September 2011 max++/sirefef/zaccess sample used.
ComboFix did warn that TCP/IP was infected as well but I didn't capture that footage unfortunately. The video program I was using must have closed. The same happened when I was testing RKill and RogueKiller. Both were unsuccessful.
Prior to removing any components of infection, here are the results of various tools:
webroot's antiza tool v0.8.0.1 = PASS
tdsskiller v126.96.36.199 = PASS
hitman pro v188.8.131.52 = PASS
aswmbr v0.9.8.986 = FAIL (was shutdown during middle of scan)
ntfsaccess v2.1 = FAIL (did not restore permissions while rootkit was active, restored permissions successfully afterwards)
grantperms v184.108.40.206 = FAIL
rkill (.scr, .com, and .exe versions) = FAIL
roguekiller (winlogon.exe) v220.127.116.11 = FAIL (reports it terminated process, but process is still running in taskmgr)
mbam (mb.exe) v18.104.22.1680 = FAIL (shuts down within ~10 seconds)
sas v5.0.1128 = FAIL (shuts down within ~25 seconds)
processexplorer = FAIL (shutdown immediately after injection)