Hi Hudderz, and welcome to TSF.. :)
Download and install APM from:
http://www.diamondcs.com.au/index.php?page=apm
Then please run a new HJT! Scan, and check to fix the following entries, being sure to double check that you haven't missed any. Next, close
all browser windows and click the
Fix checked button…
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Matt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Matt\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\DOCUME~1\Matt\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\DOCUME~1\Matt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Matt\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\DOCUME~1\Matt\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about :blank
O2 - BHO: (no name) - {4AFC2147-ECB9-4A81-B725-0296B507460B} - C:\WINDOWS\System32\pfnemo.dll
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
If you set the above using Spybot S&D, leave it, otherwise fix as well.
O18 - Filter: text/html - {72679DD9-DC61-4796-9C18-902D2E4907A8} - C:\WINDOWS\System32\pfnemo.dll
O18 - Filter: text/plain - {72679DD9-DC61-4796-9C18-902D2E4907A8} - C:\WINDOWS\System32\pfnemo.dll
Then start APM.
In the upper window select explorer.exe
In the lower window find and rightclick the BHO from the HijackThis log
Select Unload DLL and click OK on the prompts that follow.
Reboot and scan with AdAware to remove the txt and html protocol association.
Then please post a new log, and we'll see how it's gone.
Cheers
Liam