oe6 reading mail showing as html raw source?

I would also clear the TIF and delete all offline content for that user.
OE
puts its temporary files there and that may be where the problem lies,
since
its user-dependent.

Heh, I've succeeded in making things worse. Deleting the TIF seems to have
gotten on something's nerves. IE no longer works and all messages in OE6
now appear as attachments. They now open in notepad (and are free of html
gibberish). Replying, however, caused OE6 to hang.

At least /something/ happened.

Rebooted. Tried Repair of IE6. Got the ability to open OE back again.
Still showing HTML gibberish.

Resinstalling IE6/OE6 now...

If that doesn't work then may well try nuking the HKCU identities next.

-Bill Kearney

Resinstalling IE6/OE6 now...
If that doesn't work then may well try nuking the HKCU identities next.

That didn't work. The problem persists but at least the other account on
the same box has returned to working and OE6 no longer hangs.

So at this point I'm stumped. Short of trashing the account's identities or
windows profile there doesn't appear to be much else I can do.

Is there a 'diff' program that can compare registry trees? It might be
useful to see a comparision of what one HKCU tree for OE and IE under one
account (the problem one) shows in comparison to another.

-Bill Kearney

Judging from everything you've posted here, Bill, I have little doubt that
the Windows Profile is damaged, not OE or any identities, and, barring
anything you've not yet revealed here, the damage has most likely been
caused by malware. While you may be quite an experienced computer user, if
that experience does not include interpreting hundreds of HijackThis logs
accurately you cannot state with any certainty that the Profile is
malware-free without getting the 'all clear' from one of the pros who post
to HT log-specific forums. See "our" sub-thread here.

Bill, you post using a Hotmail address. None of this is occurring in
messages received by an MSN/Hotmail account, correct?
--
~PA Bear

Bill Kearney wrote:
...If I can just 'untangle'
what OE6 has gotten screwed up I'd be happy.

Are you running Ad-aware SE? Spybot v1.3? Do you seek updates for each
tool before you use it, every time? Both have new updates: Ad-aware on 16
Aug-04 and Spybot today (20 Aug-04).

Have you re-configured Ad-aware for a full scan as per
http://aumha.org/forum/viewtopic.php?t=5877?

Did you run all of the tools in Safe Mode, with 'Show Hidden Files' enabled,
and in this order?...

CWShredder, Ad-aware, Spybot, HijackThis

Have you posted your HT log to a recommended forum and gotten the 'all
clear' from an expert there?

Bill Kearney wrote:
...If I can just 'untangle'
what OE6 has gotten screwed up I'd be happy.

Judging from everything you've posted here, Bill, I have little doubt that
the Windows Profile is damaged, not OE or any identities, and, barring
anything you've not yet revealed here, the damage has most likely been
caused by malware. While you may be quite an experienced computer user, if
that experience does not include interpreting hundreds of HijackThis logs
accurately you cannot state with any certainty that the Profile is
malware-free without getting the 'all clear' from one of the pros who post
to HT log-specific forums. See "our" sub-thread here.
~~~~~~~~~~~
Bill, you post using a Hotmail address. None of this is occurring in
messages received by an MSN/Hotmail account, correct?

Have you considered creating a new Profile/Log-on, moving the old Profile's
data to it and then deleting the latter?

Did you upgrade to WinXP (?) from an earlier Windows version? Which one?
--
~PA Bear

Bill Kearney wrote:
Nothing enabled (or recently changed) in Accessibility.

3rd party extensions not enabled. Enabling didn't change anything (the
problem persists)

I run ad-aware, spybot and avg... I'm behind a firewall and I'm not one
to run things indiscriminantly.

CWShredder shows nothing amiss
Nor does HijackThis.
Ad-aware as well (beyond the usual tracking cookies)
Spybot didn't either.
Stinger found nothing.

I'm left within thinking that whatever OE is using to display the
messages is being disrupted. It's almost as is the message form's text
control is pulling the data through an HTML converter TWICE.

FWIW, I've got Sysinternal's Process Explorer loaded for looking at what
dlls MSIMN is using and what versions of each.

Humor me. In the problem Profile:

IE ToolsInternet OptionsGeneralAccessibility Is any entry enabled
here? Did you enable it?

IE ToolsInternet OptionsAdvancedBrowsingEnable third-party browser
extensions Enabled? Any difference in behaviour if you disable it?

The Windows Profile in question may be infected with malware/hijackware.
Check this Profile for "hijackware":

Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/Darnit.htm

CoolWebSearch Chronicles
http://www.spywareinfo.com/~merijn/cwschronicles.html

Run these tools in the following order with nothing else running in
background:

1. CWShredder (fix all found)

2. Ad-Aware (fix all found)

3. Spybot (RTFM but generally fix everything in red)

Important: You *must* seek updates for Ad-Aware, Spybot, etc., before each
and every use, even "right out of the box". But even they can't catch
everything, 24/7. When all else fails, HijackThis
(http://www.spywareinfo.com/~merijn/files/HijackThis.exe) is the preferred
tool to use. It will help you to both identify and remove any
hijackware/spyware. **Post your files to http://forums.spywareinfo.com/
or http://forum.aumha.org/viewforum.php?f=30 for expert analysis, not
here.**

[Alternate download pages for many of the above tools may be found at
http://aumha.org/a/parasite.htm.]

Also:

1. Download and run Stinger (http://vil.nai.com/vil/stinger/); then...

2. Update your virus definitions, enable Show Hidden Files
(http://service1.symantec.com/SUPPORT...02092715262339)
and then run a full system scan in Safe Mode
(http://service1.symantec.com/SUPPORT...01052409420406)
with nothing else running in background. Note the files identified and
removed then find the corresponding page for the file at your AV maker's
online support pages (e.g.,
http://securityresponse.symantec.com...favorites.html)
and follow all Removal steps.

WinXP Only (WinME similar): If this scan finds anything, create a new
Restore Point then Disk Cleanup More options Delete all but the most
recent Restore Point.

So How Did I Get Infected Anyway?
http://boards.cexx.org/viewtopic.php?t=957

Are you running Ad-aware SE? Spybot v1.3? Do you seek updates for each
tool before you use it, every time? Both have new updates: Ad-aware on 16
Aug-04 and Spybot today (20 Aug-04).

Well, as updated as was possible as of 9pm last night.

Have you re-configured Ad-aware for a full scan as per
http://aumha.org/forum/viewtopic.php?t=5877?

Did you run all of the tools in Safe Mode, with 'Show Hidden Files'
enabled,
and in this order?...

CWShredder, Ad-aware, Spybot, HijackThis

Yep, followed them in order.

Have you posted your HT log to a recommended forum and gotten the 'all
clear' from an expert there?

Not as yet. You can imagine I'm loathe to expose this situation to yet
another 'band of experts'. It's gobbled up way too much time already
confirming what it's NOT to people who sometimes appear to know less about
this than I already do. Such is the price paid of course.

Judging from everything you've posted here, Bill, I have little doubt that
the Windows Profile is damaged, not OE or any identities, and, barring
anything you've not yet revealed here, the damage has most likely been
caused by malware.

I'm not so quick to go blaming it on malware. Other than the cookies I get
nothing tripped on any of my log reports. I've even gone so far as to put
write protected directories in the common places programs like Comet Cursor
want to try using (heh, they can't run if they can't even install). So it's
not like I'm unaware of the risks, how to prevent them and how to deal with
fixing them.

I do, however, appreciate that it's not always obvious that folks on the
other end of the wire have the ability to do what's required.

While you may be quite an experienced computer user, if
that experience does not include interpreting hundreds of HijackThis logs
accurately you cannot state with any certainty that the Profile is
malware-free without getting the 'all clear' from one of the pros who post
to HT log-specific forums. See "our" sub-thread here.

I can certainly appreciate that opinion. I respectfully disagree about
"pros" and "all clear" sentiments.

Bill, you post using a Hotmail address. None of this is occurring in
messages received by an MSN/Hotmail account, correct?

Were I retreiving them directly from Hotmail I suppose that might be a
question to answer. I don't. All mail is pulled into an IMAP box. Hotmail
is pulled via the quite handy little tool known as hotwayd. Thus all mail
is pulled via IMAP and, as I've already checked and double-checked, the mail
in the server's mailboxes are quite normal and work perfectly using another
account with it's identity configured with the same mail server settings.

I've long used hotmail for usenet postings because of it's reasonably
reliable spam filtering. It's a good throwaway address but one that
actually works with out all the ever games. Being that
I can pull it via cron controlled fetchmail jobs and further process it with
spamassassin makes it painless.

Have you considered creating a new Profile/Log-on, moving the old
Profile's
data to it and then deleting the latter?

Yeah, it's the "moving the old Profile's data" that's SUCH a pain in the
ass.

Did you upgrade to WinXP (?) from an earlier Windows version? Which one?

Nope, as I stated at the outset this is a Windows 2000 box with sp4 on it.
It has, however, had a long history as it started at w2ksp1 and IE55 and has
probably suffered at the hands of quite a few of the hotfixes along the way.
Trouble is the profile in question is THE ONE that I use most heavily and
there's a metric-assload of things that have configured themselves to work
within it's various registry entries. Picking this apart and moving it to
another profile (something I've done before) is just not something I have
much desire to perform.

Riddle me this, is there a tool like the unix 'diff' for registry trees?
One that I could point to a particular point of the tree and compare against
something else? The trick would then be to know 'where' in the trees to
make the comparisions.

What "looks like" is going on here is that when OE pulls up a message it
uses the IE control to show it. That control is, apparently, being fed from
normal data and is being transcoded into HTML improperly. That is, either
OE or the IE control is looking at the data and 'deciding' it needs to be
pushed through some sort of HTML parsing or converting stage prior to
display. I've wrestled with code that harnesses the IE control and it's not
always an easy process. But, near as I can tell, it's in that stage that
the process fails.

What's further intriguing is the way Reply and/or Forward are concerned.
The data that gets pushed to the new reply/forward form is encoded HTML.
That is, it has been pulled up from disk, converted to HTML and then
transcoded into encoded HTML. Going from "text-(linebreak)-text" into
"text-BR-text" and then further *******ized into "text-<BR>-text".
I've done plenty of XML and HTML programming and this is a clear sign that
some parser is being overzealous or called incorrectly. We see this all the
time in XML documents that incorrectly double-encode things (like © as
&copy.

It would be interesting to hear from an OE developer directly as to how OE
pumps it's data into the IE control.

-Bill Kearney

Bill, you post using a Hotmail address. None of this is occurring in
messages received by an MSN/Hotmail account, correct?

I poll the hotmail messages using fetchmail. I don't usually pull them
directly via the HTTP mail protocol.

However, in the interests of nailing the lid shut on any arguments about
this being transport-based I tried.

The hotmail account is loaded and when I open a message from the Inbox it
comes up EXACTLY the same as all the others. It's just as corrrupted by
HTML formatting as all the rest. Pulling a message up from HTTP, IMAP, NNTP
or even from a Local Folder all do exactly the same thing. Heck, even
reloaded from a saved .eml or .nws file does it. They all incorrectly
transcode the plain text messages into HTML.

-Bill Kearney

Try this since it might be the problem with UTF-8 messages. Open Outlook
Express, click Tools/Options/Read and then International Settings button.
Is there a check mark to use default encoding for all incoming messages? If
it is checked, then uncheck it and see if that fixes the problem. W2K has
native support for Unicode so if you are using some other type of encoding
as your default, that may well be the cause of the problem. Good luck.
--
Jim Pickering, MVP-Outlook Express
Please reply only to newsgroup.


"Bill Kearney" wrote in message
...
Resinstalling IE6/OE6 now...
If that doesn't work then may well try nuking the HKCU identities next.

That didn't work. The problem persists but at least the other account on
the same box has returned to working and OE6 no longer hangs.

So at this point I'm stumped. Short of trashing the account's identities
or
windows profile there doesn't appear to be much else I can do.

Is there a 'diff' program that can compare registry trees? It might be
useful to see a comparision of what one HKCU tree for OE and IE under one
account (the problem one) shows in comparison to another.

-Bill Kearney

"Jim Pickering" wrote in message
...
Try this since it might be the problem with UTF-8 messages. Open Outlook
Express, click Tools/Options/Read and then International Settings button.
Is there a check mark to use default encoding for all incoming messages?
If
it is checked, then uncheck it and see if that fixes the problem. W2K has
native support for Unicode so if you are using some other type of encoding
as your default, that may well be the cause of the problem. Good luck.

Yeah, I tried this already. No effect. Also tried changing the hell out of
it on the working accounts to see if I could make them fail, no luck.

I'm certainly willing to believe there's some confusion going on because of
i18n issues. Transcoding is such a pain in the ass, far worse than most
developers really grasp. Throw HTML/XML encoding into the mix and it really
gets messy in a hurry.

-Bill Kearney

After any IE upgrades and then subsequent Win2K SP upgrades, has anyone ever
attempted to uninstall or reinstall the IE upgrade, Bill? That is, without
first uninstalling the SP which post-dates the install of the IE upgrade?

While I have the utmost respect for most projects running under the
Sourceforge banner, let me ask this: Did the start of this problem coincide
with the install/use of Hotwayd (http://sourceforge.net/projects/hotwayd/) ?
How long has this problem been going on?
--
~PA Bear

Bill Kearney wrote:
Are you running Ad-aware SE? Spybot v1.3? Do you seek updates for each
tool before you use it, every time? Both have new updates: Ad-aware on
16 Aug-04 and Spybot today (20 Aug-04).

Well, as updated as was possible as of 9pm last night.

Have you re-configured Ad-aware for a full scan as per
http://aumha.org/forum/viewtopic.php?t=5877?

Did you run all of the tools in Safe Mode, with 'Show Hidden Files'
enabled, and in this order?...

CWShredder, Ad-aware, Spybot, HijackThis

Yep, followed them in order.

Have you posted your HT log to a recommended forum and gotten the 'all
clear' from an expert there?

Not as yet. You can imagine I'm loathe to expose this situation to yet
another 'band of experts'. It's gobbled up way too much time already
confirming what it's NOT to people who sometimes appear to know less about
this than I already do. Such is the price paid of course.

Judging from everything you've posted here, Bill, I have little doubt
that the Windows Profile is damaged, not OE or any identities, and,
barring anything you've not yet revealed here, the damage has most
likely been caused by malware.

I'm not so quick to go blaming it on malware. Other than the cookies I
get nothing tripped on any of my log reports. I've even gone so far as
to put write protected directories in the common places programs like
Comet Cursor want to try using (heh, they can't run if they can't even
install). So it's not like I'm unaware of the risks, how to prevent them
and how to deal with fixing them.

I do, however, appreciate that it's not always obvious that folks on the
other end of the wire have the ability to do what's required.

While you may be quite an experienced computer user, if
that experience does not include interpreting hundreds of HijackThis
logs accurately you cannot state with any certainty that the Profile is
malware-free without getting the 'all clear' from one of the pros who
post to HT log-specific forums. See "our" sub-thread here.

I can certainly appreciate that opinion. I respectfully disagree about
"pros" and "all clear" sentiments.

Bill, you post using a Hotmail address. None of this is occurring in
messages received by an MSN/Hotmail account, correct?

Were I retreiving them directly from Hotmail I suppose that might be a
question to answer. I don't. All mail is pulled into an IMAP box.
Hotmail is pulled via the quite handy little tool known as hotwayd. Thus
all mail is pulled via IMAP and, as I've already checked and
double-checked, the mail in the server's mailboxes are quite normal and
work perfectly using another account with it's identity configured with
the same mail server settings.

I've long used hotmail for usenet postings because of it's reasonably
reliable spam filtering. It's a good throwaway address but one that
actually works with out all the ever games. Being
that I can pull it via cron controlled fetchmail jobs and further process
it with spamassassin makes it painless.

Have you considered creating a new Profile/Log-on, moving the old
Profile's data to it and then deleting the latter?

Yeah, it's the "moving the old Profile's data" that's SUCH a pain in the
ass.

Did you upgrade to WinXP (?) from an earlier Windows version? Which
one?

Nope, as I stated at the outset this is a Windows 2000 box with sp4 on it.
It has, however, had a long history as it started at w2ksp1 and IE55 and
has probably suffered at the hands of quite a few of the hotfixes along
the way. Trouble is the profile in question is THE ONE that I use most
heavily and there's a metric-assload of things that have configured
themselves to work within it's various registry entries. Picking this
apart and moving it to another profile (something I've done before) is
just not something I have much desire to perform.

Riddle me this, is there a tool like the unix 'diff' for registry trees?
One that I could point to a particular point of the tree and compare
against something else? The trick would then be to know 'where' in the
trees to make the comparisions.

What "looks like" is going on here is that when OE pulls up a message it
uses the IE control to show it. That control is, apparently, being fed
from normal data and is being transcoded into HTML improperly. That is,
either OE or the IE control is looking at the data and 'deciding' it
needs to be pushed through some sort of HTML parsing or converting stage
prior to display. I've wrestled with code that harnesses the IE control
and it's not always an easy process. But, near as I can tell, it's in
that stage that the process fails.

What's further intriguing is the way Reply and/or Forward are concerned.
The data that gets pushed to the new reply/forward form is encoded HTML.
That is, it has been pulled up from disk, converted to HTML and then
transcoded into encoded HTML. Going from "text-(linebreak)-text" into
"text-BR-text" and then further *******ized into "text-<BR>-text".
I've done plenty of XML and HTML programming and this is a clear sign that
some parser is being overzealous or called incorrectly. We see this all
the time in XML documents that incorrectly double-encode things (like
© as &copy.

It would be interesting to hear from an OE developer directly as to how OE
pumps it's data into the IE control.

-Bill Kearney

I've tried running sysinternal's regmon against it while opening a message.

I've not had a chance to compare it against the working account but thus far
nothing jumps out at me as to what might be specific to just this profile.
I do see a number of calls to the mhtml hander but nothing specifically
related to an HKCU subtree. The thought being that since OE6 works fine on
this same machine when connected as a different user it's be HKey\Current
User\ related.

Anyway, out of time for this today, sad to say and off for a week's vacation
tomorrow. I'll nag back again in a week. I'm open to suggestions and I'll
catch up here when I return.

-Bill Kearney