• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 819
  • Last Modified:

Web pages show source code only

4/28/05

Win98 1st ed
IE6

Most web pages work fine, a few show up as text - the source code is shown, the code is not executed, just a bunch of html, etc. Otherwise the pc seems to work OK. I also notice that email in OE shows up as text with html tags.

I did a complete spy and virus scan, found a few things and cleaned up, but no fix. I tested for Java JRE - went to the sun java site and did their test, JRE tested OK.

I have not been able to isolate the web pages with the problem as far as filename extensions - .html vs. .asp or anything - or type of script, etc. Sometimes the problem occurs in pop-up windows (legitimate pop-ups) but not always. I turned off Google Toolbar but no fix. The problem seems to have started after the pc was upgraded from IE 5 to IE 6.

I tried the " repair IE" in Add/Remove but no fix.

All ideas welcome.

George
0
George46227
Asked:
George46227
  • 5
  • 4
1 Solution
 
Asta CuCommented:
How current is WindowsUpdate for Windows and IE/OE?

Tried setting IE to defaults to test, and clearing the Temp Files and History Files?

Tried checking system files via start-run-sfc  (having the Windows disk handy)?

Aside from doing the cleanup using a good Viruscan program with updated definition files, did you also check for Spyware?

Here are some links that "may" help...  My choices are AdAware SE Pro, and when updated, using it to do a deep scan of your system and include the HOSTS file; as well as Spybot S&D, also updated and then scan and configure to use the Immunize function to block more than 2350 intrusions.
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html
HijackThis process, to scan your system, create a log file and post to the free analyzer link also noted here:
http://www.experts-exchange.com/Web/Browser_Issues/Q_21149514.html

Asta
0
 
George46227Author Commented:
4/29/05
4:25pm

Sorry I haven't gotten back, haven't had time to do the HJT yet, I have already done a lot of virus/spyware cleanup since the problem started, startup reconfig, registry looks, BHO cop, etc. I will do the HJT maybe tomorrow, right now I have another pc to fix - it has the AURORA spy - very difficult to fix!

Thanks for the help so far
George


0
 
George46227Author Commented:
4/30/05
10:20pm

Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:38 PM, on 4/30/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\R_SERVER.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
D:\ZONEALARM\ZONEALARM.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE
D:\AVGFREE7\JOEXP\DAD\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 64.36.63.54:4480
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O1 - Hosts: 207.25.71.24 www.stileprogect.com
O1 - Hosts: 207.46.179.143 www.alltrue.com
O1 - Hosts: 66.155.127.54 mailserver1.jhsaylor.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: (no name) - {319A68DB-06D0-46DA-9F93-A810D5A70836} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] c:\windows\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [MiniLog] C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE -service
O4 - HKLM\..\RunServices: [r_server] C:\WINDOWS\SYSTEM\R_SERVER.EXE /service
O4 - Startup: Shortcut to Win98_winipcfg_022605.txt.lnk = D:\George\Win98_winipcfg_022605.txt
O4 - Global Startup: ZoneAlarm.lnk = D:\ZoneAlarm\zonealarm.exe
O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\PROGRAM FILES\GOOGLE\GOOGLETOOLBAR2.DLL/cmtrans.html
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0819.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\AMERICA ONLINE\AIM.EXE
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: D:\JEFF'S~1\Plugins\NPDocBox.dll
O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O16 - DPF: {2FF18E20-DE11-11D1-8161-00A0C90DD90C} (MSNBC News Menu Control 3.01) - http://www.msnbc.com/download/nr1228.cab
O16 - DPF: {A4A435CF-3583-11D4-91BD-0048546A1450} - http://www.nocreditcard.com/ncc/httpload.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw12fd.law12.hotmail.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {226906C8-B910-11D3-82A3-0000F81A655B} (Mbayactx Control) - http://ez.messagebay.com/code1/mbayactx.cab
O16 - DPF: {430DDE24-C051-11CF-95BE-0020AFF75E4F} (ichat xchat Control) - http://chat01.artistdirect.com/chat/data/html/user/msie/msichat.ocx
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} (RdxIE Class) - http://207.188.17.23/142b642192926960cf05/netzip/RdxIE.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://128.171.15.137:8000/wfplayer/tdserver.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! WebCam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/20011223/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {B9D029D3-CDE3-11CF-855E-00A0C908FAF9} (ActiveX Tree Control) - file://D:\VBScript Training\wsh\webfiles\treectl.cab
O16 - DPF: {B797C9C3-39C1-11D1-95AC-00609721D4C2} (ButtonControl.Button) - file://D:\VBSCRIPT TRAINING\WSH\webfiles\cab\NButton.CAB
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://developer.viewpoint.com/download/vet_install_popup.html?1&false
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security1.norton.com/SSC/SharedContent/sc/bin/cabsa.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {5A66E13A-311D-488B-828D-DDDF52EFB636} (strprint.trprints) - https://partnering.one.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB
O16 - DPF: ppctlcab - http://ppupdates.ca.com/downloads/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 68.87.64.196,68.87.66.196

Thanks for your help
George
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Asta CuCommented:
Sorry to see that you posted the entire log here versus in the Free Analyzer log recommended which is here:
http://www.hijackthis.de/index.php#anl

It looks as though, for starters, WindowsUpdate is not current .... important start to get updates and fixes.

HijackThis results show a number of concerns noted as "nasty" some of which HijackThis can fix, a few samplings, but you'd know best which you / they installed with intent (cut/paste samplings follow - in the order HijackThis analysis generated):

MSIE: Internet Explorer v6.00 (6.00.2600.0000)  
Possibly out of date   Shows the version of your Internet Explorer. Newest Version is: 6.00.2800.1106!   The version (6.00.2600.0000) is out of date. Check Windowsupdate to update the Internet Explorer.

C:\WINDOWS\SYSTEM\ZONELABS\MINILOG.EXE  
Unknown   running process. (MINILOG.EXE)
If you dont have ZoneAlarm or ZoneAlarm Pro running you dont need this. This must be enabled if programs such as VisualZone Report utility or ZoneLog Analyzer are in use   This is a unknown process.  

  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://shdocpe.dll/asst.htm  
Nasty   This entry should be fixed by HijackThis!   This entry should be fixed by HijackThis!

O1 - Hosts: 207.25.71.24 www.stileprogect.com   
Nasty   This entry should be fixed immediately!   Must be fixed!
  O1 - Hosts: 207.46.179.143 www.alltrue.com   
Nasty   This entry should be fixed immediately!   Must be fixed!
  O1 - Hosts: 66.155.127.54 mailserver1.jhsaylor.com  
Nasty   This entry should be fixed immediately!   Must be fixed!

O3 - Toolbar: (no name) - {319A68DB-06D0-46DA-9F93-A810D5A70836} - (no file)  
Unnecessarily   Entries found in this registry zone are potentially nasty. This application ([319A68DB-06D0-46DA-9F93-A810D5A70836] - Result: 319A68DB-06D0-46DA-9F93-A810D5A70836) has been checked. If the name is made up of random letters, found in the folder 'Application Data' and the kind is 'Unknown' , it should be fixed. Hit rate: 99 %   Must be fixed!
Unnecessary (deactivated) entry that can be fixed.

As you review the log results, you'll find another 12 or so items noted as "possibly nasty" for analysis by you to determine if / why needed.  Again, as the initial HijackThis link detailed, some items removed may generate problems, since ultimately the end-user knows if/whey they may have chosen to install these items.

In my humble opinion, I'd be sure to get 1) WindowsUpdate checked 2) run a good Viruscan program with updated virus definition files, get a good firewall, and Spyware tools.  Personal preferences are AdAware SE Pro, which when updated and configured to do deep scanning of all drives and to include the HOSTS file (no extension), along with Spybot S&D also updated and deep scanning done as well as using the Immunize function helps guard against roughtly 2350 or so intrusions of spyware/malware/malicious BHOs ... some links included here with tools and information compiled by a number of us.
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html

Listening further and returning when time permits.

Asta

0
 
George46227Author Commented:
5/2/05
8:35am

I appreciate your help, I did do the free analyzer/script link but I didn't see anything I though was significant - all the stuff was supposed to be there or else possible problems I had already worked on and eliminated as a cause of the problem, I've been working on this off and on for several weeks. I have used BHOcop and the www.ca.com ePestPatrol spy scan (followed by manual repair method, I like the on-line ePestPatrol scan, I've caught/fixed spyware on a lot of other pc's).

I apologize for posting the whole log, I read the links you posted, I know the preferred method is to only post the log if requested by the expert and you did not specifically request the log. Again, sorry, but I thought maybe you might notice something that the analyzer/script might have missed.

Yes I am reluctant to do the IE update - since the pc worked fine before the upgrade to 6.0! - I am reluctant to "upgrade" a damaged IE install.

I am wondering if the problem might be a damaged filename extension association - since many of the windows I have problems with don't show the full path/filename extension I can't be sure what the extension is but - it makes sense if I was missing an assocation to IE and the associated filename, then it might show up as text?

Also - I have tried the "repair" function for IE in Add/Remove which failed - do you know if it is possible to do a manual un-install and/or re-install of IE6 on Win98 - or know of a good reference to do that?

Thanks again
George
0
 
Asta CuCommented:
From Control Panel - Folder Options - is it configured to show all, and not hide known file type extensions?  I always opt to show all, but it's been years since Win98...  WindowsUpdate is always my first choice to ensure known problems and fixes are applied; since I'm reluctant to choose to troubleshoot issues that are known problems with fixes from MS, but always end-user choices, of course.  

I'm including a few links that 'may' help in terms of fixing winsock, repairing IE, etc.
http://www.experts-exchange.com/Operating_Systems/Win98/Q_21210293.html?query=repair+ie+6&topics=26

Description of the Internet Explorer Repair Tool
http://support.microsoft.com/default.aspx?scid=kb;en-us;194177

How to Uninstall Internet Explorer 6
http://support.microsoft.com/default.aspx?scid=kb;en-us;293907

No updates appear when you scan for updates on the Windows Update Web site
http://support.microsoft.com/default.aspx?scid=kb;en-us;836973

List of issues that are fixed in Internet Explorer 6 service packs
http://support.microsoft.com/default.aspx?scid=kb;en-us;326489

SP 1 related info.
http://www.microsoft.com/windows/ie/downloads/critical/ie6sp1/default.mspx

Asta


0
 
HeadIdiotCommented:
I had similar problems with a Win98 machine until I installed all the patches and updates the Evil Empire had for it.  It has worked fine since.

I believe you may have a corrupt browser install, and updating should correct it.

I also have to say....Asta...you give some hellaciously good advice!
0
 
Asta CuCommented:
Kind words, HeadIdiot, thanks a bunch.  ":0)  Sure hope it helps.  Asta
0
 
George46227Author Commented:
6/5/04

astaec:

sorry to be late getting back. Although your suggestions did not solve the problem you did make a good effort and provided lots of resources - some I knew about, others not. I think you deserve the points.

Other thoughts:
Adaware and Spybot were only rated about 50% effective in a large comparative study, Giant (bought out by Microsoft) was about 70%, SpySweeper was # 2. Combining Adaware and Spybot boosted the effectiveness score only about 5 points.

Personally I would like to see more participation by browser "programmers" or "coders" familiar with the browser objects and technology. I would like for someone to be able to explain the nuts and bolts and suggest solutions at the file and/or registry level instead of just the standard "update/service pack/hot fix/un-install re-install" solutions.

Thanks for your help and the resources.

George
0
 
Asta CuCommented:
Thank you, George.

You make some excellent recommendations here and insights add value as well.  Personally, I opt for the updates and use of all three
1) Spybot S&D and keep it updated and include the Immunize function
2) AdAware SE Pro and also keep it updated and configure for deep scanning and Hosts file inclusion
3) MS AntiSypware

Then, also opt to use updated HijackThis tool to update and run scan/log and check on a bi-monthly basis and/or when things appear awry.  But then, also running XP with SP2, with all those added protections, not to mention Firewalls and good Viruscan program.

There are a number of other topic areas that may be helpful for a more strategic approach and/or to collaborate on the programming end of things, here are a couple of them....

http://www.experts-exchange.com/allTopics.jsp?t=82
http://www.experts-exchange.com/allTopics.jsp?t=96
http://www.experts-exchange.com/Security/Win_Security/
http://www.experts-exchange.com/Security/Bugs_Alerts/

Also this central compilation on Malware/Spyware/Malicious BHOs
http://www.experts-exchange.com/Web/Browser_Issues/Q_20975384.html
HijackThis process
http://www.experts-exchange.com/Web/Browser_Issues/Q_21149514.html

":0) Asta
0

Featured Post

New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now