Forum Thread: Am I Being Hacked? Are They Copying My Files Remotely?

I Found the Following Logs in AppData of Windows 7.

…...........................................................................................................................................................................

FILE NAME jusched.log

CONTENTS

2015/04/11 23:37:37.719, jusched.exe (PID: 3108, TID: 3112), SysInfo.cpp:214 (SysInfo::getSystem32Dir)
ERROR: GetSystem32Dir failed with COM error 0x8007000D (The data is invalid)
2015/04/12 01:08:01.925, jusched.exe (PID: 3496, TID: 3500), SysInfo.cpp:214 (SysInfo::getSystem32Dir)
ERROR: GetSystem32Dir failed with COM error 0x8007000D (The data is invalid)

FILE NAME LogFile.txt

Backend construcor called.
Backend Initiallized.
Backend destructor called.
Backend clear function called.

…................................................................................................................................................................................

FILE NAME Swtag.log

CONTENTS

2015-04-12 00:25:11 3760 SWTAG: info: ==========================================

2015-04-12 00:25:11 3760 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 00:25:11 3760 SWTAG: info: GetNamedSecurityInfo for tag file "C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag" returned 0

2015-04-12 00:25:11 3760 SWTAG: info: SetNamedSecurityInfo for tag file "C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag" returned 0

2015-04-12 00:25:11 3760 SWTAG: info: Created new C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 00:25:11 3760 SWTAG: info: End SWTAGGING
2015-04-12 00:25:11 3760 SWTAG: info: ==========================================

2015-04-12 00:26:21 2952 SWTAG: info: ==========================================

2015-04-12 00:26:21 2952 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 00:26:21 2952 SWTAG: info: Reading existing C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 00:26:21 2952 SWTAG: info: End SWTAGGING
2015-04-12 00:26:21 2952 SWTAG: info: ==========================================

2015-04-12 18:21:42 1300 SWTAG: info: ==========================================

2015-04-12 18:21:42 1300 SWTAG: info: Start SWTAGGING productName=Acrobat Pro; productAdobeCode={AC76BA86-1033-F400-7760-000000000004}; driverName=Acrobat Pro; driverAdobeCode={AC76BA86-1033-F400-7760-000000000004}

2015-04-12 18:21:42 1300 SWTAG: info: Reading existing C:\ProgramData\Adobe\ISO-19770\Acrobat Pro-{AC76BA86-1033-F400-7760-000000000004}.swtag file

2015-04-12 18:21:43 1300 SWTAG: info: End SWTAGGING
2015-04-12 18:21:43 1300 SWTAG: info: ==========================================

….........................................................................................................................................................................

FILE NAME Updater.log
CONTENTS

: Loading AUM Integration library at path C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AdobeUpdater.dll.
: Successfully loaded AUM integration library
: Successfully found all library entry points. Library is valid.
: Entering GetAppID()
: AUMDoPluginAction returns => 0

…..........................................................................................................................................................................................

FILE NAME wmsetup.log

CONTENTS

*WMC Logging begun at 2015/04/12 - 03:14:26. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.
Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.
=====Updating Install list for UI.
Install list not generated or parsed for this install type.
Finished updating install list.

*WMC Logging begun at 2015/04/12 - 05:45:42. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /prefetch:1.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.
Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.
=====Updating Install list for UI.
Install list not generated or parsed for this install type.
Finished updating install list.

*WMC Logging begun at 2015/04/12 - 17:53:30. Logging at level: '4'. OS is NT. OSVer is 6.1.7601.0.17514. System Lang is 1033. Prev version system is 12.0.7601.17514. Setup version 12.0.7601.17514.

Setup commandlines are "C:\Program Files\Windows Media Player\setupwm.exe" /RunOnce:"C:\Program Files\Windows Media Player\wmplayer.exe" /Play -Embedding.

Services information URL is : 'http://redir.metaservices.microsoft.com/redir/allservices/?sv=5&version=12.0.7601.17514&locale=409&userlocale=409&geoid=f4&parch=x86&arch=x86'.

Unable to establish connection: 0xc00d0bca.
Service data gathering complete: 0 interesting service(s) found. Result 0xc00d0bca.
=====Updating Install list for UI.
Install list not generated or parsed for this install type.
Finished updating install list.

I also found in Appdata
remotecache.zip
a screenshot of my userID

WHAT IS BACKEND CONTRUCTOR? i GOOGLED IT AND IT WAS UNDER DUPLICATI.

WHAT US SWTAGGING?

WHY DOES WMSETUP FILE CONTAIN "redirectallservices" in the text body

Please help

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.

3 Responses

It looks like an update log for Adobe Acrobat and a setup log for Windows Media Center. That's why there was data trying to be exchanged. If I am wrong, please correct me.

yes! it is looking like a normal update log...
when connection is not properly established... it redirects automatically many times all the needed connections...
if I said any thing wrong...
please suggest

thank you for letting me know. its new to me and i havr not come across it before. i has just overcome a zzz worm attack so thought the worm was still attacking, thanks all

Share Your Thoughts

  • Hot
  • Active