Have I been hacked?

[mazzy]

I've bought a Mac Mini a couple of months ago because I'd been repeatedly hacked using Windows XP. I'd been told that Mac's were hack proof.

I swear the day I got this, I had a user named Troy logged on. (Troy as in trojan?) I've made many attempts to do an erase and install, talked to Mac help desk...they were absolutely no help. They just repeated over and over that Mac's don't get viruses and don't get hacked.

I'm so freaking frustrated. I have the same thing as before. I always suspected that I had a linux rootkit on my xp machine. Too many files I had were either linux or wine. If I edited them, they immediately reappeared with a ~. Can't delete cookies or cache, iconcache, fontcache, netboot. etc.....

Same thing on this machine. I'm not part of a network, but I have a network installed. I'm not a server, but I have a server installed. I try to find info on certain files on the web, but I get redirected. Nothing works like it's supposed to.


I'm desperate!

[fryke]

Okay. Can you reformulate the question, please? ... Leave out anything about prior experiences with Windows and/or linux, because right now, we just want to look at your Mac mini.

Which model is it? intel or PowerPC, how much RAM etc.? Which operating system version is installed? And what _exactly_ are the current signs of some abuse of the computer?

Just to put things right here: It's not _impossible_ that someone would hack into your system. Depending on what services you have running which let outsiders gain (wanted) access to your computer, you also open some doors for _unwanted_ access. I.e.: If your computer is listening on the ports for Windows Sharing, you basically have the package Samba running with _its_ share of vulnerabilities, you know... But that's all theoretical: Tell us what you _have_ running (Sharing preference pane should tell you) and why.

There _are_ currently no known viruses for the Mac in the wild. No worms or spyware etc. either. But that doesn't mean that _theoretically_ some vulnerabilities exist and that _theoretically_, an attack to your computer could have been performed successfully. However: It's rather unlikely. So tell!

[symphonix]

Quote:

Originally Posted by mazzy

I'm not part of a network, but I have a network installed. I'm not a server, but I have a server installed. I try to find info on certain files on the web, but I get redirected. Nothing works like it's supposed to.

I'm desperate!

I'm not sure I understand that. If you're referring to the "Network" icon that comes up under "Computer" then that is normal and appears regardless of whether you are connected to a network or not. As for servers, what are you seeing that makes you think you "have a server installed". Mac OS X (not server) comes with several servers installed that can be switched on easily through the Sharing preference panel. And as for "certain files on the web" can you give us a bit more info?

[mazzy]

Machine Name: Mac mini
Machine Model: Macmini1,1
CPU Type: Intel Core Duo
Number Of Cores: 2
CPU Speed: 1.66 GHz
L2 Cache (shared): 2 MB
Memory: 512 MB
Bus Speed: 667 MHz
Boot ROM Version: MM11.004B.B00
Serial Number: YM609BV6U36
SMC Version: 1.3f2

I tried again to erase and install tonight, and my log is posted below. My first attempts to connect to the internet didn't work. My system wants to automatically connect to 169.254.216.201, which I believe is my local link. I've tried to download and install a couple of programs, but I get a warning that they won't mount because they aren't recognized.

As to why do I think I'm a server? Because when I was hacked on win XP, I became a game and music server. Some idiot kept changing my background picture on my desktop, leaving stupid messages like "catch me if you can", and changing my password. My computer even yelled at me..."Hey (name), Hey (name) from (city). Name and city were correct and that really scared me! I'm still paranoid, so with problems now on mac, I really wonder. Especially when airport won't stay closed.

My network includes Library and Servers. Servers includes cpe-(my ip address).gt.res.rr.com. This includes everything on my computer. I also have a tftp boot which includes everything on my computer, and a net boot. I'm really ignorant about mac and unix, but I've been burned too many times!
Thanks for your help!

-------------------------------------------------------------------------------------
Jun 11 02:09:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=0 LocalApicId=0 Enabled
Jun 11 02:09:01 localhost kernel[0]: AppleACPICPU: ProcessorApicId=1 LocalApicId=1 Enabled
Jun 11 02:09:01 localhost kernel[0]: Copyright (c) 1982, 1986, 1989, 1991, 1993
Jun 11 02:09:01 localhost kernel[0]: The Regents of the University of California. All rights reserved.
Jun 11 02:09:01 localhost kernel[0]: using 1262 buffer headers and 1262 cluster IO buffer headers
Jun 11 02:09:01 localhost kernel[0]: Enabling XMM register save/restore and SSE/SSE2 opcodes
Jun 11 02:09:01 localhost kernel[0]: IOAPIC: Version 0x20 Vectors 0:23
Jun 11 02:09:01 localhost kernel[0]: Started CPU 01
Jun 11 02:09:01 localhost kernel[0]: ACPI: System State [S0 S3 S4 S5] (S3)
Jun 11 02:09:01 localhost kernel[0]: Security auditing service present
Jun 11 02:09:01 localhost kernel[0]: BSM auditing present
Jun 11 02:09:01 localhost kernel[0]: disabled
Jun 11 02:09:01 localhost kernel[0]: rooting via boot-uuid from /chosen: F4CD6635-1D0E-475F-B513-53B3665C7906
Jun 11 02:09:01 localhost kernel[0]: Waiting on <dict ID="0"><key>IOProviderClass</key><string ID="1">IOResources</string><key>IOResourceMatch</key><string ID="2">boot-uuid-media</string></dict>
Jun 11 02:09:01 localhost kernel[0]: FireWire (OHCI) Lucent ID 5811 PCI now active, GUID 0016cbfffe586f76; max speed s400.
Jun 11 02:09:01 localhost kernel[0]: Got boot device = IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/SATA@1F,2/AppleAHCI/AppleAHCIPort@2/IOAHCIDevice@0/AppleAHCIDiskDriver/IOAHCIBlockStorageDevice/IOBlockStorageDriver/FUJITSU MHV2080BHPL Media/IOGUIDPartitionScheme/Apple_HFS_Untitled_1@2
Jun 11 02:09:01 localhost kernel[0]: BSD root: disk0s2, major 14, minor 2
Jun 11 02:09:01 localhost kernel[0]: CSRHIDTransitionDriver:robe:
Jun 11 02:09:01 localhost kernel[0]: CSRHIDTransitionDriver::start before command
Jun 11 02:09:01 localhost kernel[0]: CSRHIDTransitionDriver::stop
Jun 11 02:09:01 localhost kernel[0]: IOBluetoothHCIController::start Idle Timer Stopped
Jun 11 02:09:01 localhost kernel[0]: Jettisoning kernel linker.
Jun 11 02:09:01 localhost kernel[0]: Resetting IOCatalogue.
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Matching service count = 4
Jun 11 02:09:01 localhost kernel[0]: Previous Shutdown Cause: 3
Jun 11 02:09:01 localhost kernel[0]: mac 10.3 phy 6.1 radio 10.2
Jun 11 02:09:01 localhost kernel[0]: IPv6 packet filtering initialized, default to accept, logging disabled
Jun 11 02:09:01 localhost mDNSResponder-108 (Jan 14 2006 02: 59:21)[32]: starting
Jun 11 02:09:01 localhost memberd[39]: memberd starting up
Jun 11 02:09:01 localhost DirectoryService[44]: Launched version 2.1 (v353.1)
Jun 11 02:09:01 localhost lookupd[43]: lookupd (version 369.5) starting - Sun Jun 11 02:09:01 2006
Jun 11 02:09:02 localhost configd[36]: com.apple.SystemConfiguration.DynamicPowerStep load failed
Jun 11 02:09:02 localhost diskarbitrationd[38]: disk0s2 hfs B98C9278-3B51-3D3F-AC1B-35B6E725A9C2 Macintosh HD /
Jun 11 02:09:02 localhost kernel[0]: yukonosx: Ethernet address 00:16:cb:a2:a0:a9
Jun 11 02:09:02 localhost kernel[0]: AirPort_Athr5424: Ethernet address 00:16:cb:04:b6:3b
Jun 11 02:09:02 localhost lookupd[61]: lookupd (version 369.5) starting - Sun Jun 11 02:09:02 2006
Jun 11 02:09:02 roxys-computer kernel[0]: unable to start recv logic
Jun 11 02:09:02 roxys-computer kernel[0]: unable to start recv logic
Jun 11 02:09:02 roxys-computer kernel[0]: display: Not usable
Jun 11 02:09:02 roxys-computer configd[36]: setting hostname to "roxys-computer.local"
Jun 11 02:09:03 roxys-computer kernel[0]: [HCIController][setupHardware] AFH Is Supported
Jun 11 02:09:03 roxys-computer /System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow: Login Window Application Started
Jun 11 02:09:04 roxys-computer loginwindow[65]: Login Window Started Security Agent
Jun 11 02:09:05 roxys-computer mDNSResponder: Adding browse domain local.
Jun 11 02:09:07 roxys-computer kernel[0]: (46: SystemStarter)tfp: failed on 0:
Jun 11 02:09:07 roxys-computer kernel[0]: (46: SystemStarter)tfp: failed on 0:
Jun 11 02:09:50 roxys-computer kernel[0]: AppleYukon: error - 2 Pair Downshift detected
Jun 11 02:09:50 roxys-computer kernel[0]: AppleYukon - en0 link active, 100-Mbit, full duplex, symmetric flow control enabled
Jun 11 02:09:52 roxys-computer configd[36]: executing /System/Library/SystemConfiguration/Kicker.bundle/Contents/Resources/enable-network
Jun 11 02:09:52 roxys-computer configd[36]: posting notification com.apple.system.config.network_change
Jun 11 02:09:52 roxys-computer lookupd[141]: lookupd (version 369.5) starting - Sun Jun 11 02:09:52 2006
Jun 11 02:09:53 roxys-computer configd[36]: setting hostname to "cpe-67-10-116-128.gt.res.rr.com"
Jun 11 02:09:54 roxys-computer configd[36]: target=enable-network: disabled


mail.log:

Description: Fax notification email log
Size: 0 bytes
Last Modified: 6/11/06 12:15 AM
Location: /var/log/mail.log
Recent Contents:

access_log:

Description: Printer access log
Size: 3.22 KB
Last Modified: 6/11/06 2:39 AM
Location: /var/log/cups/access_log
Recent Contents: localhost - - [10/Jun/2006:22:15:47 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:47 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:47 -0700] "POST / HTTP/1.1" 200 75
localhost - - [10/Jun/2006:22:15:55 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:55 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:15:55 -0700] "POST / HTTP/1.1" 200 75
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 152
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 75
localhost - - [10/Jun/2006:22:16:05 -0700] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:00:32:17 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:32:17 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:32:17 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:00:48:07 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:48:42 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:51:34 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:51:50 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:52:13 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:52:47 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:53:00 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:54:13 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:00:54:24 -0500] "POST / HTTP/1.1" 200 183
localhost - - [11/Jun/2006:01:07:49 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:50 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:50 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:01:07:52 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:52 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:07:52 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:01:17:01 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:01 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:01 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:01:17:04 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:04 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:01:17:04 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:02:09:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:07 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:07 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:02:09:08 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:08 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:09:08 -0500] "POST / HTTP/1.1" 200 75
localhost - - [11/Jun/2006:02:38:46 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:38:46 -0500] "POST / HTTP/1.1" 200 152
localhost - - [11/Jun/2006:02:38:46 -0500] "POST / HTTP/1.1" 200 75


error_log:

Description: Printer error log
Size: 4.89 KB
Last Modified: 6/11/06 2:09 AM
Location: /var/log/cups/error_log
Recent Contents: I [10/Jun/2006:22:15:41 -0700] Listening to 7f000001:631
I [10/Jun/2006:22:15:41 -0700] Listening to b00f3000:0
I [10/Jun/2006:22:15:42 -0700] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [10/Jun/2006:22:15:42 -0700] Configured for up to 100 clients.
I [10/Jun/2006:22:15:42 -0700] Allowing up to 100 client connections per host.
I [10/Jun/2006:22:15:42 -0700] Full reload is required.
I [10/Jun/2006:22:15:42 -0700] Full reload complete.
I [10/Jun/2006:22:15:43 -0700] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [10/Jun/2006:22:15:46 -0700] Listening to 7f000001:631
I [10/Jun/2006:22:15:46 -0700] Listening to b00f3000:0
I [10/Jun/2006:22:15:46 -0700] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [10/Jun/2006:22:15:46 -0700] Configured for up to 100 clients.
I [10/Jun/2006:22:15:46 -0700] Allowing up to 100 client connections per host.
I [10/Jun/2006:22:15:46 -0700] Full reload is required.
I [10/Jun/2006:22:15:46 -0700] Full reload complete.
E [11/Jun/2006:00:48:07 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:48:42 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:51:34 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:51:50 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:52:13 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:52:47 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:53:00 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:54:13 -0500] get_printer_attrs: resource name '/printers/ ' no good!
E [11/Jun/2006:00:54:24 -0500] get_printer_attrs: resource name '/printers/ ' no good!
I [11/Jun/2006:01:06:22 -0500] Scheduler shutting down normally.
I [11/Jun/2006:01:07:44 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:07:44 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:07:44 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:07:44 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:07:44 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:07:44 -0500] Full reload is required.
I [11/Jun/2006:01:07:45 -0500] Full reload complete.
I [11/Jun/2006:01:07:45 -0500] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [11/Jun/2006:01:07:49 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:07:49 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:07:49 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:07:49 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:07:49 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:07:49 -0500] Full reload is required.
I [11/Jun/2006:01:07:49 -0500] Full reload complete.
I [11/Jun/2006:01:16:56 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:16:56 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:16:56 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:16:56 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:16:56 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:16:56 -0500] Full reload is required.
I [11/Jun/2006:01:16:56 -0500] Full reload complete.
I [11/Jun/2006:01:16:56 -0500] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [11/Jun/2006:01:17:01 -0500] Listening to 7f000001:631
I [11/Jun/2006:01:17:01 -0500] Listening to e00a3000:0
I [11/Jun/2006:01:17:01 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:01:17:01 -0500] Configured for up to 100 clients.
I [11/Jun/2006:01:17:01 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:01:17:01 -0500] Full reload is required.
I [11/Jun/2006:01:17:01 -0500] Full reload complete.
I [11/Jun/2006:02:07:58 -0500] Scheduler shutting down normally.
I [11/Jun/2006:02:09:07 -0500] Listening to 7f000001:631
I [11/Jun/2006:02:09:07 -0500] Listening to e00a3000:0
I [11/Jun/2006:02:09:07 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:02:09:07 -0500] Configured for up to 100 clients.
I [11/Jun/2006:02:09:07 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:02:09:07 -0500] Full reload is required.
I [11/Jun/2006:02:09:07 -0500] Full reload complete.
I [11/Jun/2006:02:09:07 -0500] Printer sharing is off and there are no jobs pending, will restart on demand. Exiting.
I [11/Jun/2006:02:09:07 -0500] Listening to 7f000001:631
I [11/Jun/2006:02:09:07 -0500] Listening to e00a3000:0
I [11/Jun/2006:02:09:07 -0500] Loaded configuration file "/private/etc/cups/cupsd.conf"
I [11/Jun/2006:02:09:07 -0500] Configured for up to 100 clients.
I [11/Jun/2006:02:09:07 -0500] Allowing up to 100 client connections per host.
I [11/Jun/2006:02:09:07 -0500] Full reload is required.
I [11/Jun/2006:02:09:07 -0500] Full reload complete.


install.log:

Description: Installer log
Size: 55.68 KB
Last Modified: 6/11/06 12:22 AM
Location: /var/log/install.log
Recent Contents: ...
Jun 10 22:22:47 localhost : postflight[244]:
Jun 10 22:22:47 localhost : Removing temporary directory "/private/tmp/AppleIntermediateCodec.pkg.199NZGt8k"
Jun 10 22:22:47 localhost : Finalize disk "Macintosh HD"
Jun 10 22:22:47 localhost : Notifying system of updated components
Jun 10 22:22:47 localhost : TOTAL: Packages report 13424 files, 13424 actual files written
Jun 10 22:22:48 localhost : Private/Total = (5.0MB, 64.9MB), Heap/Total = (2.1MB, 17.5MB), Regions(malloc, private) = (29, 36)
Jun 10 22:22:48 localhost : It took 327.399510 seconds to successfully install "Mac OS X" (3 pkg(s))
Jun 10 22:22:48 localhost : It took 1.026814 seconds to Configuring volume "Macintosh HD" (dm prepare*disk)
Jun 10 22:22:48 localhost : It took 2.298068 seconds to Install Apple Intermediate Codec: 20 elements
Jun 10 22:22:48 localhost : It took 2.296421 seconds to successfully Install package Apple Intermediate Codec
Jun 10 22:22:48 localhost : It took 0.463971 seconds to Build install plan (& redirected paths)
Jun 10 22:22:48 localhost : It took 0.034909 seconds to Evaluating versions of bundles
Jun 10 22:22:48 localhost : It took 1.408027 seconds to Assembling temporary receipt
Jun 10 22:22:48 localhost : It took 0.059582 seconds to Collect path info (ATS, Sec Equiv, Kext, Pref Panes)
Jun 10 22:22:48 localhost : It took 0.257772 seconds to Write files
Jun 10 22:22:48 localhost : It took 0.071128 seconds to Assembling receipt
Jun 10 22:22:48 localhost : It took 14.204110 seconds to Install iDVD: 22 elements
Jun 10 22:22:48 localhost : It took 14.202082 seconds to successfully Install package iDVD
Jun 10 22:22:48 localhost : It took 1.886113 seconds to Build install plan (& redirected paths)
Jun 10 22:22:48 localhost : It took 0.054874 seconds to Evaluating versions of bundles
Jun 10 22:22:48 localhost : It took 2.226758 seconds to Assembling temporary receipt
Jun 10 22:22:48 localhost : It took 0.220101 seconds to Collect path info (ATS, Sec Equiv, Kext, Pref Panes)
Jun 10 22:22:48 localhost : It took 8.483777 seconds to Write files
Jun 10 22:22:48 localhost : It took 1.018322 seconds to run postinstall script for iDVD
Jun 10 22:22:48 localhost : It took 0.310901 seconds to Assembling receipt
Jun 10 22:22:48 localhost : It took 308.208766 seconds to Install iDVD Themes: 20 elements
Jun 10 22:22:48 localhost : It took 308.206872 seconds to successfully Install package iDVD Themes
Jun 10 22:22:48 localhost : It took 2.040585 seconds to Build install plan (& redirected paths)
Jun 10 22:22:48 localhost : It took 0.167489 seconds to Evaluating versions of bundles
Jun 10 22:22:48 localhost : It took 2.189642 seconds to Assembling temporary receipt
Jun 10 22:22:48 localhost : It took 0.247062 seconds to Collect path info (ATS, Sec Equiv, Kext, Pref Panes)
Jun 10 22:22:48 localhost : It took 302.891012 seconds to Write files
Jun 10 22:22:48 localhost : It took 0.668531 seconds to Assembling receipt
Jun 10 22:22:48 localhost : It took 0.397642 seconds to run postflight script for Apple Intermediate Codec
Jun 10 22:22:48 localhost : It took 0.755461 seconds to run postflight script for iDVD
Jun 10 22:22:48 localhost : It took 0.483774 seconds to run postflight script for iDVD Themes
Jun 10 22:22:48 localhost : Jun 10 22:22:48 localhost : Summary Information
Jun 10 22:22:48 localhost : Type Elapsed time (sec)
Jun 10 22:22:48 localhost : patch 0.000122
Jun 10 22:22:48 localhost : zero 0.022996
Jun 10 22:22:48 localhost : script 2.655199
Jun 10 22:22:48 localhost : extract 311.632561
Jun 10 22:22:48 localhost : config 5.178835
Jun 10 22:22:48 localhost : receipt 6.874987
Jun 10 22:22:48 localhost : disk 1.029241
Jun 10 22:22:48 localhost : install 324.710944
Jun 10 22:22:48 localhost : Jun 10 22:22:48 localhost : Starting installation:
Jun 10 22:22:48 localhost : Finalizing installation.
Jun 10 22:22:48 localhost : Registering applications
Jun 10 22:22:48 localhost : Registered /Applications/iDVD.app.
Jun 10 22:22:48 localhost : Registered /Library/Documentation/Applications/iDVD/iDVD Getting Started.app.
Jun 10 22:22:48 localhost : Private/Total = (5.0MB, 65.4MB), Heap/Total = (2.1MB, 17.5MB), Regions(malloc, private) = (29, 37)
Jun 10 22:22:48 localhost : It took 0.136199 seconds to successfully End of Install Jobs
Jun 10 22:22:48 localhost : It took 0.109910 seconds to <IFAppRegisterElement: 0x3c81d0>
Jun 10 22:22:48 localhost : It took 0.023683 seconds to Send Install Completed notification "Finished install."
Jun 10 22:22:48 localhost : Jun 10 22:22:48 localhost : Summary Information
Jun 10 22:22:48 localhost : Type Elapsed time (sec)
Jun 10 22:22:48 localhost : AppRegister 0.109910
Jun 10 22:22:48 localhost : zero 0.026289
Jun 10 22:22:48 localhost :

[mazzy]

Maybe what I posted earlier provided useless information. Sorry!

I opened a file named BootX using text editor. I begins like this--

<CHRP-BOOT>
<COMPATIBLE>
MacRISC MacRISC3 MacRISC4
</COMPATIBLE>
<DESCRIPTION>
Boot Loader for Mac OS X.
</DESCRIPTION>
<OS-BADGE-ICONS>

It also included this--

Mac OS X Loader

[mazzy]

Ok, the entire text didn't upload. And it doesn't appear that I was able to edit it. If I'm making duplicate post, I'm so sorry. I'm having so many problems that I can barely stay connected to the net.

<CHRP-BOOT>
<COMPATIBLE>
MacRISC MacRISC3 MacRISC4
</COMPATIBLE>
<DESCRIPTION>
Boot Loader for Mac OS X.
</DESCRIPTION>
<OS-BADGE-ICONS>

It also included this--

</OS-BADGE-ICONS>
<BOOT-SCRIPT>
load-base
begin
dup 6 " &lt;/CHRP" $= if
6 + dup 6 " -BOOT&gt;" $= if
8 + true
else
false
then
else
1+ false
then
until
( xcoff-base )
load-size over load-base - -
( xcoff-base xcoff-size )
load-base swap move
init-program go
</BOOT-SCRIPT>
</CHRP-BOOT>

[Satcomer]

If you feel paranoid then use the OS X included firewall (System Preferences->Sharing and press the firewall start. Next CHANGE YOUR PASSWORD. Lastly create e new USER account and stop use the default Administrator account (this goes for Windows too).

Also turn of automatic login (System Preferences->Accounts->You account->Login Options). Oh, I almost forgot, activate password checking on your Screen Saver and NEVER use or activate the Root account.

Welcome to the first lesson in computer security. 101 more lessons to go.

[DeltaMac]

Why did you single out BootX (which is used by the system), among the thousands of other files on your system?
Satcomer is correct, and even with the firewall left off, if all your Sharing services are turned off, it's really unlikely that anyone could hack into your system, unless you allow it.
If you downloaded and tried to install a couple of programs, maybe they are .exe files and can't run on the Mac anyway. You cannot use any .exe files with Mac OS X.

If you are exposing yourself by using some of the on-line game sites, then that may be most of your problem. OS X, by default, is basically locked down. You can make the security even tighter if you wish, and you can also open up everything. It's your choice, and not something that could be done from a remote locationA gamer/hacker will not be able to enter your computer unless you choose to allow it. The security link that Satcomer posted is a great place to start.