NirBlog

NTFS system has a feature that allows to add multiple streams in addition to the main file stream. When you open or view the file, only the main file stream is visible, while other additional streams are hidden from the user.

Here’s 3 examples of alternate streams usage in Windows operating system:

1. Favorites of Internet Explorer: When You add a Web site link into your ‘Favorites’, a .url file containing the url and description is created. However, if the Web site also have an icon (favicon), the icon is saved as alternate stream for the same url file. The stream name of the icon is :favicon:$DATA
2. Downloaded files of Internet Explorer: When you download and save a file with Internet Explorer, it automatically add a zone information for the saved file. This zone information is used for identifying the file as downloaded file from the Internet. The stream name in this case is :Zone.Identifier:$DATA
3. Summary information of files: When you right-click on a file in Explorer and go to the ‘Summary’ tab, you can add summary information for the file, like title, subject, author, and so on. This summary information is also saved into alternate stream. The stream name in this case is SummaryInformation:$DATA.

In addition to the legitimate usage of alternate streams, this technique may also be used by Viruses/Trojans/Spywares for saving data and hiding it from the user.

AlternateStreamView is a new GUI tool that allows you to easily scan your NTFS drive, and find all hidden alternate streams stored in the file system. After scanning and finding the alternate streams, you can extract these streams into the specified folder, delete unwanted streams, or save the streams list into text/html/csv/xml file.

For more information and download link, click here

MozillaCacheView and OperaCacheView:

• Added support for cache filter. (Display only URLs which contain the specified filter strings)

RegScanner:

• Export Selected Items – String values are now exported as strings and DWord values are now exported as DWords. (In previous versions they exported as binary)
• Fixed bug: When using ‘Export Selected Items’ more than once, the first key was missed

FavoritesView:

• Added support for command-line.
• Added support for saving as .csv file.
• The settings are not saved to .cfg file instead of the Registry.

• MyLastSearch: Added filter by Web browser (in Advanced Options)
• InsideClipboard: Added support for saving and loading as Windows .clp file. You can use it from the user interface or from command-line.
• IECacheView: Added support for cache filter. (Display only URLs which contain the specified filter strings)
• BluetoothView: New Option: Execute a command when a new Bluetooth device is detected. (In ‘Advanced Options’)
• NirCmd:
  • New actions for clipboard command – loadclp and saveclp (load/save in Windows .clp format)
  • New command: setprocessaffinity

• SysExporter: Added support for drag And drop feature – Allows you to easily locate the desired window simply by dragging the target icon from the SysExporter toolbar into the window that you need to grab the data.
• RegScanner: New option: Show found items during the scan process
• Mail PassView: Added support for Windows Live Mail.
• PasswordFox: Added new option in ‘Select Folders’ dialog-box: Remember the folder settings in the next time that you use PasswordFox.
• Dialupass: Dialupass now also locate the phonebook file even when the ‘Application Data’ folder is in non-english language.
• CurrPorts:
  • Added new column: Window Title (The window title of the process)
  • Added ‘Cleal All Filters’ option.
  • Added ‘Include Selected Processes In Filters’ option. Allows you to easily filter by selected processes.

SiteShoter:

• Added new options: ‘Save Config’ and ‘Load Config’
• Added new command-line option: /LoadConfig – Start SiteShoter with the specified config file.
• Added new command-line option: /RunConfig – Take a screenshot according to the specified config file, without displaying any UI.

ResourcesExtract:

• Added new options: ‘Save Config’ and ‘Load Config’
• Added new command-line option: /LoadConfig – Start ResourcesExtract with the specified config file.
• Added new command-line option: /RunConfig – Extract resources according to the specified config file, without user interface.

RegDllView:

• Added new option: ‘Create .Reg File For Deleting Entries’ – Allows you to create a .reg file that will remove all entries of the selected registered files when you run it. This option can be useful if you want to clean the same registered files in multiple machines.
• Added more accelerator keys.
• Fixed the focus problem after using the unregister/delete options.

Dialupass:

• Dialupass completely rewritten, and the new version contains all the current NirSoft standards, including the ability to translate to other languages.
• Added support for recovering dialup passwords from external instance of Windows 2000/XP/2003. This feature can be useful if you have a dead operating system that cannot boot anymore.
• Added support for setting dialup user/password from command-line (/setpass)

NirCmd:

• New commands: waitprocess, setprocesspriority, qboxtop, qboxcomtop.
• New action in clipboard command: copyimage (Copy image file to the clipboard)

OpenedFilesView:

• New option: Bring process to front.
• Added more accelerator keys.

The new version of WirelessKeyView now allows you to recover your wireless network keys from external instance of Windows XP operating system (Vista is not supported yet). This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the ‘Advanced Options’ in the File
menu, or from command-line, by using the /external parameter.

Dialupass is one of the oldest utilities in my sites (7+ years !), so I decided to completely rewrite it, instead of continuing the development of the old one. The new version contains all the current NirSoft standards, including the ability to translate to other languages.
There is also one useful new feature: You can now extract the dialup passwords from an external instance of Windows 2000/XP/2003 (In Advanced Options).

Dialupass 3 is not officially released yet, but you can download a Beta version from here.

The new version of LsaSecretsView allows you to extract the LSA secrets from an external instance of Windows operating system. This feature can be useful if you have a dead system that cannot boot anymore.
You can use this feature from the user-interface, by using the ‘Advanced Options’ in the File
menu, or from command-line, by using the /external parameter.
This feature was also added to LSASecretsDump, which is the console version of LsaSecretsView.

Be aware the currently this feature works for Windows 2000/XP/2003, but not for Windows Vista.

The new version of IE PassView (v1.15) allows you to extract lost passwords stored by Internet Explorer 7.0 from an external drive. This feature can be useful if you have a dead system that cannot boot anymore, and you want to recover your passwords from there.
In order to use this feature, you must know the last log-on password that you used for the user profile that store the passwords.

The new version of Volumouse now allows you to choose any color for the the On-Screen Indicator, as well as you can choose to display a percent label.

Here’s a sample screenshot: