VBoxService 4.1.16 r78094 (verbosity: 4) win.x86 (May 22 2012 14:42:43) release log 00:00:00.016 main Log opened 2012-08-31T21:37:55.140625000Z 00:00:00.016 main OS Product: Windows XP Professional 00:00:00.016 main OS Release: 5.1.2600 00:00:00.016 main Executable: C:\WINDOWS\system32\VBoxService.exe 00:00:00.016 main Process ID: 888 00:00:00.016 main Package type: WINDOWS_32BITS_GENERIC 00:00:00.016 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--control-procs-max-kept not found 00:00:00.016 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-interval not found 00:00:00.016 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-min-adjust not found 00:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-latency-factor not found 00:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-max-latency not found 00:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-threshold not found 00:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-start not found 00:00:00.031 main Guest Property: /VirtualBox/GuestAdd/VBoxService/--timesync-set-on-restore not found 00:00:00.031 main 4.1.16 r78094 started. Verbose level = 4 00:00:00.031 main Starting service dispatcher ... 00:00:00.031 Registering service control handler ... 00:00:00.031 Service control handler registered. 00:00:00.047 Setting VBoxService status to 30 00:00:00.047 Initializing services ... 00:00:00.047 Service client ID: 0x3b 00:00:00.047 VBoxServiceTimeSyncInit: Initially 156250 (100ns) units per 156250 (100 ns) units interval, disabled=1 00:00:00.047 VMInfo: Property Service Client ID: 0x3c 00:00:00.047 VBoxServiceBalloonInit 00:00:00.047 MemBalloon: New balloon size 0 MB (R0 memory) 00:00:00.047 VBoxServiceVMStatsInit 00:00:00.047 VBoxStatsInit: New statistics interval 0 seconds 00:00:00.047 VBoxStatsInit: gCtx.pfnNtQuerySystemInformation = 7c90d92e 00:00:00.047 VBoxStatsInit: gCtx.GlobalMemoryStatusEx = 7c81f992 00:00:00.047 VBoxStatsInit: gCtx.pfnGetPerformanceInfo= 76bf3e41 00:00:00.047 VBoxServicePageSharingInit 00:00:00.047 Starting services ... 00:00:00.047 Starting service 'control' ... 00:00:00.047 Starting service 'timesync' ... 00:00:00.047 Starting service 'vminfo' ... 00:00:00.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:37:56.735000000Z (MinAdjust: 100 ms) 00:00:00.047 control Waiting for host msg ... 00:00:00.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:37:55.171875000Z => 1 563 125 000 ns drift 00:00:00.047 timesync VBoxServiceTimeSyncAdjust: Drift=1563ms 00:00:00.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=156250, NewTA=171875, DiffNew=15625, DiffMax=78125 00:00:00.047 Starting service 'memballoon' ... 00:00:00.047 Starting service 'vmstats' ... 00:00:00.063 Starting service 'pagesharing' ... 00:00:00.063 All services started. 00:00:00.063 Setting service status to: 4 00:00:00.063 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:00:00.063 Setting VBoxService status to 50 00:00:00.063 Waiting in main thread 00:00:00.063 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Product" = "Windows XP Professional" 00:00:00.063 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Release" = "5.1.2600" 00:00:00.078 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/Version" = "" 00:00:00.078 vminfo Writing guest property "/VirtualBox/GuestInfo/OS/ServicePack" = "3" 00:00:00.078 vminfo Writing guest property "/VirtualBox/GuestAdd/Version" = "4.1.16" 00:00:00.078 vminfo Writing guest property "/VirtualBox/GuestAdd/VersionExt" = "4.1.16" 00:00:00.078 vminfo Writing guest property "/VirtualBox/GuestAdd/Revision" = "78094" 00:00:00.094 vminfo Writing guest property "/VirtualBox/GuestAdd/InstallDir" = "C:/Program Files/Oracle/VirtualBox Guest Additions" 00:00:00.094 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxControl.exe" = "4.1.16r78094" 00:00:00.094 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxHook.dll" = "4.1.16r78094" 00:00:00.109 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxDisp.dll" = "4.1.16r78094" 00:00:00.125 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxMRXNP.dll" = "4.1.16r78094" 00:00:00.125 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxService.exe" = "4.1.16r78094" 00:00:00.125 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxTray.exe" = "4.1.16r78094" 00:00:00.234 vminfo GetFileVersionInfoSize(C:\WINDOWS\system32/VBoxGINA.dll) -> 1812 / VERR_NO_DATA 00:00:00.234 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxGINA.dll" = "-" 00:00:00.281 vminfo GetFileVersionInfoSize(C:\WINDOWS\system32/VBoxCredProv.dll) -> 1812 / VERR_NO_DATA 00:00:00.281 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxCredProv.dll" = "-" 00:00:00.281 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLarrayspu.dll" = "4.1.16r78094" 00:00:00.297 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLcrutil.dll" = "4.1.16r78094" 00:00:00.297 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLerrorspu.dll" = "4.1.16r78094" 00:00:00.297 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLpackspu.dll" = "4.1.16r78094" 00:00:00.313 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLpassthroughspu.dll" = "4.1.16r78094" 00:00:00.313 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGLfeedbackspu.dll" = "4.1.16r78094" 00:00:00.313 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxOGL.dll" = "4.1.16r78094" 00:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxGuest.sys" = "4.1.16r78094" 00:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxMouse.sys" = "4.1.16r78094" 00:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxSF.sys" = "4.1.16r78094" 00:00:00.328 vminfo Writing guest property "/VirtualBox/GuestAdd/Components/VBoxVideo.sys" = "4.1.16r78094" 00:00:00.328 vminfo Found 2 sessions 00:00:00.344 vminfo Handling session 0 00:00:00.344 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:00:00.344 vminfo Handling session 1 00:00:00.344 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:00:00.344 vminfo Found 0 unique logged-in user(s) 00:00:00.344 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:10.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:06.724000000Z (MinAdjust: 100 ms) 00:00:10.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:06.171875000Z => 552 125 000 ns drift 00:00:10.047 timesync VBoxServiceTimeSyncAdjust: Drift=552ms 00:00:10.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=171875, NewTA=189062, DiffNew=17187, DiffMax=78125 00:00:10.375 vminfo Found 4 sessions 00:00:10.375 vminfo Handling session 0 00:00:10.375 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:10.375 vminfo Handling session 1 00:00:10.375 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:10.375 vminfo Handling session 2 00:00:10.375 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:00:10.375 vminfo Handling session 3 00:00:10.375 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:00:10.375 vminfo Found 0 unique logged-in user(s) 00:00:10.375 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:19.063 main Control handler: Control=0xe, EventType=0x5 00:00:19.063 main Control handler: A user has logged on to a session (Session=0, Event=0x5) 00:00:19.063 vminfo Found 6 sessions 00:00:19.094 vminfo Handling session 0 00:00:19.094 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:00:19.094 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:00:19.109 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:00:19.109 vminfo Cannot query WTS connection state for user=sma-user5, error=1702 00:00:19.109 vminfo Account User=sma-user5 is logged in 00:00:19.109 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:00:19.109 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:00:19.109 vminfo Error: Unable to open process with PID=0, error=87 00:00:19.109 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=580: \SystemRoot\System32\smss.exe 00:00:19.109 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:00:19.109 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:00:19.109 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:00:19.109 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:00:19.109 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:00:19.109 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:00:19.109 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:00:19.109 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:00:19.109 vminfo PID=1020: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1020: C:\WINDOWS\system32\logonui.exe 00:00:19.109 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:00:19.109 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:00:19.109 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:00:19.109 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:00:19.109 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:00:19.109 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:00:19.109 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:00:19.109 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:00:19.109 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:00:19.109 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:00:19.109 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:00:19.109 vminfo PID=1704: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1704: C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:00:19.109 vminfo PID=1896: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1896: C:\Program Files\Google\Update\GoogleUpdate.exe 00:00:19.109 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:00:19.109 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:00:19.109 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:00:19.109 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:00:19.109 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:00:19.109 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:00:19.109 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:00:19.109 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:00:19.109 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:00:19.109 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:00:19.109 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:00:19.109 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:00:19.109 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:00:19.109 vminfo Session 0 has 0 processes total 00:00:19.109 vminfo Adding new user=sma-user5 (session 0) with 0 processes 00:00:19.109 vminfo Handling session 1 00:00:19.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:00:19.109 vminfo Handling session 2 00:00:19.109 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:19.109 vminfo Handling session 3 00:00:19.125 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:19.125 vminfo Handling session 4 00:00:19.125 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:00:19.125 vminfo Handling session 5 00:00:19.125 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:00:19.125 vminfo Found 1 unique logged-in user(s) 00:00:19.125 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:20.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:16.725000000Z (MinAdjust: 200 ms) 00:00:20.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:18.271843000Z => -1 546 843 000 ns drift 00:00:20.047 timesync VBoxServiceTimeSyncAdjust: Drift=-1546ms 00:00:20.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=189062, NewTA=170156, DiffNew=18906, DiffMax=78125 00:00:22.078 main Control handler: Control=0xe, EventType=0x1 00:00:22.078 main Control handler: A session was connected to the console terminal (Session=0, Event=0x1) 00:00:22.078 vminfo Found 6 sessions 00:00:22.078 vminfo Handling session 0 00:00:22.078 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:00:22.078 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:00:22.094 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:00:22.094 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:00:22.094 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:00:22.094 vminfo Account User=sma-user5 is logged in 00:00:22.094 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:00:22.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:00:22.094 vminfo Error: Unable to open process with PID=0, error=87 00:00:22.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=580: \SystemRoot\System32\smss.exe 00:00:22.094 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:00:22.094 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:00:22.094 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:00:22.094 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:00:22.094 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:00:22.094 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:00:22.094 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:00:22.094 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:00:22.094 vminfo PID=1020: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1020: C:\WINDOWS\system32\logonui.exe 00:00:22.094 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:00:22.094 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:00:22.094 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:00:22.094 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:00:22.094 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:00:22.094 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:00:22.094 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:00:22.094 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:00:22.094 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:00:22.094 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:00:22.094 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:00:22.094 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:00:22.094 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:00:22.094 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:00:22.094 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:00:22.094 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:00:22.094 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:00:22.094 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:00:22.094 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:00:22.094 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:00:22.094 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:00:22.094 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:00:22.094 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:00:22.094 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:00:22.094 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:00:22.094 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:00:22.094 vminfo Session 0 has 0 processes total 00:00:22.094 vminfo Adding new user=sma-user5 (session 0) with 0 processes 00:00:22.094 vminfo Handling session 1 00:00:22.094 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:00:22.094 vminfo Handling session 2 00:00:22.094 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:22.094 vminfo Handling session 3 00:00:22.094 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:22.094 vminfo Handling session 4 00:00:22.109 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:00:22.109 vminfo Handling session 5 00:00:22.109 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:00:22.109 vminfo Found 1 unique logged-in user(s) 00:00:22.109 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:00:30.047 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:26.724000000Z (MinAdjust: 200 ms) 00:00:30.047 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:29.161827000Z => -2 437 827 000 ns drift 00:00:30.047 timesync VBoxServiceTimeSyncAdjust: Drift=-2437ms 00:00:30.047 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=170156, NewTA=153141, DiffNew=17015, DiffMax=78125 00:00:32.109 vminfo Found 6 sessions 00:00:32.109 vminfo Handling session 0 00:00:32.109 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:00:32.109 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:00:32.109 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:00:32.125 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:00:32.125 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:00:32.125 vminfo Account User=sma-user5 is logged in 00:00:32.125 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:00:32.125 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:00:32.125 vminfo Error: Unable to open process with PID=0, error=87 00:00:32.125 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=580: \SystemRoot\System32\smss.exe 00:00:32.125 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:00:32.125 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:00:32.125 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:00:32.125 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:00:32.125 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:00:32.125 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:00:32.125 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:00:32.125 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:00:32.125 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:00:32.125 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:00:32.125 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:00:32.125 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:00:32.125 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:00:32.125 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:00:32.125 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:00:32.125 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:00:32.125 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:00:32.125 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:00:32.125 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:00:32.125 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:00:32.125 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:00:32.125 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:00:32.125 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:00:32.125 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:00:32.125 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:00:32.125 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:00:32.125 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:00:32.125 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:00:32.125 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:00:32.125 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:00:32.125 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:00:32.125 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:00:32.125 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:00:32.125 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:00:32.125 vminfo PID=2004: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=2004: C:\WINDOWS\system32\userinit.exe 00:00:32.125 vminfo PID=2028: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=2028: C:\WINDOWS\system32\WgaTray.exe 00:00:32.125 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:00:32.125 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:00:32.125 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:00:32.125 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:00:32.125 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:00:32.125 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:00:32.125 vminfo PID=448: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=448: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe 00:00:32.125 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:00:32.125 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:00:32.125 vminfo PID=1808: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1808: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 00:00:32.125 vminfo PID=1880: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1880: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe 00:00:32.125 vminfo PID=1084: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1084: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 00:00:32.125 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:00:32.125 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:00:32.125 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:00:32.125 vminfo PID=2012: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=2012: C:\Documents and Settings\sma-user5\Local Settings\Application Data\Google\Update\GoogleUpdate.exe 00:00:32.125 vminfo PID=2068: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=2068: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 00:00:32.125 vminfo PID=2088: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=2088: C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe 00:00:32.125 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:00:32.125 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:00:32.125 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:00:32.125 vminfo Session 0 has 20 processes total 00:00:32.125 vminfo Adding new user=sma-user5 (session 0) with 20 processes 00:00:32.125 vminfo Handling session 1 00:00:32.125 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:00:32.125 vminfo Handling session 2 00:00:32.125 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:32.125 vminfo Handling session 3 00:00:32.141 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:32.141 vminfo Handling session 4 00:00:32.156 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:00:32.156 vminfo Handling session 5 00:00:32.156 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:00:32.156 vminfo Found 1 unique logged-in user(s) 00:00:32.156 vminfo User sma-user5 has 20 processes (session 0) 00:00:32.156 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:00:40.063 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:36.739000000Z (MinAdjust: 200 ms) 00:00:40.063 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:38.978165100Z => -2 239 165 100 ns drift 00:00:40.063 timesync VBoxServiceTimeSyncAdjust: Drift=-2239ms 00:00:40.063 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=153141, NewTA=137827, DiffNew=15314, DiffMax=78125 00:00:42.250 vminfo Found 6 sessions 00:00:42.250 vminfo Handling session 0 00:00:42.250 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:00:42.250 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:00:42.250 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:00:42.266 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:00:42.266 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:00:42.266 vminfo Account User=sma-user5 is logged in 00:00:42.266 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:00:42.266 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:00:42.266 vminfo Error: Unable to open process with PID=0, error=87 00:00:42.266 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=580: \SystemRoot\System32\smss.exe 00:00:42.266 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:00:42.266 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:00:42.266 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:00:42.266 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:00:42.266 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:00:42.266 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:00:42.266 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:00:42.266 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:00:42.266 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:00:42.266 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:00:42.266 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:00:42.266 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:00:42.266 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:00:42.266 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:00:42.266 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:00:42.266 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:00:42.266 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:00:42.266 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:00:42.266 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:00:42.266 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:00:42.266 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:00:42.266 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:00:42.266 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:00:42.266 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:00:42.266 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:00:42.266 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:00:42.266 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:00:42.266 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:00:42.266 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:00:42.266 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:00:42.266 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:00:42.266 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:00:42.266 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:00:42.266 vminfo PID=2004: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=2004: C:\WINDOWS\system32\userinit.exe 00:00:42.266 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:00:42.266 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:00:42.266 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:00:42.266 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:00:42.266 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:00:42.266 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:00:42.266 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:00:42.266 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:00:42.266 vminfo PID=1880: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=1880: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe 00:00:42.266 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:00:42.266 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:00:42.266 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:00:42.266 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:00:42.266 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:00:42.266 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:00:42.266 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:00:42.266 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:00:42.266 vminfo Session 0 has 13 processes total 00:00:42.266 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:00:42.266 vminfo Handling session 1 00:00:42.266 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:00:42.266 vminfo Handling session 2 00:00:42.281 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:42.281 vminfo Handling session 3 00:00:42.281 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:42.281 vminfo Handling session 4 00:00:42.281 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:00:42.281 vminfo Handling session 5 00:00:42.281 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:00:42.281 vminfo Found 1 unique logged-in user(s) 00:00:42.281 vminfo User sma-user5 has 13 processes (session 0) 00:00:42.281 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:00:50.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:46.739000000Z (MinAdjust: 200 ms) 00:00:50.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:47.812875800Z => -1 073 875 800 ns drift 00:00:50.078 timesync VBoxServiceTimeSyncAdjust: Drift=-1073ms 00:00:50.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=137827, NewTA=124045, DiffNew=13782, DiffMax=78125 00:00:52.297 vminfo Found 6 sessions 00:00:52.297 vminfo Handling session 0 00:00:52.297 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:00:52.297 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:00:52.297 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:00:52.313 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:00:52.313 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:00:52.313 vminfo Account User=sma-user5 is logged in 00:00:52.313 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:00:52.313 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:00:52.313 vminfo Error: Unable to open process with PID=0, error=87 00:00:52.313 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=580: \SystemRoot\System32\smss.exe 00:00:52.313 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:00:52.313 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:00:52.313 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:00:52.313 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:00:52.313 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:00:52.313 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:00:52.313 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:00:52.313 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:00:52.313 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:00:52.313 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:00:52.313 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:00:52.313 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:00:52.313 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:00:52.313 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:00:52.313 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:00:52.313 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:00:52.313 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:00:52.313 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:00:52.313 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:00:52.313 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:00:52.313 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:00:52.313 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:00:52.313 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:00:52.313 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:00:52.313 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:00:52.313 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:00:52.313 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:00:52.313 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:00:52.313 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:00:52.313 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:00:52.313 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:00:52.313 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:00:52.313 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:00:52.313 vminfo PID=2004: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=2004: C:\WINDOWS\system32\userinit.exe 00:00:52.313 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:00:52.313 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:00:52.313 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:00:52.313 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:00:52.313 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:00:52.313 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:00:52.313 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:00:52.313 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:00:52.313 vminfo PID=1880: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=1880: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe 00:00:52.313 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:00:52.313 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:00:52.313 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:00:52.313 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:00:52.313 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:00:52.313 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:00:52.313 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:00:52.313 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:00:52.313 vminfo Session 0 has 13 processes total 00:00:52.313 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:00:52.313 vminfo Handling session 1 00:00:52.313 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:00:52.313 vminfo Handling session 2 00:00:52.313 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:00:52.313 vminfo Handling session 3 00:00:52.313 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:00:52.313 vminfo Handling session 4 00:00:52.313 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:00:52.313 vminfo Handling session 5 00:00:52.328 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:00:52.328 vminfo Found 1 unique logged-in user(s) 00:00:52.328 vminfo User sma-user5 has 13 processes (session 0) 00:00:52.328 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:01:00.063 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:01:00.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:38:56.740000000Z (MinAdjust: 100 ms) 00:01:00.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:38:55.751755800Z => 988 244 200 ns drift 00:01:00.078 timesync VBoxServiceTimeSyncAdjust: Drift=988ms 00:01:00.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=124045, NewTA=136449, DiffNew=12404, DiffMax=78125 00:01:02.328 vminfo Found 6 sessions 00:01:02.328 vminfo Handling session 0 00:01:02.328 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:01:02.328 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:01:02.328 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:01:02.328 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:01:02.328 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:01:02.328 vminfo Account User=sma-user5 is logged in 00:01:02.328 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:01:02.344 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:01:02.344 vminfo Error: Unable to open process with PID=0, error=87 00:01:02.344 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=580: \SystemRoot\System32\smss.exe 00:01:02.344 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:01:02.344 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:01:02.344 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:01:02.344 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:01:02.344 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:01:02.344 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:01:02.344 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:01:02.344 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:01:02.344 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:01:02.344 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:01:02.344 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:01:02.344 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:01:02.344 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:01:02.344 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:01:02.344 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:01:02.344 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:01:02.344 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:01:02.344 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:01:02.344 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:01:02.344 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:01:02.344 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:01:02.344 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:01:02.344 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:01:02.344 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:01:02.344 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:01:02.344 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:01:02.344 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:01:02.344 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:01:02.344 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:01:02.344 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:01:02.344 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:01:02.344 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:01:02.344 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:01:02.344 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:01:02.344 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:01:02.344 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:01:02.344 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:01:02.344 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:01:02.344 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:01:02.344 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:01:02.344 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:01:02.344 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:01:02.344 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:01:02.344 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:01:02.344 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:01:02.344 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:01:02.344 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:01:02.344 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:01:02.344 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:01:02.344 vminfo Session 0 has 11 processes total 00:01:02.344 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:01:02.344 vminfo Handling session 1 00:01:02.344 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:01:02.344 vminfo Handling session 2 00:01:02.344 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:02.344 vminfo Handling session 3 00:01:02.344 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:02.344 vminfo Handling session 4 00:01:02.344 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:01:02.344 vminfo Handling session 5 00:01:02.344 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:01:02.344 vminfo Found 1 unique logged-in user(s) 00:01:02.344 vminfo User sma-user5 has 11 processes (session 0) 00:01:02.344 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:01:10.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:06.740000000Z (MinAdjust: 100 ms) 00:01:10.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:04.484491800Z => 2 255 508 200 ns drift 00:01:10.078 timesync VBoxServiceTimeSyncAdjust: Drift=2255ms 00:01:10.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=136449, NewTA=150093, DiffNew=13644, DiffMax=78125 00:01:12.344 vminfo Found 6 sessions 00:01:12.344 vminfo Handling session 0 00:01:12.344 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:01:12.344 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:01:12.344 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:01:12.359 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:01:12.359 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:01:12.359 vminfo Account User=sma-user5 is logged in 00:01:12.359 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:01:12.359 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:01:12.359 vminfo Error: Unable to open process with PID=0, error=87 00:01:12.359 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=580: \SystemRoot\System32\smss.exe 00:01:12.359 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:01:12.359 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:01:12.359 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:01:12.359 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:01:12.359 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:01:12.359 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:01:12.359 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:01:12.359 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:01:12.359 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:01:12.359 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:01:12.359 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:01:12.359 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:01:12.359 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:01:12.359 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:01:12.359 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:01:12.359 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:01:12.359 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:01:12.359 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:01:12.359 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:01:12.359 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:01:12.359 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:01:12.359 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:01:12.359 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:01:12.359 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:01:12.359 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:01:12.359 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:01:12.359 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:01:12.359 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:01:12.359 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:01:12.359 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:01:12.359 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:01:12.359 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:01:12.359 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:01:12.359 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:01:12.359 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:01:12.359 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:01:12.359 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:01:12.359 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:01:12.359 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:01:12.359 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:01:12.359 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:01:12.359 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:01:12.359 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:01:12.359 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:01:12.359 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:01:12.359 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:01:12.359 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:01:12.359 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:01:12.359 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:01:12.359 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:01:12.359 vminfo Session 0 has 12 processes total 00:01:12.359 vminfo Adding new user=sma-user5 (session 0) with 12 processes 00:01:12.359 vminfo Handling session 1 00:01:12.359 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:01:12.359 vminfo Handling session 2 00:01:12.359 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:12.359 vminfo Handling session 3 00:01:12.359 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:12.359 vminfo Handling session 4 00:01:12.359 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:01:12.359 vminfo Handling session 5 00:01:12.359 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:01:12.359 vminfo Found 1 unique logged-in user(s) 00:01:12.359 vminfo User sma-user5 has 12 processes (session 0) 00:01:12.359 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:01:20.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:16.740000000Z (MinAdjust: 100 ms) 00:01:20.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:14.090443800Z => 2 649 556 200 ns drift 00:01:20.078 timesync VBoxServiceTimeSyncAdjust: Drift=2649ms 00:01:20.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=150093, NewTA=165102, DiffNew=15009, DiffMax=78125 00:01:22.375 vminfo Found 6 sessions 00:01:22.375 vminfo Handling session 0 00:01:22.375 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:01:22.375 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:01:22.391 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:01:22.391 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:01:22.391 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:01:22.391 vminfo Account User=sma-user5 is logged in 00:01:22.391 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:01:22.391 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:01:22.391 vminfo Error: Unable to open process with PID=0, error=87 00:01:22.391 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=580: \SystemRoot\System32\smss.exe 00:01:22.391 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:01:22.391 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:01:22.391 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:01:22.391 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:01:22.391 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:01:22.391 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:01:22.391 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:01:22.391 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:01:22.391 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:01:22.391 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:01:22.391 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:01:22.391 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:01:22.391 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:01:22.391 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:01:22.391 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:01:22.391 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:01:22.391 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:01:22.391 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:01:22.391 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:01:22.391 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:01:22.391 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:01:22.391 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:01:22.391 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:01:22.391 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:01:22.391 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:01:22.391 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:01:22.391 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:01:22.391 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:01:22.391 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:01:22.391 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:01:22.391 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:01:22.391 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:01:22.391 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:01:22.391 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:01:22.391 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:01:22.391 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:01:22.391 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:01:22.391 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:01:22.391 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:01:22.391 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:01:22.391 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:01:22.391 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:01:22.391 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:01:22.391 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:01:22.391 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:01:22.391 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:01:22.391 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.391 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:01:22.391 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:01:22.406 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:01:22.406 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:01:22.406 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:01:22.406 vminfo Session 0 has 12 processes total 00:01:22.406 vminfo Adding new user=sma-user5 (session 0) with 12 processes 00:01:22.406 vminfo Handling session 1 00:01:22.406 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:01:22.406 vminfo Handling session 2 00:01:22.406 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:22.406 vminfo Handling session 3 00:01:22.406 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:22.406 vminfo Handling session 4 00:01:22.406 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:01:22.406 vminfo Handling session 5 00:01:22.406 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:01:22.406 vminfo Found 1 unique logged-in user(s) 00:01:22.406 vminfo User sma-user5 has 12 processes (session 0) 00:01:22.406 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:01:30.078 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:26.740000000Z (MinAdjust: 100 ms) 00:01:30.078 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:24.656971800Z => 2 083 028 200 ns drift 00:01:30.078 timesync VBoxServiceTimeSyncAdjust: Drift=2083ms 00:01:30.078 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=165102, NewTA=181612, DiffNew=16510, DiffMax=78125 00:01:32.422 vminfo Found 6 sessions 00:01:32.422 vminfo Handling session 0 00:01:32.422 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:01:32.422 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:01:32.438 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:01:32.438 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:01:32.438 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:01:32.438 vminfo Account User=sma-user5 is logged in 00:01:32.438 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:01:32.438 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:01:32.438 vminfo Error: Unable to open process with PID=0, error=87 00:01:32.438 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=580: \SystemRoot\System32\smss.exe 00:01:32.438 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:01:32.438 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:01:32.438 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:01:32.438 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:01:32.438 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:01:32.438 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:01:32.438 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:01:32.438 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:01:32.438 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:01:32.438 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:01:32.438 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:01:32.438 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:01:32.438 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:01:32.438 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:01:32.438 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:01:32.438 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:01:32.438 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:01:32.438 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:01:32.438 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:01:32.438 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:01:32.438 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:01:32.438 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:01:32.438 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:01:32.438 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:01:32.438 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:01:32.438 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:01:32.438 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:01:32.438 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:01:32.438 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:01:32.438 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:01:32.438 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:01:32.438 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:01:32.438 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:01:32.438 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:01:32.438 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:01:32.438 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:01:32.438 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:01:32.438 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:01:32.438 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:01:32.438 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:01:32.438 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:01:32.438 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:01:32.438 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:01:32.438 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:01:32.438 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:01:32.438 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:01:32.438 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:01:32.438 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:01:32.438 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:01:32.438 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:01:32.438 vminfo Session 0 has 12 processes total 00:01:32.438 vminfo Adding new user=sma-user5 (session 0) with 12 processes 00:01:32.438 vminfo Handling session 1 00:01:32.453 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:01:32.453 vminfo Handling session 2 00:01:32.453 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:32.453 vminfo Handling session 3 00:01:32.453 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:32.453 vminfo Handling session 4 00:01:32.453 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:01:32.453 vminfo Handling session 5 00:01:32.453 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:01:32.453 vminfo Found 1 unique logged-in user(s) 00:01:32.453 vminfo User sma-user5 has 12 processes (session 0) 00:01:32.453 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:01:40.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:36.740000000Z (MinAdjust: 100 ms) 00:01:40.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:36.298301000Z => 441 699 000 ns drift 00:01:40.094 timesync VBoxServiceTimeSyncAdjust: Drift=441ms 00:01:40.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=181612, NewTA=199773, DiffNew=18161, DiffMax=78125 00:01:42.453 vminfo Found 6 sessions 00:01:42.453 vminfo Handling session 0 00:01:42.453 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:01:42.453 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:01:42.469 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:01:42.469 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:01:42.469 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:01:42.469 vminfo Account User=sma-user5 is logged in 00:01:42.469 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:01:42.469 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:01:42.469 vminfo Error: Unable to open process with PID=0, error=87 00:01:42.469 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=580: \SystemRoot\System32\smss.exe 00:01:42.469 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:01:42.469 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:01:42.469 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:01:42.469 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:01:42.469 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:01:42.469 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:01:42.469 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:01:42.469 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:01:42.469 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:01:42.469 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:01:42.469 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:01:42.469 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:01:42.469 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:01:42.469 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:01:42.469 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:01:42.469 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:01:42.469 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:01:42.469 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:01:42.469 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:01:42.469 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:01:42.469 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:01:42.469 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:01:42.469 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:01:42.469 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:01:42.469 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:01:42.469 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:01:42.469 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:01:42.469 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:01:42.469 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:01:42.469 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:01:42.469 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:01:42.469 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:01:42.469 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:01:42.469 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:01:42.469 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:01:42.469 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:01:42.469 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:01:42.469 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:01:42.469 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:01:42.469 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:01:42.469 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:01:42.469 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:01:42.469 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:01:42.469 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:01:42.469 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:01:42.469 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:01:42.469 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:01:42.469 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:01:42.469 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:01:42.469 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:01:42.469 vminfo Session 0 has 12 processes total 00:01:42.469 vminfo Adding new user=sma-user5 (session 0) with 12 processes 00:01:42.469 vminfo Handling session 1 00:01:42.484 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:01:42.484 vminfo Handling session 2 00:01:42.484 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:42.484 vminfo Handling session 3 00:01:42.484 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:42.484 vminfo Handling session 4 00:01:42.484 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:01:42.484 vminfo Handling session 5 00:01:42.484 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:01:42.484 vminfo Found 1 unique logged-in user(s) 00:01:42.484 vminfo User sma-user5 has 12 processes (session 0) 00:01:42.484 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:01:50.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:46.740000000Z (MinAdjust: 200 ms) 00:01:50.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:39:49.083773000Z => -2 343 773 000 ns drift 00:01:50.094 timesync VBoxServiceTimeSyncAdjust: Drift=-2343ms 00:01:50.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=199773, NewTA=179796, DiffNew=19977, DiffMax=78125 00:01:52.484 vminfo Found 6 sessions 00:01:52.484 vminfo Handling session 0 00:01:52.484 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:01:52.484 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:01:52.500 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:01:52.500 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:01:52.500 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:01:52.500 vminfo Account User=sma-user5 is logged in 00:01:52.500 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:01:52.500 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:01:52.500 vminfo Error: Unable to open process with PID=0, error=87 00:01:52.500 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=580: \SystemRoot\System32\smss.exe 00:01:52.500 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:01:52.500 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:01:52.500 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:01:52.500 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:01:52.500 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:01:52.500 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:01:52.500 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:01:52.500 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:01:52.500 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:01:52.500 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:01:52.500 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:01:52.500 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:01:52.500 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:01:52.500 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:01:52.500 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:01:52.500 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:01:52.500 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:01:52.500 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:01:52.500 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:01:52.500 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:01:52.500 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:01:52.500 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:01:52.516 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:01:52.516 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:01:52.516 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:01:52.516 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:01:52.516 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:01:52.516 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:01:52.516 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:01:52.516 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:01:52.516 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:01:52.516 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:01:52.516 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:01:52.516 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:01:52.531 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:01:52.531 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:01:52.531 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:01:52.531 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:01:52.531 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:01:52.531 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:01:52.531 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:01:52.531 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:01:52.531 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:01:52.531 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:01:52.531 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:01:52.531 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:01:52.531 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:01:52.531 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:01:52.531 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:01:52.531 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:01:52.531 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:01:52.531 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:01:52.531 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:01:52.531 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:01:52.531 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:01:52.531 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:01:52.531 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:01:52.531 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:01:52.531 vminfo Session 0 has 12 processes total 00:01:52.531 vminfo Adding new user=sma-user5 (session 0) with 12 processes 00:01:52.531 vminfo Handling session 1 00:01:52.531 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:01:52.531 vminfo Handling session 2 00:01:52.531 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:01:52.531 vminfo Handling session 3 00:01:52.531 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:01:52.531 vminfo Handling session 4 00:01:52.531 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:01:52.531 vminfo Handling session 5 00:01:52.531 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:01:52.531 vminfo Found 1 unique logged-in user(s) 00:01:52.531 vminfo User sma-user5 has 12 processes (session 0) 00:01:52.531 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:02:00.063 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:02:00.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:39:56.740000000Z (MinAdjust: 200 ms) 00:02:00.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:00.590717000Z => -3 850 717 000 ns drift 00:02:00.094 timesync VBoxServiceTimeSyncAdjust: Drift=-3850ms 00:02:00.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=179796, NewTA=161817, DiffNew=17979, DiffMax=78125 00:02:02.531 vminfo Found 6 sessions 00:02:02.531 vminfo Handling session 0 00:02:02.531 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:02:02.531 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:02:02.531 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:02:02.531 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:02:02.531 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:02:02.531 vminfo Account User=sma-user5 is logged in 00:02:02.531 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:02:02.531 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:02:02.531 vminfo Error: Unable to open process with PID=0, error=87 00:02:02.531 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:02:02.531 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:02:02.531 vminfo PID=580: \SystemRoot\System32\smss.exe 00:02:02.531 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:02:02.531 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:02:02.531 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:02:02.531 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:02:02.531 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:02:02.531 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:02:02.531 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:02:02.547 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:02:02.547 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:02:02.547 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:02:02.547 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:02:02.547 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:02:02.547 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:02:02.547 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:02:02.547 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:02:02.547 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:02:02.547 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:02:02.547 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:02:02.547 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:02:02.547 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:02:02.547 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:02:02.547 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:02:02.547 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:02:02.547 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:02:02.547 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:02:02.547 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:02:02.547 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:02:02.547 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:02:02.547 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:02:02.547 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:02:02.547 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:02:02.547 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:02:02.547 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:02:02.547 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:02:02.547 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:02:02.547 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:02:02.547 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:02:02.547 vminfo PID=1092: (Interactive: true ) 0:996 <-> 0:69081 00:02:02.547 vminfo PID=1092: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:02:02.547 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:02:02.547 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:02:02.547 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:02:02.547 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:02:02.547 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:02:02.547 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:02:02.547 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:02:02.547 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:02:02.547 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:02:02.547 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:02:02.547 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:02:02.547 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:02:02.547 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:02:02.547 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:02:02.547 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:02:02.547 vminfo Session 0 has 13 processes total 00:02:02.547 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:02:02.547 vminfo Handling session 1 00:02:02.547 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:02:02.547 vminfo Handling session 2 00:02:02.547 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:02.547 vminfo Handling session 3 00:02:02.547 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:02.547 vminfo Handling session 4 00:02:02.547 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:02:02.547 vminfo Handling session 5 00:02:02.547 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:02:02.547 vminfo Found 1 unique logged-in user(s) 00:02:02.547 vminfo User sma-user5 has 13 processes (session 0) 00:02:02.547 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:02:10.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:06.740000000Z (MinAdjust: 200 ms) 00:02:10.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:10.947005000Z => -4 207 005 000 ns drift 00:02:10.094 timesync VBoxServiceTimeSyncAdjust: Drift=-4207ms 00:02:10.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=161817, NewTA=145636, DiffNew=16181, DiffMax=78125 00:02:12.563 vminfo Found 6 sessions 00:02:12.578 vminfo Handling session 0 00:02:12.578 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:02:12.578 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:02:12.578 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:02:12.578 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:02:12.578 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:02:12.578 vminfo Account User=sma-user5 is logged in 00:02:12.578 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:02:12.578 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:02:12.578 vminfo Error: Unable to open process with PID=0, error=87 00:02:12.578 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=580: \SystemRoot\System32\smss.exe 00:02:12.578 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:02:12.578 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:02:12.578 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:02:12.578 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:02:12.578 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:02:12.578 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:02:12.578 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:02:12.578 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:02:12.578 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:02:12.578 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:02:12.578 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:02:12.578 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:02:12.578 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:02:12.578 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:02:12.578 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:02:12.578 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:02:12.578 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:02:12.594 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:02:12.594 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:02:12.594 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:02:12.594 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:02:12.594 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:02:12.594 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:02:12.594 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:02:12.594 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:02:12.594 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:02:12.594 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:02:12.594 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:02:12.594 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:02:12.594 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:02:12.594 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:02:12.594 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:02:12.594 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:02:12.594 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:02:12.594 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:02:12.594 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:02:12.594 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:02:12.594 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:02:12.594 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:02:12.594 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:02:12.594 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:02:12.594 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:02:12.594 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:02:12.594 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:02:12.594 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:02:12.594 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:02:12.594 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:02:12.594 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:02:12.594 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:02:12.594 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:02:12.594 vminfo Session 0 has 13 processes total 00:02:12.594 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:02:12.594 vminfo Handling session 1 00:02:12.594 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:02:12.594 vminfo Handling session 2 00:02:12.594 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:12.594 vminfo Handling session 3 00:02:12.594 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:12.594 vminfo Handling session 4 00:02:12.594 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:02:12.594 vminfo Handling session 5 00:02:12.594 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:02:12.594 vminfo Found 1 unique logged-in user(s) 00:02:12.594 vminfo User sma-user5 has 13 processes (session 0) 00:02:12.594 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:02:20.094 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:16.740000000Z (MinAdjust: 200 ms) 00:02:20.094 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:20.267709000Z => -3 527 709 000 ns drift 00:02:20.094 timesync VBoxServiceTimeSyncAdjust: Drift=-3527ms 00:02:20.094 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=145636, NewTA=131073, DiffNew=14563, DiffMax=78125 00:02:22.609 vminfo Found 6 sessions 00:02:22.609 vminfo Handling session 0 00:02:22.609 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:02:22.609 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:02:22.625 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:02:22.625 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:02:22.625 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:02:22.625 vminfo Account User=sma-user5 is logged in 00:02:22.625 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:02:22.625 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:02:22.625 vminfo Error: Unable to open process with PID=0, error=87 00:02:22.625 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=580: \SystemRoot\System32\smss.exe 00:02:22.625 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:02:22.625 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:02:22.625 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:02:22.625 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:02:22.625 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:02:22.625 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:02:22.625 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:02:22.625 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:02:22.625 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:02:22.625 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:02:22.625 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:02:22.625 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:02:22.625 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:02:22.625 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:02:22.625 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:02:22.625 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:02:22.625 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:02:22.625 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:02:22.625 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:02:22.625 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:02:22.625 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:02:22.625 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:02:22.625 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:02:22.625 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:02:22.625 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:02:22.625 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:02:22.625 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:02:22.625 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:02:22.625 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:02:22.625 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:02:22.625 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:02:22.625 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:02:22.625 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:02:22.625 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:02:22.625 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.625 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:02:22.625 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.625 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:02:22.625 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.625 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:02:22.625 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.625 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:02:22.625 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.625 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:02:22.625 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.625 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:02:22.625 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.625 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:02:22.625 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.641 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:02:22.641 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.641 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:02:22.641 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.641 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:02:22.641 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.641 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:02:22.641 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:02:22.641 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:02:22.641 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.641 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:02:22.641 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:02:22.641 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:02:22.641 vminfo Session 0 has 13 processes total 00:02:22.641 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:02:22.641 vminfo Handling session 1 00:02:22.641 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:02:22.641 vminfo Handling session 2 00:02:22.641 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:22.641 vminfo Handling session 3 00:02:22.641 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:22.641 vminfo Handling session 4 00:02:22.641 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:02:22.641 vminfo Handling session 5 00:02:22.641 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:02:22.641 vminfo Found 1 unique logged-in user(s) 00:02:22.641 vminfo User sma-user5 has 13 processes (session 0) 00:02:22.641 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:02:30.109 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:26.740000000Z (MinAdjust: 200 ms) 00:02:30.109 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:28.669488300Z => -1 929 488 300 ns drift 00:02:30.109 timesync VBoxServiceTimeSyncAdjust: Drift=-1929ms 00:02:30.109 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=131073, NewTA=117966, DiffNew=13107, DiffMax=78125 00:02:32.641 vminfo Found 6 sessions 00:02:32.641 vminfo Handling session 0 00:02:32.641 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:02:32.641 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:02:32.656 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:02:32.656 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:02:32.656 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:02:32.656 vminfo Account User=sma-user5 is logged in 00:02:32.656 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:02:32.656 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:02:32.656 vminfo Error: Unable to open process with PID=0, error=87 00:02:32.656 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=580: \SystemRoot\System32\smss.exe 00:02:32.656 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:02:32.656 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:02:32.656 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:02:32.656 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:02:32.656 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:02:32.656 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:02:32.656 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:02:32.656 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:02:32.656 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:02:32.656 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:02:32.656 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:02:32.656 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:02:32.656 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:02:32.656 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:02:32.656 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:02:32.656 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:02:32.656 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:02:32.656 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:02:32.656 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:02:32.656 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:02:32.656 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:02:32.656 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:02:32.656 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:02:32.656 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:02:32.656 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:02:32.656 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:02:32.656 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:02:32.656 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:02:32.656 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:02:32.656 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:02:32.656 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:02:32.656 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:02:32.672 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:02:32.672 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:02:32.672 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:02:32.672 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:02:32.672 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:02:32.672 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:02:32.672 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:02:32.672 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:02:32.672 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:02:32.672 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:02:32.672 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:02:32.672 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:02:32.672 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:02:32.672 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:02:32.672 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:02:32.672 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:02:32.672 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:02:32.672 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:02:32.672 vminfo Session 0 has 13 processes total 00:02:32.672 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:02:32.672 vminfo Handling session 1 00:02:32.672 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:02:32.672 vminfo Handling session 2 00:02:32.672 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:32.672 vminfo Handling session 3 00:02:32.672 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:32.672 vminfo Handling session 4 00:02:32.672 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:02:32.672 vminfo Handling session 5 00:02:32.672 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:02:32.672 vminfo Found 1 unique logged-in user(s) 00:02:32.672 vminfo User sma-user5 has 13 processes (session 0) 00:02:32.672 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:02:40.109 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:36.740000000Z (MinAdjust: 100 ms) 00:02:40.109 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:36.219312300Z => 520 687 700 ns drift 00:02:40.109 timesync VBoxServiceTimeSyncAdjust: Drift=520ms 00:02:40.109 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=117966, NewTA=129762, DiffNew=11796, DiffMax=78125 00:02:42.672 vminfo Found 6 sessions 00:02:42.672 vminfo Handling session 0 00:02:42.672 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:02:42.672 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:02:42.688 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:02:42.688 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:02:42.688 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:02:42.688 vminfo Account User=sma-user5 is logged in 00:02:42.688 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:02:42.688 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:02:42.688 vminfo Error: Unable to open process with PID=0, error=87 00:02:42.688 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=580: \SystemRoot\System32\smss.exe 00:02:42.688 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:02:42.688 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:02:42.688 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:02:42.688 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:02:42.688 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:02:42.688 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:02:42.688 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:02:42.688 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:02:42.688 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:02:42.688 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:02:42.688 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:02:42.688 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:02:42.688 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:02:42.688 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:02:42.688 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:02:42.688 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:02:42.688 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:02:42.688 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:02:42.688 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:02:42.688 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:02:42.688 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:02:42.688 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:02:42.688 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:02:42.688 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:02:42.688 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:02:42.688 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:02:42.688 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:02:42.688 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:02:42.688 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:02:42.688 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:02:42.688 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:02:42.688 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:02:42.688 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:02:42.688 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:02:42.688 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:02:42.688 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:02:42.688 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:02:42.688 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:02:42.688 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:02:42.688 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:02:42.688 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:02:42.688 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:02:42.688 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.688 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:02:42.688 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.703 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:02:42.703 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.703 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:02:42.703 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:02:42.703 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:02:42.703 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.703 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:02:42.703 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:02:42.703 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:02:42.703 vminfo Session 0 has 13 processes total 00:02:42.703 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:02:42.703 vminfo Handling session 1 00:02:42.703 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:02:42.703 vminfo Handling session 2 00:02:42.703 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:42.703 vminfo Handling session 3 00:02:42.703 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:42.703 vminfo Handling session 4 00:02:42.703 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:02:42.703 vminfo Handling session 5 00:02:42.703 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:02:42.703 vminfo Found 1 unique logged-in user(s) 00:02:42.703 vminfo User sma-user5 has 13 processes (session 0) 00:02:42.703 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:02:50.109 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:46.740000000Z (MinAdjust: 100 ms) 00:02:50.109 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:44.524080300Z => 2 215 919 700 ns drift 00:02:50.109 timesync VBoxServiceTimeSyncAdjust: Drift=2215ms 00:02:50.109 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=129762, NewTA=142738, DiffNew=12976, DiffMax=78125 00:02:52.719 vminfo Found 6 sessions 00:02:52.719 vminfo Handling session 0 00:02:52.719 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:02:52.719 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:02:52.719 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:02:52.734 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:02:52.734 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:02:52.734 vminfo Account User=sma-user5 is logged in 00:02:52.734 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:02:52.734 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:02:52.734 vminfo Error: Unable to open process with PID=0, error=87 00:02:52.734 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=580: \SystemRoot\System32\smss.exe 00:02:52.734 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:02:52.734 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:02:52.734 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:02:52.734 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:02:52.734 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:02:52.734 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:02:52.734 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:02:52.734 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:02:52.734 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:02:52.734 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:02:52.734 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:02:52.734 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:02:52.734 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:02:52.734 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:02:52.734 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:02:52.734 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:02:52.734 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:02:52.734 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:02:52.734 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:02:52.734 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:02:52.734 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:02:52.734 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:02:52.734 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:02:52.734 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:02:52.734 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:02:52.734 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:02:52.734 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:02:52.734 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:02:52.734 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:02:52.734 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:02:52.734 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:02:52.734 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:02:52.734 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:02:52.734 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:02:52.734 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:02:52.734 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:02:52.734 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:02:52.734 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:02:52.734 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:02:52.734 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:02:52.734 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:02:52.734 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:02:52.734 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:02:52.734 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:02:52.734 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:02:52.734 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:02:52.734 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:02:52.734 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:02:52.734 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:02:52.734 vminfo Session 0 has 13 processes total 00:02:52.734 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:02:52.734 vminfo Handling session 1 00:02:52.734 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:02:52.734 vminfo Handling session 2 00:02:52.734 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:02:52.734 vminfo Handling session 3 00:02:52.734 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:02:52.734 vminfo Handling session 4 00:02:52.734 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:02:52.734 vminfo Handling session 5 00:02:52.750 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:02:52.750 vminfo Found 1 unique logged-in user(s) 00:02:52.750 vminfo User sma-user5 has 13 processes (session 0) 00:02:52.750 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:03:00.078 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:03:00.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:40:56.740000000Z (MinAdjust: 100 ms) 00:03:00.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:40:53.673586100Z => 3 066 413 900 ns drift 00:03:00.125 timesync VBoxServiceTimeSyncAdjust: Drift=3066ms 00:03:00.125 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=142738, NewTA=157011, DiffNew=14273, DiffMax=78125 00:03:02.766 vminfo Found 6 sessions 00:03:02.766 vminfo Handling session 0 00:03:02.766 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:03:02.766 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:03:02.766 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:03:02.766 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:03:02.766 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:03:02.766 vminfo Account User=sma-user5 is logged in 00:03:02.766 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:03:02.766 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:03:02.766 vminfo Error: Unable to open process with PID=0, error=87 00:03:02.766 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=580: \SystemRoot\System32\smss.exe 00:03:02.781 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:03:02.781 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:03:02.781 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:03:02.781 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:03:02.781 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:03:02.781 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:03:02.781 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:03:02.781 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:03:02.781 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:03:02.781 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:03:02.781 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:03:02.781 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:03:02.781 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:03:02.781 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:03:02.781 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:03:02.781 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:03:02.781 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:03:02.781 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:03:02.781 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:03:02.781 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:03:02.781 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:03:02.781 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:03:02.781 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:03:02.781 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:03:02.781 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:03:02.781 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:03:02.781 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:03:02.781 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:03:02.781 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:03:02.781 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:03:02.781 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:03:02.781 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:03:02.781 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:03:02.781 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:03:02.781 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:03:02.781 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:03:02.781 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:03:02.781 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:03:02.781 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:03:02.781 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:03:02.781 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:03:02.781 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:03:02.781 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:03:02.781 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:03:02.781 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:03:02.781 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:03:02.781 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:03:02.781 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:03:02.781 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:03:02.781 vminfo Session 0 has 13 processes total 00:03:02.781 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:03:02.781 vminfo Handling session 1 00:03:02.797 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:03:02.797 vminfo Handling session 2 00:03:02.797 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:02.797 vminfo Handling session 3 00:03:02.797 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:02.797 vminfo Handling session 4 00:03:02.797 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:03:02.797 vminfo Handling session 5 00:03:02.797 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:03:02.797 vminfo Found 1 unique logged-in user(s) 00:03:02.797 vminfo User sma-user5 has 13 processes (session 0) 00:03:02.797 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:03:10.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:06.740000000Z (MinAdjust: 100 ms) 00:03:10.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:03.722290100Z => 3 017 709 900 ns drift 00:03:10.125 timesync VBoxServiceTimeSyncAdjust: Drift=3017ms 00:03:10.125 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=157011, NewTA=172712, DiffNew=15701, DiffMax=78125 00:03:12.797 vminfo Found 6 sessions 00:03:12.797 vminfo Handling session 0 00:03:12.797 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:03:12.797 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:03:12.797 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:03:12.813 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:03:12.813 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:03:12.813 vminfo Account User=sma-user5 is logged in 00:03:12.813 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:03:12.813 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:03:12.813 vminfo Error: Unable to open process with PID=0, error=87 00:03:12.813 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=580: \SystemRoot\System32\smss.exe 00:03:12.813 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:03:12.813 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:03:12.813 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:03:12.813 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:03:12.813 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:03:12.813 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:03:12.813 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:03:12.813 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:03:12.813 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:03:12.813 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:03:12.813 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:03:12.813 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:03:12.813 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:03:12.813 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:03:12.813 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:03:12.813 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:03:12.813 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:03:12.813 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:03:12.813 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:03:12.813 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:03:12.813 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:03:12.813 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:03:12.813 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:03:12.813 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:03:12.813 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:03:12.813 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:03:12.813 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:03:12.813 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:03:12.813 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:03:12.813 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:03:12.813 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:03:12.813 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:03:12.813 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:03:12.813 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:03:12.813 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:03:12.813 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:03:12.813 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:03:12.813 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:03:12.813 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:03:12.813 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:03:12.813 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:03:12.813 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:03:12.813 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.813 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:03:12.813 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.828 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:03:12.828 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.828 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:03:12.828 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:03:12.828 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:03:12.828 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.828 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:03:12.828 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:03:12.828 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:03:12.828 vminfo Session 0 has 13 processes total 00:03:12.828 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:03:12.828 vminfo Handling session 1 00:03:12.828 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:03:12.828 vminfo Handling session 2 00:03:12.828 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:12.828 vminfo Handling session 3 00:03:12.828 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:12.828 vminfo Handling session 4 00:03:12.828 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:03:12.828 vminfo Handling session 5 00:03:12.828 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:03:12.828 vminfo Found 1 unique logged-in user(s) 00:03:12.828 vminfo User sma-user5 has 13 processes (session 0) 00:03:12.828 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:03:20.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:16.740000000Z (MinAdjust: 100 ms) 00:03:20.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:14.775858100Z => 1 964 141 900 ns drift 00:03:20.125 timesync VBoxServiceTimeSyncAdjust: Drift=1964ms 00:03:20.125 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=172712, NewTA=189983, DiffNew=17271, DiffMax=78125 00:03:22.828 vminfo Found 6 sessions 00:03:22.828 vminfo Handling session 0 00:03:22.828 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:03:22.828 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:03:22.828 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:03:22.828 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:03:22.828 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:03:22.828 vminfo Account User=sma-user5 is logged in 00:03:22.828 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:03:22.828 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:03:22.828 vminfo Error: Unable to open process with PID=0, error=87 00:03:22.828 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=580: \SystemRoot\System32\smss.exe 00:03:22.844 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:03:22.844 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:03:22.844 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:03:22.844 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:03:22.844 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:03:22.844 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:03:22.844 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:03:22.844 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:03:22.844 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:03:22.844 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:03:22.844 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:03:22.844 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:03:22.844 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:03:22.844 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:03:22.844 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:03:22.844 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:03:22.844 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:03:22.844 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:03:22.844 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:03:22.844 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:03:22.844 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:03:22.844 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:03:22.844 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:03:22.844 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:03:22.844 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:03:22.844 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:03:22.844 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:03:22.844 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:03:22.844 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:03:22.844 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:03:22.844 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:03:22.844 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:03:22.844 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:03:22.844 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:03:22.844 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:03:22.844 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:03:22.844 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:03:22.844 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:03:22.844 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:03:22.844 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:03:22.844 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:03:22.844 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:03:22.844 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:03:22.844 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:03:22.844 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:03:22.844 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:03:22.844 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:03:22.844 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:03:22.844 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:03:22.844 vminfo Session 0 has 13 processes total 00:03:22.844 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:03:22.844 vminfo Handling session 1 00:03:22.844 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:03:22.844 vminfo Handling session 2 00:03:22.844 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:22.844 vminfo Handling session 3 00:03:22.844 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:22.844 vminfo Handling session 4 00:03:22.844 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:03:22.844 vminfo Handling session 5 00:03:22.844 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:03:22.844 vminfo Found 1 unique logged-in user(s) 00:03:22.844 vminfo User sma-user5 has 13 processes (session 0) 00:03:22.844 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:03:30.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:26.740000000Z (MinAdjust: 200 ms) 00:03:30.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:26.934770100Z => -194 770 100 ns drift 00:03:30.125 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:03:32.859 vminfo Found 6 sessions 00:03:32.859 vminfo Handling session 0 00:03:32.859 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:03:32.859 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:03:32.859 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:03:32.875 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:03:32.875 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:03:32.875 vminfo Account User=sma-user5 is logged in 00:03:32.875 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:03:32.875 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:03:32.875 vminfo Error: Unable to open process with PID=0, error=87 00:03:32.875 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=580: \SystemRoot\System32\smss.exe 00:03:32.875 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:03:32.875 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:03:32.875 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:03:32.875 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:03:32.875 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:03:32.875 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:03:32.875 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:03:32.875 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:03:32.875 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:03:32.875 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:03:32.875 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:03:32.875 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:03:32.875 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:03:32.875 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:03:32.875 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:03:32.875 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:03:32.875 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:03:32.875 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:03:32.875 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:03:32.875 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:03:32.875 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:03:32.875 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:03:32.875 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:03:32.875 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:03:32.875 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:03:32.875 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:03:32.875 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:03:32.875 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:03:32.875 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:03:32.875 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:03:32.875 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:03:32.875 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:03:32.875 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:03:32.875 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:03:32.875 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:03:32.875 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:03:32.875 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:03:32.875 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:03:32.875 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:03:32.875 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:03:32.875 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:03:32.875 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:03:32.875 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:03:32.875 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:03:32.875 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:03:32.875 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:03:32.875 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:03:32.875 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:03:32.875 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:03:32.875 vminfo Session 0 has 13 processes total 00:03:32.891 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:03:32.891 vminfo Handling session 1 00:03:32.891 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:03:32.891 vminfo Handling session 2 00:03:32.891 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:32.891 vminfo Handling session 3 00:03:32.891 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:32.891 vminfo Handling session 4 00:03:32.891 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:03:32.891 vminfo Handling session 5 00:03:32.891 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:03:32.891 vminfo Found 1 unique logged-in user(s) 00:03:32.891 vminfo User sma-user5 has 13 processes (session 0) 00:03:32.891 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:03:40.125 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:36.740000000Z (MinAdjust: 200 ms) 00:03:40.125 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:36.934770100Z => -194 770 100 ns drift 00:03:40.125 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:03:42.906 vminfo Found 6 sessions 00:03:42.906 vminfo Handling session 0 00:03:42.906 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:03:42.906 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:03:42.906 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:03:42.906 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:03:42.906 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:03:42.906 vminfo Account User=sma-user5 is logged in 00:03:42.906 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:03:42.922 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:03:42.922 vminfo Error: Unable to open process with PID=0, error=87 00:03:42.922 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=580: \SystemRoot\System32\smss.exe 00:03:42.922 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:03:42.922 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:03:42.922 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:03:42.922 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:03:42.922 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:03:42.922 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:03:42.922 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:03:42.922 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:03:42.922 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:03:42.922 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:03:42.922 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:03:42.922 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:03:42.922 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:03:42.922 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:03:42.922 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:03:42.922 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:03:42.922 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:03:42.922 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:03:42.922 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:03:42.922 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:03:42.922 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:03:42.922 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:03:42.922 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:03:42.922 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:03:42.922 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:03:42.922 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:03:42.922 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:03:42.922 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:03:42.922 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:03:42.922 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:03:42.922 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:03:42.922 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:03:42.922 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:03:42.922 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:03:42.922 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:03:42.922 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:03:42.922 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:03:42.922 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:03:42.922 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:03:42.922 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:03:42.922 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:03:42.922 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:03:42.922 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:03:42.922 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:03:42.922 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:03:42.922 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:03:42.922 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:03:42.922 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:03:42.922 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:03:42.922 vminfo Session 0 has 13 processes total 00:03:42.922 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:03:42.922 vminfo Handling session 1 00:03:42.922 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:03:42.922 vminfo Handling session 2 00:03:42.922 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:42.922 vminfo Handling session 3 00:03:42.922 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:42.922 vminfo Handling session 4 00:03:42.922 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:03:42.922 vminfo Handling session 5 00:03:42.938 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:03:42.938 vminfo Found 1 unique logged-in user(s) 00:03:42.938 vminfo User sma-user5 has 13 processes (session 0) 00:03:42.938 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:03:50.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:46.740000000Z (MinAdjust: 200 ms) 00:03:50.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:46.950395100Z => -210 395 100 ns drift 00:03:50.141 timesync VBoxServiceTimeSyncAdjust: Drift=-210ms 00:03:50.141 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=156250, NewTA=140625, DiffNew=15625, DiffMax=78125 00:03:52.938 vminfo Found 6 sessions 00:03:52.938 vminfo Handling session 0 00:03:52.938 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:03:52.938 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:03:52.938 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:03:52.938 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:03:52.938 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:03:52.938 vminfo Account User=sma-user5 is logged in 00:03:52.938 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:03:52.938 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:03:52.938 vminfo Error: Unable to open process with PID=0, error=87 00:03:52.938 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:03:52.938 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:03:52.938 vminfo PID=580: \SystemRoot\System32\smss.exe 00:03:52.938 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:03:52.938 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:03:52.938 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:03:52.938 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:03:52.938 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:03:52.938 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:03:52.938 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:03:52.953 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:03:52.953 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:03:52.953 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:03:52.953 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:03:52.953 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:03:52.953 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:03:52.953 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:03:52.953 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:03:52.953 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:03:52.953 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:03:52.953 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:03:52.953 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:03:52.953 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:03:52.953 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:03:52.953 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:03:52.953 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:03:52.953 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:03:52.953 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:03:52.953 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:03:52.953 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:03:52.953 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:03:52.953 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:03:52.953 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:03:52.953 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:03:52.953 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:03:52.953 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:03:52.953 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:03:52.953 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:03:52.953 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:03:52.953 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:03:52.953 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:03:52.953 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:03:52.953 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:03:52.953 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:03:52.953 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:03:52.953 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:03:52.953 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:03:52.953 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:03:52.953 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:03:52.953 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:03:52.953 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:03:52.953 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:03:52.953 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:03:52.953 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:03:52.953 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:03:52.953 vminfo Session 0 has 13 processes total 00:03:52.953 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:03:52.953 vminfo Handling session 1 00:03:52.953 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:03:52.953 vminfo Handling session 2 00:03:52.953 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:03:52.953 vminfo Handling session 3 00:03:52.953 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:03:52.953 vminfo Handling session 4 00:03:52.953 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:03:52.953 vminfo Handling session 5 00:03:52.953 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:03:52.953 vminfo Found 1 unique logged-in user(s) 00:03:52.953 vminfo User sma-user5 has 13 processes (session 0) 00:03:52.953 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:04:00.078 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:04:00.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:41:56.740000000Z (MinAdjust: 100 ms) 00:04:00.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:41:55.950395100Z => 789 604 900 ns drift 00:04:00.141 timesync VBoxServiceTimeSyncAdjust: Drift=789ms 00:04:00.141 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=140625, NewTA=154687, DiffNew=14062, DiffMax=78125 00:04:02.969 vminfo Found 6 sessions 00:04:02.969 vminfo Handling session 0 00:04:02.969 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:04:02.969 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:04:02.969 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:04:02.969 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:04:02.969 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:04:02.969 vminfo Account User=sma-user5 is logged in 00:04:02.969 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:04:02.969 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:04:02.969 vminfo Error: Unable to open process with PID=0, error=87 00:04:02.969 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:04:02.969 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:04:02.969 vminfo PID=580: \SystemRoot\System32\smss.exe 00:04:02.969 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:04:02.969 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:04:02.969 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:04:02.969 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:04:02.969 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:04:02.969 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:04:02.969 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:04:02.984 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:04:02.984 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:04:02.984 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:04:02.984 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:04:02.984 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:04:02.984 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:04:02.984 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:04:02.984 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:04:02.984 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:04:02.984 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:04:02.984 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:04:02.984 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:04:02.984 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:04:02.984 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:04:02.984 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:04:02.984 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:04:02.984 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:04:02.984 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:04:02.984 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:04:02.984 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:04:02.984 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:04:02.984 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:04:02.984 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:04:02.984 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:04:02.984 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:04:02.984 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:04:02.984 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:04:02.984 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:04:02.984 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:04:02.984 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:04:02.984 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:04:02.984 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:04:02.984 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:04:02.984 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:04:02.984 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:04:02.984 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:04:02.984 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:04:02.984 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:04:02.984 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:04:02.984 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:04:02.984 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:04:02.984 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:04:02.984 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:04:02.984 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:04:02.984 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:04:02.984 vminfo Session 0 has 13 processes total 00:04:02.984 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:04:02.984 vminfo Handling session 1 00:04:02.984 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:04:02.984 vminfo Handling session 2 00:04:02.984 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:02.984 vminfo Handling session 3 00:04:02.984 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:02.984 vminfo Handling session 4 00:04:02.984 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:04:02.984 vminfo Handling session 5 00:04:02.984 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:04:02.984 vminfo Found 1 unique logged-in user(s) 00:04:02.984 vminfo User sma-user5 has 13 processes (session 0) 00:04:02.984 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:04:10.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:06.740000000Z (MinAdjust: 100 ms) 00:04:10.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:05.850363100Z => 889 636 900 ns drift 00:04:10.141 timesync VBoxServiceTimeSyncAdjust: Drift=889ms 00:04:10.141 timesync VBoxServiceTimeSyncAdjust: OrgTA=156250, CurTA=154687, NewTA=170155, DiffNew=15468, DiffMax=78125 00:04:13.000 vminfo Found 6 sessions 00:04:13.000 vminfo Handling session 0 00:04:13.000 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:04:13.000 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:04:13.000 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:04:13.000 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:04:13.000 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:04:13.000 vminfo Account User=sma-user5 is logged in 00:04:13.000 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:04:13.000 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:04:13.000 vminfo Error: Unable to open process with PID=0, error=87 00:04:13.000 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:04:13.000 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=580: \SystemRoot\System32\smss.exe 00:04:13.016 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:04:13.016 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:04:13.016 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:04:13.016 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:04:13.016 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:04:13.016 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:04:13.016 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:04:13.016 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:04:13.016 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:04:13.016 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:04:13.016 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:04:13.016 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:04:13.016 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:04:13.016 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:04:13.016 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:04:13.016 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:04:13.016 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:04:13.016 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:04:13.016 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:04:13.016 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:04:13.016 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:04:13.016 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:04:13.016 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:04:13.016 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:04:13.016 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:04:13.016 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:04:13.016 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:04:13.016 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:04:13.016 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:04:13.016 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:04:13.016 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:04:13.016 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:04:13.016 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:04:13.016 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:04:13.016 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:04:13.016 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:04:13.016 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:04:13.016 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:04:13.016 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:04:13.016 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:04:13.016 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:04:13.016 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:04:13.016 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:04:13.016 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:04:13.016 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:04:13.016 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:04:13.016 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:04:13.016 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:04:13.016 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:04:13.016 vminfo Session 0 has 13 processes total 00:04:13.016 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:04:13.016 vminfo Handling session 1 00:04:13.016 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:04:13.016 vminfo Handling session 2 00:04:13.031 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:13.031 vminfo Handling session 3 00:04:13.031 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:13.031 vminfo Handling session 4 00:04:13.031 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:04:13.031 vminfo Handling session 5 00:04:13.031 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:04:13.031 vminfo Found 1 unique logged-in user(s) 00:04:13.031 vminfo User sma-user5 has 13 processes (session 0) 00:04:13.031 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:04:20.141 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:16.740000000Z (MinAdjust: 100 ms) 00:04:20.141 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:16.740283100Z => -283 100 ns drift 00:04:20.141 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:04:23.047 vminfo Found 6 sessions 00:04:23.047 vminfo Handling session 0 00:04:23.047 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:04:23.047 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:04:23.047 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:04:23.047 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:04:23.047 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:04:23.047 vminfo Account User=sma-user5 is logged in 00:04:23.047 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:04:23.047 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:04:23.047 vminfo Error: Unable to open process with PID=0, error=87 00:04:23.047 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:04:23.047 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=580: \SystemRoot\System32\smss.exe 00:04:23.063 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:04:23.063 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:04:23.063 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:04:23.063 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:04:23.063 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:04:23.063 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:04:23.063 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:04:23.063 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:04:23.063 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:04:23.063 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:04:23.063 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:04:23.063 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:04:23.063 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:04:23.063 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:04:23.063 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:04:23.063 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:04:23.063 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:04:23.063 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:04:23.063 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:04:23.063 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:04:23.063 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:04:23.063 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:04:23.063 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:04:23.063 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:04:23.063 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:04:23.063 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:04:23.063 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:04:23.063 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:04:23.063 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:04:23.063 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:04:23.063 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:04:23.078 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:04:23.078 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:04:23.078 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:04:23.078 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:04:23.078 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:04:23.078 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:04:23.078 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:04:23.078 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:04:23.078 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:04:23.078 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:04:23.078 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:04:23.078 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:04:23.078 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:04:23.078 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:04:23.078 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:04:23.078 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:04:23.078 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:04:23.078 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:04:23.078 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:04:23.078 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:04:23.078 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:04:23.078 vminfo Session 0 has 13 processes total 00:04:23.078 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:04:23.078 vminfo Handling session 1 00:04:23.078 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:04:23.078 vminfo Handling session 2 00:04:23.078 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:23.078 vminfo Handling session 3 00:04:23.078 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:23.078 vminfo Handling session 4 00:04:23.078 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:04:23.078 vminfo Handling session 5 00:04:23.078 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:04:23.078 vminfo Found 1 unique logged-in user(s) 00:04:23.078 vminfo User sma-user5 has 13 processes (session 0) 00:04:23.078 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:04:30.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:26.740000000Z (MinAdjust: 200 ms) 00:04:30.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:26.755908100Z => -15 908 100 ns drift 00:04:30.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:04:33.078 vminfo Found 6 sessions 00:04:33.078 vminfo Handling session 0 00:04:33.078 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:04:33.078 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:04:33.094 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:04:33.094 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:04:33.094 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:04:33.094 vminfo Account User=sma-user5 is logged in 00:04:33.094 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:04:33.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:04:33.094 vminfo Error: Unable to open process with PID=0, error=87 00:04:33.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=580: \SystemRoot\System32\smss.exe 00:04:33.094 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:04:33.094 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:04:33.094 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:04:33.094 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:04:33.094 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:04:33.094 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:04:33.094 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:04:33.094 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:04:33.094 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:04:33.094 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:04:33.094 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:04:33.094 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:04:33.094 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:04:33.094 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:04:33.094 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:04:33.094 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:04:33.094 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:04:33.094 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:04:33.094 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:04:33.094 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:04:33.094 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:04:33.094 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:04:33.094 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:04:33.094 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:04:33.094 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:04:33.094 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:04:33.094 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:04:33.094 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:04:33.094 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:04:33.094 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:04:33.094 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:04:33.094 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:04:33.094 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:04:33.094 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:04:33.094 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.094 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:04:33.094 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:04:33.109 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:04:33.109 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:04:33.109 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:04:33.109 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:04:33.109 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:04:33.109 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:04:33.109 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:04:33.109 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:04:33.109 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:04:33.109 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:04:33.109 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:04:33.109 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:04:33.109 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:04:33.109 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:04:33.109 vminfo Session 0 has 13 processes total 00:04:33.109 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:04:33.109 vminfo Handling session 1 00:04:33.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:04:33.109 vminfo Handling session 2 00:04:33.109 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:33.109 vminfo Handling session 3 00:04:33.109 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:33.109 vminfo Handling session 4 00:04:33.109 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:04:33.109 vminfo Handling session 5 00:04:33.109 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:04:33.109 vminfo Found 1 unique logged-in user(s) 00:04:33.109 vminfo User sma-user5 has 13 processes (session 0) 00:04:33.109 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:04:40.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:36.740000000Z (MinAdjust: 200 ms) 00:04:40.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:36.755908100Z => -15 908 100 ns drift 00:04:40.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:04:43.109 vminfo Found 6 sessions 00:04:43.109 vminfo Handling session 0 00:04:43.109 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:04:43.109 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:04:43.125 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:04:43.125 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:04:43.125 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:04:43.125 vminfo Account User=sma-user5 is logged in 00:04:43.125 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:04:43.125 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:04:43.125 vminfo Error: Unable to open process with PID=0, error=87 00:04:43.125 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=580: \SystemRoot\System32\smss.exe 00:04:43.125 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:04:43.125 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:04:43.125 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:04:43.125 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:04:43.125 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:04:43.125 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:04:43.125 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:04:43.125 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:04:43.125 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:04:43.125 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:04:43.125 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:04:43.125 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:04:43.125 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:04:43.125 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:04:43.125 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:04:43.125 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:04:43.125 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:04:43.125 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:04:43.125 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:04:43.125 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:04:43.125 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:04:43.125 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:04:43.125 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:04:43.125 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:04:43.125 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:04:43.125 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:04:43.125 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:04:43.125 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:04:43.125 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:04:43.125 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:04:43.125 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:04:43.125 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:04:43.125 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:04:43.125 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:04:43.125 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:04:43.125 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:04:43.125 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:04:43.125 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:04:43.125 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:04:43.125 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:04:43.125 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:04:43.125 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:04:43.125 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.125 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:04:43.141 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.141 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:04:43.141 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.141 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:04:43.141 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:04:43.141 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:04:43.141 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.141 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:04:43.141 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:04:43.141 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:04:43.141 vminfo Session 0 has 13 processes total 00:04:43.141 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:04:43.141 vminfo Handling session 1 00:04:43.141 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:04:43.141 vminfo Handling session 2 00:04:43.141 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:43.141 vminfo Handling session 3 00:04:43.141 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:43.141 vminfo Handling session 4 00:04:43.141 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:04:43.141 vminfo Handling session 5 00:04:43.141 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:04:43.141 vminfo Found 1 unique logged-in user(s) 00:04:43.141 vminfo User sma-user5 has 13 processes (session 0) 00:04:43.141 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:04:50.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:46.741000000Z (MinAdjust: 200 ms) 00:04:50.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:46.755908100Z => -14 908 100 ns drift 00:04:50.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:04:53.141 vminfo Found 6 sessions 00:04:53.141 vminfo Handling session 0 00:04:53.141 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:04:53.141 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:04:53.141 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:04:53.141 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:04:53.141 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:04:53.141 vminfo Account User=sma-user5 is logged in 00:04:53.156 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:04:53.156 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:04:53.156 vminfo Error: Unable to open process with PID=0, error=87 00:04:53.156 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=580: \SystemRoot\System32\smss.exe 00:04:53.156 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:04:53.156 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:04:53.156 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:04:53.156 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:04:53.156 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:04:53.156 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:04:53.156 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:04:53.156 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:04:53.156 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:04:53.156 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:04:53.156 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:04:53.156 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:04:53.156 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:04:53.156 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:04:53.156 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:04:53.156 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:04:53.156 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:04:53.156 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:04:53.156 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:04:53.156 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:04:53.156 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:04:53.156 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:04:53.156 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:04:53.156 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:04:53.156 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:04:53.156 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:04:53.156 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:04:53.156 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:04:53.156 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:04:53.156 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:04:53.156 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:04:53.156 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:04:53.156 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:04:53.156 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:04:53.156 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.156 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:04:53.156 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.156 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:04:53.156 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.156 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:04:53.156 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.156 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:04:53.156 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:04:53.172 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:04:53.172 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:04:53.172 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:04:53.172 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:04:53.172 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:04:53.172 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:04:53.172 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:04:53.172 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:04:53.172 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:04:53.172 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:04:53.172 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:04:53.172 vminfo Session 0 has 13 processes total 00:04:53.172 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:04:53.172 vminfo Handling session 1 00:04:53.172 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:04:53.172 vminfo Handling session 2 00:04:53.172 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:04:53.172 vminfo Handling session 3 00:04:53.172 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:04:53.172 vminfo Handling session 4 00:04:53.172 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:04:53.172 vminfo Handling session 5 00:04:53.172 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:04:53.172 vminfo Found 1 unique logged-in user(s) 00:04:53.172 vminfo User sma-user5 has 13 processes (session 0) 00:04:53.172 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:05:00.078 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:05:00.156 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:42:56.740000000Z (MinAdjust: 200 ms) 00:05:00.156 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:42:56.755908100Z => -15 908 100 ns drift 00:05:00.156 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:05:03.172 vminfo Found 6 sessions 00:05:03.172 vminfo Handling session 0 00:05:03.172 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:05:03.172 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:05:03.188 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:05:03.188 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:05:03.188 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:05:03.188 vminfo Account User=sma-user5 is logged in 00:05:03.188 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:05:03.188 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:05:03.188 vminfo Error: Unable to open process with PID=0, error=87 00:05:03.188 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=580: \SystemRoot\System32\smss.exe 00:05:03.188 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:05:03.188 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:05:03.188 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:05:03.188 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:05:03.188 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:05:03.188 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:05:03.188 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:05:03.188 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:05:03.188 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:05:03.188 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:05:03.188 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:05:03.188 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:05:03.188 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:05:03.188 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:05:03.188 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:05:03.188 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:05:03.188 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:05:03.188 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:05:03.188 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:05:03.188 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:05:03.188 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:05:03.188 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:05:03.188 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:05:03.188 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:05:03.188 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:05:03.203 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:05:03.203 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:05:03.203 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:05:03.203 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:05:03.203 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:05:03.203 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:05:03.203 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:05:03.203 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:05:03.203 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:05:03.203 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:05:03.203 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:05:03.203 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:05:03.203 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:05:03.203 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:05:03.203 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:05:03.203 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:05:03.203 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:05:03.203 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:05:03.203 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:05:03.203 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:05:03.203 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:05:03.203 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:05:03.203 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:05:03.203 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:05:03.203 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:05:03.203 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:05:03.203 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:05:03.203 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:05:03.203 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:05:03.203 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:05:03.203 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:05:03.203 vminfo Session 0 has 13 processes total 00:05:03.203 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:05:03.203 vminfo Handling session 1 00:05:03.203 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:05:03.203 vminfo Handling session 2 00:05:03.219 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:03.219 vminfo Handling session 3 00:05:03.219 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:03.219 vminfo Handling session 4 00:05:03.219 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:05:03.219 vminfo Handling session 5 00:05:03.219 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:05:03.219 vminfo Found 1 unique logged-in user(s) 00:05:03.219 vminfo User sma-user5 has 13 processes (session 0) 00:05:03.219 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:05:10.172 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:06.741000000Z (MinAdjust: 200 ms) 00:05:10.172 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:06.771533100Z => -30 533 100 ns drift 00:05:10.172 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:05:13.234 vminfo Found 6 sessions 00:05:13.234 vminfo Handling session 0 00:05:13.234 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:05:13.234 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:05:13.234 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:05:13.250 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:05:13.250 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:05:13.250 vminfo Account User=sma-user5 is logged in 00:05:13.250 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:05:13.250 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:05:13.250 vminfo Error: Unable to open process with PID=0, error=87 00:05:13.250 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=580: \SystemRoot\System32\smss.exe 00:05:13.250 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:05:13.250 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:05:13.250 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:05:13.250 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:05:13.250 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:05:13.250 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:05:13.250 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:05:13.250 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:05:13.250 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:05:13.250 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:05:13.250 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:05:13.250 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:05:13.250 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:05:13.250 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:05:13.250 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:05:13.250 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:05:13.250 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:05:13.250 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:05:13.250 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:05:13.250 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:05:13.250 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:05:13.250 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:05:13.250 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:05:13.250 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:05:13.250 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:05:13.250 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:05:13.250 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:05:13.250 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:05:13.250 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:05:13.250 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:05:13.250 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:05:13.266 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:05:13.266 vminfo PID=1160: (Interactive: false) 0:999 <-> 0:69081 00:05:13.266 vminfo PID=1160: C:\WINDOWS\system32\wuauclt.exe 00:05:13.266 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:05:13.266 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:05:13.266 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:05:13.266 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:05:13.266 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:05:13.266 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:05:13.266 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:05:13.266 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:05:13.266 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:05:13.266 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:05:13.266 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:05:13.266 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:05:13.266 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:05:13.266 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:05:13.266 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:05:13.266 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:05:13.266 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:05:13.266 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:05:13.266 vminfo Session 0 has 13 processes total 00:05:13.266 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:05:13.266 vminfo Handling session 1 00:05:13.266 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:05:13.266 vminfo Handling session 2 00:05:13.266 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:13.266 vminfo Handling session 3 00:05:13.266 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:13.266 vminfo Handling session 4 00:05:13.266 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:05:13.266 vminfo Handling session 5 00:05:13.266 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:05:13.266 vminfo Found 1 unique logged-in user(s) 00:05:13.266 vminfo User sma-user5 has 13 processes (session 0) 00:05:13.266 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:05:20.172 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:16.740000000Z (MinAdjust: 200 ms) 00:05:20.172 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:16.771533100Z => -31 533 100 ns drift 00:05:20.172 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:05:23.281 vminfo Found 6 sessions 00:05:23.281 vminfo Handling session 0 00:05:23.281 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:05:23.281 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:05:23.281 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:05:23.297 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:05:23.297 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:05:23.297 vminfo Account User=sma-user5 is logged in 00:05:23.297 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:05:23.297 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:05:23.297 vminfo Error: Unable to open process with PID=0, error=87 00:05:23.297 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=580: \SystemRoot\System32\smss.exe 00:05:23.297 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:05:23.297 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:05:23.297 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:05:23.297 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:05:23.297 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:05:23.297 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:05:23.297 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:05:23.297 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:05:23.297 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:05:23.297 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:05:23.297 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:05:23.297 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:05:23.297 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:05:23.297 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:05:23.297 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:05:23.297 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:05:23.297 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:05:23.297 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:05:23.297 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:05:23.297 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:05:23.297 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:05:23.297 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:05:23.297 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:05:23.297 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:05:23.297 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:05:23.297 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:05:23.297 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:05:23.297 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:05:23.297 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:05:23.297 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:05:23.297 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:05:23.297 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:05:23.297 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:05:23.297 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:05:23.297 vminfo PID=164: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=164: D:\adobe\reader-9\Reader\Reader_sl.exe 00:05:23.297 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:05:23.297 vminfo PID=1900: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=1900: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:05:23.297 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:05:23.297 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:05:23.297 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:05:23.297 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:05:23.297 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:05:23.297 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.297 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:05:23.297 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.313 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:05:23.313 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:05:23.313 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:05:23.313 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.313 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:05:23.313 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:05:23.313 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:05:23.313 vminfo Session 0 has 13 processes total 00:05:23.313 vminfo Adding new user=sma-user5 (session 0) with 13 processes 00:05:23.313 vminfo Handling session 1 00:05:23.313 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:05:23.313 vminfo Handling session 2 00:05:23.313 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:23.313 vminfo Handling session 3 00:05:23.313 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:23.313 vminfo Handling session 4 00:05:23.313 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:05:23.313 vminfo Handling session 5 00:05:23.313 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:05:23.313 vminfo Found 1 unique logged-in user(s) 00:05:23.313 vminfo User sma-user5 has 13 processes (session 0) 00:05:23.313 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:05:30.172 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:26.740000000Z (MinAdjust: 200 ms) 00:05:30.172 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:26.771533100Z => -31 533 100 ns drift 00:05:30.172 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:05:33.313 vminfo Found 6 sessions 00:05:33.313 vminfo Handling session 0 00:05:33.313 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:05:33.313 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:05:33.328 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:05:33.328 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:05:33.328 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:05:33.328 vminfo Account User=sma-user5 is logged in 00:05:33.328 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:05:33.328 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:05:33.328 vminfo Error: Unable to open process with PID=0, error=87 00:05:33.328 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=580: \SystemRoot\System32\smss.exe 00:05:33.328 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:05:33.328 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:05:33.328 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:05:33.328 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:05:33.328 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:05:33.328 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:05:33.328 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:05:33.328 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:05:33.328 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:05:33.328 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:05:33.328 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:05:33.328 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:05:33.328 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:05:33.328 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:05:33.328 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:05:33.328 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:05:33.328 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:05:33.328 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:05:33.328 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:05:33.328 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:05:33.328 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:05:33.328 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:05:33.328 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:05:33.328 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:05:33.328 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:05:33.328 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:05:33.328 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:05:33.328 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:05:33.328 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:05:33.328 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:05:33.328 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:05:33.328 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:05:33.344 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:05:33.344 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:05:33.344 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:05:33.344 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:05:33.344 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:05:33.344 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:05:33.344 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:05:33.344 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:05:33.344 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:05:33.344 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:05:33.344 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:05:33.344 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:05:33.344 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:05:33.344 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:05:33.344 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:05:33.344 vminfo Session 0 has 11 processes total 00:05:33.344 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:05:33.344 vminfo Handling session 1 00:05:33.344 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:05:33.344 vminfo Handling session 2 00:05:33.344 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:33.344 vminfo Handling session 3 00:05:33.344 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:33.344 vminfo Handling session 4 00:05:33.344 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:05:33.344 vminfo Handling session 5 00:05:33.344 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:05:33.344 vminfo Found 1 unique logged-in user(s) 00:05:33.344 vminfo User sma-user5 has 11 processes (session 0) 00:05:33.344 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:05:40.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:36.740000000Z (MinAdjust: 200 ms) 00:05:40.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:36.787158100Z => -47 158 100 ns drift 00:05:40.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:05:43.359 vminfo Found 6 sessions 00:05:43.359 vminfo Handling session 0 00:05:43.359 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:05:43.359 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:05:43.375 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:05:43.375 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:05:43.375 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:05:43.375 vminfo Account User=sma-user5 is logged in 00:05:43.375 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:05:43.375 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:05:43.375 vminfo Error: Unable to open process with PID=0, error=87 00:05:43.375 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=580: \SystemRoot\System32\smss.exe 00:05:43.375 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:05:43.375 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:05:43.375 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:05:43.375 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:05:43.375 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:05:43.375 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:05:43.375 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:05:43.375 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:05:43.375 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:05:43.375 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:05:43.375 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:05:43.375 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:05:43.375 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:05:43.375 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:05:43.375 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:05:43.375 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:05:43.375 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:05:43.375 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:05:43.375 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:05:43.375 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:05:43.375 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:05:43.375 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:05:43.375 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:05:43.391 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:05:43.391 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:05:43.391 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:05:43.391 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:05:43.391 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:05:43.391 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:05:43.391 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:05:43.391 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:05:43.391 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:05:43.391 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:05:43.391 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:05:43.391 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:05:43.391 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:05:43.391 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:05:43.391 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:05:43.391 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:05:43.391 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:05:43.391 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:05:43.391 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:05:43.391 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:05:43.391 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:05:43.391 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:05:43.391 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:05:43.391 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:05:43.391 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:05:43.391 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:05:43.391 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:05:43.391 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:05:43.391 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:05:43.391 vminfo Session 0 has 11 processes total 00:05:43.391 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:05:43.391 vminfo Handling session 1 00:05:43.391 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:05:43.391 vminfo Handling session 2 00:05:43.391 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:43.391 vminfo Handling session 3 00:05:43.391 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:43.391 vminfo Handling session 4 00:05:43.391 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:05:43.391 vminfo Handling session 5 00:05:43.391 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:05:43.391 vminfo Found 1 unique logged-in user(s) 00:05:43.391 vminfo User sma-user5 has 11 processes (session 0) 00:05:43.391 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:05:50.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:46.724000000Z (MinAdjust: 200 ms) 00:05:50.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:46.787158100Z => -63 158 100 ns drift 00:05:50.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:05:53.406 vminfo Found 6 sessions 00:05:53.406 vminfo Handling session 0 00:05:53.406 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:05:53.406 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:05:53.406 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:05:53.406 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:05:53.406 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:05:53.406 vminfo Account User=sma-user5 is logged in 00:05:53.406 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:05:53.406 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:05:53.406 vminfo Error: Unable to open process with PID=0, error=87 00:05:53.406 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:05:53.406 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:05:53.406 vminfo PID=580: \SystemRoot\System32\smss.exe 00:05:53.406 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:05:53.422 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:05:53.422 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:05:53.422 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:05:53.422 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:05:53.422 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:05:53.422 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:05:53.422 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:05:53.422 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:05:53.422 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:05:53.422 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:05:53.422 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:05:53.422 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:05:53.422 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:05:53.422 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:05:53.422 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:05:53.422 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:05:53.422 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:05:53.422 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:05:53.422 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:05:53.422 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:05:53.422 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:05:53.422 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:05:53.422 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:05:53.422 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:05:53.422 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:05:53.422 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:05:53.422 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:05:53.422 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:05:53.422 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:05:53.422 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:05:53.422 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:05:53.422 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:05:53.422 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:05:53.422 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:05:53.422 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:05:53.422 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:05:53.422 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:05:53.422 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:05:53.422 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:05:53.422 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:05:53.422 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:05:53.422 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:05:53.422 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:05:53.422 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:05:53.422 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:05:53.422 vminfo Session 0 has 11 processes total 00:05:53.422 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:05:53.422 vminfo Handling session 1 00:05:53.422 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:05:53.422 vminfo Handling session 2 00:05:53.422 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:05:53.422 vminfo Handling session 3 00:05:53.422 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:05:53.422 vminfo Handling session 4 00:05:53.422 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:05:53.422 vminfo Handling session 5 00:05:53.422 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:05:53.422 vminfo Found 1 unique logged-in user(s) 00:05:53.422 vminfo User sma-user5 has 11 processes (session 0) 00:05:53.422 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:06:00.094 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:06:00.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:43:56.724000000Z (MinAdjust: 200 ms) 00:06:00.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:43:56.787158100Z => -63 158 100 ns drift 00:06:00.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:06:03.438 vminfo Found 6 sessions 00:06:03.438 vminfo Handling session 0 00:06:03.438 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:06:03.438 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:06:03.438 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:06:03.453 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:06:03.453 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:06:03.453 vminfo Account User=sma-user5 is logged in 00:06:03.453 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:06:03.453 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:06:03.453 vminfo Error: Unable to open process with PID=0, error=87 00:06:03.453 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=580: \SystemRoot\System32\smss.exe 00:06:03.453 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:06:03.453 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:06:03.453 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:06:03.453 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:06:03.453 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:06:03.453 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:06:03.453 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:06:03.453 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:06:03.453 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:06:03.453 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:06:03.453 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:06:03.453 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:06:03.453 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:06:03.453 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:06:03.453 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:06:03.453 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:06:03.453 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:06:03.453 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:06:03.453 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:06:03.453 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:06:03.453 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:06:03.453 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:06:03.453 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:06:03.453 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:06:03.453 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:06:03.453 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:06:03.453 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:06:03.453 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:06:03.453 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:06:03.453 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:06:03.453 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:06:03.453 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:06:03.453 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:06:03.453 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:06:03.453 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:06:03.453 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:06:03.453 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:06:03.453 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:06:03.453 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:06:03.453 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:06:03.453 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.453 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:06:03.453 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:06:03.453 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:06:03.453 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.469 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:06:03.469 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:06:03.469 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:06:03.469 vminfo Session 0 has 11 processes total 00:06:03.469 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:06:03.469 vminfo Handling session 1 00:06:03.469 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:06:03.469 vminfo Handling session 2 00:06:03.469 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:03.469 vminfo Handling session 3 00:06:03.469 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:03.469 vminfo Handling session 4 00:06:03.469 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:06:03.469 vminfo Handling session 5 00:06:03.469 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:06:03.469 vminfo Found 1 unique logged-in user(s) 00:06:03.469 vminfo User sma-user5 has 11 processes (session 0) 00:06:03.469 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:06:10.188 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:06.724000000Z (MinAdjust: 200 ms) 00:06:10.188 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:06.787158100Z => -63 158 100 ns drift 00:06:10.188 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:06:13.469 vminfo Found 6 sessions 00:06:13.469 vminfo Handling session 0 00:06:13.469 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:06:13.469 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:06:13.469 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:06:13.469 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:06:13.469 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:06:13.469 vminfo Account User=sma-user5 is logged in 00:06:13.469 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:06:13.469 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:06:13.469 vminfo Error: Unable to open process with PID=0, error=87 00:06:13.484 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=580: \SystemRoot\System32\smss.exe 00:06:13.484 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:06:13.484 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:06:13.484 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:06:13.484 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:06:13.484 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:06:13.484 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:06:13.484 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:06:13.484 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:06:13.484 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:06:13.484 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:06:13.484 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:06:13.484 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:06:13.484 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:06:13.484 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:06:13.484 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:06:13.484 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:06:13.484 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:06:13.484 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:06:13.484 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:06:13.484 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:06:13.484 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:06:13.484 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:06:13.484 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:06:13.484 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:06:13.484 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:06:13.484 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:06:13.484 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:06:13.484 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:06:13.484 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:06:13.484 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:06:13.484 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:06:13.484 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:06:13.484 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:06:13.484 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:06:13.484 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:06:13.484 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:06:13.484 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:06:13.484 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:06:13.484 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:06:13.484 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:06:13.484 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:06:13.484 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:06:13.484 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:06:13.484 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:06:13.484 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:06:13.484 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:06:13.484 vminfo Session 0 has 11 processes total 00:06:13.484 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:06:13.484 vminfo Handling session 1 00:06:13.484 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:06:13.484 vminfo Handling session 2 00:06:13.500 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:13.500 vminfo Handling session 3 00:06:13.500 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:13.500 vminfo Handling session 4 00:06:13.500 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:06:13.500 vminfo Handling session 5 00:06:13.500 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:06:13.500 vminfo Found 1 unique logged-in user(s) 00:06:13.500 vminfo User sma-user5 has 11 processes (session 0) 00:06:13.500 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:06:20.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:16.724000000Z (MinAdjust: 200 ms) 00:06:20.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:16.802783100Z => -78 783 100 ns drift 00:06:20.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:06:23.516 vminfo Found 6 sessions 00:06:23.516 vminfo Handling session 0 00:06:23.516 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:06:23.516 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:06:23.516 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:06:23.531 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:06:23.531 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:06:23.531 vminfo Account User=sma-user5 is logged in 00:06:23.531 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:06:23.531 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:06:23.531 vminfo Error: Unable to open process with PID=0, error=87 00:06:23.531 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=580: \SystemRoot\System32\smss.exe 00:06:23.531 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:06:23.531 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:06:23.531 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:06:23.531 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:06:23.531 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:06:23.531 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:06:23.531 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:06:23.531 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:06:23.531 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:06:23.531 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:06:23.531 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:06:23.531 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:06:23.531 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:06:23.531 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:06:23.531 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:06:23.531 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:06:23.531 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:06:23.531 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:06:23.531 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:06:23.531 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:06:23.531 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:06:23.531 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:06:23.531 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:06:23.531 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:06:23.531 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:06:23.531 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:06:23.531 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:06:23.531 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:06:23.531 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:06:23.531 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:06:23.531 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:06:23.547 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:06:23.547 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:06:23.547 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:06:23.547 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:06:23.547 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:06:23.547 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:06:23.547 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:06:23.547 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:06:23.547 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:06:23.547 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:06:23.547 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:06:23.547 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:06:23.547 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:06:23.547 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:06:23.547 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:06:23.547 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:06:23.547 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:06:23.547 vminfo Session 0 has 11 processes total 00:06:23.547 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:06:23.547 vminfo Handling session 1 00:06:23.547 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:06:23.547 vminfo Handling session 2 00:06:23.547 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:23.547 vminfo Handling session 3 00:06:23.547 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:23.547 vminfo Handling session 4 00:06:23.547 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:06:23.547 vminfo Handling session 5 00:06:23.547 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:06:23.547 vminfo Found 1 unique logged-in user(s) 00:06:23.547 vminfo User sma-user5 has 11 processes (session 0) 00:06:23.547 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:06:30.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:26.724000000Z (MinAdjust: 200 ms) 00:06:30.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:26.802783100Z => -78 783 100 ns drift 00:06:30.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:06:33.547 vminfo Found 6 sessions 00:06:33.547 vminfo Handling session 0 00:06:33.547 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:06:33.547 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:06:33.563 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:06:33.563 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:06:33.563 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:06:33.563 vminfo Account User=sma-user5 is logged in 00:06:33.563 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:06:33.563 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:06:33.563 vminfo Error: Unable to open process with PID=0, error=87 00:06:33.563 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=580: \SystemRoot\System32\smss.exe 00:06:33.563 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:06:33.563 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:06:33.563 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:06:33.563 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:06:33.563 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:06:33.563 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:06:33.563 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:06:33.563 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:06:33.563 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:06:33.563 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:06:33.563 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:06:33.563 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:06:33.563 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:06:33.563 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:06:33.563 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:06:33.563 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:06:33.563 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:06:33.563 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:06:33.563 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:06:33.563 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:06:33.563 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:06:33.563 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:06:33.563 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:06:33.563 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:06:33.563 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:06:33.578 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:06:33.578 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:06:33.578 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:06:33.578 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:06:33.578 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:06:33.578 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:06:33.578 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:06:33.578 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:06:33.578 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:06:33.578 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:06:33.578 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:06:33.578 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:06:33.578 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:06:33.578 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:06:33.578 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:06:33.578 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:06:33.578 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:06:33.578 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:06:33.578 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:06:33.578 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:06:33.578 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:06:33.578 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:06:33.578 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:06:33.578 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:06:33.578 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:06:33.578 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:06:33.578 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:06:33.578 vminfo Session 0 has 11 processes total 00:06:33.578 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:06:33.578 vminfo Handling session 1 00:06:33.578 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:06:33.578 vminfo Handling session 2 00:06:33.578 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:33.578 vminfo Handling session 3 00:06:33.578 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:33.578 vminfo Handling session 4 00:06:33.578 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:06:33.578 vminfo Handling session 5 00:06:33.578 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:06:33.578 vminfo Found 1 unique logged-in user(s) 00:06:33.578 vminfo User sma-user5 has 11 processes (session 0) 00:06:33.578 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:06:40.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:36.724000000Z (MinAdjust: 200 ms) 00:06:40.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:36.802783100Z => -78 783 100 ns drift 00:06:40.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:06:43.594 vminfo Found 6 sessions 00:06:43.594 vminfo Handling session 0 00:06:43.594 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:06:43.594 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:06:43.594 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:06:43.609 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:06:43.609 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:06:43.609 vminfo Account User=sma-user5 is logged in 00:06:43.609 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:06:43.609 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:06:43.609 vminfo Error: Unable to open process with PID=0, error=87 00:06:43.609 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=580: \SystemRoot\System32\smss.exe 00:06:43.609 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:06:43.609 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:06:43.609 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:06:43.609 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:06:43.609 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:06:43.609 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:06:43.609 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:06:43.609 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:06:43.609 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:06:43.609 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:06:43.609 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:06:43.609 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:06:43.609 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:06:43.609 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:06:43.609 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:06:43.609 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:06:43.609 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:06:43.609 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:06:43.609 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:06:43.609 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:06:43.609 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:06:43.609 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:06:43.609 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:06:43.609 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:06:43.609 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:06:43.609 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:06:43.609 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:06:43.609 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:06:43.609 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:06:43.609 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:06:43.609 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:06:43.609 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:06:43.609 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:06:43.609 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.609 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:06:43.609 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.609 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:06:43.609 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.609 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:06:43.609 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.609 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:06:43.609 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.609 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:06:43.609 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.609 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:06:43.609 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.625 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:06:43.625 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.625 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:06:43.625 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.625 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:06:43.625 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:06:43.625 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:06:43.625 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.625 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:06:43.625 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:06:43.625 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:06:43.625 vminfo Session 0 has 11 processes total 00:06:43.625 vminfo Adding new user=sma-user5 (session 0) with 11 processes 00:06:43.625 vminfo Handling session 1 00:06:43.625 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:06:43.625 vminfo Handling session 2 00:06:43.625 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:43.625 vminfo Handling session 3 00:06:43.625 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:43.625 vminfo Handling session 4 00:06:43.625 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:06:43.625 vminfo Handling session 5 00:06:43.625 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:06:43.625 vminfo Found 1 unique logged-in user(s) 00:06:43.625 vminfo User sma-user5 has 11 processes (session 0) 00:06:43.625 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:06:50.203 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:46.724000000Z (MinAdjust: 200 ms) 00:06:50.203 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:46.802783100Z => -78 783 100 ns drift 00:06:50.203 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:06:53.625 vminfo Found 6 sessions 00:06:53.625 vminfo Handling session 0 00:06:53.625 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:06:53.625 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:06:53.625 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:06:53.625 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:06:53.625 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:06:53.625 vminfo Account User=sma-user5 is logged in 00:06:53.625 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:06:53.625 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:06:53.625 vminfo Error: Unable to open process with PID=0, error=87 00:06:53.625 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:06:53.625 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:06:53.625 vminfo PID=580: \SystemRoot\System32\smss.exe 00:06:53.625 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:06:53.641 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:06:53.641 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:06:53.641 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:06:53.641 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:06:53.641 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:06:53.641 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:06:53.641 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:06:53.641 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:06:53.641 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:06:53.641 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:06:53.641 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:06:53.641 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:06:53.641 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:06:53.641 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:06:53.641 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:06:53.641 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:06:53.641 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:06:53.641 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:06:53.641 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:06:53.641 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:06:53.641 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:06:53.641 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:06:53.641 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:06:53.641 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:06:53.641 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:06:53.641 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:06:53.641 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:06:53.641 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:06:53.641 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:06:53.641 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:06:53.641 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:06:53.641 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:06:53.641 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:06:53.641 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:06:53.641 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:06:53.641 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:06:53.641 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:06:53.641 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:06:53.641 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:06:53.641 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:06:53.641 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:06:53.641 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:06:53.641 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:06:53.641 vminfo PID=3532: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=3532: D:\adobe\Photoshop 6.0\Photoshp.exe 00:06:53.641 vminfo PID=2412: (Interactive: true ) 0:69081 <-> 0:69081 00:06:53.641 vminfo PID=2412: C:\WINDOWS\system32\dumprep.exe 00:06:53.641 vminfo Session 0 has 12 processes total 00:06:53.641 vminfo Adding new user=sma-user5 (session 0) with 12 processes 00:06:53.641 vminfo Handling session 1 00:06:53.641 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:06:53.641 vminfo Handling session 2 00:06:53.641 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:06:53.641 vminfo Handling session 3 00:06:53.641 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:06:53.641 vminfo Handling session 4 00:06:53.641 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:06:53.641 vminfo Handling session 5 00:06:53.656 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:06:53.656 vminfo Found 1 unique logged-in user(s) 00:06:53.656 vminfo User sma-user5 has 12 processes (session 0) 00:06:53.656 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:07:00.109 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:07:00.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:44:56.724000000Z (MinAdjust: 200 ms) 00:07:00.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:44:56.818408100Z => -94 408 100 ns drift 00:07:00.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:07:03.672 vminfo Found 6 sessions 00:07:03.672 vminfo Handling session 0 00:07:03.672 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:07:03.672 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:07:03.688 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:07:03.688 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:07:03.688 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:07:03.688 vminfo Account User=sma-user5 is logged in 00:07:03.688 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:07:03.688 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:07:03.688 vminfo Error: Unable to open process with PID=0, error=87 00:07:03.688 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=580: \SystemRoot\System32\smss.exe 00:07:03.688 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:07:03.688 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:07:03.688 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:07:03.688 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:07:03.688 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:07:03.688 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:07:03.688 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:07:03.688 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:07:03.688 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:07:03.688 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:07:03.688 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:07:03.688 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:07:03.688 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:07:03.688 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:07:03.688 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:07:03.688 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:07:03.688 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:07:03.688 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:07:03.688 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:07:03.688 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:07:03.688 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:07:03.688 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:07:03.688 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:07:03.688 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:07:03.688 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:07:03.688 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:07:03.688 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:07:03.688 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:07:03.703 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:07:03.703 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:07:03.703 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:07:03.703 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:07:03.703 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:07:03.703 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:07:03.703 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:07:03.703 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:07:03.703 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:07:03.703 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:07:03.703 vminfo PID=348: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=348: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:07:03.703 vminfo PID=1124: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=1124: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:07:03.703 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:07:03.703 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:07:03.703 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:07:03.703 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:07:03.703 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:07:03.703 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:07:03.703 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:07:03.703 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:07:03.703 vminfo PID=3136: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=3136: C:\WINDOWS\system32\cmd.exe 00:07:03.703 vminfo PID=2412: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=2412: C:\WINDOWS\system32\dumprep.exe 00:07:03.703 vminfo PID=2428: (Interactive: true ) 0:69081 <-> 0:69081 00:07:03.703 vminfo PID=2428: C:\WINDOWS\system32\dwwin.exe 00:07:03.703 vminfo Session 0 has 12 processes total 00:07:03.703 vminfo Adding new user=sma-user5 (session 0) with 12 processes 00:07:03.703 vminfo Handling session 1 00:07:03.703 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:07:03.703 vminfo Handling session 2 00:07:03.703 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:03.703 vminfo Handling session 3 00:07:03.703 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:03.703 vminfo Handling session 4 00:07:03.703 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:07:03.703 vminfo Handling session 5 00:07:03.703 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:07:03.703 vminfo Found 1 unique logged-in user(s) 00:07:03.703 vminfo User sma-user5 has 12 processes (session 0) 00:07:03.703 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:07:10.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:06.725000000Z (MinAdjust: 200 ms) 00:07:10.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:06.818408100Z => -93 408 100 ns drift 00:07:10.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:07:13.703 vminfo Found 6 sessions 00:07:13.703 vminfo Handling session 0 00:07:13.703 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:07:13.703 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:07:13.703 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:07:13.703 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:07:13.703 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:07:13.703 vminfo Account User=sma-user5 is logged in 00:07:13.703 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:07:13.703 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:07:13.703 vminfo Error: Unable to open process with PID=0, error=87 00:07:13.703 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=580: \SystemRoot\System32\smss.exe 00:07:13.703 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:07:13.703 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:07:13.703 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:07:13.703 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:07:13.703 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:07:13.703 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:07:13.703 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:07:13.719 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:07:13.719 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:07:13.719 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:07:13.719 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:07:13.719 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:07:13.719 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:07:13.719 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:07:13.719 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:07:13.719 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:07:13.719 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:07:13.719 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:07:13.719 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:07:13.719 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:07:13.719 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:07:13.719 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:07:13.719 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:07:13.719 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:07:13.719 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:07:13.719 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:07:13.719 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:07:13.719 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:07:13.719 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:07:13.719 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:07:13.719 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:07:13.719 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:07:13.719 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:07:13.719 vminfo PID=304: (Interactive: true ) 0:69081 <-> 0:69081 00:07:13.719 vminfo PID=304: C:\WINDOWS\Explorer.EXE 00:07:13.719 vminfo PID=1252: (Interactive: true ) 0:69081 <-> 0:69081 00:07:13.719 vminfo PID=1252: C:\WINDOWS\system32\VBoxTray.exe 00:07:13.719 vminfo PID=1080: (Interactive: true ) 0:69081 <-> 0:69081 00:07:13.719 vminfo PID=1080: D:\iTunes\iTunesHelper.exe 00:07:13.719 vminfo PID=1940: (Interactive: true ) 0:69081 <-> 0:69081 00:07:13.719 vminfo PID=1940: C:\WINDOWS\system32\ctfmon.exe 00:07:13.719 vminfo PID=1956: (Interactive: true ) 0:69081 <-> 0:69081 00:07:13.719 vminfo PID=1956: C:\Program Files\Messenger\msmsgs.exe 00:07:13.719 vminfo PID=2116: (Interactive: true ) 0:69081 <-> 0:69081 00:07:13.719 vminfo PID=2116: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:07:13.719 vminfo PID=2184: (Interactive: true ) 0:69081 <-> 0:69081 00:07:13.719 vminfo PID=2184: D:\WinZip\WZQKPICK32.EXE 00:07:13.719 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:07:13.719 vminfo PID=2636: (Interactive: false) 0:999 <-> 0:69081 00:07:13.719 vminfo PID=2636: C:\WINDOWS\system32\logonui.exe 00:07:13.719 vminfo Session 0 has 7 processes total 00:07:13.719 vminfo Adding new user=sma-user5 (session 0) with 7 processes 00:07:13.719 vminfo Handling session 1 00:07:13.719 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:07:13.719 vminfo Handling session 2 00:07:13.719 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:13.719 vminfo Handling session 3 00:07:13.719 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:13.719 vminfo Handling session 4 00:07:13.719 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:07:13.719 vminfo Handling session 5 00:07:13.719 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:07:13.719 vminfo Found 1 unique logged-in user(s) 00:07:13.719 vminfo User sma-user5 has 7 processes (session 0) 00:07:13.719 vminfo cUsersInList: 1, pszUserList: sma-user5, rc=VINF_SUCCESS 00:07:20.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:16.724000000Z (MinAdjust: 200 ms) 00:07:20.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:16.818408100Z => -94 408 100 ns drift 00:07:20.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:07:21.078 main Control handler: Control=0xe, EventType=0x6 00:07:21.078 main Control handler: A user has logged off the session (Session=0, Event=0x6) 00:07:21.078 vminfo Found 6 sessions 00:07:21.094 vminfo Handling session 0 00:07:21.094 vminfo Session data: Name=sma-user5, Session=0, LogonID=0,69081, LogonType=2 00:07:21.094 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:07:21.094 vminfo Account User=sma-user5, Session=0, LogonID=0,69081, AuthPkg=NTLM, Domain=SMA-STATION14W 00:07:21.094 vminfo Account User=sma-user5, WTSConnectState=0 (4) 00:07:21.094 vminfo Account User=sma-user5 using TCS/RDP, state=0 00:07:21.094 vminfo Account User=sma-user5 is logged in 00:07:21.094 vminfo Handling user=sma-user5, domain=SMA-STATION14W, package=NTLM 00:07:21.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:69081 00:07:21.094 vminfo Error: Unable to open process with PID=0, error=87 00:07:21.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:69081 00:07:21.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=580: \SystemRoot\System32\smss.exe 00:07:21.109 vminfo PID=628: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:07:21.109 vminfo PID=652: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:07:21.109 vminfo PID=696: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:07:21.109 vminfo PID=708: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:07:21.109 vminfo PID=888: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:07:21.109 vminfo PID=932: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:07:21.109 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:69081 00:07:21.109 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:07:21.109 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:07:21.109 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:69081 00:07:21.109 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:07:21.109 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:69081 00:07:21.109 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:07:21.109 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:07:21.109 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:69081 00:07:21.109 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:07:21.109 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:07:21.109 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:07:21.109 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:07:21.109 vminfo PID=176: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:07:21.109 vminfo PID=192: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:07:21.109 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:69081 00:07:21.109 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:07:21.109 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:69081 00:07:21.109 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:07:21.109 vminfo PID=444: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:07:21.109 vminfo PID=604: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:07:21.109 vminfo PID=780: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:07:21.109 vminfo PID=948: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:07:21.109 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:07:21.109 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:69081 00:07:21.109 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:07:21.109 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:07:21.109 vminfo PID=2636: (Interactive: false) 0:999 <-> 0:69081 00:07:21.109 vminfo PID=2636: C:\WINDOWS\system32\logonui.exe 00:07:21.109 vminfo Session 0 has 0 processes total 00:07:21.109 vminfo Adding new user=sma-user5 (session 0) with 0 processes 00:07:21.109 vminfo Handling session 1 00:07:21.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:07:21.109 vminfo Handling session 2 00:07:21.109 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:21.109 vminfo Handling session 3 00:07:21.109 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:21.109 vminfo Handling session 4 00:07:21.109 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:07:21.109 vminfo Handling session 5 00:07:21.109 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:07:21.109 vminfo Found 1 unique logged-in user(s) 00:07:21.109 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:07:30.219 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:26.724000000Z (MinAdjust: 200 ms) 00:07:30.219 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:26.818408100Z => -94 408 100 ns drift 00:07:30.219 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:07:31.125 vminfo Found 5 sessions 00:07:31.125 vminfo Handling session 0 00:07:31.125 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:07:31.125 vminfo Handling session 1 00:07:31.125 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:31.125 vminfo Handling session 2 00:07:31.125 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:31.125 vminfo Handling session 3 00:07:31.141 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:07:31.141 vminfo Handling session 4 00:07:31.141 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:07:31.141 vminfo Found 0 unique logged-in user(s) 00:07:31.141 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:07:33.953 main Control handler: Control=0xe, EventType=0x5 00:07:33.953 main Control handler: A user has logged on to a session (Session=0, Event=0x5) 00:07:33.953 vminfo Found 6 sessions 00:07:33.969 vminfo Handling session 0 00:07:33.969 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:07:33.969 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:07:33.969 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:07:33.984 vminfo Account User=Admin, WTSConnectState=0 (4) 00:07:33.984 vminfo Account User=Admin using TCS/RDP, state=0 00:07:33.984 vminfo Account User=Admin is logged in 00:07:33.984 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:07:33.984 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:07:33.984 vminfo Error: Unable to open process with PID=0, error=87 00:07:33.984 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:07:33.984 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=580: \SystemRoot\System32\smss.exe 00:07:34.000 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:07:34.000 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:07:34.000 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:07:34.000 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:07:34.000 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:07:34.000 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:07:34.000 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:07:34.000 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:07:34.000 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:07:34.000 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:07:34.000 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:07:34.000 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:07:34.000 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:07:34.000 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:07:34.000 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:07:34.000 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:07:34.000 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:07:34.000 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:07:34.000 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:07:34.000 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:07:34.000 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:07:34.000 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:07:34.000 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:07:34.000 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:07:34.000 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:07:34.000 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:07:34.000 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:07:34.016 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:07:34.016 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:07:34.016 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:07:34.016 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:07:34.031 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:07:34.031 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:07:34.031 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:07:34.031 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:07:34.031 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:07:34.031 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:07:34.047 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:07:34.047 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:07:34.047 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:07:34.047 vminfo PID=2636: (Interactive: false) 0:999 <-> 0:351673 00:07:34.047 vminfo PID=2636: C:\WINDOWS\system32\logonui.exe 00:07:34.047 vminfo Session 0 has 0 processes total 00:07:34.047 vminfo Adding new user=Admin (session 0) with 0 processes 00:07:34.047 vminfo Handling session 1 00:07:34.047 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:07:34.047 vminfo Handling session 2 00:07:34.047 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:34.047 vminfo Handling session 3 00:07:34.047 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:34.047 vminfo Handling session 4 00:07:34.047 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:07:34.047 vminfo Handling session 5 00:07:34.047 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:07:34.047 vminfo Found 1 unique logged-in user(s) 00:07:34.047 vminfo cUsersInList: 0, pszUserList: , rc=VINF_SUCCESS 00:07:40.234 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:36.726000000Z (MinAdjust: 200 ms) 00:07:40.234 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:36.834033100Z => -108 033 100 ns drift 00:07:40.234 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:07:44.078 vminfo Found 6 sessions 00:07:44.078 vminfo Handling session 0 00:07:44.078 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:07:44.078 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:07:44.078 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:07:44.094 vminfo Account User=Admin, WTSConnectState=0 (4) 00:07:44.094 vminfo Account User=Admin using TCS/RDP, state=0 00:07:44.094 vminfo Account User=Admin is logged in 00:07:44.094 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:07:44.094 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:07:44.094 vminfo Error: Unable to open process with PID=0, error=87 00:07:44.094 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=580: \SystemRoot\System32\smss.exe 00:07:44.094 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:07:44.094 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:07:44.094 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:07:44.094 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:07:44.094 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:07:44.094 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:07:44.094 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:07:44.094 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:07:44.094 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:07:44.094 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:07:44.094 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:07:44.094 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:07:44.094 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:07:44.094 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:07:44.094 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:07:44.094 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:07:44.094 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:07:44.094 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:07:44.094 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:07:44.109 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:07:44.109 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:07:44.109 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:07:44.109 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:07:44.109 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:07:44.109 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:07:44.109 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:07:44.109 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:07:44.109 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:07:44.109 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:07:44.109 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:07:44.109 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:07:44.109 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:07:44.109 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:07:44.109 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:07:44.109 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:07:44.109 vminfo PID=1212: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=1212: C:\WINDOWS\system32\userinit.exe 00:07:44.109 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:07:44.109 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673 00:07:44.109 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:07:44.109 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:07:44.109 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:07:44.109 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:07:44.109 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:07:44.109 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:07:44.109 vminfo PID=3480: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3480: C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 00:07:44.109 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:07:44.109 vminfo PID=1324: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=1324: C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\agent.exe 00:07:44.109 vminfo PID=3516: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3516: C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe 00:07:44.109 vminfo PID=3160: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3160: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe 00:07:44.109 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:07:44.109 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:07:44.109 vminfo PID=3588: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3588: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 00:07:44.109 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:07:44.109 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:07:44.109 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:07:44.109 vminfo Session 0 has 17 processes total 00:07:44.109 vminfo Adding new user=Admin (session 0) with 17 processes 00:07:44.109 vminfo Handling session 1 00:07:44.109 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:07:44.109 vminfo Handling session 2 00:07:44.125 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:44.125 vminfo Handling session 3 00:07:44.125 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:44.125 vminfo Handling session 4 00:07:44.125 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:07:44.125 vminfo Handling session 5 00:07:44.125 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:07:44.125 vminfo Found 1 unique logged-in user(s) 00:07:44.125 vminfo User Admin has 17 processes (session 0) 00:07:44.125 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS 00:07:50.234 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:46.724000000Z (MinAdjust: 200 ms) 00:07:50.234 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:46.834033100Z => -110 033 100 ns drift 00:07:50.234 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:07:54.141 vminfo Found 6 sessions 00:07:54.141 vminfo Handling session 0 00:07:54.141 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:07:54.141 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:07:54.156 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:07:54.156 vminfo Account User=Admin, WTSConnectState=0 (4) 00:07:54.156 vminfo Account User=Admin using TCS/RDP, state=0 00:07:54.156 vminfo Account User=Admin is logged in 00:07:54.156 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:07:54.156 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:07:54.156 vminfo Error: Unable to open process with PID=0, error=87 00:07:54.156 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=580: \SystemRoot\System32\smss.exe 00:07:54.156 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:07:54.156 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:07:54.156 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:07:54.156 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:07:54.156 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:07:54.156 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:07:54.156 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:07:54.156 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:07:54.156 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:07:54.156 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:07:54.156 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:07:54.156 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:07:54.156 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:07:54.156 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:07:54.156 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:07:54.156 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:07:54.156 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:07:54.156 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:07:54.156 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:07:54.156 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:07:54.156 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:07:54.172 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:07:54.172 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:07:54.172 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:07:54.172 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:07:54.172 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:07:54.172 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:07:54.172 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:07:54.172 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:07:54.172 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:07:54.172 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:07:54.172 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:07:54.172 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:07:54.172 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:07:54.172 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:07:54.172 vminfo PID=1212: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=1212: C:\WINDOWS\system32\userinit.exe 00:07:54.172 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:07:54.172 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673 00:07:54.172 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:07:54.172 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:07:54.172 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:07:54.172 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:07:54.172 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:07:54.172 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:07:54.172 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:07:54.172 vminfo PID=3160: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3160: D:\Adobe\Acrobat 9.0\Acrobat\AcroDist.exe 00:07:54.172 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:07:54.172 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:07:54.172 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:07:54.172 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:07:54.172 vminfo PID=2676: (Interactive: true ) 0:351673 <-> 0:351673 00:07:54.172 vminfo PID=2676: C:\WINDOWS\regedit.exe 00:07:54.172 vminfo Session 0 has 14 processes total 00:07:54.172 vminfo Adding new user=Admin (session 0) with 14 processes 00:07:54.172 vminfo Handling session 1 00:07:54.172 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:07:54.172 vminfo Handling session 2 00:07:54.172 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:07:54.172 vminfo Handling session 3 00:07:54.172 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:07:54.172 vminfo Handling session 4 00:07:54.172 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:07:54.172 vminfo Handling session 5 00:07:54.172 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:07:54.172 vminfo Found 1 unique logged-in user(s) 00:07:54.172 vminfo User Admin has 14 processes (session 0) 00:07:54.172 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS 00:08:00.109 pagesharing VBoxServicePageSharingWorkerProcess: enabled=0 00:08:00.234 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:45:56.724000000Z (MinAdjust: 200 ms) 00:08:00.234 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:45:56.834033100Z => -110 033 100 ns drift 00:08:00.234 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:08:04.188 vminfo Found 6 sessions 00:08:04.188 vminfo Handling session 0 00:08:04.188 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:08:04.188 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:08:04.203 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:08:04.203 vminfo Account User=Admin, WTSConnectState=0 (4) 00:08:04.203 vminfo Account User=Admin using TCS/RDP, state=0 00:08:04.203 vminfo Account User=Admin is logged in 00:08:04.203 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:08:04.203 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:08:04.203 vminfo Error: Unable to open process with PID=0, error=87 00:08:04.203 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=580: \SystemRoot\System32\smss.exe 00:08:04.203 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:08:04.203 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:08:04.203 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:08:04.203 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:08:04.203 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:08:04.203 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:08:04.203 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:08:04.203 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:08:04.203 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:08:04.203 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:08:04.203 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:08:04.203 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:08:04.203 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:08:04.203 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:08:04.203 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:08:04.203 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:08:04.203 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:08:04.203 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:08:04.203 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:08:04.203 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:08:04.203 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:08:04.203 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:08:04.203 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:08:04.203 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:08:04.203 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:08:04.203 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:08:04.203 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:08:04.219 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:08:04.219 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:08:04.219 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:08:04.219 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:08:04.219 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:08:04.219 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:08:04.219 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:08:04.219 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:08:04.219 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:08:04.219 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:08:04.219 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:08:04.219 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:08:04.219 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:08:04.219 vminfo PID=1212: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=1212: C:\WINDOWS\system32\userinit.exe 00:08:04.219 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:08:04.219 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673 00:08:04.219 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:08:04.219 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:08:04.219 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:08:04.219 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:08:04.219 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:08:04.219 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:08:04.219 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:08:04.219 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:08:04.219 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:08:04.219 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:08:04.219 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:08:04.219 vminfo PID=2676: (Interactive: true ) 0:351673 <-> 0:351673 00:08:04.219 vminfo PID=2676: C:\WINDOWS\regedit.exe 00:08:04.219 vminfo Session 0 has 13 processes total 00:08:04.219 vminfo Adding new user=Admin (session 0) with 13 processes 00:08:04.219 vminfo Handling session 1 00:08:04.219 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:08:04.219 vminfo Handling session 2 00:08:04.219 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:08:04.219 vminfo Handling session 3 00:08:04.219 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:08:04.219 vminfo Handling session 4 00:08:04.219 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:08:04.219 vminfo Handling session 5 00:08:04.219 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:08:04.219 vminfo Found 1 unique logged-in user(s) 00:08:04.219 vminfo User Admin has 13 processes (session 0) 00:08:04.219 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS 00:08:10.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:06.724000000Z (MinAdjust: 200 ms) 00:08:10.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:06.849658100Z => -125 658 100 ns drift 00:08:10.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:08:14.234 vminfo Found 6 sessions 00:08:14.234 vminfo Handling session 0 00:08:14.234 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:08:14.234 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:08:14.234 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:08:14.234 vminfo Account User=Admin, WTSConnectState=0 (4) 00:08:14.234 vminfo Account User=Admin using TCS/RDP, state=0 00:08:14.234 vminfo Account User=Admin is logged in 00:08:14.234 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:08:14.234 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:08:14.234 vminfo Error: Unable to open process with PID=0, error=87 00:08:14.234 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:08:14.234 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:08:14.234 vminfo PID=580: \SystemRoot\System32\smss.exe 00:08:14.234 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:08:14.234 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:08:14.234 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:08:14.234 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:08:14.234 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:08:14.234 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:08:14.234 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:08:14.234 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:08:14.234 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:08:14.234 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:08:14.234 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:08:14.250 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:08:14.250 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:08:14.250 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:08:14.250 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:08:14.250 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:08:14.250 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:08:14.250 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:08:14.250 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:08:14.250 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:08:14.250 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:08:14.250 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:08:14.250 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:08:14.250 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:08:14.250 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:08:14.250 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:08:14.250 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:08:14.250 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:08:14.250 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:08:14.250 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:08:14.250 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:08:14.250 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:08:14.250 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:08:14.250 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:08:14.250 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:08:14.250 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:08:14.250 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:08:14.250 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:08:14.250 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:08:14.250 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:08:14.250 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673 00:08:14.250 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:08:14.250 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:08:14.250 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:08:14.250 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:08:14.250 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:08:14.250 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:08:14.250 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:08:14.250 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.250 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:08:14.250 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.266 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:08:14.266 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.266 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:08:14.266 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:08:14.266 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:08:14.266 vminfo Session 0 has 11 processes total 00:08:14.266 vminfo Adding new user=Admin (session 0) with 11 processes 00:08:14.266 vminfo Handling session 1 00:08:14.266 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:08:14.266 vminfo Handling session 2 00:08:14.266 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:08:14.266 vminfo Handling session 3 00:08:14.266 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:08:14.266 vminfo Handling session 4 00:08:14.266 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:08:14.266 vminfo Handling session 5 00:08:14.266 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:08:14.266 vminfo Found 1 unique logged-in user(s) 00:08:14.266 vminfo User Admin has 11 processes (session 0) 00:08:14.266 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS 00:08:20.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:16.724000000Z (MinAdjust: 200 ms) 00:08:20.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:16.849658100Z => -125 658 100 ns drift 00:08:20.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:08:24.266 vminfo Found 6 sessions 00:08:24.266 vminfo Handling session 0 00:08:24.266 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:08:24.266 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:08:24.281 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:08:24.281 vminfo Account User=Admin, WTSConnectState=0 (4) 00:08:24.281 vminfo Account User=Admin using TCS/RDP, state=0 00:08:24.281 vminfo Account User=Admin is logged in 00:08:24.281 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:08:24.281 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:08:24.281 vminfo Error: Unable to open process with PID=0, error=87 00:08:24.281 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=580: \SystemRoot\System32\smss.exe 00:08:24.281 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:08:24.281 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:08:24.281 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:08:24.281 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:08:24.281 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:08:24.281 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:08:24.281 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:08:24.281 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:08:24.281 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:08:24.281 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:08:24.281 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:08:24.281 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:08:24.281 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:08:24.281 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:08:24.281 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:08:24.281 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:08:24.281 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:08:24.281 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:08:24.281 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:08:24.281 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:08:24.281 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:08:24.281 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:08:24.281 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:08:24.281 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:08:24.281 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:08:24.281 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:08:24.281 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:08:24.281 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:08:24.281 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:08:24.281 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:08:24.281 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:08:24.297 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:08:24.297 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:08:24.297 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:08:24.297 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:08:24.297 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:08:24.297 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:08:24.297 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673 00:08:24.297 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:08:24.297 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:08:24.297 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:08:24.297 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:08:24.297 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:08:24.297 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:08:24.297 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:08:24.297 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:08:24.297 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:08:24.297 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:08:24.297 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:08:24.297 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673 00:08:24.297 vminfo PID=824: C:\WINDOWS\system32\cmd.exe 00:08:24.297 vminfo Session 0 has 12 processes total 00:08:24.297 vminfo Adding new user=Admin (session 0) with 12 processes 00:08:24.297 vminfo Handling session 1 00:08:24.297 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:08:24.297 vminfo Handling session 2 00:08:24.297 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:08:24.297 vminfo Handling session 3 00:08:24.297 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:08:24.297 vminfo Handling session 4 00:08:24.297 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:08:24.297 vminfo Handling session 5 00:08:24.297 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:08:24.297 vminfo Found 1 unique logged-in user(s) 00:08:24.297 vminfo User Admin has 12 processes (session 0) 00:08:24.297 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS 00:08:30.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:26.724000000Z (MinAdjust: 200 ms) 00:08:30.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:26.849658100Z => -125 658 100 ns drift 00:08:30.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:08:34.297 vminfo Found 6 sessions 00:08:34.297 vminfo Handling session 0 00:08:34.297 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:08:34.297 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:08:34.313 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:08:34.313 vminfo Account User=Admin, WTSConnectState=0 (4) 00:08:34.313 vminfo Account User=Admin using TCS/RDP, state=0 00:08:34.313 vminfo Account User=Admin is logged in 00:08:34.313 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:08:34.313 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:08:34.313 vminfo Error: Unable to open process with PID=0, error=87 00:08:34.313 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=580: \SystemRoot\System32\smss.exe 00:08:34.313 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:08:34.313 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:08:34.313 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:08:34.313 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:08:34.313 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:08:34.313 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:08:34.313 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:08:34.313 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:08:34.313 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:08:34.313 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:08:34.313 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:08:34.313 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:08:34.313 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:08:34.313 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:08:34.313 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:08:34.313 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:08:34.313 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:08:34.313 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:08:34.313 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:08:34.313 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:08:34.313 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:08:34.313 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:08:34.313 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:08:34.313 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:08:34.313 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:08:34.313 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:08:34.313 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:08:34.313 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:08:34.313 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:08:34.313 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:08:34.313 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:08:34.328 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:08:34.328 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:08:34.328 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:08:34.328 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:08:34.328 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:08:34.328 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:08:34.328 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673 00:08:34.328 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:08:34.328 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:08:34.328 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:08:34.328 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:08:34.328 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:08:34.328 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:08:34.328 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:08:34.328 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:08:34.328 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:08:34.328 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:08:34.328 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:08:34.328 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673 00:08:34.328 vminfo PID=824: C:\WINDOWS\system32\cmd.exe 00:08:34.328 vminfo Session 0 has 12 processes total 00:08:34.328 vminfo Adding new user=Admin (session 0) with 12 processes 00:08:34.328 vminfo Handling session 1 00:08:34.328 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:08:34.328 vminfo Handling session 2 00:08:34.328 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:08:34.328 vminfo Handling session 3 00:08:34.328 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:08:34.328 vminfo Handling session 4 00:08:34.328 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:08:34.328 vminfo Handling session 5 00:08:34.328 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:08:34.328 vminfo Found 1 unique logged-in user(s) 00:08:34.328 vminfo User Admin has 12 processes (session 0) 00:08:34.328 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS 00:08:40.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:36.724000000Z (MinAdjust: 200 ms) 00:08:40.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:36.849658100Z => -125 658 100 ns drift 00:08:40.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:08:44.328 vminfo Found 6 sessions 00:08:44.328 vminfo Handling session 0 00:08:44.328 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:08:44.328 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:08:44.344 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:08:44.344 vminfo Account User=Admin, WTSConnectState=0 (4) 00:08:44.344 vminfo Account User=Admin using TCS/RDP, state=0 00:08:44.344 vminfo Account User=Admin is logged in 00:08:44.344 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:08:44.344 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:08:44.344 vminfo Error: Unable to open process with PID=0, error=87 00:08:44.344 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=580: \SystemRoot\System32\smss.exe 00:08:44.344 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:08:44.344 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:08:44.344 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:08:44.344 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:08:44.344 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:08:44.344 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:08:44.344 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:08:44.344 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:08:44.344 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:08:44.344 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:08:44.344 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:08:44.344 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:08:44.344 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:08:44.344 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:08:44.344 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:08:44.344 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:08:44.344 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:08:44.344 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:08:44.344 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:08:44.344 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:08:44.344 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:08:44.344 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:08:44.344 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:08:44.344 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:08:44.344 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:08:44.359 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:08:44.359 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:08:44.359 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:08:44.359 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:08:44.359 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:08:44.359 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:08:44.359 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:08:44.359 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:08:44.359 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:08:44.359 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:08:44.359 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:08:44.359 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:08:44.359 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:08:44.359 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:08:44.359 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:08:44.359 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:08:44.359 vminfo PID=3272: (Interactive: true ) 0:996 <-> 0:351673 00:08:44.359 vminfo PID=3272: C:\WINDOWS\system32\wbem\wmiprvse.exe 00:08:44.359 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:08:44.359 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:08:44.359 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:08:44.359 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:08:44.359 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:08:44.359 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:08:44.359 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:08:44.359 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:08:44.359 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:08:44.359 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:08:44.359 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673 00:08:44.359 vminfo PID=824: C:\WINDOWS\system32\cmd.exe 00:08:44.359 vminfo Session 0 has 12 processes total 00:08:44.359 vminfo Adding new user=Admin (session 0) with 12 processes 00:08:44.359 vminfo Handling session 1 00:08:44.359 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:08:44.359 vminfo Handling session 2 00:08:44.359 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:08:44.359 vminfo Handling session 3 00:08:44.359 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:08:44.359 vminfo Handling session 4 00:08:44.359 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:08:44.359 vminfo Handling session 5 00:08:44.359 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:08:44.359 vminfo Found 1 unique logged-in user(s) 00:08:44.359 vminfo User Admin has 12 processes (session 0) 00:08:44.359 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS 00:08:50.250 timesync VBoxServiceTimeSyncWorker: Host: 2012-08-31T21:46:46.725000000Z (MinAdjust: 200 ms) 00:08:50.250 timesync VBoxServiceTimeSyncWorker: Guest: - 2012-08-31T21:46:46.849658100Z => -124 658 100 ns drift 00:08:50.250 timesync VBoxServiceTimeSyncCancelAdjust: Windows Time Adjustment is now disabled. 00:08:54.375 vminfo Found 6 sessions 00:08:54.375 vminfo Handling session 0 00:08:54.375 vminfo Session data: Name=Admin, Session=0, LogonID=0,351673, LogonType=2 00:08:54.375 vminfo Session LogonType=2 is supported -- looking up SID + type ... 00:08:54.391 vminfo Account User=Admin, Session=0, LogonID=0,351673, AuthPkg=NTLM, Domain=SMA-STATION14W 00:08:54.391 vminfo Account User=Admin, WTSConnectState=0 (4) 00:08:54.391 vminfo Account User=Admin using TCS/RDP, state=0 00:08:54.391 vminfo Account User=Admin is logged in 00:08:54.391 vminfo Handling user=Admin, domain=SMA-STATION14W, package=NTLM 00:08:54.391 vminfo PID=0: (Interactive: false) 0:0 <-> 0:351673 00:08:54.391 vminfo Error: Unable to open process with PID=0, error=87 00:08:54.391 vminfo PID=4: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=580: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=580: \SystemRoot\System32\smss.exe 00:08:54.391 vminfo PID=628: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=628: \??\C:\WINDOWS\system32\csrss.exe 00:08:54.391 vminfo PID=652: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=652: \??\C:\WINDOWS\system32\winlogon.exe 00:08:54.391 vminfo PID=696: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=696: C:\WINDOWS\system32\services.exe 00:08:54.391 vminfo PID=708: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=708: C:\WINDOWS\system32\lsass.exe 00:08:54.391 vminfo PID=888: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=888: C:\WINDOWS\system32\VBoxService.exe 00:08:54.391 vminfo PID=932: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=932: C:\WINDOWS\system32\svchost.exe 00:08:54.391 vminfo PID=1008: (Interactive: true ) 0:996 <-> 0:351673 00:08:54.391 vminfo PID=1008: C:\WINDOWS\system32\svchost.exe 00:08:54.391 vminfo PID=1140: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=1140: C:\WINDOWS\System32\svchost.exe 00:08:54.391 vminfo PID=1236: (Interactive: true ) 0:996 <-> 0:351673 00:08:54.391 vminfo PID=1236: C:\WINDOWS\system32\svchost.exe 00:08:54.391 vminfo PID=1368: (Interactive: true ) 0:997 <-> 0:351673 00:08:54.391 vminfo PID=1368: C:\WINDOWS\system32\svchost.exe 00:08:54.391 vminfo PID=1480: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=1480: C:\WINDOWS\system32\spoolsv.exe 00:08:54.391 vminfo PID=1596: (Interactive: true ) 0:997 <-> 0:351673 00:08:54.391 vminfo PID=1596: C:\WINDOWS\system32\svchost.exe 00:08:54.391 vminfo PID=1636: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=1636: C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 00:08:54.391 vminfo PID=1652: (Interactive: false) 0:999 <-> 0:351673 00:08:54.391 vminfo PID=1652: C:\Program Files\Bonjour\mDNSResponder.exe 00:08:54.391 vminfo PID=1684: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=1684: C:\WINDOWS\system32\nfsclnt.exe 00:08:54.406 vminfo PID=176: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=176: C:\WINDOWS\system32\IProsetMonitor.exe 00:08:54.406 vminfo PID=192: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=192: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe 00:08:54.406 vminfo PID=252: (Interactive: true ) 0:997 <-> 0:351673 00:08:54.406 vminfo PID=252: C:\WINDOWS\System32\svchost.exe 00:08:54.406 vminfo PID=408: (Interactive: true ) 0:997 <-> 0:351673 00:08:54.406 vminfo PID=408: C:\WINDOWS\System32\svchost.exe 00:08:54.406 vminfo PID=444: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=444: C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 00:08:54.406 vminfo PID=604: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=604: C:\WINDOWS\system32\svchost.exe 00:08:54.406 vminfo PID=780: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=780: d:\Synology\Assistant\UsbClientService.exe 00:08:54.406 vminfo PID=948: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=948: C:\Program Files\WinZip System Utilities Suite\WINZIPSSDefragSrv.exe 00:08:54.406 vminfo PID=1100: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=1100: D:\sfu\Mapper\mapsvc.exe 00:08:54.406 vminfo PID=1388: (Interactive: true ) 0:997 <-> 0:351673 00:08:54.406 vminfo PID=1388: C:\WINDOWS\System32\alg.exe 00:08:54.406 vminfo PID=2580: (Interactive: false) 0:999 <-> 0:351673 00:08:54.406 vminfo PID=2580: C:\Program Files\iPod\bin\iPodService.exe 00:08:54.406 vminfo PID=3240: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3240: C:\WINDOWS\Explorer.EXE 00:08:54.406 vminfo PID=3368: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3368: D:\adobe\reader-9\Reader\Reader_sl.exe 00:08:54.406 vminfo PID=3392: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3392: C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe 00:08:54.406 vminfo PID=3408: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3408: D:\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe 00:08:54.406 vminfo PID=3416: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3416: D:\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe 00:08:54.406 vminfo PID=3424: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3424: C:\WINDOWS\system32\VBoxTray.exe 00:08:54.406 vminfo PID=3180: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3180: C:\Program Files\Common Files\Java\Java Update\jusched.exe 00:08:54.406 vminfo PID=3520: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3520: D:\iTunes\iTunesHelper.exe 00:08:54.406 vminfo PID=3560: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3560: C:\WINDOWS\system32\ctfmon.exe 00:08:54.406 vminfo PID=3596: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3596: D:\canon\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe 00:08:54.406 vminfo PID=3604: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=3604: D:\WinZip\WZQKPICK32.EXE 00:08:54.406 vminfo PID=824: (Interactive: true ) 0:351673 <-> 0:351673 00:08:54.406 vminfo PID=824: C:\WINDOWS\system32\cmd.exe 00:08:54.406 vminfo Session 0 has 12 processes total 00:08:54.406 vminfo Adding new user=Admin (session 0) with 12 processes 00:08:54.406 vminfo Handling session 1 00:08:54.406 vminfo Session data: Name=ANONYMOUS LOGON, Session=0, LogonID=0,65775, LogonType=3 00:08:54.406 vminfo Handling session 2 00:08:54.406 vminfo Session data: Name=LOCAL SERVICE, Session=0, LogonID=0,997, LogonType=5 00:08:54.406 vminfo Handling session 3 00:08:54.406 vminfo Session data: Name=NETWORK SERVICE, Session=0, LogonID=0,996, LogonType=5 00:08:54.406 vminfo Handling session 4 00:08:54.406 vminfo Session data: Name=, Session=0, LogonID=0,35834, LogonType=0 00:08:54.406 vminfo Handling session 5 00:08:54.406 vminfo Session data: Name=SMA-STATION14W$, Session=0, LogonID=0,999, LogonType=0 00:08:54.406 vminfo Found 1 unique logged-in user(s) 00:08:54.406 vminfo User Admin has 12 processes (session 0) 00:08:54.406 vminfo cUsersInList: 1, pszUserList: Admin, rc=VINF_SUCCESS