Interesting Programs in \windows

Interesting Programs (not linked via .lnk files) in \windows:

• DevHealth.exe will also be called by LogMaster and creates a very elaborate memory and process report. It is named "mem_1.txt" and is either located in the Storage Card root or the main memory root, sized ~ 292kB. Subsequent calls will generate files named mem_.txt where relates to the called number. This file includes the DLL relationship of all active loaded modules, so it is easy for ROM cleaners to sort out the debug ROM remains.
  -> This is the key application to investigate further any modifications of Startup options or ROM modifications.
• LogMaster.exe sets various trace and log points, can call netlogctl.exe, swmodemtrace.exe, celogflush.exe, DevHealth.exe, WinsockLogApp.exe, links to LogUtil.dll which relates to logfiles: OSImageVersion.txt, sqpco.log, sqmodem.log, sqdriver.log, sqatcmd.log
  My version is 2.4 (I have seen already 2.5 in another ROM).
  
• QDW.exe (internall referenced: "QDW.exe is launched by AppExceptionMonitor.exe", but this .exe is missing, only a dll is remaining) This would read (or write) to files in \Windows\System\ExceptionExtraLogs\. It calls copylog.exe to do the job.
  If directly called it asks for a memory card and generates a directory \yyyymmdd_hhmmss\ExceptionExtraLogs\ generating (copying) files ELog.txt KITL.txt qatcmd.log qdriver.log qmodem.log qpco.log verinfo.txt call is finished with "copy failed".
• PreForWSA.exe is called via HLKM\init\Launch.. and may prepare WinSockLogging (may call \Windows\WinsockLogApp.exe)
• prtscrn.exe generates a screendump of the current state, it is also called via long press of the Vol-Up key and generates a file called scncap.jpg in the "\My Documents" folder ( is a sequence number starting at 1).