Windows 7 ZeroAccess services.exe Removal

Hi gang. One of my computers all of the sudden started showing odd popups and redirected firefox among others. By the time I got to the computer (another person was using it), it had already deeply rooted itself.

It even deleted the Microsoft Defender service. Tried the MalwareBytes, Spybot Search & Destroy and others and although they have removed some of the initial, findings I just cannot make ZeroAccess go away. If I use RKill or a variant, it just tells me services.exe has shut down and the computer will reboot in a minute.

Done a lot of reading and saw the recommended course of removal, so hopefully I have done the first two steps correctly.

My windows recovery would not load files so I used the DVD but although that loads recovery, it shows no valid installations. Anyway I was able to get to command and execute the Scan and search for services.exe. Please see attached.

Please Help! Thank you!

BTW I wanted to say I have lurked on Majorgeeks for a loooooooong time... 10+ years it feels like?

 

Well, I'm sure someone would have gotten back to me, but I had to push ahead, so I fixed it myself.

In case anyone has this issue in the future, here's my fix:

The virus had disabled windows defender by somehow disabling and removing the services.
It had hijacked services.exe.
Created many installers in c:/Windows/Installer (with the creation date of 8/3/2012) Further hid itself in Users/[removed]/AppData inside a hidden bracket named folder ie {231312-312312-31...}. I also noticed a number of odd named .exe files in Users/. I deleted them all.

After removing all of the installers manually in safe mode, and removing all temp files both with CCleaner and manually, I ran sfc /scannow and it found violations and fixed the services.exe .

Rebooting into windows I ran MalwareBytes and it found the ZeroAccess again, however this time when it removed it, it stayed removed and subsequent scans come up clean.

 

If a mod could change the title of thread to closed, and remove the attached files for security I would appreciate it. Thanks.

 

Am I invisible?