I recently used these MP3 files to make a movie on movie maker.
Now the RootAlyzer says unknown ads, with funny extenstion that isn't visible outside RootAlyzer

What this mean?

thanks


Comment:
File created using RootAlyzer to help your get rid of a rootkit.

Files to delete:
G:\Tunes\Rock\Big Bopper - Chantilly Lace.mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Chuck Berry - Johnny Be Good.mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Jerry Reed - West Bound and Down (Smokey & Tha Bandit).mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Ram Jam - Black Betty.mp3:TOC.WMV:$DATA
G:\Tunes\Rock\Eric Clapton\Eric Clapton - Cream - Crossroads.mp3:TOC.WMV:$DATA
C:\Windows\winsxs\x86_microsoft-windows-p..rastructureconsumer_31bf3856ad364e35_6.0.6001.18000_none_b3dc8e9f30720cdd\System Diagnostics.xml:0v1ieca3Feahez0jAwxjjk5uRh:$DATA

Folders to delete:

Registry keys to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch\Enum

Registry values to delete:

Since you mentioned Movie Maker in that context: it indeed looks like Movie Maker is storing additional information next to those files it has processed.

That's fine - in cases like these, ADS might be useful :)
I'll add them to the whitelist once I've browsed their contents a bit more :)

Havent seen the DCom one yet. No admin in ACL is OK for deep system stuff... is that Vista?

yes vista ultimate.

I deleted all the DCOM keys thinking I could get rid of dcom, but it re-wrote the keys, now with "no admin in acl"

whatever that means


thanks for the reply