creepy fbi log?

This is a discussion on creepy fbi log? within the Inactive Malware Help Topics forums, part of the Tech Support Forum category.


 
 
Thread Tools Search this Thread
Old 04-23-2005, 10:42 PM   #1
Registered Member
 
removed1128's Avatar
 
Join Date: Apr 2005
Posts: 4
OS: XP


EEK!

hello,

this has driven me bananas - is it harmless, or sinister?

thank you all,

Jane

p.s. hope this is the right place:


[FBIState]
Start=1053052585
Finish=1053052919
ETReboots=0
ETRunTime=1843
Start_Time=18:01:44.538
Finish_Time=19:41:59.744
Start_ulTime.High=29563660
Start_ulTime.Low=195316640
Stop_ulTime.High=29563674
Stop_ulTime.Low=217834496
CurrentSection=FactoryPreinstall.WinXP32C.GLOBAL.RTR
NextSection=FactoryPreinstall.WinXP32C.GLOBAL.RTR
MergeAt=151
CMD1=CheckMachine;; FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD2=SetVar(UIA,ErrorCode,940);; FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD3=WriteUIAErrorCode;; FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD4=C:\System.sav\Scripts\Chk_Dev.BTO;FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD5=SetVar(FBITB.ProcessTools,ErrorFlagPath,C:\CTOERROR.FLG);FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD6=CheckForErrorFlag;FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD7=SetVar(FbiData,ProcessState,InMiniWindows);; FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD8=CheckForOsTransit;FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD9=SetVar(FBIData,BTOName,C:\appl.zip\FixUps);FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD10=ProcessBTOName;FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD11=C:\SYSTEM.SAV\FBI\DETECT.BTO;FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD12=C:\SYSTEM.SAV\FBI\MRGDEFS.BTO;FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD13=SetVar(FBITB.GeneralTools,SectionToClean,Description);FBI.CleanSections - C:\SYSTEM.SAV\FBI\STATE.INI
CMD14=CleanCIASection;FBI.CleanSections - C:\SYSTEM.SAV\FBI\STATE.INI
CMD15=SetVar(FBITB.GeneralTools,SectionToClean,Configuration);FBI.CleanSections - C:\SYSTEM.SAV\FBI\STATE.INI
CMD16=CleanCIASection;FBI.CleanSections - C:\SYSTEM.SAV\FBI\STATE.INI
CMD17=SetVar(FBITB.GeneralTools,SectionToClean,UIA);FBI.CleanSections - C:\SYSTEM.SAV\FBI\STATE.INI
CMD18=CleanCIASection;FBI.CleanSections - C:\SYSTEM.SAV\FBI\STATE.INI
CMD19=DetectInstallationProcess;; FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CMD20=DefineNextInitSection;; FBI.Init.General - C:\SYSTEM.SAV\FBI\STATE.INI
CurrentState=152
CMD21=ReadUIAData;; FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD22=SetVar(UIA,ErrorCode,945);FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD23=WriteUIAErrorCode;FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD24=c:\system.sav\fbi\liptool.exe /hide;FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD25=DetectOsImage;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD26=ValidateOsCVAFiles;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD27=SetupAutomation;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD28=SetupFactoryAutomation;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD29=SetupOsSelection;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD30=SetDefaultOsSelection;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD31=ShowClassMenu;FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD32=CommitOptions;FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD33=TransitLIPDir;FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD34=SetupAfterOsSelection;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD35=SetDefaultLocaleValues;; FactoryPreinstall.Prompt.ForOsSelection - C:\SYSTEM.SAV\FBI\STATE.INI
CMD36=ACPower;FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD37=C:\system.sav\scripts\SetCodePage.BTO;FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD38=C:\system.sav\scripts\Strings.BTO;FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD39=ShowActivity;FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD40=TransitNewMiniWindows1;; FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD41=TransitNewMiniWindows2;; FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD42=DefineNextProcessSection;FactoryPreinstall.Initialize - C:\SYSTEM.SAV\FBI\CUSTOM.INI
CMD43=c:\system.sav\fbi\osmove2.exe /capture;PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD44=SetVar(FBITB.FilesTools,SourceDir,C:\Global);PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD45=SetVar(FBITB.FilesTools,DestDir,C:);PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD46=TransitDir;PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD47=TransitLocaleDir;PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD48=C:\SYSTEM.SAV\FBI\RMNT4DLV.BTO;PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD49=SetVar(FBITB.FilesTools,SourceDir,C:\Winxp2k.32);PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD50=SetVar(FBITB.FilesTools,DestDir,C:);PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD51=TransitDir;PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD52=SetVar(FBITB.FilesTools,SourceDir,C:\Winxp32.ALL);PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD53=SetVar(FBITB.FilesTools,DestDir,C:);PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD54=TransitDir;PRE.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD55=SetVar(FBITB.FilesTools,SourceDir,C:\Winxp32C);FactoryPreinstall.WinXP32C.GLOBAL.RTR - C:\CSPU.DAT
CMD56=SetVar(FBITB.FilesTools,DestDir,C:);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD57=TransitDir;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD58=TransitOsFiles;; POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD59=SetVar(FbiData,ProcessState,PreOsScripts);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD60=c:\appl.zip\init\init.bto;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD61=SetVar(FBIData,BTOName,C:\appl.zip\preos.pi);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD62=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD63=SetVar(FBIData,BTOName,C:\appl.zip\preos);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD64=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD65=SetVar(FBIData,BTOName,C:\appl.zip\preos.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD66=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD67=SetupCleanupDirectories;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD68=DelOsFiles;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD69=SetVar(FbiData,ProcessState,OsSetup);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD70=SetVar(Configuration,EnableDelayStartup,1);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD71=SystemReboot;; POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD72=HookFBIToRunAgain;; POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD73=CheckForOsTransit;; POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD74=SetVar(FbiData,ProcessState,PostOsScripts);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD75=InitPostOSVars;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD76=SetVar(FBIData,BTOName,C:\appl.zip\osupdate);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD77=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD78=SetVar(FBIData,BTOName,C:\appl.zip\osupdate.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD79=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD80=SetVar(FBIData,BTOName,C:\appl.zip\drivers);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD81=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD82=SetVar(FBIData,BTOName,C:\appl.zip\drivers.eue);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD83=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD84=SetVar(FBIData,BTOName,C:\appl.zip\install.pi);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD85=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD86=SetVar(FBIData,BTOName,C:\appl.zip\install);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD87=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD88=SetVar(FBIData,BTOName,C:\appl.zip\install.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD89=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD90=SetVar(FBIData,BTOName,C:\appl.zip\install2);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD91=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD92=SetVar(FBIData,BTOName,C:\appl.zip\install2.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD93=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD94=C:\appl.zip\ie_more\ie.bto;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD95=InitPostOSVars;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD96=SetVar(FBIData,BTOName,C:\appl.zip\ie_more);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD97=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD98=SetVar(FBIData,BTOName,C:\appl.zip\ie_more.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD99=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD100=SetVar(FBIData,BTOName,C:\appl.zip\ie_more2);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD101=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD102=SetVar(FBIData,BTOName,C:\appl.zip\ie_more2.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD103=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD104=SetVar(UIA,ErrorCode,946);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD105=WriteUIAErrorCode;; POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD106=SetVar(FBIData,BTOName,C:\appl.zip\test);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD107=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD108=SetVar(FBIData,BTOName,C:\appl.zip\preclean.up);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD109=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD110=SetVar(FBIData,BTOName,C:\appl.zip\preclean.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD111=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD112=CheckForErrorFlag;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD113=SetVar(FBIData,BTOName,C:\appl.zip\custom.sav\install.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD114=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD115=c:\system.sav\fbi\regflush.exe;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD116=SetVar(FBIData,BTOName,C:\appl.zip\cleanup.pi);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD117=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD118=SetVar(FBIData,BTOName,C:\appl.zip\cleanup);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD119=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD120=SetVar(FBIData,BTOName,C:\appl.zip\cleanup.EUE);POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD121=ProcessBTOName;POST.FactoryPreinstall.Winxp32.GLOBAL.RTR - C:\CSPU.DAT
CMD122=c:\system.sav\scripts\rstoobe.bto;Winxp.Finish.NoSelect - C:\CSPU.DAT
CMD123=c:\system.sav\scripts\postrtr.bto;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD124=c:\system.sav\fbi\regflush.exe;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD125=SetVar(FbiData,ProcessState,Cleanup);FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD126=UnHookFBIToRunAgain;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD127=c:\system.sav\scripts\delwinpe.bto;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD128=SetupCleanupDirectories;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD129=DelOsFiles;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD130=DelApplZipFiles;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD131=DelGeneralFiles;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD132=DelCvaLangFiles;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD133=DelCvaInfoFiles;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD134=SetVar(GUIPBMain,Full,1);FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD135=DelMiniWindowsFiles;FactoryPreinstall.Cleanup - C:\CSPU.DAT
CMD136=SetVar(FBITB.ProcessTools,ErrorFlagPath,C:\CTOERROR.FLG);FactoryPreinstall.Done - C:\CSPU.DAT
CMD137=CheckForErrorFlag;FactoryPreinstall.Done - C:\CSPU.DAT
CMD138=HideActivity;FactoryPreinstall.Done - C:\CSPU.DAT
CMD139=setvar(GUISingleOK,BMPResID,278);FactoryPreinstall.Done - C:\CSPU.DAT
CMD140=setvar(GUISingleOK,AccelResID,179);FactoryPreinstall.Done - C:\CSPU.DAT
CMD141=setvar(GUISingleOK,NoFail,1);FactoryPreinstall.Done - C:\CSPU.DAT
CMD142=setvar(GUISingleOK,NoFail,0);FactoryPreinstall.Done - C:\CSPU.DAT
CMD143=c:\system.sav\fbi\mosproc.exe;FactoryPreinstall.Done - C:\CSPU.DAT
CMD144=SetVar(UIA,ErrorCode,947);FactoryPreinstall.Done - C:\CSPU.DAT
CMD145=WriteUIAErrorCode;; FactoryPreinstall.Done - C:\CSPU.DAT
CMD146=ActivateDiagsPartition;FactoryPreinstall.Done - C:\CSPU.DAT
CMD147=SetVar(UIA,ErrorCode,0);; FactoryPreinstall.Done - C:\CSPU.DAT
CMD148=WriteUIAErrorCode;; FactoryPreinstall.Done - C:\CSPU.DAT
CMD149=CleanEventLog;FBI.Done - C:\CSPU.DAT
CMD150=SetVar(FbiData,ProcessState,Done);FBI.Done - C:\CSPU.DAT
CMD151=Suicide;; FBI.Done - C:\CSPU.DAT

[FBIData]
ProcessState=done
StateIniVersion=1.50.12;C:\CSPU.DAT
UserID=sbacv0xpd~~0}h!r~0}bzzu0
Merged=1
btoname=c:\appl.zip\cleanup.eue
LastBTODirProcessed=
LastBTOScriptProcessed=
BtoTimeStart=0
LastBTOLineProcessed=0
InSpawnProgram=0
BtoTimeout=0
BtoTimeoutSet=0
BtoTimeoutAction=0
BtoTimeoutActionSet=0
BtoRunTime=0
EnableKBCount=0
HardRestart=0
ShuttingDown=0
RequestShutDown=0
ForceRestart=0
DelayStartup=0

[Configuration]
DisableACPI=1
UseRedwood=NO
DISPLAYERRORS=FALSE
AutomationMode=TRUE
LocalizationTable=c:\system.sav\util\130955.INI
BootAfterCleanup=FALSE
UseDescriptionOsSelection=FALSE
ActivateSDVPartition=TRUE
EnableKeyboard=FALSE
EnableRemoveableMedia=FALSE
Timeout=700
TimeoutAction=0
BtoPBDelay=1
DefBtoRunTime=90
OSImageStateDefInCVA=General,OSType
FactoryAutomationMode=TRUE
OsSelection=WINNT
enabledelaystartup=1

[Description]
CompaqLanguage=US
Username=Compaq Customer
CompanyName=Compaq Computer Corporation
OsSelection=WinXP32C
OsImagePath=c:\USWXP32C
InstallProcess=FactoryPreinstall
MultiOsVersions=0
OsVersion1=WinXP32C
CompaqLanguageAlias=US
WinXP32C=OEM
OSImageType=RTR
SRPDASHRegion=00

[FBI.Ignore.BadBoyList]
item1=DPYP.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item2=BWHIP.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item3=WNLSSUB.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item4=TASKMAN.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item5=WMIEXE.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item6=DDHELP.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item7=CONIME.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
Item8=msmsgs.exe
Item9=wmiadap.exe
Item10=factory.exe
Item11=sysprep.exe
Item12=spoolsv.exe
Item13=svchost.exe
Item14=services.exe
Item15=winlogon.exe
Item16=smss.exe
Item17=csrss.exe
Item18=idwlog.exe
Item19=explorer.exe
Item20=lsass.exe
Item21=wpabaln.exe
Item22=wuauclt.exe
Item23=wpabaln.exe
Item24=wmiadap.exe
Item25=msmsgs.exe
Item26=wuauclt.exe
Item27=SMAgent.exe
Item28=msiexec.exe
Item29=_ISDEL.exe
Item30=_INS5576._MP
Item31=msiexec.exe
Item32=wuauclt.exe
Item33=wscript.exe
Item34=HELPSVC.EXE
Item35=HelpSvc.exe
Item36=RunDLL32.exe
Item37=HPConfig.exe
Item38=MSIEXEC.EXE
Item39=Wuauclt.EXE
Item40=SynTPLpr.exe
Item41=wuauclt.exe
Item42=msiexec.exe
Item43=msiexec.exe
Item44=navapw32.exe
Item45=navapsvc.exe
Item46=ccApp.exe
Item47=ccEvtMgr.exe
Item48=rundll32.exe

[FBITB.SpawnProgram]
DeltaToLogProcessInfo=180;C:\SYSTEM.SAV\FBI\STATE.INI
DeltaToLogTimingInfo=10;C:\SYSTEM.SAV\FBI\STATE.INI
SettleTime=2;C:\SYSTEM.SAV\FBI\STATE.INI
CommandLine=c:\system.sav\fbi\mosproc.exe
NoOfEXEsInBTOProcessed=0
PreviousBTOProcessed=100
NoOfEXENotInBTO=5
NoOfTotalEXEProcessed=87
Timeout=700
TimeElasped=2

[FBITB.FilesTools]
MiniWindows_Path=C:\winmini;C:\CSPU.DAT
DoNotDeleteFiles=FALSE;C:\CSPU.DAT
UseLocaleToBuildNextSection=FALSE;C:\CSPU.DAT
RegEdit1=C:\WINMINI\REGFIX.EXE C:\WINMINI C:\SYSTEM.SAV\UTIL\INSTALL.LOG;C:\CSPU.DAT
DoNotCheckTransit=1
TranistMiniWindows=2
sourcedir=c:\winxp32c
destdir=c:

[FBITB.ProcessTools]
ErrorFlagPath=c:\ctoerror.flg
OsSystemPath=C:\minint\System32

[DeleteList.GeneralFiles]
item1=c:\RMARICLE.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item2=c:\system.sav\util\LOC95.INI;C:\SYSTEM.SAV\FBI\STATE.INI
item3=c:\system.sav\util\LOC98.INI;C:\SYSTEM.SAV\FBI\STATE.INI
item4=c:\system.sav\util\bootsec.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item5=c:\system.sav\util\cpqreg.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item6=c:\system.sav\util\mkbsdat.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item7=c:\system.sav\util\regutil.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item8=c:\system.sav\util\sect16.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item9=c:\system.sav\util\sect16.pif;C:\SYSTEM.SAV\FBI\STATE.INI
item10=c:\system.sav\util\transit.bat;C:\SYSTEM.SAV\FBI\STATE.INI
item11=c:\system.sav\util\transit.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item12=c:\system.sav\util\uiadump.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item13=c:\system.sav\util\uiadump.pif;C:\SYSTEM.SAV\FBI\STATE.INI
item14=c:\system.sav\util\bootset.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item15=c:\system.sav\util\sect32.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item16=c:\restore.log;C:\SYSTEM.SAV\FBI\STATE.INI
item17=c:\transit.trn;C:\SYSTEM.SAV\FBI\STATE.INI
item18=c:\preclean.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item19=c:\pisetup;C:\SYSTEM.SAV\FBI\STATE.INI
item20=c:\bootsec;C:\SYSTEM.SAV\FBI\STATE.INI
item21=c:\bootsec.32;C:\SYSTEM.SAV\FBI\STATE.INI
item22=c:\$win_nt$;C:\SYSTEM.SAV\FBI\STATE.INI
item23=c:\command.pif;C:\SYSTEM.SAV\FBI\STATE.INI
item24=c:\preclean.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item25=c:\pisetup;C:\SYSTEM.SAV\FBI\STATE.INI
item26=C:\GLOBAL;C:\SYSTEM.SAV\FBI\STATE.INI
item27=C:\BASE;C:\SYSTEM.SAV\FBI\STATE.INI
item28=C:\AR;C:\SYSTEM.SAV\FBI\STATE.INI
item29=C:\BR;C:\SYSTEM.SAV\FBI\STATE.INI
item30=C:\CH;C:\SYSTEM.SAV\FBI\STATE.INI
item31=C:\CS;C:\SYSTEM.SAV\FBI\STATE.INI
item32=C:\DK;C:\SYSTEM.SAV\FBI\STATE.INI
item33=C:\EB;C:\SYSTEM.SAV\FBI\STATE.INI
item34=C:\EE;C:\SYSTEM.SAV\FBI\STATE.INI
item35=C:\EG;C:\SYSTEM.SAV\FBI\STATE.INI
item36=C:\EK;C:\SYSTEM.SAV\FBI\STATE.INI
item37=C:\ER;C:\SYSTEM.SAV\FBI\STATE.INI
item38=C:\ES;C:\SYSTEM.SAV\FBI\STATE.INI
item39=C:\ET;C:\SYSTEM.SAV\FBI\STATE.INI
item40=C:\EZ;C:\SYSTEM.SAV\FBI\STATE.INI
item41=C:\FC;C:\SYSTEM.SAV\FBI\STATE.INI
item42=C:\FI;C:\SYSTEM.SAV\FBI\STATE.INI
item43=C:\FR;C:\SYSTEM.SAV\FBI\STATE.INI
item44=C:\GB;C:\SYSTEM.SAV\FBI\STATE.INI
item45=C:\GK;C:\SYSTEM.SAV\FBI\STATE.INI
item46=C:\GR;C:\SYSTEM.SAV\FBI\STATE.INI
item47=C:\HU;C:\SYSTEM.SAV\FBI\STATE.INI
item48=c:\IL;C:\SYSTEM.SAV\FBI\STATE.INI
item49=C:\IT;C:\SYSTEM.SAV\FBI\STATE.INI
item50=C:\JP;C:\SYSTEM.SAV\FBI\STATE.INI
item51=C:\KR;C:\SYSTEM.SAV\FBI\STATE.INI
item52=C:\LA;C:\SYSTEM.SAV\FBI\STATE.INI
item53=C:\NL;C:\SYSTEM.SAV\FBI\STATE.INI
item54=C:\NO;C:\SYSTEM.SAV\FBI\STATE.INI
item55=C:\PL;C:\SYSTEM.SAV\FBI\STATE.INI
item56=C:\PT;C:\SYSTEM.SAV\FBI\STATE.INI
item57=C:\RU;C:\SYSTEM.SAV\FBI\STATE.INI
item58=C:\SE;C:\SYSTEM.SAV\FBI\STATE.INI
item59=c:\SL;C:\SYSTEM.SAV\FBI\STATE.INI
item60=C:\SP;C:\SYSTEM.SAV\FBI\STATE.INI
item61=C:\TH;C:\SYSTEM.SAV\FBI\STATE.INI
item62=C:\TR;C:\SYSTEM.SAV\FBI\STATE.INI
item63=C:\TW;C:\SYSTEM.SAV\FBI\STATE.INI
item64=C:\US;C:\SYSTEM.SAV\FBI\STATE.INI
item65=c:\EA;C:\SYSTEM.SAV\FBI\STATE.INI
item66=c:\SK;C:\SYSTEM.SAV\FBI\STATE.INI
item67=c:\TZ;C:\SYSTEM.SAV\FBI\STATE.INI
item68=c:\system.sav\scripts;C:\SYSTEM.SAV\FBI\STATE.INI
item69=c:\tools;C:\SYSTEM.SAV\FBI\STATE.INI
item70=c:\System.sav\Util\Cial.exe;C:\SYSTEM.SAV\FBI\STATE.INI
item71=c:\System.sav\Util\Cial.ini;C:\SYSTEM.SAV\FBI\STATE.INI
item72=c:\boot32.w2k;C:\SYSTEM.SAV\FBI\STATE.INI
item73=c:\System.sav\Util\CPQLNCH.EXE;C:\SYSTEM.SAV\FBI\STATE.INI
item74=c:\System.sav\Util\CPQLNCH.INI;C:\SYSTEM.SAV\FBI\STATE.INI
item75=c:\WIN40;C:\SYSTEM.SAV\FBI\STATE.INI
item76=c:\WIN95;C:\SYSTEM.SAV\FBI\STATE.INI
item77=c:\WIN98;C:\SYSTEM.SAV\FBI\STATE.INI
item78=c:\NTALL;C:\SYSTEM.SAV\FBI\STATE.INI
item79=c:\WINNT;C:\SYSTEM.SAV\FBI\STATE.INI
item80=c:\NT40;C:\SYSTEM.SAV\FBI\STATE.INI
item81=c:\WIN2k;C:\SYSTEM.SAV\FBI\STATE.INI
item82=c:\system.sav\util\130955.INI;C:\SYSTEM.SAV\FBI\STATE.INI
item83=c:\WINNT\APPL.ZIP;C:\SYSTEM.SAV\FBI\STATE.INI
item84=C:\Winnt\System32\Config\AUTO;C:\SYSTEM.SAV\FBI\STATE.INI
item85=C:\ASPI8DOS.SYS;C:\SYSTEM.SAV\FBI\STATE.INI
item86=C:\ASPI8US.SYS;C:\SYSTEM.SAV\FBI\STATE.INI
item87=C:\ASPICD.SYS;C:\SYSTEM.SAV\FBI\STATE.INI
item88=C:\ASPI8U2.SYS;C:\SYSTEM.SAV\FBI\STATE.INI
item89=c:\GK98;C:\SYSTEM.SAV\FBI\STATE.INI
item90=c:\EE95;C:\SYSTEM.SAV\FBI\STATE.INI
item91=c:\EG95;C:\SYSTEM.SAV\FBI\STATE.INI
item92=c:\GK95;C:\SYSTEM.SAV\FBI\STATE.INI
item93=C:\ER95;C:\SYSTEM.SAV\FBI\STATE.INI
item94=C:\ET95;C:\SYSTEM.SAV\FBI\STATE.INI
item95=C:\EZ95;C:\SYSTEM.SAV\FBI\STATE.INI
item96=C:\ES95;C:\SYSTEM.SAV\FBI\STATE.INI
item97=C:\EK95;C:\SYSTEM.SAV\FBI\STATE.INI
item98=C:\EB95;C:\SYSTEM.SAV\FBI\STATE.INI
item99=C:\US98;C:\SYSTEM.SAV\FBI\STATE.INI
item100=c:\system.sav\util\LOCME.INI;C:\SYSTEM.SAV\FBI\STATE.INI
item101=c:\WINME;C:\SYSTEM.SAV\FBI\STATE.INI
item102=c:\Select;C:\SYSTEM.SAV\FBI\STATE.INI
item103=C:\winnt\system32\drivers\fbimgmt.sys;C:\SYSTEM.SAV\FBI\STATE.INI
item104=C:\Winxp32.ALL;C:\SYSTEM.SAV\FBI\STATE.INI
item105=C:\Winxp32C;C:\SYSTEM.SAV\FBI\STATE.INI
item106=C:\Winxp32P;C:\SYSTEM.SAV\FBI\STATE.INI
item107=C:\winxp2k.32;C:\SYSTEM.SAV\FBI\STATE.INI
item108=C:\MiniNT;C:\SYSTEM.SAV\FBI\STATE.INI
item109=C:\CMLDR;C:\SYSTEM.SAV\FBI\STATE.INI
item110=C:\BS32PE.BIN;C:\SYSTEM.SAV\FBI\STATE.INI
item111=C:\BSNTFSPE.BIN;C:\SYSTEM.SAV\FBI\STATE.INI
item112=C:\CMDCONS;C:\SYSTEM.SAV\FBI\STATE.INI
item113=c:\winbom.ini;C:\SYSTEM.SAV\FBI\STATE.INI
Item114=C:\800.256
Item115=C:\1024.256
Item116=C:\1280.256
Item117=C:\1400.256
Item118=C:\1600.256
Item119=C:\800.256
Item120=C:\1024.256
Item121=C:\1280.256
Item122=C:\1400.256
Item123=C:\1600.256
Item124=C:\WIN41
Item125=C:\system.sav\util\winfeed.vxd
Item126=C:\system.sav\util\winfeed.exe
Item127=C:\system.sav\util\wf32ext.dll
Item128=C:\system.sav\util\wf16ext.dll
Item129=C:\system.sav\util\vesa.exe
Item130=C:\system.sav\util\sendkeys.dll
Item131=C:\system.sav\util\bootw.exe
Item132=C:\system.sav\util\attrib.exe
Item133=C:\system.sav\util\cmodel.exe
Item134=C:\system.sav\util\coldbt.exe
Item135=C:\system.sav\util\copyfile.dll
Item136=C:\system.sav\util\deltree.exe
Item137=C:\system.sav\util\ibgen.exe
Item138=C:\system.sav\util\move.exe
Item139=C:\system.sav\util\platform.exe
Item140=C:\system.sav\util\datechk.exe
Item141=C:\system.sav\util\ctvesa7.exe
Item142=C:\system.sav\util\ctouch.exe
Item143=C:\system.sav\util\cardoff.exe
Item144=C:\system.sav\util\ibgen32.exe
Item145=C:\Compaq\quicklnk.exe
Item146=C:\Compaq\Compaqnet\quicklnk.exe
Item147=c:\system.sav\LDRINTEL.FLG
Item148=c:\system.sav\util\GEYSERV.FLG
Item149=c:\system.sav\util\ICOMBO.FLG
Item150=c:\system.sav\util\M700.FLG
Item151=c:\system.sav\util\MACHINE.FLG
Item152=c:\system.sav\util\TP.FLG
Item153=c:\system.sav\util\preinfo.exe
Item154=c:\system.sav\util\preinfo.ini
Item155=c:\system.sav\util\smbios2.exe
Item156=c:\system.sav\util\smbios2.txt
Item157=c:\detlog.txt
Item158=c:\detlog.old
Item159=c:\WINXP32.ALL
Item160=c:\WINXP32P
Item161=c:\wINxp32c
Item162=c:\compaqsettings
Item163=c:\display.bat
Item164=c:\ntload.bat
Item165=c:\autoexec.bat
Item166=c:\command.com
Item167=c:\config.sys
Item168=c:\io.sys
Item169=c:\msdos.sys
Item170=c:\transit.lst
Item171=c:\transit.trn
Item172=c:\games.inf
Item173=c:\msmail.inf
Item174=c:\accessor.inf
Item175=c:\$WIN_NT$
Item176=c:\$WIN_NT$.~LS
Item177=c:\ati
Item178=c:\system.sav\pq
Item179=c:\system.sav\FAT32.FLG
Item180=C:\POSTPREP
Item181=C:\logo.sys
Item182=c:\system.sav\cia.si
Item183=c:\system.sav\compini.si
Item184=c:\system.sav\cpqci.si
Item185=c:\system.sav\cspu.si
Item186=c:\system.sav\cto.si
Item187=c:\system.sav\ibgen.si
Item188=c:\system.sav\info.si
Item189=c:\system.sav\install.si
Item190=c:\system.sav\mergeit.si
Item191=c:\system.sav\regflush.si
Item192=c:\sysfiles
Item193=c:\cspu.dat
Item194=c:\cspu.old
Item195=c:\postprep
Item196=c:\system.sav\util\insttb
Item197=c:\system.sav\util\cpqback
Item198=c:\system.sav\util\tlbxbak
Item199=c:\Wintmp
Item200=c:\bootsect.dos
Item201=c:\compaq\DiagJP
Item202=c:\logo.sys
Item203=c:\winnt\i386
Item204=c:\IE50
Item205=c:\winnt\SP4
Item206=c:\winnt\SP6
Item207=c:\cmdcons
Item208=c:\minint
Item209=c:\bs32pe.bin
Item210=c:\boot.wpe
Item211=c:\cmldr
Item212=c:\ntdetect.wpe
Item213=c:\wpeldr
Item214=c:\winbom.ini
Item215=c:\io.sys
Item216=c:\msdos.sys

[FBIFunctionTable]
ActivateDiagsPartition=FBITB.DLL,ActivateDiagsPartition;C:\SYSTEM.SAV\FBI\CUSTOM.INI
Break=FBITB.DLL,Break;C:\SYSTEM.SAV\FBI\CUSTOM.INI
CDCMakeLog=FBITB.DLL,CDCMakeLog;C:\SYSTEM.SAV\FBI\STATE.INI
CheckForErrorFlag=FBITB.DLL,CheckForErrorFlag;C:\SYSTEM.SAV\FBI\CUSTOM.INI
CheckMachine=FBITB.DLL,CheckMachine;C:\SYSTEM.SAV\FBI\CUSTOM.INI
CheckForOsTransit=FBITB.DLL,CheckForOsTransit;C:\SYSTEM.SAV\FBI\CUSTOM.INI
CleanCIASection=FBITB.DLL,CleanCIASection;C:\SYSTEM.SAV\FBI\CUSTOM.INI
CleanEventLog=FBITB.DLL,CleanEventLog;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DefineNextProcessSection=FBITB.DLL,DefineNextProcessSection;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DefineNextInitSection=FBITB.DLL,DefineNextInitSection;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DelApplZipFiles=FBITB.DLL,DelApplZipFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DelCvaInfoFiles=FBITB.DLL,DelCvaInfoFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DelCvaLangFiles=FBITB.DLL,DelCvaLangFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DelGeneralFiles=FBITB.DLL,DelGeneralFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DelMiniWindowsFiles=FBITB.DLL,DelMiniWindowsFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DelOsFiles=FBITB.DLL,DelOsFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DetectCurrentOSVersion=FBITB.DLL,DetectCurrentOSVersion;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DetectInstallationProcess=FBITB.DLL,DetectInstallationProcess;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DetectOsImage=FBITB.DLL,DetectOsImage;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DisableRemovableMedia=FBITB.DLL,DisableRemovableMedia;C:\SYSTEM.SAV\FBI\CUSTOM.INI
DisableMouseKeyboard=FBITB.DLL,DisableMouseKeyboard;C:\SYSTEM.SAV\FBI\CUSTOM.INI
EnableMouseKeyboard=FBITB.DLL,EnableMouseKeyboard;C:\SYSTEM.SAV\FBI\CUSTOM.INI
EnableRemovableMedia=FBITB.DLL,EnableRemovableMedia;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ExitFBI=FBITB.DLL,ExitFBI;C:\SYSTEM.SAV\FBI\CUSTOM.INI
FactoryWaitStart=FBITB.DLL,FactoryWaitStart;C:\SYSTEM.SAV\FBI\STATE.INI
FactoryWaitEnd=FBITB.DLL,FactoryWaitEnd;C:\SYSTEM.SAV\FBI\STATE.INI
HookFBIToRunAgain=FBITB.DLL,HookFBIToRunAgain;C:\SYSTEM.SAV\FBI\CUSTOM.INI
HookToRunInNewOS=FBITB.DLL,HookToRunInNewOS;C:\SYSTEM.SAV\FBI\CUSTOM.INI
InitProgressBar=FBITB.DLL,InitProgressBar;C:\SYSTEM.SAV\FBI\CUSTOM.INI
QTRAutomationNamer=FBITB.DLL,QTRAutomationNamer;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ReadUIAData=FBITB.DLL,ReadUIAData;C:\SYSTEM.SAV\FBI\CUSTOM.INI
RestoreApmSettings=FBITB.DLL,RestoreApmSettings;C:\SYSTEM.SAV\FBI\CUSTOM.INI
RegistryModify=FBITB.DLL,RegistryModify;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetApmToInfinite=FBITB.DLL,SetApmToInfinite;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetDefaultLocaleValues=FBITB.DLL,SetDefaultLocaleValues;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetDefaultOsSelection=FBITB.DLL,SetDefaultOsSelection;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetupAfterOsSelection=FBITB.DLL,SetupAfterOsSelection;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetupAutomation=FBITB.DLL,SetupAutomation;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetupCleanupDirectories=FBITB.DLL,SetupCleanupDirectories;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetupFactoryAutomation=FBITB.DLL,SetupFactoryAutomation;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetupOsSelection=FBITB.DLL,SetupOsSelection;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SpawnIt=FBITB.DLL,SpawnIt;C:\SYSTEM.SAV\FBI\CUSTOM.INI
StartRealTimeClock=FBITB.DLL,StartRealTimeClock;C:\SYSTEM.SAV\FBI\CUSTOM.INI
Suicide=FBITB.DLL,Suicide;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SystemReboot=FBITB.DLL,SystemReboot;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitBootLoader=FBITB.DLL,TransitBootLoader;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitCVAGlobalFiles=FBITB.DLL,TransitCVAGlobalFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitCVALocaleFiles=FBITB.DLL,TransitCVALocaleFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitDir=FBITB.DLL,TransitDir;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitDirOrDelete=FBITB.DLL,TransitDirOrDelete;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitLIPDir=FBITB.DLL,TransitLIPDir;C:\SYSTEM.SAV\FBI\STATE.INI
TransitLocaleDir=FBITB.DLL,TransitLocaleDir;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitNewMiniWindows1=FBITB.DLL,TransitNewMiniWindows;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitNewMiniWindows2=FBITB.DLL,TransitNewMiniWindows;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitOsFiles=FBITB.DLL,TransitOsFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
TransitPanEuroOsFiles=FBITB.DLL,TransitPanEuroOsFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
UnHookFBIToRunAgain=FBITB.DLL,UnHookFBIToRunAgain;C:\SYSTEM.SAV\FBI\CUSTOM.INI
UpdateSysPrepWithOEMDrivers=FBITB.DLL,UpdateSysPrepWithOEMDrivers;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ValidateOsCVAFiles=FBITB.DLL,ValidateOsCVAFiles;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ValidateStartFromRestoreCD=FBITB.DLL,ValidateStartFromRestoreCD;C:\SYSTEM.SAV\FBI\CUSTOM.INI
WriteLangCodeToCmos=FBITB.DLL,WriteLangCodeToCmos;C:\SYSTEM.SAV\FBI\CUSTOM.INI
WriteUIAErrorCode=FBITB.DLL,WriteUIAErrorCode;C:\SYSTEM.SAV\FBI\CUSTOM.INI
SetCMOSDefaults=FBITB.DLL,SetCMOSDefaults;C:\SYSTEM.SAV\FBI\CUSTOM.INI
GuiChangeBackGround=GUIDLL.DLL,GuiChangeBackGround;C:\SYSTEM.SAV\FBI\CUSTOM.INI
HideActivity=GUIDLL.DLL,HideActivity;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ShowListSelect=GUIDLL.DLL,ShowListSelect;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ShowSingleOK=GUIDLL.DLL,ShowSingleOK;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ShowActivity=GUIDLL.DLL,ShowActivity;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ProcessBTOName=FBISB.DLL,ProcessBTOName;C:\SYSTEM.SAV\FBI\CUSTOM.INI
InitPostOSVars=FBISB.DLL,InitPostOSVars;C:\SYSTEM.SAV\FBI\CUSTOM.INI
ShowClassMenu=ClassMnu.DLL,ShowClassMenu;C:\SYSTEM.SAV\FBI\CUSTOM.INI
CommitOptions=ClassMnu.DLL,CommitOptions;C:\SYSTEM.SAV\FBI\CUSTOM.INI
Acpower=PORTABLE.DLL,Acpower;C:\SYSTEM.SAV\FBI\CUSTOM.INI
IsDocked=PORTABLE.DLL,IsDocked;C:\SYSTEM.SAV\FBI\CUSTOM.INI

[GUISingleOK]
BMPResID=278
AccelResID=179
nofail=0

[GUIActivity]
BMPResID=277;C:\SYSTEM.SAV\FBI\STATE.INI
AniResDLLName=GUIDLL.DLL;C:\SYSTEM.SAV\FBI\STATE.INI
AniResIDStart=201;C:\SYSTEM.SAV\FBI\STATE.INI
AniResNumberIcons=4;C:\SYSTEM.SAV\FBI\STATE.INI

[GUIBackGround]
ResDLLName=FBIBG.DLL;C:\SYSTEM.SAV\FBI\STATE.INI
BMPResID=250;C:\SYSTEM.SAV\FBI\STATE.INI
AccelResID=175;C:\SYSTEM.SAV\FBI\STATE.INI

[GUIALL]
CpqLogo=GUIDLL.DLL;C:\SYSTEM.SAV\FBI\STATE.INI
CpqLogoResID=254;C:\SYSTEM.SAV\FBI\STATE.INI
CopyRight=FBIUSRES.DLL;C:\SYSTEM.SAV\FBI\STATE.INI
CopyRightResID=275;C:\SYSTEM.SAV\FBI\STATE.INI
PBLTR=1;C:\SYSTEM.SAV\FBI\STATE.INI
LocaleRTL=IL;C:\SYSTEM.SAV\FBI\STATE.INI
Lang=FBIUSRES.DLL;updated from FBITB.DLL
[ListSelect]
AccelResID=179;C:\SYSTEM.SAV\FBI\STATE.INI
ItemRESDLL1=FBIUSRES.DLL;updated from FBITB.DLL
ItemRESID1=407
ItemConfRESID1=507
ItemSingleRESID1=607
ItemSelected=1
DefaultItem=1

[Labels.OSVersion]
item1=win95;C:\SYSTEM.SAV\FBI\STATE.INI
item2=win98;C:\SYSTEM.SAV\FBI\STATE.INI
item3=nt40;C:\SYSTEM.SAV\FBI\STATE.INI
item4=win2000;C:\SYSTEM.SAV\FBI\STATE.INI
item5=winME;C:\SYSTEM.SAV\FBI\STATE.INI
item6=Winxp32P;C:\SYSTEM.SAV\FBI\STATE.INI
item7=Winxp32C;C:\SYSTEM.SAV\FBI\STATE.INI

[Labels.InstallProcess]
item1=RestoreCD;C:\SYSTEM.SAV\FBI\STATE.INI
item2=FactoryPreinstall;C:\SYSTEM.SAV\FBI\STATE.INI

[GUISortKeyList]
Key2=LocaleCode;C:\SYSTEM.SAV\FBI\STATE.INI
Key1=OsLabel;C:\SYSTEM.SAV\FBI\STATE.INI
SortOrderKey1=Descending;C:\SYSTEM.SAV\FBI\STATE.INI
SortOrderKey2=Ascending;C:\SYSTEM.SAV\FBI\STATE.INI

[GUIDefaultOSOrder]
item1=Winxp32P;C:\SYSTEM.SAV\FBI\STATE.INI
item2=Winxp32C;C:\SYSTEM.SAV\FBI\STATE.INI
Item3=Win2000;C:\SYSTEM.SAV\FBI\STATE.INI
Item4=NT40;C:\SYSTEM.SAV\FBI\STATE.INI
Item5=Win98;C:\SYSTEM.SAV\FBI\STATE.INI
Item6=WinME;C:\SYSTEM.SAV\FBI\STATE.INI
Item7=Win95;C:\SYSTEM.SAV\FBI\STATE.INI

[FBI.Registry.Force.Disable]
Item1=adpu160m;C:\SYSTEM.SAV\FBI\STATE.INI

[~%Restricted]
~%Restricted=1;C:\SYSTEM.SAV\FBI\STATE.INI
~%SystemConstants=1;C:\SYSTEM.SAV\FBI\STATE.INI
FBIFunctionTable=1;C:\SYSTEM.SAV\FBI\STATE.INI
FBIState=1;C:\SYSTEM.SAV\FBI\STATE.INI

[~%SystemConstants]
MachineID=~%Hardware Detect,MachineID%~;C:\SYSTEM.SAV\FBI\STATE.INI
NameInROM=~%Hardware Detect,Name%~;C:\SYSTEM.SAV\FBI\STATE.INI
NumOfProcessor=~%Hardware Detect,NumOfProcessor%~;C:\SYSTEM.SAV\FBI\STATE.INI
OS=~%Description,OSSelection%~;C:\SYSTEM.SAV\FBI\STATE.INI
Lang=~%Description,CompaqLanguage%~;C:\SYSTEM.SAV\FBI\STATE.INI
LangAlias=~%Description,CompaqLanguageAlias%~;C:\SYSTEM.SAV\FBI\STATE.INI
TransDir=C:
Windir=~%TransDir%~~%dirs.~%OS%~,windir%~;C:\SYSTEM.SAV\FBI\STATE.INI
Winsys=~%Windir%~~%dirs.~%OS%~,sysdir%~;C:\SYSTEM.SAV\FBI\STATE.INI
WinDrivers=~%dirs.~%OS%~,drvdir%~;C:\SYSTEM.SAV\FBI\STATE.INI
Favorites=~%CurrentUserFolders,Favorites%~;C:\SYSTEM.SAV\FBI\STATE.INI
StartPrograms=~%CurrentUserFolders,Programs%~;C:\SYSTEM.SAV\FBI\STATE.INI
StartUp=~%CurrentUserFolders,StartUp%~;C:\SYSTEM.SAV\FBI\STATE.INI
Desktop=~%CurrentUserFolders,Desktop%~;C:\SYSTEM.SAV\FBI\STATE.INI
CPQFavoriteDir=~%Favorites%~\~%strings.~%Lang%~,CPQFavoriteDir%~;C:\SYSTEM.SAV\FBI\STATE.INI
CICFolder=~%StartPrograms%~\~%strings.~%Lang%~,CICFolderName%~;C:\SYSTEM.SAV\FBI\STATE.INI
WinInfs=~%Windir%~\INF;C:\SYSTEM.SAV\FBI\STATE.INI
WinHelp=~%Windir%~\Help;C:\SYSTEM.SAV\FBI\STATE.INI
WinCabs=~%dirs.~%OS%~,Cabs%~;C:\SYSTEM.SAV\FBI\STATE.INI

[dirs.Winxp32P]
Windir=\Windows;C:\SYSTEM.SAV\FBI\STATE.INI
sysdir=\System32;C:\SYSTEM.SAV\FBI\STATE.INI
drvdir=~%Winsys%~\Drivers;C:\SYSTEM.SAV\FBI\STATE.INI
Cabs=c:\i386;C:\SYSTEM.SAV\FBI\STATE.INI

[dirs.Winxp32C]
Windir=\Windows;C:\SYSTEM.SAV\FBI\STATE.INI
sysdir=\System32;C:\SYSTEM.SAV\FBI\STATE.INI
drvdir=~%Winsys%~\Drivers;C:\SYSTEM.SAV\FBI\STATE.INI
Cabs=c:\i386;C:\SYSTEM.SAV\FBI\STATE.INI

[dirs.Win2000]
Windir=\WinNT;C:\SYSTEM.SAV\FBI\STATE.INI
sysdir=\System32;C:\SYSTEM.SAV\FBI\STATE.INI
drvdir=~%Winsys%~\Drivers;C:\SYSTEM.SAV\FBI\STATE.INI
Cabs=c:\i386;C:\SYSTEM.SAV\FBI\STATE.INI

[Hardware Detect]
SMBIOSVer=2.3
Table1=Start
Manufacture=Hewlett-Packard
Product Name=Pavilion ze4300 (DC955A)
Name=Pavilion ze4300 (DC955A)
Version=KAM1.42
SerialNumber=CN31021602
UUID=40dba15b9fd711983
Wake Type #=06
Wake Type=Power Switch
Table2=Start
Manufacture2=Hewlett-Packard
Product Name2=0024
MachineID=0024
Version2=PQ1A75
Serial Number2=None
Table3=Start
Manufacture3=Hewlett-Packard
IsPortable=1
Chassis Type #=0A
Chassis Type=Notebook
Chassis Lock=unknown
Version3=N/A
Serial Number3=None
AssetTag=No Asset Tag
Boot-Up-State #=03
Boot-Up-State=Safe
Power Supply State #=03
Power Supply State=Safe
Thermal State #=03
Thermal State=Safe
Security Status #=None
OEM-Defined=00000000
NumOfProcessor=1
Tables=Finished
LogicalProcessors=0

[uia]
errorcode=0
SerialNumber=CN31021602
SurrogateSerialNumber=sgt12235-3.a
DashSite=PRMTSTSQ
BomSize_h=0X00000EF5
BomSize_d=3829
POSTPROCESSING=1
DATABLASTER=0
WAITFOREVER=0
UUIDFLAG=0
SETDOMAIN=0
TCPIP=0
AUTOMODE=0
SERVICEFLAG=0
DIRECTPLUSFLAG=0
AUTOLOG=1
EXITSDV=0
INT19BOOT=0
KBDBOOT=0
SRPFLAG=1
NETDIAGSFLAG=0
DISABLEBLINKLED=1
PONumber=338754-001
SkuNumber=338754-001˙˙
DashRegion=00
ServiceMode=FALSE
IsCTO=0
IsSRP=0
IsBTO=1

[BTOsProcessed]
NoOfBTOsProcessed=100
Item1=c:\system.sav\fbi\detect.bto
Item1.Start=18:01:49.916
Item1.Stop=18:01:52.199
Item1.Elasped=3
Item1.1=c:\appl.zip\tools\labelit.exe
Item1.1.Start=18:01:50.166
Item1.1.Stop=18:01:52.119
Item1.1.Elasped=2
Item2=c:\system.sav\fbi\mrgdefs.bto
Item2.Start=18:01:52.209
Item2.Stop=18:01:52.550
Item2.Elasped=1
Item2.1=c:\appl.zip\tools\mergeit.exe C:\system.sav\config C:\system.sav\config\cpqopts.cfg *.ini
Item2.1.Start=18:01:52.239
Item2.1.Stop=18:01:52.550
Item2.1.Elasped=0
Item0.1=c:\system.sav\fbi\liptool.exe /hide
Item0.1.Start=18:01:52.840
Item0.1.Stop=18:01:55.073
Item0.1.Elasped=3
Item3=c:\system.sav\scripts\setcodepage.bto
Item3.Start=18:01:55.674
Item3.Stop=18:01:55.754
Item3.Elasped=1
Item4=c:\system.sav\scripts\strings.bto
Item4.Start=18:01:55.754
Item4.Stop=18:01:55.815
Item4.Elasped=1
Item0.2=c:\system.sav\fbi\osmove2.exe /capture
Item0.2.Start=18:01:57.166
Item0.2.Stop=18:01:59.109
Item0.2.Elasped=2
Item5=c:\system.sav\fbi\rmnt4dlv.bto
Item5.Start=18:02:08.613
Item5.Stop=18:02:08.613
Item5.Elasped=1
Item6=c:\appl.zip\init\init.bto
Item6.Start=18:02:20.740
Item6.Stop=18:02:23.284
Item6.Elasped=3
Item6.1=c:\appl.zip\tools\nameit.exe -U:c:\appl.zip\tools\name.ini
Item6.1.Start=18:02:20.891
Item6.1.Stop=18:02:23.114
Item6.1.Elasped=2
Item7=c:\appl.zip\preos.pi\Brandini.BTO
Item7.Start=18:02:23.324
Item7.Stop=18:02:23.374
Item7.Elasped=1
Item8=c:\appl.zip\preos.pi\Infobomg.bto
Item8.Start=18:02:23.374
Item8.Stop=18:02:25.037
Item8.Elasped=2
Item8.1=C:\system.sav\util\infobomg.exe
Item8.1.Start=18:02:23.424
Item8.1.Stop=18:02:25.037
Item8.1.Elasped=2
Item9=c:\appl.zip\preos.pi\INIDESVR.BTO
Item9.Start=18:02:25.037
Item9.Stop=18:02:25.387
Item9.Elasped=1
Item10=c:\appl.zip\preos.pi\MINIWD.BTO
Item10.Start=18:02:25.387
Item10.Stop=18:02:25.447
Item10.Elasped=1
Item11=c:\appl.zip\preos.pi\SetSRPDR.BTO
Item11.Start=18:02:25.447
Item11.Stop=18:02:25.447
Item11.Elasped=1
Item12=c:\appl.zip\preos.pi\STRegion.bto
Item12.Start=18:02:25.447
Item12.Stop=18:02:25.447
Item12.Elasped=1
Item13=c:\appl.zip\preos.pi\SWSETUP.BTO
Item13.Start=18:02:25.447
Item13.Stop=18:02:25.457
Item13.Elasped=1
Item14=c:\appl.zip\preos.pi\WITPREOS.BTO
Item14.Start=18:02:25.457
Item14.Stop=18:02:32.658
Item14.Elasped=7
Item14.1=c:\minint\system32\reg.exe load hklm\newpath C:\Windows\System32\config\software
Item14.1.Start=18:02:25.547
Item14.1.Stop=18:02:28.011
Item14.1.Elasped=3
Item14.2=c:\minint\system32\reg.exe import C:\appl.zip\wxpetool\newpath.reg
Item14.2.Start=18:02:28.011
Item14.2.Stop=18:02:30.024
Item14.2.Elasped=2
Item14.3=c:\minint\system32\reg.exe unload hklm\newpath
Item14.3.Start=18:02:30.024
Item14.3.Stop=18:02:32.277
Item14.3.Elasped=2
Item15=c:\appl.zip\preos\Consumer.BTO
Item15.Start=18:02:32.658
Item15.Stop=18:02:32.688
Item15.Elasped=1
Item16=c:\appl.zip\preos\ExtendSTR.bto
Item16.Start=18:02:32.688
Item16.Stop=18:02:32.688
Item16.Elasped=1
Item17=c:\appl.zip\preos\LAN.bto
Item17.Start=18:02:32.688
Item17.Stop=18:02:32.748
Item17.Elasped=1
Item18=c:\appl.zip\preos\RegionCF.BTO
Item18.Start=18:02:32.758
Item18.Stop=18:02:33.248
Item18.Elasped=1
Item19=c:\appl.zip\preos\WOTPREOS.bto
Item19.Start=18:02:33.248
Item19.Stop=18:02:47.088
Item19.Elasped=14
Item19.1=c:\minint\system32\attrib.exe -h -s -r c:\i386\oembios.bi_
Item19.1.Start=18:02:33.349
Item19.1.Stop=18:02:35.271
Item19.1.Elasped=2
Item19.2=c:\minint\system32\attrib.exe -h -s -r c:\i386\oembios.da_
Item19.2.Start=18:02:35.271
Item19.2.Stop=18:02:37.174
Item19.2.Elasped=2
Item19.3=c:\minint\system32\attrib.exe -h -s -r c:\i386\oembios.si_
Item19.3.Start=18:02:37.174
Item19.3.Stop=18:02:39.097
Item19.3.Elasped=2
Item19.4=c:\minint\system32\attrib.exe -h -s -r c:\i386\oembios.ca_
Item19.4.Start=18:02:39.097
Item19.4.Stop=18:02:41.080
Item19.4.Elasped=2
Item19.5=c:\minint\system32\attrib.exe -h -s -r c:\boot.ini
Item19.5.Start=18:02:41.080
Item19.5.Stop=18:02:43.052
Item19.5.Elasped=2
Item19.6=c:\minint\system32\attrib.exe +r +s +h c:\boot.ini
Item19.6.Start=18:02:43.203
Item19.6.Stop=18:02:45.176
Item19.6.Elasped=2
Item19.7=c:\minint\system32\cmd.exe /c move /y C:\Windows\System32\*.scr C:\Windows\System32\dllcache
Item19.7.Start=18:02:45.176
Item19.7.Stop=18:02:47.088
Item19.7.Elasped=2
Item20=c:\appl.zip\preos.eue\changekb.bto
Item20.Start=18:02:47.088
Item20.Stop=18:02:47.098
Item20.Elasped=1
Item21=c:\appl.zip\preos.eue\compname.bto
Item21.Start=18:02:47.098
Item21.Stop=18:02:47.208
Item21.Elasped=1
Item22=c:\appl.zip\preos.eue\Consumer.BTO
Item22.Start=18:02:47.208
Item22.Stop=18:02:47.238
Item22.Elasped=1
Item23=c:\appl.zip\preos.eue\DELCVT.BTO
Item23.Start=18:02:47.238
Item23.Stop=18:02:47.248
Item23.Elasped=1
Item24=c:\appl.zip\preos.eue\enblscrn.bto
Item24.Start=18:02:47.248
Item24.Stop=18:02:54.519
Item24.Elasped=7
Item25=c:\appl.zip\preos.eue\fini.bto
Item25.Start=18:02:54.519
Item25.Stop=18:02:54.559
Item25.Elasped=1
Item26=c:\appl.zip\preos.eue\hnwprmpt.bto
Item26.Start=18:02:54.559
Item26.Stop=18:02:54.609
Item26.Elasped=1
Item27=c:\appl.zip\preos.eue\ics.bto
Item27.Start=18:02:54.609
Item27.Stop=18:02:54.659
Item27.Elasped=1
Item28=c:\appl.zip\preos.eue\ident2.bto
Item28.Start=18:02:54.659
Item28.Stop=18:02:54.709
Item28.Elasped=1
Item29=c:\appl.zip\preos.eue\keybd.bto
Item29.Start=18:02:54.709
Item29.Stop=18:02:54.779
Item29.Elasped=1
Item30=c:\appl.zip\preos.eue\mdmcfgpo.bto
Item30.Start=18:02:54.779
Item30.Stop=18:02:54.829
Item30.Elasped=1
Item31=c:\appl.zip\preos.eue\neweula.bto
Item31.Start=18:02:54.829
Item31.Stop=18:02:54.910
Item31.Elasped=1
Item32=c:\appl.zip\preos.eue\PREINFO.BTO
Item32.Start=18:02:54.910
Item32.Stop=18:02:59.126
Item32.Elasped=5
Item32.1=c:\minint\system32\attrib.exe +h +s +r C:\ntldr
Item32.1.Start=18:02:54.950
Item32.1.Stop=18:02:57.153
Item32.1.Elasped=2
Item32.2=c:\minint\system32\attrib.exe +h +s +r C:\ntdetect.com
Item32.2.Start=18:02:57.153
Item32.2.Stop=18:02:59.126
Item32.2.Elasped=2
Item33=c:\appl.zip\preos.eue\reg1.bto
Item33.Start=18:02:59.126
Item33.Stop=18:02:59.246
Item33.Elasped=1
Item34=c:\appl.zip\preos.eue\SetSRPDR.BTO
Item34.Start=18:02:59.246
Item34.Stop=18:02:59.246
Item34.Elasped=1
Item35=c:\appl.zip\preos.eue\STRegion.bto
Item35.Start=18:02:59.246
Item35.Stop=18:02:59.246
Item35.Elasped=1
Item36=c:\appl.zip\preos.eue\SWSETUP.BTO
Item36.Start=18:02:59.246
Item36.Stop=18:03:14.458
Item36.Elasped=15
Item36.1=c:\minint\system32\cmd.exe /c c:\appl.zip\tools\xppath.cmd
Item36.1.Start=18:02:59.286
Item36.1.Stop=18:03:02.030
Item36.1.Elasped=3
Item37=c:\appl.zip\preos.eue\timezone.bto
Item37.Start=18:03:14.458
Item37.Stop=18:03:14.498
Item37.Elasped=1
Item38=c:\appl.zip\preos.eue\TorTwk.BTO
Item38.Start=18:03:14.498
Item38.Stop=18:03:14.708
Item38.Elasped=1
Item39=c:\appl.zip\preos.eue\Welcome.bto
Item39.Start=18:03:14.708
Item39.Stop=18:03:14.778
Item39.Elasped=1
Item40=c:\appl.zip\preos.eue\WITPREOS.BTO
Item40.Start=18:03:14.778
Item40.Stop=18:03:15.038
Item40.Elasped=1
Item41=c:\appl.zip\osupdate\ACLINK.BTO
Item41.Start=19:10:33.569
Item41.Stop=19:11:05.384
Item41.Elasped=32
Item41.1=C:\swsetup\Audio\Setup.exe -s -f2c:\system.sav\util\Audio.log
Item41.1.Start=19:10:34.019
Item41.1.Stop=19:11:05.224
Item41.1.Elasped=31
Item42=c:\appl.zip\osupdate\NTBACKUP.BTO
Item42.Start=19:11:05.424
Item42.Stop=19:11:10.141
Item42.Elasped=5
Item42.1=C:\Windows\System32\MSIEXEC.EXE /i C:\appl.zip\NTBACKUP\US\NTBACKUP.MSI /qn
Item42.1.Start=19:11:05.504
Item42.1.Stop=19:11:10.141
Item42.1.Elasped=5
Item43=c:\appl.zip\osupdate\PowerSet.bto
Item43.Start=19:11:10.171
Item43.Stop=19:12:25.199
Item43.Elasped=75
Item43.1=C:\swsetup\Default\Disk1\Setup.exe -S -f2c:\system.sav\util\Powerset.log
Item43.1.Start=19:11:10.251
Item43.1.Stop=19:12:25.199
Item43.1.Elasped=75
Item44=c:\appl.zip\osupdate\setlocal.BTO
Item44.Start=19:12:25.379
Item44.Stop=19:13:36.601
Item44.Elasped=71
Item44.1=C:\Appl.zip\RegionCF\SETLOCAL.EXE C:\SYSTEM.SAV\CONFIG\REGIONcf.INI
Item44.1.Start=19:12:25.520
Item44.1.Stop=19:12:27.142
Item44.1.Elasped=2
Item45=c:\appl.zip\osupdate\WITOSUPD.BTO
Item45.Start=19:13:36.652
Item45.Stop=19:13:41.238
Item45.Elasped=5
Item45.1=C:\Windows\regedit.exe /s C:\APPL.ZIP\WXPETOOL\polidef.reg
Item45.1.Start=19:13:36.692
Item45.1.Stop=19:13:37.413
Item45.1.Elasped=1
Item45.2=C:\Windows\regedit.exe /s C:\APPL.ZIP\WXPETOOL\SRCPATH.REG
Item45.2.Start=19:13:37.413
Item45.2.Stop=19:13:37.513
Item45.2.Elasped=0
Item45.3=C:\Windows\REGEDIT.EXE /S C:\APPL.ZIP\wxpetool\SSAVEOFF.REG
Item45.3.Start=19:13:37.513
Item45.3.Stop=19:13:37.613
Item45.3.Elasped=0
Item45.4=C:\Windows\System32\Rundll32.exe Setupapi.dll,InstallHinfSection RemoveMod 128 c:\APPL.ZIP\WXPETOOL\DELREG.INF
Item45.4.Start=19:13:37.863
Item45.4.Stop=19:13:41.208
Item45.4.Elasped=3
Item46=c:\appl.zip\osupdate\WOTOSUP.BTO
Item46.Start=19:13:41.238
Item46.Stop=19:13:45.614
Item46.Elasped=4
Item46.1=c:\appl.zip\tools\beavkit.exe c:\appl.zip\wxpostwk\DMA_ON.INI
Item46.1.Start=19:13:41.468
Item46.1.Stop=19:13:43.131
Item46.1.Elasped=2
Item46.2=c:\appl.zip\wxpostwk\srtool.exe /off
Item46.2.Start=19:13:43.241
Item46.2.Stop=19:13:45.184
Item46.2.Elasped=2
Item46.3=C:\Windows\regedit.exe /s C:\APPL.ZIP\TOOLS\volsystr.reg
Item46.3.Start=19:13:45.194
Item46.3.Stop=19:13:45.354
Item46.3.Elasped=0
Item46.4=C:\Windows\regedit.exe /s C:\APPL.ZIP\TOOLS\TASKBAR.reg
Item46.4.Start=19:13:45.354
Item46.4.Stop=19:13:45.464
Item46.4.Elasped=0
Item46.5=C:\Windows\regedit.exe /s c:\appl.zip\tools\wmp_all.reg
Item46.5.Start=19:13:45.464
Item46.5.Stop=19:13:45.614
Item46.5.Elasped=0
Item47=c:\appl.zip\osupdate.eue\RegionCF.BTO
Item47.Start=19:13:45.685
Item47.Stop=19:13:45.755
Item47.Elasped=1
Item48=c:\appl.zip\install\56KMODEM.BTO
Item48.Start=19:13:45.925
Item48.Stop=19:13:46.215
Item48.Elasped=1
Item49=c:\appl.zip\install\Adobe.bto
Item49.Start=19:13:46.215
Item49.Stop=19:14:36.307
Item49.Elasped=50
Item49.1=C:\SwSetup\Preload\Adobe\Setup.EXE -f"c:\swsetup\Preload\adobe\setup.ins"
Item49.1.Start=19:14:17.861
Item49.1.Stop=19:14:36.127
Item49.1.Elasped=18
Item50=c:\appl.zip\install\ARCSF.bto
Item50.Start=19:14:36.357
Item50.Stop=19:14:39.212
Item50.Elasped=3
Item50.1=C:\Compaq\ARCSF\disk1\setup.exe -s -f2C:\System.sav\util\ARCSF.log
Item50.1.Start=19:14:36.528
Item50.1.Stop=19:14:39.212
Item50.1.Elasped=3
Item51=c:\appl.zip\install\ATIRS200.BTO
Item51.Start=19:14:39.212
Item51.Stop=19:16:04.454
Item51.Elasped=85
Item51.1=c:\Compaq\Video\CPanel\setup.exe /k
Item51.1.Start=19:14:39.472
Item51.1.Stop=19:16:04.224
Item51.1.Elasped=84
Item52=c:\appl.zip\install\BrandIT.bto
Item52.Start=19:16:04.504
Item52.Stop=19:19:10.081
Item52.Elasped=186
Item52.1=C:\Appl.zip\BrandIT\Setup.exe -s
Item52.1.Start=19:16:04.915
Item52.1.Stop=19:19:10.001
Item52.1.Elasped=183
Item53=c:\appl.zip\install\Brtol.bto
Item53.Start=19:19:10.111
Item53.Stop=19:19:21.017
Item53.Elasped=11
Item53.1=C:\Compaq\BOnLine\BritannicaOnLineService -s
Item53.1.Start=19:19:10.291
Item53.1.Stop=19:19:21.017
Item53.1.Elasped=11
Item54=c:\appl.zip\install\Deskzoom.BTO
Item54.Start=19:19:21.027
Item54.Stop=19:19:29.068
Item54.Elasped=8
Item54.1=c:\Compaq\DESKZOOM\SETUP.EXE -s -SMS -f2c:\system.sav\util\DESKZOOM.log
Item54.1.Start=19:19:21.217
Item54.1.Stop=19:19:29.028
Item54.1.Elasped=8
Item55=c:\appl.zip\install\EISUCORE.BTO
Item55.Start=19:19:29.068
Item55.Stop=19:19:48.036
Item55.Elasped=19
Item55.1=C:\swsetup\EISU_CORE\Setup.Exe /s -f2C:\system.sav\Setup.Log /v"/qn"
Item55.1.Start=19:19:29.279
Item55.1.Stop=19:19:48.026
Item55.1.Elasped=19
Item56=c:\appl.zip\install\HPDskjet.BTO
Item56.Start=19:19:48.036
Item56.Stop=19:20:44.196
Item56.Elasped=56
Item56.1=C:\Compaq\Deskjet\Deskjet.exe /S
Item56.1.Start=19:19:48.096
Item56.1.Stop=19:20:44.116
Item56.1.Elasped=56
Item57=c:\appl.zip\install\HPhoto.BTO
Item57.Start=19:20:44.196
Item57.Stop=19:21:06.288
Item57.Elasped=22
Item57.1=C:\Compaq\photo\photo.exe /S
Item57.1.Start=19:20:44.427
Item57.1.Stop=19:21:06.288
Item57.1.Elasped=22
Item58=c:\appl.zip\install\HPKIT.bto
Item58.Start=19:21:06.428
Item58.Stop=19:22:12.113
Item58.Elasped=66
Item58.1=C:\Windows\REGEDIT.EXE -S C:\Appl.zip\Tools\kpkit.reg
Item58.1.Start=19:21:06.468
Item58.1.Stop=19:21:06.619
Item58.1.Elasped=0
Item58.2=C:\SWSETUP\HPKIT\setup.bat
Item58.2.Start=19:21:06.719
Item58.2.Stop=19:22:12.103
Item58.2.Elasped=66
Item59=c:\appl.zip\install\Hpwlan.bto
Item59.Start=19:22:12.183
Item59.Stop=19:22:12.353
Item59.Elasped=1
Item60=c:\appl.zip\install\HSC.bto
Item60.Start=19:22:12.393
Item60.Stop=19:22:42.306
Item60.Elasped=30
Item60.1=c:\SwSetup\HSC\US\chsinstall.exe
Item60.1.Start=19:22:12.573
Item60.1.Stop=19:22:22.067
Item60.1.Elasped=10
Item60.2=c:\SwSetup\HSC\US\chsinstall.exe
Item60.2.Start=19:22:22.357
Item60.2.Stop=19:22:42.296
Item60.2.Elasped=20
Item61=c:\appl.zip\install\instSBSI.bto
Item61.Start=19:22:42.306
Item61.Stop=19:22:46.172
Item61.Elasped=4
Item61.1=c:\appl.zip\SBSI\Per\setup\setup.exe -S -f1"c:\appl.zip\SBSI\Per\setup\silent.iss"
Item61.1.Start=19:22:42.466
Item61.1.Stop=19:22:46.172
Item61.1.Elasped=4
Item62=c:\appl.zip\install\mdmcfgin.bto
Item62.Start=19:22:46.222
Item62.Stop=19:22:46.492
Item62.Elasped=1
Item62.1=C:\Windows\regedit.exe /s C:\appl.zip\mdmlocal\mdm.reg
Item62.1.Start=19:22:46.252
Item62.1.Stop=19:22:46.462
Item62.1.Elasped=0
Item63=c:\appl.zip\install\MusicMch.bto
Item63.Start=19:22:46.512
Item63.Stop=19:25:02.307
Item63.Elasped=136
Item63.1=C:\SWSETUP\MusicMch\setup.exe /a factory -s
Item63.1.Start=19:22:46.783
Item63.1.Stop=19:25:02.257
Item63.1.Elasped=135
Item64=c:\appl.zip\install\nbutil.bto
Item64.Start=19:25:02.307
Item64.Stop=19:25:49.335
Item64.Elasped=47
Item64.1=c:\SwSetup\nbutil\disk1\Setup.exe -s -f2c:\System.sav\util\NbUtil.log
Item64.1.Start=19:25:02.518
Item64.1.Stop=19:25:49.275
Item64.1.Elasped=47
Item65=c:\appl.zip\install\OneTouch.bto
Item65.Start=19:25:49.335
Item65.Stop=19:25:54.162
Item65.Elasped=5
Item65.1=c:\Compaq\OneTouch\Setup.exe /s /NoReboot
Item65.1.Start=19:25:49.455
Item65.1.Stop=19:25:54.082
Item65.1.Elasped=5
Item66=c:\appl.zip\install\OOBEXP.bto
Item66.Start=19:25:54.162
Item66.Stop=19:25:58.088
Item66.Elasped=4
Item66.1=C:\Appl.zip\OOBEXP\Disk1\Setup.exe -s
Item66.1.Start=19:25:54.392
Item66.1.Stop=19:25:58.078
Item66.1.Elasped=4
Item67=c:\appl.zip\install\Quick.BTO
Item67.Start=19:25:58.088
Item67.Stop=19:26:02.123
Item67.Elasped=4
Item67.1=C:\SWSETUP\Quicken\QuickLnk.exe -desktop -common -T:"C:\SWSETUP\Quicken\disk1\setup.exe" -I:"C:\SWSETUP\Quicken\NUEShortcut.exe" -L:"Setup Quicken" -clean
Item67.1.Start=19:25:58.598
Item67.1.Stop=19:26:02.033
Item67.1.Elasped=4
Item68=c:\appl.zip\install\Touchpad.BTO
Item68.Start=19:26:02.123
Item68.Stop=19:27:54.205
Item68.Elasped=112
Item68.1=C:\SwSetup\Touchpad\Setup.exe -s -f2c:\system.sav\util\touchpad.log
Item68.1.Start=19:26:02.324
Item68.1.Stop=19:27:54.205
Item68.1.Elasped=112
Item69=c:\appl.zip\install\wireless.BTO
Item69.Start=19:27:54.205
Item69.Stop=19:27:54.385
Item69.Elasped=1
Item70=c:\appl.zip\install.eue\Windvd.bto
Item70.Start=19:27:54.435
Item70.Stop=19:27:55.406
Item70.Elasped=1
Item70.1=C:\Windows\regedit.exe /s c:\Appl.Zip\WNDVD\Registry\2KAuto.reg
Item70.1.Start=19:27:54.485
Item70.1.Stop=19:27:55.246
Item70.1.Elasped=1
Item71=c:\appl.zip\install2\APINS.BTO
Item71.Start=19:27:55.466
Item71.Stop=19:27:59.202
Item71.Elasped=4
Item71.1=C:\SWSETUP\AppInstl\SETUP.EXE PRELOAD programs /S
Item71.1.Start=19:27:55.587
Item71.1.Stop=19:27:59.202
Item71.1.Elasped=4
Item72=c:\appl.zip\install2\corel.BTO
Item72.Start=19:27:59.302
Item72.Stop=19:29:40.337
Item72.Elasped=101
Item72.1=C:\Compaq\corel\setup32.exe /silent
Item72.1.Start=19:27:59.462
Item72.1.Stop=19:29:40.297
Item72.1.Elasped=101
Item73=c:\appl.zip\install2\EISU.BTO
Item73.Start=19:29:40.387
Item73.Stop=19:29:40.508
Item73.Elasped=1
Item74=c:\appl.zip\install2\ISPUS-NX.BTO
Item74.Start=19:29:40.508
Item74.Stop=19:31:51.316
Item74.Elasped=131
Item74.1=C:\Appl.zip\ISPUS-NX\Install.bat
Item74.1.Start=19:29:40.768
Item74.1.Stop=19:31:51.245
Item74.1.Elasped=130
Item75=c:\appl.zip\install2\NAV.BTO
Item75.Start=19:31:51.346
Item75.Stop=19:33:31.349
Item75.Elasped=100
Item75.1=C:\swsetup\Norton\setup.exe /qn
Item75.1.Start=19:31:51.576
Item75.1.Stop=19:33:31.189
Item75.1.Elasped=100
Item76=c:\appl.zip\install2\Roxio.BTO
Item76.Start=19:33:31.400
Item76.Stop=19:34:27.100
Item76.Elasped=56
Item76.1=C:\swsetup\Roxio\launch.exe +s +NOI
Item76.1.Start=19:33:31.800
Item76.1.Stop=19:34:27.070
Item76.1.Elasped=56
Item77=c:\appl.zip\install2\SafetyGuide.BTO
Item77.Start=19:34:27.210
Item77.Stop=19:34:47.769
Item77.Elasped=20
Item77.1=C:\SwSetup\Safety\US\Safety_Comfort_Guide.exe
Item77.1.Start=19:34:27.630
Item77.1.Stop=19:34:47.188
Item77.1.Elasped=20
Item78=c:\appl.zip\install2.eue\RegionCF.BTO
Item78.Start=19:34:47.819
Item78.Stop=19:34:47.829
Item78.Elasped=1
Item0.3=c:\system.sav\fbi\regflush.exe
Item0.3.Start=19:34:48.070
Item0.3.Stop=19:34:50.223
Item0.3.Elasped=2
Item79=c:\appl.zip\cleanup.pi\WITCLEAN.BTO
Item79.Start=19:34:50.363
Item79.Stop=19:36:35.748
Item79.Elasped=105
Item79.1=C:\Windows\regedit.exe /s C:\APPL.ZIP\WXPETOOL\FPP_XP.REG
Item79.1.Start=19:34:50.623
Item79.1.Stop=19:34:51.164
Item79.1.Elasped=1
Item80=c:\appl.zip\cleanup\dirfix.BTO
Item80.Start=19:36:35.888
Item80.Stop=19:36:36.048
Item80.Elasped=1
Item81=c:\appl.zip\cleanup\HSCClean.bto
Item81.Start=19:36:36.048
Item81.Stop=19:36:36.098
Item81.Elasped=1
Item82=c:\appl.zip\cleanup\MobClean.bto
Item82.Start=19:36:36.148
Item82.Stop=19:36:36.369
Item82.Elasped=1
Item83=c:\appl.zip\cleanup\SWSETUP.BTO
Item83.Start=19:36:36.439
Item83.Stop=19:40:44.786
Item83.Elasped=248
Item83.1=C:\Windows\REGEDIT.EXE -S C:\APPL.ZIP\TOOLS\CLNPATH.REG
Item83.1.Start=19:36:36.709
Item83.1.Stop=19:36:38.331
Item83.1.Elasped=2
Item84=c:\appl.zip\cleanup\TorTwkC.BTO
Item84.Start=19:40:44.856
Item84.Stop=19:40:44.926
Item84.Elasped=1
Item85=c:\appl.zip\cleanup\WPEQKFiX.BTO
Item85.Start=19:40:44.936
Item85.Stop=19:40:45.316
Item85.Elasped=1
Item86=c:\appl.zip\cleanup.eue\chlngbar.BTO
Item86.Start=19:40:45.417
Item86.Stop=19:40:45.417
Item86.Elasped=1
Item87=c:\appl.zip\cleanup.eue\Consumer.BTO
Item87.Start=19:40:45.477
Item87.Stop=19:40:49.773
Item87.Elasped=4
Item87.1=C:\Windows\REGEDIT.EXE /S C:\APPL.ZIP\TOOLS\EFFECTS.REG
Item87.1.Start=19:40:45.557
Item87.1.Stop=19:40:48.661
Item87.1.Elasped=2
Item88=c:\appl.zip\cleanup.eue\enblcln.bto
Item88.Start=19:40:49.773
Item88.Stop=19:40:49.783
Item88.Elasped=1
Item89=c:\appl.zip\cleanup.eue\EUEMobCl.bto
Item89.Start=19:40:49.893
Item89.Stop=19:41:06.357
Item89.Elasped=17
Item89.1=C:\APPL.ZIP\TOOLS\ISLOGCHK.EXE C:\APPL.ZIP\TOOLS\ISLOGCHK.INI
Item89.1.Start=19:40:51.165
Item89.1.Stop=19:40:55.231
Item89.1.Elasped=4
Item89.2=C:\APPL.ZIP\TOOLS\REGDEV.EXE C:\APPL.ZIP\TOOLS\REGDEV.INI
Item89.2.Start=19:40:55.581
Item89.2.Stop=19:40:58.235
Item89.2.Elasped=3
Item89.3=C:\APPL.ZIP\TOOLS\cvacompg.exe
Item89.3.Start=19:40:58.556
Item89.3.Stop=19:41:02.231
Item89.3.Elasped=4
Item89.4=C:\system.sav\util\infobomg.exe
Item89.4.Start=19:41:02.611
Item89.4.Stop=19:41:06.176
Item89.4.Elasped=4
Item90=c:\appl.zip\cleanup.eue\ExtendRTR.bto
Item90.Start=19:41:06.357
Item90.Stop=19:41:06.407
Item90.Elasped=1
Item91=c:\appl.zip\cleanup.eue\mdmcfgcu.bto
Item91.Start=19:41:06.477
Item91.Stop=19:41:07.228
Item91.Elasped=1
Item91.1=C:\Windows\regedit.exe /s c:\appl.zip\modemcfg\delmodem.reg
Item91.1.Start=19:41:06.968
Item91.1.Stop=19:41:07.228
Item91.1.Elasped=0
Item92=c:\appl.zip\cleanup.eue\mosclean.bto
Item92.Start=19:41:07.248
Item92.Stop=19:41:07.328
Item92.Elasped=1
Item93=c:\appl.zip\cleanup.eue\OCA.bto
Item93.Start=19:41:07.388
Item93.Stop=19:41:07.849
Item93.Elasped=1
Item93.1=C:\Windows\regedit.exe /s c:\appl.zip\OCAmrk\oca_mrk.reg
Item93.1.Start=19:41:07.639
Item93.1.Stop=19:41:07.849
Item93.1.Elasped=0
Item94=c:\appl.zip\cleanup.eue\SWSETUP.BTO
Item94.Start=19:41:07.889
Item94.Stop=19:41:07.899
Item94.Elasped=1
Item95=c:\appl.zip\cleanup.eue\TorTwkC.BTO
Item95.Start=19:41:07.929
Item95.Stop=19:41:13.797
Item95.Elasped=6
Item95.1=C:\Appl.zip\tools\Iconrmv.exe Web Services
Item95.1.Start=19:41:08.229
Item95.1.Stop=19:41:11.264
Item95.1.Elasped=3
Item95.2=C:\Appl.zip\tools\Iconrmv.exe HP Notebook e-services
Item95.2.Start=19:41:11.274
Item95.2.Stop=19:41:13.247
Item95.2.Elasped=2
Item95.3=C:\Windows\regedit.exe -s C:\APPL.ZIP\Tools\ATI.reg
Item95.3.Start=19:41:13.497
Item95.3.Stop=19:41:13.757
Item95.3.Elasped=0
Item96=c:\appl.zip\cleanup.eue\WITCLEAN.BTO
Item96.Start=19:41:13.868
Item96.Stop=19:41:19.616
Item96.Elasped=6
Item96.1=C:\Windows\REGEDIT.EXE /s C:\APPL.ZIP\WXPETOOL\sfp_off.REG
Item96.1.Start=19:41:13.868
Item96.1.Stop=19:41:14.228
Item96.1.Elasped=1
Item96.2=C:\Windows\REGEDIT.EXE /S C:\Appl.zip\wxpetool\DEVPATH.REG
Item96.2.Start=19:41:14.228
Item96.2.Stop=19:41:14.579
Item96.2.Elasped=0
Item96.3=C:\Windows\REGEDIT.EXE /S C:\APPL.ZIP\wxpetool\SSAVEON.REG
Item96.3.Start=19:41:14.579
Item96.3.Stop=19:41:14.789
Item96.3.Elasped=0
Item96.4=C:\Windows\regedit.exe /s C:\APPL.ZIP\WXPETOOL\polidef.reg
Item96.4.Start=19:41:14.789
Item96.4.Stop=19:41:14.899
Item96.4.Elasped=0
Item96.5=C:\Windows\REGEDIT.EXE /S C:\Appl.zip\WXPETOOL\SRCPATH.REG
Item96.5.Start=19:41:14.899
Item96.5.Stop=19:41:15.009
Item96.5.Elasped=1
Item96.6=c:\appl.zip\tools\genrand.exe 11
Item96.6.Start=19:41:15.460
Item96.6.Stop=19:41:17.142
Item96.6.Elasped=2
Item97=c:\appl.zip\cleanup.eue\WOTCLEAN.BTO
Item97.Start=19:41:19.656
Item97.Stop=19:41:32.594
Item97.Elasped=13
Item97.1=C:\Windows\regedit.exe /s C:\APPL.ZIP\wxpostwk\startmnu.reg
Item97.1.Start=19:41:19.656
Item97.1.Stop=19:41:19.916
Item97.1.Elasped=0
Item97.2=C:\Windows\regedit.exe /s C:\APPL.ZIP\wxpostwk\strt_on.REG
Item97.2.Start=19:41:19.916
Item97.2.Stop=19:41:20.026
Item97.2.Elasped=1
Item97.3=C:\Windows\System32\CMD.EXE /c move /Y C:\Windows\System32\dllcache\*.scr C:\Windows\System32
Item97.3.Start=19:41:20.487
Item97.3.Stop=19:41:25.214
Item97.3.Elasped=5
Item97.4=C:\Windows\regedit.exe /s c:\appl.zip\wxpostwk\IEAUTCFG.REG
Item97.4.Start=19:41:25.264
Item97.4.Stop=19:41:25.975
Item97.4.Elasped=0
Item97.5=c:\appl.zip\tools\beavkit.exe c:\appl.zip\wxpostwk\DMA_ON.INI
Item97.5.Start=19:41:26.305
Item97.5.Stop=19:41:29.119
Item97.5.Elasped=3
Item97.6=C:\APPL.ZIP\TOOLS\BEAVREG2.EXE
Item97.6.Start=19:41:29.570
Item97.6.Stop=19:41:32.164
Item97.6.Elasped=2
Item98=c:\system.sav\scripts\rstoobe.bto
Item98.Start=19:41:32.775
Item98.Stop=19:41:32.795
Item98.Elasped=1
Item99=c:\system.sav\scripts\postrtr.bto
Item99.Start=19:41:32.845
Item99.Stop=19:41:32.855
Item99.Elasped=1
Item0.4=c:\system.sav\fbi\regflush.exe
Item0.4.Start=19:41:32.985
Item0.4.Stop=19:41:37.271
Item0.4.Elasped=4
Item100=c:\system.sav\scripts\delwinpe.bto
Item100.Start=19:41:37.562
Item100.Stop=19:41:37.582
Item100.Elasped=1
Item0.5=c:\system.sav\fbi\mosproc.exe
Item0.5.Start=19:41:52.253
Item0.5.Stop=19:41:54.055
Item0.5.Elasped=2

[BTO.If.Data]
BailThisOne=0
NestCount=0
SkippedIfs=0
Level1=1
Else1=0
Level2=0
Else2=0
Level3=1
Else3=0
Level4=0
Else4=0

[fbitb.generaltools]
sectiontoclean=uia

[FBI.OsCvaFound]
Item1=C:\compaq\sw_ver\30696300.CVA
NumFound=1

[FBI.OsImagePath]
Item1=c:\USWXP32C

[NoSetCodePage]
US=TRUE

[Strings.US]
CICFolderName=Compaq Information Center
Favorites=Favorites
CPQFavoriteDir=Compaq Recommended Sites
RandCompName=19270274802
CmdCons=c:\minint\system32
RandomName=22636878032

[GUIMain]

[EditDelLine]
String1=BACKBMP=

[EditAppendLine]
String1=C:\Windows\REGEDIT.EXE /S C:\SYSTEM.SAV\UTIL\CDDMA.REG
String2=C:\Windows\REGEDIT.EXE /S C:\SYSTEM.SAV\UTIL\CDDMA.REG

[RegionCFG]
DefaultKeyboard=409
DefaultLanguage=409
DefaultRegion=
TimeZoneRegFile=USA_TIME.reg
LanguageGroup=1,12,13
SystemLocale=0409
InputLocale=0409:00000409
UserLocale=0409
Script=MESSAGE_NO_script_SPECIFIED

[EDITREPLACESTRING]
STRING1=if (finish == FINISH_REBOOT)
STRING2=if (finish == FINISH_REBOOT || finish == FINISH_OK)

[EditInsertLine]
String1=if (finish == FINISH_REBOOT || finish == FINISH_OK)
String2=// end of Compaq add

[DeleteList.CvaFiles]
Item1=c:\global
Item2=c:\US

[DeleteList.MiniWindows]
Item1=C:\winmini.US

[LMCurrentVersion]
SM_GamesName=Games
SM_ConfigureProgramsName=Set Program Access and Defaults
ProgramFilesDir=C:\Program Files
CommonFilesDir=C:\Program Files\Common Files
ProductId=55277-OEM-0011903-00101
SM_AccessoriesName=Accessories
PF_AccessoriesName=Accessories
MediaPath=C:\WINDOWS\Media

[CurrentUserFolders]
AppData=C:\Documents and Settings\Owner\Application Data
Cookies=C:\Documents and Settings\Owner\Cookies
Desktop=C:\Documents and Settings\Owner\Desktop
Favorites=C:\Documents and Settings\Owner\Favorites
NetHood=C:\Documents and Settings\Owner\NetHood
Personal=C:\Documents and Settings\Owner\My Documents
PrintHood=C:\Documents and Settings\Owner\PrintHood
Recent=C:\Documents and Settings\Owner\Recent
SendTo=C:\Documents and Settings\Owner\SendTo
Start Menu=C:\Documents and Settings\Owner\Start Menu
Templates=C:\Documents and Settings\Owner\Templates
Programs=C:\Documents and Settings\Owner\Start Menu\Programs
Startup=C:\Documents and Settings\Owner\Start Menu\Programs\Startup
Local Settings=C:\Documents and Settings\Owner\Local Settings
Local AppData=C:\Documents and Settings\Owner\Local Settings\Application Data
Cache=C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files
History=C:\Documents and Settings\Owner\Local Settings\History
My Pictures=C:\Documents and Settings\Owner\My Documents\My Pictures
Fonts=C:\WINDOWS\Fonts
My Music=C:\Documents and Settings\Owner\My Documents\My Music
Administrative Tools=C:\Documents and Settings\Owner\Start Menu\Programs\Administrative Tools
CD Burning=C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\CD Burning
My Video=C:\Documents and Settings\Owner\My Documents\My Videos

[DefaultUserFolders]
AppData=C:\WINDOWS\system32\config\systemprofile\Application Data
Cookies=C:\WINDOWS\system32\config\systemprofile\Cookies
Desktop=C:\WINDOWS\system32\config\systemprofile\Desktop
Favorites=C:\WINDOWS\system32\config\systemprofile\Favorites
NetHood=C:\WINDOWS\system32\config\systemprofile\NetHood
Personal=C:\WINDOWS\system32\config\systemprofile\My Documents
PrintHood=C:\WINDOWS\system32\config\systemprofile\PrintHood
Recent=C:\WINDOWS\system32\config\systemprofile\Recent
SendTo=C:\WINDOWS\system32\config\systemprofile\SendTo
Start Menu=C:\WINDOWS\system32\config\systemprofile\Start Menu
Templates=C:\WINDOWS\system32\config\systemprofile\Templates
Programs=C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs
Startup=C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup
Local Settings=C:\WINDOWS\system32\config\systemprofile\Local Settings
Local AppData=C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data
Cache=C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files
History=C:\WINDOWS\system32\config\systemprofile\Local Settings\History
My Pictures=
Fonts=C:\WINDOWS\Fonts
My Music=

[CommonUserFolders]
Common AppData=C:\Documents and Settings\All Users\Application Data
Common Programs=C:\Documents and Settings\All Users\Start Menu\Programs
Common Documents=C:\Documents and Settings\All Users\Documents
Common Desktop=C:\Documents and Settings\All Users\Desktop
Common Start Menu=C:\Documents and Settings\All Users\Start Menu
CommonPictures=C:\Documents and Settings\All Users\Documents\My Pictures
CommonMusic=C:\Documents and Settings\All Users\Documents\My Music
CommonVideo=C:\Documents and Settings\All Users\Documents\My Videos
Common Favorites=C:\Documents and Settings\All Users\Favorites
Common Startup=C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Common Administrative Tools=C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
Common Templates=C:\Documents and Settings\All Users\Templates

[CDC.BTO]
c:\appl.zip\install\Adobe.bto=AdobeAcrobatReader
c:\appl.zip\install\HSC.bto=HelpAndSupport
c:\appl.zip\install2\SafetyGuide.BTO=Safety_Comfort_Guide

[AdobeAcrobatReader]
BTO_NO1=c:\appl.zip\install\Adobe.bto

[CDC]
AdobeAcrobatReader=PASS
HelpAndSupport=FAIL
Failure=1
Safety_Comfort_Guide=PASS

[HelpAndSupport]
BTO_NO1=c:\appl.zip\install\HSC.bto
MissingFile1=C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\HomePage.htm

[HelpAndSupport.MissingFile]
C:\WINDOWS\PCHEALTH\HELPCTR\System_OEM\HomePage.htm=1

[Safety_Comfort_Guide]
BTO_NO1=c:\appl.zip\install2\SafetyGuide.BTO

[PreinChecks]
ISLogChkResult=PASSED
FBITimeOut=PASSED
RegDevResult=PASSED

[EditReplaceLine]
String1=g.txtCompName.value = ApiObj.get_ComputerName();
String2=g.txtCompName.value = "HP22636878032";

[guipbmain]
full=1

__________________
removed1128 is offline  
Old 04-24-2005, 12:11 AM   #2
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,964
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Hi Jane:

This is a hijackthis forum. We read hijackthis logs. I have not seen this FBI log. Can you tell me which program creates this log? If you want..download hijackthis and post it's log and we will go through it for you.

__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 04-24-2005, 03:50 AM   #3
Registered Member
 
removed1128's Avatar
 
Join Date: Apr 2005
Posts: 4
OS: XP


hello,

Thank you for answering, I've been anxious about this. I dont know much about computers and am just a harmless citizen with 2 cats, yikes.

I used the ad-aware and spybot, and then here (hopefully) is the hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 3:35:57 AM, on 4/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\HPConfig.exe
C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\HPQ\One-Touch\OneTouch.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\JANERO~1\LOCALS~1\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us8l.hpwis.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us8l.hpwis.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [iIWiper] C:\Program Files\iISystem Wiper\SystemWiper.exe m
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...a/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by104fd.bay104.hotmail.msn.co...x/HMAtchmt.ocx
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
__________________
removed1128 is offline  
Old 04-24-2005, 05:02 AM   #4
Registered Member
 
removed1128's Avatar
 
Join Date: Apr 2005
Posts: 4
OS: XP


P.S.

Oops, I forgot to answer your question about who made the program, I dont know. This all started because my computer went out at Thanksgiving and again around Christmas, that time even needed a new C drive from the repair shop.

All seemed well until this other IP adress started signing in randomly to Norton 2005. A "black hole" whatever that is. Also I started getting denied things I wanted to do or see because some other process was using it. I tried "search" various ways and found the CIA and FBI files, I thought they were a prank or something and tried to delete them but they came back, or never left, anyway then there were even more of them! I tried malware removers, agent ransack, and the automatic hijack-this analyzer.

Thank you again,
Jane
__________________
removed1128 is offline  
Old 04-24-2005, 12:48 PM   #5
TSF Enthusiast
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,553
OS: XP SP2


Let's use a program to scan for any trojans that may exist. Download TDS-3. Learn how to use it here. Make sure to update it after you installed it. You can get the manual updates here. When you launch the program, it will scan your memory for running processes. This will take less than 30 seconds. Next go to System Testing on the menu and choose Full System Scan. After that's finished, post the log file by selecting everything on the top pane (select from bottom to top). If any alarms are found, it will be listed in the bottom window. Please copy and paste that here also if it applies.
__________________
POADB is offline  
Old 04-24-2005, 01:58 PM   #6
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,964
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Jane:

I'm still a little confused. How did you produce the above FBI log..since you said you didn't install this program? What did you use to produce the log? Is this just the contents of a file...fbi.log?


Did you create this directory..?C:\SYSTEM.SAV


Again..I've never seen a log like this..but could this stuff been on there since around Christmas? Maybe the replacement Hard Drive....was not wiped before they installed it.

**Note** Your hijackthis log is clean.

Lets look and see if this thing is using a service...

Download GetServices http://www.bleepingcomputer.com/file...etservices.zip

Unzip the files to a folder on your desktop and run the getservices.bat file. A log will be produced. Post that log.


EDIT:: After reviewing this log a second time..it could be a legit Factory Backup Install log...for your OS for when you restore the OS from a backup copy.
__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
Old 04-26-2005, 06:02 PM   #7
Registered Member
 
removed1128's Avatar
 
Join Date: Apr 2005
Posts: 4
OS: XP


Thank you for the replies, and yes, the "factory installer" sounds very likely as a culprit. Still creepy about "ignore bad boy list" and "suicide" but as you suggested, perhaps that was added by the repair shop guys, or not wiped off the replacement hard drive.

Thank you for the link to TDS3, it was extremely cool. But when I did the system scan, got intrusion alarms, so I panicked and jumped out.

Thank you also for the link to Get Sevice, attatched below.

Not to be a broken record, but thank you!

Jane

get service log

PsService v1.1 - local and remote services viewer/controller
Copyright (C) 2001-2003 Mark Russinovich
Sysinternals - www.sysinternals.com

SERVICE_NAME: Alerter
Notifies selected users and computers of administrative alerts. If the service is stopped, programs that use administrative alerts will not receive them. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Alerter
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: ALG
Provides support for 3rd party protocol plug-ins for Internet Connection Sharing and the Windows Firewall.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\alg.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Layer Gateway Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: AppMgmt
Provides software installation services such as Assign, Publish, and Remove.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Application Management
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: aspnet_state
Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ASP.NET State Service
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: Ati HotKey Poller
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\Ati2evxx.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Ati HotKey Poller
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: AudioSrv
Manages audio devices for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : AudioGroup
TAG : 0
DISPLAY_NAME : Windows Audio
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: BITS
Transfers files in the background using idle network bandwidth. If the service is stopped, features such as Windows Update, and MSN Explorer will be unable to automatically download programs and other information. If this service is disabled, any services that explicitly depend on it may fail to transfer files if they do not have a fail safe mechanism to transfer files directly through IE in case BITS has been disabled.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Background Intelligent Transfer Service
DEPENDENCIES : Rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: Browser
Maintains an updated list of computers on the network and supplies this list to computers designated as browsers. If this service is stopped, this list will not be updated or maintained. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Computer Browser
DEPENDENCIES : LanmanWorkstation
: LanmanServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccEvtMgr
Symantec Event Manager
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Event Manager
DEPENDENCIES : RPCSS
: ccSetMgr
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccPwdSvc
Symantec Password Validation Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec Password Validation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ccSetMgr
Symantec Settings Manager
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Settings Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: cisvc
Indexes contents and properties of files on local and remote computers; provides rapid access to files through flexible querying language.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\cisvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Indexing Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ClipSrv
Enables ClipBook Viewer to store information and share it with remote computers. If the service is stopped, ClipBook Viewer will not be able to share information with remote computers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\clipsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ClipBook
DEPENDENCIES : NetDDE
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: COMSysApp
Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : COM+ System Application
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 30 seconds
FAILURE_ACTIONS : Restart DELAY: 1000 seconds
: Restart DELAY: 5000 seconds
: None DELAY: 1000 seconds

SERVICE_NAME: CryptSvc
Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Cryptographic Services
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: DcomLaunch
Provides launch functionality for DCOM services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k DcomLaunch
LOAD_ORDER_GROUP : Event Log
TAG : 0
DISPLAY_NAME : DCOM Server Process Launcher
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: Dhcp
Manages network configuration by registering and updating IP addresses and DNS names.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DHCP Client
DEPENDENCIES : Tcpip
: Afd
: NetBT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmadmin
Configures hard disk drives and volumes. The service only runs for configuration processes and then stops.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\dmadmin.exe /com
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager Administrative Service
DEPENDENCIES : RpcSs
: PlugPlay
: DmServer
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: dmserver
Detects and monitors new hard disk drives and sends disk volume information to Logical Disk Manager Administrative Service for configuration. If this service is stopped, dynamic disk status and configuration information may become out of date. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Logical Disk Manager
DEPENDENCIES : RpcSs
: PlugPlay
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Dnscache
Resolves and caches Domain Name System (DNS) names for this computer. If this service is stopped, this computer will not be able to resolve DNS names and locate Active Directory domain controllers. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k NetworkService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : DNS Client
DEPENDENCIES : Tcpip
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: ERSvc
Allows error reporting for services and applictions running in non-standard environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Error Reporting Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Eventlog
Enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. This service cannot be stopped.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : Event log
TAG : 0
DISPLAY_NAME : Event Log
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: EventSystem
Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : COM+ Event System
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: FastUserSwitchingCompatibility
Provides management for applications that require assistance in a multiple user environment.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Fast User Switching Compatibility
DEPENDENCIES : TermService
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: helpsvc
Enables Help and Support Center to run on this computer. If this service is stopped, Help and Support Center will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Help and Support
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 100 seconds
: Restart DELAY: 100 seconds
: None DELAY: 100 seconds

SERVICE_NAME: HidServ
Enables generic input access to Human Interface Devices (HID), which activates and maintains the use of predefined hot buttons on keyboards, remote controls, and other multimedia devices. If this service is stopped, hot buttons controlled by this service will no longer function. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Human Interface Device Access
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HPConfig
(null)
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\HPConfig.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HP Configuration Interface Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HPWirelessMgr
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HPWirelessMgr
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: HTTPFilter
This service implements the secure hypertext transfer protocol (HTTPS) for the HTTP service, using the Secure Socket Layer (SSL). If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k HTTPFilter
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : HTTP SSL
DEPENDENCIES : HTTP
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ImapiService
Manages CD recording using Image Mastering Applications Programming Interface (IMAPI). If this service is stopped, this computer will be unable to record CDs. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\imapi.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IMAPI CD-Burning COM Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanserver
Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Server
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: lanmanworkstation
Creates and maintains client network connections to remote servers. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : Workstation
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: LmHosts
Enables support for NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : TCP/IP NetBIOS Helper
DEPENDENCIES : NetBT
: Afd
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: LPDSVC
Provides a TCP/IP-based printing service that uses the Line Printer protocol.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\tcpsvcs.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : TCP/IP Print Server
DEPENDENCIES : Tcpip
: Spooler
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Messenger
Transmits net send and Alerter service messages between clients and servers. This service is not related to Windows Messenger. If this service is stopped, Alerter messages will not be transmitted. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Messenger
DEPENDENCIES : LanmanWorkstation
: NetBIOS
: PlugPlay
: RpcSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: mnmsrvc
Enables an authorized user to access this computer remotely by using NetMeeting over a corporate intranet. If this service is stopped, remote desktop sharing will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\mnmsrvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NetMeeting Remote Desktop Sharing
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: MSDTC
Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will not occur. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\msdtc.exe
LOAD_ORDER_GROUP : MS Transactions
TAG : 0
DISPLAY_NAME : Distributed Transaction Coordinator
DEPENDENCIES : RPCSS
: SamSS
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: MSIServer
Adds, modifies, and removes applications provided as a Windows Installer (*.msi) package. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\msiexec.exe /V
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Installer
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: navapsvc
Handles Norton AntiVirus Auto-Protect events.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : "C:\Program Files\Norton AntiVirus\navapsvc.exe"
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton AntiVirus Auto-Protect Service
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDE
Provides network transport and security for Dynamic Data Exchange (DDE) for programs running on the same computer or on different computers. If this service is stopped, DDE transport and security will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP : NetDDEGroup
TAG : 0
DISPLAY_NAME : Network DDE
DEPENDENCIES : NetDDEDSDM
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NetDDEdsdm
Manages Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\netdde.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network DDE DSDM
DEPENDENCIES :
: EGrLocalSystem
: Network DDE DSDM
: etwork DDE
: on AntiVirus Auto-Protect Service
: n Coordinator
: ion
: er
: okiesx
: 
: 
: 
: 87
: 87
: ges Dynamic Data Exchange (DDE) network shares. If this service is stopped, DDE network shares will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
:
: u
: n
: a
: v
: a
: i
: l
: a
: b
: l
: e
: .
:
: I
: f
:
: t
: h
: i
: s
:
: s
: e
: r
: v
: i
: c
: e
:
: i
: s
:
: d
: i
: s
: a
: b
: l
: e
: d
: ,
:
: a
: n
: y
:
: s
: e
: r
: v
: i
: c
: e
: s
:
: t
: h
: a
: t
:
: e
: x
: p
: l
: i
: c
: i
: t
: l
: y
:
: d
: e
: p
: e
: n
: d
:
: o
: n
:
: i
: t
:
: w
: i
: l
: l
:
: f
: a
: i
: l
:
: t
: o
:
: s
: t
: a
: r
: t
: .
:
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netlogon
Supports pass-through authentication of account logon events for computers in a domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP : RemoteValidation
TAG : 0
DISPLAY_NAME : Net Logon
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Netman
Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Connections
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Nla
Collects and stores network configuration and location information, and notifies applications when this information changes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Location Awareness (NLA)
DEPENDENCIES : Tcpip
: Afd
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NPFMntor
Detects installation of Symantec Firewall clients
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Norton AntiVirus Firewall Monitor Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtLmSsp
Provides security to remote procedure call (RPC) programs that use transports other than named pipes.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : NT LM Security Support Provider
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: NtmsSvc
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Removable Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PlugPlay
Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\services.exe
LOAD_ORDER_GROUP : PlugPlay
TAG : 0
DISPLAY_NAME : Plug and Play
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Pml Driver HPZ12
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\HPZipm12.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Pml Driver HPZ12
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: PolicyAgent
Manages IP security policy and starts the ISAKMP/Oakley (IKE) and the IP security driver.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : IPSEC Services
DEPENDENCIES : RPCSS
: Tcpip
: IPSec
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ProtectedStorage
Provides protected storage for sensitive data, such as private keys, to prevent access by unauthorized services, processes, or users.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Protected Storage
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasAuto
Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Auto Connection Manager
DEPENDENCIES : RasMan
: Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RasMan
Creates a network connection.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Access Connection Manager
DEPENDENCIES : Tapisrv
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RDSessMgr
Manages and controls Remote Assistance. If this service is stopped, Remote Assistance will be unavailable. Before stopping this service, see the Dependencies tab of the Properties dialog box.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\sessmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Desktop Help Session Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RemoteAccess
Offers routing services to businesses in local area and wide area network environments.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 4 DISABLED
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Routing and Remote Access
DEPENDENCIES : RpcSS
: +NetBIOSGroup
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: RpcLocator
Manages the RPC name service database.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\locator.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC) Locator
DEPENDENCIES : LanmanWorkstation
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: RpcSs
Provides the endpoint mapper and other miscellaneous RPC services.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost -k rpcss
LOAD_ORDER_GROUP : COM Infrastructure
TAG : 0
DISPLAY_NAME : Remote Procedure Call (RPC)
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService
FAIL_RESET_PERIOD : 0 seconds
FAILURE_ACTIONS : Reboot DELAY: 60000 seconds

SERVICE_NAME: RSVP
Provides network signaling and local traffic control setup functionality for QoS-aware programs and control applets.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\rsvp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : QoS RSVP
DEPENDENCIES : TcpIp
: Afd
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SamSs
Stores security information for local user accounts.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\lsass.exe
LOAD_ORDER_GROUP : LocalValidation
TAG : 0
DISPLAY_NAME : Security Accounts Manager
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SAVScan
Handles Norton AntiVirus Auto-Protect Archive Scanning
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Norton AntiVirus\SAVScan.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SAVScan
DEPENDENCIES : SAVRT
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SBService
(null)
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : ScriptBlocking Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SCardSvr
Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\SCardSvr.exe
LOAD_ORDER_GROUP : SmartCardGroup
TAG : 0
DISPLAY_NAME : Smart Card
DEPENDENCIES : PlugPlay
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: Schedule
Enables a user to configure and schedule automated tasks on this computer. If this service is stopped, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : SchedulerGroup
TAG : 0
DISPLAY_NAME : Task Scheduler
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: seclogon
Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 120 WIN32_SHARE_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Secondary Logon
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SENS
Tracks system events such as Windows logon, network, and power events. Notifies COM+ Event System subscribers of these events.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : Network
TAG : 0
DISPLAY_NAME : System Event Notification
DEPENDENCIES : EventSystem
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SharedAccess
Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Firewall/Internet Connection Sharing (ICS)
DEPENDENCIES : Netman
: WinMgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: ShellHWDetection
(null)
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : ShellSvcGroup
TAG : 0
DISPLAY_NAME : Shell Hardware Detection
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNDSrvc
Symantec Network Drivers Service
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec Network Drivers Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNMP
Includes agents that monitor the activity in network devices and report to the network console workstation.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\snmp.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SNMP Service
DEPENDENCIES : EventLog
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SNMPTRAP
Receives trap messages generated by local or remote SNMP agents and forwards the messages to SNMP management programs running on this computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\snmptrap.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SNMP Trap Service
DEPENDENCIES : EventLog
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: SPBBCSvc
Symantec SPBBC
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
LOAD_ORDER_GROUP : Symantec Services
TAG : 0
DISPLAY_NAME : Symantec SPBBCSvc
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Spooler
Loads files to memory for later printing.
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\spoolsv.exe
LOAD_ORDER_GROUP : SpoolerGroup
TAG : 0
DISPLAY_NAME : Print Spooler
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: srservice
Performs system restore functions. To stop service, turn off System Restore from the System Restore tab in My Computer->Properties
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : System Restore Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SSDPSRV
Enables discovery of UPnP devices on your home network.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : SSDP Discovery Service
DEPENDENCIES : HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: stisvc
Provides image acquisition services for scanners and cameras.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k imgsvc
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Image Acquisition (WIA)
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SwPrv
Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\System32\dllhost.exe /Processid:{31C470A8-D205-4842-AC2A-CD97FEB974AF}
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : MS Software Shadow Copy Provider
DEPENDENCIES : rpcss
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Symantec Core LC
Symantec Core LC
TYPE : 110 WIN32_OWN_PROCESS INTERACTIVE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Symantec Core LC
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: SysmonLog
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\smlogsvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Performance Logs and Alerts
DEPENDENCIES :
SERVICE_START_NAME: NT Authority\NetworkService

SERVICE_NAME: TapiSrv
Provides Telephony API (TAPI) support for programs that control telephony devices and IP based voice connections on the local computer and, through the LAN, on servers that are also running the service.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Telephony
DEPENDENCIES : PlugPlay
: RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: TermService
Allows multiple users to be connected interactively to a machine as well as the display of desktops and applications to remote computers. The underpinning of Remote Desktop (including RD for Administrators), Fast User Switching, Remote Assistance, and Terminal Server.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost -k DComLaunch
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Terminal Services
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: Themes
Provides user experience theme management.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : UIGroup
TAG : 0
DISPLAY_NAME : Themes
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds
: None DELAY: 0 seconds

SERVICE_NAME: TrkWks
Maintains links between NTFS files within a computer or across computers in a network domain.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Distributed Link Tracking Client
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: UMWdf
Enables Windows user mode drivers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\wdfmgr.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows User Mode Driver Framework
DEPENDENCIES : RpcSs
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: upnphost
Provides support to host Universal Plug and Play devices.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Universal Plug and Play Device Host
DEPENDENCIES : SSDPSRV
: HTTP
SERVICE_START_NAME: NT AUTHORITY\LocalService
FAIL_RESET_PERIOD : -1 seconds
FAILURE_ACTIONS : Restart DELAY: 0 seconds

SERVICE_NAME: UPS
Manages an uninterruptible power supply (UPS) connected to the computer.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\ups.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Uninterruptible Power Supply
DEPENDENCIES :
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: VSS
Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\vssvc.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Volume Shadow Copy
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: W32Time
Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Time
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 5 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WebClient
Enables Windows-based programs to create, access, and modify Internet-based files. If this service is stopped, these functions will not be available. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k LocalService
LOAD_ORDER_GROUP : NetworkProvider
TAG : 0
DISPLAY_NAME : WebClient
DEPENDENCIES : MRxDAV
SERVICE_START_NAME: NT AUTHORITY\LocalService

SERVICE_NAME: winmgmt
Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 0 IGNORE
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Management Instrumentation
DEPENDENCIES : RPCSS
: Eventlog
SERVICE_START_NAME: LocalSystem
FAIL_RESET_PERIOD : 86400 seconds
FAILURE_ACTIONS : Restart DELAY: 60000 seconds
: Restart DELAY: 60000 seconds

SERVICE_NAME: WmcCds
Serves shared multimedia content to Universal Plug and Play devices
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : c:\program files\windows media connect\mswmccds.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Media Connect (WMC)
DEPENDENCIES : RPCSS
: UPNPHOST
: WmcCdsLs
SERVICE_START_NAME: NT AUTHORITY\NetworkService

SERVICE_NAME: WmcCdsLs
Monitors the network for new UPnP Media Renderer devices.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\Program Files\Windows Media Connect\mswmcls.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Windows Media Connect (WMC) Helper
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmdmPmSN
Retrieves the serial number of any portable media player connected to this computer. If this service is stopped, protected content might not be down loaded to the device.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Portable Media Serial Number Service
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WmiApSrv
Provides performance library information from WMI HiPerf providers.
TYPE : 10 WIN32_OWN_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\wbem\wmiapsrv.exe
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : WMI Performance Adapter
DEPENDENCIES : RPCSS
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wscsvc
Monitors system security settings and configurations.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Security Center
DEPENDENCIES : RpcSs
: winmgmt
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: wuauserv
Enables the download and installation of critical Windows updates. If the service is disabled, the operating system can be manually updated at the Windows Update Web site.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\system32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Automatic Updates
DEPENDENCIES :
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: WZCSVC
Provides automatic configuration for the 802.11 adapters
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 2 AUTO_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP : TDI
TAG : 0
DISPLAY_NAME : Wireless Zero Configuration
DEPENDENCIES : RpcSs
: Ndisuio
SERVICE_START_NAME: LocalSystem

SERVICE_NAME: xmlprov
Manages XML configuration files on a domain basis for automatic network provisioning.
TYPE : 20 WIN32_SHARE_PROCESS
START_TYPE : 3 DEMAND_START
ERROR_CONTROL : 1 NORMAL
BINARY_PATH_NAME : C:\WINDOWS\System32\svchost.exe -k netsvcs
LOAD_ORDER_GROUP :
TAG : 0
DISPLAY_NAME : Network Provisioning Service
DEPENDENCIES : RpcSs
SERVICE_START_NAME: LocalSystem
__________________
removed1128 is offline  
Old 04-27-2005, 12:55 AM   #8
TSF Security Team, Emeritus
 
MicroBell's Avatar
 
Join Date: Sep 2004
Location: Carmichaels, PA-USA
Posts: 6,964
OS: Windows 7


Send a message via ICQ to MicroBell Send a message via MSN to MicroBell
Jane:

Nothing suspious in your service log. I would however run a FULL system scan using TDS-3. Once it finishs it will list what it finds in the bottom window. Delete any positive ID trojans.

As for the fbi.log..I would not worry about it since it looks legit.

__________________
We Are The BORG Spyware KILLER and Adware Destroyer!



MicroBell is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 06:34 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts