Am I Being Hacked? Are They Copying My Files Remotely?

Apr 17, 2015 08:55 PM

I Found the Following Logs in AppData of Windows 7.

…...........................................................................................................................................................................

FILE NAME jusched.log

CONTENTS

2015/04/11 23:37:37.719, jusched.exe (PID: 3108, TID: 3112), SysInfo.cpp:214 (SysInfo::getSystem32Dir)

ERROR: GetSystem32Dir failed with COM error 0x8007000D (The data is invalid)

2015/04/12 01:08:01.925, jusched.exe (PID: 3496, TID: 3500), SysInfo.cpp:214 (SysInfo::getSystem32Dir)

ERROR: GetSystem32Dir failed with COM error 0x8007000D (The data is invalid)

FILE NAME LogFile.txt

Backend construcor called.

Backend Initiallized.

Backend destructor called.

Backend clear function called.

…................................................................................................................................................................................

FILE NAME Swtag.log

CONTENTS

2015-04-12 00:25:11 3760 SWTAG: info: ==========================================

2015-04-12 00:25:11 3760 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 00:25:11 3760 SWTAG: info: GetNamedSecurityInfo for tag file "C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag" returned 0

2015-04-12 00:25:11 3760 SWTAG: info: SetNamedSecurityInfo for tag file "C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag" returned 0

2015-04-12 00:25:11 3760 SWTAG: info: Created new C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 00:25:11 3760 SWTAG: info: End SWTAGGING

2015-04-12 00:25:11 3760 SWTAG: info: ==========================================

2015-04-12 00:26:21 2952 SWTAG: info: ==========================================

2015-04-12 00:26:21 2952 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 00:26:21 2952 SWTAG: info: Reading existing C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 00:26:21 2952 SWTAG: info: End SWTAGGING

2015-04-12 00:26:21 2952 SWTAG: info: ==========================================

2015-04-12 18:21:42 1300 SWTAG: info: ==========================================

2015-04-12 18:21:42 1300 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 18:21:42 1300 SWTAG: info: Reading existing C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 18:21:43 1300 SWTAG: info: End SWTAGGING

2015-04-12 18:21:43 1300 SWTAG: info: ==========================================

….........................................................................................................................................................................

FILE NAME Updater.log

CONTENTS

: Loading AUM Integration library at path C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeUpdater.dll.

: Successfully loaded AUM integration library

: Successfully found all library entry points. Library is valid.

: Entering GetAppID()

: AUMDoPluginAction returns => 0

…..........................................................................................................................................................................................

FILE NAME wmsetup.log

CONTENTS

*WMC Logging begun at 2015/04/12 - 03:14:26. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.

Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.

=====Updating Install list for UI.

Install list not generated or parsed for this install type.

Finished updating install list.

*WMC Logging begun at 2015/04/12 - 05:45:42. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.

Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.

=====Updating Install list for UI.

Install list not generated or parsed for this install type.

Finished updating install list.

*WMC Logging begun at 2015/04/12 - 17:53:30. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /Play -Embedding.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.

Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.

=====Updating Install list for UI.

Install list not generated or parsed for this install type.

Finished updating install list.

I also found in Appdata

remotecache.zip

a screenshot of my userID

WHAT IS BACKEND CONTRUCTOR? i GOOGLED IT AND IT WAS UNDER DUPLICATI.

WHAT US SWTAGGING?

WHY DOES WMSETUP FILE CONTAIN "redirectallservices" in the text body

Please help

Related Articles

637263493835297420.jpg

How to Use Zero-Width Characters to Hide Secret Messages in Text (& Even Reveal Leaks)

636455706472146367.jpg

How to Hide DDE-Based Attacks in MS Word

Comments

No Comments Exist

Be the first, drop a comment!