Q: My mac has been hacked
-
Mar 26, 2013 2:23 AMby Sandmc,My business partner is an IT guru.
If you don't think it's been hacked, are you willing to bet your money on it lol
I have tried to copy the log but they have even taken that function away on us.
At this stage I am currently reinstalling OSX, but it won't take long to get back in....
If you have any ideas I'm willing to give it a go.
-
Mar 26, 2013 2:33 AMby R C-R,Sandmc wrote:
And now they have physical access today, as we were trying to make changes they were doing everything they could to stop us.
"Physical access" means you can touch the computer. If your IT Guru told you hackers had physical access while you were making changes, unless there is some sinister looking person there with you, it might be time to seek the advice of another guru!
BTW, it might be a good idea to update your ASC profile info. As it is, it tells us you are running iOS on a MacBook Pro. That's impossible (it must be some version of OS X). Providing the correct OS version will help us help you.
-
Mar 26, 2013 2:53 AMby R C-R,OK. Let's try to get a clearer picture of why you think you have been hacked.
Is there something specific in the clamxav scan log that suggests this?
Is there some specific reason to suspect a key logger has been installed? That isn't the same thing as malware that records video & audio surreptitiously, so is one or both of these things that you suspect?
What specifically happens when you try to do something you believe the hackers now control?
-
Mar 26, 2013 5:10 AMby Linc Davis,Taking what you say at face value, you must be running some kind of public server, such as a web server, that's vulnerable. You shouldn't be doing that on a host that also stores business records. If you restore everything the way it was, you'll undoubtedly be hacked again. I suggest you move the server operation to a data center, and get someone competent to set up the server more securely and monitor it to make sure it stays that way.
As for cleaning up the Mac, the only way to be sure you've done that is to erase the boot volume and restore your data selectively. Merely reinstalling OS X in place isn't enough. An "IT guru" would know that.
-
Apr 3, 2013 2:58 AMby Sandmc,ok so here is an update of what's been happening.
I erased my machine and re-installed the Mac OS X 10.8 Mountain Lion and was told to turn of all wireless items and just connect through the ethernet cable.
Since then they have been back in and erasing files etc. They bricked my partners computer which was only 1 month old.
I have some logs just to prove i was hacked....
I'm not exactly sure how many i should put up here, as they were relentless.
We had a guy from CISCO do an anlysis on our systems as they deal with the high end market such as banks etc. Once we told him what was happening, he didnt believe it of course until his server was left at our place with the firewall etc. It didnt last long at all, the hackers were back within 2 days.
Apr 2 04:53:01 --- last message repeated 1 time ---
Apr 2 04:54:20 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:57505 from 10.4.182.20:53
Apr 2 04:54:40 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:65148 from 10.4.182.20:53
Apr 2 04:59:20 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:53311 from 10.4.182.20:53
Apr 2 04:59:40 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:63054 from 10.4.182.20:53
Apr 2 05:03:15 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Deny netbiosd data in from 172.20.10.2:137 to port 137 proto=17
Apr 2 05:04:20 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:58552 from 10.4.182.20:53
Apr 2 05:05:00 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:65186 from 10.4.182.20:53
Apr 2 05:09:20 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:58995 from 10.4.182.20:53
Apr 2 05:10:00 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:61893 from 10.4.182.20:53
Apr 2 05:13:15 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Deny netbiosd data in from 172.20.10.2:137 to port 137 proto=17
Apr 2 05:14:00 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:58410 from 10.4.182.20:53
Apr 2 05:14:40 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Stealth Mode connection attempt to UDP 172.20.10.2:64669 from 10.4.182.20:53
Apr 2 05:16:26 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Deny netbiosd data in from 172.20.10.2:137 to port 137 proto=17
Apr 2 05:20:01 --- last message repeated 1 time ---
Apr 2 05:20:01 Sandis-MacBook-Pro.local socketfilterfw[108] <Info>: Deny netbiosd data in from 172.20.10.2:137 to port 137 proto=17
Apr 2 05:20:31 --- last message repeated 11 times ---
214 com.apple.launchd 1 com.apple.launchd 1 System shutdown began
234 com.apple.launchd 1 com.apple.launchd 1 System: Beginning job manager shutdown with flags: RB_HALT
356 com.apple.launchd 1 com.apple.launchd 1 System: Userspace shutdown begun at: Tue Apr 2 18:15:24 2013
364 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.imagent[178]: Beginning job manager shutdown with flags: RB_AUTOBOOT
450 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.imagent[178]: Job manager shutdown begun at: Tue Apr 2 18:15:24 2013
456 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.imagent[178]: No submanagers left.
466 com.apple.launchd 1 com.apple.AppSandboxSMLoginItemEnabler 0 Closing receive right for com.apple.AppSandboxSMLoginItemEnabler
475 com.apple.launchd 1 com.apple.AppSandboxSMLoginItemEnabler 0 Mach service deleted: com.apple.AppSandboxSMLoginItemEnabler
484 com.apple.launchd 1 com.apple.AppSandboxSMLoginItemEnabler 0 Removed
489 com.apple.launchd 1 com.apple.qtkitserver 0 Closing receive right for com.apple.qtkitserver
496 com.apple.launchd 1 com.apple.qtkitserver 0 Mach service deleted: com.apple.qtkitserver
501 com.apple.launchd 1 com.apple.qtkitserver 0 Removed
504 com.apple.launchd 1 com.apple.qtkittrustedmoviesservice 0 Closing receive right for com.apple.qtkittrustedmoviesservice
511 com.apple.launchd 1 com.apple.qtkittrustedmoviesservice 0 Mach service deleted: com.apple.qtkittrustedmoviesservice
518 com.apple.launchd 1 com.apple.qtkittrustedmoviesservice 0 Removed
525 com.apple.launchd 1 com.apple.DataDetectors.DataDetectorsActionService 0 Closing receive right for com.apple.DataDetectors.DataDetectorsActionService
533 com.apple.launchd 1 com.apple.DataDetectors.DataDetectorsActionService 0 Mach service deleted: com.apple.DataDetectors.DataDetectorsActionService
540 com.apple.launchd 1 com.apple.DataDetectors.DataDetectorsActionService 0 Removed
545 com.apple.launchd 1 com.apple.CoreText.FontDownloadHelper 0 Closing receive right for com.apple.CoreText.FontDownloadHelper
552 com.apple.launchd 1 com.apple.CoreText.FontDownloadHelper 0 Mach service deleted: com.apple.CoreText.FontDownloadHelper
560 com.apple.launchd 1 com.apple.CoreText.FontDownloadHelper 0 Removed
565 com.apple.launchd 1 com.apple.imdmessageservices.IMDMessageServicesAgent 0 Closing receive right for com.apple.imdmessageservices.IMDMessageServicesAgent
572 com.apple.launchd 1 com.apple.imdmessageservices.IMDMessageServicesAgent 0 Mach service deleted: com.apple.imdmessageservices.IMDMessageServicesAgent
578 com.apple.launchd 1 com.apple.imdmessageservices.IMDMessageServicesAgent 0 Removed
583 com.apple.launchd 1 com.apple.imtranscoding.IMTranscoderAgent 0 Closing receive right for com.apple.imtranscoding.IMTranscoderAgent
590 com.apple.launchd 1 com.apple.imtranscoding.IMTranscoderAgent 0 Mach service deleted: com.apple.imtranscoding.IMTranscoderAgent
597 com.apple.launchd 1 com.apple.imtranscoding.IMTranscoderAgent 0 Removed
602 com.apple.launchd 1 com.apple.foundation.UserScriptService 0 Closing receive right for com.apple.foundation.UserScriptService
632 com.apple.launchd 1 com.apple.foundation.UserScriptService 0 Mach service deleted: com.apple.foundation.UserScriptService
643 com.apple.launchd 1 com.apple.foundation.UserScriptService 0 Removed
649 com.apple.launchd 1 com.apple.imfoundation.IMRemoteURLConnectionAgent 0 Closing receive right for com.apple.imfoundation.IMRemoteURLConnectionAgent
659 com.apple.launchd 1 com.apple.imfoundation.IMRemoteURLConnectionAgent 0 Mach service deleted: com.apple.imfoundation.IMRemoteURLConnectionAgent
666 com.apple.launchd 1 com.apple.imfoundation.IMRemoteURLConnectionAgent 0 Removed
670 com.apple.launchd 1 com.apple.imtransferservices.IMTransferAgent 0 Closing receive right for com.apple.imtransferservices.IMTransferAgent
677 com.apple.launchd 1 com.apple.imtransferservices.IMTransferAgent 0 Mach service deleted: com.apple.imtransferservices.IMTransferAgent
683 com.apple.launchd 1 com.apple.imtransferservices.IMTransferAgent 0 Removed
687 com.apple.launchd 1 com.apple.XType.FontHelper 0 Closing receive right for com.apple.XType.FontHelper
692 com.apple.launchd 1 com.apple.XType.FontHelper 0 Mach service deleted: com.apple.XType.FontHelper
696 com.apple.launchd 1 com.apple.XType.FontHelper 0 Removed
700 com.apple.launchd 1 com.apple.hiservices-xpcservice 0 Closing receive right for com.apple.hiservices-xpcservice
704 com.apple.launchd 1 com.apple.hiservices-xpcservice 0 Mach service deleted: com.apple.hiservices-xpcservice
708 com.apple.launchd 1 com.apple.hiservices-xpcservice 0 Removed
712 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.imagent[178]: Removing.
715 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.imagent[178]: Removing job manager.
718 com.apple.launchd 1 0x7f9453c0c270.anonymous.launchd 1 Reaping
723 com.apple.launchd 1 0x7f9453c0c270.anonymous.launchd 0 Removed
726 com.apple.launchd 1 0x7f9453c0bf80.anonymous.launchd 132 Reaping
731 com.apple.launchd 1 0x7f9453c0bf80.anonymous.launchd 0 Removed
734 com.apple.launchd 1 0x7f9453c0bc10.anonymous.imagent 178 Reaping
738 com.apple.launchd 1 0x7f9453c0bc10.anonymous.imagent 0 Removed
810 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.imagent[178]: Job manager shutdown finished at: Tue Apr 2 18:15:24 2013
814 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.imagent[178]: Job manager shutdown took approximately 0 seconds.
819 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.202: Beginning job manager shutdown with flags: RB_AUTOBOOT
864 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.202: Job manager shutdown begun at: Tue Apr 2 18:15:24
1475 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.coreaudiod[164]: Job manager shutdown finished at: Tue Apr 2 18:15:24 2013
1479 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.coreaudiod[164]: Job manager shutdown took approximately 0 seconds.
1483 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.501: Beginning job manager shutdown with flags: RB_AUTOBOOT
1528 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.501: Job manager shutdown begun at: Tue Apr 2 18:15:24 2013
1531 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.501: No submanagers left.
1535 com.apple.launchd 1 com.apple.ShareKitHelper 0 Closing receive right for com.apple.ShareKitHelper
1540 com.apple.launchd 1 com.apple.ShareKitHelper 0 Mach service deleted: com.apple.ShareKitHelper
1545 com.apple.launchd 1 com.apple.ShareKitHelper 0 Removed
1548 com.apple.launchd 1 com.apple.iCloudHelper 0 Closing receive right for com.apple.iCloudHelper
1553 com.apple.launchd 1 com.apple.iCloudHelper 0 Mach service deleted: com.apple.iCloudHelper
1557 com.apple.launchd 1 com.apple.iCloudHelper 0 Removed
1560 com.apple.launchd 1 com.apple.ImageKit.RecentPictureService 0 Closing receive right for com.apple.ImageKit.RecentPictureService
1565 com.apple.launchd 1 com.apple.ImageKit.RecentPictureService 0 Mach service deleted: com.apple.ImageKit.RecentPictureService
1569 com.apple.launchd 1 com.apple.ImageKit.RecentPictureService 0 Removed
1572 com.apple.launchd 1 com.apple.security.XPCTimeStampingService 0 Closing receive right for com.apple.security.XPCTimeStampingService
1576 com.apple.launchd 1 com.apple.security.XPCTimeStampingService 0 Mach service deleted: com.apple.security.XPCTimeStampingService
1581 com.apple.launchd 1 com.apple.security.XPCTimeStampingService 0 Removed
1584 com.apple.launchd 1 com.apple.appkit.xpc.sandboxedServiceRunner 0 Closing receive right for com.apple.appkit.xpc.sandboxedServiceRunner
1588 com.apple.launchd 1 com.apple.appkit.xpc.sandboxedServiceRunner 0 Mach service deleted: com.apple.appkit.xpc.sandboxedServiceRunner
1593 com.apple.launchd 1 com.apple.appkit.xpc.sandboxedServiceRunner 0 Removed
1596 com.apple.launchd 1 com.apple.security.XPCKeychainSandboxCheck 0 Closing receive right for com.apple.security.XPCKeychainSandboxCheck
1600 com.apple.launchd 1 com.apple.security.XPCKeychainSandboxCheck 0 Mach service deleted: com.apple.security.XPCKeychainSandboxCheck
1604 com.apple.launchd 1 com.apple.security.XPCKeychainSandboxCheck 0 Removed
1607 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.501: Removing.
1610 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.501: Removing job manager.
1673 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.501: Job manager shutdown finished at: Tue Apr 2 18:15:24 2013
1677 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.domain.peruser.501: Job manager shutdown took approximately 0 seconds.
1680 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.system: Beginning job manager shutdown with flags: RB_AUTOBOOT
1736 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.system: Job manager shutdown begun at: Tue Apr 2 18:15:24 2013
1739 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.system: No submanagers left.
1743 com.apple.launchd 1 com.apple.speech.synthesis.activityd 0 Closing receive right for com.apple.speech.synthesis.activityd
1748 com.apple.launchd 1 com.apple.speech.synthesis.activityd 0 Mach service deleted: com.apple.speech.synthesis.activityd
1753 com.apple.launchd 1 com.apple.speech.synthesis.activityd 0 Removed
1757 com.apple.launchd 1 com.apple.cmio.registerassistantservice 0 Closing receive right for com.apple.cmio.registerassistantservice
1761 com.apple.launchd 1 com.apple.cmio.registerassistantservice 0 Mach service deleted: com.apple.cmio.registerassistantservice
1766 com.apple.launchd 1 com.apple.cmio.registerassistantservice 0 Removed
1769 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.system: Removing.
1771 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.system: Removing job manager.
1821 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.system: Job manager shutdown finished at: Tue Apr 2 18:15:24 2013
1825 com.apple.launchd 1 com.apple.launchd 1 System: com.apple.xpc.system: Job manager shutdown took approximately 0 seconds.
1835 com.apple.launchd 1 com.apple.shutdown_monitor 0 Starting shutdown monitor.
1840 com.apple.launchd 1 com.apple.shutdown_monitor 0 Kickstarting job
2309 com.apple.launchd 1 com.apple.shutdown_monitor 0 Started as PID: 1728
2359 com.apple.launchd 1 com.apple.shutdown_monitor 1728 Ignoring...
2365 com.apple.launchd 1 com.apple.shutdown_monitor 1728 Uncorking the fork().
2384 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
2422 com.apple.launchd 1 com.apple.locum.F4FD5EE6-4C00-4D12-8666-C06C4DBFDC9F 0 Closing receive right for com.apple.locum
2431 com.apple.launchd 1 com.apple.locum.F4FD5EE6-4C00-4D12-8666-C06C4DBFDC9F 0 Mach service deleted: com.apple.locum
2457 com.apple.launchd 1 com.apple.locum.F4FD5EE6-4C00-4D12-8666-C06C4DBFDC9F 0 Removed
2466 com.apple.launchd 1 com.apple.launchd.peruser.202 0 Closing receive right for com.apple.launchd.peruser.202
2472 com.apple.launchd 1 com.apple.launchd.peruser.202 0 Mach service deleted: com.apple.launchd.peruser.202
2514 com.apple.launchd 1 com.apple.launchd.peruser.202 0 Removed
2549 com.apple.launchd 1 com.apple.xpcd.CA000000-0000-0000-0000-000000000000 0 Closing receive right for com.apple.OpenDirectory.ODTrigger
2558 com.apple.launchd 1 com.apple.xpcd.CA000000-0000-0000-0000-000000000000 0 Mach service deleted: com.apple.OpenDirectory.ODTrigger
2588 com.apple.launchd 1 com.apple.xpcd.CA000000-0000-0000-0000-000000000000 0 Closing receive right for com.apple.xpchelper
2596 com.apple.launchd 1 com.apple.xpcd.CA000000-0000-0000-0000-000000000000 0 Mach service deleted: com.apple.xpchelper
2607 com.apple.launchd 1 com.apple.xpcd.CA000000-0000-0000-0000-000000000000 0 Closing receive right for com.apple.xpcd
2615 com.apple.launchd 1 com.apple.xpcd.CA000000-0000-0000-0000-000000000000 0 Mach service deleted: com.apple.xpcd
2681 com.apple.launchd 1 com.apple.xpcd.CA000000-0000-0000-0000-000000000000 0 Removed
2695 com.apple.launchd 1 com.apple.locum.F7DC7A71-23FF-481E-805E-67C736591838 0 Closing receive right for com.apple.locum
2703 com.apple.launchd 1 com.apple.locum.F7DC7A71-23FF-481E-805E-67C736591838 0 Mach service deleted: com.apple.locum
2720 com.apple.launchd 1 com.apple.locum.F7DC7A71-23FF-481E-805E-67C736591838 0 Removed
2725 com.apple.launchd 1 com.apple.xpcd.F5010000-0000-0000-0000-000000000000 1681 Job is active: PID is still valid
2741 com.apple.launchd 1 com.apple.xpcd.F5010000-0000-0000-0000-000000000000 1681 Stopping job...
2767 com.apple.launchd 1 com.apple.xpcd.F5010000-0000-0000-0000-000000000000 1681 Sent job SIGKILL.
2771 com.apple.launchd 1 com.apple.xpcd.F5010000-0000-0000-0000-000000000000 1681 Job was killed cleanly.
2784 com.apple.launchd 1 com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A4 0 Closing receive right for com.apple.authorizationhost
2794 com.apple.launchd 1 com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A4 0 Mach service deleted: com.apple.authorizationhost
2815 com.apple.launchd 1 com.apple.authorizationhost.00000000-0000-0000-0000-0000000186A4 0 Removed
2820 com.apple.launchd 1 com.apple.launchd.peruser.501 132 Job is active: PID is still valid
2833 com.apple.launchd 1 com.apple.launchd.peruser.501 132 Stopping job...
2851 com.apple.launchd 1 com.apple.launchd.peruser.501 132 Sent job SIGTERM.
2856 com.apple.launchd 1 com.apple.launchd.peruser.501 132 Job was sent SIGTERM.
2860 com.apple.launchd 1 com.apple.launchd.peruser.89 1694 Job is active: PID is still valid
2871 com.apple.launchd 1 com.apple.launchd.peruser.89 1694 Stopping job...
2888 com.apple.launchd 1 com.apple.launchd.peruser.89 1694 Sent job SIGTERM.
2893 com.apple.launchd 1 com.apple.launchd.peruser.89 1694 Job was sent SIGTERM.
2898 com.apple.launchd 1 com.apple.launchd.peruser.92 0 Closing receive right for com.apple.launchd.peruser.92
2906 com.apple.launchd 1 com.apple.launchd.peruser.92 0 Mach service deleted: com.apple.launchd.peruser.92
2932 com.apple.launchd 1 com.apple.launchd.peruser.92 0 Removed
2947 com.apple.launchd 1 com.apple.SecurityAgent.00000000-0000-0000-0000-0000000186A4 0 Closing receive right for com.apple.SecurityAgent
2957 com.apple.launchd 1 com.apple.SecurityAgent.00000000-0000-0000-0000-0000000186A4 0 Mach service deleted: com.apple.SecurityAgent
2977 com.apple.launchd 1 com.apple.SecurityAgent.00000000-0000-0000-0000-0000000186A4 0 Removed
2990 com.apple.launchd 1 com.apple.launchd.peruser.212 0 Closing receive right for com.apple.launchd.peruser.212
9784 com.apple.launchd 1 com.apple.launchd.peruser.212 0 Mach service deleted: com.apple.launchd.peruser.212
9844 com.apple.launchd 1 com.apple.launchd.peruser.212 0 Removed
9856 com.apple.launchd 1 com.apple.launchd.peruser.88 0 Closing receive right for com.apple.launchd.peruser.88
9864 com.apple.launchd 1 com.apple.launchd.peruser.88 0 Mach service deleted: com.apple.launchd.peruser.88
9891 com.apple.launchd 1 com.apple.launchd.peruser.88 0 Removed
9931 com.apple.launchd 1 org.postfix.master 0 Removed
9937 com.apple.launchd 1 org.ntp.ntpd 106 Job is active: PID is still valid
9957 com.apple.launchd 1 org.ntp.ntpd 106 Stopping job...
9993 com.apple.launchd 1 org.ntp.ntpd 106 Sent job SIGKILL.
9998 com.apple.launchd 1 org.ntp.ntpd 106 Job was killed cleanly.
10030 com.apple.launchd 1 org.cups.cupsd 0 Removed
1406020 com.apple.launchd 1 com.apple.launchd 1 System: Receive right returned to us: com.apple.DiskArbitration.diskarbitrationd
1406028 com.apple.launchd 1 com.apple.diskarbitrationd 16 Tried to dispatch an already active job: PID is still valid.
1406032 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
1406037 com.apple.launchd 1 com.apple.securityd 15 Job is active: PID is still valid
1406040 com.apple.launchd 1 com.apple.securityd 15 Job was sent SIGTERM.
1406042 com.apple.launchd 1 com.apple.revisiond 33 Job is active: PID is still valid
1406044 com.apple.launchd 1 com.apple.revisiond 33 Job was sent SIGTERM.
1406047 com.apple.launchd 1 com.apple.diskarbitrationd 16 Job is active: PID is still valid
1406049 com.apple.launchd 1 com.apple.diskarbitrationd 16 Job was sent SIGTERM.
1406051 com.apple.launchd 1 com.apple.cvmsServ 74 Job is active: PID is still valid
1406053 com.apple.launchd 1 com.apple.cvmsServ 74 Job was sent SIGTERM.
1406055 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job is active: PID is still valid
1406058 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job was sent SIGTERM.
1406060 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
1406062 com.apple.launchd 1 com.apple.launchd 1 MIG request.
1406396 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
1406410 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 47/-1
1406436 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
1406439 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 33/-5
1406443 com.apple.launchd 1 com.apple.revisiond 33 Dispatching kevent callback.
1407190 com.apple.launchd 1 com.apple.revisiond 33 EVFILT_PROC event for job.
1407193 com.apple.launchd 1 com.apple.revisiond 33 Reaping
1407225 com.apple.launchd 1 com.apple.revisiond 33 Exited 1.338971 seconds after the first signal was sent
1407232 com.apple.launchd 1 com.apple.revisiond 0 Exited while shutdown in progress. Processes remaining: 4/1
1407234 com.apple.launchd 1 com.apple.revisiond 0 Job is useless. Removing.
1407238 com.apple.launchd 1 com.apple.revisiond 0 Closing receive right for com.apple.revisiond
1407245 com.apple.launchd 1 com.apple.revisiond 0 Mach service deleted: com.apple.revisiond
1407250 com.apple.launchd 1 com.apple.revisiond 0 Removed
1407253 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
1407256 com.apple.launchd 1 com.apple.securityd 15 Job is active: PID is still valid
1407258 com.apple.launchd 1 com.apple.securityd 15 Job was sent SIGTERM.
1407260 com.apple.launchd 1 com.apple.diskarbitrationd 16 Job is active: PID is still valid
1407263 com.apple.launchd 1 com.apple.diskarbitrationd 16 Job was sent SIGTERM.
1407265 com.apple.launchd 1 com.apple.cvmsServ 74 Job is active: PID is still valid
1407267 com.apple.launchd 1 com.apple.cvmsServ 74 Job was sent SIGTERM.
1407269 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job is active: PID is still valid
1407272 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job was sent SIGTERM.
1407273 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
1407275 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
1407282 com.apple.launchd 1 com.apple.launchd 1 MIG request.
1407299 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
1407305 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 35/-1
1407319 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
1407321 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 16/-5
1407323 com.apple.launchd 1 com.apple.diskarbitrationd 16 Dispatching kevent callback.
1407326 com.apple.launchd 1 com.apple.diskarbitrationd 16 EVFILT_PROC event for job.
1407328 com.apple.launchd 1 com.apple.diskarbitrationd 16 Reaping
1407341 com.apple.launchd 1 com.apple.diskarbitrationd 16 Exited 1.337427 seconds after the first signal was sent
1407346 com.apple.launchd 1 com.apple.diskarbitrationd 0 Exited while shutdown in progress. Processes remaining: 3/1
1407348 com.apple.launchd 1 com.apple.diskarbitrationd 0 Job is useless. Removing.
1407352 com.apple.launchd 1 com.apple.diskarbitrationd 0 Closing receive right for com.apple.DiskArbitration.diskarbitrationd
1407357 com.apple.launchd 1 com.apple.diskarbitrationd 0 Mach service deleted: com.apple.DiskArbitration.diskarbitrationd
1407362 com.apple.launchd 1 com.apple.diskarbitrationd 0 Removed
1407364 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
1407382 com.apple.launchd 1 com.apple.securityd 15 Job is active: PID is still valid
1407384 com.apple.launchd 1 com.apple.securityd 15 Job was sent SIGTERM.
1407387 com.apple.launchd 1 com.apple.cvmsServ 74 Job is active: PID is still valid
1407389 com.apple.launchd 1 com.apple.cvmsServ 74 Job was sent SIGTERM.
1407391 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job is active: PID is still valid
1407393 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job was sent SIGTERM.
1407395 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
1407397 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
1407401 com.apple.launchd 1 com.apple.launchd 1 MIG request.
1763428 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 69
1763439 com.apple.launchd 1 com.apple.launchd 1 System: Receive right returned to us: com.apple.cvmsServ
1763454 com.apple.launchd 1 com.apple.cvmsServ 74 Tried to dispatch an already active job: PID is still valid.
1763458 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
1763462 com.apple.launchd 1 com.apple.securityd 15 Job is active: PID is still valid
1763466 com.apple.launchd 1 com.apple.securityd 15 Job was sent SIGTERM.
1763469 com.apple.launchd 1 com.apple.cvmsServ 74 Job is active: PID is still valid
1763472 com.apple.launchd 1 com.apple.cvmsServ 74 Job was sent SIGTERM.
1763475 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job is active: PID is still valid
1763477 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job was sent SIGTERM.
1763480 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
1763482 com.apple.launchd 1 com.apple.launchd 1 MIG request.
1763912 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
1763928 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 69/-1
1763954 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
1763957 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 74/-5
1763962 com.apple.launchd 1 com.apple.cvmsServ 74 Dispatching kevent callback.
1763964 com.apple.launchd 1 com.apple.cvmsServ 74 EVFILT_PROC event for job.
1763968 com.apple.launchd 1 com.apple.cvmsServ 74 Reaping
1763991 com.apple.launchd 1 com.apple.cvmsServ 74 Exited 1.693992 seconds after the first signal was sent
1763998 com.apple.launchd 1 com.apple.cvmsServ 0 Exited while shutdown in progress. Processes remaining: 2/1
1764001 com.apple.launchd 1 com.apple.cvmsServ 0 Job is useless. Removing.
1764005 com.apple.launchd 1 com.apple.cvmsServ 0 Closing receive right for com.apple.cvmsServ
1764013 com.apple.launchd 1 com.apple.cvmsServ 0 Mach service deleted: com.apple.cvmsServ
1764018 com.apple.launchd 1 com.apple.cvmsServ 0 Removed
1764022 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
1764469 com.apple.launchd 1 com.apple.securityd 15 Job is active: PID is still valid
1764472 com.apple.launchd 1 com.apple.securityd 15 Job was sent SIGTERM.
1764475 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job is active: PID is still valid
1764478 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job was sent SIGTERM.
1764480 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
1764482 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
1764488 com.apple.launchd 1 com.apple.launchd 1 MIG request.
5003588 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
5003616 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 140275041194496/-7
5003626 com.apple.launchd 1 com.apple.launchd 1 System: Shutdown timer firing.
5003658 com.apple.launchd 1 com.apple.launchd 1 System: Still alive with 2/1 (normal/anonymous) children.
5003674 com.apple.launchd 1 com.apple.securityd 15 PID is still valid
5003707 com.apple.launchd 1 com.apple.securityd 15 Killability: dirty/idle-exit unsupported
5003719 com.apple.launchd 1 com.apple.coreservices.appleevents 52 PID is still valid
5003733 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Killability: dirty/idle-exit supported
5003737 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
5003755 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
5003766 com.apple.launchd 1 com.apple.launchd 1 MIG request.
10003586 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
10003614 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 140275041194496/-7
10003623 com.apple.launchd 1 com.apple.launchd 1 System: Shutdown timer firing.
10003655 com.apple.launchd 1 com.apple.launchd 1 System: Still alive with 2/1 (normal/anonymous) children.
10003671 com.apple.launchd 1 com.apple.securityd 15 PID is still valid
10003691 com.apple.launchd 1 com.apple.securityd 15 Killability: dirty/idle-exit unsupported
10003703 com.apple.launchd 1 com.apple.coreservices.appleevents 52 PID is still valid
10003717 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Killability: dirty/idle-exit supported
10003721 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
10003725 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
10003736 com.apple.launchd 1 com.apple.launchd 1 MIG request.
15003586 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
15003613 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 140275041194496/-7
15003623 com.apple.launchd 1 com.apple.launchd 1 System: Shutdown timer firing.
15003655 com.apple.launchd 1 com.apple.launchd 1 System: Still alive with 2/1 (normal/anonymous) children.
15003672 com.apple.launchd 1 com.apple.securityd 15 PID is still valid
15003692 com.apple.launchd 1 com.apple.securityd 15 Killability: dirty/idle-exit unsupported
15004437 com.apple.launchd 1 com.apple.coreservices.appleevents 52 PID is still valid
15004446 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Killability: dirty/idle-exit supported
15004450 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
15004452 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
15004461 com.apple.launchd 1 com.apple.launchd 1 MIG request.
20003587 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
20003614 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 140275041194496/-7
20003624 com.apple.launchd 1 com.apple.launchd 1 System: Shutdown timer firing.
20003656 com.apple.launchd 1 com.apple.launchd 1 System: Still alive with 2/1 (normal/anonymous) children.
20003673 com.apple.launchd 1 com.apple.securityd 15 PID is still valid
20003693 com.apple.launchd 1 com.apple.securityd 15 Killability: dirty/idle-exit unsupported
20003705 com.apple.launchd 1 com.apple.coreservices.appleevents 52 PID is still valid
20003719 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Killability: dirty/idle-exit supported
20003723 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
20003727 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
20003738 com.apple.launchd 1 com.apple.launchd 1 MIG request.
20068322 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
20068352 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 140275038186392/-7
20068361 com.apple.launchd 1 com.apple.securityd 15 Dispatching kevent callback.
20068394 com.apple.launchd 1 com.apple.securityd 15 Exit timeout elapsed (20 seconds). Killing
20068432 com.apple.launchd 1 com.apple.securityd 15 Sent SIGKILL signal
20068436 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
20068440 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
20068451 com.apple.launchd 1 com.apple.launchd 1 MIG request.
20068602 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 69
20068621 com.apple.launchd 1 com.apple.launchd 1 System: Receive right returned to us: com.apple.SecurityServer
20068662 com.apple.launchd 1 com.apple.securityd 15 Tried to dispatch an already active job: PID is still valid.
20068669 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
20068675 com.apple.launchd 1 com.apple.securityd 15 Job is active: PID is still valid
20068680 com.apple.launchd 1 com.apple.securityd 15 Job was sent SIGTERM and SIGKILL.
20068685 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job is active: PID is still valid
20068699 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job was sent SIGTERM.
20068702 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
20068704 com.apple.launchd 1 com.apple.launchd 1 MIG request.
20069869 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
20069919 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 34/-1
20069943 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
20069945 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 15/-5
20069950 com.apple.launchd 1 com.apple.securityd 15 Dispatching kevent callback.
20069953 com.apple.launchd 1 com.apple.securityd 15 EVFILT_PROC event for job.
20069956 com.apple.launchd 1 com.apple.securityd 15 Reaping
20069984 com.apple.launchd 1 com.apple.securityd 15 Exited 20.002762 seconds after the first signal was sent
20069991 com.apple.launchd 1 com.apple.securityd 0 Exited while shutdown in progress. Processes remaining: 1/1
20069994 com.apple.launchd 1 com.apple.securityd 0 Job is useless. Removing.
20069999 com.apple.launchd 1 com.apple.securityd 0 Closing receive right for com.apple.SecurityServer
20070005 com.apple.launchd 1 com.apple.securityd 0 Mach service deleted: com.apple.SecurityServer
20070011 com.apple.launchd 1 com.apple.securityd 0 Removed
20070015 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
20070017 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job is active: PID is still valid
20070020 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Job was sent SIGTERM.
20070022 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
20070024 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
20070030 com.apple.launchd 1 com.apple.launchd 1 MIG request.
20070639 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
20070658 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 140275038068248/-7
20070664 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Dispatching kevent callback.
20070684 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Exit timeout elapsed (20 seconds). Killing
20070707 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Sent SIGKILL signal
20070710 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
20070712 com.apple.launchd 1 com.apple.launchd 1 MIG demux succeeded.
20070718 com.apple.launchd 1 com.apple.launchd 1 MIG request.
20071328 com.apple.launchd 1 com.apple.launchd 1 MIG callout: 137000
20071346 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 56/-1
20071375 com.apple.launchd 1 com.apple.launchd 1 Handled kevent.
20071378 com.apple.launchd 1 com.apple.launchd 1 Dispatching kevent (ident/filter): 52/-5
20071384 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Dispatching kevent callback.
20071387 com.apple.launchd 1 com.apple.coreservices.appleevents 52 EVFILT_PROC event for job.
20071390 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Reaping
20071415 com.apple.launchd 1 com.apple.coreservices.appleevents 52 Exited 20.001155 seconds after the first signal was sent
20071423 com.apple.launchd 1 com.apple.coreservices.appleevents 0 Exited while shutdown in progress. Processes remaining: 0/1
20071476 com.apple.launchd 1 com.apple.coreservices.appleevents 0 Job was last to exit during shutdown of: System.
20071480 com.apple.launchd 1 com.apple.coreservices.appleevents 0 Job is useless. Removing.
20071484 com.apple.launchd 1 com.apple.coreservices.appleevents 0 Closing receive right for com.apple.coreservices.appleevents
20071494 com.apple.launchd 1 com.apple.coreservices.appleevents 0 Mach service deleted: com.apple.coreservices.appleevents
20071501 com.apple.launchd 1 com.apple.coreservices.appleevents 0 Removed
20071505 com.apple.launchd 1 com.apple.launchd 1 System: No submanagers left.
20071508 com.apple.launchd 1 com.apple.launchd 1 System: Removing.
20071511 com.apple.launchd 1 com.apple.launchd 1 System: Removing job manager.
20071513 com.apple.launchd 1 0x7f9453d343a0.anonymous.launchd 1 Reaping
20071519 com.apple.launchd 1 0x7f9453d343a0.anonymous.launchd 0 Removed
20071643 com.apple.launchd 1 com.apple.launchd 1 System: Userspace shutdown finished at: Tue Apr 2 18:15:45 2013
20071651 com.apple.launchd 1 com.apple.launchd 1 System: Userspace shutdown took approximately 21 seconds.
20071691 com.apple.launchd 1 com.apple.launchd 1 VM statistics (now): Free: 609252 Active: 147366 Inactive: 36746 Reactivations: 156394 PageIns: 173880 PageOuts: 2555 Faults: 62831873 COW-Faults: 543021 Purgeable: 6 Purges: 23169
20071717 com.apple.launchd 1 com.apple.launchd 1 System: About to call: reboot(RB_HALT).
Apr 3 10:58:37 --- last message repeated 8 times ---
Apr 3 10:59:26 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:49449 from 192.168.0.1:53
Apr 3 11:05:39 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Apr 3 11:05:56 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:52987 from 192.168.0.1:53
Apr 3 11:12:42 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:53413 from 192.168.0.1:53
Apr 3 11:15:39 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Apr 3 11:15:39 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.3:137 to port 137 proto=17
Apr 3 11:25:39 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Apr 3 11:25:39 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.3:137 to port 137 proto=17
Apr 3 11:28:59 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:52555 from 192.168.0.1:53
Apr 3 11:28:59 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:52706 from 192.168.0.1:53
Apr 3 11:35:39 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.3:137 to port 137 proto=17
Apr 3 11:43:44 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:51543 from 192.168.0.1:53
Apr 3 11:45:16 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:56073 from 192.168.0.1:53
Apr 3 11:46:15 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:63180 from 192.168.0.1:53
Apr 3 11:47:08 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:53750 from 192.168.0.1:53
Apr 3 11:57:43 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:57559 from 192.168.0.1:53
Apr 3 11:59:46 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:64774 from 192.168.0.1:53
Apr 3 12:00:22 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Apr 3 12:10:22 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Apr 3 12:10:22 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.3:137 to port 137 proto=17
Apr 3 12:14:14 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from 0.0.0.0:58563 proto=6
Apr 3 12:14:14 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from :::58563 proto=6
Apr 3 12:14:25 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:64964 from 192.168.0.1:53
Apr 3 12:15:24 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:58646 from 192.168.0.1:53
Apr 3 12:16:01 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:60959 from 192.168.0.1:53
Apr 3 12:16:14 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:63601 from 192.168.0.1:53
Apr 3 12:16:38 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:62278 from 192.168.0.1:53
Apr 3 12:17:58 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:59335 from 192.168.0.1:53
Apr 3 12:18:13 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:60677 from 192.168.0.1:53
Apr 3 12:20:22 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Apr 3 12:20:22 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.3:137 to port 137 proto=17
Apr 3 12:20:50 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:61698 from 192.168.0.1:53
Apr 3 12:29:12 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from 0.0.0.0:58583 proto=6
Apr 3 12:29:12 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from :::58583 proto=6
Apr 3 12:29:52 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.3:137 to port 137 proto=17
Apr 3 12:30:52 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from 0.0.0.0:58584 proto=6
Apr 3 12:30:52 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from :::58584 proto=6
Apr 3 12:31:36 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:49956 from 192.168.0.1:53
Apr 3 12:34:23 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from 0.0.0.0:58585 proto=6
Apr 3 12:34:23 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: NetworkBrowserAg is listening from :::58585 proto=6
Apr 3 12:44:36 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Stealth Mode connection attempt to UDP 192.168.0.2:54960 from 192.168.0.1:53
Apr 3 12:46:01 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Apr 3 12:46:16 --- last message repeated 8 times ---
Apr 3 12:46:16 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: AppleFileServer is listening from 0.0.0.0:548 proto=6
Apr 3 12:46:16 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: AppleFileServer is listening from :::548 proto=6
Apr 3 12:46:17 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: kdc is listening from :::88 proto=6
Apr 3 12:46:17 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: kdc is listening from 0.0.0.0:88 proto=6
Apr 3 12:46:32 Sandis-MacBook-Pro.local socketfilterfw[103] <Info>: Deny netbiosd data in from 192.168.0.2:137 to port 137 proto=17
Sat Mar 30 09:01:08 PDT 2013
creating system keychain entries
...Generating key pair...
...creating certificate...
Serial Number : 35 AE 15 14
Issuer Name :
Common Name : com.apple.systemdefault
Org : System Identity
Subject Name :
Common Name : com.apple.systemdefault
Org : System Identity
Cert Sig Algorithm : OID : < 06 09 2A 86 48 86 F7 0D 01 01 05 >
alg params : 05 00
Not Before : 16:01:10 Mar 30, 2013
Not After : 16:01:10 Mar 25, 2033
Pub Key Algorithm : OID : < 06 09 2A 86 48 86 F7 0D 01 01 01 >
alg params : 05 00
Pub key Bytes : Length 140 bytes : 30 81 89 02 81 81 00 C0 ...
CSSM Key :
Algorithm : RSA
Key Size : 1024 bits
Key Use : CSSM_KEYUSE_ENCRYPT CSSM_KEYUSE_VERIFY CSSM_KEYUSE_WRAP
Signature : 128 bytes : 43 19 B4 05 5D BC 9F FD ...
Extension struct : OID : < 06 03 55 1D 0F >
Critical : FALSE
usage : DigitalSignature KeyEncipherment DataEncipherment
Extension struct : OID : < 06 03 55 1D 25 >
Critical : FALSE
purpose 0 : OID : < 06 09 2A 86 48 86 F7 63 64 04 04 >
..cert stored in Keychain.
..identity registered for domain com.apple.systemdefault.
...Generating key pair...
...creating certificate...
Serial Number : 11 13 AB 47
Issuer Name :
Common Name : com.apple.kerberos.kdc
Org : System Identity
Subject Name :
Common Name : com.apple.kerberos.kdc
Org : System Identity
Cert Sig Algorithm : OID : < 06 09 2A 86 48 86 F7 0D 01 01 05 >
alg params : 05 00
Not Before : 16:01:12 Mar 30, 2013
Not After : 16:01:12 Mar 25, 2033
Pub Key Algorithm : OID : < 06 09 2A 86 48 86 F7 0D 01 01 01 >
alg params : 05 00
Pub key Bytes : Length 140 bytes : 30 81 89 02 81 81 00 AC ...
CSSM Key :
Algorithm : RSA
Key Size : 1024 bits
Key Use : CSSM_KEYUSE_ENCRYPT CSSM_KEYUSE_VERIFY CSSM_KEYUSE_WRAP CSSM_KEYUSE_DERIVE
Signature : 128 bytes : 7A 90 98 40 A2 DD 43 E4 ...
Extension struct : OID : < 06 03 55 1D 0F >
Critical : FALSE
usage : DigitalSignature KeyEncipherment
Extension struct : OID : < 06 03 55 1D 25 >
Critical : FALSE
purpose 0 : OID : < 06 08 2B 06 01 05 05 07 03 01 >
Extension struct : OID : < 06 03 55 1D 25 >
Critical : FALSE
purpose 0 : OID : < 06 07 2B 06 01 05 02 03 05 >
..cert stored in Keychain.
..identity registered for domain com.apple.kerberos.kdc.
added /System/Library/PrivateFrameworks/Heimdal.framework/Helpers/kdc to acl for com.apple.kerberos.kdc
using LKDC realm: LKDC:SHA1.14F37CF64B5822413F88F2DA83682FF1225D92E4
no mkey, creating one
kadmin: writing key to "/var/db/krb5kdc/m-key"
No such key: dsAttrTypeNative:KerberosKeys
no krbtgt kerberos keys, forcing re-init
init database
LKDC:SHA1.14F37CF64B5822413F88F2DA83682FF1225D92E4 created
/usr/sbin/kadmin add host/LKDC:SHA1.14F37CF64B5822413F88F2DA83682FF1225D92E4@LKDC:SHA1.14F37CF64B582 2413F88F2DA83682FF1225D92E4
ktutil: remove: Key table entry not found
/usr/sbin/kadmin ext_keytab
/usr/bin/defaults write /Library/Preferences/com.apple.AppleFileServer kerberosPrincipal afpserver/LKDC:SHA1.14F37CF64B5822413F88F2DA83682FF1225D92E4@LKDC:SHA1.14F37CF6 4B5822413F88F2DA83682FF1225D92E4
ktutil: remove: Key table entry not found
/usr/sbin/kadmin ext_keytab
/usr/bin/defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server LocalKerberosRealm LKDC:SHA1.14F37CF64B5822413F88F2DA83682FF1225D92E4
ktutil: remove: Key table entry not found
/usr/sbin/kadmin ext_keytab
ktutil: remove: Key table entry not found
/usr/sbin/kadmin ext_keytab
[ERROR] 207c6eb261e [13/03/31 12:35:39.425] 337.main db_prepare_blocking:1278 conn#0 active (create|first-open|in-txn|for-update|can-rollback), owner:main, retains:1, changes:0-0 can't prepare 'select max(local_rank) from item_table;': db error 1 (no such table: item_table)
[ERROR] 207c6ec1213 [13/03/31 12:35:39.425] 337.main iidb_has_schema:4773 failed to prepare 'select max(local_rank) from item_table;'
[ERROR] 207c84dd33c [13/03/31 12:35:39.448] {FFFFFFFF} 337.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 207ca1414de [13/03/31 12:35:39.478] {FFFFFFFF} 337.main ubd_main:2876 No identities defined.
[warn] 207ca470265 [13/03/31 12:35:39.482] {FFFFFFFF} 337.main set_computer_name:114 Not setting the computer name without a collection/config only mode
[ERROR] 207ca665839 [13/03/31 12:35:39.484] {FFFFFFFF} 337.com.apple.ubiquity.SRConnection.callouts.0x7fc854e00100 get_collection_status:939 no collection config found for default
[ERROR] 207cbab961b [13/03/31 12:35:39.505] {FFFFFFFF} 337.com.apple.ubiquity.SRConnection.callouts.0x7fc854e00100 get_collection_status:939 no collection config found for default
[ERROR] 338309eae3bf [13/04/02 17:08:40.429] 1570.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 338309f08ac6 [13/04/02 17:08:40.430] 1570.main ubd_main:2705 null personid
[ERROR] 33831a288714 [13/04/02 17:08:40.702] {FFFFFFFF} 1570.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 338322d3d7d0 [13/04/02 17:08:40.847] {FFFFFFFF} 1570.main ubd_main:2876 No identities defined.
[warn] 3383242b6241 [13/04/02 17:08:40.870] {FFFFFFFF} 1570.main set_computer_name:114 Not setting the computer name without a collection/config only mode
[ERROR] 3383244acfb8 [13/04/02 17:08:40.872] {FFFFFFFF} 1570.com.apple.ubiquity.SRConnection.callouts.0x7fadeb904510 get_collection_status:939 no collection config found for default
[ERROR] 338327087c72 [13/04/02 17:08:40.918] {FFFFFFFF} 1570.com.apple.ubiquity.SRConnection.callouts.0x7fadeb904510 get_collection_status:939 no collection config found for default
[ERROR] 36d350beb607 [13/04/02 18:10:18.735] 1685.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 36d35205827c [13/04/02 18:10:18.756] 1685.main ubd_main:2705 null personid
[ERROR] 36d3681bcf39 [13/04/02 18:10:19.127] {FFFFFFFF} 1685.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 36d36f71d6bc [13/04/02 18:10:19.250] {FFFFFFFF} 1685.main ubd_main:2876 No identities defined.
[warn] 36d373df35f7 [13/04/02 18:10:19.324] {FFFFFFFF} 1685.main set_computer_name:114 Not setting the computer name without a collection/config only mode
[ERROR] 36d37400ebb1 [13/04/02 18:10:19.326] {FFFFFFFF} 1685.com.apple.ubiquity.SRConnection.callouts.0x7fdb55200790 get_collection_status:939 no collection config found for default
[ERROR] 36d377a068a5 [13/04/02 18:10:19.387] {FFFFFFFF} 1685.com.apple.ubiquity.SRConnection.callouts.0x7fdb55200790 get_collection_status:939 no collection config found for default
[ERROR] 27485196ae35 [13/04/03 10:10:32.783] 1005.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 2748519b20f7 [13/04/03 10:10:32.783] 1005.main ubd_main:2705 null personid
[ERROR] 27485993de22 [13/04/03 10:10:32.917] {FFFFFFFF} 1005.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 2748619327e7 [13/04/03 10:10:33.051] {FFFFFFFF} 1005.main ubd_main:2876 No identities defined.
[warn] 274861a1d3c8 [13/04/03 10:10:33.052] {FFFFFFFF} 1005.main set_computer_name:114 Not setting the computer name without a collection/config only mode
[ERROR] 274861b8c8f9 [13/04/03 10:10:33.053] {FFFFFFFF} 1005.com.apple.ubiquity.SRConnection.callouts.0x7f99462058e0 get_collection_status:939 no collection config found for default
[ERROR] 2748632172e3 [13/04/03 10:10:33.077] {FFFFFFFF} 1005.com.apple.ubiquity.SRConnection.callouts.0x7f99462058e0 get_collection_status:939 no collection config found for default
[ERROR] 290363fa1dae [13/04/03 10:42:15.723] 1083.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 290363facdf7 [13/04/03 10:42:15.723] 1083.main ubd_main:2705 null personid
[ERROR] 290364294ffb [13/04/03 10:42:15.726] {FFFFFFFF} 1083.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 2903643a312b [13/04/03 10:42:15.727] {FFFFFFFF} 1083.main ubd_main:2876 No identities defined.
[warn] 2903644b6079 [13/04/03 10:42:15.729] {FFFFFFFF} 1083.main set_computer_name:114 Not setting the computer name without a collection/config only mode
[ERROR] 29036462d977 [13/04/03 10:42:15.730] {FFFFFFFF} 1083.com.apple.ubiquity.SRConnection.callouts.0x7ff1fe500680 get_collection_status:939 no collection config found for default
[ERROR] 2903646c59a7 [13/04/03 10:42:15.731] {FFFFFFFF} 1083.com.apple.ubiquity.SRConnection.callouts.0x7ff1fe500680 get_collection_status:939 no collection config found for default
[ERROR] 33b14d9f8d78 [13/04/03 13:57:57.558] 1384.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 33b14e46305b [13/04/03 13:57:57.569] 1384.main ubd_main:2705 null personid
[ERROR] 33b1518285ab [13/04/03 13:57:57.623] {FFFFFFFF} 1384.main copy_mme_bag:229 copyPreferredMobileMeName failed
[ERROR] 33b153350387 [13/04/03 13:57:57.652] {FFFFFFFF} 1384.main ubd_main:2876 No identities defined.
[warn] 33b1534b8f84 [13/04/03 13:57:57.653] {FFFFFFFF} 1384.main set_computer_name:114 Not setting the computer name without a collection/config only mode
[ERROR] 33b1536b842a [13/04/03 13:57:57.655] {FFFFFFFF} 1384.com.apple.ubiquity.SRConnection.callouts.0x7f85e3309a90 get_collection_status:939 no collection config found for default
[ERROR] 33b15462a2ec [13/04/03 13:57:57.671] {FFFFFFFF} 1384.com.apple.ubiquity.SRConnection.callouts.0x7f85e3309a90 get_collection_status:939 no collection config found for
Apr 3 00:30:15 Sandis-MacBook-Pro newsyslog[420]: logfile turned over
Apr 3 00:58:12 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en0
Apr 3 00:58:13 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0-:192.168.0.2) DNS- Proxy SMB
Apr 3 00:59:05 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en0, 100-Megabit, Full-duplex, Symmetric flow-control, Debug [796d,0321,0d01,0000,45e1,0000]
Apr 3 00:59:06 Sandis-MacBook-Pro com.apple.launchd.peruser.501[132] (com.apple.NetworkDiagnostics[449]): Check-in of Mach service failed. Already active: com.apple.NetworkDiagnostic.agent
Apr 3 00:59:06 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0+:192.168.0.2) DNS+ Proxy SMB
Apr 3 00:59:51 Sandis-MacBook-Pro.local Remote Desktop Connection[456]: objc[456]: Class NLAssertionHandler is implemented in both /Applications/Remote Desktop Connection.app/Contents/Frameworks/mbuinstrument.framework/Versions/14/mbuinstr ument and /Applications/Remote Desktop Connection.app/Contents/Frameworks/TSClient.framework/Versions/14/TSClient. One of the two will be used. Which one is undefined.
Apr 3 01:00:18 Sandis-MacBook-Pro.local Remote Desktop Connection[463]: objc[463]: Class NLAssertionHandler is implemented in both /Applications/Remote Desktop Connection.app/Contents/Frameworks/mbuinstrument.framework/Versions/14/mbuinstr ument and /Applications/Remote Desktop Connection.app/Contents/Frameworks/TSClient.framework/Versions/14/TSClient. One of the two will be used. Which one is undefined.
Apr 3 01:01:08 Sandis-MacBook-Pro.local Remote Desktop Connection[469]: objc[469]: Class NLAssertionHandler is implemented in both /Applications/Remote Desktop Connection.app/Contents/Frameworks/mbuinstrument.framework/Versions/14/mbuinstr ument and /Applications/Remote Desktop Connection.app/Contents/Frameworks/TSClient.framework/Versions/14/TSClient. One of the two will be used. Which one is undefined.
Apr 3 01:02:39 Sandis-MacBook-Pro.local WindowServer[70]: CGXSetWindowBackgroundBlurRadius: Invalid window 0xffffffff
Apr 3 01:03:09 --- last message repeated 1 time ---
Apr 3 01:10:17 Sandis-MacBook-Pro.local Remote Desktop Connection[488]: objc[488]: Class NLAssertionHandler is implemented in both /Applications/Remote Desktop Connection.app/Contents/Frameworks/mbuinstrument.framework/Versions/14/mbuinstr ument and /Applications/Remote Desktop Connection.app/Contents/Frameworks/TSClient.framework/Versions/14/TSClient. One of the two will be used. Which one is undefined.
Apr 3 01:15:01 Sandis-MacBook-Pro.local WindowServer[70]: CGXSetWindowBackgroundBlurRadius: Invalid window 0xffffffff
Apr 3 01:15:31 --- last message repeated 1 time ---
Apr 3 01:16:27 Sandis-MacBook-Pro.local com.apple.ShareKitHelper[430]: --warning: [ShareKit-XPC] Received XPC_ERROR_CONNECTION_INVALID
Apr 3 01:16:27 Sandis-MacBook-Pro.local com.apple.ShareKitHelper[430]: --warning: [ShareKit-XPC] connectionWithClientInterrupted
Apr 3 01:16:27 Sandis-MacBook-Pro.local com.apple.ShareKitHelper[430]: --warning: [ShareKit] Cancel UI for running services with Client PID: 488
Apr 3 01:16:32 Sandis-MacBook-Pro.local com.apple.ShareKitHelper[430]: --warning: [ShareKit-XPC] Received XPC_ERROR_CONNECTION_INVALID
Apr 3 01:16:32 Sandis-MacBook-Pro.local com.apple.ShareKitHelper[430]: --warning: [ShareKit-XPC] connectionWithClientInterrupted
Apr 3 01:16:32 Sandis-MacBook-Pro.local com.apple.ShareKitHelper[430]: --warning: [ShareKit] Cancel UI for running services with Client PID: 469
Apr 3 01:18:32 Sandis-MacBook-Pro.local System Preferences[478]: Unable to open IOHIDSystem (e00002bd)
Apr 3 01:18:32 Sandis-MacBook-Pro kernel[0]: virtual bool IOHIDEventSystemUserClient::initWithTask(task_t, void *, UInt32): Client task not privileged to open IOHIDSystem for mapping memory (e00002c1)
Apr 3 01:18:32 Sandis-MacBook-Pro.local System Preferences[478]: [BluetoothHIDDevice][initWithHIDDevice] Unable to get Object ID from IORegistry
Apr 3 01:19:02 --- last message repeated 1 time ---
Apr 3 01:19:33 Sandis-MacBook-Pro.local System Preferences[478]: [BluetoothHIDDevice][initWithHIDDevice] Unable to get Object ID from IORegistry
Apr 3 01:19:36 Sandis-MacBook-Pro.local System Preferences[478]: [BluetoothHIDDevice][initWithHIDDevice] Unable to get Object ID from IORegistry
Apr 3 01:20:56 Sandis-MacBook-Pro.local System Preferences[478]: [BluetoothHIDDevice][initWithHIDDevice] Unable to get Object ID from IORegistry
Apr 3 01:34:10 Sandis-MacBook-Pro.local Safari[157]: CGImageCreate: invalid image size: 0 x 0.
Apr 3 01:56:37 Sandis-MacBook-Pro kernel[0]: AppleBCM5701Ethernet: 0 1 BCM5701Enet::replaceOrCopyPacket worked after N tries
Apr 3 02:18:26 Sandis-MacBook-Pro.local SubmitDiagInfo[564]: Launched to submit Diagnostics and Usage
Apr 3 02:37:49 Sandis-MacBook-Pro.local WindowServer[70]: CoreAnimation: context hosting changed while locked!
Apr 3 03:47:14 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en0
Apr 3 03:47:15 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0-:192.168.0.2) DNS- Proxy SMB
Apr 3 03:47:43 Sandis-MacBook-Pro.local WindowServer[70]: CGXSetWindowBackgroundBlurRadius: Invalid window 0xffffffff
Apr 3 03:47:43 Sandis-MacBook-Pro.local loginwindow[42]: find_shared_window: WID -1
Apr 3 03:47:43 Sandis-MacBook-Pro.local loginwindow[42]: CGSGetWindowTags: Invalid window 0xffffffff
Apr 3 03:47:43 Sandis-MacBook-Pro.local loginwindow[42]: find_shared_window: WID -1
Apr 3 03:47:43 Sandis-MacBook-Pro.local loginwindow[42]: CGSSetWindowTags: Invalid window 0xffffffff
Apr 3 03:47:43 Sandis-MacBook-Pro.local loginwindow[42]: find_shared_window: WID 37
Apr 3 03:47:43 Sandis-MacBook-Pro.local WindowServer[70]: Created shield window 0x2cb for display 0x042728c0
Apr 3 03:47:43 Sandis-MacBook-Pro.local WindowServer[70]: device_generate_desktop_screenshot: authw 0x7f7f8221fe10(2000), shield 0x7f7f79ac9430(2001)
Apr 3 03:47:43 Sandis-MacBook-Pro.local WindowServer[70]: device_generate_lock_screen_screenshot: authw 0x7f7f8221fe10(2000), shield 0x7f7f79ac9430(2001)
Apr 3 03:48:43 Sandis-MacBook-Pro.local Office365Service[687]: System shutdown notification
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: hibernate image path: /var/vm/sleepimage
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: AirPort_Brcm43xx::powerChange: System Sleep
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: hibernate_alloc_pages act 381892, inact 95358, anon 51742, throt 0, spec 216478, wire 268828, wireinit 196975
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: hibernate_setup(0) took 0 ms
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: sizeof(IOHibernateImageHeader) == 512
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: kern_open_file_for_direct_io(0) took 39 ms
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: Opened file /var/vm/sleepimage, size 4294967296, partition base 0x0, maxio 400000 ssd 0
Apr 3 03:48:43 Sandis-MacBook-Pro kernel[0]: hibernate image major 1, minor 0, blocksize 512, pollers 5
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: hibernate_page_list_setall(preflight 0) start 0xffffff8090856000, 0xffffff8090876000
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: hibernate_page_list_setall time: 230 ms
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: pages 955448, wire 250312, act 291610, inact 2, cleaned 0 spec 219, zf 47226, throt 0, could discard act 90364 inact 46972 purgeable 12481 spec 216262 cleaned 0
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: hibernate_page_list_setall found pageCount 589369
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: IOHibernatePollerOpen, ml_get_interrupts_enabled 0
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: IOHibernatePollerOpen(0)
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: encryptStart 13230
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: bitmap_size 0x1f8dc, previewSize 0x4e16f8, writing 587784 pages @ 0x514204
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: encryptEnd b968e00
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: image1Size 0xfd21800, encryptStart1 0x13230, End1 0xb968e00
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: encryptStart fd21800
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: encryptEnd 30e58600
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: PMStats: Hibernate write took 9459 ms
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: all time: 9459 ms, comp bytes: 2408108032 time: 2661 ms 862 Mb/s, crypt bytes: 749259216 time: 1750 ms 408 Mb/s,
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: image 820348416 (19%), uncompressed 2408108032 (587917), compressed 810620048 (33%), sum1 4a0e50a7, sum2 3fc760b9
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: wired_pages_encrypted 207569, wired_pages_clear 41291, dirty_pages_encrypted 339057
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: hibernate_write_image done(0)
Apr 3 03:48:56 Sandis-MacBook-Pro kernel[0]: sleep
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: Wake reason: EHC1
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: AirPort_Brcm43xx::powerChange: System Wake - Full Wake/ Dark Wake / Maintenance wake
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: AirPort_Brcm43xx::checkInterfacePowerState: Check _pwrOffThreadCall!
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: Previous Sleep Cause: 5
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: The USB device HubDevice (Port 1 of Hub at 0x1d000000) may have caused a wake by issuing a remote wakeup (2)
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: The USB device HubDevice (Port 8 of Hub at 0x1d100000) may have caused a wake by issuing a remote wakeup (3)
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: TBT W (1): 0 [x]
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: The USB device Apple Internal Keyboard / Trackpad (Port 3 of Hub at 0x1d180000) may have caused a wake by issuing a remote wakeup (3)
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: HID tickle 215 ms
Apr 3 04:05:46 Sandis-MacBook-Pro kernel[0]: NVRM: 0x702a called in D3
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: releasing authw 0x7f7f8221fe10(2004), shield 0x7f7f79ac9430(2001), lock state 3
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: err 0x0
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: Created shield window 0x2cc for display 0x003f003d
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: releasing authw 0x7f7f8221fe10(2002), shield 0x7f7f79ac9430(2001), lock state 3
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: err 0x0
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: Created shield window 0x2cd for display 0x003f003e
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: releasing authw 0x7f7f8221fe10(2002), shield 0x7f7f79ac9430(2001), lock state 3
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: err 0x0
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: Created shield window 0x2ce for display 0x003f003f
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: releasing authw 0x7f7f8221fe10(2002), shield 0x7f7f79ac9430(2001), lock state 3
Apr 3 04:05:46 Sandis-MacBook-Pro.local WindowServer[70]: handle_will_sleep_auth_and_shield_windows: err 0x0
Apr 3 04:05:46 Sandis-MacBook-Pro.local loginwindow[42]: resume called when there was already a timer
Apr 3 04:06:17 Sandis-MacBook-Pro.local WindowServer[70]: Created shield window 0x2cf for display 0x042728c0
Apr 3 04:06:17 Sandis-MacBook-Pro.local WindowServer[70]: device_generate_desktop_screenshot: authw 0x7f7f8221fe10(2000), shield 0x7f7f79ac9430(2001)
Apr 3 04:06:17 Sandis-MacBook-Pro.local WindowServer[70]: device_generate_lock_screen_screenshot: authw 0x7f7f8221fe10(2000), shield 0x7f7f79ac9430(2001)
Apr 3 04:07:17 Sandis-MacBook-Pro.local Office365Service[687]: System shutdown notification
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: hibernate image path: /var/vm/sleepimage
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: hibernate_alloc_pages act 389580, inact 94215, anon 50585, throt 0, spec 216467, wire 237065, wireinit 196975
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: hibernate_setup(0) took 0 ms
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: sizeof(IOHibernateImageHeader) == 512
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: AirPort_Brcm43xx::powerChange: System Sleep
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: kern_open_file_for_direct_io(0) took 0 ms
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: Opened file /var/vm/sleepimage, size 4294967296, partition base 0x0, maxio 400000 ssd 0
Apr 3 04:07:17 Sandis-MacBook-Pro kernel[0]: hibernate image major 1, minor 0, blocksize 512, pollers 5
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: hibernate_page_list_setall(preflight 0) start 0xffffff8090856000, 0xffffff8090876000
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: hibernate_page_list_setall time: 210 ms
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: pages 920282, wire 216533, act 290239, inact 4, cleaned 0 spec 220, zf 47233, throt 0, could discard act 90344 inact 46974 purgeable 12487 spec 216248 cleaned 0
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: hibernate_page_list_setall found pageCount 554229
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: IOHibernatePollerOpen, ml_get_interrupts_enabled 0
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: IOHibernatePollerOpen(0)
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: encryptStart 13230
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: bitmap_size 0x1f8dc, previewSize 0x4e3700, writing 552642 pages @ 0x51620c
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: encryptEnd a56fe00
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: image1Size 0xe8e5a00, encryptStart1 0x13230, End1 0xa56fe00
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: encryptStart e8e5a00
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: encryptEnd 2f857800
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: PMStats: Hibernate write took 9217 ms
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: all time: 9217 ms, comp bytes: 2264166400 time: 2590 ms 833 Mb/s, crypt bytes: 726460880 time: 1697 ms 408 Mb/s,
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: image 797276160 (18%), uncompressed 2264166400 (552775), compressed 787896224 (34%), sum1 a16df253, sum2 3381b63f
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: wired_pages_encrypted 173778, wired_pages_clear 41301, dirty_pages_encrypted 337696
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: hibernate_write_image done(0)
Apr 3 04:07:30 Sandis-MacBook-Pro kernel[0]: sleep
Apr 3 10:14:55 Sandis-MacBook-Pro kernel[0]: (default pager): [KERNEL]: ps_select_segment - send HI_WAT_ALERT
Apr 3 10:14:55 Sandis-MacBook-Pro kernel[0]: macx_swapon SUCCESS
Apr 3 10:18:13 Sandis-MacBook-Pro kernel[0]: AppleUSBMultitouchDriver::validateChecksum - 150-byte packet checksum is incorrect (expected 0x14c2, checksum bytes were 0xbc0)
Apr 3 10:19:19 Sandis-MacBook-Pro.local login[1042]: in pam_sm_acct_mgmt(): OpenDirectory - Membership cache TTL set to 1800.
Apr 3 10:19:19 Sandis-MacBook-Pro.local login[1042]: in od_record_check_pwpolicy(): retval: 0
Apr 3 10:19:19 Sandis-MacBook-Pro.local login[1042]: in od_record_attribute_create_cfstring(): returned 2 attributes for dsAttrTypeStandard:AuthenticationAuthority
Apr 3 10:19:19 Sandis-MacBook-Pro.local login[1042]: USER_PROCESS: 1042 ttys000
Apr 3 10:36:06 Sandis-MacBook-Pro.local System Preferences[478]: [BluetoothHIDDevice][initWithHIDDevice] Unable to get Object ID from IORegistry
Apr 3 10:40:10 Sandis-MacBook-Pro.local NetworkBrowserAgent[173]: Terminate AirDrop P2P link
Apr 3 10:40:10 Sandis-MacBook-Pro.local NetworkBrowserAgent[173]: WormholeServer::copyMyAppleIDSecIdentity returned NULL
Apr 3 10:41:17 Sandis-MacBook-Pro.local NetworkBrowserAgent[173]: Terminate AirDrop P2P link
Apr 3 10:41:17 Sandis-MacBook-Pro.local NetworkBrowserAgent[173]: WormholeServer::copyMyAppleIDSecIdentity returned NULL
Apr 3 10:41:28 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en0
Apr 3 10:41:29 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0-:192.168.0.2) DNS- Proxy SMB
Apr 3 10:41:30 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en0, 100-Megabit, Full-duplex, Symmetric flow-control, Debug [796d,0321,0d01,0000,45e1,0000]
Apr 3 10:41:32 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0+:192.168.0.2) DNS+ Proxy SMB
Apr 3 10:41:35 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en0
Apr 3 10:41:36 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0-:192.168.0.2) DNS- Proxy SMB
Apr 3 10:41:36 Sandis-MacBook-Pro.local mDNSResponder[39]: DeregisterInterface: Frequent transitions for interface en0 (192.168.0.2)
Apr 3 10:41:47 Sandis-MacBook-Pro.local WindowServer[70]: CGXDeferSurfaces : Invalid source window 1103
Apr 3 10:41:47 Sandis-MacBook-Pro.local WindowServer[70]: dict count after removing entry for window 0x37 is 0
Apr 3 10:41:47 Sandis-MacBook-Pro com.apple.launchd.peruser.501[132] (com.apple.Finder[165]): Exited: Terminated: 15
Apr 3 10:42:10 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en0, 100-Megabit, Full-duplex, Symmetric flow-control, Debug [796d,0321,0d01,0000,45e1,0000]
Apr 3 10:42:11 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0+:192.168.0.2) DNS+ Proxy SMB
Apr 3 10:42:11 Sandis-MacBook-Pro.local mDNSResponder[39]: mDNS_RegisterInterface: Frequent transitions for interface en0 (FE80:0000:0000:0000:426C:8FFF:FE4B:F6C0)
Apr 3 10:42:11 Sandis-MacBook-Pro.local mDNSResponder[39]: mDNS_RegisterInterface: Frequent transitions for interface en0 (192.168.0.2)
Apr 3 10:42:15 Sandis-MacBook-Pro.local xpcd[176]: restored permissions (100644 -> 100744) on /Users/sandi/Library/Containers/com.apple.TextEdit/Container.plist
Apr 3 10:42:15 Sandis-MacBook-Pro.local librariand[1082]: MMe quota status changed: under quota
Apr 3 10:42:30 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link down on en0
Apr 3 10:42:31 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0-:192.168.0.2) DNS- Proxy SMB
Apr 3 10:42:31 Sandis-MacBook-Pro.local mDNSResponder[39]: DeregisterInterface: Frequent transitions for interface en0 (192.168.0.2)
Apr 3 10:42:56 Sandis-MacBook-Pro.local NetworkBrowserAgent[173]: Terminate AirDrop P2P link
Apr 3 10:42:56 Sandis-MacBook-Pro.local NetworkBrowserAgent[173]: WormholeServer::copyMyAppleIDSecIdentity returned NULL
Apr 3 10:43:37 Sandis-MacBook-Pro kernel[0]: Ethernet [AppleBCM5701Ethernet]: Link up on en0, 100-Megabit, Full-duplex, Symmetric flow-control, Debug [796d,2321,0d01,0000,45e1,0000]
Apr 3 10:43:39 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0+:192.168.0.2) DNS+ Proxy SMB
Apr 3 10:51:37 Sandis-MacBook-Pro.local WindowServer[70]: dict count after removing entry for window 0x450 is 0
Apr 3 10:51:37 Sandis-MacBook-Pro com.apple.launchd.peruser.501[132] (com.apple.Finder[1072]): Exited abnormally: Hangup: 1
Apr 3 10:55:26 Sandis-MacBook-Pro.local login[1042]: DEAD_PROCESS: 1042 ttys000
Apr 3 10:58:47 Sandis-MacBook-Pro.local Automator[1122]: -[AMApplicationRegistry loadDefinitionAtURL:]: No application name for definition at URL file://localhost/Library/Automator/Office.definition/
Apr 3 10:58:47 Sandis-MacBook-Pro.local Automator[1122]: -[AMApplicationRegistry _loadDefinitionsAtURLS:]: Failed to load definition at URL file://localhost/Library/Automator/Office.definition/
Apr 3 16:21:11 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Entering service
Apr 3 16:21:12 Sandis-MacBook-Pro.local systemkeychain[67]: done file: /var/run/systemkeychaincheck.done
Apr 3 16:21:12 Sandis-MacBook-Pro.local configd[18]: network changed: DNS*
Apr 3 16:21:12 Sandis-MacBook-Pro.local mDNSResponder[39]: D2D_IPC: Loaded
Apr 3 16:21:12 Sandis-MacBook-Pro.local mDNSResponder[39]: D2DInitialize succeeded
Apr 3 16:21:12 Sandis-MacBook-Pro.local UserEventAgent[11]: Captive: [HandleNetworkInformationChanged:2435] nwi_state_copy returned NULL
Apr 3 16:21:12 Sandis-MacBook-Pro.local loginwindow[42]: Login Window Application Started
Apr 3 16:21:12 Sandis-MacBook-Pro.local awacsd[56]: Starting awacsd connectivity-78.2 (Dec 16 2012 19:43:29)
Apr 3 16:21:12 Sandis-MacBook-Pro.local awacsd[56]: InnerStore CopyAllZones: no info in Dynamic Store
Apr 3 16:21:12 Sandis-MacBook-Pro.local loginwindow[42]: **DMPROXY** Found `/System/Library/CoreServices/DMProxy'.
Apr 3 16:21:12 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'com.apple.ServiceManagement.daemons.modify' by client '/usr/libexec/UserEventAgent' [11] for authorization created by '/usr/libexec/UserEventAgent' [11] (100012,0)
Apr 3 16:21:12 Sandis-MacBook-Pro kernel[0]: AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
Apr 3 16:21:12 Sandis-MacBook-Pro kernel[0]: en1::IO80211Interface::postMessage bssid changed
Apr 3 16:21:13 Sandis-MacBook-Pro.local netbiosd[81]: Unable to start NetBIOS name service:
Apr 3 16:21:13 Sandis-MacBook-Pro.local locationd[43]: Incorrect NSStringEncoding value 0x8000100 detected. Assuming NSASCIIStringEncoding. Will stop this compatiblity mapping behavior in the near future.
Apr 3 16:21:13 Sandis-MacBook-Pro.local digest-service[106]: label: default
Apr 3 16:21:13 Sandis-MacBook-Pro.local digest-service[106]: dbname: od:/Local/Default
Apr 3 16:21:13 Sandis-MacBook-Pro.local digest-service[106]: mkey_file: /var/db/krb5kdc/m-key
Apr 3 16:21:13 Sandis-MacBook-Pro.local digest-service[106]: acl_file: /var/db/krb5kdc/kadmind.acl
Apr 3 16:21:13 Sandis-MacBook-Pro.local digest-service[106]: digest-request: uid=0
Apr 3 16:21:13 Sandis-MacBook-Pro.local rpcsvchost[107]: sandbox_init: com.apple.msrpc.netlogon.sb succeeded
Apr 3 16:21:13 Sandis-MacBook-Pro.local digest-service[106]: digest-request: init request
Apr 3 16:21:13 Sandis-MacBook-Pro.local digest-service[106]: digest-request: init return domain: BUILTIN server: SANDIS-MACBOOK-PRO
Apr 3 16:21:15 Sandis-MacBook-Pro.local locationd[43]: NOTICE,Location icon should now be in state 0
Apr 3 16:21:20 Sandis-MacBook-Pro.local configd[18]: network changed: v4(en0+:192.168.0.2) DNS+ Proxy SMB
Apr 3 16:21:20 Sandis-MacBook-Pro.local ntpd[101]: proto: precision = 1.000 usec
Apr 3 16:21:22 Sandis-MacBook-Pro.local WindowServer[74]: Created shield window 0x9 for display 0x042728c0
Apr 3 16:21:22 Sandis-MacBook-Pro.local WindowServer[74]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 2, "Color LCD"}; TransferTable (256, 3)
Apr 3 16:21:22 Sandis-MacBook-Pro.local launchctl[113]: com.apple.findmymacmessenger: Already loaded
Apr 3 16:21:22 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Session 100004 created
Apr 3 16:21:22 Sandis-MacBook-Pro.local UserEventAgent[114]: cannot find useragent 1102
Apr 3 16:21:22 Sandis-MacBook-Pro.local hidd[46]: CGSShutdownServerConnections: Detaching application from window server
Apr 3 16:21:22 Sandis-MacBook-Pro.local hidd[46]: CGSDisplayServerShutdown: Detaching display subsystem from window server
Apr 3 16:21:22 Sandis-MacBook-Pro.local loginwindow[42]: Login Window Started Security Agent
Apr 3 16:21:22 Sandis-MacBook-Pro.local SecurityAgent[121]: This is the first run
Apr 3 16:21:22 Sandis-MacBook-Pro.local SecurityAgent[121]: MacBuddy was run = 0
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x42728c0
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003d
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003e
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003f
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: MPAccessSurfaceForDisplayDevice: Set up page flip mode on display 0x042728c0 device: 0x100a8fa10 isBackBuffered: 1 numComp: 3 numDisp: 3
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: CGXMuxAcknowledge: Posting glitchless acknowledge
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x42728c0
Apr 3 16:21:23 Sandis-MacBook-Pro.local WindowServer[74]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 2, "Color LCD"}; TransferTable (256, 3)
Apr 3 16:21:23 --- last message repeated 1 time ---
Apr 3 16:21:23 Sandis-MacBook-Pro.local SecurityAgent[121]: *** WARNING: -[NSImage compositeToPoint:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
Apr 3 16:21:23 Sandis-MacBook-Pro.local SecurityAgent[121]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
Apr 3 16:21:23 Sandis-MacBook-Pro.local SecurityAgent[121]: *** WARNING: -[NSImage compositeToPoint:operation:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
Apr 3 16:21:23 Sandis-MacBook-Pro.local SecurityAgent[121]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
Apr 3 16:21:26 Sandis-MacBook-Pro.local awacsd[56]: Exiting
Apr 3 16:21:41 Sandis-MacBook-Pro.local SecurityAgent[121]: User info context values set for sandi
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_authenticate(): Got user: sandi
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_authenticate(): Got ruser: (null)
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_authenticate(): Got service: authorization
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in od_principal_for_user(): No authentication authority returned
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in od_principal_for_user(): failed: 7
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_authenticate(): Done cleanup3
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_authenticate(): Kerberos 5 refuses you
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_authenticate(): pam_sm_authenticate: ntlm
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_acct_mgmt(): OpenDirectory - Membership cache TTL set to 1800.
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in od_record_check_pwpolicy(): retval: 0
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in od_record_attribute_create_cfstring(): returned 2 attributes for dsAttrTypeStandard:AuthenticationAuthority
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Establishing credentials
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Got user: sandi
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Context initialised
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Got euid, egid: 0 0
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Done getpwnam()
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Done setegid() & seteuid()
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): pam_sm_setcred: krb5 user sandi doesn't have a principal
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Done cleanup3
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Done seteuid() & setegid()
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): Done cleanup4
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): pam_sm_setcred: ntlm
Apr 3 16:21:42 Sandis-MacBook-Pro.local authorizationhost[129]: in pam_sm_setcred(): pam_sm_setcred: no domain found skipping
Apr 3 16:21:42 Sandis-MacBook-Pro.local SecurityAgent[121]: Login Window login proceeding
Apr 3 16:21:42 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'system.login.console' by client '/System/Library/CoreServices/loginwindow.app' [42] for authorization created by '/System/Library/CoreServices/loginwindow.app' [42] (100003,0)
Apr 3 16:21:42 Sandis-MacBook-Pro.local loginwindow[42]: Login Window - Returned from Security Agent
Apr 3 16:21:42 Sandis-MacBook-Pro.local loginwindow[42]: ERROR | ScreensharingLoginNotification | Failed sending message to screen sharing GetScreensharingPort, err: 1102
Apr 3 16:21:42 Sandis-MacBook-Pro.local loginwindow[42]: USER_PROCESS: 42 console
Apr 3 16:21:42 Sandis-MacBook-Pro com.apple.launchd.peruser.501[130] (com.apple.gamed): Ignored this key: UserName
Apr 3 16:21:42 Sandis-MacBook-Pro com.apple.launchd.peruser.501[130] (com.apple.gamed): Ignored this key: GroupName
Apr 3 16:21:42 Sandis-MacBook-Pro com.apple.launchd.peruser.501[130] (com.apple.ReportCrash): Falling back to default Mach exception handler. Could not find: com.apple.ReportCrash.Self
Apr 3 16:21:42 Sandis-MacBook-Pro.local loginwindow[42]: Connection with distnoted server was invalidated
Apr 3 16:21:42 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x42728c0
Apr 3 16:21:42 Sandis-MacBook-Pro.local distnoted[134]: # distnote server agent absolute time: 58.149759970 civil time: Wed Apr 3 16:21:42 2013 pid: 134 uid: 501 root: no
Apr 3 16:21:42 Sandis-MacBook-Pro.local WindowServer[74]: CGXMuxAcknowledge: Posting glitchless acknowledge
Apr 3 16:21:42 Sandis-MacBook-Pro.local WindowServer[74]: MPAccessSurfaceForDisplayDevice: Set up page flip mode on display 0x042728c0 device: 0x100a8fa10 isBackBuffered: 1 numComp: 3 numDisp: 3
Apr 3 16:21:42 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x42728c0
Apr 3 16:21:42 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'system.login.done' by client '/System/Library/CoreServices/loginwindow.app' [42] for authorization created by '/System/Library/CoreServices/loginwindow.app' [42] (100002,0)
Apr 3 16:21:42 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003d
Apr 3 16:21:42 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003e
Apr 3 16:21:42 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003f
Apr 3 16:21:43 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Session 100007 created
Apr 3 16:21:43 Sandis-MacBook-Pro.local blued[55]: kBTXPCUpdateUserPreferences gConsoleUserUID = 501
Apr 3 16:21:43 Sandis-MacBook-Pro.local UserEventAgent[133]: EAPOLMonitor: auto-connect disabled
Apr 3 16:21:43 Sandis-MacBook-Pro.local locationd[144]: Incorrect NSStringEncoding value 0x8000100 detected. Assuming NSASCIIStringEncoding. Will stop this compatiblity mapping behavior in the near future.
Apr 3 16:21:43 Sandis-MacBook-Pro.local locationd[144]: NOTICE,Location icon should now be in state 0
Apr 3 16:21:43 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Succeeded authorizing right 'system.services.systemconfiguration.network' by client '/usr/libexec/UserEventAgent' [133] for authorization created by '/usr/libexec/UserEventAgent' [133] (100000,0)
Apr 3 16:21:43 --- last message repeated 1 time ---
Apr 3 16:21:43 Sandis-MacBook-Pro.local WindowServer[74]: **DMPROXY** (2) Found `/System/Library/CoreServices/DMProxy'.
Apr 3 16:21:43 Sandis-MacBook-Pro.local WindowServer[74]: Display 0x042728c0: MappedDisplay Unit 0; ColorProfile { 2, "Color LCD"}; TransferTable (256, 3)
Apr 3 16:21:44 Sandis-MacBook-Pro.local NetworkBrowserAgent[171]: Starting NetworkBrowserAgent
Apr 3 16:21:46 Sandis-MacBook-Pro.local WindowServer[74]: kCGErrorNotImplemented: receive_notification: CPXSetEventFilter failed
Apr 3 16:21:46 Sandis-MacBook-Pro.local coreservicesd[59]: Can't change an application into stopped state for app App:"Microsoft PowerPoint" [ 0x0/0x7007] @ 0x0x7fe019414750 because it's already been started.
Apr 3 16:21:46 Sandis-MacBook-Pro.local WindowServer[74]: kCGErrorNotImplemented: receive_notification: CPXSetEventFilter failed
Apr 3 16:21:46 --- last message repeated 3 times ---
Apr 3 16:21:46 Sandis-MacBook-Pro.local SystemUIServer[165]: *** WARNING: -[NSImage compositeToPoint:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
Apr 3 16:21:46 Sandis-MacBook-Pro.local SystemUIServer[165]: *** WARNING: -[NSImage compositeToPoint:fromRect:operation:fraction:] is deprecated in MacOSX 10.8 and later. Please use -[NSImage drawAtPoint:fromRect:operation:fraction:] instead.
Apr 3 16:21:46 Sandis-MacBook-Pro.local WindowServer[74]: kCGErrorNotImplemented: receive_notification: CPXSetEventFilter failed
Apr 3 16:21:50 Sandis-MacBook-Pro.local coreservicesd[59]: Can't change an application into stopped state for app App:"Safari" [ 0x0/0xa00a] @ 0x0x7fe01b429440 because it's already been started.
Apr 3 16:21:51 Sandis-MacBook-Pro.local WindowServer[74]: kCGErrorNotImplemented: receive_notification: CPXSetEventFilter failed
Apr 3 16:21:53 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x42728c0
Apr 3 16:21:53 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003d
Apr 3 16:21:53 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003e
Apr 3 16:21:53 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x3f003f
Apr 3 16:21:53 Sandis-MacBook-Pro.local WindowServer[74]: MPAccessSurfaceForDisplayDevice: Set up page flip mode on display 0x042728c0 device: 0x100a8fa10 isBackBuffered: 1 numComp: 3 numDisp: 3
Apr 3 16:21:53 Sandis-MacBook-Pro.local WindowServer[74]: CGXMuxAcknowledge: Posting glitchless acknowledge
Apr 3 16:21:53 Sandis-MacBook-Pro.local WindowServer[74]: Received display connect changed for display 0x42728c0
Apr 3 16:21:58 Sandis-MacBook-Pro.local distnoted[199]: # distnote server agent absolute time: 73.856787059 civil time: Wed Apr 3 16:21:58 2013 pid: 199 uid: 89 root: no
Apr 3 16:21:59 Sandis-MacBook-Pro.local com.apple.SecurityServer[15]: Session 100006 created
Apr 3 16:22:00 Sandis-MacBook-Pro com.apple.launchd.peruser.501[130] (com.apple.afpstat-qfa[212]): Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory
Apr 3 16:22:00 Sandis-MacBook-Pro com.apple.launchd.peruser.501[130] (com.apple.afpstat-qfa[212]): Job failed to exec(3) for weird reason: 2
Apr 3 16:22:00 Sandis-MacBook-Pro com.apple.launchd.peruser.501[130] (com.apple.mrt.uiagent[204]): Exited with code: 255
Apr 3 16:22:44 Sandis-MacBook-Pro.local mdworker32[221]: CGSGetDisplayBounds: Invalid display 0x00000000
Apr 3 16:22:44 Sandis-MacBook-Pro.local mdworker32[221]: bootstrap_look_up2 failed with 0x44c
Apr 3 16:22:44 Sandis-MacBook-Pro kernel[0]: Sandbox: sandboxd(222) deny mach-lookup com.apple.coresymbolicationd
Apr 3 16:22:46 Sandis-MacBook-Pro.local sandboxd[222] ([221]): mdworker32(221) deny mach-lookup com.apple.PowerManagement.control (import fstype:hfs fsflag:480D000 flags:240000005E diag:0 uti:org.openxmlformats.wordprocessingml.template.macroenabled plugin:/Library/Spotlight/Microsoft Office.mdimporter - find suspect file using: sudo mdutil -t 430490)
Apr 3 16:25:14 Sandis-MacBook-Pro.local WebProcess[187]: objc[187]: Object 0x7fcfe041c920 of class NSUserDefaults autoreleased with no pool in place - just leaking - break on objc_autoreleaseNoPool() to debug
-
Apr 3, 2013 4:09 AMby thomas_r.,I'm not sure what we're supposed to be gleaning from your logs. Although I certainly haven't examined them line-by-line, I see nothing concerning. If your suspicions are being aroused by the "stealth mode connection attempts," note that this is actually completely normal. If you have the built-in firewall turned on and stealth mode enabled, you will see such things fairly frequently. The issue is that sometimes a request (often having to do with DNS lookups) will be sent by your computer, and the response will not come back until after the machine has stopped listening for it. This causes the incoming packet to be flagged misleadingly as a "stealth mode connection attempt."
-
Apr 5, 2013 8:53 AMby Csound1,Sandmc wrote:
ok we have been informed that we have been infected with the Flame malware...
very hard to get rid of.
You are not 'infected' with the Flame Malware.
Flame,[a] also known as Flamer, sKyWIper,[b] and Skywiper,[2] is modular computer malware discovered in 2012[3][4] that attacks computers running the Microsoft Windows operating system.[5] The program is being used for targeted cyber espionage in Middle Eastern countries.[1][5][6]
Yout IT 'guru' does not know of what he speaks, get a new one.
-
Apr 5, 2013 9:23 AMby thomas_r.,As Topher indicates, Flame is Windows-only malware. Mac OS X cannot be infected with Flame. See:
http://en.wikipedia.org/wiki/Flame_(malware)
It sounds like someone is giving you inaccurate information. It's important to understand that an "IT guru" is not necessarily someone who knows anything about Macs, and trying to apply knowledge of Windows issues to a Mac is full of potential pitfalls.
