Hi all. I know there are many smart and helpful people on these forums and I could really do with some advice.
Windows Media Player recently prompted me to download a program in order to view a 'protected' avi file. This program appeared to be an installation file for some kind of program called GammaPlay, which I have searched for on google but could not find any information about it. However, due to the fact it was a legitament program that prompted me to download it, and Trend Micro Internet Security and it's firewall detected no security threats, I figured it was safe to run... Guess not.
Once the installation of GammaPlay was complete, Trend Micro informed me of three suspicious changes to the OS/registry, all of which I blocked. I then uninstalled this GammaPlay and deleted the avi file. I then ran a full virus/spyware scan and, because nothing was detected, I thought I was in the clear.
However, next time I ran my internet browser I noticed several minor changes. The preferences link on google would take me to the correct URL, but would display an exact copy of: Google. After having bypassed this, (by simply using the preferences link from google's image search,) I would change my google preferences as desired, but they would not stick. Searches also opened up in a new window (they never use to,) and I was being redirected to various websites (such as yahoo, youtube, and various advertising websites.) I tried deleting cookies and resetting my browser, to no avail.
I figured this could be the work of a browser hijacker so I downloaded a variety of malware scanners, including Spybot - Search and Destroy and Malware Bytes. However many of these programs wouldn't install because they couldn't connect to update servers. (My antivirus and Windows Defender also could not connect to update servers.) I managed to install Spybot successfully by updating the program manually, but when I try to open the main window from the taskbar, nothing seems to happen.
By now, I was starting to get very concerned. I installed Trend Micro's system cleaner, which is the only scanner I managed to run successfully. (With the exception of my virus scanner which detects nothing.) This looked promising when it detected 3 potential threats, but they just turned out to be cookies. I have tried Housecall and another online threat scanner, but neither could connect. (Housecall said Java needs to be enabled on my system, but I had updated Java only a day before.)
I have checked for any unwanted processes running on my machine via the task manager. The only one I thought to be suspicious was '175369943.tmp' which I ended. However, this made no difference to my current situation. I have also checked my startup programs via msconfig and my registry keys via regedit, found nothing suspicious. (However, I am no computer expert so I may have overlooked something.) I have also performed netstat from the command line to see if it would detect any backdoors. Once again, I found nothing suspicious.
After researching rootkits on the internet, I realize that this may very well be the work of one of them. What do you guys think? Is a rootkit hiding all suspicious activity from me? I am also at a loss as to how to remove rootkits considering all anitmalware seems to be blocked.
Thanks for reading, and any suggestions would be greatly appreciated.
P.S. I am using Windows Vista, Trend Micro Internet Security and IE7 (stupid I know ). I upgraded to IE8 and installed Firefox yesterday to see if this made a difference. As you guessed, it didn't. I have downloaded Hijack This and ran it but this produces a log which is meaningless to me. However, if seeing this log might assist anyone who tries to help me, I will gladly post it.
I am sorry for such a long post.
Good day to you all