-
All replies
-
Helpful answers
-
Sep 14, 2014 3:55 AM in response to ToeKnee310by OGELTHORPE,Try Sophos or Clamxav:
http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx
Though I suspect it will be a waste of time, do so id it will give you some peace of mind. Once you have finished scanning, delete them off your MBA.
Ciao.
-
Sep 14, 2014 7:11 AM in response to ToeKnee310by Linc Davis,1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can read it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' BEGIN{FS="= "} /Name/{print $2} ' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' '" L*/P*/*loginit*' 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,Inter,iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D23 14 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
______________________________________________________________
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.
-
May 7, 2015 6:02 PM in response to Linc Davisby pkrzfan,Start time: 18:51:18 05/07/15
Model Identifier: MacBookPro9,2
System Version: OS X 10.10 (14A389)
Kernel Version: Darwin 14.0.0
Time since boot: 22:39
System load
combined level = Bad
- battery level = Bad
Log
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
May 7 17:42:38 BUG in process suhelperd[172]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
May 7 17:53:15 process com.apple.WebKit[432] caught causing excessive wakeups. Observed wakeups rate (per sec): 171; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 76725
May 7 18:37:37 Over-release of kernel-internal importance assertions for pid 51 (launchservicesd), dropping 1 assertion(s) but task only has 0 remaining (0 external).
kexts
com.eltima.SyncMate.kext (0.2.5b15)
Daemons
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.eltima.async.rapiback
com.mackeeper.MacKeeper.plugin.AntiTheft.daemon
com.adobe.fpsaud
Agents
com.jdibackup.ZipCloud.backupstart
com.mackeeper.MacKeeper.service.clean
com.google.keystone.system.agent
com.mackeeper.MacKeeper.Helper
com.jdibackup.ZipCloud.autostart
com.jdibackup.ZipCloud.notify
com.Eltima.SyncMateServer
launchd
/System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist
- com.apple.installer.osmessagetracing
/Library/LaunchAgents/com.google.keystone.agent.plist
- com.google.keystone.system.agent
/Library/LaunchAgents/syncmateStarter.plist
- com.Eltima.SyncMateServer
/Library/LaunchDaemons/com.adobe.fpsaud.plist
- com.adobe.fpsaud
/Library/LaunchDaemons/com.google.keystone.daemon.plist
- com.google.keystone.daemon
/Library/LaunchDaemons/com.mackeeper.MacKeeper.plugin.AntiTheft.daemon.plist
- com.mackeeper.MacKeeper.plugin.AntiTheft.daemon
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
- com.microsoft.office.licensing.helper
/Library/LaunchDaemons/rapiback.plist
- com.eltima.async.rapiback
Library/LaunchAgents/com.apple.FolderActions.enabled.plist
- com.apple.FolderActions.enabled
Library/LaunchAgents/com.apple.FolderActions.folders.plist
- com.apple.FolderActions.folders
Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
- com.jdibackup.ZipCloud.autostart
Library/LaunchAgents/com.jdibackup.ZipCloud.backupstart.plist
- com.jdibackup.ZipCloud.backupstart
Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist
- com.jdibackup.ZipCloud.notify
Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist
- com.mackeeper.MacKeeper.Helper
Bundles
/System/Library/Extensions/EltimaAsync.kext
- com.eltima.SyncMate.kext
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/ssuddrv.kext
- com.devguru.driver.SamsungComposite
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.apple.java.JavaAppletPlugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/OSXFUSE.prefPane
- com.github.osxfuse.OSXFUSEPrefPane
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Caches/com.apple.Safari/Extensions/flashmall.safariextension
- com.app67619
Library/Caches/com.apple.Safari/Extensions/GoldenBoy.safariextension
- com.gold.safari
Library/Internet Plug-Ins/doubleTwistWebPlugin.bundle
- com.doubleTwist.webPlugin
Library/Services/Add To Backup Selection.workflow
- N/A
Library/Services/Instant Backup.workflow
- N/A
Library/Services/Remove From Backup Selection.workflow
- N/A
Library/Services/View Previous Versions.workflow
- N/A
Contents of /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.installer.osmessagetracing</string>
<key>LaunchOnlyOnce</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMes sageTracer</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>WatchPaths</key>
<array>
<string>/var/db/.AppleDiagnosticsSetupDone</string>
</array>
</dict>
</plist>
Firewall: On
Proxies
ProxyAutoConfigEnable : 1
ProxyAutoConfigURLString : http://wpad/wpad.dat
ProxyAutoDiscoveryEnable : 1
Listeners
launchd: afpovertcp
launchd: afpovertcp
launchd: ssh
launchd: ssh
kdc: kerberos
cupsd: ipp
User login items
iTunesHelper
KiesAgent
fuspredownloader
Safari extensions
FlashMall
GoldenBoy
Restricted files: 41
Elapsed time (s): 218
-
May 8, 2015 3:49 AM in response to ToeKnee310by thomas_r.,ToeKnee310 wrote:
I download alot of music (not from stupid or untrusted sites) and torrents (mostly movies and music and software)
Those are two very contradictory statements. If you are downloading movies, music and software from torrents, you are engaging in illegal - and VERY risky - behavior. When you engage in software piracy and theft of commercial media, you expose yourself to adware and malware in a way that no anti-virus software can protect you from. As long as you continue to engage in this behavior, you will not be safe. Installing anti-virus software in hopes that it will continue to allow you to behave this way is the worst possible thing you could do.
Incidentally, you either already have been infected with adware or have chosen to install some very bad software, as your system has both MacKeeper and ZipCloud installed. Both are junk that should never be installed, and that are often installed by adware installers.
-
Aug 19, 2015 11:57 PM in response to Linc Davisby mknorris,Start time: 01:46:31 08/20/15
Model Identifier: MacBookAir6,2
System Version: OS X 10.10.5 (14F27)
Kernel Version: Darwin 14.5.0
Time since boot: 1 day23:40
FileVault: On
Diagnostic reports
2015-07-26 CalendarAgent crash
2015-08-07 Kernel panic
2015-08-19 AddressBookSourceSync crash
Log
Aug 20 01:39:39 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Swap (MiB): 4957
Activity
CPU: user 13%, system 30%
CPU per process: launchd (UID 0) is using 101.2 %
Mach ports: appleeventsd (UID 55) is using 108369 ports
kexts
com.symantec.kext.internetSecurity (5.2.1f2)
com.symantec.kext.ndcengine (1.0f2)
com.symantec.kext.ips (3.5.1f2)
com.symantec.kext.SymAPComm (100.1f2)
Daemons
com.oracle.java.JavaUpdateHelper
com.freemacsoft.appcleanerd
com.symantec.liveupdate.daemon
com.cleverfiles.cfbackd
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.oracle.java.Helper-Tool
com.symantec.symdaemon
com.symantec.sharedsettings
com.adobe.fpsaud
org.macosforge.xquartz.privileged_startx
com.symantec.liveupdate.daemon.ondemand
Agents
com.symantec.uiagent.application
uk.co.markallan.clamxav.freshclam
com.adobe.AdobeCreativeCloud
com.google.keystone.system.agent
org.macosforge.xquartz.startx
com.coupons.coupond
com.github.GitHub.ShipIt
com.oracle.java.Java-Updater
com.apple.metadata.SpotlightNetHelper
com.apple.FolderActions.folders
com.citrixonline.GoToMeeting.G2MUpdate
com.spotify.webhelper
com.huawei.HWPortCfg.plist
com.apple.FolderActions.enabled
com.adobe.PDApp.AAMUpdatesNotifier.66204.UUID
launchd
/System/Library/LaunchAgents/com.apple.metadata.SpotlightNetHelper.plist
- com.apple.metadata.SpotlightNetHelper
/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
- com.adobe.AAM.Startup-1.0
/Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist
- com.adobe.AdobeCreativeCloud
/Library/LaunchAgents/com.coupons.coupond.plist
- com.coupons.coupond
/Library/LaunchAgents/com.google.keystone.agent.plist
- com.google.keystone.system.agent
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- com.oracle.java.Java-Updater
/Library/LaunchAgents/com.symantec.uiagent.application.plist
- com.symantec.uiagent.application
/Library/LaunchAgents/HWPortCfg.plist
- com.huawei.HWPortCfg.plist
/Library/LaunchAgents/org.macosforge.xquartz.startx.plist
- org.macosforge.xquartz.startx
/Library/LaunchDaemons/com.adobe.fpsaud.plist
- com.adobe.fpsaud
/Library/LaunchDaemons/com.cleverfiles.cfbackd.plist
- com.cleverfiles.cfbackd
/Library/LaunchDaemons/com.freemacsoft.appcleanerd.plist
- com.freemacsoft.appcleanerd
/Library/LaunchDaemons/com.google.keystone.daemon.plist
- com.google.keystone.daemon
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
- com.microsoft.office.licensing.helper
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
- com.oracle.java.Helper-Tool
/Library/LaunchDaemons/com.oracle.java.JavaUpdateHelper.plist
- com.oracle.java.JavaUpdateHelper
/Library/LaunchDaemons/com.symantec.liveupdate.daemon.ondemand.plist
- com.symantec.liveupdate.daemon.ondemand
/Library/LaunchDaemons/com.symantec.liveupdate.daemon.plist
- com.symantec.liveupdate.daemon
/Library/LaunchDaemons/com.symantec.sep.migratesettings.plist
- com.symantec.sep.migratesettings
/Library/LaunchDaemons/com.symantec.sharedsettings.plist
- com.symantec.sharedsettings
/Library/LaunchDaemons/com.symantec.symdaemon.plist
- com.symantec.symdaemon
/Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist
- org.macosforge.xquartz.privileged_startx
Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
- com.adobe.AAM.Scheduler-1.0
Library/LaunchAgents/com.apple.FolderActions.enabled.plist
- com.apple.FolderActions.enabled
Library/LaunchAgents/com.apple.FolderActions.folders.plist
- com.apple.FolderActions.folders
Library/LaunchAgents/com.citrixonline.GoToMeeting.G2MUpdate.plist
- com.citrixonline.GoToMeeting.G2MUpdate
Library/LaunchAgents/com.spotify.webhelper.plist
- com.spotify.webhelper
Library/LaunchAgents/uk.co.markallan.clamxav.freshclam.plist
- uk.co.markallan.clamxav.freshclam
Startup items
/Library/StartupItems/HWNetMgr/HWNetCfg
/Library/StartupItems/HWNetMgr/HWNetMgr
/Library/StartupItems/HWNetMgr/StartupParameters.plist
/Library/StartupItems/HWPortDetect/HWPortCfg
/Library/StartupItems/ProTec6b/DemoOver
/Library/StartupItems/ProTec6b/Nalpeirond6b
/Library/StartupItems/ProTec6b/ProTec6b
/Library/StartupItems/ProTec6b/StartupParameters.plist
/Library/StartupItems/StartOuc/MacOS/RunOuc
/Library/StartupItems/StartOuc/StartOuc
/Library/StartupItems/StartOuc/StartupParameters.plist
Bundles
/System/Library/Extensions/HuaweiDataCardDriver.kext
- com.huawei.driver.HuaweiDataCardDriver
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/USBExpressCardCantWake_Huawei.kext
- com.apple.dts.driver.USBExpressCardCantWake
/Library/Extensions/ndcengine.kext
- com.symantec.kext.ndcengine
/Library/Extensions/SymInternetSecurity.kext
- com.symantec.kext.internetSecurity
/Library/Extensions/SymIPS.kext
- com.symantec.kext.ips
/Library/Internet Plug-Ins/AdobeAAMDetect.plugin
- com.AdobeAAMDetectLib.AdobeAAMDetect
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/PreferencePanes/SymantecQuickMenu.prefPane
- com.symantec.quickmenu.prefpane
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Caches/com.apple.Safari/Extensions/Boomerang for Gmail.safariextension
- com.Baydin.b4gsafari
Library/Caches/com.apple.Safari/Extensions/Evernote Web Clipper-2.safariextension
- com.evernote.safari.clipper
Library/Caches/com.apple.Safari/Extensions/Pin It Button.safariextension
- com.pinterest.extension
Library/Caches/com.apple.Safari/Extensions/Pushbullet.safariextension
- com.pushbullet.safari
Library/Internet Plug-Ins/thinkorswim plugin_x86_64.plugin
- com.thinkorswimLoaderPluginLib.thinkorswim_x86_64
Library/Internet Plug-Ins/tossc plugin_x86_64.plugin
- N/A
Library/Services/ENService.app
- com.ThomsonResearchSoft.EndNote.ENService
Library/Spotlight/EndNote.mdimporter
- com.ThomsonResearchSoft.EndNote
dylibs
/usr/lib/libsymsea.1.1.0.dylib
Apps
/Applications/Dropbox.app
Contents of /etc/liveupdate.conf
hosts/0/url=http://liveupdate.symantec.com:80
workdir=/tmp
Contents of /etc/ssh_config (ASCII English text, with very long lines)
Host *
SendEnv LANG LC_*
Host *
XAuthLocation /opt/X11/bin/xauth
Contents of /System/Library/LaunchAgents/com.apple.ReportGPURestart.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.apple.ReportGPURestart</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Report GPURestart</string>
</array>
<key>KeepAlive</key>
<false/>
</dict>
</plist>
Contents of /System/Library/LaunchAgents/com.apple.locationmenu.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ProcessType</key>
<string>App</string>
<key>RunAtLoad</key>
<false/>
<key>LaunchEvents</key>
<dict>
<key>com.apple.locationmenu</key>
<dict>
<key>something</key>
<dict/>
</dict>
</dict>
<key>Label</key>
<string>com.apple.locationmenu</string>
<key>Program</key>
<string>/System/Library/CoreServices/LocationMenu.app/Contents/MacOS/LocationMe nu</string>
</dict>
</plist>
Contents of /System/Library/LaunchAgents/com.apple.metadata.SpotlightNetHelper.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.metadata.SpotlightNetHelper</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/PrivateFrameworks/ParsecUI.framework/Versions/A/Support /SpotlightNetHelper.app/Contents/MacOS/SpotlightNetHelper</string>
</array>
<key>MachServices</key>
<dict>
<key>com.apple.metadata.SpotlightNetHelper</key>
<true/>
</dict>
<key>CFBundleIdentifier</key>
<string>com.apple.Spotlight</string>
<key>POSIXSpawnType</key>
<string>Adaptive</string>
<key>KeepAlive</key>
<dict>
<key>AfterInitialDemand</key>
<true/>
<key>SuccessfulExit</key>
<false/>
...and 5 more line(s)
Contents of /System/Library/LaunchAgents/com.apple.sharingd.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.sharingd</string>
<key>POSIXSpawnType</key>
<string>Adaptive</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>MachServices</key>
<dict>
<key>com.apple.sharingd.nsxpc</key>
<true/>
<key>com.apple.sharingd</key>
<true/>
</dict>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>Program</key>
<string>/usr/libexec/sharingd</string>
<key>EnableTransactions</key>
<true/>
...and 4 more line(s)
Contents of /System/Library/LaunchAgents/com.apple.storelegacy.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.storelegacy</string>
<key>MachServices</key>
<dict>
<key>com.apple.storeagent-xpc</key>
<true/>
<key>com.apple.storeagent.storekit.receiptrenewal</key>
<true/>
</dict>
<key>Program</key>
<string>/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Reso urces/storelegacy</string>
<key>EnableTransactions</key>
<true/>
<key>LimitLoadToSessionType</key>
<array>
<string>LoginWindow</string>
<string>Aqua</string>
</array>
<key>POSIXSpawnType</key>
<string>_AdaptiveUtility</string>
<key>ExitTimeOut</key>
...and 3 more line(s)
Contents of /System/Library/LaunchDaemons/com.apple.systemstats.daily.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnablePressuredExit</key>
<false/>
<key>Label</key>
<string>com.apple.systemstats.daily</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/systemstats</string>
<string>--daily</string>
</array>
<key>POSIXSpawnType</key>
<string>Background</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>0</integer>
<key>Minute</key>
<integer>15</integer>
</dict>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/com.apple.systemstatsd.plist (Apple binary property list)
bplist00÷ WProgram^POSIXSpawnType\MachServices\LaunchEvents_ EnablePressuredExitULabel_ /usr/libexec/systemstatsdXAdaptive—
_ com.apple.systemstatsd —
_ com.apple.telemetry— _ Telemetry Notification– _ com.apple.systemstatsd ,9F\b~á䣧ßΩ¿Ÿ⁄€
Contents of /System/Library/LaunchDaemons/com.apple.thermald.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.thermald</string>
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/thermald</string>
</array>
<key>PosixSpawnType</key>
<string>Interactive</string>
<key>EnableTransactions</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>MachServices</key>
<dict>
<key>com.apple.DuetHeuristic-thermald</key>
<true/>
<key>com.apple.thermald</key>
<true/>
</dict>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/com.apple.xsandaily.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.xsandaily</string>
<key>Disabled</key>
<true/>
<key>ExitTimeOut</key>
<integer>240</integer>
<key>Program</key>
<string>/System/Library/Filesystems/acfs.fs/Contents/bin/xsandaily</string>
<key>ProgramArguments</key>
<array>
<string>xsandaily</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>0</integer>
<key>Minute</key>
<integer>0</integer>
</dict>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Firewall: On
User login items
iTunesHelper.app
Dropbox.app
Google Chrome.app
AppCleaner Helper.app
Safari extensions
Boomerang for Gmail
Evernote Web Clipper
Pin It Button
Pushbullet
Restricted files: 3424
Elapsed time (s): 340
-
Jan 3, 2016 2:04 PM in response to Linc Davisby webwarrior40,Start time: 13:46:20 01/03/16
Model Identifier: MacBookPro8,1
System Version: OS X 10.11.2 (15C50)
Kernel Version: Darwin 15.2.0
System Integrity Protection: Enabled
Time since boot: 31 minutes
USB
Expansion Desk (Seagate LLC)
FileVault: On
Diagnostic reports
2015-12-10 Message+ crash x2
2015-12-11 Message+ crash x3
2015-12-12 Message+ crash x2
2015-12-15 Message+ crash
2015-12-18 Message+ crash x2
2015-12-19 Message+ crash x2
2015-12-21 Message+ crash
2015-12-22 Message+ crash
2015-12-23 Message+ crash*
2015-12-26 Message+ crash
2015-12-27 Message+ crash
2015-12-29 Calendar crash
2015-12-29 MF Toolbox crash*
2015-12-29 Message+ crash
* Code injection
Log
Jan 1 09:34:40 jnl: b(1, 4): examining extra transactions starting @ 16469504 / 0xfb4e00
Jan 1 09:34:40 jnl: b(1, 4): Extra txn replay stopped @ 16613376 / 0xfd8000
Jan 1 09:34:40 jnl: b(1, 4): journal replay done.
Jan 1 10:12:19 wl0: Roamed or switched channel, reason #8, bssid 60
Jan 1 10:12:19 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Jan 1 10:13:37 wl0: Roamed or switched channel, reason #8, bssid 60
Jan 1 10:38:15 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Jan 1 16:12:58 process ScreenSaverEngin[1195] caught causing excessive wakeups. Observed wakeups rate (per sec): 239; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45007
Jan 1 17:18:52 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Jan 2 09:43:48 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Jan 2 10:49:55 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Jan 2 10:50:04 process NativeWebSecurit[1124] caught causing excessive wakeups. Observed wakeups rate (per sec): 263; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 53668
Jan 2 11:37:31 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Jan 3 12:06:51 PM notification timeout (pid 51, powerd)
Jan 3 12:31:02 process distnoted[263] caught causing excessive wakeups. Observed wakeups rate (per sec): 229; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 65343
Jan 3 12:35:19 process NativeWebSecurit[2466] caught causing excessive wakeups. Observed wakeups rate (per sec): 666; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45276
Jan 3 12:55:58 process mds[59] caught causing excessive wakeups. Observed wakeups rate (per sec): 249; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 192373
Jan 3 13:15:46 AssertMacros: tmpData (value: 0x0), file: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-83.20.2/AppleCredentialManager/AppleCredentialManager.cpp, line: 765
Jan 3 13:15:46 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0x2693d5e4df26f7f3, provider is 0x2693d5e4df29ecf3
Jan 3 13:15:46 jnl: b(1, 4): replay_journal: from: 11286016 to: 18236928 (joffset 0xe8e000)
Jan 3 13:15:46 jnl: b(1, 4): journal replay done.
Jan 3 13:20:24 wl0: Roamed or switched channel, reason #8, bssid 60
Jan 3 13:20:24 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Jan 3 13:29:39 process backupd[436] thread 6365 caught burning CPU! It used more than 50% CPU (Actual recent usage: 52%) over 180 seconds. thread lifetime cpu usage 182.994428 seconds, (70.174066 user, 112.820362 system) ledger info: balance: 90002231387 credit: 182855731320 debit: 92853499933 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 171635961690
Jan 3 13:43:05 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1
Daemons
com.adobe.ARMDC.Communicator
com.google.keystone.daemon
com.oracle.java.Helper-Tool
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
Agents
com.google.GoogleContactSyncAgent
com.adobe.ARM.UUID
com.google.keystone.system.agent
com.ATI.Launcher
com.ATI.LaunchProcessor
com.adobe.ARMDCHelper.UUID
jp.co.canon.ScanGearMF.appl.Canon-MF-Scan-Agent
com.oracle.java.Java-Updater
com.ATI.LaunchAgent
com.spotify.webhelper
com.divx.update.agent
jp.co.canon.ScanGearMF.appl.Canon-MFSU-Agent
com.divx.dms.agent
launchd
/System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist
- com.apple.installer.osmessagetracing
/Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist
- com.adobe.ARMDCHelper.UUID
/Library/LaunchAgents/com.ATI.LaunchAgent.plist
- com.ATI.LaunchAgent
/Library/LaunchAgents/com.ATI.Launcher.plist
- com.ATI.Launcher
/Library/LaunchAgents/com.ATI.LaunchProcessor.plist
- com.ATI.LaunchProcessor
/Library/LaunchAgents/com.divx.dms.agent.plist
- com.divx.dms.agent
/Library/LaunchAgents/com.divx.update.agent.plist
- com.divx.update.agent
/Library/LaunchAgents/com.google.keystone.agent.plist
- com.google.keystone.system.agent
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- com.oracle.java.Java-Updater
/Library/LaunchAgents/jp.co.canon.ScanGearMF.appl.Canon-MF-Scan-Agent.plist
- jp.co.canon.ScanGearMF.appl.Canon-MF-Scan-Agent
/Library/LaunchAgents/jp.co.canon.ScanGearMF.appl.Canon-MFSU-Agent.plist
- jp.co.canon.ScanGearMF.appl.Canon-MFSU-Agent
/Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist
- com.adobe.ARMDC.Communicator
/Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist
- com.adobe.ARMDC.SMJobBlessHelper
/Library/LaunchDaemons/com.adobe.fpsaud.plist
- com.adobe.fpsaud
/Library/LaunchDaemons/com.google.keystone.daemon.plist
- com.google.keystone.daemon
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
- com.oracle.java.Helper-Tool
Library/LaunchAgents/com.adobe.ARM.UUID.plist
- com.adobe.ARM.UUID
Library/LaunchAgents/com.google.GoogleContactSyncAgent.plist
- com.google.GoogleContactSyncAgent
Library/LaunchAgents/com.spotify.webhelper.plist
- com.spotify.webhelper
Bundles
/System/Library/Extensions/hp_fax_io.kext
- com.hp.kext.hp-fax-io
/System/Library/Extensions/hp_Inkjet7_io_enabler.kext
- com.hp.print.hpio.inkjet7.kext
/System/Library/Extensions/hp_Officejet_io_enabler.kext
- com.hp.print.hpio.Officejet.kext
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Extensions/CanonCUPSFAXUSBClassDriver.kext
- com.canon.cups.fax.print.kext.usbprintclass
/Library/Extensions/hp_io_enabler_compound.kext
- com.hp.kext.io.enabler.compound
/Library/Extensions/hp_io_printerclassdriver_enabler.kext
- com.hp.hpio.hp-io-printerclassdriver-enabler
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/DivX Web Player.plugin
- com.divx.DivXWebPlayer
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/OVSHelper.plugin
- com.divx.OVSHelper
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/WebSecurity.plugin
- com.ATI.WebSecurity
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/QuickTime/DivX Decoder.component
- com.DivXInc.DivXDecoder
/Library/QuickTime/DivX Decoder.component/Contents/Resources
- com.DivXInc.DivXDecoder
/Library/QuickTime/DivX Encoder.component
- com.DivXInc.DivXCodec
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Caches/com.apple.Safari/Extensions/ .safariextension
- com.ati.Security
Library/Caches/com.apple.Safari/Extensions/eBay Shopping Assistant-2.safariextension
- com.spigot.safari.ebayshopassist
Library/Caches/com.apple.Safari/Extensions/Facebook Cleaner.safariextension
- com.sonstermedia.facebookclean
Library/Caches/com.apple.Safari/Extensions/Facebook Photo Zoom-2.safariextension
- com.regisgaughan.fbphotozoom
Library/Caches/com.apple.Safari/Extensions/searchExt-1.safariextension
- com.conduit.safari
Library/Caches/com.apple.Safari/Extensions/Searchme-2.safariextension
- com.spigot.safari.searchme
Library/Caches/com.apple.Safari/Extensions/Slick Savings.safariextension
- com.spigot.safari.slicksavings
Library/Caches/com.apple.Safari/Extensions/WiseStamp-1.safariextension
- com.wisestamp.extension
Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
- com.conduit.ConduitNPAPIPlugin
Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
Library/PreferencePanes/Perian.prefPane
- org.perian.PerianPane
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /etc/hosts
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Contents of /etc/pf.conf
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/rshd
auth required pam_permit.so
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/screensaver
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
Safari extensions
Conduit Search for Safari
Facebook Cleaner
Facebook Photo Zoom
Searchme
Slick Savings
WiseStamp
eBay Shopping Assistant
Restricted files: 211
Elapsed time (s): 273
-
Aug 12, 2016 2:32 AM in response to ToeKnee310by apmoroney,Start time: 19:23:26 08/12/16
Model Identifier: iMac10,1
System Version: OS X 10.11.4 (15E65)
Kernel Version: Darwin 15.4.0
System Integrity Protection: Enabled
Time since boot: 2 days 22:29
SATA
ST31000528ASQ
USB
OM (Elan Microelectronics Corportation)
Diagnostic reports
2016-08-05 installer crash x6
Log
Aug 5 21:53:56 Can't load kext org.virtualbox.kext.VBoxUSB - failed to resolve library dependencies.
Aug 5 21:53:56 Kext org.virtualbox.kext.VBoxUSB failed to load (0xdc00800e).
Aug 5 21:53:56 Failed to load kext org.virtualbox.kext.VBoxUSB (error 0xdc00800e).
Aug 5 21:53:56 AssertMacros: tmpData (value: 0x0), file: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-83.40.3/AppleCredentialManager/AppleCredentialManager.cpp, line: 785
Aug 5 21:53:56 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0x81e6ade9bd3eeeab, provider is 0x81e6ade95de950ab
Aug 5 21:53:56 init: error getting PHY_MODE; using MODE_UNKNOWN
Aug 6 02:45:55 011445.348147 PRT5@26500000: AppleUSBHostPort::disconnect: persistent enumeration failures
Aug 7 02:00:11 process AAM Updates Noti[68233] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Aug 9 20:54:35 Can't load kext org.virtualbox.kext.VBoxUSB - failed to resolve library dependencies.
Aug 9 20:54:35 Kext org.virtualbox.kext.VBoxUSB failed to load (0xdc00800e).
Aug 9 20:54:35 Failed to load kext org.virtualbox.kext.VBoxUSB (error 0xdc00800e).
Aug 9 20:54:35 AssertMacros: tmpData (value: 0x0), file: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-83.40.3/AppleCredentialManager/AppleCredentialManager.cpp, line: 785
Aug 9 20:54:35 Sleep failure code 0x00004000 0x27006c00
Aug 9 20:54:35 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0x44488973c2f90109, provider is 0x4448897363d70909
Aug 9 20:54:35 jnl: b(1, 2): replay_journal: from: 48455680 to: 55157248 (joffset 0x1721c000)
Aug 9 20:54:35 init: error getting PHY_MODE; using MODE_UNKNOWN
Aug 9 20:54:35 jnl: b(1, 2): journal replay done.
Aug 10 00:59:22 010684.554902 PRT5@26500000: AppleUSBHostPort::disconnect: persistent enumeration failures
Aug 12 19:21:27 process AAM Updates Noti[50879] caught causing excessive wakeups. Observed wakeups rate (per sec): 2954; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45092
Swap (MiB): 1135
Daemons
com.adobe.SwitchBoard
Agents
com.adobe.CS4ServiceManager
com.veoh.webplayer.startup
com.akamai.client.plist
com.adobe.CS5ServiceManager
com.macpaw.CleanMyMac.helperTool
com.adobe.PDApp.AAMUpdatesNotifier.85472.UUID
launchd
/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
- com.adobe.AAM.Startup-1.0
/Library/LaunchAgents/com.adobe.CS4ServiceManager.plist
- com.adobe.CS4ServiceManager
/Library/LaunchAgents/com.adobe.CS5ServiceManager.plist
- com.adobe.CS5ServiceManager
/Library/LaunchDaemons/com.adobe.SwitchBoard.plist
- com.adobe.SwitchBoard
Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
- com.adobe.AAM.Scheduler-1.0
Library/LaunchAgents/com.akamai.client.plist
- com.akamai.client.plist
Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist
- com.macpaw.CleanMyMac.helperTool
Library/LaunchAgents/com.veoh.webplayer.startup.plist
- com.veoh.webplayer.startup
Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist
- org.virtualbox.vboxwebsvc
Startup items
/Library/StartupItems/VirtualBox/StartupParameters.plist
/Library/StartupItems/VirtualBox/VirtualBox
Bundles
/System/Library/Extensions/EyeTVAfaTechHidBlock.kext
- com.elgato.driver.DontMatchAfaTech
/System/Library/Extensions/EyeTVCinergy450AudioBlock.kext
- com.elgato.driver.DontMatchCinergy450
/System/Library/Extensions/EyeTVCinergyXSAudioBlock.kext
- com.elgato.driver.DontMatchCinergyXS
/System/Library/Extensions/EyeTVEmpiaAudioBlock.kext
- com.elgato.driver.DontMatchEmpia
/System/Library/Extensions/EyeTVVoyagerAudioBlock.kext
- com.elgato.driver.DontMatchVoyager
/System/Library/Extensions/hp_designjet_series.kext
- com.hp.print.hpio.Designjet.kext
/System/Library/Extensions/hp_Deskjet_io_enabler.kext
- com.hp.print.hpio.Deskjet.kext
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
- com.hp.print.hpio.Inkjet1.kext
/System/Library/Extensions/hp_Inkjet3_io_enabler.kext
- com.hp.print.hpio.Inkjet3.kext
/System/Library/Extensions/hp_Inkjet4_io_enabler.kext
- com.hp.print.hpio.Inkjet4.kext
/System/Library/Extensions/hp_Inkjet5_io_enabler.kext
- com.hp.print.hpio.Inkjet5.kext
/System/Library/Extensions/hp_Inkjet8_io_enabler.kext
- com.hp.print.hpio.inkjet8.kext
/System/Library/Extensions/hp_Inkjet_io_enabler.kext
- com.hp.print.hpio.Inkjet.kext
/System/Library/Extensions/hp_Laserjet_io_enabler.kext
- com.hp.print.hpio.Laserjet.kext
/System/Library/Extensions/hp_Officejet_io_enabler.kext
- com.hp.print.hpio.Officejet.kext
/System/Library/Extensions/hp_Photosmart_io_enabler.kext
- com.hp.print.hpio.Photosmart.kext
/System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext
- com.hp.print.hpio.PhotosmartPro.kext
/System/Library/Extensions/hp_qc_io_enabler.kext
- com.hp.hpio.hp_psa530_630_io_enabler
/System/Library/Extensions/LexmarkUSBMerge.kext
- com.lexmark.print.usbmerge
/System/Library/Extensions/Soundflower.kext
- com.Cycling74.driver.Soundflower
/Library/Audio/Plug-Ins/Components/A52Codec.component
- com.shepmater.A52Codec
/Library/Extensions/VBoxDrv.kext
- org.virtualbox.kext.VBoxDrv
/Library/Extensions/VBoxNetAdp.kext
- org.virtualbox.kext.VBoxNetAdp
/Library/Extensions/VBoxNetFlt.kext
- org.virtualbox.kext.VBoxNetFlt
/Library/Extensions/VBoxUSB.kext
- org.virtualbox.kext.VBoxUSB
/Library/Internet Plug-Ins/DivXBrowserPlugin.plugin
- com.divx.DivXBrowserPlugin
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
- net.telestream.wmv.plugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.apple.java.JavaAppletPlugin
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/OVSHelper.plugin
- com.divx.OVSHelper
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/PreferencePanes/DivX.prefPane
- com.divx.divxprefs
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Flip4Mac WMV.prefPane
- net.telestream.wmv.prefpane
/Library/PreferencePanes/Growl.prefPane
- com.growl.prefpanel
/Library/PreferencePanes/Perian.prefPane
- org.perian.PerianPane
/Library/QuickTime/AC3MovieImport.component
- com.cod3r.ac3movieimport
/Library/QuickTime/EyeTV MPEG Support.component
- com.elgato.mpegsupport
/Library/QuickTime/Perian.component
- org.perian.Perian
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
/Library/Widgets/CI Filter Browser.wdgt
- com.apple.CIFilterBrowser
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/iTunes/iTunes Plug-ins/TuneUp/TuneUp Visualizer.bundle
- N/A
dylibs
/usr/lib/libgutenprint.2.0.3.dylib
Contents of /etc/hosts
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
...and 9 more line(s)
Contents of /etc/pf.conf
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/rshd
auth required pam_permit.so
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/screensaver
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
Font issues: 34
Widgets
iCal
Restricted files: 107
Elapsed time (s): 242
-
Aug 13, 2016 7:29 AM in response to apmoroneyby etresoft,Hello apmoroney,
This thread is over two years old. Please start your own thread for your question. Do NOT run any more random scripts you find on the Internet. You have no idea what they are going to do. In this case the script you ran exposed your piracy of several hundred dollars worth of Adobe software.
-
Aug 17, 2016 6:29 AM in response to Linc Davisby sportsstef,Start time: 08:46:14 08/17/16
Model Identifier: MacBookPro9,2
System Version: OS X 10.10.5 (14F1909)
Kernel Version: Darwin 14.5.0
Time since boot: 2 days 14:24
Battery
Condition: Service Battery
FileVault: On
Diagnostic reports
2016-08-15 MacKeeper Helper crash x19
2016-08-15 MyShopMate crash x6
Log
Aug 11 14:24:06 PM notification timeout (pid 50, powerd)
Aug 11 14:28:54 Sound assertion in AppleHDAFunctionGroup at line 1058
Aug 14 12:49:27 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 14 15:47:07 process Support-LogMeInR[40819] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Aug 14 18:13:18 SIOCPROTODETACH_IN6: utun0 error=6
Aug 14 18:13:26 SIOCPROTODETACH_IN6: utun0 error=6
Aug 14 18:23:23 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 14 18:23:24 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 14 18:23:26 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Aug 14 18:26:38 process Microsoft Word[422] caught causing excessive wakeups. Observed wakeups rate (per sec): 295; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45006
Aug 15 10:24:13 SIOCPROTODETACH_IN6: utun0 error=6
Aug 16 16:29:54 ALF: ifnet_get_address_list_family error 12
Aug 16 16:30:04 ip4_output (ipsec): error code 22
Aug 16 18:56:18 ip4_output (ipsec): error code 22
Aug 16 19:55:01 ALF: ifnet_get_address_list_family error 12
Aug 16 19:59:28 SIOCPROTODETACH_IN6: utun0 error=6
Aug 16 21:00:01 SIOCPROTODETACH_IN6: utun0 error=6
Aug 17 08:23:12 ALF: ifnet_get_address_list_family error 12
Aug 17 08:29:27 ALF: ifnet_get_address_list_family error 12
kexts
com.avast.PacketForwarder (2.1)
com.avast.AvastFileShield (3.0.0)
com.avg.Antivirus.OnAccess.kext (2015.0)
Daemons
com.avast.secureline.update
com.avast.uninstall
com.avast.daemon
com.adobe.ARMDC.Communicator
com.avast.update
com.avast.secureline.uninstall
com.avast.proxy
com.microsoft.office.licensing.helper
com.MyShopMate.agent
com.avg.Antivirus
com.oracle.java.Helper-Tool
com.avast.service
com.avast.fileshield
com.avast.account
com.Software-Updater.agent
com.avg.Antivirus.crashpad
com.mackeeper.MacKeeper.plugin.AntiTheft.daemon
com.avg.Antivirus.infosd
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
com.avast.secureline.service
com.avast.secureline.init
com.avast.secureline.burger
com.avast.init
Agents
6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper
com.avast.home.userinit
com.avast.userinit
com.avast.helper
com.avast.secureline.userinit
com.avast.secureline.home.userinit
com.mackeeper.MacKeeper.Helper
com.avg.Antivirus
com.jdibackup.ZipCloud.autostart
com.adobe.ARMDCHelper.UUID
com.oracle.java.Java-Updater
com.avast.update-agent
com.spotify.webhelper
com.jdibackup.ZipCloud.notify
com.google.keystone.user.agent
com.avast.secureline.update-agent
com.pcv.hlpramc
launchd
/System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist
- com.apple.installer.osmessagetracing
/Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist
- com.adobe.ARMDCHelper.UUID
/Library/LaunchAgents/com.avast.secureline.update-agent.plist
- com.avast.secureline.update-agent
/Library/LaunchAgents/com.avast.secureline.userinit.plist
- com.avast.secureline.userinit
/Library/LaunchAgents/com.avast.update-agent.plist
- com.avast.update-agent
/Library/LaunchAgents/com.avast.userinit.plist
- com.avast.userinit
/Library/LaunchAgents/com.avg.Antivirus.gui.plist
- com.avg.Antivirus
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- com.oracle.java.Java-Updater
/Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist
- com.adobe.ARMDC.Communicator
/Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist
- com.adobe.ARMDC.SMJobBlessHelper
/Library/LaunchDaemons/com.adobe.fpsaud.plist
- com.adobe.fpsaud
/Library/LaunchDaemons/com.avast.init.plist
- com.avast.init
/Library/LaunchDaemons/com.avast.secureline.init.plist
- com.avast.secureline.init
/Library/LaunchDaemons/com.avast.secureline.uninstall.plist
- com.avast.secureline.uninstall
/Library/LaunchDaemons/com.avast.secureline.update.plist
- com.avast.secureline.update
/Library/LaunchDaemons/com.avast.uninstall.plist
- com.avast.uninstall
/Library/LaunchDaemons/com.avast.update.plist
- com.avast.update
/Library/LaunchDaemons/com.avg.Antivirus.crashpad.plist
- com.avg.Antivirus.crashpad
/Library/LaunchDaemons/com.avg.Antivirus.infosd.plist
- com.avg.Antivirus.infosd
/Library/LaunchDaemons/com.avg.Antivirus.services.plist
- com.avg.Antivirus
/Library/LaunchDaemons/com.mackeeper.MacKeeper.plugin.AntiTheft.daemon.plist
- com.mackeeper.MacKeeper.plugin.AntiTheft.daemon
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
- com.microsoft.office.licensing.helper
/Library/LaunchDaemons/com.MyShopMate.agent.plist
- com.MyShopMate.agent
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
- com.oracle.java.Helper-Tool
/Library/LaunchDaemons/com.Software-Updater.agent.plist
- com.Software-Updater.agent
Library/LaunchAgents/com.avast.home.userinit.plist
- com.avast.home.userinit
Library/LaunchAgents/com.avast.secureline.home.userinit.plist
- com.avast.secureline.home.userinit
Library/LaunchAgents/com.google.keystone.agent.plist
- com.google.keystone.user.agent
Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
- com.jdibackup.ZipCloud.autostart
Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist
- com.jdibackup.ZipCloud.notify
Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist
- com.mackeeper.MacKeeper.Helper
Library/LaunchAgents/com.pcv.hlpramc.plist
- com.pcv.hlpramc
Library/LaunchAgents/com.spotify.webhelper.plist
- com.spotify.webhelper
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/CouponPrinter-FireFox_v2.plugin
- com.coupons.plugin.mozilla-plugin
/Library/Internet Plug-Ins/CouponPrinter-Safari.webplugin
- BUNDLE_ID
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Caches/com.apple.Safari/Extensions/Listchack.safariextz
- com.listchack.safari
Library/Caches/com.apple.Safari/Extensions/Save to Pocket.safariextension
- com.ideashower.pocket.safari
Library/Caches/com.apple.Safari/Extensions/xsearch.safariextension
- com.xsearch.safariext
Library/Internet Plug-Ins/npBcsMcTcIO.plugin
- org.mozilla.basicPlugin
Apps
/Applications/Dropbox.app
Contents of /etc/sysctl.conf
kern.sysv.shmall=65536
kern.sysv.shmmax=268435456
kern.sysv.shmmni=64
kern.sysv.shmseg=64
Contents of /System/Library/LaunchAgents/com.apple.SafariPlugInUpdateNotifier.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnablePressuredExit</key>
<true/>
<key>Label</key>
<string>com.apple.SafariPlugInUpdateNotifier</string>
<key>Program</key>
<string>/usr/libexec/SafariPlugInUpdateNotifier</string>
<key>LaunchEvents</key>
<dict>
<key>com.apple.fsevents.matching</key>
<dict>
<key>UserFlashPlugInModified</key>
<dict>
<key>Path</key>
<string>~/Library/Internet Plug-Ins/Flash Player.plugin</string>
</dict>
<key>SystemFlashPlugInModified</key>
<dict>
<key>Path</key>
<string>/Library/Internet Plug-Ins/Flash Player.plugin</string>
</dict>
</dict>
...and 3 more line(s)
Contents of /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.installer.osmessagetracing</string>
<key>LaunchOnlyOnce</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMes sageTracer</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>WatchPaths</key>
<array>
<string>/var/db/.AppleDiagnosticsSetupDone</string>
</array>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Profiles: 1
Firewall: On
DNS: 77.234.40.79 (static)
Safari extensions
Listchack
Save to Pocket
XSearch
Restricted files: 88
Elapsed time (s): 610
What does this mean now?
-
Aug 17, 2016 8:14 AM in response to sportsstefby Eric Root,You might want to consider starting a new discussion. Since this one is a couple of years old, less people are likely to look at it. A new post would be much more visible. You can link to this one. In the new post, please provide details of the problem(s) you are having.
MacKeeper – Do Not Install (2) See SDW2001’s post
Uninstall Avast. Its tends to interfere with the computer's operation while providing minimal to no benefit.