ran rkill.exe. * C:\Windows\PLFSetI.exe (PID: 2084) [WD-HEUR] 1 proccess terminated! see attached log.
spybot search and destroy found coolwwwsearch and mysoft hijackers.
hijackthis tries to start then shuts down. changed execute file name and ran hijackthis. see attached log
spy emergency found trojan.win32.malware (c:\windows\syswow64\mshtover.dll) and cool web search (C:\windows\image.dll). removed both and rebooted. same problems persist.
Initially MWB wouldn't run. Changed the name of the execute file and ran MWB and nothing found. ran again in safe mode and again nothing. I've been using MWB for a couple of years and this is the first time the problem wasn't solved.
microsoft security essentials wouldn't update. downloaded and manually installed latest definitions (02 Oct). ran scan. windows update cannot currently check for updates because the service is not running. you may need to restart your computer. Ran microsoft fixit and update function restored. MSE scan found nothing.
As you can see, I've been all over the place trying to find a solution. I uninstalled firefox (without deleting customization) and no change. One item I found a bit strange was the listing of D: drive as a cdrom drive. I don't have an internal CD/DVD drive, but use an external USB drive. When I check D: under device manager-hardware, it shows the same as the C: drive (Hitachi hts545032b9a300 hard drive). I thought D: was my recovery/restore partitioned from C: drive.
I'm stuck and not sure what to do next. Your help would be most appreciated.