Issue was with an office computer user with domain priveleges, so cleaning the system from the administrator login didn't help much. When in normal safe mode (no networking) I was able to eradicate some standing files and registry entries, though they returned immediately. SAS blocked a bit, but this version of SAFE mode at least allowed me to hit Regedit and Taskman. Rebooting to SAFE with NETWORKING, however, ran everything up again. Both Regedit and Taskman are blocked, as are the file functions to show hidden files.
SAS detected both the Registry and Taskman blocks as well as Trojan.Smitfraud Variant-Gen/Bensorty, Trojan.Agent/Gen.-exploit, various Adware tracking cookies, and Malware.Trace. I selected all to be removed and they show successful removal. I respond "yes" to reboot the computer. Log back in to the domain, still in safe mode with networking. Cannot Regedit or Taskman. Re-run SAS and it still finds the Registry and Taskman blocks and removes them. Reboot. THEY'RE BACK.
Any possible solution to this mayhem? I cannot simply boot in as the user with the domain access, as the domain will not be able to verify if no networking is present. Something is still out there and I can't see the hidden files. BTW, this is the version with handlerfix707700.exe and also appears to have a link to idrfrnv.dll (can find no information on this.)
I've removed admin access for this user, so there will be no more malware installs. (this process also blocks the malware from doing any further damage as far as I can tell.)