NirBlog

SoundVolumeView is a new tool for Windows Vista/7/8/2008 that displays general information and current volume level for all active sound components on your system, and allows you to mute and unmute them instantly.
SoundVolumeView also allows you to save a sound profile into a file, containing the current volume level and the mute/unmute state of all sound components, as well as the default sound devices, and then later, load the same file to restore exactly the same volume levels and settings.
There is also extensive command-line support, which allows you to save/load profiles, change current volume of every sound component, and mute/unmute every sound component, without displaying any user interface.

SoundVolumeView

You can download this new tool from this Web page.

EventLogSourcesView is a new tool that displays the list of all event log sources installed on your system.
For every event log source, the following information is displayed: Event Source Name, Event Type, DLL/EXE Files containing the event message strings, Registry Modified Time, and version information taken from the DLL/EXE file (Product Name, Company, File Description, File Version)
EventLogSourcesView also allows you to export the event log sources list into tab-delimited/comma-delimited/html/xml file.

EventLogSourcesView

You can download the EventLogSourcesView utility from this Web page.

NetworkLatencyView is a new utility for Windows that listens to the TCP connections on your system and calculates the network latency (in milliseconds) for every new TCP connection detected on your system. For every IP address, NetworkLatencyView displays up to 10 network latency values, and their average. The latency value calculated by NetworkLatencyView is very similar to the result you get from pinging to the same IP address.
NetworkLatencyView also allows you to easily export the latency information to text/csv/tab-delimited/html/xml file, or copy the information to the clipboard and then paste it to Excel or other application.

In order to allow this tool to capture the TCP packets, you may need to install the WinPcap capture driver or Microsoft Network Monitor driver – version 3.4.

NetworkLatencyView

You can download this new utility from this Web page.

WinLogOnView is a new tool for Windows Vista/7/8/2008 that analyses the security event log of Windows operating system, and detects the exact date/time that users logged on and logged off. For every time that a user log on/log off to your system, the following information is displayed: Logon ID, User Name, Domain, Computer, Logon Time, Logoff Time, Duration, and network address.
WinLogOnView also allows you to easily export the logon sessions information to tab-delimited/comma-delimited/html/xml file.

WinLogOnView

You can download this new tool from this Web page.

TurnedOnTimesView is a new tool that analyses the event log of Windows operating system, and detects the time ranges that your computer was turned on. For every period of time that the computer was turned on, the following information is displayed: Startup Time, Shutdown Time, Duration, Shutdown Reason, Shutdown Type, Shutdown Process, and Shutdown Code.

TurnedOnTimesView allows you to get this information from your local computer, and from remote computer on your network if you have enough privilege to read the event log of Windows remotely.

TurnedOnTimesView

You can download this new tool from this Web page.

DNSQuerySniffer is a new network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and so on), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records.
You can easily export the DNS queries information to csv/tab-delimited/xml/html file, or copy the DNS queries to the clipboard, and then paste them into Excel or other spreadsheet application.

DNSQuerySniffer works on any version of Windows, starting from Windows 2000, and up to Windows 8. Both 32-bit and 64-bit systems are supported.

DNSQuerySniffer

You can download this new utility from this Web page.

The new version of WebBrowserPassView utility (v1.40) has the ability to extract the passwords stored by Internet Explorer 10.0
You might think that I added only one feature for this new release, but I actually added 2 features: one for supporting Internet Explorer 10.0 on Windows 8 and the other to support Internet Explorer 10.0 on Windows 7.

That’s because IE10 stores the passwords in completely 2 different ways. On Windows 7, it still stores the passwords like the previous versions of IE, under the following Registry key: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2
The passwords under this Registry key are encrypted with the URL string and thus  WebBrowserPassView needs to scan the browsing history of IE to decrypt these passwords. Due to the changes on IE10, WebBrowserPassView failed to read the IE history and thus it also failed to get the passwords. The new version of WebBrowserPassView reads the history of IE10 properly and thus the password decryption process also works properly.

On IE10 under Windows 8 it’s a completely different story: The passwords are now stored inside the ‘Windows Vault’, located in the file system under C:\Users\[User Name]\AppData\Local\Microsoft\Vault\4BF4C442-9B8A-41A0-B380-DD4A704DDB28
WebBrowserPassView extracts these passwords by using the undocumented Credential Vault Client Library  (vaultcli.dll)

The support for IE10 passwords is also added to the Password Security Scanner tool, and soon it’ll also be added to the IE PassView utility.

A few months ago, I released a new version of BrowsingHistoryView that extracted the history of Internet Explorer 10 from the locked WebCacheV01.dat (or WebCacheV24.dat) database file by using the ‘Volume Shadow Copy’ service.
The previous solution was not very successful, because it required full admin rights, it was very slow, and it also tend to fail on some systems.

The new version of BrowsingHistoryView (v1.30) provides much better solution to read the locked database of IE10. It locates the process that maintains the opened file, duplicates the file handle, and then uses the duplicated handle to copy the content of the locked database to into a temporary file. BrowsingHistoryView reads the history from the created temporary file and then deletes the temporary file.

So far, in all my tests, this method works very smoothly and it doesn’t require to run BrowsingHistoryView as admin.

If you have Internet Explorer 10, you are welcomed to download and test the new version of BrowsingHistoryView from this Web page.

TcpLogView is a new utility that monitors the opened TCP connections on your system, and adds a new log line every time that a TCP connection is opened or closed. For every log line, the following information is displayed: Even Time, Event Type (Open, Close, Listen), Local Address, Remote Address, Remote Host Name, Local Port, Remote Port, Process ID, Process Name, and the country information of the Remote IP (Requires to download IP to country file separately.)

Be aware that TcpLogView creates the TCP log by taking a snapshot of currently open TCP connections, and comparing it to the previous snapshot, so if a TCP connection is opened for a very short time, then TcpLogView will not be able to capture it.

TcpLogView

You can download TcpLogView from this Web page.

NetConnectChoose is a new utility that allows you to easily choose the default Internet connection that will be used by all Internet applications, when you have more than a single Internet connection on the same time. (Each connection on different network adapter)
It also displays extensive information about every active network/Internet connection, including network adapter name, MAC Address, Name Servers, MTU, Interface Speed, current incoming/outgoing data speed, number of received/sent packets, received/sent bytes, and more…

NetConnectChoose

You can download this new utility from this Web page.