Laptop is running W7HP. Apparently the user web onto some dodgy websites and now is infected with W32/Agent.BNEX!tr.rkit.
THe laptop is using FortiClient as AV.
The AV detection comes up every boot. I have found some files which reside in C:\Users\xxx\Local\ and also \Temp.
I also have a "uwnblgjk.exe" in the Startup menu, and associated startup reg keys that keep coming back. If I try to delete the exe I get the error:
The action can't be completed because the file us open in Host Process for Windows Services.
I have tried scanning with Malwarebytes, SuperAntiSpyware and ComboFix. All found some things which were removed, but are now coming up clean although the infection is still there.