At my shop we found a new version of the FBI virus that automated scanners were unable to remove. What we ended up doing was booting PE and run Panda Cloud Antivirus which tagged a random generated .exe in the user folder. That file was still sought by the registry and would start a command promt everytime we booted the computer. We found it in the registy as 2 keys:
HKEY_CURRENT_USER\Software\Microsoft\WindowsNT\CurrentVersion\Winlogon and look for a shell key with a value of cmd.exe and delete it.
HKEY_CURRENT_USER\Software\Microsoft\Command Processor and look for an autorun key with the random exe and delete it as well.
After getting rid of these two the computer booted normally. I hope this will help people clean their machines.
I have found today that Hitman Pro Kickstart is now finding this so the above solution might not be nessessary but is still good info nonetheless.
Edited by hamluis, 17 May 2013 - 12:28 PM.
Moved from Win 7 to Am I Infected - Hamluis.