Hello:
I couple days ago I had someone who I don't know very well over for a few hours. To make a long story short, he was asking a lot of questions about my home network and spent a lot of time on his phone while attempting to not let me see what he's doing. At some point, I grabbed the phone out of his hand and he had an array of hacking tools on his phone set up to look like common apps. I immediately turned off my computer and disconnected the modem.
I kept the computer disconnected for three days while researching open processes and strange lines in the system logs. Unfortunately I erased them. But I do have some existing questions.
Sharingd seems to be performing a lot of strange tasks, including changing my apple id. User access to different files and folders keep changing. (I, as the administrator, can't open a folder under the guest account.) One line that I found particularly suspicious I performed a google search on and a moderator in that case explained that it seemed like FBI-Fed surveillance.
I'm particularly interested, now, about the following lines. How is sharing changing my apple id, why is airdrop server starting for "user 501," etc.? Are these lines at all suspicious for someone who has both airdrop and remote access disabled?
3/3/15 6:35:44.525 PM sharingd[3866]: 18:35:44.525 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:35:52.213 PM sharingd[3866]: 18:35:52.212 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:01.706 PM sharingd[3866]: 18:36:01.705 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:11.197 PM sharingd[3866]: 18:36:11.196 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:20.688 PM sharingd[3866]: 18:36:20.687 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:27.882 PM sharingd[3866]: 18:36:27.882 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:51.111 PM sharingd[3866]: 18:36:51.111 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:56.341 PM sharingd[3866]: 18:36:56.340 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 8:10:47.409 PM sharingd[3866]: 20:10:47.409 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 8:10:54.316 PM sharingd[3866]: 20:10:54.316 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 8:11:03.221 PM sharingd[3866]: 20:11:03.221 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: TetheringTargetPresence (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 8:11:34.297 PM sharingd[3866]: 20:11:34.296 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: TetheringTargetPresence (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 8:25:57.567 PM sharingd[3866]: 20:25:57.567 : Bonjour discovery started
3/3/15 8:25:57.569 PM sharingd[3866]: 20:25:57.568 : Finder entered AirDrop
3/3/15 8:25:57.647 PM sharingd[3866]: 20:25:57.647 : BTLE advertiser Powered Off
3/3/15 8:26:07.725 PM sharingd[3866]: 20:26:07.724 : Bonjour discovery stopped
3/3/15 8:26:07.725 PM sharingd[3866]: 20:26:07.724 : BTLE advertising stopped
3/3/15 8:26:07.727 PM sharingd[3866]: 20:26:07.727 : Finder exited AirDrop
3/3/15 8:51:21.932 PM sharingd[3866]: 20:51:21.932 : SDConnectionManager:: XPC connection invalidated
3/3/15 8:51:33.743 PM sharingd[3866]: 20:51:33.740 : SIGTERM received, shutting down.
3/3/15 9:00:31.707 PM com.apple.xpc.launchd[1]: (com.apple.sharingd) This service is defined to be constantly running and is inherently inefficient.
3/3/15 9:00:35.389 PM sharingd[298]: 21:00:35.388 : Starting Up...
3/3/15 9:00:35.397 PM sharingd[298]: 21:00:35.396 : Device Capabilities (Handoff:YES, Instant Hotspot:YES, AirDrop:YES, Legacy AirDrop:YES, Remote Disc:YES)
3/3/15 9:00:35.713 PM sharingd[298]: 21:00:35.712 WARNING: >compload> AudioComponentPluginLoader.cpp:391: QueryBundle: AudioComponentPluginLoader: can't create bundle: QuickTimeAudioComponents.component -- file:///System/Library/Components/
3/3/15 9:00:42.640 PM sharingd[298]: 21:00:42.640 : Bonjour discovery started
3/3/15 9:00:42.644 PM sharingd[298]: 21:00:42.643 : BTLE advertiser Powered Off
3/3/15 9:00:52.414 PM sharingd[298]: 21:00:52.413 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 9:00:53.421 PM sharingd[298]: 21:00:53.420 : Bonjour discovery stopped
3/3/15 9:00:53.422 PM sharingd[298]: 21:00:53.422 : BTLE advertising stopped
3/3/15 9:00:53.424 PM sharingd[298]: 21:00:53.423 : Bonjour discovery started
3/3/15 9:00:53.431 PM sharingd[298]: 21:00:53.431 : BTLE advertiser Powered Off
3/3/15 9:01:07.705 PM sharingd[298]: 21:01:07.704 : Bonjour discovery stopped
3/3/15 9:01:07.705 PM sharingd[298]: 21:01:07.705 : BTLE advertising stopped
3/3/15 9:01:52.431 PM sharingd[298]: 21:01:52.430 : Apple ID account changed
3/3/15 10:07:15.726 PM sharingd[298]: 22:07:15.726 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.384 PM sharingd[298]: 22:22:39.384 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.548 PM sharingd[298]: 22:22:39.548 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.664 PM sharingd[298]: 22:22:39.662 : Starting AirDrop server for user 501 on wake
3/3/15 10:22:39.778 PM sharingd[298]: 22:22:39.777 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.798 PM sharingd[298]: 22:22:39.798 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.817 PM sharingd[298]: 22:22:39.816 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:43.009 PM sharingd[298]: 22:22:43.008 : SDStatusMonitor::kStatusWirelessPowerChanged
I couple days ago I had someone who I don't know very well over for a few hours. To make a long story short, he was asking a lot of questions about my home network and spent a lot of time on his phone while attempting to not let me see what he's doing. At some point, I grabbed the phone out of his hand and he had an array of hacking tools on his phone set up to look like common apps. I immediately turned off my computer and disconnected the modem.
I kept the computer disconnected for three days while researching open processes and strange lines in the system logs. Unfortunately I erased them. But I do have some existing questions.
Sharingd seems to be performing a lot of strange tasks, including changing my apple id. User access to different files and folders keep changing. (I, as the administrator, can't open a folder under the guest account.) One line that I found particularly suspicious I performed a google search on and a moderator in that case explained that it seemed like FBI-Fed surveillance.
I'm particularly interested, now, about the following lines. How is sharing changing my apple id, why is airdrop server starting for "user 501," etc.? Are these lines at all suspicious for someone who has both airdrop and remote access disabled?
3/3/15 6:35:44.525 PM sharingd[3866]: 18:35:44.525 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:35:52.213 PM sharingd[3866]: 18:35:52.212 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:01.706 PM sharingd[3866]: 18:36:01.705 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:11.197 PM sharingd[3866]: 18:36:11.196 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:20.688 PM sharingd[3866]: 18:36:20.687 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:27.882 PM sharingd[3866]: 18:36:27.882 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:51.111 PM sharingd[3866]: 18:36:51.111 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 6:36:56.341 PM sharingd[3866]: 18:36:56.340 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: Activity (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 8:10:47.409 PM sharingd[3866]: 20:10:47.409 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 8:10:54.316 PM sharingd[3866]: 20:10:54.316 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 8:11:03.221 PM sharingd[3866]: 20:11:03.221 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: TetheringTargetPresence (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 8:11:34.297 PM sharingd[3866]: 20:11:34.296 : SDActivityAdvertiser::continuity:didFailToStartAdvertisingOfType:withError: TetheringTargetPresence (The operation couldnt be completed. (com.apple.identityservices.error error 200.))
3/3/15 8:25:57.567 PM sharingd[3866]: 20:25:57.567 : Bonjour discovery started
3/3/15 8:25:57.569 PM sharingd[3866]: 20:25:57.568 : Finder entered AirDrop
3/3/15 8:25:57.647 PM sharingd[3866]: 20:25:57.647 : BTLE advertiser Powered Off
3/3/15 8:26:07.725 PM sharingd[3866]: 20:26:07.724 : Bonjour discovery stopped
3/3/15 8:26:07.725 PM sharingd[3866]: 20:26:07.724 : BTLE advertising stopped
3/3/15 8:26:07.727 PM sharingd[3866]: 20:26:07.727 : Finder exited AirDrop
3/3/15 8:51:21.932 PM sharingd[3866]: 20:51:21.932 : SDConnectionManager:: XPC connection invalidated
3/3/15 8:51:33.743 PM sharingd[3866]: 20:51:33.740 : SIGTERM received, shutting down.
3/3/15 9:00:31.707 PM com.apple.xpc.launchd[1]: (com.apple.sharingd) This service is defined to be constantly running and is inherently inefficient.
3/3/15 9:00:35.389 PM sharingd[298]: 21:00:35.388 : Starting Up...
3/3/15 9:00:35.397 PM sharingd[298]: 21:00:35.396 : Device Capabilities (Handoff:YES, Instant Hotspot:YES, AirDrop:YES, Legacy AirDrop:YES, Remote Disc:YES)
3/3/15 9:00:35.713 PM sharingd[298]: 21:00:35.712 WARNING: >compload> AudioComponentPluginLoader.cpp:391: QueryBundle: AudioComponentPluginLoader: can't create bundle: QuickTimeAudioComponents.component -- file:///System/Library/Components/
3/3/15 9:00:42.640 PM sharingd[298]: 21:00:42.640 : Bonjour discovery started
3/3/15 9:00:42.644 PM sharingd[298]: 21:00:42.643 : BTLE advertiser Powered Off
3/3/15 9:00:52.414 PM sharingd[298]: 21:00:52.413 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 9:00:53.421 PM sharingd[298]: 21:00:53.420 : Bonjour discovery stopped
3/3/15 9:00:53.422 PM sharingd[298]: 21:00:53.422 : BTLE advertising stopped
3/3/15 9:00:53.424 PM sharingd[298]: 21:00:53.423 : Bonjour discovery started
3/3/15 9:00:53.431 PM sharingd[298]: 21:00:53.431 : BTLE advertiser Powered Off
3/3/15 9:01:07.705 PM sharingd[298]: 21:01:07.704 : Bonjour discovery stopped
3/3/15 9:01:07.705 PM sharingd[298]: 21:01:07.705 : BTLE advertising stopped
3/3/15 9:01:52.431 PM sharingd[298]: 21:01:52.430 : Apple ID account changed
3/3/15 10:07:15.726 PM sharingd[298]: 22:07:15.726 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.384 PM sharingd[298]: 22:22:39.384 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.548 PM sharingd[298]: 22:22:39.548 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.664 PM sharingd[298]: 22:22:39.662 : Starting AirDrop server for user 501 on wake
3/3/15 10:22:39.778 PM sharingd[298]: 22:22:39.777 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.798 PM sharingd[298]: 22:22:39.798 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:39.817 PM sharingd[298]: 22:22:39.816 : SDStatusMonitor::kStatusWirelessPowerChanged
3/3/15 10:22:43.009 PM sharingd[298]: 22:22:43.008 : SDStatusMonitor::kStatusWirelessPowerChanged
