[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Well...if you do, I'll have to rerun it.  I already deleted that folder when I saw it was left behind.

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Hi Tammy.  Yes, I installed MBAM3 with CryptoPrevent on.  I didn't get any warnings that group policy blocked anything.  I am using Windows 10 Home so maybe this is the difference.

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

I am using the free version with it set on maximum protection.  Did you try it there?

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

FYI - Removing the key...

HKEY_USERS\S-1-5-21-3954850271-3684721423-1578709394-1001_Classes\WOW6432NODE\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}

prevents all 2300 + warnings from showing up and results in a clean scan.  I just thing that key is put there by legitimate software in my case.

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Hi Tammy.  Here they are.

logs3.zip

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

I don't see that key in HKEY_USERS.  The only relevant keys there are

S-1-5-21-3954850271-3684721423-1578709394-1001

S-1-5-21-3954850271-3684721423-1578709394-1001_Classes

but I don't have any that long.

logs2.zip

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Hi Tammy.  Logs attached.  Those other 3 reg keys I don't have.  Thanks.

logs.zip

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Thanks for the info.  It will be a little bit before I can get back to you.

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Thanks for your help.  I never had an infection but Malwarebytes 2.0 detected that key only.  I had to add it to the exceptions list as I learned that that key is also a legitimate Microsoft key used for CD burning.  I've read about this key being reported as a false positive before.

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Key attached.

key.zip

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Hi Tammy.  Nothing strange is happening here.  No popups, advertisements or audio of any kind.  Files attached.

FRST.zip

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

Hi Tammy.  Zip attached.

shell32.zip

[Over 2300 Hijack.Trojan.Siredef.C found with 3.0]

A full scan with Rootkit Scan enabled yields over 2300 Hijack.Trojan.Siredef.C issues.  I couldn't find anything about Siredef but I did find information about Sirefef.  Perhaps there is a spelling error here.  Anyways, scans with Windows Defender, TDSSKiller, ESET Sirefef Removal Tool and Bitdefender Sirefef Removal Tool report the system as clean.

Scanning with Rootkit Scan disabled does not find anything.  Report attached.

MB False Positives 12-14-16.txt