Not sure if about blank is gone

You should perform another reboot and open and close a few browsers sessions. That will let you know if it is gone or not.

If you still have a problem, follow the steps below.

Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

Now post a HijackThis log as an attachment to your message (Do not post the log inline). All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT

 

If it has not come back then Thug is probably correct; however, with this infections being so insidious you should post a HJT log attachment following the directions I gave below to double check that something is still not hanging around.

And please do run the steps in the thread that Thug point you towards.

 

C:\WINDOWS\Explorer.EXE is your shell that loads at startup. It is also the name you will see each time you open another Windows Explorer application.

I was correct! You do have more problems that need to be fixed but first you need to follow the link given to you and install the proper version of HijackThis.

And then post a new log.

 

Question: Do you still use an iPod? If, so why is this next line indicating one of your files require for it is missing? Does it still work properly?
O23 - Service: iPod Service - Unknown - C:\Program Files\iPod\bin\iPodService.exe (file missing)


Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file move.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the move.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge say yes

Make sure you have system restore disabled and viewing of hidden files enabled.

Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
O2 - BHO: (no name) - {0E0649E4-4EF1-5350-5D27-33BAD0093516} - C:\WINDOWS\mswd.dll (file missing)
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O15 - Trusted Zone: *.frame.crazywinnings.com <--- this should be gone already
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM) <--- this should be gone already
O15 - Trusted IP range: 206.161.125.149
O15 - Trusted IP range: (HKLM)


Do you recognize this next line to be valid? If not, fix it too!
O16 - DPF: {FEC3E5A3-50F7-4B0C-97D8-01CF69DFBFC7} (Measurement Service Client) - http://ccon.madonion.com/global/msc.cab

After clicking Fix, exit HJT.

Boot into safe mode and use Windows Explorer to delete:
C:\WINDOWS\System32\tibs3.exe


If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Let me know if you have any problems finding or deleting any of these files.


Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


Now reboot in normal mode and post a new HJT log. And tell us how things are working.

 

Okay! The have HJT fix this too:
O23 - Service: iPod Service - Unknown - C:\Program Files\iPod\bin\iPodService.exe (file missing)