Wrong combofix log. It’s the same one you posted earlier. It should be located at C:\combofix. They will have a .txt extention, a number and a time date stamp. CF kinda does things backwards. The older log will have the highest number.
I must say you surprized with your speed. Any inprovement?
I take it you got the firewall turned on?
Thanks
Aloha!
I did indeed get the Windows Firewall up and running and will install one of the suggested ones as soon as you give the OK. Spyware Doctor seems to conflict with Avast. Do you have a suggestion on which spyware program to use? I noticed www.virustotal.com reported a possible Ghost infection?
I ran a new ComboFix this a.m. and it is attached.
Thankks again for all your help!
Aloha,
Jim 
Honolulu, HI
It shouldn’t… But if you want another one, I suggest SUPERantispyware and/or Spyware Terminator.
Hi, things improving?
Yes, we are going to remove that one right now. It’s too bad you didn’t find the combofix lod, as I had a command in it to show the contents os a folder. No matter, I will include it in this one also, so hang onto this log. 
Did you uninstall/disable compaq monitoring tool?
There is another file/folder I’m checking out, just because of it time stamp.
Please follow all previous instructions regarding security programs.
Open a new Notepad session (Do not use a Word Processor or WordPad). Click “Format” and be certain that Word Wrap is not enabled.
Copy and paste all the text in the quote box below into Notepad.
Click File, Save as…, and set the location to your Desktop, and enter (including quotation marks) as the filename: “CFscript.txt” . Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown at the bottom of this post.
File:: C:\WINDOWS\system32\mpgvl.exe C:\WINDOWS\system32\Isass.exeDirLook::
C:\e9907a5f6dfc19d5f1d6
This will start ComboFix again.Close all browser/windows first. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
Boy! You folks get an A+++++ in my book! Here is the latest ComboFix file.
Shall I go to www.virustotal.com and submit those files again, or no need?
Thanks,
Jim
No, no need to re submit the files. We turffed one and the other two showed clean.
Can I get you to give DSS another go?
So far it looks good. What about this ?
“Did you uninstall/disable compaq monitoring tool?”
I asked because you have a legit service with a missing file. If you’ve removed it we can take care of the redundant service.
Hi again!
fyi - DSS wouldn’t run so I downloaded it again. It ran fine after downloading to the same computer. The other version I downloaded to another computer and then transferred via removable drive. Anyway…here it is:
I don’t know anything about the Compaq tool you are mentioning. Perhaps the virus disabled it or something?
Aloha,
Jim
This looks good. I f you want to remove that service here’s the instructions.
Open HJT, run a system scan only, check mark these lines if present
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
Close all other browsers/windows, click fix, close HJT.
Click the start button, click run. In the run box copy and paste these lines, one at a time, hitting enter after each.
sc stop msCMTSrvc
sc delete msCMTSrvc
You also removed some legitamate HJT entries
backup-20080309-151052-359 O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dl
backup-20080309-151053-191 O9 - Extra ‘Tools’ menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
backup-20080309-151053-213 O9 - Extra ‘Tools’ menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
backup-20080309-151053-756 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
backup-20080309-151054-364 O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
You can restore those. Open HJT click the view backup button. Check mark them, click restore.
As for Wildtangent, they have cleaned up their act alot. It will come bundled with some Games/movies. It does not have to run at start up. You can leave those line out. Or you can just uninstall it via add/remove.
I just have to comment. I don’t think I’ve ever seen java that old.
JavaSoft\JRE\1.3.1 We’ll take care of that duriing the clean up.
So do what you have do with the above, then procede with the clean up of the tools.
ComboFix /u
Open OTMOVEIT2 then click the Clean Up button. You may get prompted by your firewall that OTMoveIt wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will delete all the tools you have downloaded plus itself.
You must be logged on to an administrator account
Go to Start - All Programs - Accessories - System Tools - System Restore.
Click Create a restore point, and then click Next.
In the text box labeled Restore Point Description, type a name for this restore point , click create
Click the download button on the right.
If Information Bar pop-ups up, right-click on it and say it’s OK to display the blocked content.
You do not have to install the Java Web Start ActiveX Control
Accept the license agreement > Click on Windows (XP,Vista, .etc) Offline Installation, Multi-language and Save the file jre-6u5-windows-i586-p.exe to your desktop; do not Run it. Do not install it yet.
When the download is complete, Open Control Panel > Add/Remove Programs:
Uninstall anything that says Sun Java, Java JRE, or similar.
Close Add/Remove Programs.
In Windows Explorer, navigate to C:\Program Files\Java <=this folder, if found. Delete any subfolders it may contain.
Do NOT delete C:\Program Files\JavaVM <=this folder, if found!
Reboot your computer.
Double-click on the saved file to install the update.
Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.
http://www.java.com/en/download/help/5000020300.xml
CleanUp by Steven Gould
http://www.stevengould.org/downloads/cleanup/
DavidR gave you links for firewalls.
Check if you have insecure applications with Secunia Software Inspector[color=blue]
I think I did everything correctly up until installing Java. I keep getting the message that the “Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode (I’m not) or if Installer is not correctly Installed.”
This is the file on my Desktop I am trying to install: jre-6u5-windows-i586-p.exe.
I deleted all Java, Sun, etc. from the computer. Neither of the files you mentioned were in the Program Files directory.
I did download the “Sun Download Manager” but deleted it.
Jim ???
I did a boot scan using Avast and this is the report. Don’t know if it’ll be a help or not:
03/08/2008 07:05
Scan of all local drives
File C:\WINDOWS\system32\msCMTsrvc.exe is infected by Win32:Trojan-gen {VC}, Repair: Error 42060 {The file was not repaired.}, Repair: Error 42060 {The file was not repaired.}, Deleted
Number of searched folders: 3035
Number of tested files: 39507
Number of infected files: 1
03/09/2008 09:13
Scan of all local drives
File C:\Documents and Settings\Richard T\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivhcykon.default\Cache\DD23C54Bd01\i386\dxdiagn.dl_\dxdiagn.dll Error 42127 {CAB archive is corrupted.}
File C:\Documents and Settings\Richard T\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivhcykon.default\Cache\DD23C54Bd01\i386\dxdiagn.dl_ Error 42127 {CAB archive is corrupted.}
Number of searched folders: 3388
Number of tested files: 183176
Number of infected files: 0
03/09/2008 12:08
Scan of all local drives
File C:\Documents and Settings\Richard T\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivhcykon.default\Cache\DD23C54Bd01\i386\dxdiagn.dl_\dxdiagn.dll Error 42127 {CAB archive is corrupted.}
File C:\Documents and Settings\Richard T\Local Settings\Application Data\Mozilla\Firefox\Profiles\ivhcykon.default\Cache\DD23C54Bd01\i386\dxdiagn.dl_ Error 42127 {CAB archive is corrupted.}
Number of searched folders: 3487
Number of tested files: 227063
Number of infected files: 0
03/11/2008 13:26
Scan of all local drives
Number of searched folders: 4904
Number of tested files: 268783
Number of infected files: 0
Well we now know why it was missing.Too bad you deleted it instead of moving to the chest.
Don’t worry about the archive corrupted, avast probably just can’t unpack it.
I’ll see what I can find out about the installer error.
Let’s check this first
It listed at manual (not disable or automatic.) It is listed as 'Stopped."
On the ‘Logon’ tab, the box that says “Allow service to interact with desktop.” is not checked. Should that be checked? I am trying to install from the desktop.
I don’t understand instruction #4. I don’t see anything marked ‘File.’
Aloha,
Jim ???
Let me go see if I can find some screen shots. I don’t have that on this old system. BRB
Would you like me to send you some screen shots?
Jim
I found some. In the dropdown menu the service should be set to manual.
Click ok at the bottom of that screen it will take you back to the services screen. On that page you will find the file , exit.
I don’t believe it should be set to interact with the desk top.
It still didn’t work…
I found these instructions:
http://support.microsoft.com/kb/315346
Should I follow them? or do you think there is still a virus in the computer?
Thanks again!!!
Jim
Yes, follow those instructions. I was going to post that link, but got called away.
The best I can tell, from your logs, your computer is clean. However, it is possible there is an infected file. I reviewed your logs and it seems this same problem happened before, when you tried to install some video drivers.
I’m going to suggest an online scan.
Using Internet Explorer browser only, go to ESET Online Scanner website:
http://www.eset.com/onlinescan/
Accept the Terms of Use and press Start button;
Approve the install of the required ActiveX Control, then follow on-screen instructions;
(OPTIONAL, We can remove anything found later if you wish)
Enable (check) the Remove found threats option, and run the scan.
After the scan completes, the Details tab in the Results window will display what was found and removed. At this time, the scanner does not produce a detailed report. That is a planned, future feature. If needed, you should be able to find a file named log.txt in your folder C:\Program Files\EsetOnlineScanner
Look at contents of this file using Notepad or Wordpad. Please post the results.
Thanks
ps pauuse avast standard shield during the scan, resume it afterwards.
Aloha!
I haven’t tried to re-intall the Installer, but I did the scan. I don’t think it found anything! Yea!
Here is the log (attached.)
Thanks for all your help once again. You write great instructions!
Aloha,
Jim
The scan log good. 
Good luck with the installer. Post back on how you make out. Someone will always be here.
You may want to use this before you go into th registry, just in case. Don’t be to alarmed by the write up.