hugely infected, please help

Discussion in 'Malware Help (A Specialist Will Reply)' started by Snotagain, Feb 15, 2007.

  1. Snotagain

    Snotagain Private First Class

    hi, i have followed the steps in the Malware Removal Guide. i had trouble with CounterSpy - did the scan, found over 500 entries, scan finished, quarantined even though the page looked blank then it shut down before i could save a log. rebooted in normal mode and it crashed - Vet Anti Virus clash i think. eventually disabled CounteSpy and deleted it. Ran AVG but unfortunately couldn't retrieve the update. copied the log anyway.

    Vet continuously picks up 2 viruses that rewrite themselves on reboot and when i open Internet Explorer. these are the viruses:Win32/Matcash.f dropper/trogan and Win32/Hostblock virus. Matcash.f rewrites itself to different locations if i find it and delete it(Common files, temp, Local settings and now Desktop). My Vet Anti Virus is the most up to date version and it's files are updated automatically.

    My Windows ServicePack 2 is corrupted(auto message informed me), my firewall was disabled and i can't turn on Security Centre. Also my Restore function is disabled - no matter how many times i turn it back on it turns back off. my Msconfig is inaccessble through windows - had to boot in normal mode from the Safemode screen at startup, although after doing the malware removal steps msconfig window popped up on reboot!

    i will attach my log files, thanks for any help, i really don't want to format as usual. (which i haven't had to do for 2 years) i have been regularily using Spybot S&D and Ad-Aware and updating them. I now found out through your website i need a firewall other than windows xp standard!:banghead
     
    Last edited: Feb 2, 2008
    Snotagain, Feb 15, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    Please attach the other requested logs from:
    - GetRunKey
    - ShowNew
    - HijackThis
     
    chaslang, Feb 15, 2007
    #2
  3. Snotagain

    Snotagain Private First Class

    Thanks for your reply i will now attach further logs. My Ccleaner log was too big and was refused (nearly double the accepted size), so i will try and half it into 2 log files to attach.
     
    Last edited: Feb 2, 2008
    Snotagain, Feb 16, 2007
    #3
  4. Snotagain

    Snotagain Private First Class

    Hi again, here's the three Ccleaner logs. Number 1Ccleaner log and number
    2Ccleaner log and 3Ccleaner log( halving the original log was still too big). I downloaded Windows XP ServicePack2 yesterday because mine was corrupted - obviously a waste of time since my computer is still infected!
    And thanks again.
     
    Last edited: Feb 2, 2008
    Snotagain, Feb 16, 2007
    #4
  5. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    We did not ask for a log from CCleaner and have no need for it.

    NOTE: Trying to install SP2 while your PC is infected could make your PC totally unusable. Do not install SP2 until your PC is clean!

    You attached a HijackThis log from Safe Boot Mode. You must remember to only attach HijackThis logs from Normal Boot Mode unless we ask for one from safe mode.

    Also you are using MSconfig to control Startups. Please follow the directions in step 0 of the READ & RUN ME and select Normal Startup mode.


    Now download the attached chodefix.zip file (see the bottom of this message) to your Desktop or someplace else you will be able to find it. The extract the two files from it. Then double click on the chodefix.bat file. This will try to fix some of the damage caused by the Chode infection that you have. You should see a message like the below when it finishes (in about 3 seconds).
    Tell me if you see this message or not or if you get an error message instead. No matter what happens just continue on to the next steps.


    Continue by downloading a tool we will need - Pocket KillBox

    Save it to its own folder somewhere that you will be able to locate it later.


    Now run Pocket Killbox by doubleclicking on killbox.exe
    • select File, Cleanup, Delete All Backups
    • Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    • Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:
    • Delete on Reboot
    • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\Program Files\Common Files\{262916F0-0AE8-1033-0916-04102520003d}\Update.exe
    D:\Program Files\Warez P2P Client\warez.exe
    C:\WINDOWS\system32\qfcbcq\services.exe
    c:\windows\system32\USTART.EXE
    C:\WINDOWS\system32\netstat.com
    C:\WINDOWS\system32\taskkill.com
    c:\windows\system32\f3PSSavr.scr
    c:\windows\system32\2searchinstaller.exe
    c:\windows\NDNuninstall6_98.exe
    C:\WINDOWS\NDNuninstall7_14.exe
    C:\Documents and Settings\All Users\Documents\newWarezP2P.exe
    C:\Documents and Settings\YVONNE\Local Settings\Temp\TCS2.EXE
    C:\Documents and Settings\YVONNE\MC.EXE

    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.
    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    After reboot locate the below folders and delete if found:
    C:\WINDOWS\system32\qfcbcq
    C:\Program Files\Warez P2P Client
    C:\Program Files\Warez P2P ClientIPGUARD.LOG
    C:\Program Files\Common Files\{262916F0-0AE8-1033-0916-04102520003d}

    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT


    Make sure you tell me how things are working now!
     

    Attached Files:

    chaslang, Feb 18, 2007
    #5
  6. Snotagain

    Snotagain Private First Class

    Sorry for posting Ccleaner. So many steps to go through, my mistake.

    I was unable to access Msconfig to select Normal Startup Mode - it immediately disappeared everytime i tried to open it. So i went to safe mode screen and selected normal start up there thinking it was the same - i don't know very much about these things. I feel like a fool :heli but thankyou for your patience. I will follow your instructions you have written and only attach the logs you asked for.

    Thanks again, for donating your time.
     
    Snotagain, Feb 18, 2007
    #6
  7. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Okay! Your infections could be getting in your way of running MSconfig.

    Just attach the new logs when you finish. Then also after finishing the steps, see if you can now run MSconfig to select normal startup.
     
    chaslang, Feb 18, 2007
    #7
  8. Snotagain

    Snotagain Private First Class

    Hi again,
    Followed your instructions from your last reply.
    I recieved this message
    Unable to connect to your web page yesterday after running chodefix, didn't matter which link I tried except your "Malware Removal Guide" page that I clicked from my 'Favourites' list but still couldn't open any other page from here or Log on. Downloaded Pocket KillBox from another website(same version).

    Had to rename Pocket KillBox because everytime I tried to open it it disappeared.

    Ran it as per instructions.

    This message didn't come up and it rebooted automatically.

    Deleted the first two files, didn't locate the bottom two.

    How is my computer running?

    • Everytime I reboot I get these error messages:Windows cannot find C:\WINDOWS\system32\qfcbcq\services.exe check path... and Cannot load/run C:\WINDOWS\system32\qfcbcq\services.exe as specified in the registry.(twice, so I have to close 4 windows)
    • My Firewall was not enabled still. (turned back on)
    • My Restore function still isn't accessible and it was turned off still. (turned back on)
    • Winows Security Update icon appears in the tray but it stays at 0% for a while then disappears.
    • Msconfig is accessible and I can show hidden files without it reverting automatically.
    • Vet isn't picking up any viruses.
    I will attach the requested logs. Thanks Chaslang:)
     
    Last edited: Feb 2, 2008
    Snotagain, Feb 19, 2007
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please download the new version of chodefix.zip and extract the files to whereever you extracted the previous version. Then run chodefix.bat


    Now uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 5
    J2SE Runtime Environment 5.0 Update 6

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment


    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
    F3 - REG:win.ini: load=C:\WINDOWS\system32\qfcbcq\services.exe
    F3 - REG:win.ini: run=C:\WINDOWS\system32\qfcbcq\services.exe
    O2 - BHO: (no name) - {B6CBC049-AADF-7FE5-AF99-2DF17C29F35B} - C:\DOCUME~1\yvonne\APPLIC~1\TRUSTT~1\flaw upload.exe (file missing)
    O2 - BHO: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{36291~1\Bar888.dll (file missing)
    O3 - Toolbar: Bar888 - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - C:\PROGRA~1\COMMON~1\{36291~1\Bar888.dll (file missing)
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [OnlineCdrom] C:\DOCUME~1\yvonne\APPLIC~1\ATOMDE~1\32third.exe
    O4 - Startup: services.lnk = ?
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
    O9 - Extra button: @C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll,-115 - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - (no file)
    O9 - Extra 'Tools' menuitem: ImageShack Toolbar - {BB8A8834-A0A1-4d70-A21A-72FF89AA737A} - (no file)

    After clicking Fix, exit HJT.

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Note for IE 7 users: You need to select Internet Options then the Advanced tab and then Reset Internet Explorer Settings!

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files"
    Now click Start, Run, and enter regedit and click OK. This should open the Windows Registry Editor. In the Registry Editor click File and select Import. Navigate to the fixME.reg file on your Desktop and double click on it. Answer yes to the prompt to allow it to be added to the registry

    Did you get a success message?


    Now run Pocket Killbox by doubleclicking on killbox.exe
    • select File, Cleanup, Delete All Backups
    • Choose Tools > Delete Temp Files and click Delete Selected Temp Files.
    • Then after it deletes the files click the Exit (Save Settings) button.
    NOTE: Pocket Killbox will only list the added files it is able to find on the system. So when you do the below, if some files do not show in the list after pasting them in, just continue.

    Select:
    • Delete on Reboot
    • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\Documents and Settings\yvonne\Start Menu\Programs\Startup\services.lnk
    C:\Documents and Settings\All Users\Application Data\mediamoveformulti\okaydent.exe
    C:\Documents and Settings\yvonne\Application Data\ATOMDE~1\32third.exe
    C:\Program Files\Block Checker\block-checker.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
    C:\Program Files\MYWEBS~1\bar\2.bin\mwsoemon.exe
    C:\Program Files\NEWDOT~1\\NEWDOT~2.DLL
    D:\Program Files\Warez P2P Client
    C:\Program Files\Common Files\{262916F0-0AE8-1033-0916-04102520003d}\Update.exe
    C:\WINDOWS\system32\drivers\etc\hosts
    C:\WINDOWS\system32\drivers\etc\hosts.msn
    C:\WINDOWS\system32\drivers\pshook11.sys


    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt.
    If you receive a PendingFileRenameOperations prompt, just click OK to continue (But please let me know if you receive this message!).

    If Killbox does not reboot just reboot your PC yourself.

    After reboot locate the below folder and delete if found:
    C:\Program Files\Block Checker
    C:\Program Files\MessengerPlus! 3
    C:\Program Files\MYWEBS~1 <-- it will be something like My Web Search Bar if it exists
    C:\Program Files\NEWDOT~1<-- it will be something like NewDotNet if it exists

    Now run Ccleaner!

    Now attach the below new logs and tell me how the above steps went.

    1. GetRunKey
    2. ShowNew
    3. HJT


    Make sure you tell me how things are working now!
     
    Last edited: Feb 20, 2007
    chaslang, Feb 20, 2007
    #9
  10. Snotagain

    Snotagain Private First Class

    Hi again,
    Updated and ran 'chodefix'. This is the message I got:

    Parameter format not correct -
    Parameter format not correct -
    Parameter format not correct -
    Parameter format not correct -
    File not found - C:\WINDOWS\system32\cpu.dll
    File not found - C:\WINDOWS\system32\netstat.com
    File not found - C:\WINDOWS\system32\taskkill.com
    Path not found - C:\Microsoft\CD_Burning
    The system cannot find the file specified.
    The system cannot find the path specified.
    The system cannot find the path specified.
    The system cannot find the path specified.
    Could Not Find C:\WINDOWS\system32\cpu.dll
    Could Not Find C:\WINDOWS\system32\netstat.com
    Could Not Find C:\AGeekTools\echo
    Could Not Find C:\WINDOWS\system32\netstat.com
    Could Not Find C:\WINDOWS\system32\taskkill.com
    Could Not Find C:\AGeekTools\echo
    Could Not Find C:\WINDOWS\system32\taskkill.com
    The system cannot find the path specified.

    - Hidden and System file viewing enabled
    - Viewing file name extensions enabled
    - Enabled Registry Edits
    - Enabled Admin Page
    - Deleted some Chode-W related files if found
    - Hosts file was set back to default settings!

    Hit the F5 function key or click refresh in Windows Explorer
    to see the effects!

    Press any key to continue . . .
    Deleted and updated the Sun Java Runtime Environm    ent as requested.

    Ran HJT and couldn't fix this file:
    Reset my web settings in IE but now I have Firefox. I think I reset the web settings here but it doesn't seem to have the "delete files and offline content"?

    Yes I did.

    I ran Pocket KillBox and i didn't get the "PendingFileRenameOperations prompt".

    I didn't locate any of these files. But I found them when I ran HJT again later and deleted them from there plus some other things i didn't want, such as ICQ, Ares Lite, Wares P2P Client and Trusted Zone http//toolbar.imageshack.us.
    I was eventually able to delete this file "O4 - Startup: services.lnk = ?".

    Finished with Ccleaner.

    How is my computer running?

    • When i reboot, AVG resident shield has been turned off the last two times.
    • Windows Firewall always has to be turned on after a reboot and i get the error message:"Due to an unidentified problem, Windows cannot display Windows Firewall Settings." So I click ok and then try to open it again and the settings window opens with the firewall set to on.
    • My Microsoft Word files - when I open a file I always get the message window: "The 'file' is being used by (me). Do you want to make a copy?" Also all my Word document names on my desktop have changed to include the '.doc' extension. Yesterday the last Word file I saved was copied and saved as a hidden file on my desktop with a '~1' on the end of the name - It's no longer there since following your lastest instructions. I've noticed a few files with these changes to their names in NewFile log?
    • My System Restore function is working now, thankyou.
    • When I open up Limewire now I get the message that I need to "download and update Java", since deleting the Update 5.0 and 6.0 at the beginning of instructions. Isn't your Sun Java Runtime Environment link the latest version?
    • I noticed in the NewFiles log an entry under C:\WINDOWS\system32\drivers\ 'tcpip.sys" I had a Matcash.f virus that showed up as an icon called "tcp". Could this be a driver left over by that virus?
    Everything seems to be fine but can you please take a look at the logs you requested.
    Thanks muchly again Chaslang.
    PS I noticed the 'Show Hidden, Super Show Hidden etc" settings aren't set at 1,1,1,0 from top to bottom?
     
    Last edited: Feb 2, 2008
    Snotagain, Feb 20, 2007
    #10
  11. Snotagain

    Snotagain Private First Class

    Sorry, please disregard the second last dot point. Dopey me just realised I forgot to install Java after downloading it!:eek:
     
    Snotagain, Feb 20, 2007
    #11
  12. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You may have to uninstall AVG, reboot, and then reininstall to fix this.

    The infection you had can break the Windows Firewall and part of ChodeFix.bat tried to fix some aspects of this. The Windows Firewall does not provide adequate protection anyway so don't worry about it being disabled. Install and use this: ZoneAlarmFree

    I have no idea what this is but let's finish all fixing first before worrying about this.

    They always did. You just never had done step 2 of the READ ME before. ;) Thus you never saw the extensions. You should not really store Word Docs on you Desktop anyway. It increases clutter and makes an easier hiding place for malware. Also malware like to mess with your Desktop so this is not a safe place to store them if these files are important.

    Anytime you open a Word file, Word creates a backup with like that. It goes away when you close Word down properly. Again you would never have noticed if you were not storing these on your Desktop.

    I'm not sure what you mean!

    tcpip.sys is a valid Windows system file which you need. It is not from that virus.


    Not a big issue! The middle '1' is not a really too important.



    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [navapp] C:\Program Files\NavExcel\NavHelper\v2.0.4d\navapp.exe
    O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
    O4 - HKLM\..\Run: [HPHUPD08] D:\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
    O4 - HKLM\..\Run: [HP Software Update] D:\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [FOR MULTI OWNS TRANS] C:\Documents and Settings\All Users\Application Data\mediamoveformulti\okaydent.exe

    After clicking Fix, exit HJT.

    If you would like to enhance PC performance, also have HijackThis fix the below unnecessary startups:

    O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
    O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe


    Now please download the new versions of GetRunKey and ShowNew just created tonight!

    Now attach the below new logs and tell me how the above steps went.
    1. GetRunKey
    2. ShowNew
    3. HJT
     
    chaslang, Feb 21, 2007
    #12
  13. Snotagain

    Snotagain Private First Class

    Hello again,
    AVG working fine this morning, shield on. I'll just monitor it and remove/reinstall if it plays up too much. Thanks.
    Downloaded ZoneAlarm but unfortunately this error message came up when I went to install it:

    "Installation conflict! Computer Associates Antivirus was detected on this computer and may cause a conflict with ZoneAlarm. Please uninstall it before installing ZoneAlarm."

    So I will try another firewall program listed on your site. Not all firewalls will conflict with my antivirus program will it I only just updated my license again in December? I did try Outpost (didn't work) but that was when I was still infected, so I deleted it and decided to wait until computer was clean.

    I'll start a new thread in 'Software' about Microsoft Word, sorry.

    Ah yes, I discovered after I posted that my folder options were set to reveal the extensions by reading about it. rolleyes

    I thought I deleted this file before my last post?
    I also have a stubborn file in Add/Remove Programs - 'Paltalk'. Won't let me delete, something about a missing file, and I didn't notice any Paltalk files in HJT? Is there a way to get rid of it? My kids went berserk downloading ICQ, ICQLite, Paltalk, Chatablanca, Yahoo Messenger and MSN and I tried to deleted them (except MSN) - I'd like to get rid of Yahoo but they won't let me! Same situation with music download programs - I've settled with Limewire for the time being.

    Thanks a lot for this, those startup files can be so annoying. So that's how I can get rid of some of the sneaky ones that don't show up.

    Thankyou so so much for your expertise :clap It's fantastic that because of you I get to keep all my data.:dancer

    Here's those last three files.
    Thanks once again Chaslang and for your quick replies to my problems.
     
    Last edited: Feb 2, 2008
    Snotagain, Feb 21, 2007
    #13
  14. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    I'm not sure if you are confusing the use of the word delete with uninstall. Programs that you don't need should be uninstalled not deleted. Then after uninstalling you can cleanup any files/folders/registry keys etc hanging around after the uninstall. If you do it the other way around and start deleting things first and then attempt an uninstall, the uninstall will not work and you will probably have to reinstall the whole application in an attempt to get it uninstalled. Your other choice would be to try a program like below:

    Your Uninstaller! 2006

    Either way, problems with uninstalling or installing or using any of these programs is also not a topic for the malware forum.

    Your log is clean. If you are not having any other malware problems, it is time to do our final steps:
    1. If we used Pocket Killbox during your cleanup, do the below
      • Run Pocket Killbox and select File, Cleanup, Delete All Backups
    2. If we used ComboFix you can delete the ComboFix.exe file and associated C:\combofix.txt log that was created.
    3. If we user SDFix you can delete all the SDFix related files and folders from your Desktop or whereever you installed it.
    4. If we used VundoFix, you can delete the VundoFix.exe file and the C:\VundoFix Backups folder and C:\vundofix.txt log that was created.
    5. If we had your run FixWareOut, you can delete the Fixwareout.exe file and the C:\fixwareout folder.
    6. If we had you download any registry patches like fixme.reg or fixWLK.reg (or any others), you can delete these files now.
    7. You can delete the ShowNew.Zip and GetRunkey.Zip files and the files that you extracted from the ZIP files. You can also delete the C:\newfiles.txt and C:\runkeys.txt logs that were created
    8. If you are running Windows XP or Windows ME, do the below:
      • go back to step 8 of the READ & RUN ME to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore to create a new clean Restore Point.
    9. After doing the above, you should work thru the below link:
     
    chaslang, Feb 22, 2007
    #14
  15. Snotagain

    Snotagain Private First Class

    I do understand about uninstall and delete and I must admit I actually deleted Paltalk files sometime ago, probably during a brain surge and then saw that it was in Add/remove Programs.

    Thanks for the last steps, your patience and your help.

    Take care.
     
    Snotagain, Feb 22, 2007
    #15

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds