1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Log of Internet Explorer activity on my PC

Discussion in 'Internet Explorer' started by Serafino Marinelli, Mar 11, 2010.

  1. Serafino Marinelli

    Serafino Marinelli Flightless Bird

    Please,
    anyone can help me to understand who is writing a log that outline all web
    accessed? I am with IE8 on Vista SP2. I am suspicious because if there are
    the web's names it can possible also outline user and password used to
    access other web (i.e. bank web).
    The named log is available
    C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an
    example with access to www.google.it).
    I don't know if it is created by IE8 or I am some malware installed.
    Thanks in advance
    Serafino
     
  2. Robert Aldwinckle

    Robert Aldwinckle Flightless Bird

    "Serafino Marinelli" <serafino.marinelli@libero.it> wrote in message
    news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...
    > Please,
    > anyone can help me to understand who is writing a log that outline all web
    > accessed? I am with IE8 on Vista SP2. I am suspicious because if there are
    > the web's names it can possible also outline user and password used to
    > access other web (i.e. bank web).
    > The named log is available
    > C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an
    > example with access to www.google.it).
    > I don't know if it is created by IE8 or I am some malware installed.
    > Thanks in advance
    > Serafino



    It looks as if you have enabled some kind of diagnostic for something called
    NSP? Apparently it is checking for a proxy called gapsvc.exe Does that
    name mean anything to you?


    HTH

    Robert Aldwinckle
    ---
     
  3. Serafino Marinelli

    Serafino Marinelli Flightless Bird

    Hi Robert and all people,
    sorry for delay to replay, but I was out of home for over a week ...
    Thankyou for interest in this problem.

    I don't know which are the meaning of NSP and gapsvc.exe. Apparently no-one
    file or other refer to gapsvc.exe in all my system ... I did a search over
    all C: for gapsvc.exe ... the only references are those present in the named
    log and in your mail message.

    But I must add some information that previoulsy I didn't wrote.

    In December 23rd, I was very stupid and, starting with a mail message
    received that I missunderstood, I had installed on my system a malware named
    "plugin.exe"; I found many information on internet data but, unfortunately,
    only after my problem.

    The best of these informations was located at
    "http://www.threatexpert.com/report.aspx?md5=bc7ee8226a8db0e67e27e61c3838eee5";
    this identify all (?) activity done on system, I located all modules in the
    system files and many (not all of those pointed) of the registry
    modifications. I have deleted all modules and all registry identified. No
    information found about the named file "dsSam_iexplore.exe.log" neither in
    the entry nor in other.

    I'm enough sure that the log was born with "plugin.exe".

    Now the problem is:
    - can be possible that there are some other modules linked to "plugin.exe"
    in the system that create and populate the log, or
    - the malware did some modifications on internet explorer default enabling
    some kind of diagnostic, and if yes which?
    I'm unable to replay to this question.
    Can this help you ... to help me?
    Thanks
    Serafino

    "Robert Aldwinckle" <robald@techemail.com> ha scritto nel messaggio
    news:uSsILeAxKHA.3408@TK2MSFTNGP06.phx.gbl...
    >
    >
    > "Serafino Marinelli" <serafino.marinelli@libero.it> wrote in message
    > news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...
    >> Please,
    >> anyone can help me to understand who is writing a log that outline all
    >> web
    >> accessed? I am with IE8 on Vista SP2. I am suspicious because if there
    >> are
    >> the web's names it can possible also outline user and password used to
    >> access other web (i.e. bank web).
    >> The named log is available
    >> C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an
    >> example with access to www.google.it).
    >> I don't know if it is created by IE8 or I am some malware installed.
    >> Thanks in advance
    >> Serafino

    >
    >
    > It looks as if you have enabled some kind of diagnostic for something
    > called NSP? Apparently it is checking for a proxy called gapsvc.exe
    > Does that name mean anything to you?
    >
    >
    > HTH
    >
    > Robert Aldwinckle
    > ---
     
  4. PA Bear [MS MVP]

    PA Bear [MS MVP] Flightless Bird

    There is a very good chance that you are still seeing the effects of a
    hijackware infection!

    NB: If you had no anti-virus application installed or the subscription had
    expired *when the machine first got infected* and/or your subscription has
    since expired and/or the machine's not been kept fully-patched at Windows
    Update, don't waste your time with any of the below: Format & reinstall
    Windows. A Repair Install will NOT help!

    Microsoft PCSafety provides home users (only) with no-charge support in
    dealing with malware infections such as viruses, spyware (including unwanted
    software), and adware.
    https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1

    Also available via the Consumer Security Support home page:
    https://consumersecuritysupport.microsoft.com/

    Otherwise...

    1. See if you can download/run the MSRT manually:
    http://www.microsoft.com/security/malwareremove/default.mspx

    NB: Run the FULL scan, not the QUICK scan! You may need to download the
    MSRT on a non-infected machine, then transfer MRT.EXE to the infected
    machine and rename it to SCAN.EXE before running it.

    2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)
    in Safe Mode with Networking, if need be:
    http://onecare.live.com/site/en-us/center/howsafe.htm

    2b. Vista or Win7=> Run this scan instead:
    http://onecare.live.com/site/en-us/center/whatsnew.htm

    3. Now run a thorough check for hijackware, including posting requested logs
    in an appropriate forum, not here. DO NOT SKIP THIS STEP!!

    Checking for/Help with Hijackware:
    .. http://mvps.org/winhelp2002/unwanted.htm
    .. http://inetexplorer.mvps.org/tshoot.html
    .. http://www.mvps.org/sramesh2k/Malware_Defence.htm
    .. http://www.elephantboycomputers.com/page2.html#Removing_Malware

    **Chances are you will need to seek expert assistance in
    http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,
    http://www.spywarewarrior.com/viewforum.php?f=5,
    http://www.dslreports.com/forum/cleanup,
    http://www.bluetack.co.uk/forums/index.php,
    http://aumha.net/viewforum.php?f=30 or other appropriate forums.**

    If these procedures look too complex - and there is no shame in admitting
    this isn't your cup of tea - take the machine to a local, reputable and
    independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.
    --
    ~Robear Dyer (PA Bear)
    MS MVP-IE, Mail, Security, Windows Client - since 2002


    Serafino Marinelli wrote:
    > Hi Robert and all people,
    > sorry for delay to replay, but I was out of home for over a week ...
    > Thankyou for interest in this problem.
    >
    > I don't know which are the meaning of NSP and gapsvc.exe. Apparently
    > no-one
    > file or other refer to gapsvc.exe in all my system ... I did a search over
    > all C: for gapsvc.exe ... the only references are those present in the
    > named
    > log and in your mail message.
    >
    > But I must add some information that previoulsy I didn't wrote.
    >
    > In December 23rd, I was very stupid and, starting with a mail message
    > received that I missunderstood, I had installed on my system a malware
    > named
    > "plugin.exe"; I found many information on internet data but,
    > unfortunately,
    > only after my problem.
    >
    > The best of these informations was located at
    > "http://www.threatexpert.com/report.aspx?md5=bc7ee8226a8db0e67e27e61c3838eee5";
    > this identify all (?) activity done on system, I located all modules in
    > the
    > system files and many (not all of those pointed) of the registry
    > modifications. I have deleted all modules and all registry identified. No
    > information found about the named file "dsSam_iexplore.exe.log" neither in
    > the entry nor in other.
    >
    > I'm enough sure that the log was born with "plugin.exe".
    >
    > Now the problem is:
    > - can be possible that there are some other modules linked to "plugin.exe"
    > in the system that create and populate the log, or
    > - the malware did some modifications on internet explorer default enabling
    > some kind of diagnostic, and if yes which?
    > I'm unable to replay to this question.
    > Can this help you ... to help me?
    > Thanks
    > Serafino
    >
    > "Robert Aldwinckle" <robald@techemail.com> ha scritto nel messaggio
    > news:uSsILeAxKHA.3408@TK2MSFTNGP06.phx.gbl...
    >>
    >>
    >> "Serafino Marinelli" <serafino.marinelli@libero.it> wrote in message
    >> news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...
    >>> Please,
    >>> anyone can help me to understand who is writing a log that outline all
    >>> web
    >>> accessed? I am with IE8 on Vista SP2. I am suspicious because if there
    >>> are
    >>> the web's names it can possible also outline user and password used to
    >>> access other web (i.e. bank web).
    >>> The named log is available
    >>> C:/Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach
    >>> an
    >>> example with access to www.google.it).
    >>> I don't know if it is created by IE8 or I am some malware installed.
    >>> Thanks in advance
    >>> Serafino

    >>
    >>
    >> It looks as if you have enabled some kind of diagnostic for something
    >> called NSP? Apparently it is checking for a proxy called gapsvc.exe
    >> Does that name mean anything to you?
    >>
    >>
    >> HTH
    >>
    >> Robert Aldwinckle
    >> ---
     

Share This Page