If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#21
|
|||
|
|||
I would also clear the TIF and delete all offline content for that user.
OE puts its temporary files there and that may be where the problem lies, since its user-dependent. Heh, I've succeeded in making things worse. Deleting the TIF seems to have gotten on something's nerves. IE no longer works and all messages in OE6 now appear as attachments. They now open in notepad (and are free of html gibberish). Replying, however, caused OE6 to hang. At least /something/ happened. Rebooted. Tried Repair of IE6. Got the ability to open OE back again. Still showing HTML gibberish. Resinstalling IE6/OE6 now... If that doesn't work then may well try nuking the HKCU identities next. -Bill Kearney |
#22
|
|||
|
|||
Resinstalling IE6/OE6 now...
If that doesn't work then may well try nuking the HKCU identities next. That didn't work. The problem persists but at least the other account on the same box has returned to working and OE6 no longer hangs. So at this point I'm stumped. Short of trashing the account's identities or windows profile there doesn't appear to be much else I can do. Is there a 'diff' program that can compare registry trees? It might be useful to see a comparision of what one HKCU tree for OE and IE under one account (the problem one) shows in comparison to another. -Bill Kearney |
#23
|
|||
|
|||
Judging from everything you've posted here, Bill, I have little doubt that
the Windows Profile is damaged, not OE or any identities, and, barring anything you've not yet revealed here, the damage has most likely been caused by malware. While you may be quite an experienced computer user, if that experience does not include interpreting hundreds of HijackThis logs accurately you cannot state with any certainty that the Profile is malware-free without getting the 'all clear' from one of the pros who post to HT log-specific forums. See "our" sub-thread here. Bill, you post using a Hotmail address. None of this is occurring in messages received by an MSN/Hotmail account, correct? -- ~PA Bear Bill Kearney wrote: ...If I can just 'untangle' what OE6 has gotten screwed up I'd be happy. |
#24
|
|||
|
|||
Are you running Ad-aware SE? Spybot v1.3? Do you seek updates for each
tool before you use it, every time? Both have new updates: Ad-aware on 16 Aug-04 and Spybot today (20 Aug-04). Have you re-configured Ad-aware for a full scan as per http://aumha.org/forum/viewtopic.php?t=5877? Did you run all of the tools in Safe Mode, with 'Show Hidden Files' enabled, and in this order?... CWShredder, Ad-aware, Spybot, HijackThis Have you posted your HT log to a recommended forum and gotten the 'all clear' from an expert there? Bill Kearney wrote: ...If I can just 'untangle' what OE6 has gotten screwed up I'd be happy. Judging from everything you've posted here, Bill, I have little doubt that the Windows Profile is damaged, not OE or any identities, and, barring anything you've not yet revealed here, the damage has most likely been caused by malware. While you may be quite an experienced computer user, if that experience does not include interpreting hundreds of HijackThis logs accurately you cannot state with any certainty that the Profile is malware-free without getting the 'all clear' from one of the pros who post to HT log-specific forums. See "our" sub-thread here. ~~~~~~~~~~~ Bill, you post using a Hotmail address. None of this is occurring in messages received by an MSN/Hotmail account, correct? Have you considered creating a new Profile/Log-on, moving the old Profile's data to it and then deleting the latter? Did you upgrade to WinXP (?) from an earlier Windows version? Which one? -- ~PA Bear Bill Kearney wrote: Nothing enabled (or recently changed) in Accessibility. 3rd party extensions not enabled. Enabling didn't change anything (the problem persists) I run ad-aware, spybot and avg... I'm behind a firewall and I'm not one to run things indiscriminantly. CWShredder shows nothing amiss Nor does HijackThis. Ad-aware as well (beyond the usual tracking cookies) Spybot didn't either. Stinger found nothing. I'm left within thinking that whatever OE is using to display the messages is being disrupted. It's almost as is the message form's text control is pulling the data through an HTML converter TWICE. FWIW, I've got Sysinternal's Process Explorer loaded for looking at what dlls MSIMN is using and what versions of each. Humor me. In the problem Profile: IE ToolsInternet OptionsGeneralAccessibility Is any entry enabled here? Did you enable it? IE ToolsInternet OptionsAdvancedBrowsingEnable third-party browser extensions Enabled? Any difference in behaviour if you disable it? The Windows Profile in question may be infected with malware/hijackware. Check this Profile for "hijackware": Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm CoolWebSearch Chronicles http://www.spywareinfo.com/~merijn/cwschronicles.html Run these tools in the following order with nothing else running in background: 1. CWShredder (fix all found) 2. Ad-Aware (fix all found) 3. Spybot (RTFM but generally fix everything in red) Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each and every use, even "right out of the box". But even they can't catch everything, 24/7. When all else fails, HijackThis (http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. **Post your files to http://forums.spywareinfo.com/ or http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not here.** [Alternate download pages for many of the above tools may be found at http://aumha.org/a/parasite.htm.] Also: 1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then... 2. Update your virus definitions, enable Show Hidden Files (http://service1.symantec.com/SUPPORT...02092715262339) and then run a full system scan in Safe Mode (http://service1.symantec.com/SUPPORT...01052409420406) with nothing else running in background. Note the files identified and removed then find the corresponding page for the file at your AV maker's online support pages (e.g., http://securityresponse.symantec.com...favorites.html) and follow all Removal steps. WinXP Only (WinME similar): If this scan finds anything, create a new Restore Point then Disk Cleanup More options Delete all but the most recent Restore Point. So How Did I Get Infected Anyway? http://boards.cexx.org/viewtopic.php?t=957 |
#25
|
|||
|
|||
Are you running Ad-aware SE? Spybot v1.3? Do you seek updates for each
tool before you use it, every time? Both have new updates: Ad-aware on 16 Aug-04 and Spybot today (20 Aug-04). Well, as updated as was possible as of 9pm last night. Have you re-configured Ad-aware for a full scan as per http://aumha.org/forum/viewtopic.php?t=5877? Did you run all of the tools in Safe Mode, with 'Show Hidden Files' enabled, and in this order?... CWShredder, Ad-aware, Spybot, HijackThis Yep, followed them in order. Have you posted your HT log to a recommended forum and gotten the 'all clear' from an expert there? Not as yet. You can imagine I'm loathe to expose this situation to yet another 'band of experts'. It's gobbled up way too much time already confirming what it's NOT to people who sometimes appear to know less about this than I already do. Such is the price paid of course. Judging from everything you've posted here, Bill, I have little doubt that the Windows Profile is damaged, not OE or any identities, and, barring anything you've not yet revealed here, the damage has most likely been caused by malware. I'm not so quick to go blaming it on malware. Other than the cookies I get nothing tripped on any of my log reports. I've even gone so far as to put write protected directories in the common places programs like Comet Cursor want to try using (heh, they can't run if they can't even install). So it's not like I'm unaware of the risks, how to prevent them and how to deal with fixing them. I do, however, appreciate that it's not always obvious that folks on the other end of the wire have the ability to do what's required. While you may be quite an experienced computer user, if that experience does not include interpreting hundreds of HijackThis logs accurately you cannot state with any certainty that the Profile is malware-free without getting the 'all clear' from one of the pros who post to HT log-specific forums. See "our" sub-thread here. I can certainly appreciate that opinion. I respectfully disagree about "pros" and "all clear" sentiments. Bill, you post using a Hotmail address. None of this is occurring in messages received by an MSN/Hotmail account, correct? Were I retreiving them directly from Hotmail I suppose that might be a question to answer. I don't. All mail is pulled into an IMAP box. Hotmail is pulled via the quite handy little tool known as hotwayd. Thus all mail is pulled via IMAP and, as I've already checked and double-checked, the mail in the server's mailboxes are quite normal and work perfectly using another account with it's identity configured with the same mail server settings. I've long used hotmail for usenet postings because of it's reasonably reliable spam filtering. It's a good throwaway address but one that actually works with out all the ever games. Being that I can pull it via cron controlled fetchmail jobs and further process it with spamassassin makes it painless. Have you considered creating a new Profile/Log-on, moving the old Profile's data to it and then deleting the latter? Yeah, it's the "moving the old Profile's data" that's SUCH a pain in the ass. Did you upgrade to WinXP (?) from an earlier Windows version? Which one? Nope, as I stated at the outset this is a Windows 2000 box with sp4 on it. It has, however, had a long history as it started at w2ksp1 and IE55 and has probably suffered at the hands of quite a few of the hotfixes along the way. Trouble is the profile in question is THE ONE that I use most heavily and there's a metric-assload of things that have configured themselves to work within it's various registry entries. Picking this apart and moving it to another profile (something I've done before) is just not something I have much desire to perform. Riddle me this, is there a tool like the unix 'diff' for registry trees? One that I could point to a particular point of the tree and compare against something else? The trick would then be to know 'where' in the trees to make the comparisions. What "looks like" is going on here is that when OE pulls up a message it uses the IE control to show it. That control is, apparently, being fed from normal data and is being transcoded into HTML improperly. That is, either OE or the IE control is looking at the data and 'deciding' it needs to be pushed through some sort of HTML parsing or converting stage prior to display. I've wrestled with code that harnesses the IE control and it's not always an easy process. But, near as I can tell, it's in that stage that the process fails. What's further intriguing is the way Reply and/or Forward are concerned. The data that gets pushed to the new reply/forward form is encoded HTML. That is, it has been pulled up from disk, converted to HTML and then transcoded into encoded HTML. Going from "text-(linebreak)-text" into "text-BR-text" and then further *******ized into "text-<BR>-text". I've done plenty of XML and HTML programming and this is a clear sign that some parser is being overzealous or called incorrectly. We see this all the time in XML documents that incorrectly double-encode things (like © as &copy. It would be interesting to hear from an OE developer directly as to how OE pumps it's data into the IE control. -Bill Kearney |
#26
|
|||
|
|||
Bill, you post using a Hotmail address. None of this is occurring in
messages received by an MSN/Hotmail account, correct? I poll the hotmail messages using fetchmail. I don't usually pull them directly via the HTTP mail protocol. However, in the interests of nailing the lid shut on any arguments about this being transport-based I tried. The hotmail account is loaded and when I open a message from the Inbox it comes up EXACTLY the same as all the others. It's just as corrrupted by HTML formatting as all the rest. Pulling a message up from HTTP, IMAP, NNTP or even from a Local Folder all do exactly the same thing. Heck, even reloaded from a saved .eml or .nws file does it. They all incorrectly transcode the plain text messages into HTML. -Bill Kearney |
#27
|
|||
|
|||
Try this since it might be the problem with UTF-8 messages. Open Outlook
Express, click Tools/Options/Read and then International Settings button. Is there a check mark to use default encoding for all incoming messages? If it is checked, then uncheck it and see if that fixes the problem. W2K has native support for Unicode so if you are using some other type of encoding as your default, that may well be the cause of the problem. Good luck. -- Jim Pickering, MVP-Outlook Express Please reply only to newsgroup. "Bill Kearney" wrote in message ... Resinstalling IE6/OE6 now... If that doesn't work then may well try nuking the HKCU identities next. That didn't work. The problem persists but at least the other account on the same box has returned to working and OE6 no longer hangs. So at this point I'm stumped. Short of trashing the account's identities or windows profile there doesn't appear to be much else I can do. Is there a 'diff' program that can compare registry trees? It might be useful to see a comparision of what one HKCU tree for OE and IE under one account (the problem one) shows in comparison to another. -Bill Kearney |
#28
|
|||
|
|||
"Jim Pickering" wrote in message
... Try this since it might be the problem with UTF-8 messages. Open Outlook Express, click Tools/Options/Read and then International Settings button. Is there a check mark to use default encoding for all incoming messages? If it is checked, then uncheck it and see if that fixes the problem. W2K has native support for Unicode so if you are using some other type of encoding as your default, that may well be the cause of the problem. Good luck. Yeah, I tried this already. No effect. Also tried changing the hell out of it on the working accounts to see if I could make them fail, no luck. I'm certainly willing to believe there's some confusion going on because of i18n issues. Transcoding is such a pain in the ass, far worse than most developers really grasp. Throw HTML/XML encoding into the mix and it really gets messy in a hurry. -Bill Kearney |
#29
|
|||
|
|||
After any IE upgrades and then subsequent Win2K SP upgrades, has anyone ever
attempted to uninstall or reinstall the IE upgrade, Bill? That is, without first uninstalling the SP which post-dates the install of the IE upgrade? While I have the utmost respect for most projects running under the Sourceforge banner, let me ask this: Did the start of this problem coincide with the install/use of Hotwayd (http://sourceforge.net/projects/hotwayd/) ? How long has this problem been going on? -- ~PA Bear Bill Kearney wrote: Are you running Ad-aware SE? Spybot v1.3? Do you seek updates for each tool before you use it, every time? Both have new updates: Ad-aware on 16 Aug-04 and Spybot today (20 Aug-04). Well, as updated as was possible as of 9pm last night. Have you re-configured Ad-aware for a full scan as per http://aumha.org/forum/viewtopic.php?t=5877? Did you run all of the tools in Safe Mode, with 'Show Hidden Files' enabled, and in this order?... CWShredder, Ad-aware, Spybot, HijackThis Yep, followed them in order. Have you posted your HT log to a recommended forum and gotten the 'all clear' from an expert there? Not as yet. You can imagine I'm loathe to expose this situation to yet another 'band of experts'. It's gobbled up way too much time already confirming what it's NOT to people who sometimes appear to know less about this than I already do. Such is the price paid of course. Judging from everything you've posted here, Bill, I have little doubt that the Windows Profile is damaged, not OE or any identities, and, barring anything you've not yet revealed here, the damage has most likely been caused by malware. I'm not so quick to go blaming it on malware. Other than the cookies I get nothing tripped on any of my log reports. I've even gone so far as to put write protected directories in the common places programs like Comet Cursor want to try using (heh, they can't run if they can't even install). So it's not like I'm unaware of the risks, how to prevent them and how to deal with fixing them. I do, however, appreciate that it's not always obvious that folks on the other end of the wire have the ability to do what's required. While you may be quite an experienced computer user, if that experience does not include interpreting hundreds of HijackThis logs accurately you cannot state with any certainty that the Profile is malware-free without getting the 'all clear' from one of the pros who post to HT log-specific forums. See "our" sub-thread here. I can certainly appreciate that opinion. I respectfully disagree about "pros" and "all clear" sentiments. Bill, you post using a Hotmail address. None of this is occurring in messages received by an MSN/Hotmail account, correct? Were I retreiving them directly from Hotmail I suppose that might be a question to answer. I don't. All mail is pulled into an IMAP box. Hotmail is pulled via the quite handy little tool known as hotwayd. Thus all mail is pulled via IMAP and, as I've already checked and double-checked, the mail in the server's mailboxes are quite normal and work perfectly using another account with it's identity configured with the same mail server settings. I've long used hotmail for usenet postings because of it's reasonably reliable spam filtering. It's a good throwaway address but one that actually works with out all the ever games. Being that I can pull it via cron controlled fetchmail jobs and further process it with spamassassin makes it painless. Have you considered creating a new Profile/Log-on, moving the old Profile's data to it and then deleting the latter? Yeah, it's the "moving the old Profile's data" that's SUCH a pain in the ass. Did you upgrade to WinXP (?) from an earlier Windows version? Which one? Nope, as I stated at the outset this is a Windows 2000 box with sp4 on it. It has, however, had a long history as it started at w2ksp1 and IE55 and has probably suffered at the hands of quite a few of the hotfixes along the way. Trouble is the profile in question is THE ONE that I use most heavily and there's a metric-assload of things that have configured themselves to work within it's various registry entries. Picking this apart and moving it to another profile (something I've done before) is just not something I have much desire to perform. Riddle me this, is there a tool like the unix 'diff' for registry trees? One that I could point to a particular point of the tree and compare against something else? The trick would then be to know 'where' in the trees to make the comparisions. What "looks like" is going on here is that when OE pulls up a message it uses the IE control to show it. That control is, apparently, being fed from normal data and is being transcoded into HTML improperly. That is, either OE or the IE control is looking at the data and 'deciding' it needs to be pushed through some sort of HTML parsing or converting stage prior to display. I've wrestled with code that harnesses the IE control and it's not always an easy process. But, near as I can tell, it's in that stage that the process fails. What's further intriguing is the way Reply and/or Forward are concerned. The data that gets pushed to the new reply/forward form is encoded HTML. That is, it has been pulled up from disk, converted to HTML and then transcoded into encoded HTML. Going from "text-(linebreak)-text" into "text-BR-text" and then further *******ized into "text-<BR>-text". I've done plenty of XML and HTML programming and this is a clear sign that some parser is being overzealous or called incorrectly. We see this all the time in XML documents that incorrectly double-encode things (like © as &copy. It would be interesting to hear from an OE developer directly as to how OE pumps it's data into the IE control. -Bill Kearney |
#30
|
|||
|
|||
I've tried running sysinternal's regmon against it while opening a message. I've not had a chance to compare it against the working account but thus far nothing jumps out at me as to what might be specific to just this profile. I do see a number of calls to the mhtml hander but nothing specifically related to an HKCU subtree. The thought being that since OE6 works fine on this same machine when connected as a different user it's be HKey\Current User\ related. Anyway, out of time for this today, sad to say and off for a week's vacation tomorrow. I'll nag back again in a week. I'm open to suggestions and I'll catch up here when I return. -Bill Kearney |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Still having Web Page Pathing Problems / Relative Links show Netwo | webmaster | Powerpoint | 27 | July 15th, 2004 11:16 PM |
E-mail account not showing up in "All Mail Folders" | Marshall D Abrams | Installation & Setup | 0 | June 4th, 2004 12:22 AM |
Mail Merge Using Access/Word HTML Not Working | dotkc | New Users | 0 | May 26th, 2004 06:41 AM |