Raymond.CC Blog

Author: raymond

  • Free 6 Months Trial Kaspersky Anti-Virus 2010 Activation Code

    It has been a long time since I have posted something about Kaspersky. This 6 months KAV2010 license promotion which I am about to post is not from any CD magazine promo but a legitimate collaboration between Kaspersky and Microsoft for Windows Live Messenger users. As long as you have a Hotmail or Live account, you are eligible for the free Kaspersky 6 months trial license.

    Activation code is not compatible with this application. It is impossible to activate Kaspersky Anti-Virus using the activation code for another application. Please, check your product

    First of all, this Kaspersky Anti-Virus 2010 activation code is a trial license and not a commercial one. If you have previously activated a trial license before, you cannot use this key. Secondly, this license is meant to to activate the Chinese version of the installer. If you try to activate it on the English setup, you will get the error “Activation code is not compatible with this application. It is impossible to activate Kaspersky Anti-Virus using the activation code for another application. Please, check your product.”

    1. Open Windows Live Messenger and sign in to your Live account.

    2. Add this email [email protected] to your Windows Live Messenger contact.

    3. Visit http://kaba.msn.com.cn/

    4. Copy the line that I have circled in red and send it as a message to [email protected] in your Windows Live Messenger. You should instantly receive a reply with the Kaspersky Anti-Virus 2010 activation code.

    Free Kaspersky Anti-Virus 2010 Activation Code

    So far I’ve researched a total of 3 methods on how to change the Chinese interface into English. The first and second method uses the Chinese installer but switching the interface skin to English. The third method is the latest one which I’ve discovered on how to use the Chinese key to activate the English setup.

    Important Note: Before proceeding in making any changes on the registry based on the steps below, you will have to first disable the Self-Defense option. You can do that by double clicking the Kaspersky icon at system tray, click at the top right icon Kaspersky Settings Icon and a window will open. At the left pane, click on the icon that looks like this Kaspersky Options Icon, uncheck the first option and press ENTER key to close the window.

    First method: Install Chinese version of KAV2010 and activate using the license code. Then at the registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP9\environment\ and change the SkinSwitchDisabled value from 1 to 0. At the Kaspersky program, press Shift+F12 to instantly switch the skin from Chinese to English.

    Second method: Go to HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP9\environment\ and change the Localization value from sch to en.

    Third method: Install Chinese version of KAV2010 and when asked to activate, close the window. Go to registry, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP9\environment\ and note down the InstallBasesID value data. Uninstall Kaspersky Chinese and restart computer. Now install Kaspersky English, click Activate Later and click Next. Click Finish to Start Kaspersky Anti-Virus. Disable Self-Defense and exit Kaspersky by right clicking on the system tray icon and select Exit.

    Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP9\environment\ , change the InstallBasesID value data to the one that you noted down and also the localization from en to sch. Run Kaspersky and a window will appear with no text, two buttons and one dialog box. Enter the activation code to the only box and hit enter. When you see a window with only ONE checkmark, right click the Kaspersky tray icon and click the lowest selection to Exit. Finally, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\protected\AVP9\environment\ and change the Localization value data from sch back to en. Run Kaspersky Anti-Virus 2010 and you have a valid 183 days license subscription.

    The third method is very long and troublesome but I am just sharing the possibility of activating a Chinese license key on an English installer. The second method is the easiest although I’ve got reports from some people that it reverts back to sch after a few updates.

    Kaspersky Anti-Virus 2010 (9.0.0.736) Chinese Installer: kav9.0.0.736_CF2_sch.exe
    Kaspersky Anti-Virus 2010 (9.0.0.736) English Installer: kav9.0.0.736en.exe

  • Buster Sandbox Analyzer Makes Sandboxie Stronger

    I know a few people swears by Sandboxie is the ultimate tool to analyze malwares but it is very common for crypters and remote administration tools nowadays to have anti-sandbox module meaning whenever it detected that it is being analyzed or ran in sandbox environment, it will automatically terminate itself to prevent from being analyzed. If you’ve missed my previous article on why I test and analyze software from real windows environment, then you should read it first.

    Today I received an email from Jerry sharing with me on a very useful addition to Sandboxie called Buster Sandbox Analyzer. Basically it is similar to online file behavior analyzers such ThreatExpert, Joebox, Anubis but with the help of Sandboxie, you can have the same function on your computer without wait time. Buster Sandbox Analyzer is a tool that has been designed to analyze the behaviour of processes and the changes made to system and then evaluate if they are malware suspicious. In order to use Buster Sandbox Analyzer, you have to correctly set up Sandboxie first, then only Buster Sandbox Analyzer would work perfectly.


    The good thing about using Buster Sandbox Analyzer is it includes countermeasures against malwares detecting Sandboxie’s presence. So even if the malware contains anti-sandboxie code, you can still get to analyze the malware in Sandbox. Here’s a simple guide on how I set up Buster Sandbox Analyzer.

    1. Download and install Sandboxie.

    2. Download Buster Sandbox Analyzer and extract the RAR archive into C:\bsa\

    3. Run Sandboxie Control, click Configure at the menu bar, and select Edit Configuration.

    4. Your default text editor will open with [GlobalSettings], [DefaultBox] and [UserSettings_xxxxxxx]. At [DefaultBox], at the end of the line, add the 2 lines below and save it.

    InjectDll=C:\bsa\log_api.dll
    OpenWinClass=TFormBSA

    It should look like the screenshot below.

    Sandboxie InjectDll

    5. To analyze a malware, go to C:\bsa\ and run bsa.exe. The most important thing to fill up here is the “Sandbox folder to check”. This is the path of where the Sandboxie contents are dropped to. To get this location, run Sanboxie Control, right click at Sandbox Defaultbox and select Explore Contents. A window explorer will now open, copy the path and paste it to the “Sandbox folder to check”.

    Sandbox folder

    6. Click the Start Analysis button and click “Delete Sandbox Folder contents and continue“.

    7. Now drag the file that you want to analyze and drop it to Sandboxie Control window. By default the “DefaultBox” is selected and just click the OK button.

    8. Go to Buster Sandbox Analyzer and you should see a lot of information at the API Call Log. When the API Call Log has stopped, go back to Sandboxie Control window, right click on Sandbox Defaultbox and select Terminate Programs. Click Yes to confirm the termination.

    9. Again go back to Buster Sandbox Analyzer and click Stop Analysis button.

    10. Then click Malware Analyzer button. There are 2 tabs on the Malware Behavior Analyzer Module which is the Malicious Actions and Details. The malicious actions tab tells you if the file that you analyzed has performed any malicious actions. As for the details tab, it shows a more detailed report on where is the file dropped, auto startup addition, injection, keylogger, connection and etc.

    Malware Analyzer Behavior Module

    The results above is the analysis of the Cybergate RAT public version with “Anti Sandboxie” enabled. As you can see, the anti sandboxie feature for Cybergate RAT no longer works, thanks to Buster Sandbox Analyzer.

    Update: I’ve left out how to hide Sandboxie. Fortunately you can follow the easy step-by-step guide on this page on how to use HideDriver to hide Sandboxie’s process. It would also help if you rename the default LOG_API.dll file to another one. You should also have WinPCap installed in order to run Buster Sandbox Analyzer for a correct network activity reporting.

  • FREE 3 Months ESET NOD32 Antivirus Genuine Username and Password for EVERYONE

    Have you got your free ZoneAlarm Pro 2009 license yet? If not, please do because the offer is still valid! Anyway, I got to be honest that I was never a fan of ESET products (NOD32 or Smart Security). It boast to be very light in system resources but in fact there are other even lighter antivirus software. It also boast about their ThreatSense which is able to detect unknown virueses but since early this year until today, it still couldn’t detect the private trojan that I have when other antivirus such as Kaspersky and Avira can detect it.
    Free nod32 username password
    However, if NOD32 Antivirus works great on your computer, do continue using it because having an antivirus program installed is better than having none. Since February I’ve been posting a lot about freebies on how to get genuine license for softwares but ESET products are the toughest one to get. I am very happy to be the FIRST to share with you a method to get a genuine free nod32 username and password that is valid for 3 months.


    ESET NOD32 Antivirus is built on the award-winning ThreatSense engine which proactively detects and eliminates more viruses, trojans, worms, adware, spyware, phishing, rootkits and other Internet threats than any program available. It’s the ideal antivirus for Windows XP, and also runs smoothly on Windows legacy systems, MS-DOS, file servers, mail servers, and more.

    FREE NOD32 Antivirus

    ESET NOD32 Antivirus provides:

  • Proactive Protection: The award winning ThreatSense technology combines multiple layers of detection protecting you from Internet threats before it is too late.
  • Precise Detection: ESET accurately identifies known and unknown threats. It consistently wins top awards from testing labs and is recognized for having zero false positives.
  • Lightweight Design: Requires less memory and CPU power, allowing your computer to run fast, making more room for games, web browsing, and emailing.
  • Fast Scanning Speeds: Highly efficient program ensuring fast file scanning and product updates. It runs quietly in the background.

    • To get your free NOD32 username and password valid for 3 months, just follow the simple steps below.
    1. Go to this page http://www.notebookplatformu.com/index.php?yon=register

    2. Fill up the form. Parola means password, Ad / Soyad means your full name, E-posta means E-mail. As for the rest, you can simply select anything from the drop down menu. Click “Kayıt ol !” button when done.
    FREE Nod32 username and password

    3. You will get the legit ESET NOD32 Antivirus serial number highlighted in yellow at the next page. Note down the serial key.
    Free nod32 username and password

    4. Now go to this page http://www.eset.com/register/index.php to register and activate your NOD32 Antivirus. Enter the serial number that you received in step 3 and fill up the rest in the form. Click Submit button when done.

    5. You will get your NOD32 username and password at the next page.

    6. Now download the latest NOD32 Antivirus if you don’t have one installed. You’ll be prompted to login. Just enter the username and password that you got from step 5.

    7. During installation, you’ll be prompted to enter the NOD32 Antivirus username and password for automatic update. Use the username and password that you got in step 5.
    NOD32 username and password for update

    After getting a free nod32 username and password using the method above, you have to clear your web browser’s cache in order to get the next one. Otherwise it’ll just forward you to their mainpage when you try to access the offer page.

    During idle, egui.exe takes up 6236K and ekrn.exe takes up 36320K. The memory usage for ekrn.exe process increased during computer scan but never goes more than 40000K. NOD32 took only 3 minutes and 27 seconds to scan 47907 objects. I consider that as fast but not as fast as Norton Antivirus 2009 which took only a little more than a minute. Unfortunately, ESET NOD32 Antivirus still unable detect the private trojan that I have. They sure need to improve their ThreatSense technology. Enjoy the free NOD32 username and password that works for 3 months. If the offer page is still available after 3 months, you can get more codes to continue using NOD32 for free. Enjoy!

  • FREE Kaspersky Anti-Virus 7.0 Genuine Serial Number or License Key

    When I was giving out free Norton Antivirus 2008 courtesy of Michael, I’ve got emails asking me whether can they change to different brand of antivirus license if they win it. Unfortunately no because the Norton Antivirus 2008 genuine serial number is given by Michael and he got it from Symantec. Other than that, I know there are many of you that missed the chance of obtaining free Kaspersky Anti-Virus license from the leak that I found. So here’s your chance because this month I will be giving out Kaspersky Antivirus genuine license to ONE of my lucky subscriber. This license is bought with my own money and not the one that I got for free.

    FREE Kaspersky serial number

    Kaspersky 7.0 serial numberIf you didn’t know, Kaspersky has superior proactive detection! In the latest tests, Kaspersky Anti-Virus 7.0 was awarded the highest certification—Advanced+, which confirms the program has the highest level of detection of new malicious programs with minimal false positives using the antivirus program’s heuristic analyzer. Some malicious programs are very hard to remove from the computer, because they use various methods to mask their presence in the system (including via rootkits) and to avoid detection and removal by antivirus programs. So we need really good antivirus to protect our computer from viruses.

    Here’s how to win the free Kaspersky Anti-Virus 7.0 license to protect you from viruses for 365 days.


    As usual, I’m giving this free Kaspersky Anti-Virus 7.0 license to one of my subscribers. If you’ve subscribed, you already stand a chance to win. If not, just enter your email at the top right hand side and hit the subscribe button.

    Win FREE Kaspersky 7 serial number

    Next, you need to enter the random text characters and hit the Complete Subscription Request button. Finally, you need to check your email inbox for a verification message from FeedBurner’s “[email protected]” and click a link listed in this message to activate your subscription. If you got it right, you should see a message that says “Email Subscription Confirmed!” at your web browser. The lucky winner will be picked and announced next month.

    FREE Kaspersky Anti-Virus 7.0 serial number

    Kaspersky Anti-Virus 7.0 is an award-winning antivirus software which protects your PC from viruses, Trojans, spyware, rootkits and other malicious programs. Reactive detection methods are combined with proactive technologies to provide balanced and effective security, while automatic updates ensure uninterrupted protection and peace of mind.

    FREE Kaspersky Antivirus 7.0 license key

  • Three protection technologies against new and unknown threats:
    1) Hourly automated database updates
    2) Preliminary behavior analysis
    3) On-going behavior analysis. New!
  • Protection from viruses, Trojans and worms
  • Protection from spyware and adware
  • Real-time scanning for email, Internet traffic and files
  • Protection from viruses when using ICQ and other IM clients
  • Protection from all types of keyloggers. Improved!
  • Detection of all types of rootkits. Improved!
  • Automatic database updates

    • Kaspersky Anti-Virus 7.0 works on Windows 2000, Windows XP and Windows Vista. Your system must have at least 300MHz or higher processor, 128MB of RAM and 50MB of available hard disk space for Windows XP. As for Windows Vista, you need to have Intel Pentium 800 MHz or higher (or equivalent) with 512 MB of RAM. I know there are free pirated Kaspersky license keys that can be found on the Internet but I assure you those license keys will get blacklisted before you can even use it till the expiry date. So using original genuine license key is definitely better 🙂

  • Bitdefender Bootkit Removal Tool

    Rootkits are probably one of the most powerful malware because of its capability to hide its presence from normal methods of detection. You won’t see the process listed in Windows Task Manager, nor you can see the file from Windows Explorer even if you set to show protected operating system files from Folder Options. This can be achieved through installing and loading kernel-mode drivers which allows the malware to run with higher privileges. The good thing about running 64-bit Windows today is you can only install digitally signed drivers and obviously drivers used by rootkits are not signed unless the signature itself are stolen. Remember Stuxnet which uses stolen JMicron and Realtek certificates to allow installation on x64 machines.

    Rootkits are indeed scary and if you think you’ll be safe with a 64-bit if Windows, then you’re wrong. Another type of malware called Bootkit which installs itself in Master Boot Record area to patch the kernel digital signature validation check, allowing unauthorized kernel-mode rootkit to load. So here you go, a rootkit that is able to infect both 32-bit and 64-bit computer.


    Bitdefender has recently released a free and portable tool that is meant to detect and remove bootkit from infected computers. Currently it has been tested against Alipop, Fengd, Fips, Locker, Mayachok, Mebratix, Mebroot, Mybios, Pihar, Ramnit, Sst, TDSS, Whistler, Yoddos and Zegost. It is very easy to use. All you need to do is run the correct version of Bitdefender Bootkit Removal Tool, and click the Start Scan button which takes only 1-2 seconds to complete the scan.

    I infected my test computer running Windows 7 32-bit with TDSS rootkit and then scan with Bitdefender Bootkit Removal Tool. Within seconds this tool detected a Rootkit.MBR.TDSS.B infection on my C:\ drive.
    Bitdefender Bootkit Removal Tool

    Then it prompts me to restart to complete the disinfection process.
    Bootkit Removal Restart

    After restart, I ran MBRCheck and it detected Windows 7 MBR code which means TDSS rootkit has been successfully disinfected by the Bitdefender Bootkit Removal Tool. You will know that you got infected by a bootkit so it is good that you run a scan with this Bitdefender Bootkit Removal Tool once in a while since it is free and portable that don’t require installation.

    Download the 32-bit version of the Bootkit Removal Tool
    Download the 64-bit version of the Bootkit Removal Tool

  • X-Ray v1.0 Final Public Released!

    X-Ray was announced at the blog nearly 2 years ago but was never revealed what it can do other than “something you have never seen before!”. During that time, my idea was to create a keylogger detector WITH a password reset so you can access in to the keylogger’s control panel and view the settings to have an idea who installed it on your computer, where the logs are sent/saved, when was it installed, how to uninstall it and etc. There was already a prototype version of it but unfortunately it had to be abandoned due to other more important responsibility in personal life.

    Few months ago when my important responsibility in personal life has lighten up, I had another idea to create another software that is able to help many people “confirm” if a file is safe or dangerous. Until today people are relying on antivirus, automated online analysis such as ThreatExpert and security software to help keep them safe from malicious software but these security software are limited because they are based on a set of logical rules to decide if the software is a threat or not. Moreover with tools known as “crypters” that can make a detected malware fully undetected, bypassing any antivirus detection, the Internet is definitely not a safe place. Scanning suspicious files on VirusTotal will confuse you even further when you get a 30% or 50% detection result.


    My idea is to create a tool that can automatically submit files to multiple antivirus companies for manual analysis by human professionals, not by a robot or a software. After submitting the suspicious files for manual analysis, all you need to do is wait for another 24-48 hours so that it gets analyzed and then scan it again at VirusTotal. You can also check your email inbox because some antivirus will send you an update when the file has been processed, letting you know if the file safe. I named the tool X-Ray and it works best when it is used together with VirusTotal.

    X-Ray

    X-Ray was actually released earlier and privately to the forum moderators and Star members but I kept wanting to improve and make it better which ended up delaying until now. So I thought I should release it to public, get more feedback and then only start working from there. This release is actually not up to my expectation yet because there are still a lot of things to be done.

    For more information on what it does and where to download the software, please visit the official X-Ray web page. I hope all of you will find this software useful and any feedback is much appreciated.

  • SysTracer: Trace System Changes + Giveaway

    Every time you select or deselect an option and check or uncheck a checkbox on a software or even on Windows, the settings is either saved to a file or to the registry. Either method will allow the settings to be remembered so that the next time you run the software, it is set the way you want it to be. This process is normally being done silently without showing the user visibly what it does in background, and that is actually what a software is meant to do, simplifying jobs.

    Have you ever wondered how does some people manage to trace or detect what files are being modified or changed? Software reverse engineers are able to analyze the binary code using a debugger such as OllyDbg to see what it does without even running the software but it is not easy to use a debugger. The next option is to use a software called SysTracer to track file and registry changes in your computer.


    I have been using SysTracer for a very long time to track changes made by a software on my computer. SysTracer is able to record changes on:

  • changed files and folders
  • modified registry entries
  • system services
  • system drivers
  • applications that are configured to run at computer startup
  • running processes
  • loaded dlls

    • To use SysTracer, you will have to first create a snapshot which will probably take a few seconds to a few minutes to complete depending on the amount of files on your computer before you make any changes on the software that you want to trace. Once the snapshot has been created, make the changes on the software and then followed by creating another snapshot. Now that you have two snapshots, the first one without the changes as baseline and the second with the changes, theoretically comparing the snapshots will reveal the differences.

    One example is I used SysTracer to check where is the password being saved to when I enable password protection in avast! to prevent unauthorized changes. Through a simple analysis and a few trial and error, I easily found out that avast! saves the encrypted password to aswResp.dat file. So to reset the password, all I need to do is delete that file and it resets the password. Here is a short walk-through with screenshots on how to use SysTracer.

    1. Run SysTracer and click the Take snapshot button located at right hand side of Snapshots tab.

    SysTracer

    2. Full scan is the best option but takes longer as it will scan all drives and registry. If you only want to scan the system drive, select Only selected items and check the items that you want to include in scanning. Click the Start button and don’t do anything on the computer.

    SysTracer Take Snapshot

    3. When the snapshot has been taken, you will be notified via a small window telling you how long it took to create the snapshot, the amount of registry keys, registry values, folders, files, applications and DLLs.

    SysTracer Snapshot Info

    4. Click the OK button and you will be brought back to the SysTracer Snapshots tab with the information of the snapshot that you’ve just taken.

    5. Now you can start making changes on the software that you want to track the changes.

    6. Create another new snapshot by going through step 1-4 again. When you see another snapshot listed in the Snapshot tab, click the Compare button and you will be forwarded to the Registry tab. Select Only differences and it will show you what data that has been changed. You can also view the Files tab which show the changed files.

    SysTracer Compare Snapshots

    If you are a network administrator, the Remote scanning feature will be very useful for you to detect if the user on another computer in the network has installed any unauthorized third party software or even a malware infection. SysTracer will be installed as service on the client computer without any user interface and the process (SysTracerSrv.exe) takes very little resources when idle. Enabling the remote scanning feature requires a separate client computer license.

    In my opinion, it is best to create snapshots on a clean Windows computer using SysTracer for comparison because it takes lesser time to scan the whole hard drive and registry and also it doesn’t log other third party software changes, making it easier for you to locate the correct changed data.

    SysTracer is a shareware and is currently having a special promotional pricing until February 29, 2012 with up to 30% off by using the following coupon PROMO-30. Stefan Tudorica from BlueProject Software, the company that develops SysTracer has generously offered 20 PRO computer licenses to be given away to raymond.cc verified members. Head on to our raffle page to join the lucky draw. Winners will be randomly and automatically chosen by the giveaway system in 48 hours.

    [ Download SysTracer ]

  • Fix NVIDIA Display Driver Stopped Responding

    One of a new problem that you will experience in Windows Vista and Windows 7 but not on Windows XP is the screen going black for a few seconds and then comes back on with a popup notification telling you “Display driver stopped responding and has recovered. Display driver nvlddmkm stopped responding and has successfully recovered.” From the message it does seemed like the driver has crashed and most of the time neither upgrading nor downgrading the driver will fix the problem. If you search for this error in Google, you will probably end up with hundreds of threads to read and with some really ridiculous suggestions such as reformatting your computer, sending back the graphics card to manufacturer, etc.

    Display driver stopped responding and has recovered. Display driver nvlddmkm stopped responding and has successfully recovered

    The good news is you don’t have to go through that because SilentBob420BMFJ has already went through all the hard work which he finally found a workaround that fixes the problem and shared it in NVIDIA forums. Thanks to FunkY for finding that as well and posting it in our forums to help BigGuy.


    The simple trick is to set a fixed graphics card for PhysX processor instead of letting it auto select which may end up selecting your CPU and causing the crash. Go to Control Panel > NVIDIA Control Panel > Expand 3D Settings > Set PhysX configuration. At the select a PhysX processor, by default the “Auto-Selected (recommended)” setting is selected. Click on the drop down menu, select your graphic card and click the Apply button to confirm the changes.

    Select PhysX Processor

    This simple solution should be your first attempt to fix the problem before reinstalling drivers, replacing nvlddmkm.sys driver file, fixing registry, uninstalling windows patches and etc.

  • Disable Avira SearchFree (Ask.com) Toolbar Popup Nag Alert

    Nowadays I get most of my updates from the forum itself because I do not have time to browse around the web to visit the sites that I normally visit. 3 weeks ago LunarWolf posted a thread at the forum about Avira going over to the dark side by pushing ASK toolbar to its free users. Some people say that the Ask.com toolbar is a spyware or adware but Ask.com denies it. As for me, I would say that it is an “unnecessary addon” to web browsers. Avira detection for malware is superior, period. I think it would be a waste to abandon Avira just because of the “optional” toolbar, so I decided to check it out myself since I have a little bit of time today. First I downloaded both the paid version of Avira antivirus (Avira Premium Security Suite & Avira AntiVir Premium) and installed on my test computer. Fortunately both did not ask to install the toolbar.

    Then I installed the free version of Avira antivirus which is Avira AntiVir Personal. After restarting Windows, I was prompted for a “free update” which is actually the Avira AntiVir 10 Service Pack 2 (SP2) that claims to provide better detection and protection. After installing the SP2, I still don’t see any new toolbar installed on Internet Explorer or Firefox but after a reboot, I got another popup alert that says “New function! Safe Internet searching. Avira SearchFree Toolbar offers more freedom for searching and surfing the web. Upgrade now for total free on Internet Explorer and Firefox.

    Disable Avira Ask Toolbar
    Here is the problem. Avira says that the toolbar is optional but clicking the Install later button only temporarily closes the popup alert. The popup window will continue to show whenever Windows is booted up and will only stop nagging you until the Avira SearchFree Toolbar is installed. After spending a couple of hours analyzing how the toolbar works, I discovered the solution on how to enable the WebGuard on Avira Personal WITHOUT installing the SearchFree (Ask.com) toolbar.


    The first (and lame) method which I discovered is you need to disable the WebGuard from Configuration, then only followed by uninstalling the toolbar. If you uninstall the toolbar WITHOUT turning off the WebGuard first, Avira will start asking you to install it again after you restart Windows. This method works but you won’t have the WebGuard protection to keep you away from malicious websites.

    From Avira Premium, I can see that the WebGuard still works without the SearchFree toolbar so I decided not to give up and continue analyzing. The logic of it is to somehow let Avira AntiVir Personal know that the SearchFree Toolbar by Ask.com is installed. After sniffing the registry a couple of times, I found the registry key to trick Avira in thinking that the Ask.com toolbar is installed.

    Here is what you need to do:
    1. Create a registry string value with the name value as tb and the value data as AVR-W1 under HKEY_LOCAL_MACHINE\SOFTWARE\AskToolbar\Macro. If you don’t see AskToolbar and Macro, you will need to create it by right clicking and select New > Key.
    TB AVR-W1
    Alternatively, you can just download the registry file below and run it on your computer. Click the Yes button when prompted if you want to continue.
    http://www.raymond.cc/images/disable-avira-toolbar.zip

    2. Go to Control Panel > Programs and Features. Use your mouse to select Avira AntiVir Personal – Free Antivirus from the list and click on the Change button.
    Modify Avira
    Make sure that Modify is selected and click the Next button. You should now immediately see the “Install Components” window.

    Avira Install Components

    IF you are seeing the window that asks you to install the WebGuard with Avira SearchFree Toolbar like the screenshot below, that means you did something wrong at the first step.
    WebGuard with Avira SearchFree Toolbar

    Click Next > Finish > go through the Configuration Wizard and followed by a restart. You will see that the WebGuard is active on your Avira AntiVir Personal – Free Antivirus WITHOUT the unnecessary SearchFree/Ask Toolbar.

  • Christmas 2011 Giveaway – First Come First Served

    Christmas will be here in less than 24 hours, and to be honest I didn’t want to spend most of my time today and tomorrow on the computer doing research. This is time when I should be thankful for what I have, what I am and celebrate the birth of Jesus in a non commercialized way with my family. I also did not plan to have a Christmas giveaway because I am already doing that the whole year round. However seeing that I still have a couple of licenses left which must be activated by end of this year or else it would expire and gone to waste, it would be much better to just give it out in a first come first served basis rather than a lucky draw.

    Here are the list of software licenses which some of the are computer games that are available for the giveaway:

  • 26 x Emsisoft Anti-Malware 6.0 (1 year, 1PC)
  • 6 x Revo Uninstaller Pro
  • 5 x Bitdefender Antivirus Plus 2012 (1 PC, 1 year) <- Sponsored by shashireddy
  • 2 x Red Orchestra: Ostfront 41-45 <- Sponsored by luffy
  • 1 x Deus Ex: Human Revolution Game



    • Here are the simple rules and it works:

    1. Only members belonging to Moderators, Stars, Experienced and Verified usergroup in forum can request.
    2. Permitted members can only request ONCE.
    3. To request, simply visit this thread in forum and post a reply.
    4. Check the requests being made first before requesting so that you know you are requesting something that is still available. For example, there is only 1 Deus Ex: Human Revolution game and if someone has already requested it, you don’t need to request for that anymore.

  • Scan Your Computer with Multiple Anti Virus for FREE

    Most of the time one Anti-Virus software can’t completely protect your computer from virus. However, having 2 or more anti-virus program in your computer will make your computer unstable. My customer uses HP computers and by default it comes with 60 days trial Norton Antivirus. When it expires, nearly every of my customers would immediately download and install the FREE version of AVG WITHOUT uninstalling the expired Norton Antivirus first. Few unlucky ones wasn’t able to boot in Windows after installing AVG. There is one case that can boot in to Windows but AVG can’t function properly.

    When you’re infected by persistent virus like Brontok, you’d be frustrated if the installed Anti-Virus program on your computer is unable to clean it. So how to scan computer using more than 1 type of antivirus? Is the only solution to uninstall the current antivirus program and then install another one? Fortunately not, here’s how you can scan your computer with 4 types of Anti Virus program without installing them.


    Multi AV Scanning Tool by David H. Lipman is a malware removal utility incorporating multiple command line scanners including McAfee, Sophos, Kaspersky and Trend engines.

    FREE Multiple anti virus program

    To perform a scan using these vendor’s scanners choose the number on the menu corresponding to the Anti Virus scanner you wish to run. The scripts will automatically obtain the Anti Virus vendor’s files for you. You don’t need to have them already resident on your computer. After the files have been downloaded to your computer and have been made ready to use, you will get a prompt if you want to run the scanner or not. If you do want to perform a scan then click on “Yes“, if you do not want to perform a scan (maybe you want to perform the scan in SAFE MODE) choose “No“. If you choose No or ignore the prompt it will return you back to the main menu. An example prompt for the Sophos scanner is shown below.

    FREE Sophos antivirus

    If you choose to perform a scan then you will be prompted to see if you want to perform the scan of a particular folder or location. An example prompt for the Sophos scanner is shown below.

    Sophos directory to scan

    If you choose “No” then the AV scanner will proceed to perform a scan of all hard disks on the computer. If you choose “Yes” then you will be prompted to type in the path of the folder or the drive to be scanned. The scanner will then proceed to perform the scan of that location and all folders below it. If the drive or folder does not exist (for example a syntax error is made in typing the folder location) you will again be prompted to type in the path of the folder or the drive to be scanned.

    Sophos, McAfee and Kaspersky uses the same method above to ask you which location you’d like to scan but for Trend, it will automatically obtain the Trend Micro Sysclean utility and the latest Trend Pattern File. After the files have been downloaded to your computer and they have been made ready to use, you will see the following GUI utility.

    FREE Trend Anti virus

    By clicking on the “Advanced” button you can choose to scan a specified folder or drive. If it is not chosen then Sysclean will scan all hard disks.

    Here is how to run Multi AV Scanning tool in your computer.
    1. Download Multi_AV.exe from the link at the end of this article.

    2. Run Multi_AV.exe (You must use the default folder C:\AV-CLS)

    3. Run StartMenu.BAT or double-click on ‘Start Menu‘ shortcut from C:\AV-CLS folder.

    There are two modes of operation: Remove/Delete and Detect Only. The software defaults to the Remove/Delete mode which means that any files that are deemed to be infected will be automatically removed from the system and can which can not be cleaned. If you desire to use the Multi AV Scanning Tool just to detect and not delete malware, you can hit the letter “D” and place the software in a Detect Only mode of operation. Those files found to be infected by malware will be logged but not cleaned nor deleted from the system. These two modes of operation are only for the McAfee, Sophos and Kaspersky modules since the Trend Micro Sysclean utility has a GUI selection for detection with or without file deletion.

    Included in the C:\AV-CLS folder is a file called killproc.txt and is used to shutdown or kill running processes prior to scanning the platform. There are two processes already in the text file. iexplore.exe (Internet Explorer) and firefox.exe (FireFox).
    insert file name to kill task
    You can add more file names in the text file making sure the last line is a blank line. You can also bring up the killproc.txt text file by hitting the “E” key in Multi-AV menu.

    Multi AV Scanning Tool website no longer accessible but it’s still a very good free multiple antivirus program that can be used to scan and remove viruses.

    Note: The directory C:\AV-CLS is hard coded and should not be changed. Multi AV should be used to remove an infection from your computer. They are not a replacement for realtime antivirus protection but they are an effective tool to remove malware (viruses etc.) from an infected machine where antivirus software is disabled, out-of-date or even if it is not installed at all.

    [ Download MultiAV ]

  • Multiple Antivirus Software On Windows Computer

    All of us know that we cannot count on one antivirus to 100% protect us from computer virus. Since one antivirus can’t protect us, installing two or more antivirus should offer better protection right? Well logically yes but technically no because antivirus software nowadays are so complex and they’d conflict with each other causing crashes and blue screens. If we’re talking about installing two antivirus 15 years ago on Windows 95, then it’s possible. I remembered running PC-Cillin and Norman back then and no problems at all.

    The only way we can put multiple antivirus software on a computer is if we can disable the real-time protection, self-defense and only use it for on-demand scanning. Well if we wanted to scan a single file using on-demand scan, we could upload it to Virustotal and have it scan with 40 antivirus but the problem is Virustotal distributes the file to antivirus company. Trojan coders usually wouldn’t use Virustotal because obviously they don’t want their trojan to get detected.

    I recently found a tool called Multi AV Scan developed by Gakh from HackHound that allows you to run on-demand scan using 10 types antivirus on your computer.


    Multi AV Scan currently supports A-Squared, Avira AntiVir, BitDefender, ClamWin, DrWeb, Ikarus, McAfee, Solo, Sophos and VBA32. There are a few similar tools such as Multi AV Fixer, KIMS, ScanLix and Mini AV Scanner but they are all no longer in development except Multi AV Scan.

    Multiple antivirus on computer

    Multi AV Scan works but it’s a little buggy. You have to put the file that you want to scan in the same folder as MultiScan.exe or else the program will say Scanning the whole time without progress. Also if you’re using Avira AntiVir, you need to place Avira license key HBEDV.KEY (where you can get it for free here) file in \AVs\AntiVir\ folder. As for the updates, it takes quite a while to download and update all virus definition signatures. Another issue that I encounter is it takes 99% CPU usage during updating and scanning.

    Do take note that Multi AV Scan is not meant to replace the antivirus installed on your computer that has real-time protection. The upcoming Multi AV Scan v1.6.2 will include 2 more antivirus which is Kapersky and VirusBuster. You can download Multi AV Scan from this thread in HackHound forum. There are 3 parts to download from RapidShare.

  • Best USB Device Manager Safely Remove Hardware v4.1 Free License Code for EVERYONE

    This week is indeed a software giveaway week. Started with Online Armor, then Mamutu and now USB Safely Remove. So far I’ve never seen a USB device managing software that is so advanced like USB Safely Remove. It is a neat and reliable replacement for the standard ‘Safely Remove Hardware’ tool with unique feature “Return Device Back!” and an ability to know what prevent a device from being stopped. The program saves time and extends abilities of active users of hot-plug devices (USB, SATA, FireWire, PCMCIA).
    free usb safely remove hardware registration code
    This program has tons of features such as a handy menu to stop devices, keyboard shortcuts to safe removal, autorun program on device connection or disconnection, ejecting memory cards rather than the card reader, hiding drives of empty card reader slots, command line to safe removal, Stopping via “disabling”, and the latest one that’s being added is Return Device Back!.

    From August 19th – 25th, 2009, everyone can get a free license for version 4.1 of the award-winning program USB Safely Remove. You still have around 5 more days to get your free license. So hurry and get it while you still can!


    To get your free USB Safely Remove v4.1 genuine registration code, just go to their promo page at http://safelyremove.com/giveawayweeka9.htm. Make sure you enter your full name (nicknames or just names or other alphabets are not accepted), a working email address and click the “I want the license” button. You should then see a message saying that you will get your license within 24 hours or earlier. For my case, I got it immediately in my Gmail. Finally, download the latest version of USB Safely Remove v4.1.5.806 setup file usbsafelyremovesetup_4-1-5.exe and install. Enter the registration name and registration code to license the program.

    free usb safely remove v4.1 product key

    If you have an antivirus software that cannot auto scan the USB flash drive after plugging in to the computer, you can set a rule on Safely Remove Hardware to call up your AV to scan once it is plugged in. This can be found in Global Autorun. I also like the Stop Menu Hotkey Win+S. By pressing a hotkey I can safely remove the device.

    My favorite feature for USB Safely Remove v4.1 is the Return Device Back! Normally after we’ve stopped the device but still did not unplug it, we’ll need to unplug and reinsert it back for Windows to mount the USB flash drive. With this new feature, we can easily get it back with a click of a button without trying to re-insert the USB device back to the USB port which is at the back of the computer case. So far I couldn’t find any other software that can do this. It’d be nice to have a hotkey to enable this feature.

    It seemed like Crystal Rich, the company that develops USB Safely Remove will give out free licenses for USB Safely Remove every 9 months. First time was on February 2008 for v3.3, followed v4.0 on November 2008 and now on August 2009 for v4.1. The free USB Safely Remove registration code can only be used on the particular version and cannot be used on newer or even older versions of the program. So if you want to have the flexibility of upgrading or downgrading, then you’ll need to purchase a lifetime license that cost $20.

    USB Safely Remove works on Windows 2000\XP\2003\Vista. It even works on my Windows 7. Thanks Crystal Rich for the generous giveaway!

  • Giveaway Three Left 4 Dead 2 (L4D2) Game for FREE

    The new Left 4 Dead 2 game has been officially released a few days ago! Well I have a very good friend that is addicted to the L4D game. Today I received a call from him asking me for a favor that is to purchase the L4D2 game for him using my credit card and then he will pay me back. A single game license cost $49.99 USD and there’s a four pack license that cost $149.99 USD. Since L4D2 is such a highly anticipated game, I’ve decided to purchase the 4 pack license and give the remaining 3 away on this blog!

    Free Left4Dead2 Game Download

    About Left 4 Dead 2
    Set in the zombie apocalypse, Left 4 Dead 2 (L4D2) is the highly anticipated sequel to the award-winning Left 4 Dead, the #1 co-op game of 2008. This co-operative action horror FPS takes you and your friends through the cities, swamps and cemeteries of the Deep South, from Savannah to New Orleans across five expansive campaigns.

    You’ll play as one of four new survivors armed with a wide and devastating array of classic and upgraded weapons. In addition to firearms, you’ll also get a chance to take out some aggression on infected with a variety of carnage-creating melee weapons, from chainsaws to axes and even the deadly frying pan. You’ll be putting these weapons to the test against (or playing as in Versus) three horrific and formidable new Special Infected. You’ll also encounter five new “uncommon” common infected, including the terrifying Mudmen.

    Continue reading on how to participate in this L4D2 game giveaway…


    There are cheaters in every giveaway and I want this L4D2 game to go to someone that is a gamer and wants to play this game very badly. Not to someone that just wants it because it’s free so he can resell it or stop playing after a week because he/she is not interested in playing games. As you can see at the screenshot below, my friend’s STEAM account has 3 Left 4 Dead 2 as gifts yet to be given away.

    Free Left 4 Dead 2 download

    So to be eligible for the draw, you need to fulfill 2 requirements:

    1. You must be a subscriber of Raymond.CC newsletter
    2. Have a Steam account with Left 4 Dead 1 game in your account.

    If you fulfill both requirements, leave a comment together with your Steam account name. If possible, take a screenshot of your STEAM “My games” tab as a proof that your STEAM account has L4D1, upload it to www.imageshack.us and post the link to the comment box.

    To install Left 4 Dead 2, you will need to download 7GB of files. This contest will close 48 hours from now and the 3 lucky winners will be announced at this page.

  • FREE 1 Year Latest Spyware Doctor with AntiVirus 6 and Privacy Guardian 4.1 License Key

    I always think that PC Tools products such as Spyware Doctor, ThreatFire, Privacy Guardian and etc has a lot of potential. Their software are low in system resource usage, easy to use and comes in nice graphical user interface. Their most popular product Spyware Doctor which received many many awards has recently gone through a major update from v5.5 to v6. Although the interface for Spyware Doctor v6 with AntiVirus still looks the same as v5.5, but it has a lot of improvements to protect your computer from known/unknown spyware and virus.

    The key enhancements for the latest Spyware Doctor 6 are latest protection from unknown threats with Behavior Guard, improved detection capabilities, swift clean-up for heavily infected computers and improved Hacker Defense (for Windows Vista) and many other minor fixes and updates.

    There are a few options if you’d like to try out the latest Spyware Doctor. First is to download and install the trial version which offers time unlimited real-time protection (free spyware blocking), but does not remove threats detected during on-demand scans. Secondly you can download Spyware Doctor 6 Starter Edition offered by VNU. The last time I compared it with the paid version, the Intelli-Signatures definition for starter edition only covers about 30% of the full definition. Or, you can continue reading on how to obtain 1 year genuine license key for the latest Spyware Doctor with Antivirus 6 AND Privacy Guardian 4.1 as well!


    FREE Spyware Doctor 6 license key
    To get your free Spyware Doctor 6 with Antivirus and Privacy Guardian 4.1 legitimate genuine license key, just follow the few simple steps below.

    1. Go to this page, click on any of the links that will bring you to http://www.pctools.com/wbc/. You must access PC Tools registration page via WestPac site, as PC Tools checks for referrer.

    2. You should see 3 PC Tools product (Spyware Doctor with Antivirus, Privacy Guardian and PC Tools Firewall Plus) that is checked by default. Scroll down, enter your first name, last name, email, password and click the Signup button. Make sure that you’re entering a working email address because the verification link and license key code will be sent there.
    Spyware Doctor 6 license key code

    3. Once you see the message “Westpac Banking Corporation – Special Offer! Thank you – verification email sent.”, check the email address that you’ve entered at step 2. Open the email from PC Tools Account Activation ([email protected]) with the subject “Please verify your PC Tools email address”‏. Click the link that says “To activate your account please click here”.

    4. A web page will open containing your license name and license code for Spyware Doctor with AntiVirus, Privacy Guardian and PC Tools Firewall Plus. Note down the license name and license code.

    5. Download the software that you want to install.
    Spyware Doctor with AntiVirus 6: http://www.pctools.com/mirror/sdasetup.exe
    Privacy Guardian 4.1: http://www.pctools.com/mirror/pginstall.exe
    PC Tools Firewall Plus 4: http://www.pctools.com/mirror/fwinstall.exe

    6. After installation, run the software and click the Register button. Enter the license name and license key. Voila! FREE subscription for a year!

    You might notice that I did not mention much about PC Tools Firewall Plus. This is because this product is already offered as free or charge for everyone and you don’t need any special promotion to get the license key code. Get it fast before this great offer expires! Thanks to DSP8000 and ozziemozzie for sharing this tip with all of us!

    P/S: So bloggers and webmasters, go ahead and spread the word like you always do and PLEASE don’t forget to LINK BACK to this original article. We both know that you got it from here first.