IE6 corrupts a link address

I use ebay occassionally. When I get an email notification it usually contains a link to the item page.

When I click on the link, it sends me to an "Invalid Page" page. I noticed that IE injects "amp;" in the middle of the address in the process. If I take it out, the address works fine. I have removed all cookies, turned off my HOSTS file, cleared TIF, cleared temp files, disabled NAV and cleared the recycle bin.

Why is IE doing this? Thanks, LarryB

 

LarryB--Are you saying that the link from E-Bay does not have "amp" in it, but that "amp" is inserted by clicking on the link?
If you have not already done so, suggest you scan your PC with NAV and a spyware detector like
AdAware
http://www.lavasoft.de/support/download/ or
SpybotS&D
http://www.safer-networking.org/
Be sure to get the latest definition/reference files before scanning.

 

That is exactly what I am saying!! Actually, it inserts "amp; "... with a semicolon after "amp ". I Spybot and Adaware regularly. I am clean (at least in that way!).

Any clues??

 

What happens if you right click the link and either 'Open in new window' or 'copy shorcut' and paste it in a new window? Are ebay mailings the only ones that have this behavior?

 

1. It only happens on links contained in ebay mailings. I have tried to get assistance via ebay's community boards but to no avail. This is apparently very atypical behavior.

2. No change when I use "Open in New Window ".

3. When I right click on the link with "copy shortcut" and paste it on the address bar, the link is transformed from this...

"http://cgi.ebay.com/ws/eBayISAPI.dll?ViewItem&item=4002600958&ssPageName=ADME:B:BN:US:1 "

to this...

http://proxy-mail.mailcity.lycos.com/bin/redirector.cgi?class=1&url=http%3a%2f%2fcgi%2eebay%2ecom%2fws%2feBayISAPI%2edll%3fViewItem%26amp%3bitem%3d4002600958%26amp%3bssPageName%3dADME%3aB%3aBN%3aUS%3a1&uuid=8541&partner_key=mailcity

Then, when I hit "enter ", I get the Invalid Item page again. BTW, the "search from the address bar" function is turned off.

4. When I actually highlight the link, copy, paste and enter, it does work.

The text of the "Invalid Item" is interesting, too. It says.. "The item you requested () is invalid, still pending, or no longer in our database. Please check the number and try again. If this message persists, the item has either not started and is not yet available for viewing, or has expired and is no longer available."

The "()" seems to indicate that the item number in the address is no longer "visible ". The additional "amp;" that is injected into the address appears to negate the item number statement that follows it.

Thanks a lot for your time,

LarryB

 

Odd behavior. Right click a link and select properties. Does it read the same as the link? If the amp; shows up in the properties, the problem is on Ebay's end, I would think.

 

LarryB-- "http://proxy-mail.mailcity.lycos.com" compared to "http://cgi.ebay.com ". Well, that is a little more of a change than just inserting "amp; ".
That seems to be redirector, perhaps a search engine referrer, perhaps part of an anonymizer program.
http://www.google.com/search?sourceid=navclient&q=proxy-mail.mailcity
Have you knowingly installed this? Arre you using an anonymizer program or one that sends your communications with the web through a proxy server?
Unless the answer is yes (in which case, you probably will have to disable/uninstall such a program):

Have you downloaded and run HiJackThis?
http://www.merijn.org/files/hijackthis.zip
You may also want to read tutorials
http://www.merijn.org/htlogtutorial.html
http://hjt.wizardsofwebsites.com/

Normally, you should not delete things willy-nilly when HJT reports something in the R0 and R1 lines, but I would think you could safely do so if HJT reports anything connected with "proxy-mail.mailcity" or either part separately. Also you should investigate the BHO section (which is taken from the C:\WINDOWS\Downloaded Program Files folder). You can go into that folder and see (by right-clicking each icon separately|then clicking Properties) whether any BHO's are related to proxy-mail.mailcity.

 

Hi Jim, I am not pleading ignorance here, but I checked what you mentioned and I have no anonymizer program on my compter not is there any reference to mailcity in any line revealed by HijackThis!!

I am not ignorant, just clueless!! Thx, Larry

 

That's pretty interesting. I am using OE/IE 6. Why would it be conflicting and how do I fix it?

In this case I don't think that the link is not being butchered by word wrap as it is not that long.

Thanks, LarryB

 

http://proxy-mail.mailcity.lycos.com is an email link-anonymiser site, used by spammers, and also for web-tracking. Sounds very much like a hijack to me, since the email address is quite clear in the original link.

The only way this might be done is via a plugged-in DLL, in which case you wouldn't find the proxy-mail URL in the registry.

Have a look under HKEY_CLASSES_ROOT\PROTOCOLS\Handler\mhtml - this will point to a CLSID - mine is {05300401-BCBC-11d0-85E3-00C04FD85AB4}

Then have a look in HKEY_CLASSES_ROOT\CLSID for the entry you find there - the program servicing the call should be %SystemRoot%\System32\inetcomm.dll - if it isn't, there's the hijack.

 

My Win98SE registry says "C:\WINDOWS\SYSTEM\INETCOMM.DLL ". It also says "ThreadingModel "Both" ".

I did a registry search for Mailcity and found that all of its references are part of my Blocked Senders list. However, I did a search for Mailcity on the c: drive and found that many of my newsgroups have an entry in "C:\Windows\ApplicationData\Identities\{FDDxxxxxxxx}\Microsoft\OutlookExpress" that contains Mailcity (apparently). Is this significant?

I was looking at my Downloaded Program Files and do have a couple of questions (as my ability to ID unfriendly BHO's may not be the best).

The questionable entries are:
1. PWMediaSendControlClass (http://216.249.24.141/code/PWActiveXImgCtl.CAB)

2. HeartbeatCtl Class (http://fdl.msn.com/zone/datafiles/heartbeat.cab)

Are these OK? The rest seem identifiable like HP and Windows Update.

Lastly, I keep getting these weird little empty files on my c: root directory and wonder if they are a problem. They have names like "yyyyyyyyyyyyyyyyyyyy" with umlauts (..) over them, or "BB|||" with the B's being the stylized German ones that mean "ss ". There seems to be a German theme to them. They have 0 bytes and no identifying info.

BTW, I do run Spybot and Adaware often.

Thanks again, Larry

 

Hi Larry,

Try configuring Spybot and Ad-aware per my instructions here and run them both. delete all they find. Have you run any online virus scans? Wouldn't hurt. If the problem persists, run HJT again and post the log.

 

Spybot and Adaware (settings as advised) bore nothing. Do you want just R0 and R1 in HJT or the entire list??

Thanks, Larry

 

Whole thing.

 

Here it is. Thanks a lot for your time!!

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\LOGITECH\MOUSE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\HPZTSB07.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\TBCTRAY.EXE
C:\PROGRAM FILES\QUICK RESOURCE V2.01\QUICKRESOURCE201\QUICKRESOURCE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\MSOFFICE.EXE
C:\PROGRAM FILES\EXIT 95-98\EXITS95.EXE
C:\PROGRAM FILES\LANLED\LANLED.EXE
C:\PROGRAM FILES\PRINKEY 2000 V5.1\PRINTKEY2000.EXE
C:\PROGRAM FILES\IE NEW WINDOW MAXIMIZER\IEMAXIMIZER.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\HPZSTATX.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
E:\DOWNLOADS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.mail.lycos.com/frameset.nlshtml?goto=jumpPage
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://groups.google.com/googlegroups/mydeja-login.html
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Net Transport\NTIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O3 - Toolbar: Pop-Up Blocker - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\PROGRAM FILES\EARTHLINK POP-UP BLOCKER\PNEL.DLL
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EM_EXEC] c:\logitech\mouse\system\em_exec.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb07.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe "
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\SYSTEM\TBCTRAY.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe "
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] c:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] c:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] c:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks "
O4 - HKCU\..\Run: [Ehas] C:\WINDOWS\Application Data\crch.exe
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - Startup: Event Reminder.lnk = C:\Program Files\Mindscape\PrintMaster\PMREMIND.EXE
O4 - Startup: QuickResource.lnk = C:\Program Files\Quick Resource v2.01\quickresource201\QuickResource.exe
O4 - Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Startup: POWERR~1.EXE
O4 - Startup: Exits95-98.lnk = C:\Program Files\Exit 95-98\Exits95.exe
O4 - Startup: LanLed.lnk = C:\Program Files\LANLED\LANLED.EXE
O4 - Startup: Printkey2000.lnk = C:\Program Files\Prinkey 2000 v5.1\Printkey2000.exe
O4 - Startup: iemaximizer.exe.lnk = C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Open Frame in &New Window - C:\WINDOWS\WEB\frm2new.htm
O8 - Extra context menu item: &Highlight - C:\WINDOWS\WEB\highlight.htm
O8 - Extra context menu item: &Web Search - C:\WINDOWS\WEB\selsearch.htm
O8 - Extra context menu item: &Links List - C:\WINDOWS\WEB\urllist.htm
O8 - Extra context menu item: Zoom &In - C:\WINDOWS\WEB\zoomin.htm
O8 - Extra context menu item: Zoom O&ut - C:\WINDOWS\WEB\zoomout.htm
O8 - Extra context menu item: I&mages List - C:\WINDOWS\Web\imglist.htm
O8 - Extra context menu item: Download all by Net Transport - C:\PROGRA~1\XI\NETTRA~1\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\PROGRA~1\XI\NETTRA~1\NTAddLink.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: ATI TV (HKLM)
O9 - Extra button: Researcher (HKLM)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: ebay.doubleclick.net
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/ocx/autopricer/autopricer.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {853C1A83-1639-11D0-8BBF-0080C7A01083} (Web Browser Pop-up Window Control) - http://activex.microsoft.com/activex/controls/iptdweb/webpopup.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?314
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?37910.334849537
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06c5188f23b2f18bb705/netzip/RdxIE601.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdq/downloads/msxml4.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

Holy smoly!. This is gonna take some time for me to sort thru. In the mean-time, these are probably your culprit.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.mail.lycos.com/framese...l?goto=jumpPage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.mail.lycos.com/

Scan with HJT again, place a check beside them and fix. Close browser windows first.

Do you use real player quite a bit? Do you want the extra toolbar?

You have a lot of things starting up with system boot. Can you trim that down? If not sure what to shut down, let me know.

 

HI Dave, it seemed like a lot to me, too. I'll review it later tonight. The Lycos ones that you specifically mentioned are the IE Home Page links to my web based email at Lycos!! I have the same set up at work (as far a start pages and ebay, etc) and it works fine there (under XP). Do you think that I should still get rid of them??

I'll look over the rest, too. Realbar has definately got to go. It will take a while to go through.

When you had me set up Spybot, I got to looking around and it does a lot more than I realized (BHO's, etc, etc). I'll have to ck that out some more, too.

Any thoughts on my comments on what I wrote a couple of entries back (starting with "My Win98SE registry says ... ")?

Thanks again, Larry

 

Hi Larry,

Scan again and fix these with browsers closed.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.mail.lycos.com/framese...l?goto=jumpPage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://login.mail.lycos.com/
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\REAL\TOOLBAR\REALBAR.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/...ash/swflash.cab
O16 - DPF: {DED22F57-FEE2-11D0-953B-00C04FD9152D} (CarPoint Auto-Pricer Control) - http://carpoint.msn.com/components/.../autopricer.cab
O16 - DPF: Dialpad US Java Applet - http://www.dialpad.com/applet/src/vscp.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.24.141/code/PWActiveXImgCtl.CAB
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/product...ontent/opuc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {853C1A83-1639-11D0-8BBF-0080C7A01083} (Web Browser Pop-up Window Control) - http://activex.microsoft.com/active...eb/webpopup.ocx
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (sys Class) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?314
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.c...37910.334849537
O16 - DPF: {928626A3-6B98-11CF-90B4-00AA00A4011F} (SurroundVideoCtrl Object) - http://encarta.msn.com/encnet/external/MSSurVid.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tec...ta/SymAData.dll
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/active...ntrol_v1-32.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/06c5188...ip/RdxIE601.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdq/downloads/msxml4.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdq/downloads/sysinfo.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

A reboot wouldn't hurt.
Try your ebay links again. Then if they work, try resetting your homepage to Lycos if that's where you want it. Try the links again. If they don't work, you know that's the problem. If they still don't work after fixing you're probably safe resetting your homepage anyway and the problem is most likely with Lycos. The 016's are ActiveX controls placed by downloaded programs and will allow further downloads from same without prompting. They will be rebuilt as you download from those sites again.

Did you use the immunize feature in Spybot? If so, there is a box to check to lock control panel. That blocks the tools>internet options in IE from access. If you didn't, fix these;

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

Then on your internet options, security tab, click custom level. ActiveX settings should be, prompt, disable, disable, enable, enable. OK out.

Did you edit your startup entries in msconfig?

Let me know!

P.S. My cable internet has been down for 2 days and dialup makes researching kinda tough (I had forgotten how slow it is ), and I haven't checked into the reg. entries previously mentioned. Maybe someone else will have some thoughts on that.

 

Great, Dave! I'll work on that tonight. Can you give me the 10cent word on Immunization? Not sure what it does. Some kind of "prevention" list?

Thanks, Larry