msdirectx.sys has been tackled with a manual fix. Signs of infection in a HJT log below, may or may not be present, as well as detection of msdirectx.sys by AV.
F2 - REG:system.ini: Shell=Explorer.exe *randomnamed.exe*
The fix;
*Click
here to download Killbox by Option^Explicit.
*Double-click on Killbox.exe to start the program.
*In the killbox program, select the
Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:
C:\WINDOWS\System32\randomnamed.exe << get the filename from the HJT log
C:\WINDOWS\System32\msdirectx.sys
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Run HijackThis and put checkmarks in front of he following items.
Close
all windows except HijackThis and click Fix checked:
F2 - REG:system.ini: Shell=Explorer.exe random.exeBoot back to normal and copy the part in bold below into notepad. Save it as unlegacy.reg (set filetype to "All Files")
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSDIRECTX]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSDIRECTX]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdirectx]
Doubleclick the file you made and confirm you want to merge it with the registry.
