this is a 3rd generation tdl rootkit (tdl3)
for 1 week i fought with this nasty wee rootkit, tried loads of online scanners rootkit scanners nothin helped, then i searched for .dlls viewed by date found a couple which lokked shady googled em and sure enuff malware, after deleting them i was still getting redirects, and the bugger fried a 250gb hdd external drive, by writing malicious code to disk so i lost all the data, was full of bad sectors never seen a hdd so corrupt, also i noticed that my c drive was not showing in disk management, and all drive letters in removable drive ports had exclamation marks, tried updating drivers to no avail, all the while still getting redirects in google search from directdr.com and urbtk.com everyone told me to format c and i was just about to when i thought id roll the dice once more, id read on forums that combofix wouldnt run on windows 7, as i was gonna format i decided to give it a go, if anyone trying this fix please disable all scanners av & adware and firewall/win defender, i ran combofix in safe mode, got a warning about compatibility issues then a box tellin me the combofix was only a beta build, i clicked yes to let it proceed, very important not to touch youre keyboard or mouse unless promped whilst combofx is running, it had barely started the scan when "rootkit activity detected" combofix needs to reboot ur machine, i let it boot into normal mode combofix carried on till it f inished its 50 stages then told me nvstor.sys was infected and disenfected (explains the hdd issues) its the hd controller since then (yesterday)machine running like new, once completed search for .tdl files on c yk62x86.dll vp7vfw.dll umstartup.etl startup.etl. nvstor.sys [affected tdl3 files] 3 cheers for combofix only thing that found and killed this nasty wee sleekit beastie,
p.s * stay away from cracks/keygens , crack really does f**k you up '
* Sysinternals Forums - Rootkit TDL 3 - Page 1

peace out stay safe/ isnt 7 da bomb . hijack this gmer are usless against this so are most av scanners, hitman pro 3.5 sposed to detect dont know bout disenfectin crucial .sys files tho, id stick with combo, apparently this rootkit is spreading like wildfire. it goes undetected as it enters via spools.exe which is a trusted windows file, then injects malicious code into winlogon.exe, if ur av has flagged any activity in spools folder lately u been bitten, took me 1 week 2 clean i wouldnt give in everyone tellin me 2 format and reinstall but my motto is "no surrender", nailzuk glasgow scotland, uk