Forum Thread: Am I Being Hacked? Are They Copying My Files Remotely?

Am I Being Hacked? Are They Copying My Files Remotely?

I Found the Following Logs in AppData of Windows 7.

…...........................................................................................................................................................................

FILE NAME jusched.log

CONTENTS

2015/04/11 23:37:37.719, jusched.exe (PID: 3108, TID: 3112), SysInfo.cpp:214 (SysInfo::getSystem32Dir)
ERROR: GetSystem32Dir failed with COM error 0x8007000D (The data is invalid)
2015/04/12 01:08:01.925, jusched.exe (PID: 3496, TID: 3500), SysInfo.cpp:214 (SysInfo::getSystem32Dir)
ERROR: GetSystem32Dir failed with COM error 0x8007000D (The data is invalid)

FILE NAME LogFile.txt

Backend construcor called.
Backend Initiallized.
Backend destructor called.
Backend clear function called.

…................................................................................................................................................................................

FILE NAME Swtag.log

CONTENTS

2015-04-12 00:25:11 3760 SWTAG: info: ==========================================

2015-04-12 00:25:11 3760 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 00:25:11 3760 SWTAG: info: GetNamedSecurityInfo for tag file "C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag" returned 0

2015-04-12 00:25:11 3760 SWTAG: info: SetNamedSecurityInfo for tag file "C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag" returned 0

2015-04-12 00:25:11 3760 SWTAG: info: Created new C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 00:25:11 3760 SWTAG: info: End SWTAGGING
2015-04-12 00:25:11 3760 SWTAG: info: ==========================================

2015-04-12 00:26:21 2952 SWTAG: info: ==========================================

2015-04-12 00:26:21 2952 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 00:26:21 2952 SWTAG: info: Reading existing C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 00:26:21 2952 SWTAG: info: End SWTAGGING
2015-04-12 00:26:21 2952 SWTAG: info: ==========================================

2015-04-12 18:21:42 1300 SWTAG: info: ==========================================

2015-04-12 18:21:42 1300 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 18:21:42 1300 SWTAG: info: Reading existing C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 18:21:43 1300 SWTAG: info: End SWTAGGING
2015-04-12 18:21:43 1300 SWTAG: info: ==========================================

….........................................................................................................................................................................

FILE NAME Updater.log
CONTENTS

: Loading AUM Integration library at path C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeUpdater.dll.
: Successfully loaded AUM integration library
: Successfully found all library entry points. Library is valid.
: Entering GetAppID()
: AUMDoPluginAction returns => 0

…..........................................................................................................................................................................................

FILE NAME wmsetup.log

CONTENTS

*WMC Logging begun at 2015/04/12 - 03:14:26. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.
Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.
=====Updating Install list for UI.
Install list not generated or parsed for this install type.
Finished updating install list.

*WMC Logging begun at 2015/04/12 - 05:45:42. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.
Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.
=====Updating Install list for UI.
Install list not generated or parsed for this install type.
Finished updating install list.

*WMC Logging begun at 2015/04/12 - 17:53:30. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /Play -Embedding.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.
Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.
=====Updating Install list for UI.
Install list not generated or parsed for this install type.
Finished updating install list.

I also found in Appdata
remotecache.zip
a screenshot of my userID

WHAT IS BACKEND CONTRUCTOR? i GOOGLED IT AND IT WAS UNDER DUPLICATI.

WHAT US SWTAGGING?

WHY DOES WMSETUP FILE CONTAIN "redirectallservices" in the text body

Please help

3 Responses

It looks like an update log for Adobe Acrobat and a setup log for Windows Media Center. That's why there was data trying to be exchanged. If I am wrong, please correct me.

yes! it is looking like a normal update log...
when connection is not properly established... it redirects automatically many times all the needed connections...
if I said any thing wrong...
please suggest

thank you for letting me know. its new to me and i havr not come across it before. i has just overcome a zzz worm attack so thought the worm was still attacking, thanks all

Share Your Thoughts

  • Hot
  • Active