my computer is an audio workstation for music production I like to keep clean for speed purpose.
Like an idiot I ran combofix by mistake on my perfectly healthy system (Windows 7 x64) some days ago. The tool ran on my windows session (and not safe mode) and started running its different tests. At this time I thought I would be able to review the changes/fixes suggested by the tool before deciding to apply them or not. The thing is I wasn't able to do so and combofix put 2 dll files and 3 reg keys in quarantine among other things. I was very suspicious with this result and knew somehow these dll weren't viruses at all so I started investigating. I searched for softwares I installed the same days as these 2 files got created/modified and I've come to the conclusion that these 2 files were related to 2 of my music softwares, so I restored them.
Combofix also removed some windows registry keys I also restored:
What really concerns me here is that I have this file called MBR_HardDisk0.mbr in my Quarantine folder (I run my system on a Samsung 840 Pro SSD) and I have this line in the log file:
" ADS - Windows: deleted 192 bytes in 1 streams. " I have no clue what this means.
I can't restore my system to the previous state because I deactivated this option. I'm using image backups and would like to restore my system with my image backup. It feels like this MBR_HardDisk0.mbr file is a part of my SSD and I'm wondering will it reset to factory state if I'm formatting it before installing my image backup?
1/ what is this MBR_HardDisk0.mbr file?
2/ what does " ADS - Windows: deleted 192 bytes in 1 streams. " means?
3/ can I safely reset my SSD to factory state, install my image backup and move on?
Thanks in advance!
Edited by hamluis, 03 May 2015 - 09:53 AM.
Moved from Gen Security to Malware Removal Logs - Hamluis.