Seriously... you need to start from having nothing on the network and then gradually working your way from there adding things back in as you get them clean.
Disable all computer accounts in AD and tell them they aren't having them re-enabled until they've been cleaned and patched. That'll soon get them all coming in.
Pull out all your patch cables \ disable the wifi because the last thing you want is to have 99% of everything clean only to have someone plug something in and infecting everything again.
Start with the servers and making sure they are all disconnected with nothing connected to your core switch(es) and only reconnect as they are cleaned. Once you're 100% sure your core network is clean and patched then you can start with the laptops and desktops. Once you're happy the majority has been sorted out then you can start to patch desktop pc's and the like back in.
LET'S DO THE TIMEWARP AGAIIIIN.
This is what happens when I got into the "similar threads" and don't check the dates!
Well, at least it was a constructive post :)