I have a http.sys that is bigger than it should be (736k instead of 502k).
I ran Combofix today (as the system was running slower than normal). After if had finished I could not get an IP address from the DHCP server. Looking at the event logs, I was getting 7000 and 7001 errors on lost of services including the DHCP Client. The Server Service would not start (dependency error like all the others). The HTTP PNP driver showed an error in the device manager.
Tried every trick on the net without luck, including a 'sfc /scannow', and deleting dependsons. ComboFix's restore point got me back to a working system again, but I'm guessing the http.sys is the root cause.
First Question: How do I overwrite the http.sys file. I have a good one but can not work out how to get access to delete and replace (tried stopping with 'net stop http' but still get access denied)
Second Question: If it is a new virus, how do I report it.