The new thread is good to go. It will focus on the remaining symptom. Unless people know how to change the profile, there are extra clicks to stay focussed on the latest post or remember to click the icon.
For this thread, I wish I could understand logs from gmer.exe.
To me this would be 'conclusive' - IMHO
Re-scan using ComboFix. Post the log.
The log shoud detect the name change. If file of same name appears, as well, then I will scratch my head. This is not a legit system file. If resurrected, the events logs should error-out and other events will document it creation (this is a maybe). No error events would make me lean back toward running gmer.exe in the future - assuming reaching a dead end in the new thread.
[edit] If the file is in use, then the rename will be blocked.
For this thread, I wish I could understand logs from gmer.exe.
To me this would be 'conclusive' - IMHO
Code:
Yes, my final desparate act is
deploytk.dll ---> deploytk.dlx
The log shoud detect the name change. If file of same name appears, as well, then I will scratch my head. This is not a legit system file. If resurrected, the events logs should error-out and other events will document it creation (this is a maybe). No error events would make me lean back toward running gmer.exe in the future - assuming reaching a dead end in the new thread.
[edit] If the file is in use, then the rename will be blocked.