When ever i do a virus scan i get over 300 of these stuff. can anyone help me get rid of this. Logfile of HijackThis v1.99.1 Scan saved at 6:54:06 AM, on 12/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\RunDLL32.exe C:\Java\jre1.5.0_09\bin\jusched.exe C:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\nvsvc32.exe C:\PC Auto Shutdown\ShutdownService.exe D:\WINDOWS\system32\svchost.exe C:\Mozilla Firefox\firefox.exe C:\HJT\the lonely.exe D:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvr.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast.com/index.php?rvs=hompag O1 - Hosts: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" O1 - Hosts: "http://www.w3.org/TR/html4/loose.dtd"> O1 - Hosts: <html> O1 - Hosts: <head> O1 - Hosts: <script LANGUAGE="JavaScript"> O1 - Hosts: <!-- O1 - Hosts: if (window != top) O1 - Hosts: top.location.href = location.href; O1 - Hosts: // --> O1 - Hosts: </script> O1 - Hosts: <title>Site Unavailable</title> O1 - Hosts: <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> O1 - Hosts: <style type="text/css"> O1 - Hosts: body{text-align:center;} O1 - Hosts: .geohead {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;width:750px;margin:10px 0 10px 0;height:35px;} O1 - Hosts: .geohead #geologo {width:270px;display:block; float:left; } O1 - Hosts: .geohead #rightside {width:480px;display:block; float:right;border-bottom:1px solid #999999; height:27px;} O1 - Hosts: .geohead #rightside #welcome {width:50%;display:block; float:left; text-align:left;} O1 - Hosts: .geohead #rightside #wlinks {width:50%;display:block; float:right; text-align:right;} O1 - Hosts: .ftr { margin:0px; color:#404040; font:x-small Arial,sans-serif; text-align:center; width:750px;} O1 - Hosts: .bodywrap{display:block;height:470px;} O1 - Hosts: .bodycnt{width:510px; display:block; float:left; background-color:#EEE9F5; height:auto; text-align:left; font-family:Arial, Helvetica, sans-serif;font-size:13px; color:#000000; padding:20px 20px 35px 20px;} O1 - Hosts: .title { font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:24px; color:#7C56A9} O1 - Hosts: .adcnt{width:172px; display:block; float:right; text-align:left;cursorointer;cursor:hand;} O1 - Hosts: .adcnt td {text-align:left;} O1 - Hosts: .adsubt{font-size:10px; font-family:verdana; font-weight:bold; color:#b4b4b4; cursor:default;margin-top:5px;} O1 - Hosts: .ybadge { font-family: Verdana, Arial, Helvetica, sans-serif; font-size:10px; color: #666666; margin-top:10px;} O1 - Hosts: .ybadge img {margin-top:6px;} O1 - Hosts: .adtable {font-family:Verdana, Arial, Helvetica, sans-serif; font-size:10px;border: 1px solid #d6dbe7; background-color:#eff7ff; padding:3px; margin-bottom:10px; width:172px;} O1 - Hosts: .adttl{font-weight:bold;margin-bottom:3px;} O1 - Hosts: .addescr{color:#6b6b6b; margin-bottom:3px;} O1 - Hosts: .adlink a {color:#008200; text-decoration:none;} O1 - Hosts: </style> O1 - Hosts: </head> O1 - Hosts: <body> O1 - Hosts: <!-- following code added by server. PLEASE REMOVE --> O1 - Hosts: <!-- preceding code added by server. PLEASE REMOVE --> O1 - Hosts: <div id="maincnt"> O1 - Hosts: <div class="geohead"><div id="geologo"><a href="http://geocities.yahoo.com"><img height=33 alt="Yahoo! GeoCities" src="http://us.i1.yimg.com/us.yimg.com/i/us/nt/ma/ma_geo_1.gif" width=259 border=0></a></div> O1 - Hosts: <div id="rightside"><div id="wlinks"><a href="http://geocities.yahoo.com">GeoCities Home</a> - <a href="http://www.yahoo.com">Yahoo!</a> - <a href="http://help.yahoo.com/help/us/geo/">Help</a></div> O1 - Hosts: </div></div> O1 - Hosts: <div class="bodywrap"> O1 - Hosts: <div class="bodycnt"> O1 - Hosts: <div class="title">Sorry, this GeoCities site is currently unavailable.</div> O1 - Hosts: <p>The GeoCities web site you were trying to view has temporarily exceeded its data transfer limit. Please try again later. </p> O1 - Hosts: <p>Are you the site owner? O1 - Hosts: Avoid service interruptions in the future by increasing your data transfer limit! O1 - Hosts: <a href="http://help.yahoo.com/help/us/geo/transfer/transfer-05.html" target="_blank">Find out how.</a> </p> O1 - Hosts: <p><a href="http://help.yahoo.com/help/us/geo/transfer/" target="_blank">Learn more about data transfer.</a></p> O1 - Hosts: </div> O1 - Hosts: <div class="adcnt"> O1 - Hosts: <a target="_top" href="http://geocities.yahoo.com"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/smbiz/b/geo_mast_small2.gif" alt="Yahoo! GeoCities" border="0" height="15" hspace="0" vspace="0" width="141"></a> O1 - Hosts: <div class="adsubt">SPONSORED LINKS</div> O1 - Hosts: <!--<table width="172" border="0" bgcolor="#FFFFFF" class="adtable"><tr><td align=left>--> O1 - Hosts: <div class="adtable"> O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">Yahoo! Web Hosting<br> O1 - Hosts: $25 Setup Waived</a></div> O1 - Hosts: <div class="addescr" title="Reliable plans include domain & 24x7 support.">Reliable plans include domain & 24x7 support.</div> O1 - Hosts: <div class="adlink" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27166/*http://smallbusiness.yahoo.com/webhosting" target="_blank">webhosting.yahoo.com</a></div> O1 - Hosts: </div> O1 - Hosts: <div class="adtable"> O1 - Hosts: <div class="adttl" title="Reliable plans include domain & 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">Domain Names from Yahoo! only $9.95/yr</a></div> O1 - Hosts: <div class="addescr" title="Includes starter web page, email & domain forwarding, 24x7 support.">Includes starter web page, email & domain forwarding, 24x7 support.</div> O1 - Hosts: <div class="adlink" title="Includes starter web page, email & domain forwarding, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27176/*http://smallbusiness.yahoo.com/domains/" target="_blank">domains.yahoo.com</a></div> O1 - Hosts: </div> O1 - Hosts: <div class="adtable"> O1 - Hosts: <div class="adttl" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">Yahoo! Business Email<br> Domain Included</a></div> O1 - Hosts: <div class="addescr" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.">Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning.</div> O1 - Hosts: <div class="adlink" title="Setup fee waived. Up to 10 emails, SpamGuard, forwarding & virus scanning."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=27184/*http://smallbusiness.yahoo.com/mail" target="_blank">smallbusiness.yahoo.com</a></div> O1 - Hosts: </div> O1 - Hosts: <div class="adtable"> O1 - Hosts: <div class="adttl" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">Ecommerce from Yahoo!<br> 1 Month Free</a></div> O1 - Hosts: <div class="addescr" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support.">$50 setup fee waived. A reliable ecommerce plan, 24x7 support.</div> O1 - Hosts: <div class="adlink" title="$50 setup fee waived. A reliable ecommerce plan, 24x7 support."><a href="http://pa.yahoo.com/*http://us.rd.yahoo.com/evt=/27190/*http://smallbusiness.yahoo.com/merchant" target="_blank">smallbusiness.yahoo.com</a></div> O1 - Hosts: </div> O1 - Hosts: <div class="ybadge"> O1 - Hosts: Get your own web site at <br><a target="_top" href="http://geocities.yahoo.com">Yahoo! GeoCities</a> O1 - Hosts: <a href="http://smallbusiness.yahoo.com/webhosting/" target="_top"><img src="http://us.i1.yimg.com/us.yimg.com/i/us/wh/gr/badge_hostedby_purp_2.gif" alt="Hosted by Yahoo! Web Hosting" align="middle" border="0" height="31" width="88"></a> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: <div class=ftr> O1 - Hosts: <hr size=1 width=100%> O1 - Hosts: Copyright © O1 - Hosts: 2005 Yahoo! Inc. All rights reserved<br> O1 - Hosts: <a href="http://privacy.yahoo.com/privacy/us/geo/">Privacy Policy</a> O1 - Hosts: - <a href="http://docs.yahoo.com/info/copyright/copyright.html">Copyright Policy</a> O1 - Hosts: - <a href="http://docs.yahoo.com/info/guidelines/community.html">Guidelines</a> O1 - Hosts: - <a href="http://docs.yahoo.com/info/terms/geoterms.html">Terms of Service</a> O1 - Hosts: - <a href="http://help.yahoo.com/help/us/geo/">Help</a> O1 - Hosts: </div> O1 - Hosts: </div> O1 - Hosts: </body> O1 - Hosts: </html> O1 - Hosts: <!-- text below generated by server. PLEASE REMOVE --></object></layer></div></span></style></noscript></table></script></applet> O1 - Hosts: <IMG SRC="http://geo.yahoo.com/serv?s=19190039&t=1165403990&f=us-w64" ALT=1 WIDTH=1 HEIGHT=1> O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [BearShare] "C:\BearShare\BearShare.exe" /pause O4 - HKCU\..\Run: [WMPNSCFG] C:\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "D:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [VistaStartMenu] "C:\Vista Start Menu\VistaStartMenu.exe" O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab O20 - Winlogon Notify: klogon - D:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCAutoShutdown_Service - Unknown owner - C:\PC Auto Shutdown\ShutdownService.exe O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Windows Media Player\WMPNetwk.exe (file missing) Thanks in advance EDIT: Just finished a scan.... Look at this...
Hi Sumone157, That's a lot of infection. Good new is, all the files listed in the picture you posted are in the System Restore folder. The folder can simply be cleaned, but I need to know if Brontok is still active or not. If it is, then cleaning the System Restore folder is pointless. Does Kaspersky list Brontok anywhere other than the System Restore folder? If so, where? Also, I don't like the look of all those hosts entries in your HjT log, but we'll work on that after we rid Brontok. Please post a new HjT log when you respond to my questions.
Thanks for all the help Niobis, But i found the easiest way to get rid of this virus... Reformatting my pc. I just bought a windows media center edition from comp usa on sale, so im gonna use that . Thanks for the reply thoe.
Ohh god. Everything untill then was fine after a full reformat. But now i hace it again. Is my log atleast cleaner?? And is this virus seriuse. Logfile of HijackThis v1.99.1 Scan saved at 10:14:17 AM, on 1/1/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe D:\Azureus\Azureus.exe D:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe D:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\HJT\None Of your buisness.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://english.ircfast.com/index.php?rvs=hompag R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33171&LegitCheckError=1 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre1.5.0_09\bin\ssv.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [kav] "D:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Save to &Xdrive - res://D:\Xdrive\Xdrive Desktop\xdrive.exe/std.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/67/install/gtdownls.cab O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} - O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\MSNMES~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - D:\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe \ thanks in advance . BTW its also found in my documents. It just bassically creates a copy of alot of things.
Hi again Sumone157, apologies for the delay. I didn't see your post. Your HjT log is clean. How do you know it is back? What does Kaspersky detect?
Well, it said like a few days ago something about wurm.win32.brontok.q so i did apply to all and pressed delete. When ever you delete something with kaspersky it makes a pig noise right,heard it continuasly for 2 minutes -_-
Please go here to run [bold]ActiveScan[/bold]. Click "[bold]Panda ActiveScan[/bold]. Fill in the form with your information. After downloading, click [bold]My Computer[/bold] to scan. When it finishes, click "[bold]See Report[/bold]". Click "[bold]Save report[/bold]" and save it to the desktop.
