It is possible they could be old registry entries, but then again I didn’t see any entries for FF4 in the log either.

It will still be a couple of hours before essexboy is back from work and on-line, so in that period I would say run OTS again and attach the log so he has something to analyses when he does arrive.

I don’t know if you followed his instructions from a previous post in regard to what to look for and custom scans, so I will reproduce the download link and those instructions here just in case.

[quote author=essexboy]
Unfortunately no two attacks are the same so first I will need to see what you have.

Download OTS to your Desktop and double-click on it to run it

[*]Make sure you close all other programs and don’t use the PC while the scan runs.
[*]Select All Users
[*]Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check

[*]Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

[*]Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
[*]When the scan is complete Notepad will open with the report file loaded in it.
[*]Please attach the log in your next post.