What's on my USB?

Monday, December 27, 2004

Active Ports
Active Ports - easy to use tool for Windows NT/2000/XP that enables you to monitor all open TCP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to terminate the owning process. Active Ports can help you to detect trojans and other malicious programs.
http://www.download.com/3000-2085-10062969.html?part=65960&subj=dlpage&tag=button

More Freewares: http://www.protect-me.com/freeware.html

Zip EXtractor-IZArc
IZArc is the ultimate archive utility suports many archive formats like: 7-ZIP, A, ACE, ARC, ARJ, B64, BH, BZ2, BZA, CAB, CPIO, DEB, ENC, GCA, GZ, GZA, HA, JAR, LHA, LIB, LZH, MBF, MIM, PAK, PK3, RAR, RPM, TAR, TAZ, TBZ,
TGZ, TZ, UUE, WAR, XXE, YZ1, Z, ZIP, ZOO. With a modern easy-to-use interface, IZArc provides support for most compressed and encoded files, as well as access to many powerful features and tools. It allows you to drag and drop files from and to Windows Explorer, create and extract archives directly in Windows Explorer, create multiple archives spanning disks, creating self-extracting archives, repair damaged zip archives, converting from one archive type to another, view and write comments and many more. IZArc has also build-in multilanguage support.
http://www.izsoft.dir.bg/izarc.htm

Microsoft .NET Framework Version 1.1 Redistributable Package
The .NET Framework version 1.1 redistributable package includes everything you need to run applications developed using the .NET Framework.
http://www.microsoft.com/downloads/details.aspx?FamilyID=262d25e3-f589-4842-8157-034d1e7cf3a3&displaylang=en

DiskMon
DiskMon is an application that logs and displays all hard disk activity on a Windows system. You can also minimize DiskMon to your system tray where it acts as a disk light, presenting a green icon when there is disk-read activity and a red icon when there is disk-write activity.
http://www.sysinternals.com/ntw2k/freeware/diskmon.shtml

listdlls
A utility that will show me which DLLs are loaded on Windows 9x or NT
http://www.sysinternals.com/ntw2k/freeware/listdlls.shtml

TaskManagerEx
This is an extension for the Windows Task Manager (NT/2000). The features are the following:
- Show Application icons in Processes list (if available)
- Use different color for services
- Find a used file by any process. (Use * as file name for showing every used file)
(The search is a full text search, so for example you can use the extension only)
- Find a used module by any process
(The search is a full text search, so for example you can search for "kernel")
- Show Process ID in Applications tab
- Use different color for processes if the CPU usage reaches a given limit ( 25%, 50%, 75% )
- Query list of every files, handles, modules, windows used by a given process
- Close a used file (you can unlock an exclusively opened file, so you can delete it)
- Unload a used module (so you can delete it)
- You can kill services too
- Fast end process. Press DEL key!
http://www.codeguru.com/Cpp/W-P/system/taskmanager/article.php/c5763

Skype
Skype is free Internet telephony that just works.
Skype is for calling other people on their computers or phones. Download Skype and start calling for free all over the world.
http://www.skype.com/

tcpview
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality.
http://www.sysinternals.com/ntw2k/source/tcpview.shtml

UsesWhat
- a simple utility that scans import tables in Win32 modules for DLLs and APIs
- produces comma-delimited files for easy import into spreadsheet and database programs
- useful for scanning the system for instances of a particular API

http://www.smidgeonsoft.prohosting.com/#UsesWhat

WhoSLocking
Who'sLocking? is a a devpt/system management tool to find which process is locking a DLL.
http://www.codeguru.com/Cpp/W-P/dll/article.php/c3641/

Autoruns
This utility, which has the most comprehensive knowledge of auto-starting locations of any startup monitor (A starting list of auto-run locations was obtained from David Solomon's "Windows Internals" seminar), shows you what programs are configured to run during system bootup or login, and shows you the entries in the order Windows processes them. These programs include ones in your startup folder, Run, RunOnce, and other Registry keys. You can configure Autoruns to show other locations, including Explorer shell extensions, toolbars, browser helper objects, Winlogon notifications, auto-start services, and much more. Autoruns goes way beyond the MSConfig utility bundled with Windows Me and XP.
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

J2SE Runtime Environment (JRE)
http://java.sun.com/j2se/1.5.0/download.jsp

FileMon
FileMon monitors and displays file system activity on a system in real-time. Its advanced capabilities make it a powerful tool for exploring the way Windows works, seeing how applications use the files and DLLs, or tracking down problems in system or application file configurations. Filemon's timestamping feature will show you precisely when every open, read, write or delete, happens, and its status column tells you the outcome. FileMon is so easy to use that you'll be an expert within minutes. It begins monitoring when you start it, and its output window can be saved to a file for off-line viewing. It has full search capability, and if you find that you're getting information overload, simply set up one or more filters.
http://www.sysinternals.com/ntw2k/source/filemon.shtml

RegMon
Regmon is a Registry monitoring utility that will show you which applications are accessing your Registry, which keys they are accessing, and the Registry data that they are reading and writing - all in real-time. This advanced utility takes you one step beyond what static Registry tools can do, to let you see and understand exactly how programs use the Registry. With static tools you might be able to see what Registry values and keys changed. With Regmon you'll see how the values and keys changed..
http://www.sysinternals.com/ntw2k/source/regmon.shtml

Process Explorer
Process Explorer shows you information about which handles and DLLs processes have opened or loaded.
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.
http://www.sysinternals.com/ntw2k/freeware/procexp.shtml

Other tools from Sys Internals
http://www.sysinternals.com/sitemap.shtml

Spybot - Search & Destroy
Spybot - Search & Destroy can detect and remove spyware of different kinds from your computer. Spyware is a relatively new kind of threat that common anti-virus applications do not yet cover. If you see new toolbars in your Internet Explorer that you didn't intentionally install, if your browser crashes, or if you browser start page has changed without your knowing, you most probably have spyware. But even if you don't see anything, you may be infected, because more and more spyware is emerging that is silently tracking your surfing behaviour to create a marketing profile of you that will be sold to advertisement companies. Spybot-S&D is free, so there's no harm in trying to see if something snooped into your computer, too :)
http://www.safer-networking.org/en/spybotsd/index.html

WinPatrol
Scotty the Windows Watch Dog sniffs out malicious "mysteryware" , web attacks and parasites that may assault your computer. WinPatrol puts you back in control of your computer so you'll know what programs are and should be running at all times.
http://www.winpatrol.com/

xplorer2
The lightweight version of xplorer² is not a crippled unusable salesman of the professional version. It shares the same browsing and management engine, and gives many rival professional file managers a run for their money — literally! It is a complete little file manager, albeit lacking a bit in bells and whistles.
http://netez.com/xplorer2/x2lite.htm

Firefox
http://www.mozilla.org/products/firefox/

CWShredder & HijackThis
Tools to keep your PC clean
http://www.spywareinfo.com/~merijn/downloads.html

Stinger
Stinger is a stand-alone utility used to detect and remove specific viruses. It is not a substitute for full anti-virus protection, but rather a tool to assist administrators and users when dealing with an infected system. Stinger utilizes next generation scan engine technology, including process scanning, digitally signed DAT files, and scan performance optimizations.
http://vil.nai.com/vil/stinger/

Roadkil's Unstoppable Copier
Recovers files from disks with physical damage. Allows you to copy files from disks with problems such as bad sectors, scratches or that just give errors when reading data. The program will attempt to recover every readable piece of a file and put the pieces together. Using this method most types of files can be made useable even if some parts were not recoverable in the end.
http://www.roadkil.net/unstopcp.html

Dependency Walker
Dependency Walker is a free utility that scans any 32-bit or 64-bit Windows module (exe, dll, ocx, sys, etc.) and builds a hierarchical tree diagram of all dependent modules. For each module found, it lists all the functions that are exported by that module, and which of those functions are actually being called by other modules. Another view displays the minimum set of required files, along with detailed information about each file including a full path to the file, base address, version numbers, machine type, debug information, and more.
http://www.dependencywalker.com/

MyTools: (Shameless plugging)
http://weblogs.asp.net/nleghari/archive/2004/07/31/amazonbrowser.aspx
http://weblogs.asp.net/nleghari/articles/codeshareaddin.aspx
http://weblogs.asp.net/nleghari/articles/annotate.aspx
http://weblogs.asp.net/nleghari/posts/27951.aspx

+ Demo Presentations for some services
http://weblogs.asp.net/nleghari/articles/146585.aspx
http://weblogs.asp.net/nleghari/articles/146586.aspx

I have still quite a lot of space left in my USB (around 100+MB out of 256) therefore if I missed something important, please write in the comments or here.

Don't forget WinRet, it's great for porting settings, drivers and essential system files from one machine to the next. Very useful if you have an OEM Windows CD, and you're reinstalling the OS of someone who's running proprietary hardware (say, on a Dell/Compaq laptop).

Walkeraj - Monday, December 27, 2004 6:49:00 PM

Resource kit utilities; BORK 4.5, Windows Server 2003, Windows 2000, you name it! I keep all the resource kits on mine along with the feature pack add-ons for SMS and some of the cool WQL queries I've collected along the way.

Larry A. Duncan - Tuesday, December 28, 2004 2:11:00 AM

- I386 directory for installing OS components without original disks.

- Service Packs: 2000 SP4, XP SP2.

SDCarroll - Tuesday, December 28, 2004 6:07:00 AM

whats the size of your USB key chain ?

Kashif Haider - Tuesday, January 4, 2005 10:24:00 PM

4 Comments