 Strange .log Files On My Desktop |
|
|
|
|
  |
 Aug 24 2006, 09:14 PM
Post
#1
|
|
|
Super Member  Group: Members Posts: 220 Joined: 4-July 06 From: Nottingham UK Member No.: 26,049  |
Since this morning, two new visitors has camped out on my desktop.
One is lcapi0.log, & when you open it you get: QUOTE 19:50:36.703 F20:F24 WARN :: module=lcapi flavor=fre version=1.7.226.0 (RTC Version 4.3.5371.0) 19:50:38.109 F20:F24 INFO :: Initialize(0) 19:50:38.609 F20:F24 INFO :: MUI not Enabled 19:50:44.625 F20:F24 INFO :: SetDeviceDisabled[01FB46D0] 0->0 19:50:44.656 F20:F24 INFO :: SetDeviceDisabled[01FB46D0] 0->1 19:50:44.656 F20:F24 TRACE :: SetDevice[01FB46D0] 00000000->00000000 19:50:44.656 F20:F24 INFO :: SetDeviceDisabled[01FB4704] 0->0 19:50:44.656 F20:F24 TRACE :: SetDevice[01FB4704] 00000000->0242346C 19:50:44.671 F20:F24 INFO :: SetDeviceDisabled[01FB4738] 0->0 19:50:44.671 F20:F24 TRACE :: SetDevice[01FB4738] 00000000->024236CC 19:50:44.671 F20:F24 INFO :: SetDeviceDisabled[01FB469C] 0->0 19:50:49.406 F20:F24 TRACE :: client[01FB1EC0] new sipStack[01FB47D8] 19:50:53.843 F20:F24 INFO :: No registry setting, using default: "Mode" = 2 19:50:53.843 F20:F24 INFO :: No registry setting, using default: "NegotiateTimeout" = 5000 19:50:53.843 F20:F24 INFO :: No registry setting, using default: "Threshold" = 128 19:50:53.906 F20:F24 TRACE :: [01FB1EC0]put_AnswerMode - type=0,mode=0 19:50:53.953 F20:F24 TRACE :: [01FB1EC0]put_EventFilter(507f) the other is Transport0.log, & contains: 19:50:41.500 F20:F24 ADVCED :: Module:Transport DLL-version:3.0.5739.0 Retail Adv:0 19:50:41.546 F20:F24 INFO :: CTransportManagerImpl::Startup: Entered. 19:50:41.546 F20:F24 INFO :: CTransportManagerImpl::StartupWinsock: Entered. 19:50:41.578 F20:F24 INFO :: CTransportManagerImpl::StartupWinsock: Leaving, hr=0x0. 19:50:41.578 F20:F24 INFO :: CTransportManagerImpl::StartupThreadPool: Entered. 19:50:41.578 F20:F24 INFO :: CTransportManagerImpl::StartupThreadPool: created transport worker thread #0 19:50:41.578 F20:8EC INFO :: CTransportManagerImpl::TransportWorkerThreadProc: Entered. 19:50:41.578 F20:F24 INFO :: CTransportManagerImpl::StartupThreadPool: Transport thread worker thread #0, ThreadPriority=15 19:50:41.578 F20:F24 INFO :: CTransportManagerImpl::StartupThreadPool: Leaving, hr=0x0. 19:50:41.578 F20:F24 INFO :: CTransportManagerImpl::Startup: Leaving, hr=0x0. My system wont let me delete either file as it says they are in use (even when nothing is running), & I havnt installed today anything which would require either of them, whatever they are. Has anyone come across them before? Or has any idea what they are/do? |
 |
 
|
|
Aug 27 2006, 04:48 AM
Post
#2
|
|
|
Newbie [Level 1] Group: Members Posts: 10 Joined: 27-August 06 Member No.: 28,985 |
I would recommend you first get an application called Process Explorer from http://www.sysinternals.com (They have some other great security utilities). When loaded up, go to Find->Find Handle and type in the filename of the first log or something (lcapi0.log). Hopefully you will then be able to find the process that is writing to the log file and decide whether you wish to remove it or not.
If you do, depending on what the application is you might want to reboot into safe mode to uninstall it. Hope that helps 
|
|
|
|
|
Sep 2 2006, 08:01 AM
Post
#3
|
|
|
Super Member Group: Members Posts: 219 Joined: 30-October 05 Member No.: 13,574 |
I think they have something with a ISDN device, are you using an ISDN dialup to get to the internet ?
Another possibility is that you have installed 'Windows Live messeger' and placed some debugging file on. Normally CAPI has something to do with voice connections (ISDN or VOIP). |
|
|
|
|
Sep 2 2006, 08:09 AM
Post
#4
|
|
|
$p4m 0n j00 $h4m3 m3 0nc3 $p4m 0n m3 $h4m3 m3 7\/\/1c3 Group: [HOSTED] Posts: 6,798 Joined: 21-September 04 From: 9r33|\| 399$ 4|\|D 5P4/\/\ Member No.: 1,218  myCENT:READY[102.80] |
i did a search on the internet nothing came up except for this topic and unrelated sites. so try that method and see what happens.
|
|
|
|
|
Sep 2 2006, 09:22 AM
Post
#5
|
|
|
Advanced Member Group: Members Posts: 108 Joined: 9-July 06 Member No.: 26,360 |
Try this step by step.
1) First download HigackThis software from internet. This software has no spyware or malware content. So it is safe if your downloading from safer site. you may find link from www.pcguide.com for safe site download. 2) Click scan to scan all your system registries and other things. 3) Don't click FIX button untill you are not sure about what you are doing. 4) Save the LOG file the software generates and than post that file in this forum as HIJACK THIS LOG or directly PM to me 5) Do as i and other suggested. I am sure this will make it clear all wrong thing. |
|
|
|
|
Sep 2 2006, 09:28 AM
Post
#6
|
|
|
Super Member Group: Members Posts: 220 Joined: 4-July 06 From: Nottingham UK Member No.: 26,049 |
Thanks guys, i'll give them all a go when I finish work. I beginning to think its msn related as the dates in the files update to tally when I login after starting the pc.
I'll post here a bit later what I find |
|
|
|
|
Sep 3 2006, 10:17 PM
Post
#7
|
|
|
Newbie Group: Members Posts: 1 Joined: 3-September 06 Member No.: 29,400 |
Same thing just happened to me today. They just appeared on my desktop yesterday. No clue where ti came from.
|
|
|
|
|
Sep 4 2006, 06:40 AM
Post
#8
|
|
|
Newbie Group: Members Posts: 1 Joined: 4-September 06 Member No.: 29,417 |
Windows Live Messenger... Tools>>Options>>Connection>>Connection Settings>>Advanced Settings>>Connection Logging Box - Uncheck. Or, change your received files folder to something other than your desktop.
Good times... |
|
|
|
|
Sep 4 2006, 03:18 PM
Post
#9
|
|
|
Super Member Group: Members Posts: 235 Joined: 30-August 04 Member No.: 944 |
haha, stupid msn. well atleasst theres a solution here ;] forums are such a goood aid arent they? ;o
|