MALWARE access via hole in Browser Plugin Process. Applications achieving root level authorization. Please help.

Here is the latest boot log. DEBUG details the user event issues and describes updating and opening keychain prior to login authorization. Seems to be launching from disk01 while APPLE OSX is the main partition (disk02) and RECOVERY is disk03.

Apr 8 03:36:46 TJBs-MacBook-Pro shutdown[58855]: reboot by MASTER:

Apr 8 03:37:22 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Session 100000 created

Apr 8 03:37:26 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Entering service

Apr 8 03:37:26 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11]

Apr 8 03:37:29 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Session 100005 created

Apr 8 03:37:29 TJBs-MacBook-Pro loginwindow[47]: Login Window Started Security Agent

Apr 8 03:37:29 TJBs-MacBook-Pro SecurityAgent[111]: Echo enabled

Apr 8 03:38:29 TJBs-MacBook-Pro SecurityAgent[111]: User info context values set for MASTER

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_authenticate(): Got user: MASTER

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_authenticate(): Got ruser: (null)

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_authenticate(): Got service: authorization

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in od_principal_for_user(): No authentication authority returned

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in od_principal_for_user(): failed: 7

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_authenticate(): Done cleanup3

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_authenticate(): Kerberos 5 refuses you

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm

Apr 8 03:38:29 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_acct_mgmt(): OpenDirectory - Membership cache TTL set to 1800.

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in od_record_check_pwpolicy(): retval: 0

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in od_record_attribute_create_cfstring(): returned 2 attributes for dsAttrTypeStandard:AuthenticationAuthority

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Establishing credentials

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Got user: MASTER

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Context initialised

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Got euid, egid: 0 0

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Done getpwnam()

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Done setegid() & seteuid()

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): pam_sm_setcred: krb5 user MASTER doesn't have a principal

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Done cleanup3

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Done seteuid() & setegid()

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): Done cleanup4

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): pam_sm_setcred: ntlm

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: in pam_sm_setcred(): pam_sm_setcred: no domain found skipping

Apr 8 03:38:30 TJBs-MacBook-Pro SecurityAgent[111]: Login Window login proceeding

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | name = MASTER, path = /Users/MASTER, homeLoc = (null)

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter setNeedsToUnmountDirVolumeAtLogout:] | mounter calling mechanism to setNeedsToUnmountDirVolumeAtLogout to 0

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | urlAttribute = null

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | homeDirPath did NOT follow a symlink, keeping original path of: /Users/MASTER

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | homeDirMajorType = 1

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter mountStandardDirectoryForUser:atPath:attributes:] | name = MASTER, path = /Users/MASTER, homeLoc = (null)

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMechanism isGuestAccount] | enter

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMechanism isGuestAccount] | Guest account check returning 0

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter setHomeDirType:] | setHomeDirType to 1

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter mountStandardDirectoryForUser:atPath:attributes:] | returning 0

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | returning 0

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMechanism invoke] | mountHomeDirectoryForUser returns 0

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMechanism updateAndUnlockKeychain] | updateAndUnlockKeychain

Apr 8 03:38:30 TJBs-MacBook-Pro authorizationhost[137]: DEBUGLOG | -[HomeDirMechanism launchHomeDirFixerToolIfNeeded:] | launchHomeDirFixerToolIfNeeded called with 0

Apr 8 03:38:31 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Succeeded authorizing right 'system.login.console' by client '/System/Library/CoreServices/loginwindow.app' [47] for authorization created by '/System/Library/CoreServices/loginwindow.app' [47]

Apr 8 03:38:31 TJBs-MacBook-Pro loginwindow[47]: Login Window - Returned from Security Agent

Apr 8 03:38:32 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Succeeded authorizing right 'system.login.done' by client '/System/Library/CoreServices/loginwindow.app' [47] for authorization created by '/System/Library/CoreServices/loginwindow.app' [47]

Apr 8 03:43:52 TJBs-MacBook-Pro shutdown[228]: reboot by MASTER:

Apr 8 03:44:24 localhost com.apple.SecurityServer[23]: Session 100000 created

Apr 8 03:44:31 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Entering service

Apr 8 03:44:31 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11]

Apr 8 03:44:35 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Session 100005 created

Apr 8 03:44:35 TJBs-MacBook-Pro loginwindow[47]: Login Window Started Security Agent

Apr 8 03:44:36 TJBs-MacBook-Pro SecurityAgent[111]: Echo enabled

Apr 8 03:44:52 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Engine::authorize: Rule::evaluate returned 4294907288 returning errAuthorizationInternal

Apr 8 03:44:52 TJBs-MacBook-Pro loginwindow[47]: Login Window - Returned from Security Agent

Apr 8 03:44:52 TJBs-MacBook-Pro loginwindow[47]: AuthorizationRef doesn't have a username (<LoginAuthRefMgr: 0x100d36720>). Exiting.

Apr 8 03:44:53 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Session 100009 created

Apr 8 03:44:53 TJBs-MacBook-Pro loginwindow[128]: Login Window Started Security Agent

Apr 8 03:44:53 TJBs-MacBook-Pro SecurityAgent[141]: Echo enabled

Apr 8 03:45:27 TJBs-MacBook-Pro SecurityAgent[141]: User info context values set for MASTER

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_authenticate(): Got user: MASTER

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_authenticate(): Got ruser: (null)

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_authenticate(): Got service: authorization

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in od_principal_for_user(): No authentication authority returned

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in od_principal_for_user(): failed: 7

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_authenticate(): Done cleanup3

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_authenticate(): Kerberos 5 refuses you

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_acct_mgmt(): OpenDirectory - Membership cache TTL set to 1800.

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in od_record_check_pwpolicy(): retval: 0

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in od_record_attribute_create_cfstring(): returned 2 attributes for dsAttrTypeStandard:AuthenticationAuthority

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Establishing credentials

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Got user: MASTER

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Context initialised

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Got euid, egid: 0 0

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Done getpwnam()

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Done setegid() & seteuid()

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): pam_sm_setcred: krb5 user MASTER doesn't have a principal

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Done cleanup3

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Done seteuid() & setegid()

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): Done cleanup4

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): pam_sm_setcred: ntlm

Apr 8 03:45:27 TJBs-MacBook-Pro authorizationhost[148]: in pam_sm_setcred(): pam_sm_setcred: no domain found skipping

Apr 8 03:45:28 TJBs-MacBook-Pro SecurityAgent[141]: Login Window login proceeding

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | name = MASTER, path = /Users/MASTER, homeLoc = (null)

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter setNeedsToUnmountDirVolumeAtLogout:] | mounter calling mechanism to setNeedsToUnmountDirVolumeAtLogout to 0

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | urlAttribute = null

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | homeDirPath did NOT follow a symlink, keeping original path of: /Users/MASTER

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | homeDirMajorType = 1

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter mountStandardDirectoryForUser:atPath:attributes:] | name = MASTER, path = /Users/MASTER, homeLoc = (null)

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMechanism isGuestAccount] | enter

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMechanism isGuestAccount] | Guest account check returning 0

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter setHomeDirType:] | setHomeDirType to 1

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter mountStandardDirectoryForUser:atPath:attributes:] | returning 0

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMounter mountHomeDirectoryForUser:atPath:homeLocation:] | returning 0

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMechanism invoke] | mountHomeDirectoryForUser returns 0

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMechanism updateAndUnlockKeychain] | updateAndUnlockKeychain

Apr 8 03:45:28 TJBs-MacBook-Pro authorizationhost[148]: DEBUGLOG | -[HomeDirMechanism launchHomeDirFixerToolIfNeeded:] | launchHomeDirFixerToolIfNeeded called with 0

Apr 8 03:45:29 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Succeeded authorizing right 'system.login.console' by client '/System/Library/CoreServices/loginwindow.app' [128] for authorization created by '/System/Library/CoreServices/loginwindow.app' [128]

Apr 8 03:45:29 TJBs-MacBook-Pro loginwindow[128]: Login Window - Returned from Security Agent

Apr 8 03:45:29 TJBs-MacBook-Pro com.apple.SecurityServer[23]: Succeeded authorizing right 'system.login.done' by client '/System/Library/CoreServices/loginwindow.app' [128] for authorization created by '/System/Library/CoreServices/loginwindow.app' [128]

Apr 8 03:45:30 TJBs-MacBook-Pro loginwindow[128]: ISGetIconFamilyFromStorage: seed mismatch for 231b0001, actual seed is 140e0f76

Apr 8 03:46:00: --- last message repeated 2 times ---

Here is the latest shutdown log. Usually it hangs a little if its a complete shutdown but it closed pretty fast due to reboot. Let me know if you need the whole report.

-94032 1 com.apple.launchd 1 com.apple.launchd System shutdown began

-94018 1 com.apple.launchd 1 com.apple.launchd System: Beginning job manager shutdown with flags: RB_AUTOBOOT

-93778 1 com.apple.launchd 1 com.apple.launchd System: Userspace shutdown begun at: Sun Apr 8 03:43:52 2012

-93773 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.airportd[226]: Beginning job manager shutdown with flags: RB_AUTOBOOT

-93538 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.airportd[226]: Job manager shutdown begun at: Sun Apr 8 03:43:52 2012

-93530 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.airportd[226]: No submanagers left.

-93517 1 com.apple.launchd 0 com.apple.qtkitserver Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-93507 1 com.apple.launchd 0 com.apple.qtkitserver Closing receive right for com.apple.qtkitserver

-93496 1 com.apple.launchd 0 com.apple.qtkitserver Mach service deleted: com.apple.qtkitserver

-93491 1 com.apple.launchd 0 com.apple.qtkitserver Removed

-93485 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-93481 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Closing receive right for com.apple.DataDetectors.DataDetectorsActionService

-93474 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Mach service deleted: com.apple.DataDetectors.DataDetectorsActionService

-93471 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Removed

-93468 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.airportd[226]: Removing.

-93466 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.airportd[226]: Removing job manager.

-93464 1 com.apple.launchd 227 0x100b07ed0.anonymous.xpchelper Reaping

-93457 1 com.apple.launchd 0 0x100b07ed0.anonymous.xpchelper Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-93454 1 com.apple.launchd 0 0x100b07ed0.anonymous.xpchelper Removed

-93452 1 com.apple.launchd 1 0x100b01650.anonymous.launchd Reaping

-93448 1 com.apple.launchd 0 0x100b01650.anonymous.launchd Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-93445 1 com.apple.launchd 0 0x100b01650.anonymous.launchd Removed

-93444 1 com.apple.launchd 226 0x100b0fc50.anonymous.airportd Reaping

-93440 1 com.apple.launchd 0 0x100b0fc50.anonymous.airportd Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-93437 1 com.apple.launchd 0 0x100b0fc50.anonymous.airportd Removed

-93296 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.airportd[226]: Job manager shutdown finished at: Sun Apr 8 03:43:52 2012

-93294 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.airportd[226]: Job manager shutdown took approximately 0 seconds.

-93284 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.peruser.4294967294: Beginning job manager shutdown with flags: RB_AUTOBOOT

-93167 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.peruser.4294967294: Job manager shutdown begun at: Sun Apr 8 03:43:52 2012

-93165 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.peruser.4294967294: No submanagers left.

-93160 1 com.apple.launchd 0 com.apple.cfpreferences-xpcservice Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-93158 1 com.apple.launchd 0 com.apple.cfpreferences-xpcservice Closing receive right for com.apple.cfpreferences-xpcservice

-93151 1 com.apple.launchd 0 com.apple.cfpreferences-xpcservice Mach service deleted: com.apple.cfpreferences-xpcservice

-93143 1 com.apple.launchd 0 com.apple.cfpreferences-xpcservice Removed

-93137 1 com.apple.launchd 0 com.apple.security.XPCKeychainSandboxCheck Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-93135 1 com.apple.launchd 0 com.apple.security.XPCKeychainSandboxCheck Closing receive right for com.apple.security.XPCKeychainSandboxCheck

-93129 1 com.apple.launchd 0 com.apple.security.XPCKeychainSandboxCheck Mach service deleted: com.apple.security.XPCKeychainSandboxCheck

-93125 1 com.apple.launchd 0 com.apple.security.XPCKeychainSandboxCheck Removed

-93123 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.peruser.4294967294: Removing.

-93121 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.peruser.4294967294: Removing job manager.

-92990 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.peruser.4294967294: Job manager shutdown finished at: Sun Apr 8 03:43:52 2012

-92988 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.peruser.4294967294: Job manager shutdown took approximately 0 seconds.

-92979 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.warmd[34]: Beginning job manager shutdown with flags: RB_AUTOBOOT

-92870 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.warmd[34]: Job manager shutdown begun at: Sun Apr 8 03:43:52 2012

-92869 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.warmd[34]: No submanagers left.

-92863 1 com.apple.launchd 0 com.apple.qtkitserver Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92861 1 com.apple.launchd 0 com.apple.qtkitserver Closing receive right for com.apple.qtkitserver

-92854 1 com.apple.launchd 0 com.apple.qtkitserver Mach service deleted: com.apple.qtkitserver

-92850 1 com.apple.launchd 0 com.apple.qtkitserver Removed

-92846 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92845 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Closing receive right for com.apple.DataDetectors.DataDetectorsActionService

-92839 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Mach service deleted: com.apple.DataDetectors.DataDetectorsActionService

-92833 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Removed

-92830 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.warmd[34]: Removing.

-92828 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.warmd[34]: Removing job manager.

-92827 1 com.apple.launchd 224 0x7f81ead2a490.anonymous.xpchelper Reaping

-92822 1 com.apple.launchd 0 0x7f81ead2a490.anonymous.xpchelper Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92819 1 com.apple.launchd 0 0x7f81ead2a490.anonymous.xpchelper Removed

-92818 1 com.apple.launchd 1 0x7f81ead2a190.anonymous.launchd Reaping

-92814 1 com.apple.launchd 0 0x7f81ead2a190.anonymous.launchd Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92807 1 com.apple.launchd 0 0x7f81ead2a190.anonymous.launchd Removed

-92805 1 com.apple.launchd 34 0x7f81ead28810.anonymous.warmd Reaping

-92801 1 com.apple.launchd 0 0x7f81ead28810.anonymous.warmd Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92798 1 com.apple.launchd 0 0x7f81ead28810.anonymous.warmd Removed

-92558 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.warmd[34]: Job manager shutdown finished at: Sun Apr 8 03:43:52 2012

-92552 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.warmd[34]: Job manager shutdown took approximately 0 seconds.

-92544 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.filecoordinatio[202]: Beginning job manager shutdown with flags: RB_AUTOBOOT

-92405 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.filecoordinatio[202]: Job manager shutdown begun at: Sun Apr 8 03:43:52 2012

-92403 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.filecoordinatio[202]: No submanagers left.

-92397 1 com.apple.launchd 0 com.apple.qtkitserver Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92396 1 com.apple.launchd 0 com.apple.qtkitserver Closing receive right for com.apple.qtkitserver

-92389 1 com.apple.launchd 0 com.apple.qtkitserver Mach service deleted: com.apple.qtkitserver

-92382 1 com.apple.launchd 0 com.apple.qtkitserver Removed

-92377 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92375 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Closing receive right for com.apple.DataDetectors.DataDetectorsActionService

-92370 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Mach service deleted: com.apple.DataDetectors.DataDetectorsActionService

-92367 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Removed

-92361 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.filecoordinatio[202]: Removing.

-92359 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.filecoordinatio[202]: Removing job manager.

-92358 1 com.apple.launchd 1 0x100b03c80.anonymous.launchd Reaping

-92353 1 com.apple.launchd 0 0x100b03c80.anonymous.launchd Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92351 1 com.apple.launchd 0 0x100b03c80.anonymous.launchd Removed

-92349 1 com.apple.launchd 202 0x100b03860.anonymous.filecoordinatio Reaping

-92345 1 com.apple.launchd 0 0x100b03860.anonymous.filecoordinatio Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92343 1 com.apple.launchd 0 0x100b03860.anonymous.filecoordinatio Removed

-92211 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.filecoordinatio[202]: Job manager shutdown finished at: Sun Apr 8 03:43:52 2012

-92209 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.filecoordinatio[202]: Job manager shutdown took approximately 0 seconds.

-92205 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.imagent[170]: Beginning job manager shutdown with flags: RB_AUTOBOOT

-92097 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.imagent[170]: Job manager shutdown begun at: Sun Apr 8 03:43:52 2012

-92095 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.imagent[170]: No submanagers left.

-92084 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92082 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Closing receive right for com.apple.DataDetectors.DataDetectorsActionService

-92076 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Mach service deleted: com.apple.DataDetectors.DataDetectorsActionService

-92072 1 com.apple.launchd 0 com.apple.DataDetectors.DataDetectorsActionService Removed

-92068 1 com.apple.launchd 0 com.apple.XType.FontHelper Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92065 1 com.apple.launchd 0 com.apple.XType.FontHelper Closing receive right for com.apple.XType.FontHelper

-92059 1 com.apple.launchd 0 com.apple.XType.FontHelper Mach service deleted: com.apple.XType.FontHelper

-92055 1 com.apple.launchd 0 com.apple.XType.FontHelper Removed

-92051 1 com.apple.launchd 0 com.apple.qtkitserver Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92050 1 com.apple.launchd 0 com.apple.qtkitserver Closing receive right for com.apple.qtkitserver

-92044 1 com.apple.launchd 0 com.apple.qtkitserver Mach service deleted: com.apple.qtkitserver

-92039 1 com.apple.launchd 0 com.apple.qtkitserver Removed

-92035 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.imagent[170]: Removing.

-92033 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.imagent[170]: Removing job manager.

-92032 1 com.apple.launchd 1 0x7f81ead28510.anonymous.launchd Reaping

-92028 1 com.apple.launchd 0 0x7f81ead28510.anonymous.launchd Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92025 1 com.apple.launchd 0 0x7f81ead28510.anonymous.launchd Removed

-92023 1 com.apple.launchd 123 0x7f81ead27db0.anonymous.launchd Reaping

-92020 1 com.apple.launchd 0 0x7f81ead27db0.anonymous.launchd Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92013 1 com.apple.launchd 0 0x7f81ead27db0.anonymous.launchd Removed

-92011 1 com.apple.launchd 170 0x7f81ead0ebc0.anonymous.imagent Reaping

-92007 1 com.apple.launchd 0 0x7f81ead0ebc0.anonymous.imagent Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

-92004 1 com.apple.launchd 0 0x7f81ead0ebc0.anonymous.imagent Removed

-91876 1 com.apple.launchd 1 com.apple.launchd System: com.apple.xpc.domain.imagent[170]: Job manager shutdown finished at: Sun Apr 8 03:43:52 2012

Goes on for quite a while using the same format and ends up....

valid

436323 1 com.apple.launchd 61 com.sophos.intercheck Job was sent SIGTERM.

438085 1 com.apple.launchd 230 com.apple.shutdown_monitor Getting key: 5

442436 1 com.apple.launchd 0 0x100b169b0.anonymous.kextunload Conceived

442445 1 com.apple.launchd 231 0x100b169b0.anonymous.kextunload This process showed up to the party while all the guests were leaving. Odds are that it will have a miserable time.

442449 1 com.apple.launchd 231 0x100b169b0.anonymous.kextunload Created PID 231 anonymously by PPID 61

442452 1 com.apple.launchd 231 0x100b169b0.anonymous.kextunload Getting key: 5

448270 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

448278 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead01430 data = 0x84 ident = 134 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT fflags = 0x0

448282 1 com.apple.launchd 61 com.sophos.intercheck Dispatching kevent callback.

448289 61 com.sophos.intercheck 61 com.sophos.intercheck (kernel) Kext unloading is disabled (com.sophos.kext.sav).

448291 61 com.sophos.intercheck 61 com.sophos.intercheck Failed to unload com.sophos.kext.sav - (libkern/kext) function disabled.

448418 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

448426 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81eb002000 data = 0x0 ident = 231 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

448429 1 com.apple.launchd 231 0x100b169b0.anonymous.kextunload Dispatching kevent callback.

448431 1 com.apple.launchd 231 0x100b169b0.anonymous.kextunload EVFILT_PROC event for job.

448436 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x100b169b0 data = 0x0 ident = 231 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

448438 1 com.apple.launchd 231 0x100b169b0.anonymous.kextunload Reaping

448446 1 com.apple.launchd 0 0x100b169b0.anonymous.kextunload Total rusage: utime 0.000000 stime 0.000000 maxrss 0 ixrss 0 idrss 0 isrss 0 minflt 0 majflt 0 nswap 0 inblock 0 oublock 0 msgsnd 0 msgrcv 0 nsignals 0 nvcsw 0 nivcsw 0

448451 1 com.apple.launchd 0 0x100b169b0.anonymous.kextunload Removed

448454 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

448457 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

448459 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

448461 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

448462 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

448464 1 com.apple.launchd 13 com.apple.diskarbitrationd Job is active: PID is still valid

448466 1 com.apple.launchd 13 com.apple.diskarbitrationd Job was sent SIGTERM.

448468 1 com.apple.launchd 61 com.sophos.intercheck Job is active: PID is still valid

448469 1 com.apple.launchd 61 com.sophos.intercheck Job was sent SIGTERM.

458050 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

458074 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead01430 data = 0x0 ident = 134 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

458083 1 com.apple.launchd 61 com.sophos.intercheck Dispatching kevent callback.

458103 1 com.apple.launchd 61 com.sophos.intercheck Standard out/error pipe closed

458159 1 com.apple.launchd 61 com.sophos.intercheck Tried to dispatch an already active job (PID is still valid).

458164 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

458178 1 com.apple.launchd 1 com.apple.launchd KEVENT[1]: udata = 0x7f81eb002000 data = 0x0 ident = 61 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

458185 1 com.apple.launchd 61 com.sophos.intercheck Dispatching kevent callback.

458190 1 com.apple.launchd 61 com.sophos.intercheck EVFILT_PROC event for job.

458201 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead01430 data = 0x0 ident = 61 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

458213 1 com.apple.launchd 61 com.sophos.intercheck Reaping

458314 1 com.apple.launchd 61 com.sophos.intercheck Exited 0.542490 seconds after the first signal was sent

458321 1 com.apple.launchd 0 com.sophos.intercheck Exited while shutdown in progress. Processes remaining: 4/0

458332 1 com.apple.launchd 0 com.sophos.intercheck Total rusage: utime 10.993311 stime 3.105564 maxrss 175759360 ixrss 0 idrss 0 isrss 0 minflt 77248 majflt 1003 nswap 0 inblock 26 oublock 43 msgsnd 108853 msgrcv 108851 nsignals 1 nvcsw 13218 nivcsw 5

458342 1 com.apple.launchd 0 com.sophos.intercheck Removed

458349 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

458353 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

458357 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

458361 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

458364 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

458368 1 com.apple.launchd 13 com.apple.diskarbitrationd Job is active: PID is still valid

458371 1 com.apple.launchd 13 com.apple.diskarbitrationd Job was sent SIGTERM.

622347 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

622362 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead1e390 data = 0x0 ident = 116 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

622369 1 com.apple.launchd 230 com.apple.shutdown_monitor Dispatching kevent callback.

622380 1 com.apple.launchd 230 com.apple.shutdown_monitor Standard out/error pipe closed

622412 1 com.apple.launchd 230 com.apple.shutdown_monitor Tried to dispatch an already active job (Monitoring shutdown).

622416 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

622426 1 com.apple.launchd 1 com.apple.launchd KEVENT[1]: udata = 0x7f81eb002000 data = 0x0 ident = 230 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

622431 1 com.apple.launchd 230 com.apple.shutdown_monitor Dispatching kevent callback.

622435 1 com.apple.launchd 230 com.apple.shutdown_monitor EVFILT_PROC event for job.

622443 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead1e390 data = 0x0 ident = 230 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

622452 1 com.apple.launchd 230 com.apple.shutdown_monitor Reaping

622529 1 com.apple.launchd 230 com.apple.shutdown_monitor Shutdown monitor has exited.

622536 1 com.apple.launchd 0 com.apple.shutdown_monitor Exited while shutdown in progress. Processes remaining: 3/0

622548 1 com.apple.launchd 0 com.apple.shutdown_monitor Total rusage: utime 0.009018 stime 0.007762 maxrss 1892352 ixrss 0 idrss 0 isrss 0 minflt 613 majflt 3 nswap 0 inblock 1 oublock 5 msgsnd 0 msgrcv 1 nsignals 0 nvcsw 7 nivcsw 11

622558 1 com.apple.launchd 0 com.apple.shutdown_monitor Removed

622565 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

622569 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

622573 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

622577 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

622580 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

622584 1 com.apple.launchd 13 com.apple.diskarbitrationd Job is active: PID is still valid

622588 1 com.apple.launchd 13 com.apple.diskarbitrationd Job was sent SIGTERM.

1196345 1 com.apple.launchd 1 com.apple.launchd System: Receive right returned to us: com.apple.metadata.mds

1196351 1 com.apple.launchd 44 com.apple.metadata.mds Tried to dispatch an already active job (PID is still valid).

1196355 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1196358 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

1196361 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

1196364 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

1196367 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

1196369 1 com.apple.launchd 13 com.apple.diskarbitrationd Job is active: PID is still valid

1196372 1 com.apple.launchd 13 com.apple.diskarbitrationd Job was sent SIGTERM.

1196419 1 com.apple.launchd 1 com.apple.launchd System: Receive right returned to us: com.apple.metadata.mds.xpcs

1196422 1 com.apple.launchd 44 com.apple.metadata.mds Tried to dispatch an already active job (PID is still valid).

1196425 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1196427 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

1196430 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

1196432 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

1196434 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

1196437 1 com.apple.launchd 13 com.apple.diskarbitrationd Job is active: PID is still valid

1196439 1 com.apple.launchd 13 com.apple.diskarbitrationd Job was sent SIGTERM.

1196466 1 com.apple.launchd 1 com.apple.launchd System: Receive right returned to us: com.apple.metadata.mds.xpc

1196469 1 com.apple.launchd 44 com.apple.metadata.mds Tried to dispatch an already active job (PID is still valid).

1196471 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1196474 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

1196476 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

1196479 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

1196481 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

1196484 1 com.apple.launchd 13 com.apple.diskarbitrationd Job is active: PID is still valid

1196486 1 com.apple.launchd 13 com.apple.diskarbitrationd Job was sent SIGTERM.

1196627 1 com.apple.launchd 1 com.apple.launchd System: Receive right returned to us: com.apple.DiskArbitration.diskarbitrationd

1196630 1 com.apple.launchd 13 com.apple.diskarbitrationd Tried to dispatch an already active job (PID is still valid).

1196633 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1196635 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

1196638 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

1196640 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

1196643 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

1196645 1 com.apple.launchd 13 com.apple.diskarbitrationd Job is active: PID is still valid

1196648 1 com.apple.launchd 13 com.apple.diskarbitrationd Job was sent SIGTERM.

1197302 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1197314 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ec0000a0 data = 0x0 ident = 66 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

1197347 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1197353 1 com.apple.launchd 1 com.apple.launchd KEVENT[1]: udata = 0x7f81ead0af90 data = 0x0 ident = 71 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

1197357 1 com.apple.launchd 13 com.apple.diskarbitrationd Dispatching kevent callback.

1197366 1 com.apple.launchd 13 com.apple.diskarbitrationd Standard out/error pipe closed

1197391 1 com.apple.launchd 13 com.apple.diskarbitrationd Tried to dispatch an already active job (PID is still valid).

1197394 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1197401 1 com.apple.launchd 1 com.apple.launchd KEVENT[2]: udata = 0x7f81eb002000 data = 0x0 ident = 13 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

1197405 1 com.apple.launchd 13 com.apple.diskarbitrationd Dispatching kevent callback.

1197407 1 com.apple.launchd 13 com.apple.diskarbitrationd EVFILT_PROC event for job.

1197413 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead0af90 data = 0x0 ident = 13 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

1197420 1 com.apple.launchd 13 com.apple.diskarbitrationd Reaping

1197459 1 com.apple.launchd 13 com.apple.diskarbitrationd Exited 1.282544 seconds after the first signal was sent

1197464 1 com.apple.launchd 0 com.apple.diskarbitrationd Exited while shutdown in progress. Processes remaining: 2/0

1197472 1 com.apple.launchd 0 com.apple.diskarbitrationd Total rusage: utime 0.040310 stime 0.040572 maxrss 5173248 ixrss 0 idrss 0 isrss 0 minflt 5563 majflt 42 nswap 0 inblock 40 oublock 21 msgsnd 0 msgrcv 1 nsignals 7 nvcsw 2 nivcsw 530

1197476 1 com.apple.launchd 0 com.apple.diskarbitrationd Closing receive right for com.apple.DiskArbitration.diskarbitrationd

1197488 1 com.apple.launchd 0 com.apple.diskarbitrationd Mach service deleted: com.apple.DiskArbitration.diskarbitrationd

1197495 1 com.apple.launchd 0 com.apple.diskarbitrationd Removed

1197499 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1197502 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

1197505 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

1197508 1 com.apple.launchd 44 com.apple.metadata.mds Job is active: PID is still valid

1197510 1 com.apple.launchd 44 com.apple.metadata.mds Job was sent SIGTERM.

1200274 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1200283 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ec000af0 data = 0x0 ident = 102 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

1200476 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1200487 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead160a0 data = 0x0 ident = 111 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

1200491 1 com.apple.launchd 44 com.apple.metadata.mds Dispatching kevent callback.

1200514 1 com.apple.launchd 44 com.apple.metadata.mds Standard out/error pipe closed

1200536 1 com.apple.launchd 44 com.apple.metadata.mds Tried to dispatch an already active job (PID is still valid).

1200539 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1200545 1 com.apple.launchd 1 com.apple.launchd KEVENT[1]: udata = 0x7f81eb002000 data = 0x0 ident = 44 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

1200547 1 com.apple.launchd 44 com.apple.metadata.mds Dispatching kevent callback.

1200549 1 com.apple.launchd 44 com.apple.metadata.mds EVFILT_PROC event for job.

1200554 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead160a0 data = 0x0 ident = 44 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

1200559 1 com.apple.launchd 44 com.apple.metadata.mds Reaping

1200586 1 com.apple.launchd 44 com.apple.metadata.mds Exited 1.286688 seconds after the first signal was sent

1200590 1 com.apple.launchd 0 com.apple.metadata.mds Exited while shutdown in progress. Processes remaining: 1/0

1200596 1 com.apple.launchd 0 com.apple.metadata.mds Total rusage: utime 0.859520 stime 0.867720 maxrss 49491968 ixrss 0 idrss 0 isrss 0 minflt 13780 majflt 4547 nswap 0 inblock 63 oublock 563 msgsnd 0 msgrcv 1 nsignals 1 nvcsw 1507 nivcsw 8866

1200600 1 com.apple.launchd 0 com.apple.metadata.mds Closing receive right for com.apple.metadata.mds

1200610 1 com.apple.launchd 0 com.apple.metadata.mds Mach service deleted: com.apple.metadata.mds

1200613 1 com.apple.launchd 0 com.apple.metadata.mds Closing receive right for com.apple.metadata.mds.xpcs

1200621 1 com.apple.launchd 0 com.apple.metadata.mds Mach service deleted: com.apple.metadata.mds.xpcs

1200623 1 com.apple.launchd 0 com.apple.metadata.mds Closing receive right for com.apple.metadata.mds.xpc

1200630 1 com.apple.launchd 0 com.apple.metadata.mds Mach service deleted: com.apple.metadata.mds.xpc

1200635 1 com.apple.launchd 0 com.apple.metadata.mds Removed

1200638 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1200640 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

1200643 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM.

1200645 1 com.apple.launchd 23 com.apple.securityd Closing shutdown transaction for job.

1200647 1 com.apple.launchd 23 com.apple.securityd Job is now clean. Killing.

1200659 1 com.apple.launchd 23 com.apple.securityd Sent SIGKILL signal

1201138 1 com.apple.launchd 1 com.apple.launchd System: Receive right returned to us: com.apple.SecurityServer

1201155 1 com.apple.launchd 23 com.apple.securityd Tried to dispatch an already active job (PID is still valid).

1201157 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1201160 1 com.apple.launchd 23 com.apple.securityd Job is active: PID is still valid

1201162 1 com.apple.launchd 23 com.apple.securityd Job was sent SIGTERM and SIGKILL.

1202392 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1202400 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x100b004a0 data = 0x0 ident = 84 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

1202422 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1202428 1 com.apple.launchd 1 com.apple.launchd KEVENT[1]: udata = 0x7f81ead1e780 data = 0x0 ident = 89 filter = EVFILT_READ flags = EV_ADD|EV_RECEIPT|EV_EOF fflags = 0x0

1202431 1 com.apple.launchd 23 com.apple.securityd Dispatching kevent callback.

1202436 1 com.apple.launchd 23 com.apple.securityd Standard out/error pipe closed

1202456 1 com.apple.launchd 23 com.apple.securityd Tried to dispatch an already active job (PID is still valid).

1202458 1 com.apple.launchd 1 com.apple.launchd Dispatching kevent...

1202463 1 com.apple.launchd 1 com.apple.launchd KEVENT[2]: udata = 0x7f81eb002000 data = 0x0 ident = 23 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

1202466 1 com.apple.launchd 23 com.apple.securityd Dispatching kevent callback.

1202468 1 com.apple.launchd 23 com.apple.securityd EVFILT_PROC event for job.

1202472 1 com.apple.launchd 1 com.apple.launchd KEVENT[0]: udata = 0x7f81ead1e780 data = 0x0 ident = 23 filter = EVFILT_PROC flags = EV_ADD|EV_RECEIPT|EV_CLEAR|EV_EOF|EV_ONESHOT fflags = NOTE_EXIT

1202477 1 com.apple.launchd 23 com.apple.securityd Reaping

1202506 1 com.apple.launchd 23 com.apple.securityd Exited 1.289291 seconds after the first signal was sent

1202510 1 com.apple.launchd 0 com.apple.securityd Exited while shutdown in progress. Processes remaining: 0/0

1202524 1 com.apple.launchd 0 com.apple.securityd Job was last to exit during shutdown of: System.

1202530 1 com.apple.launchd 0 com.apple.securityd Total rusage: utime 0.118120 stime 0.101160 maxrss 8232960 ixrss 0 idrss 0 isrss 0 minflt 2691 majflt 202 nswap 0 inblock 17 oublock 28 msgsnd 0 msgrcv 1 nsignals 1 nvcsw 33 nivcsw 4044

1202533 1 com.apple.launchd 0 com.apple.securityd Closing receive right for com.apple.SecurityServer

1202543 1 com.apple.launchd 0 com.apple.securityd Mach service deleted: com.apple.SecurityServer

1202548 1 com.apple.launchd 0 com.apple.securityd Removed

1202551 1 com.apple.launchd 1 com.apple.launchd System: No submanagers left.

1202553 1 com.apple.launchd 1 com.apple.launchd System: Removing.

1202556 1 com.apple.launchd 1 com.apple.launchd System: Removing job manager.

1202709 1 com.apple.launchd 1 com.apple.launchd System: Userspace shutdown finished at: Sun Apr 8 03:43:54 2012

1202716 1 com.apple.launchd 1 com.apple.launchd System: Userspace shutdown took approximately 2 seconds.

1202740 1 com.apple.launchd 1 com.apple.launchd VM statistics (now - orig): Free: 88134 Active: -80516 Inactive: -649 Reactivations: 0 PageIns: 11 PageOuts: 0 Faults: 1435 COW-Faults: 225 Purgeable: -1669 Purges: 0

1202768 1 com.apple.launchd 1 com.apple.launchd System: About to call: reboot(RB_AUTOBOOT).

Appreciate any ideas. Might have to send it back to Apple. Would be nice to have an idea of what the problem is and how to avoid it before then. Thanks again.

I realize I will need to rebuild the system. What I want to try and figutre out is how to prevent further issues. MAC security is a serious concern and there are lots of vulnerabilities that are being exploited and we are just starting to see the tip of the iceberg.

http://ca.news.yahoo.com/blogs/right-click/mac-users-hit-global-trojan-malware-o utbreak-211940564.html

I have since discovered XCODE applications running on my system like background instruments collecting data and relaying information without my knowlege or permission.

What is even more problematic for me is that anyone can download XCODE from the Apple store for free. Included in the package are applications that facilitate all sorts of malicious activities.

I will probably need to engage Apple as previous re-installs haven't completely removed persistant files located on the 200M hinding on disk0.

With 40% of the world smart phone market and tools like XCODE out there, APPLE is a rich target for exploits. Unfortunately, APPLE's under estimation of the threat and the communities unwilligness to take it seriously only perpetuate the problem.

Cheers!

I can confirm that keylogging is part of it. I have keylogging as part of the infection I am experiencing. It is using backgroundinstruments (part of XCODE suite) to log activities. It is also trying to access everything that might contain personal information or passwords. Fortunately I have nothing stored in the keychain.

I didn't know keylogging and turning my MAC into a Bot Net is a matter that is of little concern. Keep your head in the sand. The longer you deny the problem the bigger it gets. They've figured out how to defeat the system. You'll see. It will get much worse. In my case the system was completely compromised just by visiting a compromised web site. Some of the system protocols are just asking for trouble. You just keep pretending the problem doesn't exist.

backgroundinstruments is the name given to the Instruments program running as an active application. Instruments is part of the XCODE tool suite (https://developer.apple.com/library/mac/documentation/developertools/conceptual/ InstrumentsUserGuide/InstrumentsUserGuide.pdf). Sorry you weren't able to make that connection.

Since I didn't set up any traces, tracking etc. someone did.

There are foreign files in my tmp folder that I cannot remove that were written via the safari plugin app.

The contents are posted.

I have given the machine to Apple to examine and restore. Maybe they can see what more can be done to prevent further attacks.

I have reported homepage hijackers, driveby malware attacks etc. Each time someone tries to explain away the situation because they don't want to accept that OSX is vulnerable.

It is. Be careful. The world is round.

- Copernicus.

Im not sure why you feel that suddeen changes to the boot log whereby the security protocol changes is normal. I'm an idiot for once again trying to post anything to this community. 500,000 Apple computers fell victim to security threats. Still everyonbe wants to believe Mac's are invulnerable.

I have given the computer to APPLE to study and rebuild. There are very real threats in the wild. I'm not arguing with you about whether or not XCODE Instruments is called backgroundinstruments. I'm not going to try and convince you. I know what is out there and how it is getting in.

Good luck and fairwell.