This is a clean install of Windows XP (SP2) (virtualized via VirtualBox: Host OS: Ubuntu 10.10), nothing has been downloaded or installed (besides some VirtualBox integration software, and the things required as part of the Start Here guide).
I Couldn't get OTL to run (got an error message stating that OTL is not a valid Windows Executable)- tried downloading it several times to try to insure it wasn't the result of a corrupted download.
Wouldn't have even suspected anything if it weren't for the fact that as I side project I was trying to get a deep understanding of the things contained within the registry; What could/could not be changed, possibly the effects of adding/removing certain values/keys, etc.)
Looking over the export I found 2 entries that just didn't make sense (Neither Word, Excel, nor Office are installed):
All the hits on Google for those entries seem to point to the presence of an Alureon variant (ironically I believe that this was/is one of the infections being "Studied" with my current Practice Log, but I digress. ). Might-as-well take it to the "Experts" for conformation. (Also provides a great excuse to see things from a users prospective - great addition for my training that I wasn't expecting to have. )HKLM\SOFTWARE\Classes\*\OpenWithList\Winword.exe
HKLM\SOFTWARE\Classes\*\OpenWithList\Excel.exe
MBAM turned up nothing as did a scan with Avira.
The GMER log (ark.txt) proved to be 10.5MB - don't know how you want me to provide that part. Appeared that there were a lot of False Positives being reported as a result of the VirtualBox Additions.
MBAM:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4945
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
10/25/2010 2:31:04 PM
mbam-log-2010-10-25 (14-31-04).txt
Scan type: Quick scan
Objects scanned: 123644
Time elapsed: 2 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Oh, and for some reason the system boot drive is E: (not that it should really make much of a difference.)
Edited by MS-Free, 27 October 2010 - 04:05 PM.