Log of Internet Explorer activity on my PC

  • Thread starter Thread starter Serafino Marinelli
  • Start date Start date
S

Serafino Marinelli

Guest
Please,

anyone can help me to understand who is writing a log that outline all web

accessed? I am with IE8 on Vista SP2. I am suspicious because if there are

the web's names it can possible also outline user and password used to

access other web (i.e. bank web).

The named log is available

C:\Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an

example with access to www.google.it).

I don't know if it is created by IE8 or I am some malware installed.

Thanks in advance

Serafino
 
"Serafino Marinelli" wrote in message

news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...

> Please,

> anyone can help me to understand who is writing a log that outline all web

> accessed? I am with IE8 on Vista SP2. I am suspicious because if there are

> the web's names it can possible also outline user and password used to

> access other web (i.e. bank web).

> The named log is available

> C:\Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an

> example with access to www.google.it).

> I don't know if it is created by IE8 or I am some malware installed.

> Thanks in advance

> Serafino





It looks as if you have enabled some kind of diagnostic for something called

NSP? Apparently it is checking for a proxy called gapsvc.exe Does that

name mean anything to you?





HTH



Robert Aldwinckle

---
 
Hi Robert and all people,

sorry for delay to replay, but I was out of home for over a week ...

Thankyou for interest in this problem.



I don't know which are the meaning of NSP and gapsvc.exe. Apparently no-one

file or other refer to gapsvc.exe in all my system ... I did a search over

all C: for gapsvc.exe ... the only references are those present in the named

log and in your mail message.



But I must add some information that previoulsy I didn't wrote.



In December 23rd, I was very stupid and, starting with a mail message

received that I missunderstood, I had installed on my system a malware named

"plugin.exe"; I found many information on internet data but, unfortunately,

only after my problem.



The best of these informations was located at

"http://www.threatexpert.com/report.aspx?md5=bc7ee8226a8db0e67e27e61c3838eee5";

this identify all (?) activity done on system, I located all modules in the

system files and many (not all of those pointed) of the registry

modifications. I have deleted all modules and all registry identified. No

information found about the named file "dsSam_iexplore.exe.log" neither in

the entry nor in other.



I'm enough sure that the log was born with "plugin.exe".



Now the problem is:

- can be possible that there are some other modules linked to "plugin.exe"

in the system that create and populate the log, or

- the malware did some modifications on internet explorer default enabling

some kind of diagnostic, and if yes which?

I'm unable to replay to this question.

Can this help you ... to help me?

Thanks

Serafino



"Robert Aldwinckle" ha scritto nel messaggio

news:uSsILeAxKHA.3408@TK2MSFTNGP06.phx.gbl...

>

>

> "Serafino Marinelli" wrote in message

> news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...

>> Please,

>> anyone can help me to understand who is writing a log that outline all

>> web

>> accessed? I am with IE8 on Vista SP2. I am suspicious because if there

>> are

>> the web's names it can possible also outline user and password used to

>> access other web (i.e. bank web).

>> The named log is available

>> C:\Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach an

>> example with access to www.google.it).

>> I don't know if it is created by IE8 or I am some malware installed.

>> Thanks in advance

>> Serafino

>

>

> It looks as if you have enabled some kind of diagnostic for something

> called NSP? Apparently it is checking for a proxy called gapsvc.exe

> Does that name mean anything to you?

>

>

> HTH

>

> Robert Aldwinckle

> ---
 
There is a very good chance that you are still seeing the effects of a

hijackware infection!



NB: If you had no anti-virus application installed or the subscription had

expired *when the machine first got infected* and/or your subscription has

since expired and/or the machine's not been kept fully-patched at Windows

Update, don't waste your time with any of the below: Format & reinstall

Windows. A Repair Install will NOT help!



Microsoft PCSafety provides home users (only) with no-charge support in

dealing with malware infections such as viruses, spyware (including unwanted

software), and adware.

https://support.microsoft.com/oas/default.aspx?&prid=7552&st=1



Also available via the Consumer Security Support home page:

https://consumersecuritysupport.microsoft.com/



Otherwise...



1. See if you can download/run the MSRT manually:

http://www.microsoft.com/security/malwareremove/default.mspx



NB: Run the FULL scan, not the QUICK scan! You may need to download the

MSRT on a non-infected machine, then transfer MRT.EXE to the infected

machine and rename it to SCAN.EXE before running it.



2a. WinXP => Run the Windows Live Safety Center's 'Protection' scan (only!)

in Safe Mode with Networking, if need be:

http://onecare.live.com/site/en-us/center/howsafe.htm



2b. Vista or Win7=> Run this scan instead:

http://onecare.live.com/site/en-us/center/whatsnew.htm



3. Now run a thorough check for hijackware, including posting requested logs

in an appropriate forum, not here. DO NOT SKIP THIS STEP!!



Checking for/Help with Hijackware:

.. http://mvps.org/winhelp2002/unwanted.htm

.. http://inetexplorer.mvps.org/tshoot.html

.. http://www.mvps.org/sramesh2k/Malware_Defence.htm

.. http://www.elephantboycomputers.com/page2.html#Removing_Malware



**Chances are you will need to seek expert assistance in

http://spywarehammer.com/simplemachinesforum/index.php?board=10.0,

http://www.spywarewarrior.com/viewforum.php?f=5,

http://www.dslreports.com/forum/cleanup,

http://www.bluetack.co.uk/forums/index.php,

http://aumha.net/viewforum.php?f=30 or other appropriate forums.**



If these procedures look too complex - and there is no shame in admitting

this isn't your cup of tea - take the machine to a local, reputable and

independent (i.e., not BigBoxStoreUSA or Geek Squad) computer repair shop.

--

~Robear Dyer (PA Bear)

MS MVP-IE, Mail, Security, Windows Client - since 2002





Serafino Marinelli wrote:

> Hi Robert and all people,

> sorry for delay to replay, but I was out of home for over a week ...

> Thankyou for interest in this problem.

>

> I don't know which are the meaning of NSP and gapsvc.exe. Apparently

> no-one

> file or other refer to gapsvc.exe in all my system ... I did a search over

> all C: for gapsvc.exe ... the only references are those present in the

> named

> log and in your mail message.

>

> But I must add some information that previoulsy I didn't wrote.

>

> In December 23rd, I was very stupid and, starting with a mail message

> received that I missunderstood, I had installed on my system a malware

> named

> "plugin.exe"; I found many information on internet data but,

> unfortunately,

> only after my problem.

>

> The best of these informations was located at

> "http://www.threatexpert.com/report.aspx?md5=bc7ee8226a8db0e67e27e61c3838eee5";

> this identify all (?) activity done on system, I located all modules in

> the

> system files and many (not all of those pointed) of the registry

> modifications. I have deleted all modules and all registry identified. No

> information found about the named file "dsSam_iexplore.exe.log" neither in

> the entry nor in other.

>

> I'm enough sure that the log was born with "plugin.exe".

>

> Now the problem is:

> - can be possible that there are some other modules linked to "plugin.exe"

> in the system that create and populate the log, or

> - the malware did some modifications on internet explorer default enabling

> some kind of diagnostic, and if yes which?

> I'm unable to replay to this question.

> Can this help you ... to help me?

> Thanks

> Serafino

>

> "Robert Aldwinckle" ha scritto nel messaggio

> news:uSsILeAxKHA.3408@TK2MSFTNGP06.phx.gbl...

>>

>>

>> "Serafino Marinelli" wrote in message

>> news:4E019A55-216F-4742-B802-75A2B4E9DC41@microsoft.com...

>>> Please,

>>> anyone can help me to understand who is writing a log that outline all

>>> web

>>> accessed? I am with IE8 on Vista SP2. I am suspicious because if there

>>> are

>>> the web's names it can possible also outline user and password used to

>>> access other web (i.e. bank web).

>>> The named log is available

>>> C:\Users\Admin\Appdata\Local\Temp\Low\dsSam_iexplore.exe.log (I attach

>>> an

>>> example with access to www.google.it).

>>> I don't know if it is created by IE8 or I am some malware installed.

>>> Thanks in advance

>>> Serafino

>>

>>

>> It looks as if you have enabled some kind of diagnostic for something

>> called NSP? Apparently it is checking for a proxy called gapsvc.exe

>> Does that name mean anything to you?

>>

>>

>> HTH

>>

>> Robert Aldwinckle

>> ---
 
You must log in or register to reply here.
Back
Top