clean reinstall is always better
If it's an option. I'd say that a clean reinstall or last good recovery image is the way to go. It's far faster than hunting infections in the broken system. You'll also never be sure if an infected system has been truly cleaned or not. (Once breached, never trusted)
This is compounded by AV being primarily a reactionary tool. All you have to do is write something that doesn't match currently known signatures and your invisible to the majority of scanners. Heuristics helps but still has a high false positive rate.
For me, the options would be rebuild if at all possible. If not possible, run all of these against the system to hopefully find some confidence that the breach has been resolved.
