Symantec Debug File created: 2017-11-24T02:50:29.1060000Z Previous files = 0 "C:\Program Files\Symantec\Symantec System Recovery\Utility\SmeDump.exe" PID (11388) Base Build Number: DevBuild Base Build Date: Jun 17 2016 18:20:40 OsVersion: Generation: Microsoft Windows 7 Flavor: Windows Flavor Unknown OsArchitecture: 64-bit operating system KernelType: Windows NT ProcessorArchitecture: x64 (EM64T/AMD64) VersionNumber: 6.1.7601 ServicePackVersionNumber: 1.0.0 KernelVersionNumber: 0.0.0 Path: file:///C:/Windows/ ComputerName: L-014545-D Features: Execute64BitBinaries Execute32BitPrograms Hibernate MultipleMonitors NT4FTVolumes DynamicDisk NtfsLonghorn Fat32 CPU: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz (If cpu speed is specified, it is rated speed, which may not be current speed) CPU Vendor: GenuineIntel CPU Signature: 000506e3 CPU Features: bfebfbff Hyperthreads/core: 8 Cores/Package: 1 Logical procs/pkg: 8 Number of packages: 1 NX bit supported: Yes x64 Capable: Yes Supports HW Virtualization: Yes Virtual Addr Bits: 48 Physical Addr Bits: 39 OS CPU Count: 8 Processor Mask: 00000000000000ff Min App Addr: 0000000000010000 Max App Addr: 000007FFFFFEFFFF Page Size: 4096 Memory Usage: 17% Total Physical: 65430 MB Avail Physical: 54021 MB Total Page: 65428 MB Avail Page: 53148 MB Total Virtual: 8388607 MB Avail Virtual: 8388530 MB Avail Extended: 0 MB Sme Build Date: Jun 17 2016 BuildNumbers: Sme: DevBuild Base: DevBuild FTPAccessor: DevBuild OstAccessor: DevBuild LdmDatabase: DevBuild PqiFile: DevBuild Raptor: 55337 RetargetSystem: DevBuild SectorBuffer: DevBuild SmeKernelModeUtility: 42478 SymTrack: DevBuild VirtualDisk: DevBuild ================================================================= * 2017-11-24T02:50:23.5190000Z Main Thread(12256) ---------------------------------------------------------------------------------------------------- Starting Application Debug Log * 2017-11-24T02:50:23.5730000Z Main Thread(12256) Context: PROCESS : ERR Cpu.cpp(242) Function: CPU::QueryCpuInfo mSystemCPUs(8) should be a multiple of mLogicalProcessorsPerPackage(16) * 2017-11-24T02:50:23.5770000Z DumpDebug(11860) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:23.5780000Z VdsLoader(7364) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:24.7550000Z Main Thread(12256) Context: SME : INFO SmeCommon.cpp(488) Function: SmeCommon::Initialize !--+============================== Starting Engine Initialization ================================== * 2017-11-24T02:50:24.7640000Z Main Thread(12256) Context: SME : INFO WindowsComputer.cpp(2299) Function: WindowsComputer::DetectBootFirmwareType Setting the system boot type to UEFI or BIOS * 2017-11-24T02:50:24.7730000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(173) Function: WMISession::Connect Connected to \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.7960000Z Main Thread(12256) Context: SME : INFO WindowsVolume.cpp(707) Function: WindowsVolume::IsVolumeBitLocked ProtectionStatus for volume \\?\Volume{4b7982ec-4340-4245-b97c-6198853772df}\ is :0 * 2017-11-24T02:50:24.7960000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(182) Function: WMISession::Disconnect Disconnected from \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.8070000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(173) Function: WMISession::Connect Connected to \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.8120000Z Main Thread(12256) Context: SME : INFO WindowsVolume.cpp(707) Function: WindowsVolume::IsVolumeBitLocked ProtectionStatus for volume \\?\Volume{ed944a7d-4ccd-49f4-b34d-4f28a16fc239}\ is :0 * 2017-11-24T02:50:24.8130000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(182) Function: WMISession::Disconnect Disconnected from \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.8220000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(173) Function: WMISession::Connect Connected to \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.8260000Z Main Thread(12256) Context: SME : INFO WindowsVolume.cpp(707) Function: WindowsVolume::IsVolumeBitLocked ProtectionStatus for volume \\?\Volume{f8b91389-7641-11e7-a487-806e6f6e6963}\ is :0 * 2017-11-24T02:50:24.8260000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(182) Function: WMISession::Disconnect Disconnected from \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.8350000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(173) Function: WMISession::Connect Connected to \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.8410000Z Main Thread(12256) Context: SME : INFO WindowsVolume.cpp(707) Function: WindowsVolume::IsVolumeBitLocked ProtectionStatus for volume \\?\Volume{f8b9138a-7641-11e7-a487-806e6f6e6963}\ is :0 * 2017-11-24T02:50:24.8420000Z Main Thread(12256) Context: BASE : INFO WMISession.cpp(182) Function: WMISession::Disconnect Disconnected from \\.\root\CIMV2\Security\MicrosoftVolumeEncryption * 2017-11-24T02:50:24.8590000Z Main Thread(12256) Windows Mount Point Map -------------------------------- [DRIVE_FIXED ] C:\ --> \\?\Volume{4b7982ec-4340-4245-b97c-6198853772df}\ --> [DRIVE_FIXED ] D:\ --> \\?\Volume{f8b91389-7641-11e7-a487-806e6f6e6963}\ --> [DRIVE_FIXED ] E:\ --> \\?\Volume{f8b9138a-7641-11e7-a487-806e6f6e6963}\ --> [DRIVE_FIXED ] F:\ --> \\?\Volume{ed944a7d-4ccd-49f4-b34d-4f28a16fc239}\ --> * 2017-11-24T02:50:24.8640000Z Main Thread(12256) Context: DEVICE : INFO WindowsDeviceDiscovery.cpp(577) Function: WindowsDeviceDiscovery::QueryDisks Detected machine type as: 1 * 2017-11-24T02:50:24.8590000Z Main Thread(12256) Context: DEVICE : INFO WindowsDeviceDiscovery.cpp(543) Function: WindowsDeviceDiscovery::QueryDisks -------------------------------- Initializing Windows VDS Interface -------------------------------- Disk Name: \\?\PhysicalDrive0 Address: Port0Path0Target0Lun0 Friendly Name: Samsung SSD SCSI Disk Device Adaptor Name: Intel(R) 100 Series/C230 Chipset Family SATA AHCI Controller Device Path: \\?\scsi#disk&ven_samsung&prod_ssd#4&24e59c0&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} VDS Guid: 89f08c3f-409e-4b78-b796-7f0a74b00eb2 Status: Online Reserve Mode: VDS_LRM_NONE Health: VDS_H_HEALTHY Device Type: FILE_DEVICE_DISK Media Type: FixedMedia Size: 500107862016 Bytes Per Sector: 512 Sectors Per Track: 63 Tracks Per Cylinder: 255 Flags: 20864 Bus Type: Unknown (11) Partition Style: VDS_PST_GPT Disk Guid: 6d852db1-f692-430b-b68e-ac8ddd6fb356 Disk Name: \\?\PhysicalDrive1 Address: Port0Path0Target3Lun0 Friendly Name: Samsung SSD SCSI Disk Device Adaptor Name: Intel(R) 100 Series/C230 Chipset Family SATA AHCI Controller Device Path: \\?\scsi#disk&ven_samsung&prod_ssd#4&24e59c0&0&000300#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} VDS Guid: ed06b8e0-4a67-4670-9c4f-7de069f27ed9 Status: Online Reserve Mode: VDS_LRM_NONE Health: VDS_H_HEALTHY Device Type: FILE_DEVICE_DISK Media Type: FixedMedia Size: 1000204886016 Bytes Per Sector: 512 Sectors Per Track: 63 Tracks Per Cylinder: 255 Flags: 4096 Bus Type: Unknown (11) Partition Style: VDS_PST_GPT Disk Guid: 80fb3ca3-7530-480e-a183-2a6f62c0c5bf Disk Name: \\?\PhysicalDrive2 Address: Port0Path0Target4Lun0 Friendly Name: INTEL SSDSCKKF240H6L SCSI Disk Device Adaptor Name: Intel(R) 100 Series/C230 Chipset Family SATA AHCI Controller Device Path: \\?\scsi#disk&ven_intel&prod_ssdsckkf240h6l#4&24e59c0&0&000400#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} VDS Guid: 8031b2ca-e38b-4420-8e1d-90befd0f66b9 Status: Online Reserve Mode: VDS_LRM_NONE Health: VDS_H_HEALTHY Device Type: FILE_DEVICE_DISK Media Type: FixedMedia Size: 240057409536 Bytes Per Sector: 512 Sectors Per Track: 63 Tracks Per Cylinder: 255 Flags: 4096 Bus Type: Unknown (11) Partition Style: VDS_PST_MBR Signature: BC7FB052 ------------------------------- Uninitializing Windows VDS Interface ------------------------------- * 2017-11-24T02:50:26.0010000Z CollectQueryData(PhyDrv0)(10912) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:26.0020000Z CollectQueryData(PhyDrv_Total)(2524) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:26.0030000Z Main Thread(12256) Device constructor: unique id: Sg000089A8 name: \\.\PhysicalDrive0 * 2017-11-24T02:50:26.0030000Z ThrottleRunner(5992) Context: PROCESS : THREAD New Thread is running at priority 2 * 2017-11-24T02:50:26.0050000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(1204) Function: WindowsDevice::CheckKernelDeviceName The kernel device name for \\.\PhysicalDrive0 is \Device\Harddisk0\DR0. * 2017-11-24T02:50:26.0060000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(2818) Function: WindowsDevice::SendATACommand2000 IOCTL_SCSI_RESCAN_BUS call to device \\.\PhysicalDrive0 failed (Not a SCSI device). * 2017-11-24T02:50:26.0070000Z Main Thread(12256) Context: DEVICE : INFO Device.cpp(817) Function: Device::GetIdentifyDeviceInfo IDENTIFY DEVICE - sending ATA_COMMAND_IDENTIFY failed on \\.\PhysicalDrive0 (Not an ATA device). * 2017-11-24T02:50:26.0030000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(779) Function: WindowsDevice::GetDeviceCharacteristics ----------------------------- Entering GetDeviceCharacteristics(v1.5) ------------------------------ GetDriveGeometry succeeded for \\.\PhysicalDrive0. Cyls: 60801 Hds: 255 Scts: 63 BPS: 512 BPPS: 512. Media Type: Fixed. Bus Type: SATA. Calling DeviceIoControl(IOCTL_DISK_GET_PARTITION_INFO). IOCTL_DISK_GET_PARTITION_INFO returned 976773168 sector(s). maxSectorCount is now 976773168 sector(s). Calling DeviceIoControl (IOCTL_SCSI_GET_ADDRESS). Found serial number from calling GetSmartDriveData: S33DNX0J505478Z. Location: IDE Primary Master. Calling CanChangeDeviceAddressableSectors. Model Name: Samsung SSD 850 EVO M.2 500GB of device \\.\PhysicalDrive0. The NT Drive Signature for \\.\PhysicalDrive0 is 35240. Creating a media for \\.\PhysicalDrive0, with 35240 as the NT Drive Signature. --------------------------------- Leaving GetDeviceCharacteristics --------------------------------- * 2017-11-24T02:50:26.0120000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(3052) Function: WindowsDevice::CheckGoBackEnabled GoBack is not active on device \\.\PhysicalDrive0 * 2017-11-24T02:50:26.0140000Z Main Thread(12256) Context: SME : INFO MbrRegion.cpp(3951) Function: MbrRegion::GetDriveLayout After Direct GetDriveLayout Disk : 0 Sector : 0 NT Signature : 000089A8 # Type Boot SCyl SHead SSector ECyl EHead ESector Sector Before Sector Count - ---- ---- ------------------ ------------------ ------------- ------------ 0 EE 00 0 0 2 1023 255 63 1 4294967295 1 00 00 0 0 0 0 0 0 0 0 2 00 00 0 0 0 0 0 0 0 0 3 00 00 0 0 0 0 0 0 0 0 * 2017-11-24T02:50:26.0150000Z Main Thread(12256) Context: SME : INFO WindowsDriveLayout.cpp(183) Function: WindowsComputer::GetDriveLayout After GetDriveLayout DriveLayout for drive: 6D852DB1 PartitionStyle : GPT PartitionCount : 3 DiskId : 6d852db1-f692-430b-b68e-ac8ddd6fb356 StartingUsableOffset : 4400 UsableLength : 7470BFDA00 MaxPartitionCount : 80 Part StartingOffset PartitionLength PartitionTypeGuid UniquePartitionGuid Attributes Name ---- ----------------- ------------------ ------------------------------------ ------------------------------------ ---------------- ---------------------------- 1 100000 6400000 c12a7328-f81f-11d2-ba4b-00a0c93ec93b f5410e23-f73d-45e9-8ea7-16ccb88d7e5e 8000000000000000 EFI system partition 2 6500000 8000000 e3c9e316-0b5c-4db8-817d-f92df00215ae 253081f2-1767-4b74-8e60-9dece2195c91 8000000000000000 Microsoft reserved partition 3 E500000 7380000000 ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 4b7982ec-4340-4245-b97c-6198853772df 0 Basic data partition * 2017-11-24T02:50:26.0160000Z Main Thread(12256) Context: SME : INFO RegionFactory.cpp(90) Function: RegionFactory::Instantiate Region for SME~Computer~Sg000089A8~M000089A8 is SME~Computer~Sg000089A8~M000089A8~M000089A8Region-0 * 2017-11-24T02:50:26.0230000Z Main Thread(12256) Device constructor: unique id: Sg0000E1E5 name: \\.\PhysicalDrive1 * 2017-11-24T02:50:26.0230000Z CollectQueryData(PhyDrv1)(10304) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:26.0240000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(1204) Function: WindowsDevice::CheckKernelDeviceName The kernel device name for \\.\PhysicalDrive1 is \Device\Harddisk1\DR1. * 2017-11-24T02:50:26.0240000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(2818) Function: WindowsDevice::SendATACommand2000 IOCTL_SCSI_RESCAN_BUS call to device \\.\PhysicalDrive1 failed (Not a SCSI device). * 2017-11-24T02:50:26.0250000Z Main Thread(12256) Context: DEVICE : INFO Device.cpp(817) Function: Device::GetIdentifyDeviceInfo IDENTIFY DEVICE - sending ATA_COMMAND_IDENTIFY failed on \\.\PhysicalDrive1 (Not an ATA device). * 2017-11-24T02:50:26.0230000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(779) Function: WindowsDevice::GetDeviceCharacteristics ----------------------------- Entering GetDeviceCharacteristics(v1.5) ------------------------------ GetDriveGeometry succeeded for \\.\PhysicalDrive1. Cyls: 121601 Hds: 255 Scts: 63 BPS: 512 BPPS: 512. Media Type: Fixed. Bus Type: SATA. Calling DeviceIoControl(IOCTL_DISK_GET_PARTITION_INFO). IOCTL_DISK_GET_PARTITION_INFO returned 1953525168 sector(s). maxSectorCount is now 1953525168 sector(s). Calling DeviceIoControl (IOCTL_SCSI_GET_ADDRESS). Found serial number from calling GetSmartDriveData: S2RENX0J608654B. Location: IDE Primary Slave. Calling CanChangeDeviceAddressableSectors. Model Name: Samsung SSD 850 EVO 1TB of device \\.\PhysicalDrive1. The NT Drive Signature for \\.\PhysicalDrive1 is 57829. Creating a media for \\.\PhysicalDrive1, with 57829 as the NT Drive Signature. --------------------------------- Leaving GetDeviceCharacteristics --------------------------------- * 2017-11-24T02:50:26.0270000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(3052) Function: WindowsDevice::CheckGoBackEnabled GoBack is not active on device \\.\PhysicalDrive1 * 2017-11-24T02:50:26.0280000Z Main Thread(12256) Context: SME : INFO MbrRegion.cpp(3951) Function: MbrRegion::GetDriveLayout After Direct GetDriveLayout Disk : 1 Sector : 0 NT Signature : 0000E1E5 # Type Boot SCyl SHead SSector ECyl EHead ESector Sector Before Sector Count - ---- ---- ------------------ ------------------ ------------- ------------ 0 EE 00 0 0 2 1023 255 63 1 4294967295 1 00 00 0 0 0 0 0 0 0 0 2 00 00 0 0 0 0 0 0 0 0 3 00 00 0 0 0 0 0 0 0 0 * 2017-11-24T02:50:26.0280000Z Main Thread(12256) Context: SME : INFO WindowsDriveLayout.cpp(183) Function: WindowsComputer::GetDriveLayout After GetDriveLayout DriveLayout for drive: 80FB3CA3 PartitionStyle : GPT PartitionCount : 2 DiskId : 80fb3ca3-7530-480e-a183-2a6f62c0c5bf StartingUsableOffset : 4400 UsableLength : E8E0DADA00 MaxPartitionCount : 80 Part StartingOffset PartitionLength PartitionTypeGuid UniquePartitionGuid Attributes Name ---- ----------------- ------------------ ------------------------------------ ------------------------------------ ---------------- ---------------------------- 1 4400 8000000 e3c9e316-0b5c-4db8-817d-f92df00215ae 1c2414fc-bf21-43b7-8f1f-329c4cad4021 0 Microsoft reserved partition 2 8100000 E800000000 ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 ed944a7d-4ccd-49f4-b34d-4f28a16fc239 0 Basic data partition * 2017-11-24T02:50:26.0290000Z Main Thread(12256) Context: SME : INFO RegionFactory.cpp(90) Function: RegionFactory::Instantiate Region for SME~Computer~Sg0000E1E5~M0000E1E5 is SME~Computer~Sg0000E1E5~M0000E1E5~M0000E1E5Region-0 * 2017-11-24T02:50:26.0330000Z Main Thread(12256) Device constructor: unique id: SgBC7FB052 name: \\.\PhysicalDrive2 * 2017-11-24T02:50:26.0330000Z CollectQueryData(PhyDrv2)(2804) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:26.0340000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(1204) Function: WindowsDevice::CheckKernelDeviceName The kernel device name for \\.\PhysicalDrive2 is \Device\Harddisk2\DR2. * 2017-11-24T02:50:26.0350000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(2818) Function: WindowsDevice::SendATACommand2000 IOCTL_SCSI_RESCAN_BUS call to device \\.\PhysicalDrive2 failed (Not a SCSI device). * 2017-11-24T02:50:26.0350000Z Main Thread(12256) Context: DEVICE : INFO Device.cpp(817) Function: Device::GetIdentifyDeviceInfo IDENTIFY DEVICE - sending ATA_COMMAND_IDENTIFY failed on \\.\PhysicalDrive2 (Not an ATA device). * 2017-11-24T02:50:26.0330000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(779) Function: WindowsDevice::GetDeviceCharacteristics ----------------------------- Entering GetDeviceCharacteristics(v1.5) ------------------------------ GetDriveGeometry succeeded for \\.\PhysicalDrive2. Cyls: 29185 Hds: 255 Scts: 63 BPS: 512 BPPS: 512. Media Type: Fixed. Bus Type: SATA. Calling DeviceIoControl(IOCTL_DISK_GET_PARTITION_INFO). IOCTL_DISK_GET_PARTITION_INFO returned 468862128 sector(s). maxSectorCount is now 468862128 sector(s). Calling DeviceIoControl (IOCTL_SCSI_GET_ADDRESS). Found serial number from calling GetSmartDriveData: CVLY71100017240D. Location: IDE Primary Slave. Calling CanChangeDeviceAddressableSectors. Model Name: INTEL SSDSCKKF240H6L of device \\.\PhysicalDrive2. The NT Drive Signature for \\.\PhysicalDrive2 is 3162484818. Creating a media for \\.\PhysicalDrive2, with 3162484818 as the NT Drive Signature. --------------------------------- Leaving GetDeviceCharacteristics --------------------------------- * 2017-11-24T02:50:26.0370000Z Main Thread(12256) Context: DEVICE : INFO WindowsDevice.cpp(3052) Function: WindowsDevice::CheckGoBackEnabled GoBack is not active on device \\.\PhysicalDrive2 * 2017-11-24T02:50:26.0420000Z Main Thread(12256) Context: SME : INFO MbrRegion.cpp(3951) Function: MbrRegion::GetDriveLayout After Direct GetDriveLayout Disk : 2 Sector : 0 NT Signature : BC7FB052 # Type Boot SCyl SHead SSector ECyl EHead ESector Sector Before Sector Count - ---- ---- ------------------ ------------------ ------------- ------------ 0 07 80 0 32 33 12 223 19 2048 204800 1 07 00 12 223 20 1023 254 63 206848 461373440 2 00 00 0 0 0 0 0 0 0 0 3 00 00 0 0 0 0 0 0 0 0 * 2017-11-24T02:50:26.0430000Z Main Thread(12256) Context: SME : INFO WindowsDriveLayout.cpp(183) Function: WindowsComputer::GetDriveLayout After GetDriveLayout DriveLayout for drive: BC7FB052 PartitionStyle : MBR PartitionCount : 4 Part StartingOffset PartitionLength PN PT BI Recgnz HidSects ---- ----------------- ------------------ -- -- -- ------ -------- 0 100000 6400000 1 7 1 1 800 1 6500000 3700000000 2 7 0 1 32800 2 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 * 2017-11-24T02:50:26.0430000Z Main Thread(12256) Context: SME : INFO RegionFactory.cpp(90) Function: RegionFactory::Instantiate Region for SME~Computer~SgBC7FB052~MBC7FB052 is SME~Computer~SgBC7FB052~MBC7FB052~MBC7FB052Region-0 * 2017-11-24T02:50:26.0430000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(282) Function: Volume::Volume Creating VM000089A8Region-0-1 in BgM000089A8Region-0 from disk 0 * 2017-11-24T02:50:26.0450000Z Main Thread(12256) Context: RESULT_CLASS : RESULT NtfsFileSystem.cpp(545) Function: NtfsFileSystem::InitImplementationObject Error SME_ERROR_NO_NTFS_FILESYSTEM (E0BB01A3): No recognizable NTFS file system found. (UMI:V-*-187-419) * 2017-11-24T02:50:26.0450000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0450000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0450000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0450000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0490000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(391) Function: Volume::Volume Finished creating VM000089A8Region-0-1 in BgM000089A8Region-0 from disk 0 * 2017-11-24T02:50:26.0490000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(282) Function: Volume::Volume Creating VM000089A8Region-0-2 in BgM000089A8Region-0 from disk 0 * 2017-11-24T02:50:26.0500000Z Main Thread(12256) Context: RESULT_CLASS : RESULT NtfsFileSystem.cpp(545) Function: NtfsFileSystem::InitImplementationObject Error SME_ERROR_NO_NTFS_FILESYSTEM (E0BB01A3): No recognizable NTFS file system found. (UMI:V-*-187-419) * 2017-11-24T02:50:26.0500000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0500000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0510000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0510000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.0560000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.0560000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.0570000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(391) Function: Volume::Volume Finished creating VM000089A8Region-0-2 in BgM000089A8Region-0 from disk 0 * 2017-11-24T02:50:26.0570000Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(352) Function: WindowsVolumeHandle::GetHandle WindowsVolume: \\?\Volume{4b7982ec-4340-4245-b97c-6198853772df} opened with handle 00000000000004FC * 2017-11-24T02:50:26.0570000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(282) Function: Volume::Volume Creating VM000089A8Region-0-3 in BgM000089A8Region-0 from disk 0 * 2017-11-24T02:50:26.3920000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(391) Function: Volume::Volume Finished creating VM000089A8Region-0-3 in BgM000089A8Region-0 from disk 0 * 2017-11-24T02:50:26.3920000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(282) Function: Volume::Volume Creating VM0000E1E5Region-0-1 in BgM0000E1E5Region-0 from disk 1 * 2017-11-24T02:50:26.3950000Z Main Thread(12256) Context: RESULT_CLASS : RESULT NtfsFileSystem.cpp(545) Function: NtfsFileSystem::InitImplementationObject Error SME_ERROR_NO_NTFS_FILESYSTEM (E0BB01A3): No recognizable NTFS file system found. (UMI:V-*-187-419) * 2017-11-24T02:50:26.3960000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.3960000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.3960000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.3960000Z Main Thread(12256) Context: RESULT_CLASS : RESULT Error ERROR_ERRORS_EXIST (EBAB0005): Errors exist. (UMI:V-*-2987-5) * 2017-11-24T02:50:26.4020000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.4020000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.4020000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(391) Function: Volume::Volume Finished creating VM0000E1E5Region-0-1 in BgM0000E1E5Region-0 from disk 1 * 2017-11-24T02:50:26.4030000Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(352) Function: WindowsVolumeHandle::GetHandle WindowsVolume: \\?\Volume{ed944a7d-4ccd-49f4-b34d-4f28a16fc239} opened with handle 0000000000000500 * 2017-11-24T02:50:26.4030000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(282) Function: Volume::Volume Creating VM0000E1E5Region-0-2 in BgM0000E1E5Region-0 from disk 1 * 2017-11-24T02:50:26.4150000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(391) Function: Volume::Volume Finished creating VM0000E1E5Region-0-2 in BgM0000E1E5Region-0 from disk 1 * 2017-11-24T02:50:26.4160000Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(352) Function: WindowsVolumeHandle::GetHandle WindowsVolume: \\?\Volume{f8b91389-7641-11e7-a487-806e6f6e6963} opened with handle 0000000000000504 * 2017-11-24T02:50:26.4160000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(282) Function: Volume::Volume Creating VMBC7FB052Region-0-1 in BgMBC7FB052Region-0 from disk 2 * 2017-11-24T02:50:26.4180000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(391) Function: Volume::Volume Finished creating VMBC7FB052Region-0-1 in BgMBC7FB052Region-0 from disk 2 * 2017-11-24T02:50:26.4180000Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(352) Function: WindowsVolumeHandle::GetHandle WindowsVolume: \\?\Volume{f8b9138a-7641-11e7-a487-806e6f6e6963} opened with handle 0000000000000508 * 2017-11-24T02:50:26.4180000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(282) Function: Volume::Volume Creating VMBC7FB052Region-0-2 in BgMBC7FB052Region-0 from disk 2 * 2017-11-24T02:50:26.4300000Z Main Thread(12256) Context: VOLUME_MGT : INFO Volume.cpp(391) Function: Volume::Volume Finished creating VMBC7FB052Region-0-2 in BgMBC7FB052Region-0 from disk 2 * 2017-11-24T02:50:26.4550000Z CollectQueryData(LogDrv_Total)(10940) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:26.4560000Z CollectQueryData(LogDrvE:)(10364) Context: PROCESS : THREAD New Thread is running at priority 0 * 2017-11-24T02:50:26.4610000Z CollectQueryData(LogDrvE:)(10364) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:26.4610000Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(724) Function: BaseProcess::WaitForThread Waiting for thread "CollectQueryData(LogDrvE:)(10364)" to exit * 2017-11-24T02:50:26.4610000Z CollectQueryData(LogDrv_Total)(10940) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:26.4610000Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(724) Function: BaseProcess::WaitForThread Waiting for thread "CollectQueryData(LogDrv_Total)(10940)" to exit * 2017-11-24T02:50:26.4620000Z Main Thread(12256) Context: BASE : INFO OsVersion.cpp(2012) Function: OsVersion::TestForWindows Loading registry hive file:///E:/Windows/System32/config/SYSTEM * 2017-11-24T02:50:26.4720000Z Main Thread(12256) Context: BASE : INFO OsVersion.cpp(2196) Function: OsVersion::TestForWindows LoadHive ():Loading registry hive file:///E:/Windows/System32/config/SECURITY * 2017-11-24T02:50:26.4770000Z Main Thread(12256) Context: BASE : INFO OsVersion.cpp(2637) Function: OsVersion::GetExchangeInfo LoadHive ():Loading registry hive file:///E:/Windows/System32/config/SOFTWARE * 2017-11-24T02:50:26.5530000Z Main Thread(12256) Context: SME : INFO SmeCommon.cpp(506) Function: SmeCommon::Initialize --------------------------------------- DiscoRoot Initialize --------------------------------------- * 2017-11-24T02:50:26.5580000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5580000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5630000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5630000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5680000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5680000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5730000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5730000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5780000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5780000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5830000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5830000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5880000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5880000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5940000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00001). * 2017-11-24T02:50:26.5940000Z Main Thread(12256) Context: BASE : INFO MacAddress.cpp(106) Function: `anonymous-namespace'::IPHelperGetMacAddresses Ignoring a vmware MAC address (005056C00008). * 2017-11-24T02:50:26.5940000Z Main Thread(12256) Context: TIMING : INFO SmeCommon::Initialize (Pre-Apply) Result: Success. CPU Speed: 2592MHz TimingData App Total : 1 3.108 Section Total : 1 3.108 Path::LinkFileAccessor : 269 0.023 0.000084 Path::GetString ... Segmentize : 59 0.000 0.000000 Path::GetString : 223 0.000 0.000001 OSFileAccessor::Parse : 466 0.019 0.000040 OSFileAccessor::NormalizeOsPath : 62 0.007 0.000117 GetOnDiskPathName : 62 0.003 0.000047 LocallyMappedPathToUNCPath : 62 0.002 0.000038 OSFileAccessor::IsRemovableMedia : 62 0.011 0.000175 Computer Initialization : 1 1.589 Init All Devices : 1 1.184 Init Windows Devices : 1 1.184 ThrottledObject:\\.\PhysicalDrive0 : 41 0.000 0.000000 Init Windows device \\.\PhysicalDrive0 : 1 0.013 ThrottleRunner : 6 0.000 0.000001 SB Cache Init : 9 0.000 0.000001 SB Cache Read : 7 0.003 0.000394 NT SP:PhyDrv0:Read : 38 0.009 0.000228 ThrottledObject:\\.\PhysicalDrive1 : 13 0.000 0.000000 Init Windows device \\.\PhysicalDrive1 : 1 0.006 SB Cache Init : 4 0.000 0.000001 SB Cache Read : 3 0.001 0.000305 NT SP:PhyDrv1:Read : 10 0.004 0.000386 ThrottledObject:\\.\PhysicalDrive2 : 3 0.000 0.000000 Init Windows device \\.\PhysicalDrive2 : 1 0.010 SB Cache Init : 6 0.000 0.000001 SB Cache Read : 3 0.004 0.001332 Init all diskgroups : 1 0.387 Init Dynamic diskgroups : 1 0.000 IsLdm(M000089A8Region-0) : 1 0.000 IsLdm(M0000E1E5Region-0) : 1 0.000 IsLdm(MBC7FB052Region-0) : 1 0.000 Init BasicDiskGroup BgM000089A8Region-0 : 1 0.349 SB User Read : 72 0.006 0.000081 SB Cache Init : 84 0.000 0.000001 SB Cache Read : 24 0.006 0.000261 Bitmap::Constructor : 46 0.000 0.000000 Bitmap::Destructor : 4 0.000 0.000003 Bitmap::Destroy : 8 0.000 0.000002 Bitmap::Init : 4 0.000 0.000007 Bitmap::Create : 4 0.000 0.000006 Bitmap::Close : 8 0.000 0.000001 Bitmap::Set : 5 0.000 0.000002 Bitmap::Clear : 2 0.000 0.000016 Bitmap::GetPrevSet : 1 0.000 Bitmap::Operator= : 4 0.000 0.000008 Init Volume VM000089A8Region-0-1 : 1 0.006 FSFactory::Create(1) BasicDiskVolume-M000089A8Region-0-1 : 1 0.005 DG::GenerateMetaData BasicDiskVolume-M000089A8Region-0-1 : 1 0.000 SB User Read : 11 0.001 0.000076 SB Cache Init : 19 0.000 0.000000 SB Cache Read : 10 0.001 0.000123 Init Volume VM000089A8Region-0-2 : 1 0.008 FSFactory::Create(1) BasicDiskVolume-M000089A8Region-0-2 : 1 0.007 DG::GenerateMetaData BasicDiskVolume-M000089A8Region-0-2 : 1 0.000 Init Volume VM000089A8Region-0-3 : 1 0.334 VolumeSP \\?\Volume{4b7982ec-4340-4245-b97c-6198853772df}:Read: 5 0.334 0.066822 SB Cache Init : 6 0.000 0.000001 SB Cache Read : 5 0.334 0.066822 FSFactory::Create(1) BasicDiskVolume-M000089A8Region-0-3 : 1 0.000 DG::GenerateMetaData BasicDiskVolume-M000089A8Region-0-3 : 1 0.000 Init BasicDiskGroup BgM0000E1E5Region-0 : 1 0.024 SB User Read : 11 0.001 0.000069 SB Cache Init : 19 0.000 0.000001 SB Cache Read : 10 0.004 0.000387 Init Volume VM0000E1E5Region-0-1 : 1 0.011 FSFactory::Create(1) BasicDiskVolume-M0000E1E5Region-0-1 : 1 0.007 DG::GenerateMetaData BasicDiskVolume-M0000E1E5Region-0-1 : 1 0.000 Init Volume VM0000E1E5Region-0-2 : 1 0.013 VolumeSP \\?\Volume{ed944a7d-4ccd-49f4-b34d-4f28a16fc239}:Read: 5 0.015 0.002977 SB Cache Init : 6 0.000 0.000001 SB Cache Read : 5 0.015 0.002977 FSFactory::Create(1) BasicDiskVolume-M0000E1E5Region-0-2 : 1 0.000 DG::GenerateMetaData BasicDiskVolume-M0000E1E5Region-0-2 : 1 0.000 Init BasicDiskGroup BgMBC7FB052Region-0 : 1 0.015 Init Volume VMBC7FB052Region-0-1 : 1 0.002 VolumeSP \\?\Volume{f8b91389-7641-11e7-a487-806e6f6e6963}:Read: 5 0.003 0.000610 SB Cache Init : 6 0.000 0.000000 SB Cache Read : 5 0.003 0.000610 FSFactory::Create(1) BasicDiskVolume-MBC7FB052Region-0-1 : 1 0.000 DG::GenerateMetaData BasicDiskVolume-MBC7FB052Region-0-1 : 1 0.000 Init Volume VMBC7FB052Region-0-2 : 1 0.012 VolumeSP \\?\Volume{f8b9138a-7641-11e7-a487-806e6f6e6963}:Read: 5 0.012 0.002337 SB Cache Init : 6 0.000 0.000001 SB Cache Read : 5 0.012 0.002337 FSFactory::Create(1) BasicDiskVolume-MBC7FB052Region-0-2 : 1 0.000 DG::GenerateMetaData BasicDiskVolume-MBC7FB052Region-0-2 : 1 0.000 Enumerate Snapshot Devices : 1 0.017 Init InstalledSoftwares : 1 0.104 File Open: fstab : 1 0.000 File Open: fstab : 1 0.000 File Open: fstab : 1 0.000 File Open: fstab : 1 0.000 File Open: OS: kernel32.dll : 1 0.002 File Read: OS: kernel32.dll : 18 0.003 0.000194 File Close: OS: kernel32.dll : 1 0.000 ThrottledObject:LogicalDriveE: : 18 0.000 0.000000 File Open: OS: SYSTEM : 1 0.000 File Read: OS: SYSTEM : 187 0.009 0.000046 File Close: OS: SYSTEM : 1 0.000 File Open: OS: SECURITY : 1 0.001 File Read: OS: SECURITY : 23 0.003 0.000145 File Close: OS: SECURITY : 1 0.000 File Open: OS: SOFTWARE : 1 0.000 File Read: OS: SOFTWARE : 15 0.003 0.000189 File Close: OS: SOFTWARE : 1 0.000 sme init : 1 0.041 AccumulatorData -------------------------------- Bytes Read: OS: kernel32.dll: 18 1163264 64625.78 Bytes Read: OS: SYSTEM : 187 21828 116.73 Bytes Read: OS: SECURITY : 23 1276 55.48 Bytes Read: OS: SOFTWARE : 15 4700 313.33 * 2017-11-24T02:50:26.5950000Z Main Thread(12256) Context: SME : INFO Partition Info: Computer: L-014545-D DiskGroup: SME~Computer~BgM000089A8Region-0 (Basic): 466 GB DL A L FileSys Label Clust FS Size FS Used DN StartSector EndSector PT Layout Rep FS Serial Number Segment Name Volume Name === = = ======= ==================== ===== ======= ======= == ============= ============= == ======== === ==================== ========================= ========================= P 1007 KB 0 34 2048 SM000089A8Region-0-4 - P FAT32 1024 100 MB 21.9 MB 0 2048 206848 00 Simple 3599259990 SM000089A8Region-0-1 VM000089A8Region-0-1 - P NONE 128 MB 0 206848 468992 00 Simple SM000089A8Region-0-2 VM000089A8Region-0-2 C: P NTFS 4096 462 GB 409 GB 0 468992 969353216 00 Simple 2525617495 SM000089A8Region-0-3 VM000089A8Region-0-3 P 3.54 GB 0 969353216 976773135 SM000089A8Region-0-5 DiskGroup: SME~Computer~BgM0000E1E5Region-0 (Basic): 932 GB DL A L FileSys Label Clust FS Size FS Used DN StartSector EndSector PT Layout Rep FS Serial Number Segment Name Volume Name === = = ======= ==================== ===== ======= ======= == ============= ============= == ======== === ==================== ========================= ========================= - P NONE 128 MB 1 34 262178 00 Simple SM0000E1E5Region-0-1 VM0000E1E5Region-0-1 P 1007 KB 1 262178 264192 SM0000E1E5Region-0-3 F: P NTFS F_Drive 4096 928 GB 402 GB 1 264192 1946421248 00 Simple 1118351050 SM0000E1E5Region-0-2 VM0000E1E5Region-0-2 P 3.39 GB 1 1946421248 1953525135 SM0000E1E5Region-0-4 DiskGroup: SME~Computer~BgMBC7FB052Region-0 (Basic): 224 GB DL A L FileSys Label Clust FS Size FS Used DN StartSector EndSector PT Layout Rep FS Serial Number Segment Name Volume Name === = = ======= ==================== ===== ======= ======= == ============= ============= == ======== === ==================== ========================= ========================= D: A P NTFS System Reserved 4096 100 MB 22.4 MB 2 2048 206848 07 Simple 3729626399 SMBC7FB052Region-0-1 VMBC7FB052Region-0-1 E: P NTFS SymSOE 4096 220 GB 138 GB 2 206848 461580288 07 Simple 3629261615 SMBC7FB052Region-0-2 VMBC7FB052Region-0-2 P 3.47 GB 2 461580288 468862128 SMBC7FB052Region-0-3 Installed Software: Installed OS : Microsoft Windows 7 : SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-3~Fs1/Windows/ Installed OS : Microsoft Windows 7 : SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-2~Fs1/Windows/ Boot Manager : EFI Boot Manager : NVRAM-VM000089A8Region-0-1 Boot Manager : Vista Boot Manager : SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-1~Fs1/Boot/BCD Known Threads: CollectQueryData(PhyDrv_Total)(2524) CollectQueryData(PhyDrv2)(2804) ThrottleRunner(5992) VdsLoader(7364) CollectQueryData(PhyDrv1)(10304) CollectQueryData(LogDrvE:)(10364) Success. CollectQueryData(PhyDrv0)(10912) CollectQueryData(LogDrv_Total)(10940) Success. DumpDebug(11860) Main Thread(12256) * 2017-11-24T02:50:26.5940000Z Main Thread(12256) Context: SME : INFO SmeCommon.cpp(174) Function: DumpSystem ================================ Object Mappings - ObjectId/Generic ================================ Computer: /Computer#0 SME~Computer Device: /Computer#0/Device#0 SME~Computer~Sg000089A8 Media: /Computer#0/Device#0/Media#0 SME~Computer~Sg000089A8~M000089A8 Region (GPT): /Computer#0/Device#0/Media#0/Region#0 SME~Computer~Sg000089A8~M000089A8~M000089A8Region-0 Partition: /Computer#0/Device#0/Media#0/Region#0/Partition#0 SME~Computer~Sg000089A8~M000089A8~M000089A8Region-0~P2048 Partition: /Computer#0/Device#0/Media#0/Region#0/Partition#1 SME~Computer~Sg000089A8~M000089A8~M000089A8Region-0~P206848 Partition: /Computer#0/Device#0/Media#0/Region#0/Partition#2 SME~Computer~Sg000089A8~M000089A8~M000089A8Region-0~P468992 Device: /Computer#0/Device#1 SME~Computer~Sg0000E1E5 Media: /Computer#0/Device#1/Media#0 SME~Computer~Sg0000E1E5~M0000E1E5 Region (GPT): /Computer#0/Device#1/Media#0/Region#0 SME~Computer~Sg0000E1E5~M0000E1E5~M0000E1E5Region-0 Partition: /Computer#0/Device#1/Media#0/Region#0/Partition#0 SME~Computer~Sg0000E1E5~M0000E1E5~M0000E1E5Region-0~P34 Partition: /Computer#0/Device#1/Media#0/Region#0/Partition#1 SME~Computer~Sg0000E1E5~M0000E1E5~M0000E1E5Region-0~P264192 Device: /Computer#0/Device#2 SME~Computer~SgBC7FB052 Media: /Computer#0/Device#2/Media#0 SME~Computer~SgBC7FB052~MBC7FB052 Region (MBR): /Computer#0/Device#2/Media#0/Region#0 SME~Computer~SgBC7FB052~MBC7FB052~MBC7FB052Region-0 Partition: /Computer#0/Device#2/Media#0/Region#0/Partition#0 SME~Computer~SgBC7FB052~MBC7FB052~MBC7FB052Region-0~P2048 Partition: /Computer#0/Device#2/Media#0/Region#0/Partition#1 SME~Computer~SgBC7FB052~MBC7FB052~MBC7FB052Region-0~P206848 Disk Group (Basic): /Computer#0/Disk Group#0 SME~Computer~BgM000089A8Region-0 Segment: /Computer#0/Disk Group#0/Segment#0 SME~Computer~BgM000089A8Region-0~SM000089A8Region-0-4 Segment: /Computer#0/Disk Group#0/Segment#1 SME~Computer~BgM000089A8Region-0~SM000089A8Region-0-1 Segment: /Computer#0/Disk Group#0/Segment#2 SME~Computer~BgM000089A8Region-0~SM000089A8Region-0-2 Segment: /Computer#0/Disk Group#0/Segment#3 SME~Computer~BgM000089A8Region-0~SM000089A8Region-0-3 Segment: /Computer#0/Disk Group#0/Segment#4 SME~Computer~BgM000089A8Region-0~SM000089A8Region-0-5 Volume: /Computer#0/Disk Group#0/Volume#0 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-1 Volume Replicant: /Computer#0/Disk Group#0/Volume#0/Volume Replicant#0 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-1~R1 File System (FAT32): /Computer#0/Disk Group#0/Volume#0/File System#0 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-1~Fs1 Volume: /Computer#0/Disk Group#0/Volume#1 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-2 Volume Replicant: /Computer#0/Disk Group#0/Volume#1/Volume Replicant#0 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-2~R1 Volume: /Computer#0/Disk Group#0/Volume#2 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-3 Volume Replicant: /Computer#0/Disk Group#0/Volume#2/Volume Replicant#0 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-3~R1 File System (NTFS): /Computer#0/Disk Group#0/Volume#2/File System#0 SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-3~Fs1 Disk Group (Basic): /Computer#0/Disk Group#1 SME~Computer~BgM0000E1E5Region-0 Segment: /Computer#0/Disk Group#1/Segment#0 SME~Computer~BgM0000E1E5Region-0~SM0000E1E5Region-0-1 Segment: /Computer#0/Disk Group#1/Segment#1 SME~Computer~BgM0000E1E5Region-0~SM0000E1E5Region-0-3 Segment: /Computer#0/Disk Group#1/Segment#2 SME~Computer~BgM0000E1E5Region-0~SM0000E1E5Region-0-2 Segment: /Computer#0/Disk Group#1/Segment#3 SME~Computer~BgM0000E1E5Region-0~SM0000E1E5Region-0-4 Volume: /Computer#0/Disk Group#1/Volume#0 SME~Computer~BgM0000E1E5Region-0~VM0000E1E5Region-0-1 Volume Replicant: /Computer#0/Disk Group#1/Volume#0/Volume Replicant#0 SME~Computer~BgM0000E1E5Region-0~VM0000E1E5Region-0-1~R1 Volume: /Computer#0/Disk Group#1/Volume#1 SME~Computer~BgM0000E1E5Region-0~VM0000E1E5Region-0-2 Volume Replicant: /Computer#0/Disk Group#1/Volume#1/Volume Replicant#0 SME~Computer~BgM0000E1E5Region-0~VM0000E1E5Region-0-2~R1 File System (NTFS): /Computer#0/Disk Group#1/Volume#1/File System#0 SME~Computer~BgM0000E1E5Region-0~VM0000E1E5Region-0-2~Fs1 Disk Group (Basic): /Computer#0/Disk Group#2 SME~Computer~BgMBC7FB052Region-0 Segment: /Computer#0/Disk Group#2/Segment#0 SME~Computer~BgMBC7FB052Region-0~SMBC7FB052Region-0-1 Segment: /Computer#0/Disk Group#2/Segment#1 SME~Computer~BgMBC7FB052Region-0~SMBC7FB052Region-0-2 Segment: /Computer#0/Disk Group#2/Segment#2 SME~Computer~BgMBC7FB052Region-0~SMBC7FB052Region-0-3 Volume: /Computer#0/Disk Group#2/Volume#0 SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-1 Volume Replicant: /Computer#0/Disk Group#2/Volume#0/Volume Replicant#0 SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-1~R1 File System (NTFS): /Computer#0/Disk Group#2/Volume#0/File System#0 SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-1~Fs1 Volume: /Computer#0/Disk Group#2/Volume#1 SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-2 Volume Replicant: /Computer#0/Disk Group#2/Volume#1/Volume Replicant#0 SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-2~R1 File System (NTFS): /Computer#0/Disk Group#2/Volume#1/File System#0 SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-2~Fs1 Installed Software (Installed OS): /Computer#0/Installed Software#0 SME~Computer~IsInstalledOS-MicrosoftWindows7-SME~Computer~BgM000089A8Region-0~VM000089A8Region-0-3~Fs1/Windows/ Installed Software (Installed OS): /Computer#0/Installed Software#1 SME~Computer~IsInstalledOS-MicrosoftWindows7-SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-2~Fs1/Windows/ Installed Software (Boot Manager): /Computer#0/Installed Software#2 SME~Computer~IsBootManager-EFIBootManager-NVRAM-VM000089A8Region-0-1 Installed Software (Boot Manager): /Computer#0/Installed Software#3 SME~Computer~IsBootManager-VistaBootManager-SME~Computer~BgMBC7FB052Region-0~VMBC7FB052Region-0-1~Fs1/Boot/BCD * 2017-11-24T02:50:26.5950000Z Main Thread(12256) Context: SME : INFO SmeCommon.cpp(539) Function: SmeCommon::Initialize !--------------------------------- Finished Engine Initialization ---------------------------------- * 2017-11-24T02:50:29.0500083Z VdsLoader(7364) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:29.0500000Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(815) Function: BaseProcess::WaitForThread Waiting for thread "VdsLoader(7364)" to exit * 2017-11-24T02:50:29.0503859Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(762) Function: BaseProcess::WaitForThread Waiting for thread "DumpDebug(11860)" to exit with timeout 1000 * 2017-11-24T02:50:29.0504163Z DumpDebug(11860) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:29.0509388Z Main Thread(12256) Context: SECTOR_BUFFER : INFO WindowsVolumeHandle.cpp(328) Function: WindowsVolumeHandle::ClosePlatformHandle WindowsVolumeHandle::CloseWin32Handle(00000000000004FC) succeeded * 2017-11-24T02:50:29.0509679Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(108) Function: WindowsVolumeHandle::~WindowsVolumeHandle WindowsVolumeHandle: \\?\Volume{4b7982ec-4340-4245-b97c-6198853772df} closed * 2017-11-24T02:50:29.0510060Z Main Thread(12256) Context: SECTOR_BUFFER : INFO WindowsVolumeHandle.cpp(328) Function: WindowsVolumeHandle::ClosePlatformHandle WindowsVolumeHandle::CloseWin32Handle(0000000000000500) succeeded * 2017-11-24T02:50:29.0510251Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(108) Function: WindowsVolumeHandle::~WindowsVolumeHandle WindowsVolumeHandle: \\?\Volume{ed944a7d-4ccd-49f4-b34d-4f28a16fc239} closed * 2017-11-24T02:50:29.0510581Z Main Thread(12256) Context: SECTOR_BUFFER : INFO WindowsVolumeHandle.cpp(328) Function: WindowsVolumeHandle::ClosePlatformHandle WindowsVolumeHandle::CloseWin32Handle(0000000000000504) succeeded * 2017-11-24T02:50:29.0510780Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(108) Function: WindowsVolumeHandle::~WindowsVolumeHandle WindowsVolumeHandle: \\?\Volume{f8b91389-7641-11e7-a487-806e6f6e6963} closed * 2017-11-24T02:50:29.0511100Z Main Thread(12256) Context: SECTOR_BUFFER : INFO WindowsVolumeHandle.cpp(328) Function: WindowsVolumeHandle::ClosePlatformHandle WindowsVolumeHandle::CloseWin32Handle(0000000000000508) succeeded * 2017-11-24T02:50:29.0511279Z Main Thread(12256) Context: SME : INFO WindowsVolumeHandle.cpp(108) Function: WindowsVolumeHandle::~WindowsVolumeHandle WindowsVolumeHandle: \\?\Volume{f8b9138a-7641-11e7-a487-806e6f6e6963} closed * 2017-11-24T02:50:29.0516996Z Main Thread(12256) Device destructor: unique id: Sg000089A8 name: \\.\PhysicalDrive0 * 2017-11-24T02:50:29.0517629Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(724) Function: BaseProcess::WaitForThread Waiting for thread "CollectQueryData(PhyDrv0)(10912)" to exit * 2017-11-24T02:50:29.0517635Z CollectQueryData(PhyDrv0)(10912) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:29.0519228Z Main Thread(12256) Device destructor: unique id: Sg0000E1E5 name: \\.\PhysicalDrive1 * 2017-11-24T02:50:29.0519835Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(724) Function: BaseProcess::WaitForThread Waiting for thread "CollectQueryData(PhyDrv1)(10304)" to exit * 2017-11-24T02:50:29.0519825Z CollectQueryData(PhyDrv1)(10304) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:29.0521208Z Main Thread(12256) Device destructor: unique id: SgBC7FB052 name: \\.\PhysicalDrive2 * 2017-11-24T02:50:29.0521762Z CollectQueryData(PhyDrv2)(2804) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:29.0521776Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(724) Function: BaseProcess::WaitForThread Waiting for thread "CollectQueryData(PhyDrv2)(2804)" to exit * 2017-11-24T02:50:29.0522697Z CollectQueryData(PhyDrv_Total)(2524) Context: PROCESS : THREAD Thread is exiting with code 0 * 2017-11-24T02:50:29.0522727Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(724) Function: BaseProcess::WaitForThread Waiting for thread "CollectQueryData(PhyDrv_Total)(2524)" to exit * 2017-11-24T02:50:29.0524759Z Main Thread(12256) Context: PROCESS : THREAD Thread.cpp(724) Function: BaseProcess::WaitForThread Waiting for thread "ThrottleRunner(5992)" to exit * 2017-11-24T02:50:29.1021674Z ThrottleRunner(5992) Context: PROCESS : THREAD Thread is exiting with code 0