Malware issues

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by confuzzled89, Oct 4, 2014.

  1. confuzzled89

    confuzzled89 Private E-2

    About four days ago, I noticed an obvious drop in my computers performance. My CPU load would increase dramatically even after restarting my computer while having no other programs open. I recall this happening after I updated my Java Oracle though it could be completely unrelated.

    After checking the processes in my task manager, I've found that there are several instances of Heokycun.exe *32 running, taking upwards of 50% of CPU usage. Even after ending the process tree, it would pop back up after a few seconds. I was unable to find anything about this specific process.

    Before I found out about this forum, I tried to fix this problem myself by running Malware Bytes, Microsoft Security Essentials, and HiJackThis. Malware Bytes found 9 threats which I unfortunately already removed from my computer. MSE found that there were no threats. I did not change anything with HJT yet.

    Currently:
    - My quick launch icons have gone missing
    - My background has changed itself to black
    - My computer is creating copies of some of my documents and folders with no actual content it in. Some of which are appearing on my desktop and my C and D drives.
    - CPU load fluctuates from 10% to 50-90%.

    After failing to fix it, I've followed the read and run procedure accordingly and have attached the logs.

    I am unable to post the TDSSkiller log, as it exceeded the limit in file size.
     

    Attached Files:

    confuzzled89, Oct 4, 2014
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    We require the requested log from MGtools ( the C:\MGlogs.zip file ) before we can work up a proper fix.

    What is the below and why is this on your Desktop?

    C:\Users\domesticpee\Desktop\desktop\fresh install\bench\LinData\x64\linpack64.exe
     
    chaslang, Oct 5, 2014
    #2
  3. confuzzled89

    confuzzled89 Private E-2

    My apologies for missing the MG logs. I have no recollection of downloading Linpack.exe64 to my desktop. I will leave it there until I receive further instructions.
     

    Attached Files:

    confuzzled89, Oct 5, 2014
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Does the below information help you remember. Perhaps it is part of some bench marking program or are you doing overclocking?

    https://software.intel.com/en-us/articles/intel-math-kernel-library-linpack-download


    We will not touch this for now since it does not appear to be obvious malware, but having things like this on the Desktop is not a good idea.



    Please download OTM by Old Timer and save it to your Desktop.
    • Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
    • Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
      (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
      the code box
    Code:
    :Processes
explorer.exe
 
:Files
C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\Heokycun.exe
C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh
C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz
C:\Users\domesticpee\AppData\Roaming\Search Protection\SearchProtection.EXE
C:\Users\domesticpee\AppData\Roaming\Search Protection
C:\Users\domesticpee\AppData\Local\FLT\Dvhfvbp.dll
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\TEMP\*.*
C:\Users\domesticpee\AppData\Local\Temp\*.*
:Reg
[-HKEY_USERS\S-1-5-21-1480437405-2495590198-2335762126-1000\Software\iLivid]
[-HKEY_USERS\S-1-5-21-1480437405-2495590198-2335762126-1000\Software\Softonic]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2bf470e-ed1c-487f-a777-2bd8835eb6ce}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d2bf470e-ed1c-487f-a333-2bd8835eb6ce}"=-
"{d2bf470e-ed1c-487f-a666-2bd8835eb6ce}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SearchProtection"=-
"Dvhfvbp"=-
"uTorrent"=-
[HKEY_USERS\S-1-5-21-1480437405-2495590198-2335762126-1000\Software\Microsoft\Windows\CurrentVersion\run]
"SearchProtection"=-
"Dvhfvbp"=-
"uTorrent"=-
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]
    • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
      ) and choose Paste.
    • Now click the large [​IMG] button.
    • If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
    • Close OTM.
    Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
    saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
    this log file to your next message.

    Now please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Attach JRT.txt to your next message.
    Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

    Then attach the below logs:
    • the C:\_OTM\MovedFiles log
    • the JRT.TXT log
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    Last edited: Oct 6, 2014
    chaslang, Oct 5, 2014
    #4
  5. confuzzled89

    confuzzled89 Private E-2

    After downloading and running OTM, it killed the processes that were copy and pasted. However, OTM stopped responding and I waited about 5 minutes to see if it would recover. It did not seem that it would continue working after I hit the "MoveIt" button.

    Since I was not prompted to reboot, I did not move on to the next step.

    Regarding LinPack - Yes now that you mentioned overclocking, I had a friend who did change some settings of my core (though i reset them back to default a while ago). I believe that the program should be okay.
     
    confuzzled89, Oct 6, 2014
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please try rebooting your PC into safe boot mode and running the OTM fix. After running the OTM fix, boot back into normal mode to continue the other remaining steps.
     
    chaslang, Oct 7, 2014
    #6
  7. confuzzled89

    confuzzled89 Private E-2

    I'm not seeing any report on a notepad after running OTM. Should I continue with the next step anyway?
     
    confuzzled89, Oct 7, 2014
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes, I should be able to see the info I need in the new MGlogs.zip file.
     
    chaslang, Oct 7, 2014
    #8
  9. confuzzled89

    confuzzled89 Private E-2

    Here are the JRT and the updated MGlogs.zip.
     

    Attached Files:

    confuzzled89, Oct 7, 2014
    #9
  10. confuzzled89

    confuzzled89 Private E-2

    Forgot to provide an update my computer's status. It's running a lot smoother now. Seems like the processes that were slowing down my CPU are gone.
     
    confuzzled89, Oct 7, 2014
    #10
  11. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your logs are clean.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    7. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
    chaslang, Oct 7, 2014
    #11
  12. confuzzled89

    confuzzled89 Private E-2

    I just ran MGclean.bat and rebooted my computer. Heokyucun.exe *32 is still showing up in my processes. Also there are still the hidden folders/files that are scattered around my drives. Is it safe to delete them? I don't think I messed up any steps but it seems as though the malware is still here.
     
    confuzzled89, Oct 7, 2014
    #12
  13. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then it would seem that something did come back and now on a more extensive check I do see a registry entry that returned. Possibly because of the issue with OTM. So let's try one new scan.

    Please do the below so that we can boot to System Recovery Options to run a scan.

    For 32-bit (x86) systems download Farbar Recovery Scan Tool and save it to a flash drive.
    For 64-bit (x64) systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

    Plug the flashdrive into the infected PC.


    Enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please attach this file to your next reply. (See: How to attach)
     
    chaslang, Oct 8, 2014
    #13
  14. confuzzled89

    confuzzled89 Private E-2

    I'm using Windows 7 Ultimate and it doesn't seem to have a Repair Your Computer as an option. Are there any alternatives?
     
    confuzzled89, Oct 8, 2014
    #14
  15. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you have your bootable Windows 7 DVD to boot from? If not then just boot into normal Windows and run the FRST scan and then attach the log.


    Also from normal Windows let's get the below log.

    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double-click on the OTL icon on your desktopto run it. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Change the setting of "Drivers" and "Services" to "All"
    • Copy the text in the code box below and paste it into the [​IMG] text-field.
      Code:
      activex
netsvcs
drives
    • Now click the [​IMG] button.
    • One report will be created:
      • OTL.txt <-- Will be opened
    • Attach OTL.txt to your next message. (How to attach)
     
    chaslang, Oct 8, 2014
    #15
  16. confuzzled89

    confuzzled89 Private E-2

    I ran the scan off my desktop. I do not have a bootable windows 7 disc or flash drive on hand. I've attached the extra logs that the scans provided just in case they're necessary. Addition.txt and Extras.txt.
     

    Attached Files:

    confuzzled89, Oct 9, 2014
    #16
  17. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Now shut down your protection software (antivirus, antispyware...etc) to avoid possible conflicts.
    • Double-click OTL.exe to run. (Note: if using Vista, Win7 or Win8 use right-click and select Run as Administrator)
    • Copy the text in the code box below and paste it into the [​IMG] text-field.
    Code:
    :OTL
PRC - [2014/10/08 21:25:08 | 000,860,488 | ---- | M] (Google Inc.) -- C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\Heokycun.exe
MOD - [2014/10/08 21:25:08 | 014,669,128 | ---- | M] () -- C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\36.0.1985.143\PepperFlash\pepflashplayer.dll
MOD - [2014/10/08 21:25:08 | 008,537,928 | ---- | M] () -- C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\36.0.1985.143\pdf.dll
MOD - [2014/10/08 21:25:08 | 000,718,152 | ---- | M] () -- C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\36.0.1985.143\libglesv2.dll
MOD - [2014/10/08 21:25:08 | 000,353,096 | ---- | M] () -- C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\36.0.1985.143\ppGoogleNaClPluginChrome.dll
MOD - [2014/10/08 21:25:08 | 000,126,280 | ---- | M] () -- C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\36.0.1985.143\libegl.dll
MOD - [2014/10/08 21:25:07 | 001,732,936 | ---- | M] () -- C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh\36.0.1985.143\ffmpegsumo.dll
MOD - [2014/09/30 22:54:58 | 014,891,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll
MOD - [2014/09/30 22:54:57 | 008,911,176 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
MOD - [2014/09/30 22:54:53 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
MOD - [2014/09/30 22:54:51 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
MOD - [2014/09/30 22:54:51 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
O4 - HKU\S-1-5-21-1480437405-2495590198-2335762126-1000..\Run: [uTorrent] C:\Users\domesticpee\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
:Files
C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz\Yyghboowbvh
C:\Users\domesticpee\AppData\LocalLow\Microsoft\dcnpbbvgjz
C:\Windows\TEMP\*.*
C:\Users\domesticpee\AppData\Local\Temp\*.*
 
:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Dvhfvbp"=-
[HKEY_USERS\S-1-5-21-1480437405-2495590198-2335762126-1000\Software\Microsoft\Windows\CurrentVersion\run]
"Dvhfvbp"=-
:Commands
[PURITY]
[EMPTYTEMP] 
[EMPTYFLASH]
 

[REBOOT]
    • Now click the [​IMG] button.
    • If the fix needed a reboot please do it.
    • Click the OK button (upon reboot).
    • When OTL is finished, Notepad will open. Close Notepad.
    • A log file will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
    • Attach this log to your next message. (See: How to attach)
    Now download the current version of MGtools and save it to your root folder. Overwrite your previous MGtools.exe file with this one.

    Run MGtools.exe ( Note: If using Vista, Win7, or Win8, make sure UAC is still disabled. Also don't double click on it, use right click and select Run As Administrator )


    Then attach the below logs:
    • the log from OTL
    • C:\MGlogs.zip
    Make sure you tell me how things are working now!
     
    chaslang, Oct 10, 2014
    #17
  18. confuzzled89

    confuzzled89 Private E-2

    Ran OTL and it seemingly worked. I was unable to upload OTL due to the file size restriction.

    After the reboot all the hidden folders and files were removed. I rebooted again just to make sure they wouldn't show up again. However after the reboot, they did indeed come back.

    The processes that were eating up my CPU usage did not show up again though.
     

    Attached Files:

    confuzzled89, Oct 10, 2014
    #18
  19. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay then please uninstall Google Chrome now and then rerun the last fix. To atach the OTL log if too large you can compress it into a Zip file. Do not reinstall Chrome yet. Just use Internet Explorer. Also please uninstall Battle.Net because there were signs that this was possible related to that.
     
    chaslang, Oct 10, 2014
    #19
  20. confuzzled89

    confuzzled89 Private E-2

    I've attached the previous OTL log and the new one that I ran after uninstalling chrome and battle.net, as well as a new MGlog after the reboot.
     

    Attached Files:

    confuzzled89, Oct 11, 2014
    #20
  21. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Looks good now. Is everything working okay.

    Delete the below two folders:
    C:\Users\domesticpee\AppData\Local\Google\Chrome
    C:\Program Files (x86)\Google\Chrome

    Then if all is good you can try reinstalling Chome but do not install Battle.Net that seem to be your problem.
     
    chaslang, Oct 11, 2014
    #21
  22. confuzzled89

    confuzzled89 Private E-2

    Everything seems to be working fine. Is there anyway to get rid of the hidden folders/files that were created because of the malware? After the initial OTL scan, it removed everything. After rebooting, the hidden folders/files came back.
     
    confuzzled89, Oct 12, 2014
    #22
  23. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    What hidden files and folders are you referring to?
     
    chaslang, Oct 13, 2014
    #23
  24. confuzzled89

    confuzzled89 Private E-2

    I've attached a JPG of a snapshot my C drive folders.

    The folders and files that I dont recognize are:
    $Recycle.Bin
    Documents and Settings
    MSOCache
    ProgramData
    Recovery
    System Volume Information
    hiberfil.sys
    pagefile.sys

    After I ran the first OTL fix, it removed the above. However after rebooting, they came back and I'm unable to delete them manually. There are also similar folders in my other two drives.
     

    Attached Files:

    confuzzled89, Oct 13, 2014
    #24
  25. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You should not be trying to do anything we did not ask you to do. In addition OTM did not remove those folders and files. Thoses are necessary folders for Windows and if you succeeded in deleting any of them or any of the files in the folders, you would not be able to boot your PC any more. They are necessary and protected system folders and files which you are not supposed to have access to.


    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep Malwarebytes Anti-Malware for scanning/removal of malware.
    2. Renable your Disk Emulation software with Defogger if you had disabled it in step 4 of the READ & RUN ME.
    3. Go to add/remove programs and uninstall HijackThis. If you don't see it or it will not uninstall, don't worry about it. Just move on to the next step.
    4. If running Vista, Win 7 or Win 8, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Now goto the C:\MGtools folder and find the MGclean.bat file. Double click ( if running Vista, Win7, or Win 8 Right Click and Run As Administrator ) on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others) and running MGclean.bat did not remove them, you can delete these files now.
    7. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    8. If you are running Win 8, Win 7, Vista, Windows XP or Windows ME, do the below to flush restore points:
      • Refer to the instructions for your WIndows version in this link: Disable And Enable System Restore
      • What we want you to do is to first disable System Restore to flush restore points some of which could be infected.
      • Then we want you to Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Oct 13, 2014
    #25
  26. confuzzled89

    confuzzled89 Private E-2

    I did not do anything to those files/folders. I'm 100% positive that OTL did clean them up or move them when I first ran it. When I ran OTL the second time after rebooting, these files reappeared on my desktop and disk drives.

    Everything is working. There are some misplaced files but other than that the performance of my computer has returned to normal.

    Thank you for your time and patience with me. I greatly appreciate the effort that you've put in to helping me restore my PC.
     
    confuzzled89, Oct 14, 2014
    #26
  27. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome.

    No it did not touch them at all. These were not part of the fixes and if they had been removed, your PC would not have been booting up. What possibly happened is that at some point the viewing of hidden/system files was simply disable and thus you did not see them anymore. But running another program ( like MGtools or the GetLogs.bat program ) will automatically enable viewing of thes again which is what we ask you to do manually to while running the RAD & RUN ME. MGtools does it automatically as a backup because 85% of all people who try to run the READ & RUN ME always forget this step or fail to do it properly. ;)

    Gin I don't know what you are referring to without specific information.
     
    chaslang, Oct 14, 2014
    #27
  28. confuzzled89

    confuzzled89 Private E-2

    I had no idea that those were supposed to be there. Since that's the case, nothing is out of place other than some microsoft word documents on my desktop that weren't there before.
     
    confuzzled89, Oct 14, 2014
    #28
  29. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes they were there before. You had them there since 2012 for two of them and 2013 for the other. They were hidden before
    Code:
    ---ha-w               162 2013-02-27 21:56:31  C:\Users\domesticpee\Desktop\~$dated Resume.docx
---ha-w               162 2012-10-16 03:57:41  C:\Users\domesticpee\Desktop\~$s29b_fa12_pp.docx
---ha-w               162 2012-10-15 21:35:34  C:\Users\domesticpee\Desktop\~$s29b_midstushet_fa12.doc
    If don't need them delete them. They are not malware and they are not related to what we did here. They are your files.
     
    chaslang, Oct 15, 2014
    #29
  30. confuzzled89

    confuzzled89 Private E-2

    Okay great. Thanks again for everything you've done. I've learned a lot going through this process and I'll be careful from now on.
     
    confuzzled89, Oct 15, 2014
    #30
  31. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. Surf safely.
     
    chaslang, Oct 18, 2014
    #31

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds