New tool that compares snapshots of Windows Registry

July 14th, 2017

RegistryChangesView is a new tool for Windows that allows you to take a snapshot of Windows Registry and later compare it with another Registry snapshots, with the current Registry or with Registry files stored in a shadow copy created by Windows. When comparing 2 Registry snapshots, you can see the exact changes made in the Registry between the 2 snapshots, and optionally export the Registry changes into a standard .reg file of RegEdit.

RegistryChangesView

You can download RegistryChangesView from this Web page.

New utility that shows network usage information collected by Windows 8 and Windows 10

July 2nd, 2017

NetworkUsageView is a new tool that extracts and displays the network usage information stored in the SRUDB.dat database of Windows 8 and Windows 10. The network usage data is collected every hour by Windows operating systems and includes the following information: The name and description of the service or application, the name and SID of the user, the network adapter, and the total number of bytes sent and received by the specified service/application.

NetworkUsageView

You can download this new tool from this Web page.

 

New uninstall tool for Windows

May 3rd, 2017

UninstallView is a new tool for Windows that collects information about all programs installed on your system and displays the details of the installed programs in one table. You can use it to get installed programs information for your local system, for remote computer on your network, and for external hard-drive plugged to your computer. It also allows you to easily uninstall a software on your local computer and remote computer (Including quiet uninstall if the installer supports it).

UninstallView is designed to replace the old MyUninstaller tool.

UninstallView

 

You can download the new UninstallView utility from this Web page.

New DPAPI decryption tool

March 15th, 2017

DataProtectionDecryptor is a powerful tool for Windows that allows you to decrypt passwords and other information encrypted by the DPAPI (Data Protection API) system of Windows operating system. You can use this tool to decrypt DPAPI data on your current running system and to decrypt DPAPI data stored on external hard drive.
DPAPI is a decryption/encryption system used by Microsoft products as well as by 3-party products to decrypt and encrypt passwords and other secret information on Windows operating system. Here's some examples for data encrypted with DPAPI: Passwords of Microsoft Outlook accounts (Stored in the Registry),  Passwords stored in the Credentials file of Windows (Login passwords of remote computers, Remote Desktop passwords and more...), wireless network keys, passwords and cookies of Chrome Web browser, and more...

DataProtectionDecryptor

DataProtectionDecryptor

You can read about using this DPAPI decryption tool in this Web page.

 

New utility that shows all loaded DLLs on your system

February 8th, 2017

LoadedDllsView is a new tool for Windows that scans all running processes on your system and displays the list of all DLL files loaded by these processes and the number of processes that load each DLL in the list. When selecting a DLL file in the upper pane of LoadedDllsView, the lower pane displays the list of all processes that use the selected DLL file. It also allows you to filter the DLL list by DLL type (32-bit/64-bit) , by strings appear in the version resource of the DLL (Company name, product name, so on...), and by specifying wildcard for the DLL filename.

LoadedDllsView

LoadedDllsView

You can download LoadedDllsView from this Web page.

 

New utility that displays extensive information about all windows currently opened on your system.

November 22nd, 2016

GUIPropView is a new utility that displays extensive information about all windows currently opened on your system. The upper pane of GUIPropView displays all top level windows, and when you select a window in the upper pane, the lower pane displays the list of all child windows of the selected top level window.  You can also select one or more windows and then do some actions on them like close, hide, show, minimize, maximize, disable, enable, and so on...

GUIPropView

GUIPropView

GUIPropView is a replacement for my very old WinLister utility and you can download it from this Web page.

New tool that shows encrypted data stored inside the Registry of Windows

October 19th, 2016

EncryptedRegView is a new tool for Windows that scans the Registry of your current running system or the Registry of external hard drive you choose and searches for data encrypted with DPAPI (Data Protection API). When it finds encrypted data in the Registry, it tries to decrypt it and displays the decrypted data in the main window of EncryptedRegView. With this tool, you may find passwords and other secret data stored in the Registry by Microsoft products as well as by 3-party products.

EncryptedRegView

EncryptedRegView

You can download this new tool from this Web page.

New utility that decrypts the Credentials files of Windows

September 29th, 2016

CredentialsFileView is a new utility for Windows that decrypts and displays the passwords and other data stored inside Credentials files of Windows. You can use it to decrypt the Credentials data of your currently running system, as well as the Credentials data stored on external hard drive. Inside the Credentials files of Windows you may find the following information: Login passwords of remote computers on your LAN, Passwords of mail accounts on exchange server (stored by Microsoft Outlook), Remote Desktop 6 user\password information,  Windows Live session information, and more...

CredentialsFileView

CredentialsFileView

 

You can download the CredentialsFileView utility from this Web page.

 

New tool that decrypts Windows Vault passwords

September 24th, 2016

VaultPasswordView is a new tool for Windows 10/8/7 that decrypts and displays the passwords and other data stored inside 'Windows Vault'. You can use it to decrypt the Windows Vault data of your currently running system, as well as the Windows Vault data stored on external hard drive.  This tool is useful especially for Windows 8 and Windows 10, because the passwords and other security information of Windows Mail , Internet Explorer 10.0/11.0, and Microsoft Edge Web browser are stored inside Windows vault.

Be aware that in order to decrypt the Windows Vault data you have to know the login password and type it in the 'Vault Decryption Options' window.

VaultPasswordView

VaultPasswordView

You can download the VaultPasswordView from this Web page.

 

New event log utilities for Windows 10/8/7/Vista

September 12th, 2016

FullEventLogView is a new utility for Windows 10/8/7/Vista that displays in a table the details of all events from the event logs of Windows, including the event description. It allows you to view the events of your local computer, events of a remote computer on your network, and events stored in .evtx files. It also allows you to export the events list to text/csv/tab-delimited/html/xml file from the GUI and from command-line. FullEventLogView is a replacement for the old MyEventViewer utility which uses old programming interface and thus it doesn't show all new event log added starting from Windows Vista.

FullEventLogView

FullEventLogView

You can download the new FullEventLogView from this Web page.

 

EventLogChannelsView is a new utility for Windows 10/8/7/Vista that shows the list of all event log channels on your system, including the channel name, event log filename, enabled/disabled status, current number of events in the channel, size of the event log file, and more...  It also allows you to easily make some actions on multiple channels at once: enable/disable channels, set their maximum file size, and clear all events stored in the channels.

EventLogChannelsView

EventLogChannelsView

You can download the new EventLogChannelsView from this Web page.