bigkid :
you most likely picked up a virus -- but with reg cleaner and rollbacks and such you might have fouled up the registry, you'd be best off doing a fresh install - but - if you want to try --- scan your system for viruses, you can use something like malware bytes, its free and can get rid of some crap....also Kaspersky's website offers a free 'rootkit' virus killer - rootkit viruses can hide from some scanners.
pcpitstop.com is a great site for scanning the health of your system - and the scans are free...but remember even if it says you don't have a virus you may still have a rootkit virus.
here's a link to the rootkit virus utility:
http://support.kaspersky.com/us/5350
Hi bigkid
Thank you kindly for the advice (I've been away for a few days). I'll try the rootkit killer and post the progress.
...
Ok, I scanned with Malwarebytes and got 7 "problems" one of which is registry. I can't see if I can attach anything to this post (I have a screenshot) so here's the log:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2013.10.13.02
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
XXX :: XXX [administrator]
13/10/2013 11:53:37
mbam-log-2013-10-13 (11-53-37).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202955
Time elapsed: 6 minute(s), 7 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
Folders Detected: 1
C:\Users\XXX\AppData\Local\Temp\ct2504091 (PUP.Optional.Conduit.A) -> No action taken.
Files Detected: 5
C:\Users\XXX\AppData\Local\Temp\ct2504091\ism.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\XXX\Downloads\DAEMONToolsPro500316-0317.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\XXX\Downloads\DTLite4453-0297(1).exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\XXX\Downloads\DTLite4453-0297.exe (PUP.Optional.OpenCandy) -> No action taken.
C:\Users\XXX\Local Settings\Temporary Internet Files\Content.IE5\UD7YS831\ism[2].exe (PUP.Optional.Conduit.A) -> No action taken.
(end)
I'll try the rootkit now and report back
...
Just ran the rootkit - 5 threats detected (after changing the parameters, the first scan found nothing) I don't know if a log will be created so here it is typed out:
(All unsigned file, All Suspicious object medium risk)
1. Service: CTAudSvcService
2. Service: hpqcxs08
3. Service: hpqddsvc
4. Service: Net Driver HPZ12
5. Service: PassThru Service
The only really interesting one is 4. as it's in Windows folder and is system32 and the rest are Creative (1.) HewlettPackard printer (2. 3.) or HutchinsonTeleCom mobile phone (5.):
C:\Windows\system32\HPZinw12.dll
I've quarantined them all anyway. Now to reboot.