Deja vu

My girlfriend some how got her laptop infected w/ Antivirus 360 today. Pc has Windows XP: Home Edition: Version 2002: Service Pack 3. Running NIS 2009 which doesnt detect virus in scan, but does say AV360 modified windows startup settings. I need help ASAP!!!!I screwed up my pc w/ a similar virus 2 days ago. Is it safe for me to restart or shut down laptop since AV 360 modified startup settings?

Edited by angryman2009, 13 March 2009 - 12:50 AM.

For Removal through an Antivirus Download And Install Malwarebytes And update and run quick scan

Here are the manual removal instructions:

Edited by garmanma, 13 March 2009 - 08:28 PM.
Remove reg fixes

Here is the MBAM log. Is laptop clear now?

Malwarebytes' Anti-Malware 1.34
Database version: 1842
Windows 5.1.2600 Service Pack 3

3/13/2009 2:37:55 AM
mbam-log-2009-03-13 (02-37-55).txt

Scan type: Quick Scan
Objects scanned: 72273
Time elapsed: 6 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5738b8b0b3c21afad88d432ca717a817 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360 (Rogue.A360Antivirus) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\A360\av360.exe (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360\A360.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360\Help.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Start Menu\A360\Registration.lnk (Rogue.A360Antivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Desktop\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.
C:\Documents and Settings\Stacey Gadsden\Application Data\Microsoft\Internet Explorer\Quick Launch\A360.lnk (Rogue.Antivirus360) -> Quarantined and deleted successfully.
C:\Program Files\Common Files\System\Uninstall\Uninstall A360.lnk (Rogue.av360) -> Quarantined and deleted successfully.

Edited by angryman2009, 13 March 2009 - 01:48 AM.

Please reboot your computer
Update mbam and run a FULL scan
Post back with the results

This is MBAM full scan. Am I in the clear now?

Malwarebytes' Anti-Malware 1.34
Database version: 1847
Windows 5.1.2600 Service Pack 3

3/14/2009 3:50:03 AM
mbam-log-2009-03-14 (03-50-03).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 153150
Time elapsed: 32 minute(s), 40 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\User\My Documents\All Microsoft Xp Programs Keygen - Windows Office Visio -All Xp 2005\XPKey.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

All Microsoft Xp Programs Keygen

Using any peer-to-peer (P2P) or file sharing program is a security risk which can make your system susceptible to a smörgåsbord of malware infections, remote attacks, and exposure of personal information.

The reason for this is that file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. This practice can make you vulnerable to data and identity theft, system infection and remote access exploit by attackers who can take control of your computer without your knowledge. Even if you change the risky default settings to a safer configuration, downloading files from an anonymous source increases your exposure to infection because the files you are downloading may actually contain a disguised threat. Many malicious worms and Trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities. In some instances the infection may cause so much damage to your system that recovery is not possible and a Repair Install will NOT help!. In those cases, the only option is to wipe your drive, reformat and reinstall the OS.

Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The best way to eliminate these risks is to avoid using P2P applications. Read P2P Software User Advisories, Risks of File-Sharing Technology and P2P file sharing: Anticipate the risks....

Am I in the clear now?

MBAM only targets or detects keygens, you need to do a full scan of all data on all drives with an antivirus