Google Hijack, too.

Okay if you have run ALL steps of the READ ME FIRST and you still have a problem, you should read the tutorial in this Sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log file as an attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

Make sure you have HJT Version 1.98.2 and follow the guideline on where to install it and how to post a log as an attachment.

 

Can you tell me what these next to items are? Not that they are bad! I just want to know what they are?
c:\program files\ascent\bin\acsvc.exe
C:\Program Files\Ascent\Server\MSSQL$ASCENTCAPTURE\Binn\sqlservr.exe


Make sure you have system restore disabled and viewing of hidden files enabled.
Print these instructions or save locally. Stay offline with ALL browsers including the one you are reading in right now closed until I tell you to come back here to post a new log.

Boot into safe mode.

Please bring up Task Manager by hitting CTRL-ALT-DEL and click the Processes tab. Find the below processes and End them:
WinTaskAd.exe
tsm2.exe


Run HijackThis and select the following lines but DO NOT CLICK FIX until make sure all browser sessions are closed:
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm
R3 - Default URLSearchHook is missing
O2 - BHO: Search Relevancy - {1D7E3B41-23CE-469B-BE1B-A64B877923E1} - C:\PROGRA~1\SEARCH~1\SEARCH~2.DLL
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [Windows TaskAd] C:\Program Files\Windows TaskAd\WinTaskAd.exe
O4 - HKCU\..\Run: [Tsa2] C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)


Also consider removing musicmatch.com from your trusted zone unless you really know it must be there to get features you require to work. I personally do not put anything in the trusted zone. That way if anything shows up there, I immediately know something is wrong.
O15 - Trusted Zone: *.musicmatch.com



Boot into safe mode and use Windows Explorer to delete:
C:\Program Files\SEARCH~1 <-- the whole directory. You will have to determine what SEARCH~1 expands into. This is a shortened name.
C:\Program Files\Windows TaskAd <-- the whole directory
C:\PROGRA~1\Common Files\tsa <-- the whole directory

Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Thanks for the info on Ascent.

Let me know when you finish running those steps.

 

You're welcome. Your log is clean now. I assume everything is working properly now.

You should check out the following: How to Protect yourself from malware!