I am fixing a computer for a friend, I searched the forums and found someone else who had the exact same problem I am having with this machine. The thread is:
I have two questions based off how this problem was solved for this person.
1) The machine I am working on has no internet access at all, so I must boot into safe mode with network support to be able to access the internet. So, if I download ewido and haxfix and run the steps given in that thread in safe mode, is that okay? I ask because i've run Norton Antivirus in safe mode before, removed viruses, and Norton left Windows dead, because it would delete system files while removing viruses in safe mode. Do I run any risks like that since I am forced to run ewido and haxfix in safe mode?
2) After running ewido, the user "quora" still had the keXX32 references in his/her hijack this log. I was wondering if ewido did anything? Is it possible to solve this problem by just running haxfix, or did ewido do something that I didn't notice?