 timesync VBoxServiceTimeSyncAdjust: Drift=-9247ms 00:00:40.027 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=65706, NewTA=59136, DiffNew=6570, DiffMax=50072 00:00:40.138 vminfo Found 5 sessions 00:00:40.138 vminfo Handling session 0 00:00:40.138 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:00:40.138 vminfo Handling session 1 00:00:40.138 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:40.138 vminfo Handling session 2 00:00:40.138 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:40.138 vminfo Handling session 3 00:00:40.138 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:00:40.138 vminfo Handling session 4 00:00:40.138 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:00:40.138 vminfo Found 0 unique logged-in user(s) 00:00:40.138 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:50.032 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:53:25.805000000Z (MinAdjust: 200 ms) 00:00:50.032 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:30.956305700Z => -5 151 305 700 ns drift 00:00:50.032 timesync VBoxServiceTimeSyncAdjust: Drift=-5151ms 00:00:50.032 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=59136, NewTA=53223, DiffNew=5913, DiffMax=50072 00:00:50.142 vminfo Found 5 sessions 00:00:50.142 vminfo Handling session 0 00:00:50.142 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:00:50.142 vminfo Handling session 1 00:00:50.142 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:50.142 vminfo Handling session 2 00:00:50.142 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:50.142 vminfo Handling session 3 00:00:50.142 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:00:50.142 vminfo Handling session 4 00:00:50.142 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:00:50.142 vminfo Found 0 unique logged-in user(s) 00:00:50.142 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:01:00.026 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:01:00.036 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:53:35.809000000Z (MinAdjust: 200 ms) 00:01:00.036 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:36.273283400Z => -464 283 400 ns drift 00:01:00.036 timesync VBoxServiceTimeSyncAdjust: Drift=-464ms 00:01:00.036 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=53223, NewTA=50072, DiffNew=50072, DiffMax=50072 00:01:00.146 vminfo Found 5 sessions 00:01:00.146 vminfo Handling session 0 00:01:00.146 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:01:00.146 vminfo Handling session 1 00:01:00.146 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:00.146 vminfo Handling session 2 00:01:00.146 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:00.146 vminfo Handling session 3 00:01:00.146 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:01:00.146 vminfo Handling session 4 00:01:00.146 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:01:00.146 vminfo Found 0 unique logged-in user(s) 00:01:00.146 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:01:10.041 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:53:45.814000000Z (MinAdjust: 100 ms) 00:01:10.041 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:41.275476200Z => 4 538 523 800 ns drift 00:01:10.041 timesync VBoxServiceTimeSyncAdjust: Drift=4538ms 00:01:10.041 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=50072, NewTA=55079, DiffNew=5007, DiffMax=50072 00:01:10.151 vminfo Found 5 sessions 00:01:10.151 vminfo Handling session 0 00:01:10.151 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:01:10.151 vminfo Handling session 1 00:01:10.151 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:10.151 vminfo Handling session 2 00:01:10.151 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:10.151 vminfo Handling session 3 00:01:10.151 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:01:10.151 vminfo Handling session 4 00:01:10.151 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:01:10.151 vminfo Found 0 unique logged-in user(s) 00:01:10.151 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:01:20.045 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:53:55.818000000Z (MinAdjust: 100 ms) 00:01:20.045 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:46.777868300Z => 9 040 131 700 ns drift 00:01:20.045 timesync VBoxServiceTimeSyncAdjust: Drift=9040ms 00:01:20.045 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=55079, NewTA=60586, DiffNew=5507, DiffMax=50072 00:01:20.155 vminfo Found 5 sessions 00:01:20.155 vminfo Handling session 0 00:01:20.155 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:01:20.155 vminfo Handling session 1 00:01:20.155 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:20.155 vminfo Handling session 2 00:01:20.155 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:20.155 vminfo Handling session 3 00:01:20.155 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:01:20.155 vminfo Handling session 4 00:01:20.155 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:01:20.155 vminfo Found 0 unique logged-in user(s) 00:01:20.155 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:01:30.049 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:54:05.822000000Z (MinAdjust: 100 ms) 00:01:30.049 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:52.830409700Z => 12 991 590 300 ns drift 00:01:30.049 timesync VBoxServiceTimeSyncAdjust: Drift=12991ms 00:01:30.049 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=60586, NewTA=66644, DiffNew=6058, DiffMax=50072 00:01:30.159 vminfo Found 5 sessions 00:01:30.159 vminfo Handling session 0 00:01:30.159 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:01:30.159 vminfo Handling session 1 00:01:30.159 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:30.159 vminfo Handling session 2 00:01:30.159 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:30.159 vminfo Handling session 3 00:01:30.159 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:01:30.159 vminfo Handling session 4 00:01:30.159 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:01:30.159 vminfo Found 0 unique logged-in user(s) 00:01:30.159 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:01:40.054 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:54:15.827000000Z (MinAdjust: 100 ms) 00:01:40.054 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:53:59.488145300Z => 16 338 854 700 ns drift 00:01:40.054 timesync VBoxServiceTimeSyncAdjust: Drift=16338ms 00:01:40.054 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=66644, NewTA=73308, DiffNew=6664, DiffMax=50072 00:01:40.164 vminfo Found 5 sessions 00:01:40.164 vminfo Handling session 0 00:01:40.164 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:01:40.164 vminfo Handling session 1 00:01:40.164 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:40.164 vminfo Handling session 2 00:01:40.164 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:40.164 vminfo Handling session 3 00:01:40.164 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:01:40.164 vminfo Handling session 4 00:01:40.164 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:01:40.164 vminfo Found 0 unique logged-in user(s) 00:01:40.164 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:01:50.058 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:54:25.831000000Z (MinAdjust: 100 ms) 00:01:50.058 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:54:06.811614500Z => 19 019 385 500 ns drift 00:01:50.058 timesync VBoxServiceTimeSyncAdjust: Drift=19019ms 00:01:50.058 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=73308, NewTA=80638, DiffNew=7330, DiffMax=50072 00:01:50.168 vminfo Found 5 sessions 00:01:50.168 vminfo Handling session 0 00:01:50.168 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:01:50.168 vminfo Handling session 1 00:01:50.168 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:50.168 vminfo Handling session 2 00:01:50.168 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:50.168 vminfo Handling session 3 00:01:50.168 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:01:50.168 vminfo Handling session 4 00:01:50.168 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:01:50.168 vminfo Found 0 unique logged-in user(s) 00:01:50.168 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:02:00.032 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:02:00.062 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:54:35.835000000Z (MinAdjust: 100 ms) 00:02:00.062 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:54:14.867350700Z => 20 967 649 300 ns drift 00:02:00.062 timesync VBoxServiceTimeSyncAdjust: Drift=20967ms 00:02:00.062 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=80638, NewTA=88701, DiffNew=8063, DiffMax=50072 00:02:00.173 vminfo Found 5 sessions 00:02:00.173 vminfo Handling session 0 00:02:00.173 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:02:00.173 vminfo Handling session 1 00:02:00.173 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:00.173 vminfo Handling session 2 00:02:00.173 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:00.173 vminfo Handling session 3 00:02:00.173 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:02:00.173 vminfo Handling session 4 00:02:00.173 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:02:00.173 vminfo Found 0 unique logged-in user(s) 00:02:00.173 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:02:10.067 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:54:45.840000000Z (MinAdjust: 100 ms) 00:02:10.067 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:54:23.728580600Z => 22 111 419 400 ns drift 00:02:10.067 timesync VBoxServiceTimeSyncAdjust: Drift=22111ms 00:02:10.067 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=88701, NewTA=97571, DiffNew=8870, DiffMax=50072 00:02:10.177 vminfo Found 5 sessions 00:02:10.177 vminfo Handling session 0 00:02:10.177 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:02:10.177 vminfo Handling session 1 00:02:10.177 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:10.177 vminfo Handling session 2 00:02:10.177 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:10.177 vminfo Handling session 3 00:02:10.177 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:02:10.177 vminfo Handling session 4 00:02:10.177 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:02:10.177 vminfo Found 0 unique logged-in user(s) 00:02:10.177 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:02:20.071 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:54:55.844000000Z (MinAdjust: 100 ms) 00:02:20.071 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:54:33.475923500Z => 22 368 076 500 ns drift 00:02:20.071 timesync VBoxServiceTimeSyncAdjust: Drift=22368ms 00:02:20.071 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=97571, NewTA=107328, DiffNew=9757, DiffMax=50072 00:02:20.181 vminfo Found 5 sessions 00:02:20.181 vminfo Handling session 0 00:02:20.181 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:02:20.181 vminfo Handling session 1 00:02:20.181 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:20.181 vminfo Handling session 2 00:02:20.181 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:20.181 vminfo Handling session 3 00:02:20.181 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:02:20.181 vminfo Handling session 4 00:02:20.181 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:02:20.181 vminfo Found 0 unique logged-in user(s) 00:02:20.181 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:02:30.076 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:55:05.849000000Z (MinAdjust: 100 ms) 00:02:30.076 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:54:44.197990700Z => 21 651 009 300 ns drift 00:02:30.076 timesync VBoxServiceTimeSyncAdjust: Drift=21651ms 00:02:30.076 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=107328, NewTA=118060, DiffNew=10732, DiffMax=50072 00:02:30.186 vminfo Found 5 sessions 00:02:30.186 vminfo Handling session 0 00:02:30.186 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:02:30.186 vminfo Handling session 1 00:02:30.186 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:30.186 vminfo Handling session 2 00:02:30.186 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:30.186 vminfo Handling session 3 00:02:30.186 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:02:30.186 vminfo Handling session 4 00:02:30.186 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:02:30.186 vminfo Found 0 unique logged-in user(s) 00:02:30.186 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:02:40.080 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:55:15.853000000Z (MinAdjust: 100 ms) 00:02:40.080 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:54:55.992184700Z => 19 860 815 300 ns drift 00:02:40.080 timesync VBoxServiceTimeSyncAdjust: Drift=19860ms 00:02:40.080 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=118060, NewTA=129866, DiffNew=11806, DiffMax=50072 00:02:40.190 vminfo Found 5 sessions 00:02:40.190 vminfo Handling session 0 00:02:40.190 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:02:40.190 vminfo Handling session 1 00:02:40.190 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:40.190 vminfo Handling session 2 00:02:40.190 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:40.190 vminfo Handling session 3 00:02:40.190 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:02:40.190 vminfo Handling session 4 00:02:40.190 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:02:40.190 vminfo Found 0 unique logged-in user(s) 00:02:40.190 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:02:50.084 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:55:25.857000000Z (MinAdjust: 100 ms) 00:02:50.084 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:55:08.965798100Z => 16 891 201 900 ns drift 00:02:50.084 timesync VBoxServiceTimeSyncAdjust: Drift=16891ms 00:02:50.084 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=129866, NewTA=142852, DiffNew=12986, DiffMax=50072 00:02:50.195 vminfo Found 5 sessions 00:02:50.195 vminfo Handling session 0 00:02:50.195 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:02:50.195 vminfo Handling session 1 00:02:50.195 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:50.195 vminfo Handling session 2 00:02:50.195 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:50.195 vminfo Handling session 3 00:02:50.195 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:02:50.195 vminfo Handling session 4 00:02:50.195 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:02:50.195 vminfo Found 0 unique logged-in user(s) 00:02:50.195 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:00.039 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:03:00.089 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:55:35.862000000Z (MinAdjust: 100 ms) 00:03:00.089 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:55:23.236712900Z => 12 625 287 100 ns drift 00:03:00.089 timesync VBoxServiceTimeSyncAdjust: Drift=12625ms 00:03:00.089 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=142852, NewTA=150216, DiffNew=50072, DiffMax=50072 00:03:00.199 vminfo Found 5 sessions 00:03:00.199 vminfo Handling session 0 00:03:00.199 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:00.199 vminfo Handling session 1 00:03:00.199 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:00.199 vminfo Handling session 2 00:03:00.199 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:00.199 vminfo Handling session 3 00:03:00.199 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:00.199 vminfo Handling session 4 00:03:00.199 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:00.199 vminfo Found 0 unique logged-in user(s) 00:03:00.199 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:10.093 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:55:45.866000000Z (MinAdjust: 100 ms) 00:03:10.093 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:55:38.243291300Z => 7 622 708 700 ns drift 00:03:10.093 timesync VBoxServiceTimeSyncAdjust: Drift=7622ms 00:03:10.093 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=150216, NewTA=150216, DiffNew=50072, DiffMax=50072 00:03:10.203 vminfo Found 5 sessions 00:03:10.203 vminfo Handling session 0 00:03:10.203 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:10.203 vminfo Handling session 1 00:03:10.203 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:10.203 vminfo Handling session 2 00:03:10.203 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:10.203 vminfo Handling session 3 00:03:10.203 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:10.203 vminfo Handling session 4 00:03:10.203 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:10.203 vminfo Found 0 unique logged-in user(s) 00:03:10.203 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:13.628 main Control handler: Control=0xe, EventType=0x3 00:03:13.628 main Control handler: A session connected to the remote terminal (Session=1, Event=0x3) 00:03:13.638 vminfo Found 5 sessions 00:03:13.638 vminfo Handling session 0 00:03:13.638 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:13.638 vminfo Handling session 1 00:03:13.638 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:13.638 vminfo Handling session 2 00:03:13.638 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:13.638 vminfo Handling session 3 00:03:13.638 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:13.638 vminfo Handling session 4 00:03:13.638 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:13.638 vminfo Found 0 unique logged-in user(s) 00:03:13.638 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:19.136 main Control handler: Control=0xe, EventType=0x1 00:03:19.136 main Control handler: A session was connected to the console terminal (Session=0, Event=0x1) 00:03:19.136 vminfo Found 6 sessions 00:03:19.136 vminfo Handling session 0 00:03:19.136 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:19.136 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:19.136 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:19.156 vminfo Account User=ChenDT, WTSConnectState=1 (4) 00:03:19.156 vminfo Account User=ChenDT is not logged in 00:03:19.156 vminfo Handling session 1 00:03:19.156 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:19.156 vminfo Handling session 2 00:03:19.156 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:19.156 vminfo Handling session 3 00:03:19.156 main Control handler: Control=0xe, EventType=0x4 00:03:19.156 main Control handler: A session was disconnected from the remote terminal (Session=1, Event=0x4) 00:03:19.226 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:19.226 vminfo Handling session 4 00:03:19.226 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:19.226 vminfo Handling session 5 00:03:19.226 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:19.226 vminfo Found 0 unique logged-in user(s) 00:03:19.226 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:19.276 vminfo Found 6 sessions 00:03:19.276 vminfo Handling session 0 00:03:19.276 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:19.276 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:19.276 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:19.276 vminfo Account User=ChenDT, WTSConnectState=4 (4) 00:03:19.276 vminfo Account User=ChenDT using TCS/RDP, state=4 00:03:19.276 vminfo Account User=ChenDT is logged in 00:03:19.276 main Control handler: Control=0xe, EventType=0x2 00:03:19.276 main Control handler: A session was disconnected from the console terminal (Session=0, Event=0x2) 00:03:19.276 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:03:19.276 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:03:19.276 vminfo Error: Unable to open process with PID=0, error=87 00:03:19.276 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=264: \SystemRoot\System32\smss.exe 00:03:19.276 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:03:19.276 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:03:19.276 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=460: C:\XP\system32\services.exe 00:03:19.276 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=472: C:\XP\system32\lsass.exe 00:03:19.276 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:03:19.276 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=672: C:\XP\system32\svchost.exe 00:03:19.276 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.276 vminfo PID=736: C:\XP\system32\svchost.exe 00:03:19.276 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:03:19.276 vminfo PID=816: C:\XP\system32\svchost.exe 00:03:19.276 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.286 vminfo PID=868: C:\XP\system32\svchost.exe 00:03:19.286 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:03:19.286 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:03:19.286 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:03:19.286 vminfo PID=1064: C:\XP\system32\svchost.exe 00:03:19.286 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:03:19.286 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:03:19.286 vminfo PID=1712: (Interactive: false) 0:999 <-> 0:52808 00:03:19.286 vminfo PID=1712: \??\C:\XP\system32\csrss.exe 00:03:19.286 vminfo PID=1740: (Interactive: false) 0:999 <-> 0:52808 00:03:19.286 vminfo PID=1740: \??\C:\XP\system32\winlogon.exe 00:03:19.286 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:03:19.286 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:03:19.286 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:03:19.286 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:03:19.286 vminfo Session 1 has 0 processes total 00:03:19.286 vminfo Adding new user=ChenDT (session 1) with 0 processes 00:03:19.286 vminfo Handling session 1 00:03:19.286 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:19.286 vminfo Handling session 2 00:03:19.286 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:19.286 vminfo Handling session 3 00:03:19.286 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:19.286 vminfo Handling session 4 00:03:19.286 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:19.286 vminfo Handling session 5 00:03:19.286 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:19.286 vminfo Found 1 unique logged-in user(s) 00:03:19.286 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:19.296 vminfo Found 6 sessions 00:03:19.296 vminfo Handling session 0 00:03:19.296 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:19.296 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:19.296 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:19.296 vminfo Account User=ChenDT, WTSConnectState=4 (4) 00:03:19.296 vminfo Account User=ChenDT using TCS/RDP, state=4 00:03:19.296 vminfo Account User=ChenDT is logged in 00:03:19.296 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:03:19.296 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:03:19.296 vminfo Error: Unable to open process with PID=0, error=87 00:03:19.296 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=264: \SystemRoot\System32\smss.exe 00:03:19.296 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:03:19.296 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:03:19.296 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=460: C:\XP\system32\services.exe 00:03:19.296 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=472: C:\XP\system32\lsass.exe 00:03:19.296 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:03:19.296 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=672: C:\XP\system32\svchost.exe 00:03:19.296 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.296 vminfo PID=736: C:\XP\system32\svchost.exe 00:03:19.296 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=816: C:\XP\system32\svchost.exe 00:03:19.296 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.296 vminfo PID=868: C:\XP\system32\svchost.exe 00:03:19.296 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:03:19.296 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:03:19.296 vminfo PID=1064: C:\XP\system32\svchost.exe 00:03:19.296 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:03:19.296 vminfo PID=1712: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=1712: \??\C:\XP\system32\csrss.exe 00:03:19.296 vminfo PID=1740: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=1740: \??\C:\XP\system32\winlogon.exe 00:03:19.296 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:03:19.296 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:03:19.296 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:03:19.296 vminfo Session 1 has 0 processes total 00:03:19.296 vminfo Adding new user=ChenDT (session 1) with 0 processes 00:03:19.296 vminfo Handling session 1 00:03:19.296 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:19.296 vminfo Handling session 2 00:03:19.296 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:19.296 vminfo Handling session 3 00:03:19.296 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:19.296 vminfo Handling session 4 00:03:19.296 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:19.296 vminfo Handling session 5 00:03:19.296 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:19.296 vminfo Found 1 unique logged-in user(s) 00:03:19.296 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:19.397 main Control handler: Control=0xe, EventType=0x3 00:03:19.397 main Control handler: A session connected to the remote terminal (Session=0, Event=0x3) 00:03:19.397 vminfo Found 6 sessions 00:03:19.397 vminfo Handling session 0 00:03:19.607 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:19.607 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:19.607 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:19.727 main Control handler: Control=0xe, EventType=0x5 00:03:19.727 main Control handler: A user has logged on to a session (Session=0, Event=0x5) 00:03:19.797 vminfo Cannot query WTS connection state for user=ChenDT, error=7007 00:03:19.797 vminfo Account User=ChenDT is logged in 00:03:19.797 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:03:19.827 main Control handler: Control=0xe, EventType=0x1 00:03:19.827 main Control handler: A session was connected to the console terminal (Session=2, Event=0x1) 00:03:19.827 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:03:19.827 vminfo Error: Unable to open process with PID=0, error=87 00:03:19.827 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=264: \SystemRoot\System32\smss.exe 00:03:19.827 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:03:19.827 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:03:19.827 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=460: C:\XP\system32\services.exe 00:03:19.827 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=472: C:\XP\system32\lsass.exe 00:03:19.827 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:03:19.827 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=672: C:\XP\system32\svchost.exe 00:03:19.827 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.827 vminfo PID=736: C:\XP\system32\svchost.exe 00:03:19.827 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=816: C:\XP\system32\svchost.exe 00:03:19.827 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.827 vminfo PID=868: C:\XP\system32\svchost.exe 00:03:19.827 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:03:19.827 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:03:19.827 vminfo PID=1064: C:\XP\system32\svchost.exe 00:03:19.827 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:03:19.827 vminfo PID=1712: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=1740: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo Error: Unable to open process with PID=1740, error=87 00:03:19.827 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:03:19.827 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:03:19.827 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:03:19.827 vminfo Session 1 has 0 processes total 00:03:19.827 vminfo Adding new user=ChenDT (session 1) with 0 processes 00:03:19.827 vminfo Handling session 1 00:03:19.827 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:19.827 vminfo Handling session 2 00:03:19.827 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:19.827 vminfo Handling session 3 00:03:19.827 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:19.827 vminfo Handling session 4 00:03:19.827 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:19.827 vminfo Handling session 5 00:03:19.827 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:19.827 vminfo Found 1 unique logged-in user(s) 00:03:19.827 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:03:19.887 vminfo Found 6 sessions 00:03:19.887 vminfo Handling session 0 00:03:19.887 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:19.887 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:19.887 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:19.977 vminfo No WinStation found for user=ChenDT 00:03:19.977 vminfo Account User=ChenDT is logged in 00:03:19.977 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:03:19.977 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:03:19.977 vminfo Error: Unable to open process with PID=0, error=87 00:03:19.977 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=264: \SystemRoot\System32\smss.exe 00:03:19.977 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:03:19.977 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:03:19.977 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=460: C:\XP\system32\services.exe 00:03:19.977 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=472: C:\XP\system32\lsass.exe 00:03:19.977 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:03:19.977 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=672: C:\XP\system32\svchost.exe 00:03:19.977 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.977 vminfo PID=736: C:\XP\system32\svchost.exe 00:03:19.977 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=816: C:\XP\system32\svchost.exe 00:03:19.977 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:03:19.977 vminfo PID=868: C:\XP\system32\svchost.exe 00:03:19.977 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:03:19.977 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:03:19.977 vminfo PID=1064: C:\XP\system32\svchost.exe 00:03:19.977 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:03:19.977 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:03:19.977 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:03:19.977 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:03:19.977 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:03:19.977 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:03:19.977 vminfo PID=188: (Interactive: true ) 0:52808 <-> 0:52808 00:03:19.977 vminfo PID=188: C:\XP\system32\userinit.exe 00:03:19.977 vminfo Session 1 has 2 processes total 00:03:19.977 vminfo Adding new user=ChenDT (session 1) with 2 processes 00:03:19.977 vminfo Handling session 1 00:03:19.977 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:19.977 vminfo Handling session 2 00:03:19.997 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:19.997 vminfo Handling session 3 00:03:19.997 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:19.997 vminfo Handling session 4 00:03:19.997 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:19.997 vminfo Handling session 5 00:03:19.997 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:19.997 vminfo Found 1 unique logged-in user(s) 00:03:19.997 vminfo User ChenDT has 2 processes (session 1) 00:03:19.997 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:03:20.098 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:55:55.871000000Z (MinAdjust: 100 ms) 00:03:20.098 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:55:53.249869700Z => 2 621 130 300 ns drift 00:03:20.098 timesync VBoxServiceTimeSyncAdjust: Drift=2621ms 00:03:20.098 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=150216, NewTA=150216, DiffNew=50072, DiffMax=50072 00:03:30.092 vminfo Found 6 sessions 00:03:30.092 vminfo Handling session 0 00:03:30.092 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:30.092 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:30.092 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:30.092 vminfo No WinStation found for user=ChenDT 00:03:30.092 vminfo Account User=ChenDT is logged in 00:03:30.092 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:03:30.092 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:03:30.092 vminfo Error: Unable to open process with PID=0, error=87 00:03:30.092 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=264: \SystemRoot\System32\smss.exe 00:03:30.092 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:03:30.092 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:03:30.092 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=460: C:\XP\system32\services.exe 00:03:30.092 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=472: C:\XP\system32\lsass.exe 00:03:30.092 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:03:30.092 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=672: C:\XP\system32\svchost.exe 00:03:30.092 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:03:30.092 vminfo PID=736: C:\XP\system32\svchost.exe 00:03:30.092 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=816: C:\XP\system32\svchost.exe 00:03:30.092 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:03:30.092 vminfo PID=868: C:\XP\system32\svchost.exe 00:03:30.092 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:03:30.092 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:03:30.092 vminfo PID=1064: C:\XP\system32\svchost.exe 00:03:30.092 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:03:30.092 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:03:30.092 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:03:30.092 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:03:30.092 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:03:30.092 vminfo PID=188: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=188: C:\XP\system32\userinit.exe 00:03:30.092 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=304: C:\XP\Explorer.EXE 00:03:30.092 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:03:30.092 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:03:30.092 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:03:30.092 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:03:30.092 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:03:30.092 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:03:30.092 vminfo Session 1 has 8 processes total 00:03:30.092 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:03:30.092 vminfo Handling session 1 00:03:30.092 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:30.092 vminfo Handling session 2 00:03:30.092 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:30.092 vminfo Handling session 3 00:03:30.092 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:30.092 vminfo Handling session 4 00:03:30.092 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:30.092 vminfo Handling session 5 00:03:30.092 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:30.092 vminfo Found 1 unique logged-in user(s) 00:03:30.092 vminfo User ChenDT has 8 processes (session 1) 00:03:30.092 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:03:30.102 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:56:05.875000000Z (MinAdjust: 200 ms) 00:03:30.102 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:56:08.256448100Z => -2 381 448 100 ns drift 00:03:30.102 timesync VBoxServiceTimeSyncAdjust: Drift=-2381ms 00:03:30.102 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=150216, NewTA=135195, DiffNew=15021, DiffMax=50072 00:03:40.106 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:56:15.879000000Z (MinAdjust: 200 ms) 00:03:40.106 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:56:21.762428600Z => -5 883 428 600 ns drift 00:03:40.106 timesync VBoxServiceTimeSyncAdjust: Drift=-5883ms 00:03:40.106 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=135195, NewTA=121676, DiffNew=13519, DiffMax=50072 00:03:40.106 vminfo Found 6 sessions 00:03:40.106 vminfo Handling session 0 00:03:40.106 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:40.106 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:40.106 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:40.106 vminfo No WinStation found for user=ChenDT 00:03:40.106 vminfo Account User=ChenDT is logged in 00:03:40.106 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:03:40.106 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:03:40.106 vminfo Error: Unable to open process with PID=0, error=87 00:03:40.106 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=264: \SystemRoot\System32\smss.exe 00:03:40.106 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:03:40.106 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:03:40.106 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=460: C:\XP\system32\services.exe 00:03:40.106 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=472: C:\XP\system32\lsass.exe 00:03:40.106 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:03:40.106 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=672: C:\XP\system32\svchost.exe 00:03:40.106 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:03:40.106 vminfo PID=736: C:\XP\system32\svchost.exe 00:03:40.106 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=816: C:\XP\system32\svchost.exe 00:03:40.106 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:03:40.106 vminfo PID=868: C:\XP\system32\svchost.exe 00:03:40.106 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:03:40.106 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:03:40.106 vminfo PID=1064: C:\XP\system32\svchost.exe 00:03:40.106 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:03:40.106 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:03:40.106 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:03:40.106 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:03:40.106 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:03:40.106 vminfo PID=188: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=188: C:\XP\system32\userinit.exe 00:03:40.106 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=304: C:\XP\Explorer.EXE 00:03:40.106 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:03:40.106 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:03:40.106 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:03:40.106 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:03:40.106 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:03:40.106 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:03:40.106 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:03:40.106 vminfo Session 1 has 9 processes total 00:03:40.106 vminfo Adding new user=ChenDT (session 1) with 9 processes 00:03:40.106 vminfo Handling session 1 00:03:40.106 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:40.106 vminfo Handling session 2 00:03:40.106 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:40.106 vminfo Handling session 3 00:03:40.106 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:40.106 vminfo Handling session 4 00:03:40.106 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:40.106 vminfo Handling session 5 00:03:40.106 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:40.106 vminfo Found 1 unique logged-in user(s) 00:03:40.106 vminfo User ChenDT has 9 processes (session 1) 00:03:40.106 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:03:50.111 vminfo Found 6 sessions 00:03:50.111 vminfo Handling session 0 00:03:50.111 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:03:50.111 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:03:50.111 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:03:50.111 vminfo No WinStation found for user=ChenDT 00:03:50.111 vminfo Account User=ChenDT is logged in 00:03:50.111 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:03:50.111 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:03:50.111 vminfo Error: Unable to open process with PID=0, error=87 00:03:50.111 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=264: \SystemRoot\System32\smss.exe 00:03:50.111 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:03:50.111 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:03:50.111 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=460: C:\XP\system32\services.exe 00:03:50.111 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=472: C:\XP\system32\lsass.exe 00:03:50.111 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:03:50.111 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=672: C:\XP\system32\svchost.exe 00:03:50.111 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:03:50.111 vminfo PID=736: C:\XP\system32\svchost.exe 00:03:50.111 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=816: C:\XP\system32\svchost.exe 00:03:50.111 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:03:50.111 vminfo PID=868: C:\XP\system32\svchost.exe 00:03:50.111 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:03:50.111 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:03:50.111 vminfo PID=1064: C:\XP\system32\svchost.exe 00:03:50.111 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:03:50.111 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:03:50.111 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:03:50.111 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:03:50.111 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:03:50.111 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=304: C:\XP\Explorer.EXE 00:03:50.111 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:03:50.111 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:03:50.111 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:03:50.111 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:03:50.111 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:03:50.111 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:03:50.111 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:03:50.111 vminfo Session 1 has 8 processes total 00:03:50.111 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:03:50.111 vminfo Handling session 1 00:03:50.111 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:03:50.111 vminfo Handling session 2 00:03:50.111 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:56:25.890000000Z (MinAdjust: 200 ms) 00:03:50.111 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:56:33.917861000Z => -8 027 861 000 ns drift 00:03:50.111 timesync VBoxServiceTimeSyncAdjust: Drift=-8027ms 00:03:50.111 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=121676, NewTA=109509, DiffNew=12167, DiffMax=50072 00:03:50.111 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:50.111 vminfo Handling session 3 00:03:50.111 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:50.111 vminfo Handling session 4 00:03:50.111 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:03:50.111 vminfo Handling session 5 00:03:50.111 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:03:50.111 vminfo Found 1 unique logged-in user(s) 00:03:50.111 vminfo User ChenDT has 8 processes (session 1) 00:03:50.111 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:04:00.045 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:04:00.115 vminfo Found 6 sessions 00:04:00.115 vminfo Handling session 0 00:04:00.115 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:04:00.115 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:04:00.115 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:04:00.115 vminfo No WinStation found for user=ChenDT 00:04:00.115 vminfo Account User=ChenDT is logged in 00:04:00.115 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:04:00.115 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:04:00.115 vminfo Error: Unable to open process with PID=0, error=87 00:04:00.115 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=264: \SystemRoot\System32\smss.exe 00:04:00.115 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:04:00.115 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:04:00.115 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=460: C:\XP\system32\services.exe 00:04:00.115 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=472: C:\XP\system32\lsass.exe 00:04:00.115 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:04:00.115 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=672: C:\XP\system32\svchost.exe 00:04:00.115 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:04:00.115 vminfo PID=736: C:\XP\system32\svchost.exe 00:04:00.115 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=816: C:\XP\system32\svchost.exe 00:04:00.115 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:04:00.115 vminfo PID=868: C:\XP\system32\svchost.exe 00:04:00.115 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:04:00.115 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:04:00.115 vminfo PID=1064: C:\XP\system32\svchost.exe 00:04:00.115 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:04:00.115 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:04:00.115 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:04:00.115 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:04:00.115 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:04:00.115 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=304: C:\XP\Explorer.EXE 00:04:00.115 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:04:00.115 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:04:00.115 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:04:00.115 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:04:00.115 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:04:00.115 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:04:00.115 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:04:00.115 vminfo Session 1 has 8 processes total 00:04:00.115 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:04:00.115 vminfo Handling session 1 00:04:00.115 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:04:00.115 vminfo Handling session 2 00:04:00.115 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:00.115 vminfo Handling session 3 00:04:00.115 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:00.115 vminfo Handling session 4 00:04:00.115 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:04:00.115 vminfo Handling session 5 00:04:00.115 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:04:00.115 vminfo Found 1 unique logged-in user(s) 00:04:00.115 vminfo User ChenDT has 8 processes (session 1) 00:04:00.115 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:04:00.115 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:56:35.896000000Z (MinAdjust: 200 ms) 00:04:00.115 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:56:44.857810100Z => -8 961 810 100 ns drift 00:04:00.115 timesync VBoxServiceTimeSyncAdjust: Drift=-8961ms 00:04:00.115 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=109509, NewTA=98559, DiffNew=10950, DiffMax=50072 00:04:04.571 main Control handler: Control=0xe, EventType=0x4 00:04:04.571 main Control handler: A session was disconnected from the remote terminal (Session=0, Event=0x4) 00:04:04.571 vminfo Found 6 sessions 00:04:04.571 vminfo Handling session 0 00:04:04.571 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:04:04.571 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:04:04.571 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:04:04.571 vminfo No WinStation found for user=ChenDT 00:04:04.571 vminfo Account User=ChenDT is logged in 00:04:04.571 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:04:04.571 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:04:04.571 vminfo Error: Unable to open process with PID=0, error=87 00:04:04.571 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=264: \SystemRoot\System32\smss.exe 00:04:04.571 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:04:04.571 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:04:04.571 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=460: C:\XP\system32\services.exe 00:04:04.571 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=472: C:\XP\system32\lsass.exe 00:04:04.571 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:04:04.571 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=672: C:\XP\system32\svchost.exe 00:04:04.571 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:04:04.571 vminfo PID=736: C:\XP\system32\svchost.exe 00:04:04.571 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=816: C:\XP\system32\svchost.exe 00:04:04.571 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:04:04.571 vminfo PID=868: C:\XP\system32\svchost.exe 00:04:04.571 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:04:04.571 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:04:04.571 vminfo PID=1064: C:\XP\system32\svchost.exe 00:04:04.571 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:04:04.571 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:04:04.571 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:04:04.571 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:04:04.571 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.571 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:04:04.571 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.571 vminfo PID=304: C:\XP\Explorer.EXE 00:04:04.571 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.571 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:04:04.571 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.571 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:04:04.571 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.582 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:04:04.582 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.582 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:04:04.582 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.582 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:04:04.582 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:04:04.582 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:04:04.582 vminfo Session 1 has 8 processes total 00:04:04.582 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:04:04.582 vminfo Handling session 1 00:04:04.582 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:04:04.582 vminfo Handling session 2 00:04:04.582 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:04.582 vminfo Handling session 3 00:04:04.582 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:04.582 vminfo Handling session 4 00:04:04.582 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:04:04.582 vminfo Handling session 5 00:04:04.582 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:04:04.582 vminfo Found 1 unique logged-in user(s) 00:04:04.582 vminfo User ChenDT has 8 processes (session 1) 00:04:04.582 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:04:10.119 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:56:45.892000000Z (MinAdjust: 200 ms) 00:04:10.119 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:56:54.703854200Z => -8 811 854 200 ns drift 00:04:10.119 timesync VBoxServiceTimeSyncAdjust: Drift=-8811ms 00:04:10.119 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=98559, NewTA=88704, DiffNew=9855, DiffMax=50072 00:04:14.596 vminfo Found 6 sessions 00:04:14.596 vminfo Handling session 0 00:04:14.596 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:04:14.596 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:04:14.596 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:04:14.596 vminfo No WinStation found for user=ChenDT 00:04:14.596 vminfo Account User=ChenDT is logged in 00:04:14.596 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:04:14.596 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:04:14.596 vminfo Error: Unable to open process with PID=0, error=87 00:04:14.596 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=264: \SystemRoot\System32\smss.exe 00:04:14.596 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:04:14.596 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:04:14.596 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=460: C:\XP\system32\services.exe 00:04:14.596 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=472: C:\XP\system32\lsass.exe 00:04:14.596 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:04:14.596 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=672: C:\XP\system32\svchost.exe 00:04:14.596 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:04:14.596 vminfo PID=736: C:\XP\system32\svchost.exe 00:04:14.596 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=816: C:\XP\system32\svchost.exe 00:04:14.596 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:04:14.596 vminfo PID=868: C:\XP\system32\svchost.exe 00:04:14.596 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:04:14.596 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:04:14.596 vminfo PID=1064: C:\XP\system32\svchost.exe 00:04:14.596 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:04:14.596 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:04:14.596 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:04:14.596 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:04:14.596 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:04:14.596 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=304: C:\XP\Explorer.EXE 00:04:14.596 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:04:14.596 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:04:14.596 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:04:14.596 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:04:14.596 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:04:14.596 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:04:14.596 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:04:14.596 vminfo Session 1 has 8 processes total 00:04:14.596 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:04:14.596 vminfo Handling session 1 00:04:14.596 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:04:14.596 vminfo Handling session 2 00:04:14.596 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:14.596 vminfo Handling session 3 00:04:14.596 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:14.596 vminfo Handling session 4 00:04:14.596 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:04:14.596 vminfo Handling session 5 00:04:14.596 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:04:14.596 vminfo Found 1 unique logged-in user(s) 00:04:14.596 vminfo User ChenDT has 8 processes (session 1) 00:04:14.596 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:04:20.124 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:56:55.897000000Z (MinAdjust: 200 ms) 00:04:20.124 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:03.565383800Z => -7 668 383 800 ns drift 00:04:20.124 timesync VBoxServiceTimeSyncAdjust: Drift=-7668ms 00:04:20.124 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=88704, NewTA=79834, DiffNew=8870, DiffMax=50072 00:04:24.610 vminfo Found 6 sessions 00:04:24.610 vminfo Handling session 0 00:04:24.610 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:04:24.610 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:04:24.610 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:04:24.610 vminfo No WinStation found for user=ChenDT 00:04:24.610 vminfo Account User=ChenDT is logged in 00:04:24.610 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:04:24.610 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:04:24.610 vminfo Error: Unable to open process with PID=0, error=87 00:04:24.610 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=264: \SystemRoot\System32\smss.exe 00:04:24.610 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:04:24.610 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:04:24.610 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=460: C:\XP\system32\services.exe 00:04:24.610 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=472: C:\XP\system32\lsass.exe 00:04:24.610 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:04:24.610 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=672: C:\XP\system32\svchost.exe 00:04:24.610 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:04:24.610 vminfo PID=736: C:\XP\system32\svchost.exe 00:04:24.610 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=816: C:\XP\system32\svchost.exe 00:04:24.610 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:04:24.610 vminfo PID=868: C:\XP\system32\svchost.exe 00:04:24.610 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:04:24.610 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:04:24.610 vminfo PID=1064: C:\XP\system32\svchost.exe 00:04:24.610 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:04:24.610 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:04:24.610 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:04:24.610 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:04:24.610 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:04:24.610 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=304: C:\XP\Explorer.EXE 00:04:24.610 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:04:24.610 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:04:24.610 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:04:24.610 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:04:24.610 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:04:24.610 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:04:24.610 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:04:24.610 vminfo Session 1 has 8 processes total 00:04:24.610 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:04:24.610 vminfo Handling session 1 00:04:24.610 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:04:24.610 vminfo Handling session 2 00:04:24.610 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:24.610 vminfo Handling session 3 00:04:24.610 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:24.610 vminfo Handling session 4 00:04:24.610 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:04:24.610 vminfo Handling session 5 00:04:24.610 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:04:24.610 vminfo Found 1 unique logged-in user(s) 00:04:24.610 vminfo User ChenDT has 8 processes (session 1) 00:04:24.610 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:04:30.128 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:57:05.901000000Z (MinAdjust: 200 ms) 00:04:30.128 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:11.540800400Z => -5 639 800 400 ns drift 00:04:30.128 timesync VBoxServiceTimeSyncAdjust: Drift=-5639ms 00:04:30.128 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=79834, NewTA=71851, DiffNew=7983, DiffMax=50072 00:04:34.625 vminfo Found 6 sessions 00:04:34.625 vminfo Handling session 0 00:04:34.625 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:04:34.625 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:04:34.625 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:04:34.625 vminfo No WinStation found for user=ChenDT 00:04:34.625 vminfo Account User=ChenDT is logged in 00:04:34.625 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:04:34.625 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:04:34.625 vminfo Error: Unable to open process with PID=0, error=87 00:04:34.625 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=264: \SystemRoot\System32\smss.exe 00:04:34.625 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:04:34.625 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:04:34.625 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=460: C:\XP\system32\services.exe 00:04:34.625 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=472: C:\XP\system32\lsass.exe 00:04:34.625 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:04:34.625 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=672: C:\XP\system32\svchost.exe 00:04:34.625 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:04:34.625 vminfo PID=736: C:\XP\system32\svchost.exe 00:04:34.625 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=816: C:\XP\system32\svchost.exe 00:04:34.625 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:04:34.625 vminfo PID=868: C:\XP\system32\svchost.exe 00:04:34.625 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:04:34.625 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:04:34.625 vminfo PID=1064: C:\XP\system32\svchost.exe 00:04:34.625 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:04:34.625 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:04:34.625 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:04:34.625 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:04:34.625 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:04:34.625 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=304: C:\XP\Explorer.EXE 00:04:34.625 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:04:34.625 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:04:34.625 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:04:34.625 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:04:34.625 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:04:34.625 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:04:34.625 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:04:34.625 vminfo Session 1 has 8 processes total 00:04:34.625 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:04:34.625 vminfo Handling session 1 00:04:34.625 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:04:34.625 vminfo Handling session 2 00:04:34.625 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:34.625 vminfo Handling session 3 00:04:34.625 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:34.625 vminfo Handling session 4 00:04:34.625 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:04:34.625 vminfo Handling session 5 00:04:34.625 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:04:34.625 vminfo Found 1 unique logged-in user(s) 00:04:34.625 vminfo User ChenDT has 8 processes (session 1) 00:04:34.625 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:04:40.133 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:57:15.906000000Z (MinAdjust: 200 ms) 00:04:40.133 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:18.718715300Z => -2 812 715 300 ns drift 00:04:40.133 timesync VBoxServiceTimeSyncAdjust: Drift=-2812ms 00:04:40.133 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=71851, NewTA=64666, DiffNew=7185, DiffMax=50072 00:04:44.639 vminfo Found 6 sessions 00:04:44.639 vminfo Handling session 0 00:04:44.639 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:04:44.639 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:04:44.639 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:04:44.639 vminfo No WinStation found for user=ChenDT 00:04:44.639 vminfo Account User=ChenDT is logged in 00:04:44.639 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:04:44.639 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:04:44.639 vminfo Error: Unable to open process with PID=0, error=87 00:04:44.639 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=264: \SystemRoot\System32\smss.exe 00:04:44.639 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:04:44.639 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:04:44.639 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=460: C:\XP\system32\services.exe 00:04:44.639 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=472: C:\XP\system32\lsass.exe 00:04:44.639 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:04:44.639 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=672: C:\XP\system32\svchost.exe 00:04:44.639 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:04:44.639 vminfo PID=736: C:\XP\system32\svchost.exe 00:04:44.639 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=816: C:\XP\system32\svchost.exe 00:04:44.639 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:04:44.639 vminfo PID=868: C:\XP\system32\svchost.exe 00:04:44.639 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:04:44.639 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:04:44.639 vminfo PID=1064: C:\XP\system32\svchost.exe 00:04:44.639 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:04:44.639 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:04:44.639 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:04:44.639 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:04:44.639 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:04:44.639 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=304: C:\XP\Explorer.EXE 00:04:44.639 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:04:44.639 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:04:44.639 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:04:44.639 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:04:44.639 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:04:44.639 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:04:44.639 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:04:44.639 vminfo Session 1 has 8 processes total 00:04:44.639 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:04:44.639 vminfo Handling session 1 00:04:44.639 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:04:44.639 vminfo Handling session 2 00:04:44.639 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:44.639 vminfo Handling session 3 00:04:44.639 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:44.639 vminfo Handling session 4 00:04:44.639 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:04:44.639 vminfo Handling session 5 00:04:44.639 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:04:44.639 vminfo Found 1 unique logged-in user(s) 00:04:44.639 vminfo User ChenDT has 8 processes (session 1) 00:04:44.639 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:04:50.137 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:57:25.910000000Z (MinAdjust: 100 ms) 00:04:50.137 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:25.178848700Z => 731 151 300 ns drift 00:04:50.137 timesync VBoxServiceTimeSyncAdjust: Drift=731ms 00:04:50.137 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=64666, NewTA=71132, DiffNew=6466, DiffMax=50072 00:04:54.654 vminfo Found 6 sessions 00:04:54.654 vminfo Handling session 0 00:04:54.654 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:04:54.654 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:04:54.654 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:04:54.654 vminfo No WinStation found for user=ChenDT 00:04:54.654 vminfo Account User=ChenDT is logged in 00:04:54.654 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:04:54.654 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:04:54.654 vminfo Error: Unable to open process with PID=0, error=87 00:04:54.654 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=264: \SystemRoot\System32\smss.exe 00:04:54.654 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:04:54.654 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:04:54.654 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=460: C:\XP\system32\services.exe 00:04:54.654 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=472: C:\XP\system32\lsass.exe 00:04:54.654 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:04:54.654 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=672: C:\XP\system32\svchost.exe 00:04:54.654 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:04:54.654 vminfo PID=736: C:\XP\system32\svchost.exe 00:04:54.654 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=816: C:\XP\system32\svchost.exe 00:04:54.654 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:04:54.654 vminfo PID=868: C:\XP\system32\svchost.exe 00:04:54.654 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:04:54.654 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:04:54.654 vminfo PID=1064: C:\XP\system32\svchost.exe 00:04:54.654 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:04:54.654 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:04:54.654 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:04:54.654 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:04:54.654 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:04:54.654 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=304: C:\XP\Explorer.EXE 00:04:54.654 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:04:54.654 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:04:54.654 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:04:54.654 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:04:54.654 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:04:54.654 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:04:54.654 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:04:54.654 vminfo Session 1 has 8 processes total 00:04:54.654 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:04:54.654 vminfo Handling session 1 00:04:54.654 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:04:54.654 vminfo Handling session 2 00:04:54.654 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:54.654 vminfo Handling session 3 00:04:54.654 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:54.654 vminfo Handling session 4 00:04:54.654 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:04:54.654 vminfo Handling session 5 00:04:54.654 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:04:54.654 vminfo Found 1 unique logged-in user(s) 00:04:54.654 vminfo User ChenDT has 8 processes (session 1) 00:04:54.654 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:05:00.051 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:05:00.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:57:35.914000000Z (MinAdjust: 100 ms) 00:05:00.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:32.284935500Z => 3 629 064 500 ns drift 00:05:00.141 timesync VBoxServiceTimeSyncAdjust: Drift=3629ms 00:05:00.141 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=71132, NewTA=78245, DiffNew=7113, DiffMax=50072 00:05:04.668 vminfo Found 6 sessions 00:05:04.668 vminfo Handling session 0 00:05:04.668 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:05:04.668 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:05:04.668 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:05:04.668 vminfo No WinStation found for user=ChenDT 00:05:04.668 vminfo Account User=ChenDT is logged in 00:05:04.668 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:05:04.668 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:05:04.668 vminfo Error: Unable to open process with PID=0, error=87 00:05:04.668 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=264: \SystemRoot\System32\smss.exe 00:05:04.668 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:05:04.668 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:05:04.668 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=460: C:\XP\system32\services.exe 00:05:04.668 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=472: C:\XP\system32\lsass.exe 00:05:04.668 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:05:04.668 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=672: C:\XP\system32\svchost.exe 00:05:04.668 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:05:04.668 vminfo PID=736: C:\XP\system32\svchost.exe 00:05:04.668 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=816: C:\XP\system32\svchost.exe 00:05:04.668 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:05:04.668 vminfo PID=868: C:\XP\system32\svchost.exe 00:05:04.668 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:05:04.668 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:05:04.668 vminfo PID=1064: C:\XP\system32\svchost.exe 00:05:04.668 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:05:04.668 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:05:04.668 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:05:04.668 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:05:04.668 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:05:04.668 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=304: C:\XP\Explorer.EXE 00:05:04.668 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:05:04.668 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:05:04.668 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:05:04.668 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:05:04.668 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:05:04.668 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:05:04.668 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:05:04.668 vminfo Session 1 has 8 processes total 00:05:04.668 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:05:04.668 vminfo Handling session 1 00:05:04.668 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:05:04.668 vminfo Handling session 2 00:05:04.668 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:04.668 vminfo Handling session 3 00:05:04.668 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:04.668 vminfo Handling session 4 00:05:04.668 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:05:04.668 vminfo Handling session 5 00:05:04.668 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:05:04.668 vminfo Found 1 unique logged-in user(s) 00:05:04.668 vminfo User ChenDT has 8 processes (session 1) 00:05:04.668 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:05:10.146 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:57:45.919000000Z (MinAdjust: 100 ms) 00:05:10.146 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:40.101611000Z => 5 817 389 000 ns drift 00:05:10.146 timesync VBoxServiceTimeSyncAdjust: Drift=5817ms 00:05:10.146 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=78245, NewTA=86069, DiffNew=7824, DiffMax=50072 00:05:14.682 vminfo Found 6 sessions 00:05:14.682 vminfo Handling session 0 00:05:14.682 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:05:14.682 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:05:14.682 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:05:14.682 vminfo No WinStation found for user=ChenDT 00:05:14.682 vminfo Account User=ChenDT is logged in 00:05:14.682 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:05:14.682 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:05:14.682 vminfo Error: Unable to open process with PID=0, error=87 00:05:14.682 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=264: \SystemRoot\System32\smss.exe 00:05:14.682 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:05:14.682 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:05:14.682 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=460: C:\XP\system32\services.exe 00:05:14.682 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=472: C:\XP\system32\lsass.exe 00:05:14.682 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:05:14.682 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=672: C:\XP\system32\svchost.exe 00:05:14.682 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:05:14.682 vminfo PID=736: C:\XP\system32\svchost.exe 00:05:14.682 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=816: C:\XP\system32\svchost.exe 00:05:14.682 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:05:14.682 vminfo PID=868: C:\XP\system32\svchost.exe 00:05:14.682 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:05:14.682 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:05:14.682 vminfo PID=1064: C:\XP\system32\svchost.exe 00:05:14.682 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:05:14.682 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:05:14.682 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:05:14.682 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:05:14.682 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:05:14.682 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=304: C:\XP\Explorer.EXE 00:05:14.682 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:05:14.682 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:05:14.682 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:05:14.682 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:05:14.682 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:05:14.682 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:05:14.682 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:05:14.682 vminfo Session 1 has 8 processes total 00:05:14.682 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:05:14.682 vminfo Handling session 1 00:05:14.682 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:05:14.682 vminfo Handling session 2 00:05:14.682 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:14.682 vminfo Handling session 3 00:05:14.682 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:14.682 vminfo Handling session 4 00:05:14.682 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:05:14.682 vminfo Handling session 5 00:05:14.682 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:05:14.682 vminfo Found 1 unique logged-in user(s) 00:05:14.682 vminfo User ChenDT has 8 processes (session 1) 00:05:14.682 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:05:20.150 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:57:55.923000000Z (MinAdjust: 100 ms) 00:05:20.150 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:48.699904100Z => 7 223 095 900 ns drift 00:05:20.150 timesync VBoxServiceTimeSyncAdjust: Drift=7223ms 00:05:20.150 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=86069, NewTA=94675, DiffNew=8606, DiffMax=50072 00:05:24.697 vminfo Found 6 sessions 00:05:24.697 vminfo Handling session 0 00:05:24.697 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:05:24.697 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:05:24.697 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:05:24.697 vminfo No WinStation found for user=ChenDT 00:05:24.697 vminfo Account User=ChenDT is logged in 00:05:24.697 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:05:24.697 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:05:24.697 vminfo Error: Unable to open process with PID=0, error=87 00:05:24.697 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=264: \SystemRoot\System32\smss.exe 00:05:24.697 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:05:24.697 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:05:24.697 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=460: C:\XP\system32\services.exe 00:05:24.697 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=472: C:\XP\system32\lsass.exe 00:05:24.697 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:05:24.697 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=672: C:\XP\system32\svchost.exe 00:05:24.697 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:05:24.697 vminfo PID=736: C:\XP\system32\svchost.exe 00:05:24.697 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=816: C:\XP\system32\svchost.exe 00:05:24.697 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:05:24.697 vminfo PID=868: C:\XP\system32\svchost.exe 00:05:24.697 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:05:24.697 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:05:24.697 vminfo PID=1064: C:\XP\system32\svchost.exe 00:05:24.697 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:05:24.697 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:05:24.697 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:05:24.697 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:05:24.697 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:05:24.697 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=304: C:\XP\Explorer.EXE 00:05:24.697 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:05:24.697 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:05:24.697 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:05:24.697 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:05:24.697 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:05:24.697 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:05:24.697 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:05:24.697 vminfo Session 1 has 8 processes total 00:05:24.697 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:05:24.697 vminfo Handling session 1 00:05:24.697 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:05:24.697 vminfo Handling session 2 00:05:24.697 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:24.697 vminfo Handling session 3 00:05:24.697 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:24.697 vminfo Handling session 4 00:05:24.697 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:05:24.697 vminfo Handling session 5 00:05:24.697 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:05:24.697 vminfo Found 1 unique logged-in user(s) 00:05:24.697 vminfo User ChenDT has 8 processes (session 1) 00:05:24.697 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:05:30.155 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:58:05.928000000Z (MinAdjust: 100 ms) 00:05:30.155 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:57:58.157936600Z => 7 770 063 400 ns drift 00:05:30.155 timesync VBoxServiceTimeSyncAdjust: Drift=7770ms 00:05:30.155 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=94675, NewTA=104142, DiffNew=9467, DiffMax=50072 00:05:34.701 vminfo Found 6 sessions 00:05:34.701 vminfo Handling session 0 00:05:34.701 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:05:34.701 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:05:34.701 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:05:34.701 vminfo No WinStation found for user=ChenDT 00:05:34.701 vminfo Account User=ChenDT is logged in 00:05:34.701 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:05:34.701 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:05:34.701 vminfo Error: Unable to open process with PID=0, error=87 00:05:34.701 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=264: \SystemRoot\System32\smss.exe 00:05:34.701 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:05:34.701 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:05:34.701 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=460: C:\XP\system32\services.exe 00:05:34.701 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=472: C:\XP\system32\lsass.exe 00:05:34.701 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:05:34.701 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=672: C:\XP\system32\svchost.exe 00:05:34.701 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:05:34.701 vminfo PID=736: C:\XP\system32\svchost.exe 00:05:34.701 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=816: C:\XP\system32\svchost.exe 00:05:34.701 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:05:34.701 vminfo PID=868: C:\XP\system32\svchost.exe 00:05:34.701 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:05:34.701 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:05:34.701 vminfo PID=1064: C:\XP\system32\svchost.exe 00:05:34.701 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:05:34.701 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:05:34.701 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:05:34.701 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:05:34.701 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:05:34.701 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=304: C:\XP\Explorer.EXE 00:05:34.701 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:05:34.701 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:05:34.701 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:05:34.701 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:05:34.701 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:05:34.701 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:05:34.701 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:05:34.701 vminfo Session 1 has 8 processes total 00:05:34.701 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:05:34.701 vminfo Handling session 1 00:05:34.701 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:05:34.701 vminfo Handling session 2 00:05:34.701 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:34.701 vminfo Handling session 3 00:05:34.701 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:34.701 vminfo Handling session 4 00:05:34.701 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:05:34.701 vminfo Handling session 5 00:05:34.701 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:05:34.701 vminfo Found 1 unique logged-in user(s) 00:05:34.701 vminfo User ChenDT has 8 processes (session 1) 00:05:34.701 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:05:40.159 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:58:15.932000000Z (MinAdjust: 100 ms) 00:05:40.159 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:58:08.561722400Z => 7 370 277 600 ns drift 00:05:40.159 timesync VBoxServiceTimeSyncAdjust: Drift=7370ms 00:05:40.159 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=104142, NewTA=114556, DiffNew=10414, DiffMax=50072 00:05:44.715 vminfo Found 6 sessions 00:05:44.715 vminfo Handling session 0 00:05:44.715 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:05:44.715 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:05:44.715 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:05:44.715 vminfo No WinStation found for user=ChenDT 00:05:44.715 vminfo Account User=ChenDT is logged in 00:05:44.715 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:05:44.715 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:05:44.715 vminfo Error: Unable to open process with PID=0, error=87 00:05:44.715 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=264: \SystemRoot\System32\smss.exe 00:05:44.715 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:05:44.715 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:05:44.715 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=460: C:\XP\system32\services.exe 00:05:44.715 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=472: C:\XP\system32\lsass.exe 00:05:44.715 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:05:44.715 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=672: C:\XP\system32\svchost.exe 00:05:44.715 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:05:44.715 vminfo PID=736: C:\XP\system32\svchost.exe 00:05:44.715 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=816: C:\XP\system32\svchost.exe 00:05:44.715 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:05:44.715 vminfo PID=868: C:\XP\system32\svchost.exe 00:05:44.715 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:05:44.715 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:05:44.715 vminfo PID=1064: C:\XP\system32\svchost.exe 00:05:44.715 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:05:44.715 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:05:44.715 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:05:44.715 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:05:44.715 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:05:44.715 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=304: C:\XP\Explorer.EXE 00:05:44.715 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:05:44.715 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:05:44.715 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:05:44.715 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:05:44.715 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:05:44.715 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:05:44.715 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:05:44.715 vminfo Session 1 has 8 processes total 00:05:44.715 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:05:44.715 vminfo Handling session 1 00:05:44.715 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:05:44.715 vminfo Handling session 2 00:05:44.715 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:44.715 vminfo Handling session 3 00:05:44.715 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:44.715 vminfo Handling session 4 00:05:44.715 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:05:44.715 vminfo Handling session 5 00:05:44.715 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:05:44.715 vminfo Found 1 unique logged-in user(s) 00:05:44.715 vminfo User ChenDT has 8 processes (session 1) 00:05:44.715 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:05:50.163 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:58:25.936000000Z (MinAdjust: 100 ms) 00:05:50.163 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:58:20.005866800Z => 5 930 133 200 ns drift 00:05:50.163 timesync VBoxServiceTimeSyncAdjust: Drift=5930ms 00:05:50.163 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=114556, NewTA=126011, DiffNew=11455, DiffMax=50072 00:05:54.730 vminfo Found 6 sessions 00:05:54.730 vminfo Handling session 0 00:05:54.730 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:05:54.730 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:05:54.730 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:05:54.730 vminfo No WinStation found for user=ChenDT 00:05:54.730 vminfo Account User=ChenDT is logged in 00:05:54.730 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:05:54.730 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:05:54.730 vminfo Error: Unable to open process with PID=0, error=87 00:05:54.730 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=264: \SystemRoot\System32\smss.exe 00:05:54.730 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:05:54.730 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:05:54.730 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=460: C:\XP\system32\services.exe 00:05:54.730 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=472: C:\XP\system32\lsass.exe 00:05:54.730 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:05:54.730 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=672: C:\XP\system32\svchost.exe 00:05:54.730 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:05:54.730 vminfo PID=736: C:\XP\system32\svchost.exe 00:05:54.730 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=816: C:\XP\system32\svchost.exe 00:05:54.730 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:05:54.730 vminfo PID=868: C:\XP\system32\svchost.exe 00:05:54.730 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:05:54.730 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:05:54.730 vminfo PID=1064: C:\XP\system32\svchost.exe 00:05:54.730 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:05:54.730 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:05:54.730 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:05:54.730 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:05:54.730 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:05:54.730 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=304: C:\XP\Explorer.EXE 00:05:54.730 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:05:54.730 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:05:54.730 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:05:54.730 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:05:54.730 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:05:54.730 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:05:54.730 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:05:54.730 vminfo Session 1 has 8 processes total 00:05:54.730 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:05:54.730 vminfo Handling session 1 00:05:54.730 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:05:54.730 vminfo Handling session 2 00:05:54.730 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:54.730 vminfo Handling session 3 00:05:54.730 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:54.730 vminfo Handling session 4 00:05:54.730 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:05:54.730 vminfo Handling session 5 00:05:54.730 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:05:54.730 vminfo Found 1 unique logged-in user(s) 00:05:54.730 vminfo User ChenDT has 8 processes (session 1) 00:05:54.730 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:06:00.058 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:06:00.168 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:58:35.941000000Z (MinAdjust: 100 ms) 00:06:00.168 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:58:32.594365700Z => 3 346 634 300 ns drift 00:06:00.168 timesync VBoxServiceTimeSyncAdjust: Drift=3346ms 00:06:00.168 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=126011, NewTA=138612, DiffNew=12601, DiffMax=50072 00:06:04.744 vminfo Found 6 sessions 00:06:04.744 vminfo Handling session 0 00:06:04.744 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:06:04.744 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:06:04.744 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:06:04.744 vminfo No WinStation found for user=ChenDT 00:06:04.744 vminfo Account User=ChenDT is logged in 00:06:04.744 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:06:04.744 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:06:04.744 vminfo Error: Unable to open process with PID=0, error=87 00:06:04.744 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=264: \SystemRoot\System32\smss.exe 00:06:04.744 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:06:04.744 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:06:04.744 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=460: C:\XP\system32\services.exe 00:06:04.744 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=472: C:\XP\system32\lsass.exe 00:06:04.744 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:06:04.744 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=672: C:\XP\system32\svchost.exe 00:06:04.744 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:06:04.744 vminfo PID=736: C:\XP\system32\svchost.exe 00:06:04.744 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=816: C:\XP\system32\svchost.exe 00:06:04.744 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:06:04.744 vminfo PID=868: C:\XP\system32\svchost.exe 00:06:04.744 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:06:04.744 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:06:04.744 vminfo PID=1064: C:\XP\system32\svchost.exe 00:06:04.744 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:06:04.744 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:06:04.744 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:06:04.744 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:06:04.744 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:06:04.744 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=304: C:\XP\Explorer.EXE 00:06:04.744 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:06:04.744 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:06:04.744 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:06:04.744 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:06:04.744 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:06:04.744 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:06:04.744 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:06:04.744 vminfo Session 1 has 8 processes total 00:06:04.744 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:06:04.744 vminfo Handling session 1 00:06:04.744 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:06:04.744 vminfo Handling session 2 00:06:04.744 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:04.744 vminfo Handling session 3 00:06:04.744 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:04.744 vminfo Handling session 4 00:06:04.744 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:06:04.744 vminfo Handling session 5 00:06:04.744 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:06:04.744 vminfo Found 1 unique logged-in user(s) 00:06:04.744 vminfo User ChenDT has 8 processes (session 1) 00:06:04.744 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:06:10.172 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:58:45.945000000Z (MinAdjust: 200 ms) 00:06:10.172 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:58:46.441704500Z => -496 704 500 ns drift 00:06:10.172 timesync VBoxServiceTimeSyncAdjust: Drift=-496ms 00:06:10.172 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=138612, NewTA=124751, DiffNew=13861, DiffMax=50072 00:06:14.759 vminfo Found 6 sessions 00:06:14.759 vminfo Handling session 0 00:06:14.759 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:06:14.759 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:06:14.759 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:06:14.759 vminfo No WinStation found for user=ChenDT 00:06:14.759 vminfo Account User=ChenDT is logged in 00:06:14.759 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:06:14.759 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:06:14.759 vminfo Error: Unable to open process with PID=0, error=87 00:06:14.759 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=264: \SystemRoot\System32\smss.exe 00:06:14.759 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:06:14.759 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:06:14.759 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=460: C:\XP\system32\services.exe 00:06:14.759 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=472: C:\XP\system32\lsass.exe 00:06:14.759 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:06:14.759 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=672: C:\XP\system32\svchost.exe 00:06:14.759 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:06:14.759 vminfo PID=736: C:\XP\system32\svchost.exe 00:06:14.759 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=816: C:\XP\system32\svchost.exe 00:06:14.759 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:06:14.759 vminfo PID=868: C:\XP\system32\svchost.exe 00:06:14.759 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:06:14.759 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:06:14.759 vminfo PID=1064: C:\XP\system32\svchost.exe 00:06:14.759 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:06:14.759 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:06:14.759 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:06:14.759 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:06:14.759 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:06:14.759 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=304: C:\XP\Explorer.EXE 00:06:14.759 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:06:14.759 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:06:14.759 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:06:14.759 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:06:14.759 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:06:14.759 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:06:14.759 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:06:14.759 vminfo Session 1 has 8 processes total 00:06:14.759 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:06:14.759 vminfo Handling session 1 00:06:14.759 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:06:14.759 vminfo Handling session 2 00:06:14.759 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:14.759 vminfo Handling session 3 00:06:14.759 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:14.759 vminfo Handling session 4 00:06:14.759 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:06:14.759 vminfo Handling session 5 00:06:14.759 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:06:14.759 vminfo Found 1 unique logged-in user(s) 00:06:14.759 vminfo User ChenDT has 8 processes (session 1) 00:06:14.759 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:06:20.176 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:58:55.950000000Z (MinAdjust: 200 ms) 00:06:20.176 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:58:58.904329400Z => -2 954 329 400 ns drift 00:06:20.176 timesync VBoxServiceTimeSyncAdjust: Drift=-2954ms 00:06:20.176 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=124751, NewTA=112276, DiffNew=12475, DiffMax=50072 00:06:24.773 vminfo Found 6 sessions 00:06:24.773 vminfo Handling session 0 00:06:24.773 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:06:24.773 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:06:24.773 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:06:24.773 vminfo No WinStation found for user=ChenDT 00:06:24.773 vminfo Account User=ChenDT is logged in 00:06:24.773 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:06:24.773 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:06:24.773 vminfo Error: Unable to open process with PID=0, error=87 00:06:24.773 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=264: \SystemRoot\System32\smss.exe 00:06:24.773 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:06:24.773 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:06:24.773 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=460: C:\XP\system32\services.exe 00:06:24.773 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=472: C:\XP\system32\lsass.exe 00:06:24.773 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:06:24.773 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=672: C:\XP\system32\svchost.exe 00:06:24.773 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:06:24.773 vminfo PID=736: C:\XP\system32\svchost.exe 00:06:24.773 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=816: C:\XP\system32\svchost.exe 00:06:24.773 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:06:24.773 vminfo PID=868: C:\XP\system32\svchost.exe 00:06:24.773 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:06:24.773 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:06:24.773 vminfo PID=1064: C:\XP\system32\svchost.exe 00:06:24.773 vminfo PID=1456: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=1456: C:\XP\system32\wuauclt.exe 00:06:24.773 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:06:24.773 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:06:24.773 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:06:24.773 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:06:24.773 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=304: C:\XP\Explorer.EXE 00:06:24.773 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:06:24.773 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:06:24.773 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:06:24.773 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:06:24.773 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:06:24.773 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:06:24.773 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:06:24.773 vminfo Session 1 has 8 processes total 00:06:24.773 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:06:24.773 vminfo Handling session 1 00:06:24.773 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:06:24.773 vminfo Handling session 2 00:06:24.773 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:24.773 vminfo Handling session 3 00:06:24.773 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:24.773 vminfo Handling session 4 00:06:24.773 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:06:24.773 vminfo Handling session 5 00:06:24.773 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:06:24.773 vminfo Found 1 unique logged-in user(s) 00:06:24.773 vminfo User ChenDT has 8 processes (session 1) 00:06:24.773 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:06:30.181 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:59:05.954000000Z (MinAdjust: 200 ms) 00:06:30.181 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:59:10.120701800Z => -4 166 701 800 ns drift 00:06:30.181 timesync VBoxServiceTimeSyncAdjust: Drift=-4166ms 00:06:30.181 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=112276, NewTA=101049, DiffNew=11227, DiffMax=50072 00:06:34.787 vminfo Found 6 sessions 00:06:34.787 vminfo Handling session 0 00:06:34.787 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:06:34.787 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:06:34.787 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:06:34.787 vminfo No WinStation found for user=ChenDT 00:06:34.787 vminfo Account User=ChenDT is logged in 00:06:34.787 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:06:34.787 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:06:34.787 vminfo Error: Unable to open process with PID=0, error=87 00:06:34.787 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=264: \SystemRoot\System32\smss.exe 00:06:34.787 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:06:34.787 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:06:34.787 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=460: C:\XP\system32\services.exe 00:06:34.787 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=472: C:\XP\system32\lsass.exe 00:06:34.787 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:06:34.787 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=672: C:\XP\system32\svchost.exe 00:06:34.787 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:06:34.787 vminfo PID=736: C:\XP\system32\svchost.exe 00:06:34.787 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=816: C:\XP\system32\svchost.exe 00:06:34.787 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:06:34.787 vminfo PID=868: C:\XP\system32\svchost.exe 00:06:34.787 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:06:34.787 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:06:34.787 vminfo PID=1064: C:\XP\system32\svchost.exe 00:06:34.787 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:06:34.787 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:06:34.787 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:06:34.787 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:06:34.787 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=304: C:\XP\Explorer.EXE 00:06:34.787 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:06:34.787 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:06:34.787 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:06:34.787 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:06:34.787 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:06:34.787 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:06:34.787 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:06:34.787 vminfo Session 1 has 8 processes total 00:06:34.787 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:06:34.787 vminfo Handling session 1 00:06:34.787 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:06:34.787 vminfo Handling session 2 00:06:34.787 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:34.787 vminfo Handling session 3 00:06:34.787 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:34.787 vminfo Handling session 4 00:06:34.787 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:06:34.787 vminfo Handling session 5 00:06:34.787 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:06:34.787 vminfo Found 1 unique logged-in user(s) 00:06:34.787 vminfo User ChenDT has 8 processes (session 1) 00:06:34.787 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:06:40.185 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:59:15.958000000Z (MinAdjust: 200 ms) 00:06:40.185 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:59:20.215496900Z => -4 257 496 900 ns drift 00:06:40.185 timesync VBoxServiceTimeSyncAdjust: Drift=-4257ms 00:06:40.185 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=101049, NewTA=90945, DiffNew=10104, DiffMax=50072 00:06:44.802 vminfo Found 6 sessions 00:06:44.802 vminfo Handling session 0 00:06:44.802 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:06:44.802 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:06:44.802 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:06:44.802 vminfo No WinStation found for user=ChenDT 00:06:44.802 vminfo Account User=ChenDT is logged in 00:06:44.802 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:06:44.802 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:06:44.802 vminfo Error: Unable to open process with PID=0, error=87 00:06:44.802 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=264: \SystemRoot\System32\smss.exe 00:06:44.802 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:06:44.802 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:06:44.802 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=460: C:\XP\system32\services.exe 00:06:44.802 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=472: C:\XP\system32\lsass.exe 00:06:44.802 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:06:44.802 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=672: C:\XP\system32\svchost.exe 00:06:44.802 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:06:44.802 vminfo PID=736: C:\XP\system32\svchost.exe 00:06:44.802 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=816: C:\XP\system32\svchost.exe 00:06:44.802 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:06:44.802 vminfo PID=868: C:\XP\system32\svchost.exe 00:06:44.802 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:06:44.802 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:06:44.802 vminfo PID=1064: C:\XP\system32\svchost.exe 00:06:44.802 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:06:44.802 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:06:44.802 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:06:44.802 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:06:44.802 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=304: C:\XP\Explorer.EXE 00:06:44.802 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:06:44.802 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:06:44.802 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:06:44.802 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:06:44.802 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:06:44.802 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:06:44.802 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:06:44.802 vminfo Session 1 has 8 processes total 00:06:44.802 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:06:44.802 vminfo Handling session 1 00:06:44.802 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:06:44.802 vminfo Handling session 2 00:06:44.802 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:44.802 vminfo Handling session 3 00:06:44.802 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:44.802 vminfo Handling session 4 00:06:44.802 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:06:44.802 vminfo Handling session 5 00:06:44.802 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:06:44.802 vminfo Found 1 unique logged-in user(s) 00:06:44.802 vminfo User ChenDT has 8 processes (session 1) 00:06:44.802 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:06:50.190 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:59:25.963000000Z (MinAdjust: 200 ms) 00:06:50.190 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:59:29.300902400Z => -3 337 902 400 ns drift 00:06:50.190 timesync VBoxServiceTimeSyncAdjust: Drift=-3337ms 00:06:50.190 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=90945, NewTA=81851, DiffNew=9094, DiffMax=50072 00:06:54.816 vminfo Found 6 sessions 00:06:54.816 vminfo Handling session 0 00:06:54.816 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:06:54.816 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:06:54.816 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:06:54.816 vminfo No WinStation found for user=ChenDT 00:06:54.816 vminfo Account User=ChenDT is logged in 00:06:54.816 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:06:54.816 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:06:54.816 vminfo Error: Unable to open process with PID=0, error=87 00:06:54.816 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=264: \SystemRoot\System32\smss.exe 00:06:54.816 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:06:54.816 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:06:54.816 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=460: C:\XP\system32\services.exe 00:06:54.816 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=472: C:\XP\system32\lsass.exe 00:06:54.816 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:06:54.816 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=672: C:\XP\system32\svchost.exe 00:06:54.816 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:06:54.816 vminfo PID=736: C:\XP\system32\svchost.exe 00:06:54.816 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=816: C:\XP\system32\svchost.exe 00:06:54.816 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:06:54.816 vminfo PID=868: C:\XP\system32\svchost.exe 00:06:54.816 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:06:54.816 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:06:54.816 vminfo PID=1064: C:\XP\system32\svchost.exe 00:06:54.816 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:06:54.816 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:06:54.816 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:06:54.816 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:06:54.816 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=304: C:\XP\Explorer.EXE 00:06:54.816 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:06:54.816 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:06:54.816 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:06:54.816 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:06:54.816 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:06:54.816 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:06:54.816 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:06:54.816 vminfo Session 1 has 8 processes total 00:06:54.816 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:06:54.816 vminfo Handling session 1 00:06:54.816 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:06:54.816 vminfo Handling session 2 00:06:54.816 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:54.816 vminfo Handling session 3 00:06:54.816 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:54.816 vminfo Handling session 4 00:06:54.816 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:06:54.816 vminfo Handling session 5 00:06:54.816 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:06:54.816 vminfo Found 1 unique logged-in user(s) 00:06:54.816 vminfo User ChenDT has 8 processes (session 1) 00:06:54.816 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:07:00.064 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:07:00.194 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:59:35.967000000Z (MinAdjust: 200 ms) 00:07:00.194 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:59:37.477817300Z => -1 510 817 300 ns drift 00:07:00.194 timesync VBoxServiceTimeSyncAdjust: Drift=-1510ms 00:07:00.194 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=81851, NewTA=73666, DiffNew=8185, DiffMax=50072 00:07:04.831 vminfo Found 6 sessions 00:07:04.831 vminfo Handling session 0 00:07:04.831 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:07:04.831 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:07:04.831 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:07:04.831 vminfo No WinStation found for user=ChenDT 00:07:04.831 vminfo Account User=ChenDT is logged in 00:07:04.831 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:07:04.831 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:07:04.831 vminfo Error: Unable to open process with PID=0, error=87 00:07:04.831 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=264: \SystemRoot\System32\smss.exe 00:07:04.831 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:07:04.831 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:07:04.831 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=460: C:\XP\system32\services.exe 00:07:04.831 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=472: C:\XP\system32\lsass.exe 00:07:04.831 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:07:04.831 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=672: C:\XP\system32\svchost.exe 00:07:04.831 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:07:04.831 vminfo PID=736: C:\XP\system32\svchost.exe 00:07:04.831 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=816: C:\XP\system32\svchost.exe 00:07:04.831 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:07:04.831 vminfo PID=868: C:\XP\system32\svchost.exe 00:07:04.831 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:07:04.831 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:07:04.831 vminfo PID=1064: C:\XP\system32\svchost.exe 00:07:04.831 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:07:04.831 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:07:04.831 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:07:04.831 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:07:04.831 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=304: C:\XP\Explorer.EXE 00:07:04.831 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:07:04.831 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:07:04.831 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:07:04.831 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:07:04.831 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:07:04.831 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:07:04.831 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:07:04.831 vminfo Session 1 has 8 processes total 00:07:04.831 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:07:04.831 vminfo Handling session 1 00:07:04.831 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:07:04.831 vminfo Handling session 2 00:07:04.831 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:04.831 vminfo Handling session 3 00:07:04.831 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:04.831 vminfo Handling session 4 00:07:04.831 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:07:04.831 vminfo Handling session 5 00:07:04.831 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:07:04.831 vminfo Found 1 unique logged-in user(s) 00:07:04.831 vminfo User ChenDT has 8 processes (session 1) 00:07:04.831 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:07:10.198 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:59:45.971000000Z (MinAdjust: 100 ms) 00:07:10.198 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:59:44.837050700Z => 1 133 949 300 ns drift 00:07:10.198 timesync VBoxServiceTimeSyncAdjust: Drift=1133ms 00:07:10.198 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=73666, NewTA=81032, DiffNew=7366, DiffMax=50072 00:07:12.281 main Control handler: Control=0xe, EventType=0x3 00:07:12.281 main Control handler: A session connected to the remote terminal (Session=3, Event=0x3) 00:07:12.281 vminfo Found 6 sessions 00:07:12.281 vminfo Handling session 0 00:07:12.281 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:07:12.281 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:07:12.291 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:07:12.291 vminfo No WinStation found for user=ChenDT 00:07:12.291 vminfo Account User=ChenDT is logged in 00:07:12.291 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:07:12.291 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:07:12.291 vminfo Error: Unable to open process with PID=0, error=87 00:07:12.291 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=264: \SystemRoot\System32\smss.exe 00:07:12.291 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:07:12.291 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:07:12.291 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=460: C:\XP\system32\services.exe 00:07:12.291 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=472: C:\XP\system32\lsass.exe 00:07:12.291 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:07:12.291 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=672: C:\XP\system32\svchost.exe 00:07:12.291 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:07:12.291 vminfo PID=736: C:\XP\system32\svchost.exe 00:07:12.291 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=816: C:\XP\system32\svchost.exe 00:07:12.291 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:07:12.291 vminfo PID=868: C:\XP\system32\svchost.exe 00:07:12.291 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:07:12.291 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:07:12.291 vminfo PID=1064: C:\XP\system32\svchost.exe 00:07:12.291 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:07:12.291 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:07:12.291 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:07:12.291 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=304: C:\XP\Explorer.EXE 00:07:12.291 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:07:12.291 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:07:12.291 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:07:12.291 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:07:12.291 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:07:12.291 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:07:12.291 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:07:12.291 vminfo PID=1672: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=1672: \??\C:\XP\system32\csrss.exe 00:07:12.291 vminfo PID=1700: (Interactive: false) 0:999 <-> 0:52808 00:07:12.291 vminfo PID=1700: \??\C:\XP\system32\winlogon.exe 00:07:12.291 vminfo Session 1 has 8 processes total 00:07:12.291 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:07:12.291 vminfo Handling session 1 00:07:12.291 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:07:12.291 vminfo Handling session 2 00:07:12.291 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:12.291 vminfo Handling session 3 00:07:12.291 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:12.291 vminfo Handling session 4 00:07:12.291 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:07:12.291 vminfo Handling session 5 00:07:12.291 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:07:12.291 vminfo Found 1 unique logged-in user(s) 00:07:12.291 vminfo User ChenDT has 8 processes (session 1) 00:07:12.291 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:07:16.407 main Control handler: Control=0xe, EventType=0x4 00:07:16.407 main Control handler: A session was disconnected from the remote terminal (Session=3, Event=0x4) 00:07:16.407 vminfo Found 7 sessions 00:07:16.407 vminfo Handling session 0 00:07:16.407 vminfo Session data: Name=ChenDT, Session=3, LogonID=0,205608, LogonType=10 00:07:16.407 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:07:16.407 vminfo Account User=ChenDT, Session=3, LogonID=0,205608, AuthPkg=NTLM, Domain=EMAIL 00:07:16.407 vminfo Account User=ChenDT, WTSConnectState=4 (4) 00:07:16.407 vminfo Account User=ChenDT using TCS/RDP, state=4 00:07:16.407 vminfo Account User=ChenDT is logged in 00:07:16.407 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:07:16.417 vminfo PID=0: (Interactive: false) 0:0 <-> 0:205608 00:07:16.417 vminfo Error: Unable to open process with PID=0, error=87 00:07:16.417 vminfo PID=4: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=264: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=264: \SystemRoot\System32\smss.exe 00:07:16.417 vminfo PID=336: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:07:16.417 vminfo PID=360: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:07:16.417 vminfo PID=460: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=460: C:\XP\system32\services.exe 00:07:16.417 vminfo PID=472: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=472: C:\XP\system32\lsass.exe 00:07:16.417 vminfo PID=624: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:07:16.417 vminfo PID=672: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=672: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:205608 00:07:16.417 vminfo PID=736: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=816: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=816: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:205608 00:07:16.417 vminfo PID=868: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=960: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:07:16.417 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:205608 00:07:16.417 vminfo PID=1064: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:07:16.417 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:07:16.417 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:07:16.417 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=304: C:\XP\Explorer.EXE 00:07:16.417 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:07:16.417 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:07:16.417 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:07:16.417 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:07:16.417 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:07:16.417 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:205608 00:07:16.417 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:07:16.417 vminfo PID=1672: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=1672: \??\C:\XP\system32\csrss.exe 00:07:16.417 vminfo PID=1700: (Interactive: false) 0:999 <-> 0:205608 00:07:16.417 vminfo PID=1700: \??\C:\XP\system32\winlogon.exe 00:07:16.417 vminfo Session 3 has 0 processes total 00:07:16.417 vminfo Adding new user=ChenDT (session 3) with 0 processes 00:07:16.417 vminfo Handling session 1 00:07:16.417 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:07:16.417 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:07:16.417 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:07:16.417 vminfo No WinStation found for user=ChenDT 00:07:16.417 vminfo Account User=ChenDT is logged in 00:07:16.417 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:07:16.417 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:07:16.417 vminfo Error: Unable to open process with PID=0, error=87 00:07:16.417 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=264: \SystemRoot\System32\smss.exe 00:07:16.417 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:07:16.417 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:07:16.417 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=460: C:\XP\system32\services.exe 00:07:16.417 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=472: C:\XP\system32\lsass.exe 00:07:16.417 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:07:16.417 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=672: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:07:16.417 vminfo PID=736: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=816: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:07:16.417 vminfo PID=868: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:07:16.417 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:07:16.417 vminfo PID=1064: C:\XP\system32\svchost.exe 00:07:16.417 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:07:16.417 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:07:16.417 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:07:16.417 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=304: C:\XP\Explorer.EXE 00:07:16.417 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:07:16.417 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:07:16.417 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:07:16.417 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:07:16.417 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:07:16.417 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.417 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:07:16.417 vminfo PID=1672: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=1672: \??\C:\XP\system32\csrss.exe 00:07:16.417 vminfo PID=1700: (Interactive: false) 0:999 <-> 0:52808 00:07:16.417 vminfo PID=1700: \??\C:\XP\system32\winlogon.exe 00:07:16.417 vminfo Session 1 has 8 processes total 00:07:16.417 vminfo Handling session 2 00:07:16.417 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:07:16.417 vminfo Handling session 3 00:07:16.417 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:16.417 vminfo Handling session 4 00:07:16.417 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:16.417 vminfo Handling session 5 00:07:16.417 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:07:16.417 vminfo Handling session 6 00:07:16.417 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:07:16.417 vminfo Found 1 unique logged-in user(s) 00:07:16.417 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:07:16.798 main Control handler: Control=0xe, EventType=0x3 00:07:16.798 main Control handler: A session connected to the remote terminal (Session=0, Event=0x3) 00:07:16.828 vminfo Found 6 sessions 00:07:16.828 vminfo Handling session 0 00:07:16.828 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:07:16.828 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:07:16.828 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:07:16.838 vminfo No WinStation found for user=ChenDT 00:07:16.838 vminfo Account User=ChenDT is logged in 00:07:16.838 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:07:16.838 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:07:16.838 vminfo Error: Unable to open process with PID=0, error=87 00:07:16.838 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=264: \SystemRoot\System32\smss.exe 00:07:16.838 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:07:16.838 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:07:16.838 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=460: C:\XP\system32\services.exe 00:07:16.838 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=472: C:\XP\system32\lsass.exe 00:07:16.838 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:07:16.838 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=672: C:\XP\system32\svchost.exe 00:07:16.838 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:07:16.838 vminfo PID=736: C:\XP\system32\svchost.exe 00:07:16.838 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=816: C:\XP\system32\svchost.exe 00:07:16.838 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:07:16.838 vminfo PID=868: C:\XP\system32\svchost.exe 00:07:16.838 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:07:16.838 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:07:16.838 vminfo PID=1064: C:\XP\system32\svchost.exe 00:07:16.838 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:07:16.838 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:07:16.838 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:07:16.838 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:07:16.838 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=304: C:\XP\Explorer.EXE 00:07:16.838 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:07:16.838 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:07:16.838 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:07:16.838 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:07:16.838 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:07:16.838 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:07:16.838 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:07:16.838 vminfo Session 1 has 8 processes total 00:07:16.838 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:07:16.838 vminfo Handling session 1 00:07:16.838 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:07:16.838 vminfo Handling session 2 00:07:16.838 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:16.838 vminfo Handling session 3 00:07:16.838 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:16.838 vminfo Handling session 4 00:07:16.838 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:07:16.838 vminfo Handling session 5 00:07:16.848 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:07:16.848 vminfo Found 1 unique logged-in user(s) 00:07:16.848 vminfo User ChenDT has 8 processes (session 1) 00:07:16.848 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:07:20.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T11:59:55.976000000Z (MinAdjust: 100 ms) 00:07:20.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T11:59:52.932147500Z => 3 043 852 500 ns drift 00:07:20.203 timesync VBoxServiceTimeSyncAdjust: Drift=3043ms 00:07:20.203 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=81032, NewTA=89135, DiffNew=8103, DiffMax=50072 00:07:26.852 vminfo Found 6 sessions 00:07:26.852 vminfo Handling session 0 00:07:26.852 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:07:26.852 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:07:26.852 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:07:26.852 vminfo No WinStation found for user=ChenDT 00:07:26.852 vminfo Account User=ChenDT is logged in 00:07:26.852 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:07:26.852 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:07:26.852 vminfo Error: Unable to open process with PID=0, error=87 00:07:26.852 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=264: \SystemRoot\System32\smss.exe 00:07:26.852 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:07:26.852 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:07:26.852 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=460: C:\XP\system32\services.exe 00:07:26.852 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=472: C:\XP\system32\lsass.exe 00:07:26.852 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:07:26.852 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=672: C:\XP\system32\svchost.exe 00:07:26.852 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:07:26.852 vminfo PID=736: C:\XP\system32\svchost.exe 00:07:26.852 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=816: C:\XP\system32\svchost.exe 00:07:26.852 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:07:26.852 vminfo PID=868: C:\XP\system32\svchost.exe 00:07:26.852 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:07:26.852 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:07:26.852 vminfo PID=1064: C:\XP\system32\svchost.exe 00:07:26.852 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:07:26.852 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:07:26.852 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:07:26.852 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:07:26.852 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=304: C:\XP\Explorer.EXE 00:07:26.852 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:07:26.852 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:07:26.852 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:07:26.852 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:07:26.852 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:07:26.852 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:07:26.852 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:07:26.852 vminfo Session 1 has 8 processes total 00:07:26.852 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:07:26.852 vminfo Handling session 1 00:07:26.852 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:07:26.852 vminfo Handling session 2 00:07:26.852 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:26.852 vminfo Handling session 3 00:07:26.852 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:26.852 vminfo Handling session 4 00:07:26.852 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:07:26.852 vminfo Handling session 5 00:07:26.852 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:07:26.852 vminfo Found 1 unique logged-in user(s) 00:07:26.852 vminfo User ChenDT has 8 processes (session 1) 00:07:26.852 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS 00:07:30.207 timesync VBoxServiceTimeSyncWorker: Host: 2012-09-21T12:00:05.090000000Z (MinAdjust: 100 ms) 00:07:30.207 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-09-21T12:00:01.836734000Z => 3 253 266 000 ns drift 00:07:30.207 timesync VBoxServiceTimeSyncAdjust: Drift=3253ms 00:07:30.207 timesync VBoxServiceTimeSyncAdjust: OrgTA=100144, CurTA=89135, NewTA=98048, DiffNew=8913, DiffMax=50072 00:07:36.867 vminfo Found 6 sessions 00:07:36.867 vminfo Handling session 0 00:07:36.867 vminfo Session data: Name=ChenDT, Session=1, LogonID=0,52808, LogonType=10 00:07:36.867 vminfo Session LogonType=10 is supported -- looking up SID + type ... 00:07:36.867 vminfo Account User=ChenDT, Session=1, LogonID=0,52808, AuthPkg=NTLM, Domain=EMAIL 00:07:36.867 vminfo No WinStation found for user=ChenDT 00:07:36.867 vminfo Account User=ChenDT is logged in 00:07:36.867 vminfo Handling user=ChenDT, domain=EMAIL, package=NTLM 00:07:36.867 vminfo PID=0: (Interactive: false) 0:0 <-> 0:52808 00:07:36.867 vminfo Error: Unable to open process with PID=0, error=87 00:07:36.867 vminfo PID=4: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=264: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=264: \SystemRoot\System32\smss.exe 00:07:36.867 vminfo PID=336: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=336: \??\C:\XP\system32\csrss.exe 00:07:36.867 vminfo PID=360: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=360: \??\C:\XP\system32\winlogon.exe 00:07:36.867 vminfo PID=460: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=460: C:\XP\system32\services.exe 00:07:36.867 vminfo PID=472: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=472: C:\XP\system32\lsass.exe 00:07:36.867 vminfo PID=624: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=624: C:\XP\system32\VBoxService.exe 00:07:36.867 vminfo PID=672: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=672: C:\XP\system32\svchost.exe 00:07:36.867 vminfo PID=736: (Interactive: true ) 0:996 <-> 0:52808 00:07:36.867 vminfo PID=736: C:\XP\system32\svchost.exe 00:07:36.867 vminfo PID=816: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=816: C:\XP\system32\svchost.exe 00:07:36.867 vminfo PID=868: (Interactive: true ) 0:996 <-> 0:52808 00:07:36.867 vminfo PID=868: C:\XP\system32\svchost.exe 00:07:36.867 vminfo PID=960: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=960: C:\XP\system32\spoolsv.exe 00:07:36.867 vminfo PID=1064: (Interactive: true ) 0:997 <-> 0:52808 00:07:36.867 vminfo PID=1064: C:\XP\system32\svchost.exe 00:07:36.867 vminfo PID=1856: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=1856: \??\C:\XP\system32\csrss.exe 00:07:36.867 vminfo PID=1880: (Interactive: false) 0:999 <-> 0:52808 00:07:36.867 vminfo PID=1880: \??\C:\XP\system32\winlogon.exe 00:07:36.867 vminfo PID=2024: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.867 vminfo PID=2024: C:\XP\system32\rdpclip.exe 00:07:36.867 vminfo PID=304: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.867 vminfo PID=304: C:\XP\Explorer.EXE 00:07:36.867 vminfo PID=272: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.867 vminfo PID=272: C:\XP\system32\VBoxTray.exe 00:07:36.867 vminfo PID=436: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.867 vminfo PID=436: C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe 00:07:36.867 vminfo PID=780: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.867 vminfo PID=780: C:\XP\system32\ctfmon.exe 00:07:36.867 vminfo PID=832: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.877 vminfo PID=832: C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 00:07:36.877 vminfo PID=936: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.877 vminfo PID=936: C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe 00:07:36.877 vminfo PID=1108: (Interactive: true ) 0:52808 <-> 0:52808 00:07:36.877 vminfo PID=1108: C:\XP\system32\taskmgr.exe 00:07:36.877 vminfo Session 1 has 8 processes total 00:07:36.877 vminfo Adding new user=ChenDT (session 1) with 8 processes 00:07:36.877 vminfo Handling session 1 00:07:36.877 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,39940, LogonType=3 00:07:36.877 vminfo Handling session 2 00:07:36.877 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:36.877 vminfo Handling session 3 00:07:36.877 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:36.877 vminfo Handling session 4 00:07:36.877 vminfo Session data: Name=, Session=0, LogonID=0,27882, LogonType=0 00:07:36.877 vminfo Handling session 5 00:07:36.877 vminfo Session data: Name=EMAIL$, Session=0, LogonID=0,999, LogonType=0 00:07:36.877 vminfo Found 1 unique logged-in user(s) 00:07:36.877 vminfo User ChenDT has 8 processes (session 1) 00:07:36.877 vminfo cUsersInList: 1, pszUserList: ChenDT, rc=VINF_SUCCESS