Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Is USB/Firewire hack occurring?

T

Theo6

macrumors newbie
Original poster
Feb 16, 2008
7
0
New to MacBook Pro. It is possible that key logging and/or
tracking of net activity is occurring, although Internet Cleanup
run did not turn up anything.

It would be much appreciated if a MacGuru could review the log
and let me know why Firewire, Bluetooth & USB are showing up.
Is this a normal log?
If this is a USB/FW hack, how do I correct the problem?

I have activated MacBook Pro Firewall options and selected all Bluetooth options to be off.

Thanks in advance for your expertise.:eek:


Feb 16 00:19:52 localhost kernel[0]: Started CPU 01
Feb 16 00:19:52 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
Feb 16 00:19:52 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
Feb 16 00:19:52 localhost kernel[0]: Security auditing service present
Feb 16 00:19:52 localhost kernel[0]: BSM auditing present
Feb 16 00:19:52 localhost kernel[0]: disabled
Feb 16 00:19:52 localhost kernel[0]: rooting via boot-uuid from /chosen: 248A4545-6419-4CB4-AA06-D0D8F82B3BEC
Feb 16 00:19:52 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Feb 16 00:19:52 localhost kernel[0]: USB caused wake event (EHCI)
Feb 16 00:19:52 localhost kernel[0]: USB caused wake event (EHCI)
Feb 16 00:19:52 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/SATA@1F,2/AppleAHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/FUJITSU MHW2120BH Media/IOGUIDPartitionScheme/Customer@2
Feb 16 00:19:52 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
Feb 16 00:19:52 localhost kernel[0]: FireWire (OHCI) TI ID 8025 built-in now active, GUID 001d4ffffe6287f8; max speed s800.
Feb 16 00:19:52 localhost kernel[0]: Jettisoning kernel linker.
Feb 16 00:19:52 localhost kernel[0]: Resetting IOCatalogue.
Feb 16 00:19:52 localhost kernel[0]: GFX0: family specific matching fails
Feb 16 00:19:52 localhost kernel[0]: Matching service count = 1
Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
Feb 16 00:19:52 localhost kernel[0]: Previous Shutdown Cause: 5
Feb 16 00:19:52 localhost kernel[0]: NVDANV50HAL loaded and registered.
Feb 16 00:19:52 localhost kernel[0]: GFX0: family specific matching fails
Feb 16 00:19:52 localhost kernel[0]: ath_attach: devid 0x24
Feb 16 00:19:52 localhost kernel[0]: Override HT40 CTL Powers. EEPROM Version is 14.4, Device Type 5
Feb 16 00:19:52 localhost kernel[0]: ath_descdma_setup: tx dd_desc_paddr = 0xce44000, length 0x46500(288000) bytes
Feb 16 00:19:52 localhost kernel[0]: ath_descdma_setup: beacon dd_desc_paddr = 0xc957000, length 0x90(144) bytes
Feb 16 00:19:52 localhost kernel[0]: mac 12.10 phy 8.1 radio 12.0
Feb 16 00:19:52 localhost kernel[0]: CSRHIDTransitionDriver::probe:
Feb 16 00:19:52 localhost kernel[0]: CSRHIDTransitionDriver::start before command
Feb 16 00:19:52 localhost kernel[0]: CSRHIDTransitionDriver::stop
Feb 16 00:19:52 localhost kernel[0]: IOBluetoothHCIController::start Idle Timer Stopped
Feb 16 00:19:52 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
Feb 16 00:19:52 localhost mDNSResponder-108.6 (Jul 19 2007 11: 41:28)[30]: starting
Feb 16 00:19:52 localhost memberd[38]: memberd starting up
Feb 16 00:19:52 localhost DirectoryService[42]: Launched version 2.1 (v353.6)
Feb 16 00:19:54 localhost lookupd[41]: lookupd (version 369.6) starting - Sat Feb 16 00:19:54 2008
Feb 16 00:19:54 localhost diskarbitrationd[37]: disk0s2 hfs 11461DFA-F675-3EA4-875B-5CF9715C266E Macintosh HD /
Feb 16 00:19:54 localhost kernel[0]: yukon: Ethernet address 00:1b:63:a2:80:6b
Feb 16 00:19:54 localhost kernel[0]: AirPort_Athr5424ab: Ethernet address 00:1c:b3:c1:56:45
Feb 16 00:19:54 localhost lookupd[60]: lookupd (version 369.6) starting - Sat Feb 16 00:19:54 2008
Feb 16 00:19:54 localhost kernel[0]: Registering For 802.11 Events
Feb 16 00:19:54 localhost kernel[0]: [HCIController][setupHardware] AFH Is Supported
Feb 16 00:19:54 users-computer configd[34]: setting hostname to "users-computer.local"
Feb 16 00:19:57 users-computer kernel[0]: AppleYukon2 - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled port 0
Feb 16 00:19:58 users-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Feb 16 00:19:59 users-computer Parallels: Loading Hypervisor module...
Feb 16 00:19:59 users-computer loginwindow[64]: Login Window Started Security Agent
Feb 16 00:19:59 users-computer kernel[0]: [Parallels] Parallels Hypervisor started.
Feb 16 00:19:59 users-computer Parallels: Loading Monitor module...
Feb 16 00:20:00 users-computer kernel[0]: [Parallels] Parallels VM observer thread started
Feb 16 00:20:00 users-computer mDNSResponder: Adding browse domain local.
Feb 16 00:20:00 users-computer Parallels: Loading ConnectUSB module...
Feb 16 00:20:01 users-computer configd[34]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
Feb 16 00:20:01 users-computer configd[34]: posting notification com.apple.system.config.network_change
Feb 16 00:20:01 users-computer lookupd[145]: lookupd (version 369.6) starting - Sat Feb 16 00:20:01 2008
Feb 16 00:20:02 users-computer Parallels: Loading Network module...
Feb 16 00:20:02 users-computer Parallels: Loading Virtual Ethernet module...
Feb 16 00:20:02 users-computer configd[34]: target=enable-network: disabled
Feb 16 00:20:03 users-computer kernel[0]: com_parallels_kext_Pvsvnic0: Ethernet address 00:1c:42:00:00:00
Feb 16 00:20:03 users-computer kernel[0]: com_parallels_kext_Pvsvnic1: Ethernet address 00:1c:42:00:00:01
Feb 16 00:20:03 users-computer Parallels: Staring DHCP/NAT daemon...
Feb 16 00:20:04 users-computer pvsnatd[196]: en2: DHCP for 10.37.129.2-10.37.129.254 netmask 255.255.255.0
Feb 16 00:20:04 users-computer pvsnatd[196]: en3: DHCP/NAT for 10.211.55.2-10.211.55.254 netmask 255.255.255.0
Feb 16 00:20:04 users-computer Parallels: Restarting InternetSharing...
Feb 16 00:20:04 users-computer Parallels: Restaring CiscoVPN...
Feb 16 00:20:04 users-computer Parallels: Initialization complete.
Feb 16 00:45:07 users-computer kernel[0]: hibernate image path: /var/vm/sleepimage
Feb 16 00:45:07 users-computer kernel[0]: sizeof(IOHibernateImageHeader) == 512
Feb 16 00:45:07 users-computer kernel[0]: Opened file /var/vm/sleepimage, size 2147483648, partition base 0xc805000, maxio 400000
Feb 16 00:45:07 users-computer kernel[0]: hibernate image major 14, minor 2, blocksize 512, pollers 3
Feb 16 00:45:07 users-computer kernel[0]: hibernate_alloc_pages flags 00000000, gobbling 0 pages
Feb 16 17:13:57 users-computer kernel[0]: System SafeSleep
Feb 16 17:13:57 users-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Feb 16 17:13:57 users-computer kernel[0]: hibernate_page_list_setall start
Feb 16 17:13:57 users-computer kernel[0]: hibernate_page_list_setall time: 94 ms
Feb 16 17:13:57 users-computer kernel[0]: pages 116665, wire 31296, act 4108, inact 3227, zf 2853, could discard act 42635 inact 32546
Feb 16 17:13:57 users-computer kernel[0]: hibernate_page_list_setall found pageCount 116665
Feb 16 17:13:57 users-computer kernel[0]: IOHibernatePollerOpen, ml_get_interrupts_enabled 0
Feb 16 17:13:57 users-computer kernel[0]: IOHibernatePollerOpen(0)
Feb 16 17:13:57 users-computer kernel[0]: writing 115233 pages
Feb 16 17:13:57 users-computer kernel[0]: image1Size 61497856
Feb 16 17:13:57 users-computer kernel[0]: all time: 2157 ms, comp time: 417 ms, deco time: 0 ms,
Feb 16 17:13:57 users-computer kernel[0]: image 84851200, uncompressed 164052992 (40052), compressed 79530744 (48%), sum1 115c8643, sum2 5f38dcbb
Feb 16 17:13:57 users-computer kernel[0]: hibernate_write_image done(0)
Feb 16 17:13:57 users-computer kernel[0]: sleep
Feb 16 17:13:57 users-computer kernel[0]: IOUSBWorkLoop::closeGate - interrupt Thread being held offEnabling XMM register save/restore and SSE/SSE2 opcodes
Feb 16 17:13:57 users-computer kernel[0]: Started CPU 01
Feb 16 17:13:57 users-computer kernel[0]: IOBluetoothHCIController::restartShutdownWL this is a wake from sleep
Feb 16 17:13:57 users-computer kernel[0]: System Wake
Feb 16 17:13:58 users-computer launchd: Server 0 in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[145]: exited abnormally: Hangup
Feb 16 17:13:58 users-computer configd[34]: posting notification com.apple.system.config.network_change
Feb 16 17:13:58 users-computer lookupd[551]: lookupd (version 369.6) starting - Sat Feb 16 17:13:58 2008
Feb 16 17:13:59 users-computer kernel[0]: AppleYukon2 - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled port 0
Feb 16 17:13:59 users-computer loginwindow[548]: Login Window Started Security Agent
Feb 16 17:14:04 users-computer configd[34]: posting notification com.apple.system.config.network_change
Feb 16 17:14:04 users-computer lookupd[561]: lookupd (version 369.6) starting - Sat Feb 16 17:14:04 2008
Feb 16 17:14:15 users-computer shutdown: reboot by root:
Feb 16 17:14:15 users-computer Parallels: Stopping DHCP/NAT daemon...
Feb 16 17:14:15 users-computer SystemStarter[566]: authentication service (576) did not complete successfully
Feb 16 17:14:16 users-computer Parallels: Unloading Network module...
Feb 16 17:14:16 users-computer Parallels: Unloading ConnectUSB module...
Feb 16 17:14:16 users-computer Parallels: Unloading Monitor module...
Feb 16 17:14:19 users-computer kernel[0]: [Parallels] Parallels VM observer thread stopped
Feb 16 17:14:19 users-computer Parallels: Unloading Hypervisor module...
Feb 16 17:14:19 users-computer kernel[0]: [Parallels] Parallels Hypervisor exited.
Feb 16 17:14:19 users-computer Parallels: Shutdown complete.
Feb 16 17:14:19 users-computer SystemStarter[566]: The following StartupItems failed to properly start:
Feb 16 17:14:19 users-computer SystemStarter[566]: /System/Library/StartupItems/AuthServer
Feb 16 17:14:19 users-computer SystemStarter[566]: - execution of Startup script failed
Feb 16 17:14:47 localhost kernel[0]: hi mem tramps at 0xffe00000
Feb 16 17:14:47 localhost kernel[0]: PAE enabled
Feb 16 17:14:47 localhost kernel[0]: 64 bit mode enabled
Feb 16 17:14:47 localhost kernel[0]: standard timeslicing quantum is 10000 us
Feb 16 17:14:47 localhost kernel[0]: vm_page_bootstrap: 512036 free pages
Feb 16 17:14:47 localhost kernel[0]: mig_table_max_displ = 71
Feb 16 17:14:47 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Feb 16 17:14:47 localhost kernel[0]: 96 prelinked modules
Feb 16 17:14:47 localhost kernel[0]: ACPI CA 20060421
Feb 16 17:14:47 localhost kernel[0]: AppleIntelCPUPowerManagement: ready
Feb 16 17:14:47 localhost kernel[0]: AppleACPICPU: ProcessorApicId=0 LocalApicId=0 Enabled
Feb 16 17:14:47 localhost kernel[0]: AppleACPICPU: ProcessorApicId=1 LocalApicId=1 Enabled
Feb 16 17:14:47 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Feb 16 17:14:47 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Feb 16 17:14:47 localhost kernel[0]: using 10485 buffer headers and 4096 cluster IO buffer headers
Feb 16 17:14:47 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Feb 16 17:14:47 localhost kernel[0]: Started CPU 01
Feb 16 17:14:47 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
Feb 16 17:14:47 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
Feb 16 17:14:47 localhost kernel[0]: Security auditing service present
Feb 16 17:14:47 localhost kernel[0]: BSM auditing present
Feb 16 17:14:47 localhost kernel[0]: disabled
Feb 16 17:14:47 localhost kernel[0]: rooting via boot-uuid from /chosen: 248A4545-6419-4CB4-AA06-D0D8F82B3BEC
Feb 16 17:14:47 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Feb 16 17:14:47 localhost kernel[0]: USB caused wake event (EHCI)
Feb 16 17:14:47 localhost kernel[0]: USB caused wake event (EHCI)
Feb 16 17:14:47 localhost kernel[0]: FireWire (OHCI) TI ID 8025 built-in now active, GUID 001d4ffffe6287f8; max speed s800.
Feb 16 17:14:47 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/SATA@1F,2/AppleAHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/FUJITSU MHW2120BH Media/IOGUIDPartitionScheme/Customer@2
Feb 16 17:14:47 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
Feb 16 17:14:47 localhost kernel[0]: CSRHIDTransitionDriver::probe:
Feb 16 17:14:47 localhost kernel[0]: CSRHIDTransitionDriver::start before command
Feb 16 17:14:47 localhost kernel[0]: CSRHIDTransitionDriver::stop
Feb 16 17:14:47 localhost kernel[0]: IOBluetoothHCIController::start Idle Timer Stopped
Feb 16 17:14:47 localhost kernel[0]: Jettisoning kernel linker.
Feb 16 17:14:47 localhost kernel[0]: Resetting IOCatalogue.
Feb 16 17:14:47 localhost kernel[0]: GFX0: family specific matching fails
Feb 16 17:14:47 localhost kernel[0]: Matching service count = 1
Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
Feb 16 17:14:47 localhost kernel[0]: Previous Shutdown Cause: 5
Feb 16 17:14:47 localhost kernel[0]: NVDANV50HAL loaded and registered.
Feb 16 17:14:47 localhost kernel[0]: GFX0: family specific matching fails
Feb 16 17:14:47 localhost kernel[0]: ath_attach: devid 0x24
Feb 16 17:14:47 localhost kernel[0]: Override HT40 CTL Powers. EEPROM Version is 14.4, Device Type 5
Feb 16 17:14:47 localhost kernel[0]: ath_descdma_setup: tx dd_desc_paddr = 0xd6cd000, length 0x46500(288000) bytes
Feb 16 17:14:47 localhost kernel[0]: ath_descdma_setup: beacon dd_desc_paddr = 0xd1cf000, length 0x90(144) bytes
Feb 16 17:14:47 localhost kernel[0]: mac 12.10 phy 8.1 radio 12.0
Feb 16 17:14:47 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
Feb 16 17:14:47 localhost memberd[37]: memberd starting up
Feb 16 17:14:47 localhost mDNSResponder-108.6 (Jul 19 2007 11: 41:28)[30]: starting
Feb 16 17:14:47 localhost DirectoryService[41]: Launched version 2.1 (v353.6)
Feb 16 17:14:47 localhost lookupd[42]: lookupd (version 369.6) starting - Sat Feb 16 17:14:47 2008
Feb 16 17:14:48 localhost diskarbitrationd[36]: disk0s2 hfs 11461DFA-F675-3EA4-875B-5CF9715C266E Macintosh HD /
Feb 16 17:14:48 localhost kernel[0]: yukon: Ethernet address 00:1b:63:a2:80:6b
Feb 16 17:14:48 localhost kernel[0]: AirPort_Athr5424ab: Ethernet address 00:1c:b3:c1:56:45
Feb 16 17:14:48 localhost lookupd[60]: lookupd (version 369.6) starting - Sat Feb 16 17:14:48 2008
Feb 16 17:14:49 localhost kernel[0]: Registering For 802.11 Events
Feb 16 17:14:49 localhost kernel[0]: [HCIController][setupHardware] AFH Is Supported
Feb 16 17:14:49 users-computer configd[34]: setting hostname to "users-computer.local"
Feb 16 17:14:52 users-computer kernel[0]: AppleYukon2 - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled port 0
Feb 16 17:14:53 users-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Feb 16 17:14:53 users-computer Parallels: Loading Hypervisor module...
Feb 16 17:14:53 users-computer loginwindow[64]: Login Window Started Security Agent
Feb 16 17:14:53 users-computer kernel[0]: [Parallels] Parallels Hypervisor started.
Feb 16 17:14:53 users-computer Parallels: Loading Monitor module...
Feb 16 17:14:54 users-computer kernel[0]: [Parallels] Parallels VM observer thread started
Feb 16 17:14:54 users-computer Parallels: Loading ConnectUSB module...
Feb 16 17:14:54 users-computer configd[34]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
Feb 16 17:14:54 users-computer configd[34]: posting notification com.apple.system.config.network_change
Feb 16 17:14:54 users-computer lookupd[132]: lookupd (version 369.6) starting - Sat Feb 16 17:14:54 2008
Feb 16 17:14:55 users-computer Parallels: Loading Network module...
Feb 16 17:14:56 users-computer configd[34]: target=enable-network: disabled
Feb 16 17:14:56 users-computer mDNSResponder: Adding browse domain local.
Feb 16 17:14:56 users-computer Parallels: Loading Virtual Ethernet module...
Feb 16 17:14:58 users-computer kernel[0]: com_parallels_kext_Pvsvnic0: Ethernet address 00:1c:42:00:00:00
Feb 16 17:14:58 users-computer kernel[0]: com_parallels_kext_Pvsvnic1: Ethernet address 00:1c:42:00:00:01
Feb 16 17:14:58 users-computer Parallels: Staring DHCP/NAT daemon...
Feb 16 17:14:58 users-computer pvsnatd[194]: en2: DHCP for 10.37.129.2-10.37.129.254 netmask 255.255.255.0
Feb 16 17:14:58 users-computer pvsnatd[194]: en3: DHCP/NAT for 10.211.55.2-10.211.55.254 netmask 255.255.255.0
Feb 16 17:14:59 users-computer Parallels: Restarting InternetSharing...
Feb 16 17:14:59 users-computer Parallels: Restaring CiscoVPN...
Feb 16 17:14:59 users-computer Parallels: Initialization complete.
 
JohnMC said:
Are you by chance running Windows under Parallels?

JohnMC
Click to expand...


------

no, I didn't think I was.
Should I uninstall Parallels if it is running?
I thought I already removed it & reinstalled Windows for Mac.
 
Do you mean Boot Camp?

Anyway, the main stuff I see is at 17:13:57 your computer began running its wake up script.

At 17:14:47 there is a note "USB caused wake event" this is not a "hack", most likely your computer was woken up because a connected USB device was turned off/on or an action was triggered on a USB device (you pressed a key on a keyboard, etc.)

Through out the log I see various modules turning on or being configured like ethernet, airport, Cisco VPN, etc. This is not a hack, it is just your system setting it self up incase you want to use those features.

JohnMC


@Anyone Else, if I have overlooked anything obvious please correct me.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back