Here's my story. I've been trying to make heads or tails of this all night and I'm at a loss.
I was playing an online game (Final Fantasy XI) several hours ago when I suddenly lost my Internet connection to the game and to Windows Live Messenger. I was unable to log back in to either, but I could still access most websites with Firefox 3 and Google Talk messenger. While running the troubleshooter for Windows Messenger, I was told that my hosts file had entries related to the program which would prevent it from logging in. It asked if it could fix the file, I said yes, and then I got an error that it could not fix the file. Around this time I got a popup box that NT AUTHORITY/SYSTEM was going to restart the computer in 60 seconds.
After restarting, I looked up the message and it appeared I had the sasser or msblast worm. I had the symptoms of not being able to access microsoft or anti-virus/spyware sites, but I had none of the files or system processes that every website I checked said I was supposed to have. Also, my computer wasn't being forced to restart continuously like it should if I had the worm. It was only restarted once so I can't say exactly what the error message was. I found a link that said to get around the blocked sites I should rename the hosts file and run the command nbtstat -r, so I did. Unsure if I even had the worm, I downloaded Symantec's sasser worm fix and ran it. It found nothing. I ran Avast!, Ad-aware, Spybot, and Malwarebytes and none of them found anything either. I don't know what else I can try.
Basically I would like to know if there is any way I can determine if I'm infected and if not, why would my hosts file be suddenly changed and my computer forced to restart? My system is a laptop running Windows XP Home SP2. If it makes any difference I recently updated the drivers for my graphics card, an nVidia GeForce Go 7600.
Thanks in advance for your help!