Read this article provided by Hitman Pro for more info here:

http://hitmanpro.wordpress.com/2012/06/25/zeroaccess-from-rootkit-to-nasty-infection/

May explain why replacing the ms services.exe file may not be enough. Includes other strategies to cope with this.

EDIT: Read the note posted about FAT32 or zip archiving in the article to automatically remove the links in the file, this is the support I am talking about.