Helping a friend

with her computer, and I believe I'm going blind. I've gotten lots of nasties off of here, but now I'm hoping for expert advice.
The only problem I've really noticed since the last time I started is that on some pages, left click makes a little fist show up, rather than taking me to the link. Right click works on those links, though.
But before things come creeping back, can someone please take a look at this log and see what's interesting?
Btw, yes, they use earthlink so I'm leery of deleting those homepages and such at the top of the list, although several places have indicated I should. Any advice?
Ok, I spoke too soon-- I can't put an attachment on here, because that link doesn't work at all for me. Any suggestions?

 

Ok, thanks to whoever pointed out that the logs can be posted from another computer.
I've done all the steps in the "read first" page (most of them more than once).
Bitdefender came back clean.
Panda only ran part way, then it started popping up an outlook box, and quitting when I closed the pop-up (twice), but I'm posting what it saved.
Please can someone give a hand? This is driving me nuts!

 

Scan with HijackThis and fix teh following:

REBOOT

Post a fresh HijackTHis log.

 

Ok, everything looks much, much better---- except I still get the "fist" when I try to click on the "manage attachment" link? I'm doing this from another computer again.

 

OK, let's look at this from another direction.

Follow the directions for the following:
Running WinPfind by OldTimer
Using GetRunKey

Post WinPFind.txt and runkey.txt when finished.

 

Thanks for the help, what are you looking for?

 

Follow the directions for Running Hoster.

Other than that I see nothing in teh logs to account for the weird cursor.

Download Blacklight Beta from here:
http://www.majorgeeks.com/F-Secure_BlackLight_d4983.html

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.

 

I did the first, the second came back with no problems found. Can I please just copy/paste what it says? And my webmail doesn't work on here either (the dreaded red fist).

 

Go ahead Copy & Paste the log.

 

This is all it said---

Btw, I also ran adaware just now for fun, there are a bunch of tracking cookies (12) back. Relevant? and is there a free way to keep them from coming back?

 

Does the fist happen on every left click or just some? I'm thinking this is not malware, but sonmehow releted to the security software that is installed.

 

Only on some links. I'm not sure of the pattern, I can't make it happen on demand. I thought it was maybe picture links, but with webmail not letting me link... those aren't images.
A lot of links here do it, though.

 

OK, let's get a complete list of running processes.

Run HJT and on the first screen, click the button that says "Open the Misc Tools section". In the next window first select "List also minor sections (full)" and then click the button that says "Generate StartupList log". Click Yes to the Do you want to continue prompt. Now a notepad window will come up with the Startuplist.txt file. It is already saved in the the directory HJT is running from. So just come back here and upload the file as an attachment to your next message.

 

There's a file on the desktop called "scrap" that says it opens with "shell scrap object handler"? Any idea what that is?
And here's the startup list.

 

A Scrap Object can contain any kind of code, including a virus. Unless someone knows what that file is delete it.

Check the settings in the Earthlink Total Access software package, specifically Parental Controls.

 

All that's in the parental controls is a favorites folder, nothing being blocked that I see.
I did find all those cookies adaware kept coming up with, though, I think, in the quarantine folder. They're gone now.
Any other programs that might be hiding it? or something in earthlink I might have missed?

 

There are several different applicatins that are a part of Earthlink Total Access; it could be anyone of them. Might also be something in Norton.

 

Wish I'd tried this a long time ago, but Opera works fine. Is that a clue to where the problem is, or no?

 

Yeah, it has something to do with Internet Explorer. You might want to post this problem in the Software forum and reference this thread.

 

Thank you so much!
It is indeed a part of earthlink, the pop-up blocker. I found instructions for disabling it on a case-by-case basis, now off to find instructions for getting rid of it, or at least changing the settings.