As one of the commenters on the article by Mr. Perez noted, many people who see Google Street View images as a significant privacy issue may ignore far more serious privacy issues, such as warrantless wiretapping.
You can see where Street View is available in the U.S. at http://maps.google.com/help/maps/streetview/.
I had problems with the dsiplay of an HP tc4400 laptop, which was running Windows XP Professional Service Pack 3, after updating the video driver. When I right-clicked on the desktop and selected Properties, then Settings, I found the screen resolution was 640x480. The color quality was "Lowest (4 bit)", i.e. only 16 colors. I couldn't increase either setting. I clicked on the Advanced button and then the Adapter tab. When I clicked on List All Modes, the only options were those shown below:
List of valid modes
640 by 480, 16 Colors, Default Refresh
800 by 600, 16 Colors, Default Refresh
I changed the setting to 800x600 to make it a little better. I didn't get any error messages, but the resolution remained at 800 x 600.
Under the Display adapters setting of the Device Manager, I found two adapters listed:
Mobile Intel(R) 945 Express Chipset Family
Mobile Intel(R) 945 Express Chipset Family
The names were exactly the same, as were the drivers:
|Entry||Driver Provider||Driver Date||Diver Version|
I right-clicked on the second one and chose Uninstall. Whem prompted to restart the system, I did so.
When the system rebooted, I saw the following error message:
|hkcmd.exe - Unable to Locate Component|
This application has failed to start because hccutils.DLL was not found.
Re-installing the application may fix this problem.
The system notified me it had found a new video adapter and suggested I reboot again, which I did.
The resolution was still at 640 x 480, but when I checked the video adapters listed in the Device Manager, I saw the following:
Mobile Intel(R) 945GM Express Chipset Family
Mobile Intel(R) 945GM Express Chipset Family
Though the names and drivers differed from what I had seen previously, the names of the two entries were exactly the same, as were the drivers for them:
|Entry||Driver Provider||Driver Date||Diver Version|
I right-clicked on the bottom entry and chose "uninstall". I again had to restart the computer. But, when I logged in again, I found both entries listed in the Device Manager again. I removed both of them by right-clicking on them and choosing "uninstall". I then rebooted again. This time I had a 640 x 480 resultion again, but the color quality was "Highest (32 bit)". I was able to change the resolution to 800 x 600 by right-clicking on the desktop and choosing Settings.
Shortly afterwards I saw the "Found New Hardware" balloon pop up with "Mobile Intel(R) 945GM Express Chipset Family" listed as the new hardware found. I saw the message "Windows has finished installing new devices. The software that supports your device requires that you restart your computer. You must restart your computer before the new settings will take effect. Do you want to restart your compute now?" I chose "yes."
When the system rebooted, it was back to the 640 x 480 resolution. When I checked the Device Manager, I saw the "Mobile Intel(R) 945GM Express Chipset Family" listed twice again with the March 23, 2006 driver listed for both again. I again uninstalled both adapters from within the Device Manager and then rebooted. I had 32-bit color and 800 x 600 resolution when I logged in. When I right-clicked on the desktop, chose Properties, Settings, Advanced, then Adapter, I didn't see an adapter listed under Adapter Type. Clicking on Properties showed VGASave under the General tab. CLicking on the Driver tab showed the following:
Service name: VGASave
Display name: VGA Display Controller
But again I was notified of a "System Settings CHange" with the message that "Windows has finished installing new devices..." I chose not to restart the system immediately. I checked what the Device Manager was showing. It showed the same duplicated "Mobile Intel(R) 945GM Express Chipset Family" entries as before with both having the Intel March 23, 2006 driver associated with them. But the top entry had an exclamation mark in a yellow circle next to it. I right-clicked on that one and chose "disable" rather than "uninstall" this time. I then rebooted.
After rebooting, I had the 800 x 600 resolution and 32-bit color. The Device Manager still showed the duplicated Display Adapters with the same March 23, 2006 Intel driver for both, but there was a red "X" next to the top entry. Right-clicking on the Desktop and choosing Properties, Settings, Advanced, Adapter showed nothing listed under Adapter Type and the following for Adapter Information
I changed the resolution to 1024 x 768 and rebooted again, just to make sure the settings would remain and the problem wouldn't recur. The problem did not recur.
42odhr0b.exe, which it found in a user's
Local Settings\Tempfolder was infected with the virus Trojan.Dropper.Small-8.
I submitted the file, which has an MD5 hash of 93d2546e58042ebe7f5ae26ec0ec50b3, to VirusTotal, a free service "that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines." It reported the file was first received on 10.07.2006 22:08:05 (CET). I had it reanalyze the file. VirusTotal reported that 91.18%, i.e. 31 of 34, of the antimalware programs with which it scanned the file identified the file as being malware (see VirusTotal report)
I also submitted the file to VirSCAN.org, "a FREE on-line scan service, which checks uploaded files for malware", using multiple antivirus engines. On uploading files you want to be checked, you can see the result of scanning and how dangerous and harmful/harmless for your computer those files are. VirSCAN reported that 76%, i.e. 28 of 37, of the antimalware programs it used reported the file as being malware (see VirSCAN report).
I also submitted the file to Jotti's Online Malware Scan, another free malware scanning site, for analysis. On that site, 18 of the 19 antivirus programs it used detected the file as malware (see Jotti report).
ThreatExpert, "an advanced automated threat analysis system designed to analyze and report the behavior of computer viruses, worms, trojans, adware, spyware, and other security-related risks in a fully automated mode" identified the file as being associated with Spyware.FavoriteMan (see ThreatExpert report).
ThreatExpert provided the following information on Spyware.FavoriteMan:
FavoriteMan is a Browser Helper Object, which connects to its controlling servers to download and install other programs and add entries to your Internet Explorer favorites menu or computer desktop. This program has been known to download at least 28 different adware or spyware programs. Some controlling servers are www.f1organizer.com, www.prize4all.com, www.yourspecialoffers.com and www.r-vision.org.
ThreatExpert indicated that the file creates the following files on the system:
I had found
ATPartners.dll on the system on February 27 of 2005
when I had scanned the system with other antimalware software. I had removed
ATPartners.dll at that time. Apparently
42odhr0b.exe was left in the user's
folder from that time. Checking my notes for information on
FavoriteMan, I found I had encountered it on other systems, e.g.
a Windows 98 system on March 28, 2004 (see
Windows 98 System
Hanging After Login) and a Windows 98 Second Edition system on April 25 of
Download a zipped copy of 42odhr0b.exe for analysis or testing antimalware software (use zoo as userid and malware as password). Note: You do so at your own risk; this file can infect a system, so only run the program on a test system.
23010852235.exe, which has an MD5 hash of 9ec78aac59b04643bfb43415c6fa2909, in a user's
I uploaded the file to VirusTotal, a free online virus and malware scan website for analysis. Twenty-four of the 39 malware scan programs with which it scanned the file reported it contained malware (see VirusTotal report).
I also uploaded the file to VirSCAN.org, another multi-engine virus scanner site. It reported "The file are 23010852235.exe uploaded by other users and scanned successfully at 2008/01/18 20:48:04". I had it rescan the file. It reported that 49%, i.e. 18 of 37, of the malware detection programs that it used, identified the file as containing malware (see VirSCAN report).
File Name: 23010852235.exe File Size: 3072 File Type: PE32 executable for MS Windows (GUI) Intel 80386 32-bit MD5: 9ec78aac59b04643bfb43415c6fa2909 SHA1: 546e2d9c76fad865ac56b89fa54a864d564f1c16 Compressed: NA
The Prevx report states the following:
A file with the name SYSNSAD.EXE have been seen to have the following Vendor, Product and Version Information in the file header:
Microsoft Corporation; File Compare Utility; 5.1.2600.0
Microsoft Corporation; File Compare Utility; 5.1.2600.0 (xpclient.010817-1148)
When I examined the file with Filealyzer , I saw the following version information:
|File version||5.1.2600.0 (xpclient.010817-1148)|
|Company name||Microsoft Corporation|
|Legal copyright||©Microsoft Corporation. All rights reserved.|
|Product name||Microsoft® Windows® Operating System|
|File description||File Compare Utility|
The version information was likely inserted by the malware author to try to disguise the file as an innocuous Microsoft-provided operating system file.
I had Spybot fix the problem, i.e. delete the file.
23010852235.exe for analysis or testing antimalware software
zoo as userid and
malware as password).
Note: You do so at your own risk; this file can infect a system, so only run
the program on a test system.
$NT*KB*directories showed the following:
C:\TEMP>dir /ah \Windows\$NT*KB* Volume in drive C is Sys-WinXP Volume Serial Number is B0E3-65A7 Directory of C:\Windows 01/21/2005 02:34 PM <DIR> $NtUninstallKB828741$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB833987$ 01/21/2005 07:37 PM <DIR> $NtUninstallKB834707$ 01/21/2005 02:36 PM <DIR> $NtUninstallKB835732$ 01/21/2005 02:36 PM <DIR> $NtUninstallKB840987$ 01/21/2005 02:36 PM <DIR> $NtUninstallKB841356$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB841533$ 01/21/2005 01:21 PM <DIR> $NtUninstallKB842773$ 02/12/2005 07:59 PM <DIR> $NtUninstallKB867282$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB871250$ 02/12/2005 07:59 PM <DIR> $NtUninstallKB873333$ 01/21/2005 05:13 PM <DIR> $NtUninstallKB873339$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB873339_0$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB873376$ 02/12/2005 07:59 PM <DIR> $NtUninstallKB885250$ 01/21/2005 05:13 PM <DIR> $NtUninstallKB885835$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB885835_0$ 01/21/2005 05:13 PM <DIR> $NtUninstallKB885836$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB885836_0$ 01/21/2005 07:37 PM <DIR> $NtUninstallKB886185$ 02/12/2005 07:59 PM <DIR> $NtUninstallKB887472$ 02/22/2005 07:22 PM <DIR> $NtUninstallKB887742$ 01/21/2005 07:37 PM <DIR> $NtUninstallKB887797$ 02/12/2005 07:59 PM <DIR> $NtUninstallKB888113$ 02/12/2005 07:58 PM <DIR> $NtUninstallKB888302$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB889293-IE6SP1-20041111.2356 19$ 01/07/2006 11:46 AM <DIR> $NtUninstallKB890046$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB890046_0$ 02/12/2005 07:58 PM <DIR> $NtUninstallKB890047$ 01/21/2005 05:13 PM <DIR> $NtUninstallKB890175$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB890175_0$ 05/14/2005 07:07 PM <DIR> $NtUninstallKB890859$ 05/14/2005 07:08 PM <DIR> $NtUninstallKB890923$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB891711$ 02/12/2005 07:59 PM <DIR> $NtUninstallKB891781$ 05/14/2005 07:08 PM <DIR> $NtUninstallKB893066$ 05/14/2005 07:08 PM <DIR> $NtUninstallKB893086$ 09/02/2005 03:40 PM <DIR> $NtUninstallKB893756$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB894391$ 01/07/2006 11:46 AM <DIR> $NtUninstallKB896344$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB896358$ 09/02/2005 03:40 PM <DIR> $NtUninstallKB896422$ 09/02/2005 03:40 PM <DIR> $NtUninstallKB896423$ 01/07/2006 11:48 AM <DIR> $NtUninstallKB896424$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB896428$ 10/23/2005 10:05 AM <DIR> $NtUninstallKB896688$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB896727$ 09/02/2005 03:28 PM <DIR> $NtUninstallKB898461$ 09/02/2005 03:40 PM <DIR> $NtUninstallKB899587$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB899588$ 10/23/2005 10:05 AM <DIR> $NtUninstallKB899589$ 09/02/2005 03:40 PM <DIR> $NtUninstallKB899591$ 08/13/2006 09:32 PM <DIR> $NtUninstallKB900485$ 10/23/2005 10:05 AM <DIR> $NtUninstallKB900725$ 01/07/2006 11:46 AM <DIR> $NtUninstallKB900930$ 10/23/2005 10:06 AM <DIR> $NtUninstallKB901017$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB901214$ 03/22/2006 07:55 PM <DIR> $NtUninstallKB902344$ 10/23/2005 10:05 AM <DIR> $NtUninstallKB902400$ 10/23/2005 10:04 AM <DIR> $NtUninstallKB904706$ 03/22/2006 07:57 PM <DIR> $NtUninstallKB904942$ 10/23/2005 10:05 AM <DIR> $NtUninstallKB905414$ 10/23/2005 10:04 AM <DIR> $NtUninstallKB905749$ 01/07/2006 11:53 AM <DIR> $NtUninstallKB905915$ 01/12/2006 10:58 PM <DIR> $NtUninstallKB908519$ 08/13/2006 09:29 PM <DIR> $NtUninstallKB908531$ 01/07/2006 11:49 AM <DIR> $NtUninstallKB910437$ 08/13/2006 09:35 PM <DIR> $NtUninstallKB911280$ 08/13/2006 09:32 PM <DIR> $NtUninstallKB911562$ 03/22/2006 07:56 PM <DIR> $NtUninstallKB911564$ 03/22/2006 07:55 PM <DIR> $NtUninstallKB911565$ 08/13/2006 09:29 PM <DIR> $NtUninstallKB911567$ 03/22/2006 07:55 PM <DIR> $NtUninstallKB911927$ 03/22/2006 07:57 PM <DIR> $NtUninstallKB912475$ 01/07/2006 11:53 AM <DIR> $NtUninstallKB912919$ 03/22/2006 07:57 PM <DIR> $NtUninstallKB912945$ 03/22/2006 07:56 PM <DIR> $NtUninstallKB913446$ 08/13/2006 09:29 PM <DIR> $NtUninstallKB913580$ 08/13/2006 09:30 PM <DIR> $NtUninstallKB914388$ 08/13/2006 09:29 PM <DIR> $NtUninstallKB914389$ 04/20/2007 10:10 AM <DIR> $NtUninstallKB914440$ 04/20/2007 10:11 AM <DIR> $NtUninstallKB915865$ 08/13/2006 09:29 PM <DIR> $NtUninstallKB916595$ 08/13/2006 09:32 PM <DIR> $NtUninstallKB917159$ 08/13/2006 09:30 PM <DIR> $NtUninstallKB917344$ 08/13/2006 09:30 PM <DIR> $NtUninstallKB917422$ 08/13/2006 09:36 PM <DIR> $NtUninstallKB917734_WMP10$ 08/13/2006 09:30 PM <DIR> $NtUninstallKB917953$ 03/21/2007 10:32 AM <DIR> $NtUninstallKB918118$ 08/13/2006 09:30 PM <DIR> $NtUninstallKB918439$ 08/13/2006 09:30 PM <DIR> $NtUninstallKB918899$ 09/15/2006 07:32 PM <DIR> $NtUninstallKB919007$ 01/12/2007 02:35 PM <DIR> $NtUninstallKB920213$ 08/13/2006 09:35 PM <DIR> $NtUninstallKB920214$ 04/20/2007 09:53 AM <DIR> $NtUninstallKB920342$ 08/13/2006 09:30 PM <DIR> $NtUninstallKB920670$ 08/13/2006 09:29 PM <DIR> $NtUninstallKB920683$ 09/15/2006 07:32 PM <DIR> $NtUninstallKB920685$ 09/15/2006 07:32 PM <DIR> $NtUninstallKB920872$ 08/13/2006 09:31 PM <DIR> $NtUninstallKB921398$ 12/29/2007 08:03 PM <DIR> $NtUninstallKB921503$ 08/13/2006 09:35 PM <DIR> $NtUninstallKB921883$ 09/15/2006 07:32 PM <DIR> $NtUninstallKB922582$ 08/13/2006 09:35 PM <DIR> $NtUninstallKB922616$ 10/16/2006 09:54 AM <DIR> $NtUninstallKB922819$ 10/16/2006 09:51 AM <DIR> $NtUninstallKB923191$ 10/16/2006 09:54 AM <DIR> $NtUninstallKB923414$ 01/12/2007 02:36 PM <DIR> $NtUninstallKB923689$ 01/12/2007 02:35 PM <DIR> $NtUninstallKB923694$ 01/12/2007 02:37 PM <DIR> $NtUninstallKB923980$ 10/16/2006 09:54 AM <DIR> $NtUninstallKB924191$ 01/12/2007 02:37 PM <DIR> $NtUninstallKB924270$ 10/16/2006 09:53 AM <DIR> $NtUninstallKB924496$ 03/21/2007 10:34 AM <DIR> $NtUninstallKB924667$ 01/12/2007 02:37 PM <DIR> $NtUninstallKB925398_WMP64$ 01/12/2007 02:38 PM <DIR> $NtUninstallKB925454$ 10/07/2006 01:29 PM <DIR> $NtUninstallKB925486$ 04/20/2007 07:47 PM <DIR> $NtUninstallKB925720$ 04/20/2007 09:54 AM <DIR> $NtUninstallKB925876$ 04/20/2007 09:36 AM <DIR> $NtUninstallKB925902$ 04/20/2007 09:59 AM <DIR> $NtUninstallKB926239$ 01/12/2007 02:35 PM <DIR> $NtUninstallKB926255$ 03/21/2007 10:33 AM <DIR> $NtUninstallKB926436$ 03/21/2007 10:34 AM <DIR> $NtUninstallKB927779$ 03/21/2007 10:34 AM <DIR> $NtUninstallKB927802$ 05/31/2007 11:08 PM <DIR> $NtUninstallKB927891$ 03/21/2007 10:32 AM <DIR> $NtUninstallKB928090$ 03/21/2007 10:34 AM <DIR> $NtUninstallKB928255$ 03/21/2007 10:31 AM <DIR> $NtUninstallKB928843$ 12/29/2007 08:00 PM <DIR> $NtUninstallKB929123$ 03/21/2007 10:33 AM <DIR> $NtUninstallKB929338$ 04/20/2007 07:45 PM <DIR> $NtUninstallKB929399$ 01/12/2007 02:37 PM <DIR> $NtUninstallKB929969$ 04/20/2007 09:36 AM <DIR> $NtUninstallKB930178$ 05/12/2007 03:04 PM <DIR> $NtUninstallKB930916$ 04/20/2007 09:36 AM <DIR> $NtUninstallKB931261$ 04/20/2007 09:37 AM <DIR> $NtUninstallKB931784$ 03/21/2007 10:33 AM <DIR> $NtUninstallKB931836$ 04/20/2007 09:35 AM <DIR> $NtUninstallKB932168$ 09/17/2008 11:37 AM <DIR> $NtUninstallKB932823-v3$ 12/29/2007 08:03 PM <DIR> $NtUninstallKB933729$ 12/29/2007 07:54 PM <DIR> $NtUninstallKB935839$ 12/29/2007 07:54 PM <DIR> $NtUninstallKB935840$ 12/29/2007 08:03 PM <DIR> $NtUninstallKB936021$ 12/29/2007 08:03 PM <DIR> $NtUninstallKB936357$ 12/29/2007 07:53 PM <DIR> $NtUninstallKB936782_WMP11$ 12/29/2007 08:04 PM <DIR> $NtUninstallKB937894$ 09/17/2008 11:37 AM <DIR> $NtUninstallKB938464$ 12/29/2007 08:03 PM <DIR> $NtUninstallKB938828$ 12/29/2007 08:03 PM <DIR> $NtUninstallKB938829$ 12/29/2007 07:55 PM <DIR> $NtUninstallKB939683$ 12/29/2007 07:55 PM <DIR> $NtUninstallKB941202$ 12/29/2007 07:55 PM <DIR> $NtUninstallKB941568$ 12/29/2007 07:59 PM <DIR> $NtUninstallKB941569$ 01/15/2008 07:12 PM <DIR> $NtUninstallKB941644$ 12/29/2007 07:59 PM <DIR> $NtUninstallKB942763$ 12/29/2007 08:04 PM <DIR> $NtUninstallKB943460$ 01/15/2008 07:12 PM <DIR> $NtUninstallKB943485$ 12/29/2007 07:53 PM <DIR> $NtUninstallKB944653$ 09/17/2008 11:44 AM <DIR> $NtUninstallKB946648$ 09/17/2008 11:37 AM <DIR> $NtUninstallKB950749$ 09/17/2008 11:40 AM <DIR> $NtUninstallKB950762$ 09/17/2008 11:41 AM <DIR> $NtUninstallKB950974$ 09/17/2008 11:39 AM <DIR> $NtUninstallKB951066$ 09/17/2008 11:40 AM <DIR> $NtUninstallKB951072-v2$ 09/17/2008 11:45 AM <DIR> $NtUninstallKB951376-v2$ 09/17/2008 11:41 AM <DIR> $NtUninstallKB951698$ 09/17/2008 11:38 AM <DIR> $NtUninstallKB951748$ 12/18/2008 10:16 PM <DIR> $NtUninstallKB952069_WM9$ 09/17/2008 11:40 AM <DIR> $NtUninstallKB952287$ 09/17/2008 11:44 AM <DIR> $NtUninstallKB952954$ 09/17/2008 11:44 AM <DIR> $NtUninstallKB953839$ 09/17/2008 11:37 AM <DIR> $NtUninstallKB954154_WM11$ 09/17/2008 11:41 AM <DIR> $NtUninstallKB954156_WM9L$ 11/08/2008 10:42 AM <DIR> $NtUninstallKB954211$ 12/18/2008 10:12 PM <DIR> $NtUninstallKB954600$ 11/21/2008 11:23 AM <DIR> $NtUninstallKB955069$ 12/18/2008 10:15 PM <DIR> $NtUninstallKB955839$ 11/08/2008 10:43 AM <DIR> $NtUninstallKB956391$ 12/18/2008 10:12 PM <DIR> $NtUninstallKB956802$ 11/08/2008 10:43 AM <DIR> $NtUninstallKB956803$ 11/08/2008 10:41 AM <DIR> $NtUninstallKB956841$ 11/08/2008 10:43 AM <DIR> $NtUninstallKB957095$ 11/21/2008 11:24 AM <DIR> $NtUninstallKB957097$ 11/08/2008 10:40 AM <DIR> $NtUninstallKB958644$ 02/14/2009 10:34 AM <DIR> $NtUninstallKB958687$ 02/14/2009 10:34 AM <DIR> $NtUninstallKB960715$ 0 File(s) 0 bytes 187 Dir(s) 46,294,913,024 bytes free
After I ran
Remove Hotfix Backups, Windows Explorer
reported "Free space: 46,308,824 bytes 43.1 GB" and checking for
$NT*KB* directories showed the following:
C:\TEMP>dir /ah \Windows\$NT*KB* Volume in drive C is Sys-WinXP Volume Serial Number is B0E3-65A7 Directory of C:\Windows 01/21/2005 02:34 PM <DIR> $NtUninstallKB828741$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB833987$ 01/21/2005 02:36 PM <DIR> $NtUninstallKB835732$ 01/21/2005 02:36 PM <DIR> $NtUninstallKB840987$ 01/21/2005 02:36 PM <DIR> $NtUninstallKB841356$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB841533$ 01/21/2005 01:21 PM <DIR> $NtUninstallKB842773$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB871250$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB873339_0$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB873376$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB885835_0$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB885836_0$ 01/21/2005 02:37 PM <DIR> $NtUninstallKB889293-IE6SP1-20041111.2356 19$ 09/02/2005 03:39 PM <DIR> $NtUninstallKB890046_0$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB890175_0$ 01/21/2005 02:38 PM <DIR> $NtUninstallKB891711$ 08/13/2006 09:36 PM <DIR> $NtUninstallKB917734_WMP10$ 01/12/2007 02:37 PM <DIR> $NtUninstallKB925398_WMP64$ 09/17/2008 11:37 AM <DIR> $NtUninstallKB932823-v3$ 12/29/2007 07:53 PM <DIR> $NtUninstallKB936782_WMP11$ 09/17/2008 11:40 AM <DIR> $NtUninstallKB951072-v2$ 09/17/2008 11:45 AM <DIR> $NtUninstallKB951376-v2$ 12/18/2008 10:16 PM <DIR> $NtUninstallKB952069_WM9$ 09/17/2008 11:37 AM <DIR> $NtUninstallKB954154_WM11$ 09/17/2008 11:41 AM <DIR> $NtUninstallKB954156_WM9L$ 0 File(s) 0 bytes 25 Dir(s) 46,308,941,824 bytes free
I also removed the
$NTServicePackUninstal directory under
C:\Windows, which was using 338 MB (355,138,581 bytes) of disk
space and holding 2,457 files, by holding down the Shift key to
ensure the folder wouldn't go into the Recycle Bin, but, instead
would be permanently removed, selected Delete. When asked to confirm
the deletion of an exe file I chose "Yes to All" to avoid further prompts for
the removal of executable files in the directory.
C:\WINDOWS\Downloaded Program Files. You can view the information through Windows Explorer, or if you want to view information on what is in that folder from the command line, you can use show-downloaded-program-files.vbs, which you can run from the command line with
cscript /nologo show-downloaded-program-files.vbs.
[ More Info ]
[ More Info ]
I created a script, bios-info.vbs from the code provided on Microsoft's webpage that will retrieve the information from the BIOS.
I have the Toshiba Power Management Utility configured on the system to sound an alarm and display a message when the battery charges drops to 10%. I have it configured to sound an alarm, display a message, and hibernate when the charge drops to 5%. But it never takes those actions. Instead, the laptop just powers off.
So that I could at least have some forwarning of when the battery charge is getting very low, I installed Laptop Battery Power Monitor, which places a battery widget on the desktop which displays the battery's charge level and which appears above other windows.
When you run the downloaded file,
setup.exe, by default, it will
attempt to extract the files stored within itself to
c:\Temp\BatteryMonitor2006. If there is no
directory, you will receive the message below:
Could not create "c:\Temp\BatteryMonitor2006" - unzip operation cancelled.
In that case, choose another directory into which the files will be extracted. The software requires 6,992 KB of free space on the disk on which it will be installed.
The installation process creates a program group named Duomart.com. Within it you will find a Laptop Battery Power Monitor group. When you run the progam it will place a battery widget on your desktop showing the battery charge level.
That widget will remain over top of windows that you open. Moving the mouse pointer over it will display information about the state of the battery. If you right-click on it, you can change the size of the battery displayed. You also have the option to adjust its transparency or close the program.
The software can be downloaded from the developer website, which is a source for purchasing computer accessories, bluetooth devices, or laptop batteries. Other sources for the software are listed below.
Wallpaperin the registry key
HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme. I can do so using the
C:\>reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme /v Wallpaper ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme Wallpaper REG_EXPAND_SZ %SystemRoot%\Web\Wallpaper\Ripple.jpg
From a batch file, though, I only want the filename, i.e.
I can select just that part of the output usng the
FOR /F command in a batch
file. The syntax of the
FOR /F command is as follows:
FOR /F ["options"] %%parameter IN ('command_to_process') DO command Key options: delims=xxx The delimiter character(s) (default = a space) skip=n A number of lines to skip at the beginning. (default = 0) eol=; Character at the start of each line to indicate a comment The default is a semicolon ; Use "eol=" to process all lines tokens=n Specifies which numbered items to read from each line (default = 1) usebackq Specify `back quotes` the command_to_process is placed in `BACK quotes` instead of 'straight' quotes command_to_process : The output of the 'command_to_process' is passed into the FOR parameter. command : The command to carry out, including any command-line parameters. %%parameter : A replaceable parameter: in a batch file use %%G (on the command line %G)
FOR /F processing of a command consists of reading the output from
the command one line at a time and then breaking the line up into individual
items of data or 'tokens'. The
DO command is then executed with the
parameter(s) set to the token(s) found.
By default, /F breaks up the command output at each blank space, and any blank lines are skipped. You can override this default parsing behavior by specifying the "options" parameter. The options must be contained within double quotes.
In this case, the last line of output is the following:
Wallpaper REG_EXPAND_SZ %SystemRoot%\Web\Wallpaper\Ripple.jpg
The delimiter between the fields in the output is the tab character
(I checked for whether the delimiter was spaces or tabs with
by redirecting the output of the reg query command to a file with
HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme /v Wallpaper
FOR /F command, the default delimiter is the space and
tab characters so I don't have to specify
delims=. But, if
I don't, the output will be incorrect in cases where the path name or
file name contain spaces, since the second space will be treated as
a demarcation point, so that the space-separated parts of the path name or file
name are treated as separate tokens.
"Tokens" are the parts of the line separated by the delimiter. In this case,
I'm only interested in the third token, i.e.
so I can use the following lines in a batch file:
FOR /F "tokens=3" %%R in ('reg query HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme /v Wallpaper') DO SET wallpaper=%%R echo %wallpaper%
I used the
tokens=3 option to select just the third
token on the output line. The
%%R for the parameter name
is arbitrary. I could have called it
instead, if I wished. The command I wished to process is enclosed
)'. Note: for the
query command, if the registry key contains spaces in the key name,
then you must enclose the registry key name within double quotes as in the
following batch file example:
FOR /F "tokens=3" %%R in ('reg query "HKCU\Control Panel\Desktop" /v ConvertedWallpaper') DO SET wallpaper_file=%%R
The output produced by the batch file is shown below:
But, if I checked the value for
OriginalWallper in the
HKCU\Control Panel\Desktop with
reg query as below,
I would see a path name containing spaces.
C:\>reg query "HKCU\Control Panel\Desktop" /v OriginalWallpaper ! REG.EXE VERSION 3.0 HKEY_CURRENT_USER\Control Panel\Desktop OriginalWallpaper REG_SZ C:\Documents and Settings\James\Local Settings\A pplication Data\Microsoft\Wallpaper1.bmp
If I don't specify
delims= in the batch file, e.g., if I use
the code below, I would get incorrect output.
FOR /F "tokens=3" %%R in ('reg query "HKCU\Control Panel\Desktop" /v OriginalWallpaper') DO SET wallpaper_file=%%R
The output would be as shown below:
That is because
C:\Documents will be treated as one token
and then the space between
is treated as the demarcation point between two tokens. But, if I instead
delims= and immediately hit the tab key, that
problem won't occur, since the the horizontal tab character between the fields
will be used to break up the line into tokens.
FOR /F "delims= tokens=3" %%R in ('reg query "HKCU\Control Panel\Desktop" /v OriginalWallpaper') DO SET
You can't see any character after the
delims=, but in order
FOR /F command to work in this case, I had to
delims= and then hit the tab key while editing the file
in Windows Notepad. If you then save the file, it will produce the correct
C:\Documents and Settings\James\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Note: if you are using Vim as your editor
on a Windows system, as I usually do, then you need to insert the tab character
delims= by hitting the Ctrl-I keys simultaneously.
You can then hit the spacebar and type
tokens=. If you just
hit the tab key, your output won't be as you expect.
Wallpaper-info.bat is an example batch file to query the values in
the Windows registry pertaining to the file used for the Windows wallpaper
FOR /F command.
hod.exefrom the zip file available on the author's website.
If you just type
hod file the contents of file will be displayed
in both hexadecimal and
C:\>"C:\Program Files\Utilities\hod.exe" temp.txt 0 1 2 3 4 5 6 7 8 9 a b c d e f 0123456789abcdef 0: 0d 0a 21 20 52 45 47 2e 45 58 45 20 56 45 52 53 ..! REG.EXE VERS 10: 49 4f 4e 20 33 2e 30 0d 0a 0d 0a 48 4b 45 59 5f ION 3.0....HKEY_ 20: 43 55 52 52 45 4e 54 5f 55 53 45 52 5c 53 6f 66 CURRENT_USER\Sof 30: 74 77 61 72 65 5c 4d 69 63 72 6f 73 6f 66 74 5c tware\Microsoft\ 40: 57 69 6e 64 6f 77 73 5c 43 75 72 72 65 6e 74 56 Windows\CurrentV 50: 65 72 73 69 6f 6e 5c 54 68 65 6d 65 73 5c 4c 61 ersion\Themes\La 60: 73 74 54 68 65 6d 65 0d 0a 20 20 20 20 57 61 6c stTheme.. Wal 70: 6c 70 61 70 65 72 09 52 45 47 5f 45 58 50 41 4e lpaper.REG_EXPAN 80: 44 5f 53 5a 09 25 53 79 73 74 65 6d 52 6f 6f 74 D_SZ.%SystemRoot 90: 25 5c 57 65 62 5c 57 61 6c 6c 70 61 70 65 72 5c %\Web\Wallpaper\ a0: 52 69 70 70 6c 65 2e 6a 70 67 0d 0a 0d 0a Ripple.jpg....
For help on using the program, use the
C:\>"C:\Program Files\Utilities\hod.exe" -h usage: C:\Program Files\Utilities\File\Analysis\hod.exe [options] <filename> Where the options are: -v : show version information -h : show this help -o : dump in octal -8 : show as block of 8 bytes -x str : convert a hex input to decimal -d : show offsets in decimal -s : show identical output lines -r : reverse hod hexdump to binary -w : reverse regular hex bytes to binary If no filename specified, it will read from stdin Example: $ hod file $ hod < file $ cat file | hod $ cat file | hod - $ hod < file $ hod -o file $ echo "hello" | hod $ echo -n "hello" | hod $ hod -x 1c0 1c0 : 448 $ echo "0a 01 ff ef 0b" | hod -w > bin.bin $ hod bin.bin | hod -r > bin_again.bin
Note: -r and -w works with hexadecimal only.
If you want to convert an ASCII string, such as the word
to its hexadecimal equivalent, you can use the
echo command to
pipe the word to
hod, as below.
C:\>echo hello | "C:\Program Files\Utilities\hod.exe" 0 1 2 3 4 5 6 7 8 9 a b c d e f 0123456789abcdef 0: 68 65 6c 6c 6f 20 0a hello .
From the above output, you can see that the letters in
have the following hexadecimal equivalent representation.
A space (hex 20) is listed after
hello, since there was a space
between the word and the
| pipe operator that feeds the output of
echo command to
hod. If I had placed the
| immediately after
echo hello|, it wouldn't have been listed. A line feed (hex 0a) is
shown after the space.
If you are using Microsoft Windows, such as Windows XP, you can
extract a substring from a variable string using character positional
%myvar:~char_skip_num%. I.e., where you have
some variable, e.g.
%myvar%, you can place the
:~ operator prior to the ending
% and then specify
a the number of characters to skip followed by the ending
E.g. from a command line if you checked the value of a user profile variable,
%userprofile%, for a user named James, you might see the
C:\>echo %userprofile% C:\Documents and Settings\James
If I wanted to extract just the user's account name, i.e.
I could use the following:
C:\>echo %userprofile:~26% James
The "J" in
James is the 27th character,
so I used
26 to have the first 26 characters skipped.
You can also specify that you only want to extract a certain number of characters by putting a comma after the number of characters to be skipped followed by the number of characters to extract. E.g, if I only wanted to extract the first 3 characters starting at position 27, I could use the following:
C:\>echo %userprofile:~26,3% Jam
If you don't want to skip any characters, but specify only a certain number
of characters to extract, you can use the syntax
where you specify that zero characters are to be skipped and
represents the number of characters to extract from the string.
C:\>echo %userprofile:~0,3% C:\
You can also specify that you want to start the extraction from the end of
the line rather than the beginning by using
x is some number, for the starting position. E.g. you could
use the following to extract the last 3 characters from the line:
C:\>echo %userprofile:~-3% mes
You can specify the number of characters to extract, just as noted before, with this method as well. E.g. to extract the substring that starts at 3 characters from the end of the string, but only includes 2 characters from that point, the following could be used:
C:\>echo %userprofile:~-3,2% me
If you are using a batch file, e.g.
you could display just the desired part of the string as follows:
When the batch file is executed, it wold display just "me"
For further examples, see Variables: extract part of a variable (substring)
I came across the site by accident while doing a search on a company name. The site revealed that the president of the company had made a campaign contribution to George W. Bush in 2004. I tried a search on my zip code and the site returned a list of people in my zip code who had made contributions to either the Democratic or Republican party and the amount donated.
The site states the following:
All calculations are based on public records filed with the FEC of contributions by all individuals totaling more than $200 (and some totaling less than $200) to a single Republican or Democratic presidential campaign or national committee for the 2004 and 2008 election cycles.
powercfg.cpl. Note: if you aren't logged into an administrator account when you run it, you can run it with administrator privileges by obtaining a command prompt and then taking the following steps:
runas /user:administrator cmdto obtain a command prompt under the administrator account. Note: you may have to use
owneror some other account in the administrator group, depending on your particular system, instead of the
powercfg.cplin the new command prompt window that opens for the administrator account.
runas /user:administrator powercfg.cpl. If you try that, you will get the message " powercfg.cpl is not a valid Win32 application."
For a list of of Control Panel tools and how to run them from the command line, see How to run Control Panel tools by typing a command.
Because I also hear the fan making a fair amount of noise at times, I thought I would install a utility to monitor the fan speed and CPU temperature. I used SpeedFan 4.37, but found that the laptop's motherboard doesn't support such monitoring. The temperature of the hard drive in the laptop can be monitored, though. I see it varies between 34 and 37 degrees Celsius.
logbooksdirectory beneath the installation directory, e.g.
C:\Program Files\ELOG\logbooks. To do so, I took the following steps:
elogd.cfg, which is stored in the ELOG installation directory, e.g.
C:\Program Files\ELOG\elogd.cfg, with Notepad from an administrator account.
globalsection add a
Logbook dir = <directory>line where
<directory>is the directory where you wish to have the logbooks stored. Note: don't use quotes around directory names, even if there are spaces in the names of directories in the path to the logbook directory. E.g.:
[global] port = 8080 logbook dir = C:\Documents and Settings\James\My Documents\ELOG\logbooks
elogd.cfgfor the logbook. Put the name of the logbook between "[" and "]" and then add the relevant lines for that particular logbook. E.g.:
[sysadmin] Theme = default Comment = System Administration Attributes = Author, Type, Category, Subject Options Type = Configuration, Malware Scan, Patches, Problem, Problem Fixed, Routine, Software Installation, Upgrade, Other Options Category = General, Hardware, Software, Network, Security, Other Options Author = John Smith Required Attributes = Author
C:\>net stop elogd The elogd service is stopping. The elogd service was stopped successfully. C:\>net start elogd The elogd service is starting. The elogd service was started successfully.
somedoc.txtthere will be a
somedoc.txt.swpin the same directory from which I can recover the document should the system crash. In this case, though, I didn't think I could recover the document, since I had never saved it with a file name. So I didn't know where a
.swpfile would have been stored and was doubtful there was one. But after powering the laptop back on and logging into the same account again, I opened Vim, hit the Esc key and typed
:recover. Lo and behold there was my work exactly as it was when I went to eat dinner, saving me a lot of time I would otherwise have been forced to spend recreating the document. I immediately saved it to a file.
Note: in order to enable hibernate support, you will
need enough free space on the hard drive to hold
the contents of the system's memory. You can determine
the amount of memory in the system by clicking on
Start, selecting Run, typing
winver and hitting Enter.
In the window that then opens, you will see
a value for "Physical memory available to Windows".
You will need that amount of disk space free on the
hard drive, because the contents of memory are written
to the file
hiberfil.sys, usually in
c:\hiberfil.sys when the system is put
into hibernation mode. If you don't have at least that amount
of disk space free, you won't be able to enable hibernation
Once hibernation support is enabled, you can put the system into hibernation by clicking on Start, selecting Turn Off Computer, moving the mouse pointer over Stand By, and then hitting the Shift key. The Stand By option should then change to Hibernate, which you can click on to hibernate the computer.
Shop Amazon Local - Subscribe to Deals in Your Neighborhood