Is USB/Firewire hack occurring?

Discussion in 'Mac Basics and Help' started by Theo6, Feb 16, 2008.

  1. Theo6 macrumors newbie

    Joined:
    Feb 16, 2008
    #1
    New to MacBook Pro. It is possible that key logging and/or
    tracking of net activity is occurring, although Internet Cleanup
    run did not turn up anything.

    It would be much appreciated if a MacGuru could review the log
    and let me know why Firewire, Bluetooth & USB are showing up.
    Is this a normal log?
    If this is a USB/FW hack, how do I correct the problem?

    I have activated MacBook Pro Firewall options and selected all Bluetooth options to be off.

    Thanks in advance for your expertise.:eek:


    Feb 16 00:19:52 localhost kernel[0]: Started CPU 01
    Feb 16 00:19:52 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
    Feb 16 00:19:52 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
    Feb 16 00:19:52 localhost kernel[0]: Security auditing service present
    Feb 16 00:19:52 localhost kernel[0]: BSM auditing present
    Feb 16 00:19:52 localhost kernel[0]: disabled
    Feb 16 00:19:52 localhost kernel[0]: rooting via boot-uuid from /chosen: 248A4545-6419-4CB4-AA06-D0D8F82B3BEC
    Feb 16 00:19:52 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
    Feb 16 00:19:52 localhost kernel[0]: USB caused wake event (EHCI)
    Feb 16 00:19:52 localhost kernel[0]: USB caused wake event (EHCI)
    Feb 16 00:19:52 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/SATA@1F,2/AppleAHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/FUJITSU MHW2120BH Media/IOGUIDPartitionScheme/Customer@2
    Feb 16 00:19:52 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
    Feb 16 00:19:52 localhost kernel[0]: FireWire (OHCI) TI ID 8025 built-in now active, GUID 001d4ffffe6287f8; max speed s800.
    Feb 16 00:19:52 localhost kernel[0]: Jettisoning kernel linker.
    Feb 16 00:19:52 localhost kernel[0]: Resetting IOCatalogue.
    Feb 16 00:19:52 localhost kernel[0]: GFX0: family specific matching fails
    Feb 16 00:19:52 localhost kernel[0]: Matching service count = 1
    Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
    Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
    Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
    Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
    Feb 16 00:19:52 localhost kernel[0]: Matching service count = 21
    Feb 16 00:19:52 localhost kernel[0]: Previous Shutdown Cause: 5
    Feb 16 00:19:52 localhost kernel[0]: NVDANV50HAL loaded and registered.
    Feb 16 00:19:52 localhost kernel[0]: GFX0: family specific matching fails
    Feb 16 00:19:52 localhost kernel[0]: ath_attach: devid 0x24
    Feb 16 00:19:52 localhost kernel[0]: Override HT40 CTL Powers. EEPROM Version is 14.4, Device Type 5
    Feb 16 00:19:52 localhost kernel[0]: ath_descdma_setup: tx dd_desc_paddr = 0xce44000, length 0x46500(288000) bytes
    Feb 16 00:19:52 localhost kernel[0]: ath_descdma_setup: beacon dd_desc_paddr = 0xc957000, length 0x90(144) bytes
    Feb 16 00:19:52 localhost kernel[0]: mac 12.10 phy 8.1 radio 12.0
    Feb 16 00:19:52 localhost kernel[0]: CSRHIDTransitionDriver::probe:
    Feb 16 00:19:52 localhost kernel[0]: CSRHIDTransitionDriver::start before command
    Feb 16 00:19:52 localhost kernel[0]: CSRHIDTransitionDriver::stop
    Feb 16 00:19:52 localhost kernel[0]: IOBluetoothHCIController::start Idle Timer Stopped
    Feb 16 00:19:52 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
    Feb 16 00:19:52 localhost mDNSResponder-108.6 (Jul 19 2007 11: 41:28)[30]: starting
    Feb 16 00:19:52 localhost memberd[38]: memberd starting up
    Feb 16 00:19:52 localhost DirectoryService[42]: Launched version 2.1 (v353.6)
    Feb 16 00:19:54 localhost lookupd[41]: lookupd (version 369.6) starting - Sat Feb 16 00:19:54 2008
    Feb 16 00:19:54 localhost diskarbitrationd[37]: disk0s2 hfs 11461DFA-F675-3EA4-875B-5CF9715C266E Macintosh HD /
    Feb 16 00:19:54 localhost kernel[0]: yukon: Ethernet address 00:1b:63:a2:80:6b
    Feb 16 00:19:54 localhost kernel[0]: AirPort_Athr5424ab: Ethernet address 00:1c:b3:c1:56:45
    Feb 16 00:19:54 localhost lookupd[60]: lookupd (version 369.6) starting - Sat Feb 16 00:19:54 2008
    Feb 16 00:19:54 localhost kernel[0]: Registering For 802.11 Events
    Feb 16 00:19:54 localhost kernel[0]: [HCIController][setupHardware] AFH Is Supported
    Feb 16 00:19:54 users-computer configd[34]: setting hostname to "users-computer.local"
    Feb 16 00:19:57 users-computer kernel[0]: AppleYukon2 - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled port 0
    Feb 16 00:19:58 users-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Feb 16 00:19:59 users-computer Parallels: Loading Hypervisor module...
    Feb 16 00:19:59 users-computer loginwindow[64]: Login Window Started Security Agent
    Feb 16 00:19:59 users-computer kernel[0]: [Parallels] Parallels Hypervisor started.
    Feb 16 00:19:59 users-computer Parallels: Loading Monitor module...
    Feb 16 00:20:00 users-computer kernel[0]: [Parallels] Parallels VM observer thread started
    Feb 16 00:20:00 users-computer mDNSResponder: Adding browse domain local.
    Feb 16 00:20:00 users-computer Parallels: Loading ConnectUSB module...
    Feb 16 00:20:01 users-computer configd[34]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
    Feb 16 00:20:01 users-computer configd[34]: posting notification com.apple.system.config.network_change
    Feb 16 00:20:01 users-computer lookupd[145]: lookupd (version 369.6) starting - Sat Feb 16 00:20:01 2008
    Feb 16 00:20:02 users-computer Parallels: Loading Network module...
    Feb 16 00:20:02 users-computer Parallels: Loading Virtual Ethernet module...
    Feb 16 00:20:02 users-computer configd[34]: target=enable-network: disabled
    Feb 16 00:20:03 users-computer kernel[0]: com_parallels_kext_Pvsvnic0: Ethernet address 00:1c:42:00:00:00
    Feb 16 00:20:03 users-computer kernel[0]: com_parallels_kext_Pvsvnic1: Ethernet address 00:1c:42:00:00:01
    Feb 16 00:20:03 users-computer Parallels: Staring DHCP/NAT daemon...
    Feb 16 00:20:04 users-computer pvsnatd[196]: en2: DHCP for 10.37.129.2-10.37.129.254 netmask 255.255.255.0
    Feb 16 00:20:04 users-computer pvsnatd[196]: en3: DHCP/NAT for 10.211.55.2-10.211.55.254 netmask 255.255.255.0
    Feb 16 00:20:04 users-computer Parallels: Restarting InternetSharing...
    Feb 16 00:20:04 users-computer Parallels: Restaring CiscoVPN...
    Feb 16 00:20:04 users-computer Parallels: Initialization complete.
    Feb 16 00:45:07 users-computer kernel[0]: hibernate image path: /var/vm/sleepimage
    Feb 16 00:45:07 users-computer kernel[0]: sizeof(IOHibernateImageHeader) == 512
    Feb 16 00:45:07 users-computer kernel[0]: Opened file /var/vm/sleepimage, size 2147483648, partition base 0xc805000, maxio 400000
    Feb 16 00:45:07 users-computer kernel[0]: hibernate image major 14, minor 2, blocksize 512, pollers 3
    Feb 16 00:45:07 users-computer kernel[0]: hibernate_alloc_pages flags 00000000, gobbling 0 pages
    Feb 16 17:13:57 users-computer kernel[0]: System SafeSleep
    Feb 16 17:13:57 users-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Feb 16 17:13:57 users-computer kernel[0]: hibernate_page_list_setall start
    Feb 16 17:13:57 users-computer kernel[0]: hibernate_page_list_setall time: 94 ms
    Feb 16 17:13:57 users-computer kernel[0]: pages 116665, wire 31296, act 4108, inact 3227, zf 2853, could discard act 42635 inact 32546
    Feb 16 17:13:57 users-computer kernel[0]: hibernate_page_list_setall found pageCount 116665
    Feb 16 17:13:57 users-computer kernel[0]: IOHibernatePollerOpen, ml_get_interrupts_enabled 0
    Feb 16 17:13:57 users-computer kernel[0]: IOHibernatePollerOpen(0)
    Feb 16 17:13:57 users-computer kernel[0]: writing 115233 pages
    Feb 16 17:13:57 users-computer kernel[0]: image1Size 61497856
    Feb 16 17:13:57 users-computer kernel[0]: all time: 2157 ms, comp time: 417 ms, deco time: 0 ms,
    Feb 16 17:13:57 users-computer kernel[0]: image 84851200, uncompressed 164052992 (40052), compressed 79530744 (48%), sum1 115c8643, sum2 5f38dcbb
    Feb 16 17:13:57 users-computer kernel[0]: hibernate_write_image done(0)
    Feb 16 17:13:57 users-computer kernel[0]: sleep
    Feb 16 17:13:57 users-computer kernel[0]: IOUSBWorkLoop::closeGate - interrupt Thread being held offEnabling XMM register save/restore and SSE/SSE2 opcodes
    Feb 16 17:13:57 users-computer kernel[0]: Started CPU 01
    Feb 16 17:13:57 users-computer kernel[0]: IOBluetoothHCIController::restartShutdownWL this is a wake from sleep
    Feb 16 17:13:57 users-computer kernel[0]: System Wake
    Feb 16 17:13:58 users-computer launchd: Server 0 in bootstrap 1103 uid 0: "/usr/sbin/lookupd"[145]: exited abnormally: Hangup
    Feb 16 17:13:58 users-computer configd[34]: posting notification com.apple.system.config.network_change
    Feb 16 17:13:58 users-computer lookupd[551]: lookupd (version 369.6) starting - Sat Feb 16 17:13:58 2008
    Feb 16 17:13:59 users-computer kernel[0]: AppleYukon2 - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled port 0
    Feb 16 17:13:59 users-computer loginwindow[548]: Login Window Started Security Agent
    Feb 16 17:14:04 users-computer configd[34]: posting notification com.apple.system.config.network_change
    Feb 16 17:14:04 users-computer lookupd[561]: lookupd (version 369.6) starting - Sat Feb 16 17:14:04 2008
    Feb 16 17:14:15 users-computer shutdown: reboot by root:
    Feb 16 17:14:15 users-computer Parallels: Stopping DHCP/NAT daemon...
    Feb 16 17:14:15 users-computer SystemStarter[566]: authentication service (576) did not complete successfully
    Feb 16 17:14:16 users-computer Parallels: Unloading Network module...
    Feb 16 17:14:16 users-computer Parallels: Unloading ConnectUSB module...
    Feb 16 17:14:16 users-computer Parallels: Unloading Monitor module...
    Feb 16 17:14:19 users-computer kernel[0]: [Parallels] Parallels VM observer thread stopped
    Feb 16 17:14:19 users-computer Parallels: Unloading Hypervisor module...
    Feb 16 17:14:19 users-computer kernel[0]: [Parallels] Parallels Hypervisor exited.
    Feb 16 17:14:19 users-computer Parallels: Shutdown complete.
    Feb 16 17:14:19 users-computer SystemStarter[566]: The following StartupItems failed to properly start:
    Feb 16 17:14:19 users-computer SystemStarter[566]: /System/Library/StartupItems/AuthServer
    Feb 16 17:14:19 users-computer SystemStarter[566]: - execution of Startup script failed
    Feb 16 17:14:47 localhost kernel[0]: hi mem tramps at 0xffe00000
    Feb 16 17:14:47 localhost kernel[0]: PAE enabled
    Feb 16 17:14:47 localhost kernel[0]: 64 bit mode enabled
    Feb 16 17:14:47 localhost kernel[0]: standard timeslicing quantum is 10000 us
    Feb 16 17:14:47 localhost kernel[0]: vm_page_bootstrap: 512036 free pages
    Feb 16 17:14:47 localhost kernel[0]: mig_table_max_displ = 71
    Feb 16 17:14:47 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
    Feb 16 17:14:47 localhost kernel[0]: 96 prelinked modules
    Feb 16 17:14:47 localhost kernel[0]: ACPI CA 20060421
    Feb 16 17:14:47 localhost kernel[0]: AppleIntelCPUPowerManagement: ready
    Feb 16 17:14:47 localhost kernel[0]: AppleACPICPU: ProcessorApicId=0 LocalApicId=0 Enabled
    Feb 16 17:14:47 localhost kernel[0]: AppleACPICPU: ProcessorApicId=1 LocalApicId=1 Enabled
    Feb 16 17:14:47 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
    Feb 16 17:14:47 localhost kernel[0]: The Regents of the University of California. All rights reserved.
    Feb 16 17:14:47 localhost kernel[0]: using 10485 buffer headers and 4096 cluster IO buffer headers
    Feb 16 17:14:47 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
    Feb 16 17:14:47 localhost kernel[0]: Started CPU 01
    Feb 16 17:14:47 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 64:87
    Feb 16 17:14:47 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
    Feb 16 17:14:47 localhost kernel[0]: Security auditing service present
    Feb 16 17:14:47 localhost kernel[0]: BSM auditing present
    Feb 16 17:14:47 localhost kernel[0]: disabled
    Feb 16 17:14:47 localhost kernel[0]: rooting via boot-uuid from /chosen: 248A4545-6419-4CB4-AA06-D0D8F82B3BEC
    Feb 16 17:14:47 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
    Feb 16 17:14:47 localhost kernel[0]: USB caused wake event (EHCI)
    Feb 16 17:14:47 localhost kernel[0]: USB caused wake event (EHCI)
    Feb 16 17:14:47 localhost kernel[0]: FireWire (OHCI) TI ID 8025 built-in now active, GUID 001d4ffffe6287f8; max speed s800.
    Feb 16 17:14:47 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0/AppleACPIPCI/SATA@1F,2/AppleAHCI/PRT0@0/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/FUJITSU MHW2120BH Media/IOGUIDPartitionScheme/Customer@2
    Feb 16 17:14:47 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
    Feb 16 17:14:47 localhost kernel[0]: CSRHIDTransitionDriver::probe:
    Feb 16 17:14:47 localhost kernel[0]: CSRHIDTransitionDriver::start before command
    Feb 16 17:14:47 localhost kernel[0]: CSRHIDTransitionDriver::stop
    Feb 16 17:14:47 localhost kernel[0]: IOBluetoothHCIController::start Idle Timer Stopped
    Feb 16 17:14:47 localhost kernel[0]: Jettisoning kernel linker.
    Feb 16 17:14:47 localhost kernel[0]: Resetting IOCatalogue.
    Feb 16 17:14:47 localhost kernel[0]: GFX0: family specific matching fails
    Feb 16 17:14:47 localhost kernel[0]: Matching service count = 1
    Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
    Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
    Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
    Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
    Feb 16 17:14:47 localhost kernel[0]: Matching service count = 18
    Feb 16 17:14:47 localhost kernel[0]: Previous Shutdown Cause: 5
    Feb 16 17:14:47 localhost kernel[0]: NVDANV50HAL loaded and registered.
    Feb 16 17:14:47 localhost kernel[0]: GFX0: family specific matching fails
    Feb 16 17:14:47 localhost kernel[0]: ath_attach: devid 0x24
    Feb 16 17:14:47 localhost kernel[0]: Override HT40 CTL Powers. EEPROM Version is 14.4, Device Type 5
    Feb 16 17:14:47 localhost kernel[0]: ath_descdma_setup: tx dd_desc_paddr = 0xd6cd000, length 0x46500(288000) bytes
    Feb 16 17:14:47 localhost kernel[0]: ath_descdma_setup: beacon dd_desc_paddr = 0xd1cf000, length 0x90(144) bytes
    Feb 16 17:14:47 localhost kernel[0]: mac 12.10 phy 8.1 radio 12.0
    Feb 16 17:14:47 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
    Feb 16 17:14:47 localhost memberd[37]: memberd starting up
    Feb 16 17:14:47 localhost mDNSResponder-108.6 (Jul 19 2007 11: 41:28)[30]: starting
    Feb 16 17:14:47 localhost DirectoryService[41]: Launched version 2.1 (v353.6)
    Feb 16 17:14:47 localhost lookupd[42]: lookupd (version 369.6) starting - Sat Feb 16 17:14:47 2008
    Feb 16 17:14:48 localhost diskarbitrationd[36]: disk0s2 hfs 11461DFA-F675-3EA4-875B-5CF9715C266E Macintosh HD /
    Feb 16 17:14:48 localhost kernel[0]: yukon: Ethernet address 00:1b:63:a2:80:6b
    Feb 16 17:14:48 localhost kernel[0]: AirPort_Athr5424ab: Ethernet address 00:1c:b3:c1:56:45
    Feb 16 17:14:48 localhost lookupd[60]: lookupd (version 369.6) starting - Sat Feb 16 17:14:48 2008
    Feb 16 17:14:49 localhost kernel[0]: Registering For 802.11 Events
    Feb 16 17:14:49 localhost kernel[0]: [HCIController][setupHardware] AFH Is Supported
    Feb 16 17:14:49 users-computer configd[34]: setting hostname to "users-computer.local"
    Feb 16 17:14:52 users-computer kernel[0]: AppleYukon2 - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled port 0
    Feb 16 17:14:53 users-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
    Feb 16 17:14:53 users-computer Parallels: Loading Hypervisor module...
    Feb 16 17:14:53 users-computer loginwindow[64]: Login Window Started Security Agent
    Feb 16 17:14:53 users-computer kernel[0]: [Parallels] Parallels Hypervisor started.
    Feb 16 17:14:53 users-computer Parallels: Loading Monitor module...
    Feb 16 17:14:54 users-computer kernel[0]: [Parallels] Parallels VM observer thread started
    Feb 16 17:14:54 users-computer Parallels: Loading ConnectUSB module...
    Feb 16 17:14:54 users-computer configd[34]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
    Feb 16 17:14:54 users-computer configd[34]: posting notification com.apple.system.config.network_change
    Feb 16 17:14:54 users-computer lookupd[132]: lookupd (version 369.6) starting - Sat Feb 16 17:14:54 2008
    Feb 16 17:14:55 users-computer Parallels: Loading Network module...
    Feb 16 17:14:56 users-computer configd[34]: target=enable-network: disabled
    Feb 16 17:14:56 users-computer mDNSResponder: Adding browse domain local.
    Feb 16 17:14:56 users-computer Parallels: Loading Virtual Ethernet module...
    Feb 16 17:14:58 users-computer kernel[0]: com_parallels_kext_Pvsvnic0: Ethernet address 00:1c:42:00:00:00
    Feb 16 17:14:58 users-computer kernel[0]: com_parallels_kext_Pvsvnic1: Ethernet address 00:1c:42:00:00:01
    Feb 16 17:14:58 users-computer Parallels: Staring DHCP/NAT daemon...
    Feb 16 17:14:58 users-computer pvsnatd[194]: en2: DHCP for 10.37.129.2-10.37.129.254 netmask 255.255.255.0
    Feb 16 17:14:58 users-computer pvsnatd[194]: en3: DHCP/NAT for 10.211.55.2-10.211.55.254 netmask 255.255.255.0
    Feb 16 17:14:59 users-computer Parallels: Restarting InternetSharing...
    Feb 16 17:14:59 users-computer Parallels: Restaring CiscoVPN...
    Feb 16 17:14:59 users-computer Parallels: Initialization complete.
     
  2. JohnMC macrumors 6502

    Joined:
    May 5, 2006
    Location:
    Duluth, MN
    #2
    Are you by chance running Windows under Parallels?

    JohnMC
     
  3. Theo6 thread starter macrumors newbie

    Joined:
    Feb 16, 2008
    #3

    ------

    no, I didn't think I was.
    Should I uninstall Parallels if it is running?
    I thought I already removed it & reinstalled Windows for Mac.
     
  4. JohnMC macrumors 6502

    Joined:
    May 5, 2006
    Location:
    Duluth, MN
    #4
    Do you mean Boot Camp?

    Anyway, the main stuff I see is at 17:13:57 your computer began running its wake up script.

    At 17:14:47 there is a note "USB caused wake event" this is not a "hack", most likely your computer was woken up because a connected USB device was turned off/on or an action was triggered on a USB device (you pressed a key on a keyboard, etc.)

    Through out the log I see various modules turning on or being configured like ethernet, airport, Cisco VPN, etc. This is not a hack, it is just your system setting it self up incase you want to use those features.

    JohnMC


    @Anyone Else, if I have overlooked anything obvious please correct me.
     

Share This Page