If you can have faith in your scanners, then the most important thing to get the jump on malware is formality of scanning, i.e. ensuring your code gets airborne and can bomb the bad guys while they are still asleep on the runway.

In contrast, the usual approach - try scanning from within the infected system - is like coming home to find your front door broken, then shining a torch into each dark room to see if there are burglars there.

"Formality" in this sense is more than just not booting the infected OS - the surfaces of your mOS needs to be safe from exploitation, the methods you use to redirect registry access must not path in malware'd .DLLs, and IMO you should be offline so it's just you and the file set, and not the rest of the Internet.

But a bigger problem is quality of scanners; frankly, they all tend to miss stuff, even stuff that is not new (e.g. several familiar USB infectors).

There are two approaches to that; using multiple scanners, and using integration checking tools and other techniques that don't rely on mugshot recognition.

Using multiple scanners in Windows isn't easy, because most scanners want to set up as resident protection and assume they are the only software to do so. So, you're already looking for atypicaln or modified on-demand-only scanners, and a mOS can be a useful low-install-pollution fix for that.

At the other extreme is the advice to use online scanners. Now let's see; you boot an infected code base, connect it to the 'net, reach a "scanner site" via possibly malware'd DNS, drop your pants to let that site drop and run code on your box, and patiently wait online while this code looks inside all the files on your system... riiiight... is the scanner looking for "malware", or credit card numbers, login credentials, etc.? How would you know?

The problems with unremovable malware, are one of 5 possibilities: (1) You didn't detect it, {2} you detected it but didn't remove it, (3) you removed (part of) it but it came back from inside the system, (4) you removed (part of) it but it came back from outside the system, or (5) the probolems you attribute to malwatre are caused by something else.

I see (5) all the time, which is why every "huh?" PC gets the RAM testing, HD testing, file system checks, eyeball on fans and capacitors etc. before the formal malware checks start. Other examples of (5) include unexpected outgoing Internet traffic because you're running a torrent, p2p sharer, or have open WiFi that your neighbors are all over like ants in the sugar.

"Rootkit" is to modern PCs as "synthesizer" was to '70s music listening; if you couldn't figure what an instrument was, you'd guess it must be one of them new-fangled synthesizer things. After all, they can do anything!