Had a customer get this last week http://www.bleepingcomputer.com/virus-removal/remove-system-fix
and it wasn't nice at all to me. I logged on as the user to see what the infection was and then logged off and went to another computer to visit Bleepingcomputer to find out how to get rid of it. I downloaded all required removal tools and then tried to get to the admin share of that PC by the run command \\pcname\c$ but nothing showed up, everything was hidden. So I copied the tools to my USB drive and went that route, I was able to run Rkill and it showed me the long crazy named exe file that it killed and I made a note of the location of that file in the all users folder. So I scan for rootkit with Tdsskiller and none found so I installed Malwarebytes, updated and let a full scan run, it found 9 infections but it didn't show the exe Rkill had found. Since the files were still hidden I could not manually delete the exe and Malwarebytes was wanting to reboot after the scan so I rebooted. Upon logging back in I started the unhide tool and in the middle of running that the infection came back. Problem is I could no longer run Rkill, it got hidden from me along with the "run" command on the start menu. So I decided to boot from Microsoft DART CD (Diagnostic and Recovery Tool) and it saw the Windows XP installation and attached to it, but I still could not browse any files to manually remove the infection, they were all hidden! I was able to use the DART CD to restore the system to an earlier restore point and got rid of the infection that way, but most users don't have access to a DART CD and that's why I am posting here. Part of the removal procedure is to use the run command on the start menu to run Rkill but you can't if it isn't there. I am not sure if this is new behavior for this infection or not, but wanted to post my findings so that a possible solution for typical users could hopefully be found. I consider BleepingComputer an excellent site and want it to stay that way, if I can help on this I will, just let me know what you need.
The PC I experienced this on is now clean and I deleted all of the restore points on it for safe measure, then created a new restore point called clean. I still have access to that PC if needed but I don't know if it will be of any help as it is now clean.