Seeking expert to assist, concerned I have been hacked!

LegacyUser12 · Oct 17, 2017

Thank you for reading and I appreciate anyone willing to help as I do not have the resources financially right now to deal with Apple or tech service.

Situation: I procrastinated on my income taxes, filing them last night at extension deadline. Had a couple tabs open in Safari with various advice articles. Avast suddenly told me it detected something and quarantined it, then again moments later...
1. Path: Install/Install.app/Contents/MacOS/applet
Details: MacOS:Bundler-AD [Adw]
2. Path: Install/Install.app/Contents/Resources/Scripts/main.scpt
Details: MacOS:Bundler-U [Adw]
Edit: I discovered by examining the info on the above files and it seems they were derived from an article I accessed on chron.com - the Houston Chronicle. What the hell.

So then I immediately went and ran a couple of specific scans and found a 3rd problem

3. Path: Users/myname/Desktop/filename/Adobe Flash Player.dmg
Which I quarantined and did some internet searching and figured it sounded like a bug. I opted to give MalwareBytes a try as well and it deemed Adware Removal application to be PUP so I let it quarantine it.

Ever since this **** kicked off I've had sluggish operations, shockwave popup endlessly populating the screen requiring forced quit of Safari. Did a reboot, did purge cache and Safari history.

Now my bluetooth is not available.

I've poked and prodded through some system reports and I am highly suspicious of what I see. I am alarmed and near panic, hoping someone is kind enough to instruct me on appropriate steps to take, which reports to run to diagnose/determine/find the problem and eradication measures.

I do have a backup on an external HD, which I am not touching until I know it too won't become victim to whatever this might be.

Please help. Many thanks in advance.

hobowankenobi · Oct 17, 2017

Hey -

Hack is unlikely. Looks like some adware/malware, which is iritating, but typically does not really count as an intrusion. Their web server could be serving out malware with (or without) their knowledge. It happens.

MalwareBytes (even the free version) does a good job in my experience. My wife works in web advertising, and long story short, her machine picks up adware/malware more often than any Mac I have been around (perhaps 1000 or so working IT).

Even when MalwareBytes found and removed malware, often there will be a few browser settings and/or extensions that are still wrong. I have seen a few that change your home page, default search engine, etc.

Sluggishness and popups could be a few things, including a bad install of Flash. You might start with getting the latest version of Flash; always only from the legit Adobe page:

https://get.adobe.com/flashplayer/otherversions/

Never update flash while you are on site and get prompted; nor from any links that you can't verify.

As for what you saw that scared you, can you share some details? Logs? Or something else?

BrianBaughn · Oct 18, 2017

I have, at times, had to run both Malwarebytes and Etrecheck to get malware off a Mac. Etrecheck would be a good next step.

Mr_Brightside_@ · Oct 18, 2017

You don't have anything to worry about. You indicated Bluetooth is not available. What do you see in System Preferences?

LegacyUser12 · Oct 18, 2017

hobowankenobi said:
Hey -

Hack is unlikely. Looks like some adware/malware, which is iritating, but typically does not really count as an intrusion. Their web server could be serving out malware with (or without) their knowledge. It happens.

MalwareBytes (even the free version) does a good job in my experience. My wife works in web advertising, and long story short, her machine picks up adware/malware more often than any Mac I have been around (perhaps 1000 or so working IT).

Even when MalwareBytes found and removed malware, often there will be a few browser settings and/or extensions that are still wrong. I have seen a few that change your home page, default search engine, etc.

Sluggishness and popups could be a few things, including a bad install of Flash. You might start with getting the latest version of Flash; always only from the legit Adobe page:

https://get.adobe.com/flashplayer/otherversions/

Never update flash while you are on site and get prompted; nor from any links that you can't verify.

As for what you saw that scared you, can you share some details? Logs? Or something else?

Prudent solid advice, and to the best of my recollection, I did not inadvertently go forward with flash update outside of their legit site. Not saying I didn't on mistake, but I am wary in general of updates. Especially after a recent experience with an El Capitan update a few months ago that completely MF'd Safari to the point to where I brought my laptop to a local shop.

As far as what is concerning is not the malware/PUP specifically identified so far, those seem low-threat. What did concern me is the looks of a possible Adobe Flash being installed like you said, not legitimate, but I really don't recall an event to memory.

I really want to offer some specific things that concern me in console \var\log\system.log and other areas but I don't even know where to begin and if things just sound scary by their technical wording and are really just normal old stuff, and it's too much to google and decipher.

Examples..
10/17/17 9:36:20.836 PM com.apple.AddressBook.InternetAccountsBridge[1686]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 9:36:20.944 PM sandboxd[138]: ([1686]) com.apple.Addres(1686) deny network-outbound /private/var/run/mDNSResponder
10/17/17 9:36:25.000 PM kernel[0]: Sandbox: storeaccountd(616) deny(1) file-write-create /Users/mymacbook/Library/Caches/com.apple.Safari/ProductionBag
10/17/17 9:36:29.848 PM Safari[626]: tcp_connection_tls_session_error_callback_imp 53 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22
10/17/17 9:36:30.125 PM com.apple.WebKit.WebContent[1534]: [21:36:30.125] <<<< Boss >>>> figPlaybackBossPrerollCompleted: unexpected preroll-complete notification

10/17/17 10:02:21.169 PM HelpViewer[1696]: !!!!!!!!! helpUserInfo: gUserInfoDictCache cache miss !!!!!!!!
10/17/17 10:13:28.452 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:15:41.271 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:15:41.271 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:15:54.819 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:15:54.819 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:17:46.916 PM com.apple.xpc.launchd[1]: (com.apple.lakitu) The JoinExistingSession key is only available to Application services.

10/17/17 10:35:54.816 PM Archive Utility[1772]: qtn_file_init_with_data failed: Invalid argument: File exists
10/17/17 10:35:54.817 PM Archive Utility[1772]: qtn_file_init_with_data failed: Invalid argument: File exists
10/17/17 10:35:55.070 PM lsd[507]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist
10/17/17 10:35:55.205 PM lsd[507]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist
10/17/17 10:35:59.808 PM sandboxd[138]: ([1745]) mdworker(1745) deny file-read-data /Users/me/Library/Preferences/com.apple.security.plist (import fstype:hfs fsflag:480D000 flags:250000025E diag:0 isXCode:0 uti:com.apple.application-bundle plugin:/Library/Spotlight/Application.mdimporter - find suspect file using: sudo mdutil -t 1******3)
10/17/17 10:35:59.846 PM sandboxd[138]: ([1732]) mdworker(1732) deny file-read-data /Users/me/Library/Preferences/com.apple.security.plist (import fstype:hfs fsflag:480D000 flags:250000025E diag:0 isXCode:0 uti:com.apple.application-bundle plugin:/Library/Spotlight/Application.mdimporter - find suspect file using: sudo mdutil -t 1******3)
10/17/17 10:36:10.740 PM CoreServicesUIAgent[621]: Error -60005 creating authorization
10/17/17 10:36:11.585 PM Archive Utility[1778]: qtn_file_init_with_data failed: Invalid argument: File exists
10/17/17 10:36:11.886 PM com.apple.AddressBook.InternetAccountsBridge[1776]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:36:12.246 PM sandboxd[138]: ([1776]) com.apple.Addres(1776) deny network-outbound /private/var/run/mDNSResponder
10/17/17 10:36:12.977 PM com.apple.AddressBook.InternetAccountsBridge[1776]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:36:13.307 PM sandboxd[138]: ([1776]) com.apple.Addres(1776) deny network-outbound /private/var/run/mDNSResponder
10/17/17 10:36:14.072 PM com.apple.AddressBook.InternetAccountsBridge[1776]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:36:14.187 PM Archive Utility[1778]: qtn_file_init_with_data failed: Invalid argument: File exists
10/17/17 10:36:14.188 PM Archive Utility[1778]: qtn_file_init_with_data failed: Invalid argument: File exists
10/17/17 10:36:14.189 PM Archive Utility[1778]: qtn_file_init_with_data failed: Invalid argument: File exists

10/17/17 10:38:27.495 PM pkd[522]: releasing plug-in hold 5<removed for privacy>8 at client's request
10/17/17 10:38:27.902 PM pkd[522]: releasing plug-in hold F<removed for privacy>0 at client's request
10/17/17 10:38:28.307 PM pkd[522]: releasing plug-in hold E<removed for privacy>8 at client's request
10/17/17 10:38:29.324 PM pkd[522]: releasing plug-in hold E<removed for privacy>F at client's request
10/17/17 10:43:17.430 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.TVConferenceRoomDisplay
10/17/17 10:43:17.431 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.TVNowPlayingService

10/17/17 10:43:17.461 PM lsd[507]: LaunchServices: Could not store lsd-identifiers file at /private/var/db/lsd/com.apple.lsdschemes.plist
10/17/17 10:43:17.642 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.EscrowSecurityAlert
10/17/17 10:43:17.647 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.idsfoundation.IDSRemoteURLConnectionAgent
10/17/17 10:43:17.725 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.VSViewService
10/17/17 10:43:17.730 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.CloudKit.ShareBear
10/17/17 10:43:17.731 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.EscrowSecurityAlert
10/17/17 10:43:17.737 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.apple.idsfoundation.IDSRemoteURLConnectionAgent
10/17/17 10:43:18.026 PM bird[567]: LaunchServices: Failed to create bundleProxy for bundle com.CYH.AdwareRemovalLoginItem

10/17/17 10:47:53.790 PM secd[608]: securityd_xpc_dictionary_handler cloudd[620] copy_matching Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}
10/17/17 10:47:53.790 PM cloudd[620]: SecOSStatusWith error:[-50] Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}
10/17/17 10:47:53.803 PM secd[608]: securityd_xpc_dictionary_handler cloudd[620] copy_matching Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}
10/17/17 10:47:53.803 PM cloudd[620]: SecOSStatusWith error:[-50] Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}
10/17/17 10:48:06.294 PM WindowServer[175]: disable_update_timeout: UI updates were forcibly disabled by application "Mail" for over 1.00 seconds. Server has re-enabled them.
10/17/17 10:48:07.736 PM accountsd[606]: [AOSAccounts] : [MMCopyMailAliasForAccount] : Error from _AOSAccountRetrieveMailAliasInfo Error Domain=AOSErrorDomain Code=1000 "(null)"
10/17/17 10:48:07.736 PM accountsd[606]: [AOSAccounts] : [iCloudAccountAuthorizationPlugin] -[iCloudIDAuthenticationPlugin discoverPropertiesForAccount:accountStore

ptions:completion:] : mailProperties was not modified for account ID: removedforprivacy@gmail.com
10/17/17 10:48:10.742 PM WindowServer[175]: common_reenable_update: UI updates were finally reenabled by application "Mail" after 5.45 seconds [0.18fps] (server forcibly re-enabled them after 1.00 seconds [1.00fps])
10/17/17 10:48:24.773 PM sandboxd[138]: ([631]) DrCleaner(631) deny file-read-data /Users/mymacbook/Desktop/EtreCheck.app/Contents/PkgInfo
10/17/17 10:48:29.753 PM coreduetd[72]: LaunchServices: received XPC_ERROR_CONNECTION_INVALID trying to map database
10/17/17 10:48:29.753 PM coreduetd[72]: LaunchServices: disconnect event received for service com.apple.lsd.mapdb
10/17/17 10:48:29.758 PM coreduetd[72]: LaunchServices: disconnect event received for service com.apple.lsd.mapdb
10/17/17 10:48:29.758 PM coreduetd[72]: LaunchServices: received XPC_ERROR_CONNECTION_INVALID trying to map database
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:29.885 PM coreduetd[72]: Error -54 registering path /System/Library/CoreServices/CoreTypes.bundle
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /

Then it goes on with this craziness...

10/17/17 10:48:29.885 PM coreduetd[72]: Error -54 registering path /System/Library/CoreServices/CoreTypes.bundle
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/App Store.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/App Store.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/App Store.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/App Store.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/App Store.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Automator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Automator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Automator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Automator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Automator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calculator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calculator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calculator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calculator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calculator.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calendar.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calendar.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calendar.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calendar.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Calendar.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Chess.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Chess.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Chess.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Chess.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Chess.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Contacts.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Contacts.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Contacts.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Contacts.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Contacts.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dashboard.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dashboard.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dashboard.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dashboard.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dashboard.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dictionary.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dictionary.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dictionary.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dictionary.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Dictionary.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/DVD Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/DVD Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/DVD Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/DVD Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/DVD Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/FaceTime.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/FaceTime.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/FaceTime.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/FaceTime.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/FaceTime.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Font Book.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Font Book.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Font Book.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Font Book.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Font Book.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Game Center.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Game Center.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Game Center.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Game Center.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Game Center.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Image Capture.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Image Capture.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Image Capture.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Image Capture.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Image Capture.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/iTunes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/iTunes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/iTunes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/iTunes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/iTunes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Launchpad.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Launchpad.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Launchpad.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Launchpad.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Launchpad.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mail.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mail.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mail.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mail.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mail.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Messages.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Messages.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Messages.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Messages.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Messages.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mission Control.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mission Control.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mission Control.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mission Control.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Mission Control.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Notes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Notes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Notes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Notes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Notes.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photo Booth.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photo Booth.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photo Booth.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photo Booth.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photo Booth.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Preview.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Preview.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Preview.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Preview.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Preview.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photos.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photos.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photos.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photos.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Photos.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/QuickTime Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/QuickTime Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/QuickTime Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/QuickTime Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/QuickTime Player.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Reminders.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Reminders.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Reminders.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Reminders.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Reminders.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Safari.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Safari.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Safari.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Safari.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Safari.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Stickies.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Stickies.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Stickies.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Stickies.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Stickies.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/System Preferences.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/System Preferences.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/System Preferences.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/System Preferences.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/System Preferences.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/TextEdit.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/TextEdit.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/TextEdit.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/TextEdit.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/TextEdit.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Time Machine.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Time Machine.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Time Machine.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Time Machine.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Time Machine.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Activity Monitor.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Activity Monitor.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Activity Monitor.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Activity Monitor.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Activity Monitor.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/AirPort Utility.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/AirPort Utility.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/AirPort Utility.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/AirPort Utility.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/AirPort Utility.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Audio MIDI Setup.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Audio MIDI Setup.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Audio MIDI Setup.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Audio MIDI Setup.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Audio MIDI Setup.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Bluetooth File Exchange.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Bluetooth File Exchange.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Bluetooth File Exchange.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Bluetooth File Exchange.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Bluetooth File Exchange.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Boot Camp Assistant.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Boot Camp Assistant.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Boot Camp Assistant.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Boot Camp Assistant.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Boot Camp Assistant.app
10/17/17 10:48:29.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/ColorSync Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/ColorSync Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/ColorSync Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/ColorSync Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/ColorSync Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Console.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Console.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Console.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Console.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Console.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Digital Color Meter.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Digital Color Meter.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Digital Color Meter.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Digital Color Meter.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Digital Color Meter.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Disk Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Disk Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Disk Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Disk Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Disk Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grab.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grab.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grab.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grab.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grab.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grapher.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grapher.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grapher.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grapher.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Grapher.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Keychain Access.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Keychain Access.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Keychain Access.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Keychain Access.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Keychain Access.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Migration Assistant.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Migration Assistant.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Migration Assistant.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Migration Assistant.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Migration Assistant.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Script Editor.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Script Editor.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Script Editor.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Script Editor.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Script Editor.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/System Information.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/System Information.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/System Information.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/System Information.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/System Information.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Terminal.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Terminal.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Terminal.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Terminal.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/Terminal.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/VoiceOver Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/VoiceOver Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/VoiceOver Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/VoiceOver Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /Applications/Utilities/VoiceOver Utility.app
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) file-read-metadata /
10/17/17 10:48:30.000 PM kernel[0]: Sandbox: coreduetd(72) deny(1) mach-lookup com.apple.lsd.modifydb

Can anyone be specific in which console logs to examine and a couple examples of what would be bad, and terminal commands to run to rule things out?

LegacyUser12 · Oct 18, 2017

part 2....

10/17/17 10:48:30.269 PM coreduetd[72]: LaunchServices: disconnect event received for service com.apple.lsd.modifydb
10/17/17 10:48:32.858 PM WindowServer[175]: _CGXRemoveWindowFromWindowMovementGroup: window 0x3b is not attached to window 0x40
10/17/17 10:48:33.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:33.038 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:48:33.086 PM Safari[626]: tcp_connection_tls_session_error_callback_imp 81 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22
10/17/17 10:48:34.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:34.038 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:48:35.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:35.108 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:48:36.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:36.404 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:48:36.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:36.782 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:48:37.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:37.882 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:48:38.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:38.954 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:48:40.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:40.019 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:48:42.126 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:48:42.126 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:49:02.861 PM sandboxd[138]: ([72]) coreduetd(72) deny mach-lookup com.apple.lsd.mapdb
10/17/17 10:49:05.529 PM sandboxd[138]: ([72]) coreduetd(72) deny mach-lookup com.apple.lsd.mapdb
10/17/17 10:49:08.672 PM AddressBookSourceSync[2456]: *** -[NSRecursiveLock unlock]: lock (<NSRecursiveLock: 0x**********c0> '/private/var/folders/cw/_rbg26497p95n4qmsmh1h4bw0000gn/T/.AddressBookLocks/_Users_PRIVATE_Library_Application Support_AddressBook_Sources_53948C24-REMOVED-REMOVED-B97A-128FC1A8FC9D_Metadata_.MetaData.lock_lock') unlocked when not locked
10/17/17 10:49:08.673 PM AddressBookSourceSync[2456]: *** Break on _NSLockError() to debug.
10/17/17 10:49:10.167 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-data /private/var/folders/zz/zyxvXXXXXXXsfxvn_n0000000000000/0/com.apple.LaunchServices-1340.csstore
10/17/17 10:49:12.065 PM sandboxd[138]: ([72]) coreduetd(72) deny ipc-posix-shm-read-data /tmp/com.apple.csseed.1*X
10/17/17 10:49:12.924 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-metadata /
10/17/17 10:49:13.118 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-metadata /
10/17/17 10:49:13.393 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-metadata /
10/17/17 10:49:14.712 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:49:14.712 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:49:24.533 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:49:25.562 PM sandboxd[138]: ([2475]) com.apple.Addres(2475) deny network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:25.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:25.631 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:49:26.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:26.746 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:49:27.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:27.844 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:49:27.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:27.868 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:49:28.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:28.931 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:49:30.031 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:49:30.138 PM sandboxd[138]: ([2475]) com.apple.Addres(2475) deny network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:31.038 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:49:31.242 PM com.apple.xpc.launchd[1]: (com.apple.mdworker.single.04000000-0000-0000-0000-000000000000) Service only ran for 5 seconds. Pushing respawn out by 5 seconds.
10/17/17 10:49:31.243 PM com.apple.xpc.launchd[1]: (com.apple.mdworker.single.05000000-0000-0000-0000-000000000000) Service only ran for 6 seconds. Pushing respawn out by 4 seconds.
10/17/17 10:49:31.384 PM sandboxd[138]: ([2475]) com.apple.Addres(2475) deny network-outbound /private/var/run/mDNSResponder

10/17/17 10:49:28.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:50:51.176 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:50:51.176 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:50:54.769 PM Mail[2452]: Failed to set quarantine properties on /Users/PRIVATE/Library/Mail/V3/5111427B-42A9-XXXX-XXXX-CA37F75D3DE0/[Gmail].mbox/Drafts.mbox/49FC89E9-XXXX-XXXX-AE14-XXXXXX/Data/0/1/Attachments/10682/3/logo-healthstream-large.png: Error Domain=NSCocoaErrorDomain Code=260 "The file “logo-healthstream-large.png” couldn’t be opened because there is no such file." UserInfo={NSURL=file:///Users/PRIVATE/Library/Mail/V3/5111427B-PRIVATE-PRIVATE-B0E2-CA37F75D3DE0/%5BGmail%5D.mbox/Drafts.mbox/49FC89E9-PRIVATE-PRIVATE-AE14-8247A4FF2A8E/Data/0/1/Attachments/10682/3/logo-healthstream-large.png, NSFilePath=/Users/PRIVATE/Library/Mail/V3/5111427B-PRIVATE-PRIVATE-B0E2-CA37F75D3DE0/[Gmail].mbox/Drafts.mbox/49FC89E9-PRIVATE-PRIVATE-AE14-8247A4FF2A8E/Data/0/1/Attachments/10682/3/logo-healthstream-large.png, NSUnderlyingError=0x.....XXX32660 {Error Domain=NSOSStatusErrorDomain Code=-43 "fnfErr: File not found"}}
10/17/17 10:51:26.355 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:51:26.355 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:51:30.869 PM Safari[626]: tcp_connection_tls_session_error_callback_imp 82 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22
10/17/17 10:51:57.470 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:51:57.470 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:52:41.262 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:52:41.262 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:53:22.771 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:53:22.771 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:55:26.000 PM syslogd[44]: ASL Sender Statistics

10/18/17 2:07:31.797 PM WindowServer[175]: CoreAnimation: timed out fence 1367f

10/18/17 2:05:25.403 PM com.apple.preferences.sharing.remoteservice[2912]: CGContextFillRects: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.

10/18/17 2:08:31.000 PM kernel[0]: Sandbox: mdworker(2939) deny(1) file-read-data /Users/mymacbook/Library/Preferences/com.apple.security.plist

10/18/17 2:08:39.713 PM sharingd[520]: 14:08:39.713 : SDConnectionManager:: XPC connection invalidated
10/18/17 2:08:39.873 PM syncdefaultsd[2936]: com.apple.mail has been removed from syncing apps.
10/18/17 2:33:58.512 PM sandboxd[138]: ([616]) storeaccountd(616) deny file-write-create /Users/mymacbook/Library/Caches/com.apple.Safari/ProductionBag

10/18/17 3:09:19.053 PM WindowServer[175]: disable_update_timeout: UI updates were forcibly disabled by application "Terminal" for over 1.00 seconds. Server has re-enabled them.
10/18/17 3:09:28.069 PM WindowServer[175]: common_reenable_update: UI updates were finally reenabled by application "Terminal" after 10.02 seconds [0.10fps] (server forcibly re-enabled them after 1.00 seconds [1.00fps])

10/18/17 12:01:03.771 AM com.apple.WebKit.WebContent[2689]: [00:01:03.771] mv_LowLevelCheckIfVideoPlayableUsingDecoder signalled err=-12956 (kFigMediaValidatorError_VideoCodecNotSupported) (video codec 1) at line 1921
10/18/17 12:01:32.796 AM com.apple.xpc.launchd[1]: (com.apple.WebKit.Networking.7EE3F13C-PRIVATE-PRIVATE-9356-048CF2C1ED77[636]) Service exited with abnormal code: 1
10/18/17 12:01:32.930 AM com.apple.xpc.launchd[1]: (com.apple.WebKit.Databases.F3FE18EA-PRIVATE-PRIVATE-BE4D-C3BEB1BAC71C[1459]) Service exited with abnormal code: 1
10/18/17 12:01:33.774 AM AirPlayUIAgent[5PRIVATE1]: 2017-10-18 12:01:33.774028 AM [AirPlayUIAgent] BecomingInactive: NSWorkspaceWillSleepNotification
10/18/17 12:01:33.865 AM com.apple.xpc.launchd[1]: (com.apple.WebKit.WebContent.B3141EEB-PRIVATE-PRIVATE-BFD8-17963DD5955A[2689]) Service exited with abnormal code: 1

10/18/17 12:01:34.595 AM com.apple.SecurityServer[84]: Killing auth hosts
10/18/17 12:01:34.595 AM com.apple.SecurityServer[84]: Session 100020 destroyed
10/18/17 12:01:34.915 AM identityservicesd[539]: <IMMacNotificationCenterManager: 0x**********c0>: NC Disabled: NO
10/18/17 12:01:36.737 AM WindowServer[175]: CGError post_notification(const CGSNotificationType, void *const, const size_t, const bool, const CGSRealTimeDelta, const int, const CGSConnectionID *const, const pid_t): Timed out 1.000 second wait for reply from "loginwindow" for synchronous notification type 102 (kCGSDisplayWillSleep) (CID 0x7007, PID 97)
10/18/17 12:01:36.738 AM WindowServer[175]: device_generate_desktop_screenshot: authw 0x0(0), shield 0x**********c0(2001)
10/18/17 12:01:36.875 AM WindowServer[175]: device_generate_lock_screen_screenshot: authw 0x0(0)[inf, inf, 0, 0] shield 0x**********c0(2001), dev [1280,800]
10/18/17 12:01:37.000 AM kernel[0]: IOCTL not recognized: 234 out of 236
10/18/17 12:01:38.736 AM cloudfamilyrestrictionsd[593]: CFRPushManager : connection:didChangeConnectedStatus: : 0
10/18/17 12:01:42.000 AM kernel[0]: PM response took 6587 ms (55, powerd)
10/18/17 12:01:42.000 AM kernel[0]: AirPort_BXXX43xx:

owerChange: System Sleep
10/18/17 1:59:41.000 PM kernel[0]: Opened file /var/vm/sleepimage, size 4294967296, extents 6, maxio 2000000 ssd 0
10/18/17 1:59:41.000 PM kernel[0]: 00000000 00000020 NVEthernet::setLinkStatus - not Active
10/18/17 1:59:41.000 PM kernel[0]: en1: BSSID changed to e0:2*:0*:6*:7*:*6
10/18/17 1:59:41.000 PM kernel[0]: en1: channel changed to 52,+1
10/18/17 1:59:41.000 PM kernel[0]: wlEvent: en1 en1 Link DOWN virtIf = 0
10/18/17 1:59:41.000 PM kernel[0]: AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
10/18/17 1:59:41.000 PM kernel[0]: Got incomplete channel sequence length 0, should be 16
10/18/17 1:59:41.000 PM kernel[0]: Got incomplete channel sequence length 0, should be 16
10/18/17 1:59:41.000 PM kernel[0]: en1::IO80211Interface:

ostMessage bssid changed
10/18/17 1:59:41.000 PM kernel[0]: Sandbox: mDNSResponder(94) deny(1) mach-lookup com.apple.distributed_notifications@1v3
10/18/17 1:59:41.000 PM kernel[0]: Previous sleep cause: 5
10/18/17 1:59:41.000 PM kernel[0]: en1: 802.11d country code set to 'X0'.
10/18/17 1:59:41.000 PM kernel[0]: en1: Supported channels 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165
10/18/17 1:59:41.000 PM kernel[0]: en1: channel changed to 1
10/18/17 1:59:41.000 PM kernel[0]: 00000000 00000020 NVEthernet::setLinkStatus - not Active
10/18/17 1:59:41.573 PM symptomsd[217]: -[NetworkAnalyticsEngine _writeJournalRecord:fromCellFingerprint:key:atLOI:REMOVED:lqm:isFaulty:] Hashing of the primary key failed. Dropping the journal record.
10/18/17 1:59:41.705 PM WindowServer[175]: CGXDisplayDidWakeNotification [12525XXXX30960]: posting kCGSDisplayDidWake
10/18/17 1:59:41.706 PM WindowServer[175]: handle_will_sleep_auth_and_shield_windows: Reordering authw 0x**********c0(2000) (lock state: 3)
10/18/17 1:59:41.706 PM WindowServer[175]: handle_will_sleep_auth_and_shield_windows: err 0x0
10/18/17 1:59:41.753 PM loginwindow[97]: magsafeStateChanged state changed old 2 new 1
10/18/17 1:59:41.830 PM identityservicesd[539]: <IMMacNotificationCenterManager: 0x**********c0>: notification observer: com.apple.iChat notification: __CFNotification 0x**********c0 {name = _NSDoNotDisturbDisabledNotification}
10/18/17 1:59:43.834 PM com.apple.xpc.launchd[1]: (com.apple.bsd.dirhelper[2**1]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.bsd.dirhelper
10/18/17 1:59:43.927 PM loginwindow[97]: CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
10/18/17 1:59:43.000 PM kernel[0]: en1: channel changed to 1
10/18/17 1:59:44.513 PM blued[89]: hciControllerOnline; HID devices? 2
10/18/17 1:59:44.574 PM blued[89]: Save link key for device: 58-**-**-**-f1-fe
10/18/17 1:59:44.594 PM blued[89]: Removed device :58-**-**-**-f1-fe from the blacklist
10/18/17 1:59:44.602 PM blued[89]: Save link key for device: 50-**-**-**-10-40
10/18/17 1:59:44.621 PM blued[89]: Removed device :50-**-**-**-10-40 from the blacklist
10/18/17 1:59:44.750 PM SubmitDiagInfo[2700]: Triggering diganostics messages cleanup
10/18/17 1:59:46.057 PM SubmitDiagInfo[629]: Removed expired problem report: file:///Library/Logs/DiagnosticReports/awdd_2017-09-18-13**57_PRIVATE-Macbook.awd
10/18/17 1:59:48.000 PM kernel[0]: MacAuthEvent en1 Auth result for: e0:2*:0*:6*:7*:*6 MAC AUTH succeeded
10/18/17 1:59:48.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
10/18/17 1:59:48.000 PM kernel[0]: AirPort: Link Up on en1
10/18/17 1:59:48.000 PM kernel[0]: Got incomplete channel sequence length 0, should be 16
10/18/17 1:59:48.000 PM kernel[0]: en1: BSSID changed to e0:2*:0*:6*:7*:*6
10/18/17 1:59:48.000 PM kernel[0]: en1: channel changed to 52,+1
10/18/17 1:59:48.000 PM kernel[0]: en1::IO80211Interface:

ostMessage bssid changed
10/18/17 1:59:48.000 PM kernel[0]: in6_unlink_ifa: IPv6 address 0<REMOVED>9 has no prefix
10/18/17 1:59:48.067 PM configd[54]: LINKLOCAL en1: parent has no IP
10/18/17 1:59:48.000 PM kernel[0]: Unexpected payload found for message 9, dataLen 0
10/18/17 1:59:48.077 PM launchd[1]: BUG in libdispatch: 15**1 - 1**8 - 0*0
10/18/17 1:59:48.090 PM configd[54]: setting hostname to "REMOVED-Macbook.local"
10/18/17 1:59:48.000 PM kernel[0]: AirPort: RSN handshake complete on en1
10/18/17 1:59:48.098 PM UserEventAgent[45]: Captive: CNPluginHandler en1: Inactive
10/18/17 1:59:48.102 PM configd[54]: network changed: v4(en1-:XXX.***.X.**) v6(en1-:XXXX:XXX:XXXX:XXXX:XXX:XXXX:XXXX:XXXX) DNS- Proxy-
10/18/17 1:59:48.122 PM CalendarAgent[547]: [com.apple.calendar.store.log.caldav.mismatch] [Sync report for calendar home iCloud, failed with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo={NSUnderlyingError=0<REMOVED>0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 "The Internet connection appears to be offline." UserInfo={NSErrorFailingURLStringKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, NSErrorFailingURLKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, _kCFStreamErrorCodeKey=8, _kCFStreamErrorDomainKey=12, NSLocalizedDescription=The Internet connection appears to be offline.}}, NSErrorFailingURLStringKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, NSErrorFailingURLKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=The Internet connection appears to be offline.}]
10/18/17 1:59:48.151 PM configd[54]: network changed: DNS* Proxy
10/18/17 1:59:48.152 PM UserEventAgent[45]: Captive: [CNInfoNetworkActive:1**8] en1: SSID 'REMOVED' making interface primary (cache indicates network not captive)
10/18/17 1:59:48.152 PM UserEventAgent[45]: Captive: CNPluginHandler en1: Evaluating
10/18/17 1:59:48.162 PM UserEventAgent[45]: Captive: en1: Not probing 'REMOVED' (cache indicates not captive)
10/18/17 1:59:48.163 PM UserEventAgent[45]: Captive: CNPluginHandler en1: Authenticated
10/18/17 1:59:48.184 PM configd[54]: network changed: v4(en1!:XXX.XXX.X.XX) DNS+ Proxy+ SMB
10/18/17 1:59:48.186 PM mDNSResponder[94]: mDNS_RegisterInterface: Frequent transitions for interface en1 (XXX.XXX.X.XX)
10/18/17 1:59:48.207 PM configd[54]: setting hostname to "REMOVED"
10/18/17 1:59:48.450 PM mDNSResponder[94]: mDNS_DeregisterInterface: Frequent transitions for interface en1 (XXX.XXX.X.XX)
10/18/17 1:59:48.580 PM symptomsd[217]: -[NetworkAnalyticsEngine _writeJournalRecord:fromCellFingerprint:key:XXXXX:XXXX:lqm:isFaulty:] Hashing of the primary key failed. Dropping the journal record.
10/18/17 1:59:49.071 PM sharingd[520]: 13:59:49.070 : Starting AirDrop server for user 5*1 on wake
10/18/17 1:59:49.000 PM kernel[0]: en1: BSSID changed to e0:2*:0*:6*:7*:*6
10/18/17 1:59:49.000 PM kernel[0]: en1: channel changed to 52,+1
10/18/17 1:59:49.383 PM imagent[552]: [Warning] No incoming push handler for selector: handler:isConnectedChanged: topic: (null) command: (null) context: (null)
10/18/17 1:59:49.421 PM Mail[2452]: Skipping STATUS for [Gmail]/All Mail because CHECK failed with error: (null)
10/18/17 1:59:49.864 PM imagent[552]: [Warning] No incoming push handler for selector: handler:isConnectedChanged: topic: (null) command: (null) context: (null)
10/18/17 1:59:51.201 PM cloudfamilyrestrictionsd[593]: CFRPushManager : connection:didChangeConnectedStatus: : 1
10/18/17 1:59:51.534 PM SubmitDiagInfo[629]: Removed expired problem report: file:///Library/Logs/DiagnosticReports/WindowServer_2017-09-18-PRIVATE-Macbook.wakeups_resource.diag
10/18/17 1:59:52.907 PM configd[54]: network changed: v4(en1:XXX.XXX.X.XX) v6(en1+::XXXX:XXX:XXXX:XXXX:XXX:XXXX:XXXX:XXXX) DNS! Proxy SMB
10/18/17 1:59:53.945 PM SubmitDiagInfo[629]: Cleaning up expired diagnostic messages database at path: /var/log/DiagnosticMessages/2017.09.18.asl
10/18/17 1:59:54.531 PM com.apple.AddressBook.InternetAccountsBridge[2734]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/18/17 1:59:55.148 PM sandboxd[138]: ([2734]) com.apple.Addres(2734) deny network-outbound /private/var/run/mDNSResponder
10/18/17 1:59:55.283 PM Mail[2452]: XOAUTH2 requires user
10/18/17 1:59:55.283 PM Mail[2452]: Failed to start the SASL connection
SASL(-1): generic failure: XOAUTH2 requires user
10/18/17 1:59:55.605 PM com.apple.AddressBook.InternetAccountsBridge[2734]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/18/17 1:59:55.765 PM secd[608]: __SOSTransportDispatchMessages_block_invoke_4 Transport failed to handle peer info messages: (null)
10/18/17 1:59:55.844 PM secd[608]: securityd_xpc_dictionary_handler cloudd[620] copy_matching Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}
10/18/17 1:59:55.845 PM cloudd[620]: SecOSStatusWith error:[-50] Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}

10/18/17 1:59:56.087 PM Mail[2452]: No worthy mechs found
10/18/17 1:59:56.087 PM Mail[2452]: No worthy mechs found
10/18/17 1:59:56.194 PM sandboxd[138]: ([2**4]) com.apple.Addres(2**4) deny network-outbound /private/var/run/mDNSResponder
10/18/17 1:59:56.461 PM accountsd[6*6]: AIDA Notification plugin running
10/18/17 1:59:56.622 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/18/17 1:59:57.467 PM com.apple.AddressBook.InternetAccountsBridge[2**]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 1:59:57.468 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 1:59:57.468 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 1:59:57.468 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 1:59:57.478 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 1:59:57.478 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 1:59:57.611 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:57.615 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(22) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.615 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.615 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.616 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:57.617 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(24) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.617 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.617 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.699 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/18/17 1:59:58.016 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/18/17 1:59:58.401 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.401 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(26) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.441 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.441 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.804 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.804 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(28) with error:Error Domain=CSIndexErrorDomain Code=-1*3 "(null)"
10/18/17 1:59:58.804 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.804 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.806 PM com.apple.spotlight.IndexAgent[2454]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.806 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(30) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.806 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.806 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.813 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.813 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(32) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.813 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.814 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.000 PM kernel[0]: Sandbox: com.apple.Addres(2734) deny(1) network-outbound /private/var/run/mDNSResponder
10/18/17 1:59:59.082 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/18/17 1:59:59.309 PM IMTransferAgent[2**8]: [Warning] Services all disappeared, removing all accounts
10/18/17 1:59:59.310 PM IMTransferAgent[2**8]: [Warning] Services all disappeared, removing all enabled accounts
10/18/17 1:59:59.310 PM IMTransferAgent[2**8]: [Warning] Services all disappeared, removing all dependent devices
10/18/17 1:59:59.623 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:59.624 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(34) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.624 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.624 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.625 PM com.apple.spotlight.IndexAgent[2454]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:59.625 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(36) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.625 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.626 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.836 PM accountsd[6**]: AIDA Notification plugin running
10/18/17 1:59:59.000 PM kernel[0]: Sandbox: com.apple.Addres(2**6) deny(1) mach-lookup com.apple.cdp.daemon
10/18/17 1:59:59.912 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 1:59:59.915 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 1:59:59.915 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 2:00:00.036 PM accountsd[606]: AIDA Notification plugin running
10/18/17 2:00:00.000 PM kernel[0]: Sandbox: com.apple.Addres(2**4) deny(1) network-outbound /private/var/run/mDNSResponder
10/18/17 2:00:00.121 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/18/17 2:00:00.203 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 2:00:00.204 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 2:00:00.204 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 2:00:00.000 PM kernel[0]: Sandbox: com.apple.Addres(2**6) deny(1) mach-lookup com.apple.cdp.daemon

10/18/17 2:01:12.849 PM com.apple.lakitu[2**5]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 2:01:13.379 PM cdpd[2**9]: Saw change in network reachability (isReachable=2)
10/18/17 2:01:13.383 PM cdpd[2**9]: Received new connection <NSXPCConnection: 0x**********c0> connection from pid 2**5, checking entitlements...
10/18/17 2:01:13.385 PM cdpd[2**9]: Unknown client type with bundleID 'com.apple.lakitu'
10/18/17 2:01:13.617 PM usernoted[5*4]: Connection does not have the proper entitlement (com.apple.private.notificationcenter-system) to connect to the system notification center. All communication will be denied. center com.apple.followup.notification
10/18/17 2:01:13.653 PM com.apple.xpc.launchd[1]: (com.apple.quicklook[2XX2]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook
10/18/17 2:01:13.653 PM cdpd[2759]: KeychainGetICDPStatus: keychain: 0
10/18/17 2:01:13.654 PM cdpd[2759]: KeychainGetICDPStatus: status: on
10/18/17 2:01:13.655 PM com.apple.lakitu[2755]: iCDP status for DSID 1027XXXX5 is ENABLED
10/18/17 2:01:13.656 PM com.apple.lakitu[2755]: Checking user-visible keychain sync status
10/18/17 2:01:13.658 PM cdpd[2759]: Received new connection <NSXPCConnection: 0x**********c0> connection from pid 2755, checking entitlements...
10/18/17 2:01:13.658 PM cdpd[2759]: Unknown client type with bundleID 'com.apple.lakitu'
10/18/17 2:01:13.659 PM cdpd[2759]: Accepting new connection <NSXPCConnection: 0x**********c0> connection from pid 2755 with entitlements mask 3
10/18/17 2:01:13.663 PM cdpd[2759]: Calling SOSCCView returned status 1 for view Passwords - (error: (null))
10/18/17 2:01:13.663 PM cdpd[2759]: Calling SOSCCView for view Passwords reported device is MEMBER - (error: (null))
10/18/17 2:01:13.663 PM cdpd[2759]: Checking circle status with SOSCCThisDeviceIsInCircle to verify view membership is accurate
10/18/17 2:01:13.665 PM com.apple.lakitu[2755]: User-visible keychain sync status is ENABLED
10/18/17 2:01:14.241 PM accountsd[606]: AIDA Notification plugin running
10/18/17 2:01:14.497 PM com.apple.AddressBook.InternetAccountsBridge[2736]: Checking iCDP status for DSID 1027XXXX5 (checkWithServer=0)
10/18/17 2:01:14.555 PM com.apple.AddressBook.InternetAccountsBridge[2736]: XPC Error while checking if iCDP is enabled for DSID 1027XXXX5: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 2:01:14.555 PM com.apple.AddressBook.InternetAccountsBridge[2736]: Daemon connection invalidated!
10/18/17 2:01:15.384 PM sandboxd[138]: ([2736]) com.apple.Addres(2736) deny mach-lookup com.apple.cdp.daemon
10/18/17 2:01:17.499 PM sandboxd[138]: ([631]) DrCleaner(631) deny file-read-data /Users/REMOVED/Desktop/EtreCheck.app/Contents/PkgInfo
10/18/17 2:01:23.135 PM storeassetd[639]: multibyte ASN1 identifiers are not supported.
10/18/17 2:01:24.549 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 520, doesn't have account access.
10/18/17 2:01:24.550 PM sharingd[520]: [Accounts] Failed to update account with identifier CF48461F-XXX-XXX-9383-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:24.675 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 649, doesn't have account access.
10/18/17 2:01:24.675 PM DataDetectorsDynamicData[649]: [Accounts] Failed to update account with identifier CF48461F-EECF-XXX-XXX-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:24.698 PM storeassetd[639]: multibyte ASN1 identifiers are not supported.
10/18/17 2:01:25.580 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 586, doesn't have account access.
10/18/17 2:01:25.581 PM IMDPersistenceAgent[586]: [Accounts] Failed to update account with identifier CF48461F-XXX-XXXX-9383-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:25.657 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 627, doesn't have account access.
10/18/17 2:01:25.658 PM CalNCService[627]: [Accounts] Failed to update account with identifier CF48461F-XXX-XXXX-9383-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:29.215 PM loginwindow[97]: ERROR | -[LWBuiltInScreenLockAuthLion askForPasswordBuiltIn:] | Attempted to add an observer when already observing
10/18/17 2:01:29.434 PM WindowServer[175]: CGXDisplayDidWakeNotification [12632751538163]: posting kCGSDisplayDidWake
10/18/17 2:01:29.435 PM WindowServer[175]: handle_will_sleep_auth_and_shield_windows: Deferring.

There's a start....

hobowankenobi · Oct 19, 2017

Are you running 10.11?

Googled: Sandbox: coreduetd(72) deny(1) file-read-metadata

...and I see lots of issues and complaints of sluggishness, freezes and such on 10.11. It does reinforce the notion that this is likely not a security issue; likely an Apple issue.

Here is one I found right here at MacRumors. Notice the thousands of users mentioned that have reported problems with 10.11.4, some other versions too, and not just the listed model. Seems pretty pervasive.

Oh, and forgot to add, to rule out third party software issues, try Safe Booting and running the machine. Compare that to what it does currently. If it behaves differently, that's a big clue that software is the culprit.

For further non-destructive troubleshooting, try making a new test user account. Log into that account, and run some apps. Compare performance to your regular account. If it is noticeably better, that points to a user-space issue. Helps to rule out (or confirm) system-wide issues...either hardware or software.

yapnikka · Jun 26, 2018

Old post, bumping it because nobody covered some things that definitely should.

1. All these Adware/Malware scanners are redundant and cause their own set of sluggishness. Google "GateKeeper", MacOS has it's own security scanner which parts runs during POST as well as shutting down. Not only redundant, but they only go off a know list of Adw. are how they're known to embed.

2. A lot of adware I'll see aren't API but an enclosed filesystem within the application folder. Stormygreatz is one that cannot be quarantined easily, usually embeds in a few places, and browser hijacks by getting itself into the system files for your WebKit. Also, even deleting it might not get rid of it if it set itself to be a login item.

My best advice to anyone who is having these weird behaviors, (command-r) while turning on, get yourself into Recovery, and reinstall the MacOS. If it's still there, get yourself a new HD.

nic1ole · May 2, 2020

LegacyUser12 said:
part 2....

10/17/17 10:48:30.269 PM coreduetd[72]: LaunchServices: disconnect event received for service com.apple.lsd.modifydb
10/17/17 10:48:32.858 PM WindowServer[175]: _CGXRemoveWindowFromWindowMovementGroup: window 0x3b is not attached to window 0x40
10/17/17 10:48:33.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:33.038 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:48:33.086 PM Safari[626]: tcp_connection_tls_session_error_callback_imp 81 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22
10/17/17 10:48:34.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:34.038 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:48:35.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:35.108 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:48:36.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:36.404 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:48:36.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:36.782 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:48:37.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:37.882 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:48:38.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:38.954 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:48:40.000 PM kernel[0]: Sandbox: com.apple.Addres(2457) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:48:40.019 PM com.apple.AddressBook.InternetAccountsBridge[2457]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:48:42.126 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:48:42.126 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:49:02.861 PM sandboxd[138]: ([72]) coreduetd(72) deny mach-lookup com.apple.lsd.mapdb
10/17/17 10:49:05.529 PM sandboxd[138]: ([72]) coreduetd(72) deny mach-lookup com.apple.lsd.mapdb
10/17/17 10:49:08.672 PM AddressBookSourceSync[2456]: *** -[NSRecursiveLock unlock]: lock (<NSRecursiveLock: 0x**********c0> '/private/var/folders/cw/_rbg26497p95n4qmsmh1h4bw0000gn/T/.AddressBookLocks/_Users_PRIVATE_Library_Application Support_AddressBook_Sources_53948C24-REMOVED-REMOVED-B97A-128FC1A8FC9D_Metadata_.MetaData.lock_lock') unlocked when not locked
10/17/17 10:49:08.673 PM AddressBookSourceSync[2456]: *** Break on _NSLockError() to debug.
10/17/17 10:49:10.167 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-data /private/var/folders/zz/zyxvXXXXXXXsfxvn_n0000000000000/0/com.apple.LaunchServices-1340.csstore
10/17/17 10:49:12.065 PM sandboxd[138]: ([72]) coreduetd(72) deny ipc-posix-shm-read-data /tmp/com.apple.csseed.1*X
10/17/17 10:49:12.924 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-metadata /
10/17/17 10:49:13.118 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-metadata /
10/17/17 10:49:13.393 PM sandboxd[138]: ([72]) coreduetd(72) deny file-read-metadata /
10/17/17 10:49:14.712 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:49:14.712 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:49:24.533 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:49:25.562 PM sandboxd[138]: ([2475]) com.apple.Addres(2475) deny network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:25.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:25.631 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:49:26.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:26.746 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:49:27.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:27.844 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:49:27.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:27.868 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/17/17 10:49:28.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:28.931 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/17/17 10:49:30.031 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/17/17 10:49:30.138 PM sandboxd[138]: ([2475]) com.apple.Addres(2475) deny network-outbound /private/var/run/mDNSResponder
10/17/17 10:49:31.038 PM com.apple.AddressBook.InternetAccountsBridge[2475]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/17/17 10:49:31.242 PM com.apple.xpc.launchd[1]: (com.apple.mdworker.single.04000000-0000-0000-0000-000000000000) Service only ran for 5 seconds. Pushing respawn out by 5 seconds.
10/17/17 10:49:31.243 PM com.apple.xpc.launchd[1]: (com.apple.mdworker.single.05000000-0000-0000-0000-000000000000) Service only ran for 6 seconds. Pushing respawn out by 4 seconds.
10/17/17 10:49:31.384 PM sandboxd[138]: ([2475]) com.apple.Addres(2475) deny network-outbound /private/var/run/mDNSResponder

10/17/17 10:49:28.000 PM kernel[0]: Sandbox: com.apple.Addres(2475) deny(1) network-outbound /private/var/run/mDNSResponder
10/17/17 10:50:51.176 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:50:51.176 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:50:54.769 PM Mail[2452]: Failed to set quarantine properties on /Users/PRIVATE/Library/Mail/V3/5111427B-42A9-XXXX-XXXX-CA37F75D3DE0/[Gmail].mbox/Drafts.mbox/49FC89E9-XXXX-XXXX-AE14-XXXXXX/Data/0/1/Attachments/10682/3/logo-healthstream-large.png: Error Domain=NSCocoaErrorDomain Code=260 "The file “logo-healthstream-large.png” couldn’t be opened because there is no such file." UserInfo={NSURL=file:///Users/PRIVATE/Library/Mail/V3/5111427B-PRIVATE-PRIVATE-B0E2-CA37F75D3DE0/%5BGmail%5D.mbox/Drafts.mbox/49FC89E9-PRIVATE-PRIVATE-AE14-8247A4FF2A8E/Data/0/1/Attachments/10682/3/logo-healthstream-large.png, NSFilePath=/Users/PRIVATE/Library/Mail/V3/5111427B-PRIVATE-PRIVATE-B0E2-CA37F75D3DE0/[Gmail].mbox/Drafts.mbox/49FC89E9-PRIVATE-PRIVATE-AE14-8247A4FF2A8E/Data/0/1/Attachments/10682/3/logo-healthstream-large.png, NSUnderlyingError=0x.....XXX32660 {Error Domain=NSOSStatusErrorDomain Code=-43 "fnfErr: File not found"}}
10/17/17 10:51:26.355 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:51:26.355 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:51:30.869 PM Safari[626]: tcp_connection_tls_session_error_callback_imp 82 __tcp_connection_tls_session_callback_write_block_invoke.434 error 22
10/17/17 10:51:57.470 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:51:57.470 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:52:41.262 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:52:41.262 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:53:22.771 PM Safari[626]: KeychainGetICDPStatus: keychain: 0
10/17/17 10:53:22.771 PM Safari[626]: KeychainGetICDPStatus: status: on
10/17/17 10:55:26.000 PM syslogd[44]: ASL Sender Statistics

10/18/17 2:07:31.797 PM WindowServer[175]: CoreAnimation: timed out fence 1367f

10/18/17 2:05:25.403 PM com.apple.preferences.sharing.remoteservice[2912]: CGContextFillRects: invalid context 0x0. If you want to see the backtrace, please set CG_CONTEXT_SHOW_BACKTRACE environmental variable.

10/18/17 2:08:31.000 PM kernel[0]: Sandbox: mdworker(2939) deny(1) file-read-data /Users/mymacbook/Library/Preferences/com.apple.security.plist

10/18/17 2:08:39.713 PM sharingd[520]: 14:08:39.713 : SDConnectionManager:: XPC connection invalidated
10/18/17 2:08:39.873 PM syncdefaultsd[2936]: com.apple.mail has been removed from syncing apps.
10/18/17 2:33:58.512 PM sandboxd[138]: ([616]) storeaccountd(616) deny file-write-create /Users/mymacbook/Library/Caches/com.apple.Safari/ProductionBag

10/18/17 3:09:19.053 PM WindowServer[175]: disable_update_timeout: UI updates were forcibly disabled by application "Terminal" for over 1.00 seconds. Server has re-enabled them.
10/18/17 3:09:28.069 PM WindowServer[175]: common_reenable_update: UI updates were finally reenabled by application "Terminal" after 10.02 seconds [0.10fps] (server forcibly re-enabled them after 1.00 seconds [1.00fps])

10/18/17 12:01:03.771 AM com.apple.WebKit.WebContent[2689]: [00:01:03.771] mv_LowLevelCheckIfVideoPlayableUsingDecoder signalled err=-12956 (kFigMediaValidatorError_VideoCodecNotSupported) (video codec 1) at line 1921
10/18/17 12:01:32.796 AM com.apple.xpc.launchd[1]: (com.apple.WebKit.Networking.7EE3F13C-PRIVATE-PRIVATE-9356-048CF2C1ED77[636]) Service exited with abnormal code: 1
10/18/17 12:01:32.930 AM com.apple.xpc.launchd[1]: (com.apple.WebKit.Databases.F3FE18EA-PRIVATE-PRIVATE-BE4D-C3BEB1BAC71C[1459]) Service exited with abnormal code: 1
10/18/17 12:01:33.774 AM AirPlayUIAgent[5PRIVATE1]: 2017-10-18 12:01:33.774028 AM [AirPlayUIAgent] BecomingInactive: NSWorkspaceWillSleepNotification
10/18/17 12:01:33.865 AM com.apple.xpc.launchd[1]: (com.apple.WebKit.WebContent.B3141EEB-PRIVATE-PRIVATE-BFD8-17963DD5955A[2689]) Service exited with abnormal code: 1

10/18/17 12:01:34.595 AM com.apple.SecurityServer[84]: Killing auth hosts
10/18/17 12:01:34.595 AM com.apple.SecurityServer[84]: Session 100020 destroyed
10/18/17 12:01:34.915 AM identityservicesd[539]: <IMMacNotificationCenterManager: 0x**********c0>: NC Disabled: NO
10/18/17 12:01:36.737 AM WindowServer[175]: CGError post_notification(const CGSNotificationType, void *const, const size_t, const bool, const CGSRealTimeDelta, const int, const CGSConnectionID *const, const pid_t): Timed out 1.000 second wait for reply from "loginwindow" for synchronous notification type 102 (kCGSDisplayWillSleep) (CID 0x7007, PID 97)
10/18/17 12:01:36.738 AM WindowServer[175]: device_generate_desktop_screenshot: authw 0x0(0), shield 0x**********c0(2001)
10/18/17 12:01:36.875 AM WindowServer[175]: device_generate_lock_screen_screenshot: authw 0x0(0)[inf, inf, 0, 0] shield 0x**********c0(2001), dev [1280,800]
10/18/17 12:01:37.000 AM kernel[0]: IOCTL not recognized: 234 out of 236
10/18/17 12:01:38.736 AM cloudfamilyrestrictionsd[593]: CFRPushManager : connection:didChangeConnectedStatus: : 0
10/18/17 12:01:42.000 AM kernel[0]: PM response took 6587 ms (55, powerd)
10/18/17 12:01:42.000 AM kernel[0]: AirPort_BXXX43xx:owerChange: System Sleep
10/18/17 1:59:41.000 PM kernel[0]: Opened file /var/vm/sleepimage, size 4294967296, extents 6, maxio 2000000 ssd 0
10/18/17 1:59:41.000 PM kernel[0]: 00000000 00000020 NVEthernet::setLinkStatus - not Active
10/18/17 1:59:41.000 PM kernel[0]: en1: BSSID changed to e0:2*:0*:6*:7*:*6
10/18/17 1:59:41.000 PM kernel[0]: en1: channel changed to 52,+1
10/18/17 1:59:41.000 PM kernel[0]: wlEvent: en1 en1 Link DOWN virtIf = 0
10/18/17 1:59:41.000 PM kernel[0]: AirPort: Link Down on en1. Reason 8 (Disassociated because station leaving).
10/18/17 1:59:41.000 PM kernel[0]: Got incomplete channel sequence length 0, should be 16
10/18/17 1:59:41.000 PM kernel[0]: Got incomplete channel sequence length 0, should be 16
10/18/17 1:59:41.000 PM kernel[0]: en1::IO80211Interface:ostMessage bssid changed
10/18/17 1:59:41.000 PM kernel[0]: Sandbox: mDNSResponder(94) deny(1) mach-lookup com.apple.distributed_notifications@1v3
10/18/17 1:59:41.000 PM kernel[0]: Previous sleep cause: 5
10/18/17 1:59:41.000 PM kernel[0]: en1: 802.11d country code set to 'X0'.
10/18/17 1:59:41.000 PM kernel[0]: en1: Supported channels 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 136 140 149 153 157 161 165
10/18/17 1:59:41.000 PM kernel[0]: en1: channel changed to 1
10/18/17 1:59:41.000 PM kernel[0]: 00000000 00000020 NVEthernet::setLinkStatus - not Active
10/18/17 1:59:41.573 PM symptomsd[217]: -[NetworkAnalyticsEngine _writeJournalRecord:fromCellFingerprint:key:atLOI:REMOVED:lqm:isFaulty:] Hashing of the primary key failed. Dropping the journal record.
10/18/17 1:59:41.705 PM WindowServer[175]: CGXDisplayDidWakeNotification [12525XXXX30960]: posting kCGSDisplayDidWake
10/18/17 1:59:41.706 PM WindowServer[175]: handle_will_sleep_auth_and_shield_windows: Reordering authw 0x**********c0(2000) (lock state: 3)
10/18/17 1:59:41.706 PM WindowServer[175]: handle_will_sleep_auth_and_shield_windows: err 0x0
10/18/17 1:59:41.753 PM loginwindow[97]: magsafeStateChanged state changed old 2 new 1
10/18/17 1:59:41.830 PM identityservicesd[539]: <IMMacNotificationCenterManager: 0x**********c0>: notification observer: com.apple.iChat notification: __CFNotification 0x**********c0 {name = _NSDoNotDisturbDisabledNotification}
10/18/17 1:59:43.834 PM com.apple.xpc.launchd[1]: (com.apple.bsd.dirhelper[2**1]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.bsd.dirhelper
10/18/17 1:59:43.927 PM loginwindow[97]: CoreAnimation: warning, deleted thread with uncommitted CATransaction; set CA_DEBUG_TRANSACTIONS=1 in environment to log backtraces.
10/18/17 1:59:43.000 PM kernel[0]: en1: channel changed to 1
10/18/17 1:59:44.513 PM blued[89]: hciControllerOnline; HID devices? 2
10/18/17 1:59:44.574 PM blued[89]: Save link key for device: 58-**-**-**-f1-fe
10/18/17 1:59:44.594 PM blued[89]: Removed device :58-**-**-**-f1-fe from the blacklist
10/18/17 1:59:44.602 PM blued[89]: Save link key for device: 50-**-**-**-10-40
10/18/17 1:59:44.621 PM blued[89]: Removed device :50-**-**-**-10-40 from the blacklist
10/18/17 1:59:44.750 PM SubmitDiagInfo[2700]: Triggering diganostics messages cleanup
10/18/17 1:59:46.057 PM SubmitDiagInfo[629]: Removed expired problem report: file:///Library/Logs/DiagnosticReports/awdd_2017-09-18-13**57_PRIVATE-Macbook.awd
10/18/17 1:59:48.000 PM kernel[0]: MacAuthEvent en1 Auth result for: e0:2*:0*:6*:7*:*6 MAC AUTH succeeded
10/18/17 1:59:48.000 PM kernel[0]: wlEvent: en1 en1 Link UP virtIf = 0
10/18/17 1:59:48.000 PM kernel[0]: AirPort: Link Up on en1
10/18/17 1:59:48.000 PM kernel[0]: Got incomplete channel sequence length 0, should be 16
10/18/17 1:59:48.000 PM kernel[0]: en1: BSSID changed to e0:2*:0*:6*:7*:*6
10/18/17 1:59:48.000 PM kernel[0]: en1: channel changed to 52,+1
10/18/17 1:59:48.000 PM kernel[0]: en1::IO80211Interface:ostMessage bssid changed
10/18/17 1:59:48.000 PM kernel[0]: in6_unlink_ifa: IPv6 address 0<REMOVED>9 has no prefix
10/18/17 1:59:48.067 PM configd[54]: LINKLOCAL en1: parent has no IP
10/18/17 1:59:48.000 PM kernel[0]: Unexpected payload found for message 9, dataLen 0
10/18/17 1:59:48.077 PM launchd[1]: BUG in libdispatch: 15**1 - 1**8 - 0*0
10/18/17 1:59:48.090 PM configd[54]: setting hostname to "REMOVED-Macbook.local"
10/18/17 1:59:48.000 PM kernel[0]: AirPort: RSN handshake complete on en1
10/18/17 1:59:48.098 PM UserEventAgent[45]: Captive: CNPluginHandler en1: Inactive
10/18/17 1:59:48.102 PM configd[54]: network changed: v4(en1-:XXX.***.X.**) v6(en1-:XXXX:XXX:XXXX:XXXX:XXX:XXXX:XXXX:XXXX) DNS- Proxy-
10/18/17 1:59:48.122 PM CalendarAgent[547]: [com.apple.calendar.store.log.caldav.mismatch] [Sync report for calendar home iCloud, failed with error Error Domain=NSURLErrorDomain Code=-1009 "The Internet connection appears to be offline." UserInfo={NSUnderlyingError=0<REMOVED>0 {Error Domain=kCFErrorDomainCFNetwork Code=-1009 "The Internet connection appears to be offline." UserInfo={NSErrorFailingURLStringKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, NSErrorFailingURLKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, _kCFStreamErrorCodeKey=8, _kCFStreamErrorDomainKey=12, NSLocalizedDescription=The Internet connection appears to be offline.}}, NSErrorFailingURLStringKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, NSErrorFailingURLKey=https://REMOVED@gmail.com@XXX-caldav.icloud.com/REMOVED/calendars/, _kCFStreamErrorDomainKey=12, _kCFStreamErrorCodeKey=8, NSLocalizedDescription=The Internet connection appears to be offline.}]
10/18/17 1:59:48.151 PM configd[54]: network changed: DNS* Proxy
10/18/17 1:59:48.152 PM UserEventAgent[45]: Captive: [CNInfoNetworkActive:1**8] en1: SSID 'REMOVED' making interface primary (cache indicates network not captive)
10/18/17 1:59:48.152 PM UserEventAgent[45]: Captive: CNPluginHandler en1: Evaluating
10/18/17 1:59:48.162 PM UserEventAgent[45]: Captive: en1: Not probing 'REMOVED' (cache indicates not captive)
10/18/17 1:59:48.163 PM UserEventAgent[45]: Captive: CNPluginHandler en1: Authenticated
10/18/17 1:59:48.184 PM configd[54]: network changed: v4(en1!:XXX.XXX.X.XX) DNS+ Proxy+ SMB
10/18/17 1:59:48.186 PM mDNSResponder[94]: mDNS_RegisterInterface: Frequent transitions for interface en1 (XXX.XXX.X.XX)
10/18/17 1:59:48.207 PM configd[54]: setting hostname to "REMOVED"
10/18/17 1:59:48.450 PM mDNSResponder[94]: mDNS_DeregisterInterface: Frequent transitions for interface en1 (XXX.XXX.X.XX)
10/18/17 1:59:48.580 PM symptomsd[217]: -[NetworkAnalyticsEngine _writeJournalRecord:fromCellFingerprint:key:XXXXX:XXXX:lqm:isFaulty:] Hashing of the primary key failed. Dropping the journal record.
10/18/17 1:59:49.071 PM sharingd[520]: 13:59:49.070 : Starting AirDrop server for user 5*1 on wake
10/18/17 1:59:49.000 PM kernel[0]: en1: BSSID changed to e0:2*:0*:6*:7*:*6
10/18/17 1:59:49.000 PM kernel[0]: en1: channel changed to 52,+1
10/18/17 1:59:49.383 PM imagent[552]: [Warning] No incoming push handler for selector: handler:isConnectedChanged: topic: (null) command: (null) context: (null)
10/18/17 1:59:49.421 PM Mail[2452]: Skipping STATUS for [Gmail]/All Mail because CHECK failed with error: (null)
10/18/17 1:59:49.864 PM imagent[552]: [Warning] No incoming push handler for selector: handler:isConnectedChanged: topic: (null) command: (null) context: (null)
10/18/17 1:59:51.201 PM cloudfamilyrestrictionsd[593]: CFRPushManager : connection:didChangeConnectedStatus: : 1
10/18/17 1:59:51.534 PM SubmitDiagInfo[629]: Removed expired problem report: file:///Library/Logs/DiagnosticReports/WindowServer_2017-09-18-PRIVATE-Macbook.wakeups_resource.diag
10/18/17 1:59:52.907 PM configd[54]: network changed: v4(en1:XXX.XXX.X.XX) v6(en1+::XXXX:XXX:XXXX:XXXX:XXX:XXXX:XXXX:XXXX) DNS! Proxy SMB
10/18/17 1:59:53.945 PM SubmitDiagInfo[629]: Cleaning up expired diagnostic messages database at path: /var/log/DiagnosticMessages/2017.09.18.asl
10/18/17 1:59:54.531 PM com.apple.AddressBook.InternetAccountsBridge[2734]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/18/17 1:59:55.148 PM sandboxd[138]: ([2734]) com.apple.Addres(2734) deny network-outbound /private/var/run/mDNSResponder
10/18/17 1:59:55.283 PM Mail[2452]: XOAUTH2 requires user
10/18/17 1:59:55.283 PM Mail[2452]: Failed to start the SASL connection
SASL(-1): generic failure: XOAUTH2 requires user
10/18/17 1:59:55.605 PM com.apple.AddressBook.InternetAccountsBridge[2734]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/18/17 1:59:55.765 PM secd[608]: __SOSTransportDispatchMessages_block_invoke_4 Transport failed to handle peer info messages: (null)
10/18/17 1:59:55.844 PM secd[608]: securityd_xpc_dictionary_handler cloudd[620] copy_matching Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}
10/18/17 1:59:55.845 PM cloudd[620]: SecOSStatusWith error:[-50] Error Domain=NSOSStatusErrorDomain Code=-50 "query missing class name" (paramErr: error in user parameter list) UserInfo={NSDescription=query missing class name}

10/18/17 1:59:56.087 PM Mail[2452]: No worthy mechs found
10/18/17 1:59:56.087 PM Mail[2452]: No worthy mechs found
10/18/17 1:59:56.194 PM sandboxd[138]: ([2**4]) com.apple.Addres(2**4) deny network-outbound /private/var/run/mDNSResponder
10/18/17 1:59:56.461 PM accountsd[6*6]: AIDA Notification plugin running
10/18/17 1:59:56.622 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/18/17 1:59:57.467 PM com.apple.AddressBook.InternetAccountsBridge[2**]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 1:59:57.468 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 1:59:57.468 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 1:59:57.468 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 1:59:57.478 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 1:59:57.478 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 1:59:57.611 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:57.615 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(22) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.615 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.615 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.616 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:57.617 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(24) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.617 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.617 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:57.699 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect() failed path:/var/run/mDNSResponder Socket:4 Err:-1 Errno:1 Operation not permitted
10/18/17 1:59:58.016 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 1
10/18/17 1:59:58.401 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.401 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(26) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.441 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.441 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.804 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.804 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(28) with error:Error Domain=CSIndexErrorDomain Code=-1*3 "(null)"
10/18/17 1:59:58.804 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.804 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.806 PM com.apple.spotlight.IndexAgent[2454]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.806 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(30) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.806 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.806 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.813 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:58.813 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(32) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.813 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:58.814 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.000 PM kernel[0]: Sandbox: com.apple.Addres(2734) deny(1) network-outbound /private/var/run/mDNSResponder
10/18/17 1:59:59.082 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 2
10/18/17 1:59:59.309 PM IMTransferAgent[2**8]: [Warning] Services all disappeared, removing all accounts
10/18/17 1:59:59.310 PM IMTransferAgent[2**8]: [Warning] Services all disappeared, removing all enabled accounts
10/18/17 1:59:59.310 PM IMTransferAgent[2**8]: [Warning] Services all disappeared, removing all dependent devices
10/18/17 1:59:59.623 PM com.apple.spotlight.IndexAgent[2**4]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:59.624 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(34) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.624 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.624 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: indexing searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.625 PM com.apple.spotlight.IndexAgent[2454]: [com.apple.corespotlight.log] Not allowed to pass in bundle ID
10/18/17 1:59:59.625 PM IMDPersistenceAgent[5*6]: [com.apple.corespotlight.log.index] Finished "index items"(36) with error:Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.625 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.626 PM IMDPersistenceAgent[5*6]: [Warning] IMDChatAddMessageToSpotlight: deleting message for searchable items failed with error Error Domain=CSIndexErrorDomain Code=-1**3 "(null)"
10/18/17 1:59:59.836 PM accountsd[6**]: AIDA Notification plugin running
10/18/17 1:59:59.000 PM kernel[0]: Sandbox: com.apple.Addres(2**6) deny(1) mach-lookup com.apple.cdp.daemon
10/18/17 1:59:59.912 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 1:59:59.915 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 1:59:59.915 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 2:00:00.036 PM accountsd[606]: AIDA Notification plugin running
10/18/17 2:00:00.000 PM kernel[0]: Sandbox: com.apple.Addres(2**4) deny(1) network-outbound /private/var/run/mDNSResponder
10/18/17 2:00:00.121 PM com.apple.AddressBook.InternetAccountsBridge[2**4]: dnssd_clientstub ConnectToServer: connect()-> No of tries: 3
10/18/17 2:00:00.203 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 2:00:00.204 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: XPC Error while checking if iCDP is enabled for DSID 10*7*6*0*5: Error Domain=NSCocoaErrorDomain Code=4**9 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 2:00:00.204 PM com.apple.AddressBook.InternetAccountsBridge[2**6]: Daemon connection invalidated!
10/18/17 2:00:00.000 PM kernel[0]: Sandbox: com.apple.Addres(2**6) deny(1) mach-lookup com.apple.cdp.daemon

10/18/17 2:01:12.849 PM com.apple.lakitu[2**5]: Checking iCDP status for DSID 10*7*6*0*5 (checkWithServer=0)
10/18/17 2:01:13.379 PM cdpd[2**9]: Saw change in network reachability (isReachable=2)
10/18/17 2:01:13.383 PM cdpd[2**9]: Received new connection <NSXPCConnection: 0x**********c0> connection from pid 2**5, checking entitlements...
10/18/17 2:01:13.385 PM cdpd[2**9]: Unknown client type with bundleID 'com.apple.lakitu'
10/18/17 2:01:13.617 PM usernoted[5*4]: Connection does not have the proper entitlement (com.apple.private.notificationcenter-system) to connect to the system notification center. All communication will be denied. center com.apple.followup.notification
10/18/17 2:01:13.653 PM com.apple.xpc.launchd[1]: (com.apple.quicklook[2XX2]) Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.quicklook
10/18/17 2:01:13.653 PM cdpd[2759]: KeychainGetICDPStatus: keychain: 0
10/18/17 2:01:13.654 PM cdpd[2759]: KeychainGetICDPStatus: status: on
10/18/17 2:01:13.655 PM com.apple.lakitu[2755]: iCDP status for DSID 1027XXXX5 is ENABLED
10/18/17 2:01:13.656 PM com.apple.lakitu[2755]: Checking user-visible keychain sync status
10/18/17 2:01:13.658 PM cdpd[2759]: Received new connection <NSXPCConnection: 0x**********c0> connection from pid 2755, checking entitlements...
10/18/17 2:01:13.658 PM cdpd[2759]: Unknown client type with bundleID 'com.apple.lakitu'
10/18/17 2:01:13.659 PM cdpd[2759]: Accepting new connection <NSXPCConnection: 0x**********c0> connection from pid 2755 with entitlements mask 3
10/18/17 2:01:13.663 PM cdpd[2759]: Calling SOSCCView returned status 1 for view Passwords - (error: (null))
10/18/17 2:01:13.663 PM cdpd[2759]: Calling SOSCCView for view Passwords reported device is MEMBER - (error: (null))
10/18/17 2:01:13.663 PM cdpd[2759]: Checking circle status with SOSCCThisDeviceIsInCircle to verify view membership is accurate
10/18/17 2:01:13.665 PM com.apple.lakitu[2755]: User-visible keychain sync status is ENABLED
10/18/17 2:01:14.241 PM accountsd[606]: AIDA Notification plugin running
10/18/17 2:01:14.497 PM com.apple.AddressBook.InternetAccountsBridge[2736]: Checking iCDP status for DSID 1027XXXX5 (checkWithServer=0)
10/18/17 2:01:14.555 PM com.apple.AddressBook.InternetAccountsBridge[2736]: XPC Error while checking if iCDP is enabled for DSID 1027XXXX5: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service named com.apple.cdp.daemon was invalidated." UserInfo={NSDebugDescription=The connection to service named com.apple.cdp.daemon was invalidated.}
10/18/17 2:01:14.555 PM com.apple.AddressBook.InternetAccountsBridge[2736]: Daemon connection invalidated!
10/18/17 2:01:15.384 PM sandboxd[138]: ([2736]) com.apple.Addres(2736) deny mach-lookup com.apple.cdp.daemon
10/18/17 2:01:17.499 PM sandboxd[138]: ([631]) DrCleaner(631) deny file-read-data /Users/REMOVED/Desktop/EtreCheck.app/Contents/PkgInfo
10/18/17 2:01:23.135 PM storeassetd[639]: multibyte ASN1 identifiers are not supported.
10/18/17 2:01:24.549 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 520, doesn't have account access.
10/18/17 2:01:24.550 PM sharingd[520]: [Accounts] Failed to update account with identifier CF48461F-XXX-XXX-9383-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:24.675 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 649, doesn't have account access.
10/18/17 2:01:24.675 PM DataDetectorsDynamicData[649]: [Accounts] Failed to update account with identifier CF48461F-EECF-XXX-XXX-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:24.698 PM storeassetd[639]: multibyte ASN1 identifiers are not supported.
10/18/17 2:01:25.580 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 586, doesn't have account access.
10/18/17 2:01:25.581 PM IMDPersistenceAgent[586]: [Accounts] Failed to update account with identifier CF48461F-XXX-XXXX-9383-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:25.657 PM com.apple.AddressBook.ContactsAccountsService[607]: [Accounts] Current connection, <NSXPCConnection: 0x**********c0> connection from pid 627, doesn't have account access.
10/18/17 2:01:25.658 PM CalNCService[627]: [Accounts] Failed to update account with identifier CF48461F-XXX-XXXX-9383-0362XXXA3C0F, error: Error Domain=ABAddressBookErrorDomain Code=1002 "(null)"
10/18/17 2:01:29.215 PM loginwindow[97]: ERROR | -[LWBuiltInScreenLockAuthLion askForPasswordBuiltIn:] | Attempted to add an observer when already observing
10/18/17 2:01:29.434 PM WindowServer[175]: CGXDisplayDidWakeNotification [12632751538163]: posting kCGSDisplayDidWake
10/18/17 2:01:29.435 PM WindowServer[175]: handle_will_sleep_auth_and_shield_windows: Deferring.

There's a start....

Did you ever find a resolution to this issue? I am having the same exact problem and it is driving me insane. Any advice would be greatly appreciated. Thank you

Search

Search

Seeking expert to assist, concerned I have been hacked!

LegacyUser12

macrumors member

hobowankenobi

macrumors 68020

BrianBaughn

macrumors G3

Mr_Brightside_@

macrumors 68040

LegacyUser12

macrumors member

LegacyUser12

macrumors member

hobowankenobi

macrumors 68020

yapnikka

macrumors newbie

nic1ole

macrumors newbie

Our Staff