After scanning from PE do a through scanning from infected OS to remove remaining hidden viruses and cleaning registry etc.
Spybot v2 works fine in PE. Update at build time doesn't work, but I think update in PE works (given a network connection). I could publish my script as a work in progress...There's also an Avira command-line scanner. I'll have to see how my plugin for that is working. Like all Avira products it has a one-year license.
For removing Rootkits and fake AVs i recommend "Hitman Pro". http://www.surfright.nl/en
Yeah, I've seen a lot of versions of the FBI Warning screen ransomware. Most are trivial to remove, a few are really, really tough.Here's the Spybot script, updated today
The command line scanner will not work as a full version with the free classic license.