ToeKnee310

Q: how can i scan my mac for virus's

just to be on the safe side i want to know if their is a safe way i can scan my mac for a virus? from my personal experience anti virus's do more harm than good  Suggestion? SOLUTIONS?

 

<Edited by Host>

MacBook Air, OS X Mavericks (10.9.2), Sound Change

Posted on Aug 13, 2016 1:41 AM

Close

Q: how can i scan my mac for virus's

  • All replies
  • Helpful answers

  • by OGELTHORPE,

    OGELTHORPE OGELTHORPE Sep 14, 2014 3:55 AM in response to ToeKnee310
    Level 9 (52,101 points)
    Mac OS X
    Sep 14, 2014 3:55 AM in response to ToeKnee310

    Try Sophos or Clamxav:

     

    http://www.sophos.com/en-us/products/free-tools/sophos-antivirus-for-mac-home-ed ition.aspx

     

    http://www.clamxav.com

     

    Though I suspect it will be a waste of time, do so id it will give you some peace of mind.  Once you have finished scanning, delete them off your MBA.

     

    Ciao.

  • by Linc Davis,

    Linc Davis Linc Davis Sep 14, 2014 7:11 AM in response to ToeKnee310
    Level 10 (207,926 points)
    Applications
    Sep 14, 2014 7:11 AM in response to ToeKnee310

    1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

    Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.

    2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

    There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

    3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can read it yourself without disclosing the contents to me or anyone else.

    You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.

    In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.

    You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.

    Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.

    4. Here's a summary of what you need to do, if you choose to proceed:

    ☞ Copy a line of text in this window to the Clipboard.

    ☞ Paste into the window of another application.

    ☞ Wait for the test to run. It usually takes a few minutes.

    ☞ Paste the results, which will have been copied automatically, back into a reply on this page.

    The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.

    5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

    6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

    7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.

    Triple-click anywhere in the line of text below on this page to select it:

    PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */   /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' BEGIN{FS="= "} /Name/{print $2} ' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' '" L*/P*/*loginit*' 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,Inter,iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D23 14 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    8. Launch the built-in Terminal application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

    Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.

    9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter

    exec bash

    and press return. Then paste the script again.

    10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return  three times at the password prompt. Again, the script will still run.

    If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

    11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line

    [Process completed]

    to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.

    12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

    At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.

    If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

    13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.

    14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.

    ______________________________________________________________

    Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

  • by pkrzfan,

    pkrzfan pkrzfan May 7, 2015 6:02 PM in response to Linc Davis
    Level 1 (0 points)
    May 7, 2015 6:02 PM in response to Linc Davis

    Start time: 18:51:18 05/07/15

     

     

    Model Identifier: MacBookPro9,2

    System Version: OS X 10.10 (14A389)

    Kernel Version: Darwin 14.0.0

    Time since boot: 22:39

     

     

    System load

     

     

       combined level = Bad

       - battery level = Bad

     

     

    Log

     

     

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  6 20:12:52 BUG in process suhelperd[172]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)

       May  7 17:42:38 BUG in process suhelperd[172]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)

       May  7 17:53:15 process com.apple.WebKit[432] caught causing excessive wakeups. Observed wakeups rate (per sec): 171; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 76725

       May  7 18:37:37 Over-release of kernel-internal importance assertions for pid 51 (launchservicesd), dropping 1 assertion(s) but task only has 0 remaining (0 external).

     

     

    kexts

     

     

       com.eltima.SyncMate.kext (0.2.5b15)

     

     

    Daemons

     

     

       com.microsoft.office.licensing.helper

       com.google.keystone.daemon

       com.eltima.async.rapiback

       com.mackeeper.MacKeeper.plugin.AntiTheft.daemon

       com.adobe.fpsaud

     

     

    Agents

     

     

       com.jdibackup.ZipCloud.backupstart

       com.mackeeper.MacKeeper.service.clean

       com.google.keystone.system.agent

       com.mackeeper.MacKeeper.Helper

       com.jdibackup.ZipCloud.autostart

       com.jdibackup.ZipCloud.notify

       com.Eltima.SyncMateServer

     

     

    launchd

     

     

       /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist

       - com.apple.installer.osmessagetracing

       /Library/LaunchAgents/com.google.keystone.agent.plist

       - com.google.keystone.system.agent

       /Library/LaunchAgents/syncmateStarter.plist

       - com.Eltima.SyncMateServer

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

       - com.adobe.fpsaud

       /Library/LaunchDaemons/com.google.keystone.daemon.plist

       - com.google.keystone.daemon

       /Library/LaunchDaemons/com.mackeeper.MacKeeper.plugin.AntiTheft.daemon.plist

       - com.mackeeper.MacKeeper.plugin.AntiTheft.daemon

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

       - com.microsoft.office.licensing.helper

       /Library/LaunchDaemons/rapiback.plist

       - com.eltima.async.rapiback

       Library/LaunchAgents/com.apple.FolderActions.enabled.plist

       - com.apple.FolderActions.enabled

       Library/LaunchAgents/com.apple.FolderActions.folders.plist

       - com.apple.FolderActions.folders

       Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

       - com.jdibackup.ZipCloud.autostart

       Library/LaunchAgents/com.jdibackup.ZipCloud.backupstart.plist

       - com.jdibackup.ZipCloud.backupstart

       Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

       - com.jdibackup.ZipCloud.notify

       Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist

       - com.mackeeper.MacKeeper.Helper

     

     

    Bundles

     

     

       /System/Library/Extensions/EltimaAsync.kext

       - com.eltima.SyncMate.kext

       /System/Library/Extensions/JMicronATA.kext

       - com.jmicron.JMicronATA

       /System/Library/Extensions/ssuddrv.kext

       - com.devguru.driver.SamsungComposite

       /Library/Internet Plug-Ins/Flash Player.plugin

       - N/A

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

       - com.apple.java.JavaAppletPlugin

       /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

       - com.microsoft.sharepoint.browserplugin

       /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

       - com.microsoft.sharepoint.webkitplugin

       /Library/Internet Plug-Ins/Silverlight.plugin

       - com.microsoft.SilverlightPlugin

       /Library/PreferencePanes/Flash Player.prefPane

       - com.adobe.flashplayerpreferences

       /Library/PreferencePanes/OSXFUSE.prefPane

       - com.github.osxfuse.OSXFUSEPrefPane

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

       - com.skype.skypeabdialer

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

       - com.skype.skypeabsms

       Library/Caches/com.apple.Safari/Extensions/flashmall.safariextension

       - com.app67619

       Library/Caches/com.apple.Safari/Extensions/GoldenBoy.safariextension

       - com.gold.safari

       Library/Internet Plug-Ins/doubleTwistWebPlugin.bundle

       - com.doubleTwist.webPlugin

       Library/Services/Add To Backup Selection.workflow

       - N/A

       Library/Services/Instant Backup.workflow

       - N/A

       Library/Services/Remove From Backup Selection.workflow

       - N/A

       Library/Services/View Previous Versions.workflow

       - N/A

     

     

    Contents of /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Label</key>

        <string>com.apple.installer.osmessagetracing</string>

        <key>LaunchOnlyOnce</key>

        <true/>

        <key>ProgramArguments</key>

        <array>

        <string>/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMes sageTracer</string>

        </array>

        <key>UserName</key>

        <string>root</string>

        <key>GroupName</key>

        <string>wheel</string>

        <key>WatchPaths</key>

        <array>

        <string>/var/db/.AppleDiagnosticsSetupDone</string>

        </array>

       </dict>

       </plist>

     

     

    Firewall: On

     

     

    Proxies

     

     

       ProxyAutoConfigEnable : 1

       ProxyAutoConfigURLString : http://wpad/wpad.dat

       ProxyAutoDiscoveryEnable : 1

     

     

    Listeners

     

     

       launchd: afpovertcp

       launchd: afpovertcp

       launchd: ssh

       launchd: ssh

       kdc: kerberos

       cupsd: ipp

     

     

    User login items

     

     

       iTunesHelper

       KiesAgent

       fuspredownloader

     

     

    Safari extensions

     

     

       FlashMall

       GoldenBoy

     

     

    Restricted files: 41

     

     

    Elapsed time (s): 218

  • by thomas_r.,

    thomas_r. thomas_r. May 8, 2015 3:49 AM in response to ToeKnee310
    Level 7 (30,889 points)
    Mac OS X
    May 8, 2015 3:49 AM in response to ToeKnee310

    ToeKnee310 wrote:

     

    I download alot of music (not from stupid or untrusted sites) and torrents (mostly movies and music and software)

     

    Those are two very contradictory statements. If you are downloading movies, music and software from torrents, you are engaging in illegal - and VERY risky - behavior. When you engage in software piracy and theft of commercial media, you expose yourself to adware and malware in a way that no anti-virus software can protect you from. As long as you continue to engage in this behavior, you will not be safe. Installing anti-virus software in hopes that it will continue to allow you to behave this way is the worst possible thing you could do.

     

    Incidentally, you either already have been infected with adware or have chosen to install some very bad software, as your system has both MacKeeper and ZipCloud installed. Both are junk that should never be installed, and that are often installed by adware installers.

  • by mknorris,

    mknorris mknorris Aug 19, 2015 11:57 PM in response to Linc Davis
    Level 1 (0 points)
    Aug 19, 2015 11:57 PM in response to Linc Davis

    Start time: 01:46:31 08/20/15

     

     

    Model Identifier: MacBookAir6,2

    System Version: OS X 10.10.5 (14F27)

    Kernel Version: Darwin 14.5.0

    Time since boot: 1 day23:40

     

     

    FileVault: On

     

     

    Diagnostic reports

     

     

       2015-07-26 CalendarAgent crash

       2015-08-07 Kernel panic

       2015-08-19 AddressBookSourceSync crash

     

     

    Log

     

     

       Aug 20 01:39:39 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:11 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:13 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:17 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 20 01:40:19 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

     

     

    Swap (MiB): 4957

     

     

    Activity

     

     

       CPU: user 13%, system 30%

     

     

    CPU per process: launchd (UID 0) is using 101.2  %

     

     

    Mach ports: appleeventsd (UID 55) is using 108369 ports

     

     

    kexts

     

     

       com.symantec.kext.internetSecurity (5.2.1f2)

       com.symantec.kext.ndcengine (1.0f2)

       com.symantec.kext.ips (3.5.1f2)

       com.symantec.kext.SymAPComm (100.1f2)

     

     

    Daemons

     

     

       com.oracle.java.JavaUpdateHelper

       com.freemacsoft.appcleanerd

       com.symantec.liveupdate.daemon

       com.cleverfiles.cfbackd

       com.microsoft.office.licensing.helper

       com.google.keystone.daemon

       com.oracle.java.Helper-Tool

       com.symantec.symdaemon

       com.symantec.sharedsettings

       com.adobe.fpsaud

       org.macosforge.xquartz.privileged_startx

       com.symantec.liveupdate.daemon.ondemand

     

     

    Agents

     

     

       com.symantec.uiagent.application

       uk.co.markallan.clamxav.freshclam

       com.adobe.AdobeCreativeCloud

       com.google.keystone.system.agent

       org.macosforge.xquartz.startx

       com.coupons.coupond

       com.github.GitHub.ShipIt

       com.oracle.java.Java-Updater

       com.apple.metadata.SpotlightNetHelper

       com.apple.FolderActions.folders

       com.citrixonline.GoToMeeting.G2MUpdate

       com.spotify.webhelper

       com.huawei.HWPortCfg.plist

       com.apple.FolderActions.enabled

       com.adobe.PDApp.AAMUpdatesNotifier.66204.UUID

     

     

    launchd

     

     

       /System/Library/LaunchAgents/com.apple.metadata.SpotlightNetHelper.plist

       - com.apple.metadata.SpotlightNetHelper

       /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

       - com.adobe.AAM.Startup-1.0

       /Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist

       - com.adobe.AdobeCreativeCloud

       /Library/LaunchAgents/com.coupons.coupond.plist

       - com.coupons.coupond

       /Library/LaunchAgents/com.google.keystone.agent.plist

       - com.google.keystone.system.agent

       /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

       - com.oracle.java.Java-Updater

       /Library/LaunchAgents/com.symantec.uiagent.application.plist

       - com.symantec.uiagent.application

       /Library/LaunchAgents/HWPortCfg.plist

       - com.huawei.HWPortCfg.plist

       /Library/LaunchAgents/org.macosforge.xquartz.startx.plist

       - org.macosforge.xquartz.startx

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

       - com.adobe.fpsaud

       /Library/LaunchDaemons/com.cleverfiles.cfbackd.plist

       - com.cleverfiles.cfbackd

       /Library/LaunchDaemons/com.freemacsoft.appcleanerd.plist

       - com.freemacsoft.appcleanerd

       /Library/LaunchDaemons/com.google.keystone.daemon.plist

       - com.google.keystone.daemon

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

       - com.microsoft.office.licensing.helper

       /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

       - com.oracle.java.Helper-Tool

       /Library/LaunchDaemons/com.oracle.java.JavaUpdateHelper.plist

       - com.oracle.java.JavaUpdateHelper

       /Library/LaunchDaemons/com.symantec.liveupdate.daemon.ondemand.plist

       - com.symantec.liveupdate.daemon.ondemand

       /Library/LaunchDaemons/com.symantec.liveupdate.daemon.plist

       - com.symantec.liveupdate.daemon

       /Library/LaunchDaemons/com.symantec.sep.migratesettings.plist

       - com.symantec.sep.migratesettings

       /Library/LaunchDaemons/com.symantec.sharedsettings.plist

       - com.symantec.sharedsettings

       /Library/LaunchDaemons/com.symantec.symdaemon.plist

       - com.symantec.symdaemon

       /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist

       - org.macosforge.xquartz.privileged_startx

       Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

       - com.adobe.AAM.Scheduler-1.0

       Library/LaunchAgents/com.apple.FolderActions.enabled.plist

       - com.apple.FolderActions.enabled

       Library/LaunchAgents/com.apple.FolderActions.folders.plist

       - com.apple.FolderActions.folders

       Library/LaunchAgents/com.citrixonline.GoToMeeting.G2MUpdate.plist

       - com.citrixonline.GoToMeeting.G2MUpdate

       Library/LaunchAgents/com.spotify.webhelper.plist

       - com.spotify.webhelper

       Library/LaunchAgents/uk.co.markallan.clamxav.freshclam.plist

       - uk.co.markallan.clamxav.freshclam

     

     

    Startup items

     

     

       /Library/StartupItems/HWNetMgr/HWNetCfg

       /Library/StartupItems/HWNetMgr/HWNetMgr

       /Library/StartupItems/HWNetMgr/StartupParameters.plist

       /Library/StartupItems/HWPortDetect/HWPortCfg

       /Library/StartupItems/ProTec6b/DemoOver

       /Library/StartupItems/ProTec6b/Nalpeirond6b

       /Library/StartupItems/ProTec6b/ProTec6b

       /Library/StartupItems/ProTec6b/StartupParameters.plist

       /Library/StartupItems/StartOuc/MacOS/RunOuc

       /Library/StartupItems/StartOuc/StartOuc

       /Library/StartupItems/StartOuc/StartupParameters.plist

     

     

    Bundles

     

     

       /System/Library/Extensions/HuaweiDataCardDriver.kext

       - com.huawei.driver.HuaweiDataCardDriver

       /System/Library/Extensions/JMicronATA.kext

       - com.jmicron.JMicronATA

       /System/Library/Extensions/USBExpressCardCantWake_Huawei.kext

       - com.apple.dts.driver.USBExpressCardCantWake

       /Library/Extensions/ndcengine.kext

       - com.symantec.kext.ndcengine

       /Library/Extensions/SymInternetSecurity.kext

       - com.symantec.kext.internetSecurity

       /Library/Extensions/SymIPS.kext

       - com.symantec.kext.ips

       /Library/Internet Plug-Ins/AdobeAAMDetect.plugin

       - com.AdobeAAMDetectLib.AdobeAAMDetect

       /Library/Internet Plug-Ins/Flash Player.plugin

       - N/A

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

       - com.oracle.java.JavaAppletPlugin

       /Library/Internet Plug-Ins/Silverlight.plugin

       - com.microsoft.SilverlightPlugin

       /Library/PreferencePanes/Flash Player.prefPane

       - com.adobe.flashplayerpreferences

       /Library/PreferencePanes/JavaControlPanel.prefPane

       - com.oracle.java.JavaControlPanel

       /Library/PreferencePanes/SymantecQuickMenu.prefPane

       - com.symantec.quickmenu.prefpane

       /Library/ScriptingAdditions/Adobe Unit Types.osax

       - N/A

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

       - com.skype.skypeabdialer

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

       - com.skype.skypeabsms

       Library/Caches/com.apple.Safari/Extensions/Boomerang for Gmail.safariextension

       - com.Baydin.b4gsafari

       Library/Caches/com.apple.Safari/Extensions/Evernote Web Clipper-2.safariextension

       - com.evernote.safari.clipper

       Library/Caches/com.apple.Safari/Extensions/Pin It Button.safariextension

       - com.pinterest.extension

       Library/Caches/com.apple.Safari/Extensions/Pushbullet.safariextension

       - com.pushbullet.safari

       Library/Internet Plug-Ins/thinkorswim plugin_x86_64.plugin

       - com.thinkorswimLoaderPluginLib.thinkorswim_x86_64

       Library/Internet Plug-Ins/tossc plugin_x86_64.plugin

       - N/A

       Library/Services/ENService.app

       - com.ThomsonResearchSoft.EndNote.ENService

       Library/Spotlight/EndNote.mdimporter

       - com.ThomsonResearchSoft.EndNote

     

     

    dylibs

     

     

       /usr/lib/libsymsea.1.1.0.dylib

     

     

    Apps

     

     

       /Applications/Dropbox.app

     

     

    Contents of /etc/liveupdate.conf

     

     

       hosts/0/url=http://liveupdate.symantec.com:80

       workdir=/tmp

     

     

    Contents of /etc/ssh_config (ASCII English text, with very long lines)

     

     

        Host *

          SendEnv LANG LC_*

       Host *

           XAuthLocation /opt/X11/bin/xauth

     

     

    Contents of /System/Library/LaunchAgents/com.apple.ReportGPURestart.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Disabled</key>

        <true/>

        <key>Label</key>

        <string>com.apple.ReportGPURestart</string>

        <key>ProgramArguments</key>

        <array>

        <string>/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/Report GPURestart</string>

        </array>

        <key>KeepAlive</key>

        <false/>

       </dict>

       </plist>

     

     

    Contents of /System/Library/LaunchAgents/com.apple.locationmenu.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>ProcessType</key>

        <string>App</string>

        <key>RunAtLoad</key>

        <false/>

        <key>LaunchEvents</key>

        <dict>

        <key>com.apple.locationmenu</key>

        <dict>

        <key>something</key>

        <dict/>

        </dict>

        </dict>

        <key>Label</key>

        <string>com.apple.locationmenu</string>

        <key>Program</key>

        <string>/System/Library/CoreServices/LocationMenu.app/Contents/MacOS/LocationMe nu</string>

       </dict>

       </plist>

     

     

    Contents of /System/Library/LaunchAgents/com.apple.metadata.SpotlightNetHelper.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Label</key>

        <string>com.apple.metadata.SpotlightNetHelper</string>

        <key>ProgramArguments</key>

        <array>

        <string>/System/Library/PrivateFrameworks/ParsecUI.framework/Versions/A/Support /SpotlightNetHelper.app/Contents/MacOS/SpotlightNetHelper</string>

        </array>

        <key>MachServices</key>

        <dict>

        <key>com.apple.metadata.SpotlightNetHelper</key>

        <true/>

        </dict>

        <key>CFBundleIdentifier</key>

        <string>com.apple.Spotlight</string>

        <key>POSIXSpawnType</key>

        <string>Adaptive</string>

        <key>KeepAlive</key>

        <dict>

        <key>AfterInitialDemand</key>

        <true/>

        <key>SuccessfulExit</key>

        <false/>

     

     

       ...and 5 more line(s)

     

     

    Contents of /System/Library/LaunchAgents/com.apple.sharingd.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Label</key>

        <string>com.apple.sharingd</string>

        <key>POSIXSpawnType</key>

        <string>Adaptive</string>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>MachServices</key>

        <dict>

        <key>com.apple.sharingd.nsxpc</key>

        <true/>

        <key>com.apple.sharingd</key>

        <true/>

        </dict>

        <key>RunAtLoad</key>

        <true/>

        <key>KeepAlive</key>

        <true/>

        <key>Program</key>

        <string>/usr/libexec/sharingd</string>

        <key>EnableTransactions</key>

        <true/>

     

     

       ...and 4 more line(s)

     

     

    Contents of /System/Library/LaunchAgents/com.apple.storelegacy.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Label</key>

        <string>com.apple.storelegacy</string>

        <key>MachServices</key>

        <dict>

        <key>com.apple.storeagent-xpc</key>

        <true/>

        <key>com.apple.storeagent.storekit.receiptrenewal</key>

        <true/>

        </dict>

        <key>Program</key>

        <string>/System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Reso urces/storelegacy</string>

        <key>EnableTransactions</key>

        <true/>

        <key>LimitLoadToSessionType</key>

        <array>

        <string>LoginWindow</string>

        <string>Aqua</string>

        </array>

        <key>POSIXSpawnType</key>

        <string>_AdaptiveUtility</string>

        <key>ExitTimeOut</key>

     

     

       ...and 3 more line(s)

     

     

    Contents of /System/Library/LaunchDaemons/com.apple.systemstats.daily.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>EnablePressuredExit</key>

        <false/>

        <key>Label</key>

        <string>com.apple.systemstats.daily</string>

        <key>ProgramArguments</key>

        <array>

        <string>/usr/sbin/systemstats</string>

        <string>--daily</string>

        </array>

        <key>POSIXSpawnType</key>

        <string>Background</string>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

        <integer>0</integer>

        <key>Minute</key>

        <integer>15</integer>

        </dict>

       </dict>

       </plist>

     

     

    Contents of /System/Library/LaunchDaemons/com.apple.systemstatsd.plist (Apple binary property list)

     

     

       bplist00÷            WProgram^POSIXSpawnType\MachServices\LaunchEvents_  EnablePressuredExitULabel_  /usr/libexec/systemstatsdXAdaptive—

        _  com.apple.systemstatsd —

    _  com.apple.telemetry—  _  Telemetry Notification– _  com.apple.systemstatsd   ,9F\b~á䣧ßΩ¿Ÿ⁄€

     

     

    Contents of /System/Library/LaunchDaemons/com.apple.thermald.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Label</key>

        <string>com.apple.thermald</string>

        <key>ProgramArguments</key>

        <array>

        <string>/usr/libexec/thermald</string>

        </array>

        <key>PosixSpawnType</key>

        <string>Interactive</string>

        <key>EnableTransactions</key>

        <true/>

        <key>RunAtLoad</key>

        <true/>

               <key>MachServices</key>

               <dict>

                   <key>com.apple.DuetHeuristic-thermald</key>

                   <true/>

           <key>com.apple.thermald</key>

                   <true/>

               </dict>

       </dict>

       </plist>

     

     

    Contents of /System/Library/LaunchDaemons/com.apple.xsandaily.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Label</key>

        <string>com.apple.xsandaily</string>

        <key>Disabled</key>

        <true/>

        <key>ExitTimeOut</key>

        <integer>240</integer>

        <key>Program</key>

        <string>/System/Library/Filesystems/acfs.fs/Contents/bin/xsandaily</string>

        <key>ProgramArguments</key>

        <array>

        <string>xsandaily</string>

        </array>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

        <integer>0</integer>

        <key>Minute</key>

        <integer>0</integer>

        </dict>

       </dict>

       </plist>

     

     

    Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Disabled</key>

        <true/>

        <key>Label</key>

        <string>org.apache.httpd</string>

        <key>EnvironmentVariables</key>

        <dict>

        <key>XPC_SERVICES_UNAVAILABLE</key>

        <string>1</string>

        </dict>

        <key>ProgramArguments</key>

        <array>

        <string>/usr/sbin/httpd-wrapper</string>

        <string>-D</string>

        <string>FOREGROUND</string>

        </array>

        <key>OnDemand</key>

        <false/>

       </dict>

       </plist>

     

     

    Firewall: On

     

     

    User login items

     

     

       iTunesHelper.app

       Dropbox.app

       Google Chrome.app

       AppCleaner Helper.app

     

     

    Safari extensions

     

     

       Boomerang for Gmail

       Evernote Web Clipper

       Pin It Button

       Pushbullet

     

     

    Restricted files: 3424

     

     

    Elapsed time (s): 340

  • by webwarrior40,

    webwarrior40 webwarrior40 Jan 3, 2016 2:04 PM in response to Linc Davis
    Level 1 (0 points)
    Jan 3, 2016 2:04 PM in response to Linc Davis

    Start time: 13:46:20 01/03/16

     

     

    Model Identifier: MacBookPro8,1

    System Version: OS X 10.11.2 (15C50)

    Kernel Version: Darwin 15.2.0

    System Integrity Protection: Enabled

    Time since boot: 31 minutes

     

     

    USB

     

     

       Expansion Desk (Seagate LLC)

     

     

    FileVault: On

     

     

    Diagnostic reports

     

     

       2015-12-10 Message+ crash x2

       2015-12-11 Message+ crash x3

       2015-12-12 Message+ crash x2

       2015-12-15 Message+ crash

       2015-12-18 Message+ crash x2

       2015-12-19 Message+ crash x2

       2015-12-21 Message+ crash

       2015-12-22 Message+ crash

       2015-12-23 Message+ crash*

       2015-12-26 Message+ crash

       2015-12-27 Message+ crash

       2015-12-29 Calendar crash

       2015-12-29 MF Toolbox crash*

       2015-12-29 Message+ crash

        * Code injection

     

     

    Log

     

     

       Jan  1 09:34:40 jnl: b(1, 4): examining extra transactions starting @ 16469504 / 0xfb4e00

       Jan  1 09:34:40 jnl: b(1, 4): Extra txn replay stopped @ 16613376 / 0xfd8000

       Jan  1 09:34:40 jnl: b(1, 4): journal replay done.

       Jan  1 10:12:19 wl0: Roamed or switched channel, reason #8, bssid 60

       Jan  1 10:12:19 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

       Jan  1 10:13:37 wl0: Roamed or switched channel, reason #8, bssid 60

       Jan  1 10:38:15 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

       Jan  1 16:12:58 process ScreenSaverEngin[1195] caught causing excessive wakeups. Observed wakeups rate (per sec): 239; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45007

       Jan  1 17:18:52 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

       Jan  2 09:43:48 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

       Jan  2 10:49:55 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

       Jan  2 10:50:04 process NativeWebSecurit[1124] caught causing excessive wakeups. Observed wakeups rate (per sec): 263; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 53668

       Jan  2 11:37:31 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

       Jan  3 12:06:51 PM notification timeout (pid 51, powerd)

       Jan  3 12:31:02 process distnoted[263] caught causing excessive wakeups. Observed wakeups rate (per sec): 229; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 65343

       Jan  3 12:35:19 process NativeWebSecurit[2466] caught causing excessive wakeups. Observed wakeups rate (per sec): 666; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45276

       Jan  3 12:55:58 process mds[59] caught causing excessive wakeups. Observed wakeups rate (per sec): 249; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 192373

       Jan  3 13:15:46 AssertMacros: tmpData (value: 0x0),  file: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-83.20.2/AppleCredentialManager/AppleCredentialManager.cpp, line: 765

       Jan  3 13:15:46 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0x2693d5e4df26f7f3, provider is 0x2693d5e4df29ecf3

       Jan  3 13:15:46 jnl: b(1, 4): replay_journal: from: 11286016 to: 18236928 (joffset 0xe8e000)

       Jan  3 13:15:46 jnl: b(1, 4): journal replay done.

       Jan  3 13:20:24 wl0: Roamed or switched channel, reason #8, bssid 60

       Jan  3 13:20:24 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

       Jan  3 13:29:39 process backupd[436] thread 6365 caught burning CPU! It used more than 50% CPU (Actual recent usage: 52%) over 180 seconds. thread lifetime cpu usage 182.994428 seconds, (70.174066 user, 112.820362 system) ledger info: balance: 90002231387 credit: 182855731320 debit: 92853499933 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 171635961690

       Jan  3 13:43:05 **** [IOBluetoothHostControllerUSBTransport][InterruptReadHandler] -- Received kIOReturnNotResponding error - retrying: 1

     

     

    Daemons

     

     

       com.adobe.ARMDC.Communicator

       com.google.keystone.daemon

       com.oracle.java.Helper-Tool

       com.adobe.fpsaud

       com.adobe.ARMDC.SMJobBlessHelper

     

     

    Agents

     

     

       com.google.GoogleContactSyncAgent

       com.adobe.ARM.UUID

       com.google.keystone.system.agent

       com.ATI.Launcher

       com.ATI.LaunchProcessor

       com.adobe.ARMDCHelper.UUID

       jp.co.canon.ScanGearMF.appl.Canon-MF-Scan-Agent

       com.oracle.java.Java-Updater

       com.ATI.LaunchAgent

       com.spotify.webhelper

       com.divx.update.agent

       jp.co.canon.ScanGearMF.appl.Canon-MFSU-Agent

       com.divx.dms.agent

     

     

    launchd

     

     

       /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist

       - com.apple.installer.osmessagetracing

       /Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist

       - com.adobe.ARMDCHelper.UUID

       /Library/LaunchAgents/com.ATI.LaunchAgent.plist

       - com.ATI.LaunchAgent

       /Library/LaunchAgents/com.ATI.Launcher.plist

       - com.ATI.Launcher

       /Library/LaunchAgents/com.ATI.LaunchProcessor.plist

       - com.ATI.LaunchProcessor

       /Library/LaunchAgents/com.divx.dms.agent.plist

       - com.divx.dms.agent

       /Library/LaunchAgents/com.divx.update.agent.plist

       - com.divx.update.agent

       /Library/LaunchAgents/com.google.keystone.agent.plist

       - com.google.keystone.system.agent

       /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

       - com.oracle.java.Java-Updater

       /Library/LaunchAgents/jp.co.canon.ScanGearMF.appl.Canon-MF-Scan-Agent.plist

       - jp.co.canon.ScanGearMF.appl.Canon-MF-Scan-Agent

       /Library/LaunchAgents/jp.co.canon.ScanGearMF.appl.Canon-MFSU-Agent.plist

       - jp.co.canon.ScanGearMF.appl.Canon-MFSU-Agent

       /Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist

       - com.adobe.ARMDC.Communicator

       /Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist

       - com.adobe.ARMDC.SMJobBlessHelper

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

       - com.adobe.fpsaud

       /Library/LaunchDaemons/com.google.keystone.daemon.plist

       - com.google.keystone.daemon

       /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

       - com.oracle.java.Helper-Tool

       Library/LaunchAgents/com.adobe.ARM.UUID.plist

       - com.adobe.ARM.UUID

       Library/LaunchAgents/com.google.GoogleContactSyncAgent.plist

       - com.google.GoogleContactSyncAgent

       Library/LaunchAgents/com.spotify.webhelper.plist

       - com.spotify.webhelper

     

     

    Bundles

     

     

       /System/Library/Extensions/hp_fax_io.kext

       - com.hp.kext.hp-fax-io

       /System/Library/Extensions/hp_Inkjet7_io_enabler.kext

       - com.hp.print.hpio.inkjet7.kext

       /System/Library/Extensions/hp_Officejet_io_enabler.kext

       - com.hp.print.hpio.Officejet.kext

       /System/Library/Extensions/JMicronATA.kext

       - com.jmicron.JMicronATA

       /Library/Extensions/CanonCUPSFAXUSBClassDriver.kext

       - com.canon.cups.fax.print.kext.usbprintclass

       /Library/Extensions/hp_io_enabler_compound.kext

       - com.hp.kext.io.enabler.compound

       /Library/Extensions/hp_io_printerclassdriver_enabler.kext

       - com.hp.hpio.hp-io-printerclassdriver-enabler

       /Library/Internet Plug-Ins/AdobePDFViewer.plugin

       - com.adobe.acrobat.pdfviewer

       /Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

       - com.adobe.acrobat.pdfviewerNPAPI

       /Library/Internet Plug-Ins/DivX Web Player.plugin

       - com.divx.DivXWebPlayer

       /Library/Internet Plug-Ins/Flash Player.plugin

       - N/A

       /Library/Internet Plug-Ins/googletalkbrowserplugin.plugin

       - com.google.googletalkbrowserplugin

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

       - com.oracle.java.JavaAppletPlugin

       /Library/Internet Plug-Ins/o1dbrowserplugin.plugin

       - com.google.o1dbrowserplugin

       /Library/Internet Plug-Ins/OVSHelper.plugin

       - com.divx.OVSHelper

       /Library/Internet Plug-Ins/Silverlight.plugin

       - com.microsoft.SilverlightPlugin

       /Library/Internet Plug-Ins/WebSecurity.plugin

       - com.ATI.WebSecurity

       /Library/PreferencePanes/Flash Player.prefPane

       - com.adobe.flashplayerpreferences

       /Library/PreferencePanes/JavaControlPanel.prefPane

       - com.oracle.java.JavaControlPanel

       /Library/QuickTime/DivX Decoder.component

       - com.DivXInc.DivXDecoder

       /Library/QuickTime/DivX Decoder.component/Contents/Resources

       - com.DivXInc.DivXDecoder

       /Library/QuickTime/DivX Encoder.component

       - com.DivXInc.DivXCodec

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

       - com.skype.skypeabdialer

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

       - com.skype.skypeabsms

       Library/Caches/com.apple.Safari/Extensions/ .safariextension

       - com.ati.Security

       Library/Caches/com.apple.Safari/Extensions/eBay Shopping Assistant-2.safariextension

       - com.spigot.safari.ebayshopassist

       Library/Caches/com.apple.Safari/Extensions/Facebook Cleaner.safariextension

       - com.sonstermedia.facebookclean

       Library/Caches/com.apple.Safari/Extensions/Facebook Photo Zoom-2.safariextension

       - com.regisgaughan.fbphotozoom

       Library/Caches/com.apple.Safari/Extensions/searchExt-1.safariextension

       - com.conduit.safari

       Library/Caches/com.apple.Safari/Extensions/Searchme-2.safariextension

       - com.spigot.safari.searchme

       Library/Caches/com.apple.Safari/Extensions/Slick Savings.safariextension

       - com.spigot.safari.slicksavings

       Library/Caches/com.apple.Safari/Extensions/WiseStamp-1.safariextension

       - com.wisestamp.extension

       Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin

       - com.conduit.ConduitNPAPIPlugin

       Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin

       - com.Google.GoogleEarthPlugin.plugin

       Library/PreferencePanes/Perian.prefPane

       - org.perian.PerianPane

     

     

    Apps

     

     

       /Applications/Dropbox.app

       /Applications/Google Drive.app

     

     

    Contents of /etc/hosts

     

     

       127.0.0.1 localhost

       255.255.255.255 broadcasthost

       ::1             localhost

     

     

    Contents of /etc/pf.conf

     

     

       scrub-anchor "com.apple/*"

       nat-anchor "com.apple/*"

       rdr-anchor "com.apple/*"

       dummynet-anchor "com.apple/*"

       anchor "com.apple/*"

       load anchor "com.apple" from "/etc/pf.anchors/com.apple"

     

     

    Contents of /etc/syslog.conf

     

     

       install.* @127.0.0.1:32376

     

     

    Contents of /etc/pam.d/authorization

     

     

       auth       optional       pam_krb5.so use_first_pass use_kcminit

       auth       optional       pam_ntlm.so use_first_pass

       auth       required       pam_opendirectory.so use_first_pass nullok

       account    required       pam_opendirectory.so

     

     

    Contents of /etc/pam.d/checkpw

     

     

       auth       required       pam_opendirectory.so use_first_pass nullok

       account    required       pam_opendirectory.so no_check_home no_check_shell

     

     

    Contents of /etc/pam.d/chkpasswd

     

     

       auth       required       pam_opendirectory.so

       account    required       pam_opendirectory.so

       password   required       pam_permit.so

       session    required       pam_permit.so

     

     

    Contents of /etc/pam.d/cups

     

     

       auth       required       pam_opendirectory.so

       account    required       pam_permit.so

       password   required       pam_deny.so

       session    required       pam_permit.so

     

     

    Contents of /etc/pam.d/ftpd

     

     

       auth       required       pam_opendirectory.so

       account    required       pam_permit.so

       password   required       pam_deny.so

       session    required       pam_permit.so

     

     

    Contents of /etc/pam.d/login

     

     

       auth       optional       pam_krb5.so use_kcminit

       auth       optional       pam_ntlm.so try_first_pass

       auth       optional       pam_mount.so try_first_pass

       auth       required       pam_opendirectory.so try_first_pass

       account    required       pam_nologin.so

       account    required       pam_opendirectory.so

       password   required       pam_opendirectory.so

       session    required       pam_launchd.so

       session    required       pam_uwtmp.so

       session    optional       pam_mount.so

     

     

    Contents of /etc/pam.d/login.term

     

     

       account    required       pam_nologin.so

       account    required       pam_opendirectory.so

       session    required       pam_uwtmp.so

     

     

    Contents of /etc/pam.d/other

     

     

       auth       required       pam_deny.so

       account    required       pam_deny.so

       password   required       pam_deny.so

       session    required       pam_deny.so

     

     

    Contents of /etc/pam.d/passwd

     

     

       auth       required       pam_permit.so

       account    required       pam_opendirectory.so

       password   required       pam_opendirectory.so

       session    required       pam_permit.so

     

     

    Contents of /etc/pam.d/rshd

     

     

       auth        required       pam_permit.so

       account     required       pam_nologin.so

       account     required       pam_opendirectory.so

       session     required       pam_launchd.so

     

     

    Contents of /etc/pam.d/screensaver

     

     

       auth       optional       pam_krb5.so use_first_pass use_kcminit

       auth       required       pam_opendirectory.so use_first_pass nullok

       account    required       pam_opendirectory.so

       account    sufficient     pam_self.so

       account    required       pam_group.so no_warn group=admin,wheel fail_safe

       account    required       pam_group.so no_warn deny group=admin,wheel ruser fail_safe

     

     

    Contents of /etc/pam.d/smbd

     

     

       account required pam_sacl.so sacl_service=smb allow_trustacct

       session required pam_permit.so

     

     

    Contents of /etc/pam.d/sshd

     

     

       auth       optional       pam_krb5.so use_kcminit

       auth       optional       pam_ntlm.so try_first_pass

       auth       optional       pam_mount.so try_first_pass

       auth       required       pam_opendirectory.so try_first_pass

       account    required       pam_nologin.so

       account    required       pam_sacl.so sacl_service=ssh

       account    required       pam_opendirectory.so

       password   required       pam_opendirectory.so

       session    required       pam_launchd.so

       session    optional       pam_mount.so

     

     

    Contents of /etc/pam.d/su

     

     

       auth       sufficient     pam_rootok.so

       auth       required       pam_opendirectory.so

       account    required       pam_group.so no_warn group=admin,wheel ruser root_only fail_safe

       account    required       pam_opendirectory.so no_check_shell

       password   required       pam_opendirectory.so

       session    required       pam_launchd.so

     

     

    Contents of /etc/pam.d/sudo

     

     

       auth       required       pam_opendirectory.so

       account    required       pam_permit.so

       password   required       pam_deny.so

       session    required       pam_permit.so

     

     

    Contents of /etc/periodic/daily/110.clean-tmps

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_clean_tmps_enable" in

           [Yy][Ee][Ss])

        if [ -z "$daily_clean_tmps_days" ]

        then

           echo '$daily_clean_tmps_enable is set but' \

        '$daily_clean_tmps_days is not'

           rc=2

        else

           echo ""

           echo "Removing old temporary files:"

           set -f noglob

           args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"

           args="${args} -ctime +$daily_clean_tmps_days"

           dargs="-empty -mtime +$daily_clean_tmps_days"

           dargs="${dargs} ! -name .vfs_rsrc_streams_*"

           [ -n "$daily_clean_tmps_ignore" ] && {

        args="$args "`echo " ${daily_clean_tmps_ignore% }" |

           sed 's/[ ][ ]*/ ! -name /g'`

        dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |

           sed 's/[ ][ ]*/ ! -name /g'`

     

     

       ...and 21 more line(s)

     

     

    Contents of /etc/periodic/daily/130.clean-msgs

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_clean_msgs_enable" in

           [Yy][Ee][Ss])

        if [ ! -d /var/msgs ]

        then

           echo '$daily_clean_msgs_enable is set but /var/msgs' \

        "doesn't exist"

           rc=2

        else

           echo ""

           echo "Cleaning out old system announcements:"

           [ -n "$daily_clean_msgs_days" ] &&

        arg=-${daily_clean_msgs_days#-} || arg=

           msgs -c $arg && rc=0 || rc=3

        fi;;

           *)  rc=0;;

       esac

       exit $rc

     

     

    Contents of /etc/periodic/daily/140.clean-rwho

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_clean_rwho_enable" in

           [Yy][Ee][Ss])

        if [ -z "$daily_clean_rwho_days" ]

        then

           echo '$daily_clean_rwho_enable is enabled but' \

        '$daily_clean_rwho_days is not set'

           rc=2

        elif [ ! -d /var/rwho ]

        then

           echo '$daily_clean_rwho_enable is enabled but /var/rwho' \

        "doesn't exist"

           rc=2

        else

           echo ""

           echo "Removing stale files from /var/rwho:"

           case "$daily_clean_rwho_verbose" in

        [Yy][Ee][Ss])

           print=-print;;

        *)

           print=;;

     

     

       ...and 14 more line(s)

     

     

    Contents of /etc/periodic/daily/199.clean-fax

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       if [ -d /var/spool/fax ]; then

           echo ""

           echo "Removing scratch fax files"

           cd /var/spool/fax && \

           find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;

       fi

     

     

    Contents of /etc/periodic/daily/310.accounting

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_accounting_enable" in

           [Yy][Ee][Ss])

        if [ ! -f /var/account/acct ]

        then

           echo '$daily_accounting_enable is set but /var/account/acct' \

        "doesn't exist"

           rc=2

        elif [ -z "$daily_accounting_save" ]

        then

           echo '$daily_accounting_enable is set but ' \

        '$daily_accounting_save is not'

           rc=2

        else

           echo ""

           echo "Rotating accounting logs and gathering statistics:"

           cd /var/account

           rc=0

           n=$daily_accounting_save

           rm -f acct.$n.gz acct.$n || rc=3

           m=$n

     

     

       ...and 18 more line(s)

     

     

    Contents of /etc/periodic/daily/400.status-disks

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_status_disks_enable" in

           [Yy][Ee][Ss])

        echo ""

        echo "Disk status:"

        df $daily_status_disks_df_flags && rc=1 || rc=3

        ;;

           *)  rc=0;;

       esac

       exit $rc

     

     

    Contents of /etc/periodic/daily/420.status-network

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_status_network_enable" in

           [Yy][Ee][Ss])

        echo ""

        echo "Network interface status:"

        case "$daily_status_network_usedns" in

           [Yy][Ee][Ss])

        netstat -i && rc=0 || rc=3;;

           *)

        netstat -in && rc=0 || rc=3;;

        esac;;

           *)  rc=0;;

       esac

       exit $rc

     

     

    Contents of /etc/periodic/daily/430.status-rwho

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_status_rwho_enable" in

           [Yy][Ee][Ss])

        rwho=$(echo /var/rwho/*)

               if [ -f "${rwho%% *}" ]

               then

           echo ""

           echo "Local network system status:"

           prog=ruptime

        else

           echo ""

           echo "Local system status:"

           prog=uptime

        fi

        rc=$($prog | tee /dev/stderr | wc -l)

        if [ $? -eq 0 ]

        then

           [ $rc -gt 1 ] && rc=1

        else

           rc=3

        fi;;

     

     

       ...and 3 more line(s)

     

     

    Contents of /etc/periodic/daily/999.local

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       rc=0

       for script in $daily_local

       do

           echo ''

           case "$script" in

        /*)

           if [ -f "$script" ]

           then

        echo "Running $script:"

        sh $script || rc=3

           else

        echo "$script: No such file"

        [ $rc -lt 2 ] && rc=2

           fi;;

        *)

           echo "$script: Not an absolute path"

           [ $rc -lt 2 ] && rc=2;;

           esac

       done

       exit $rc

     

     

    Contents of /etc/periodic/monthly/199.rotate-fax

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       echo ""

       printf %s "Rotating fax log files:"

       cd /var/log/fax

       for i in *.log; do

           if [ -f "${i}" ]; then

           echo -n " $i"

           if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi

           if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi

           if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi

           if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi

           if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi

           if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi

           touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"

           fi

       done

       echo ""

     

     

    Contents of /etc/periodic/monthly/200.accounting

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       oldmask=$(umask)

       umask 066

       case "$monthly_accounting_enable" in

           [Yy][Ee][Ss])

        W=/var/log/wtmp

        rc=0

        remove=NO

        if [ $rc -eq 0 ]

        then

           echo ""

           echo "Doing login accounting:"

           rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)

           [ $rc -gt 0 ] && rc=1

        fi

        [ $remove = YES ] && rm -f $W.0;;

           *)  rc=0;;

       esac

       umask $oldmask

       exit $rc

     

     

    Contents of /etc/periodic/monthly/999.local

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       rc=0

       for script in $monthly_local

       do

           echo ''

           case "$script" in

        /*)

           if [ -f "$script" ]

           then

        echo "Running $script:"

        sh $script || rc=3

           else

        echo "$script: No such file"

        [ $rc -lt 2 ] && rc=2

           fi;;

        *)

           echo "$script: Not an absolute path"

           [ $rc -lt 2 ] && rc=2;;

           esac

       done

       exit $rc

     

     

    Contents of /etc/periodic/weekly/320.whatis

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$weekly_whatis_enable" in

           [Yy][Ee][Ss])

        echo ""

        echo "Rebuilding whatis database:"

        MANPATH=`/usr/bin/manpath -q`

        if [ $? = 0 ]

        then

           if [ -z "${MANPATH}" ]

           then

        echo "manpath failed to find any manpage directories"

        rc=3

           else

        rc=0

        /usr/libexec/makewhatis.local "${MANPATH}" || rc=3

        if [ X"${man_locales}" != X ]

        then

           for i in ${man_locales}

           do

        LC_ALL=$i /usr/libexec/makewhatis.local -a \

           -L "${MANPATH}" || rc=3

     

     

       ...and 9 more line(s)

     

     

    Contents of /etc/periodic/weekly/999.local

     

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       rc=0

       for script in $weekly_local

       do

           echo ''

           case "$script" in

        /*)

           if [ -f "$script" ]

           then

        echo "Running $script:"

        sh $script || rc=3

           else

        echo "$script: No such file"

        [ $rc -lt 2 ] && rc=2

           fi;;

        *)

           echo "$script: Not an absolute path"

           [ $rc -lt 2 ] && rc=2;;

           esac

       done

       exit $rc

     

     

    Contents of /Library/Preferences/com.apple.security.appsandbox.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

           <key>UnrestrictSpotlightContainerScope</key>

           <true/>

       </dict>

       </plist>

     

     

    Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Kernel Flags</key>

        <string></string>

       </dict>

       </plist>

     

     

    Safari extensions

     

     

       Conduit Search for Safari

       Facebook Cleaner

       Facebook Photo Zoom

       Searchme

       Slick Savings

       WiseStamp

       eBay Shopping Assistant

     

     

    Restricted files: 211

     

     

    Elapsed time (s): 273

  • by apmoroney,

    apmoroney apmoroney Aug 12, 2016 2:32 AM in response to ToeKnee310
    Level 1 (4 points)
    Aug 12, 2016 2:32 AM in response to ToeKnee310

    Start time: 19:23:26 08/12/16

     

    Model Identifier: iMac10,1

    System Version: OS X 10.11.4 (15E65)

    Kernel Version: Darwin 15.4.0

    System Integrity Protection: Enabled

    Time since boot: 2 days 22:29

     

    SATA

     

       ST31000528ASQ                          

     

    USB

     

       OM (Elan Microelectronics Corportation)

     

    Diagnostic reports

     

       2016-08-05 installer crash x6

     

    Log

     

       Aug  5 21:53:56 Can't load kext org.virtualbox.kext.VBoxUSB - failed to resolve library dependencies.

       Aug  5 21:53:56 Kext org.virtualbox.kext.VBoxUSB failed to load (0xdc00800e).

       Aug  5 21:53:56 Failed to load kext org.virtualbox.kext.VBoxUSB (error 0xdc00800e).

       Aug  5 21:53:56 AssertMacros: tmpData (value: 0x0),  file: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-83.40.3/AppleCredentialManager/AppleCredentialManager.cpp, line: 785

       Aug  5 21:53:56 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0x81e6ade9bd3eeeab, provider is 0x81e6ade95de950ab

       Aug  5 21:53:56 init: error getting PHY_MODE;  using MODE_UNKNOWN

       Aug  6 02:45:55 011445.348147 PRT5@26500000: AppleUSBHostPort::disconnect: persistent enumeration failures

       Aug  7 02:00:11 process AAM Updates Noti[68233] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback

       Aug  9 20:54:35 Can't load kext org.virtualbox.kext.VBoxUSB - failed to resolve library dependencies.

       Aug  9 20:54:35 Kext org.virtualbox.kext.VBoxUSB failed to load (0xdc00800e).

       Aug  9 20:54:35 Failed to load kext org.virtualbox.kext.VBoxUSB (error 0xdc00800e).

       Aug  9 20:54:35 AssertMacros: tmpData (value: 0x0),  file: /BuildRoot/Library/Caches/com.apple.xbs/Sources/AppleCredentialManager/AppleCre dentialManager-83.40.3/AppleCredentialManager/AppleCredentialManager.cpp, line: 785

       Aug  9 20:54:35 Sleep failure code 0x00004000 0x27006c00

       Aug  9 20:54:35 IO80211ControllerMonitor::configureSubscriptions() failed to add subscriptionIO80211Controller::start _controller is 0x44488973c2f90109, provider is 0x4448897363d70909

       Aug  9 20:54:35 jnl: b(1, 2): replay_journal: from: 48455680 to: 55157248 (joffset 0x1721c000)

       Aug  9 20:54:35 init: error getting PHY_MODE;  using MODE_UNKNOWN

       Aug  9 20:54:35 jnl: b(1, 2): journal replay done.

       Aug 10 00:59:22 010684.554902 PRT5@26500000: AppleUSBHostPort::disconnect: persistent enumeration failures

       Aug 12 19:21:27 process AAM Updates Noti[50879] caught causing excessive wakeups. Observed wakeups rate (per sec): 2954; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45092

     

    Swap (MiB): 1135

     

    Daemons

     

       com.adobe.SwitchBoard

     

    Agents

     

       com.adobe.CS4ServiceManager

       com.veoh.webplayer.startup

       com.akamai.client.plist

       com.adobe.CS5ServiceManager

       com.macpaw.CleanMyMac.helperTool

       com.adobe.PDApp.AAMUpdatesNotifier.85472.UUID

     

    launchd

     

       /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

       - com.adobe.AAM.Startup-1.0

       /Library/LaunchAgents/com.adobe.CS4ServiceManager.plist

       - com.adobe.CS4ServiceManager

       /Library/LaunchAgents/com.adobe.CS5ServiceManager.plist

       - com.adobe.CS5ServiceManager

       /Library/LaunchDaemons/com.adobe.SwitchBoard.plist

       - com.adobe.SwitchBoard

       Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

       - com.adobe.AAM.Scheduler-1.0

       Library/LaunchAgents/com.akamai.client.plist

       - com.akamai.client.plist

       Library/LaunchAgents/com.macpaw.CleanMyMac.helperTool.plist

       - com.macpaw.CleanMyMac.helperTool

       Library/LaunchAgents/com.veoh.webplayer.startup.plist

       - com.veoh.webplayer.startup

       Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist

       - org.virtualbox.vboxwebsvc

     

    Startup items

     

       /Library/StartupItems/VirtualBox/StartupParameters.plist

       /Library/StartupItems/VirtualBox/VirtualBox

     

    Bundles

     

       /System/Library/Extensions/EyeTVAfaTechHidBlock.kext

       - com.elgato.driver.DontMatchAfaTech

       /System/Library/Extensions/EyeTVCinergy450AudioBlock.kext

       - com.elgato.driver.DontMatchCinergy450

       /System/Library/Extensions/EyeTVCinergyXSAudioBlock.kext

       - com.elgato.driver.DontMatchCinergyXS

       /System/Library/Extensions/EyeTVEmpiaAudioBlock.kext

       - com.elgato.driver.DontMatchEmpia

       /System/Library/Extensions/EyeTVVoyagerAudioBlock.kext

       - com.elgato.driver.DontMatchVoyager

       /System/Library/Extensions/hp_designjet_series.kext

       - com.hp.print.hpio.Designjet.kext

       /System/Library/Extensions/hp_Deskjet_io_enabler.kext

       - com.hp.print.hpio.Deskjet.kext

       /System/Library/Extensions/hp_Inkjet1_io_enabler.kext

       - com.hp.print.hpio.Inkjet1.kext

       /System/Library/Extensions/hp_Inkjet3_io_enabler.kext

       - com.hp.print.hpio.Inkjet3.kext

       /System/Library/Extensions/hp_Inkjet4_io_enabler.kext

       - com.hp.print.hpio.Inkjet4.kext

       /System/Library/Extensions/hp_Inkjet5_io_enabler.kext

       - com.hp.print.hpio.Inkjet5.kext

       /System/Library/Extensions/hp_Inkjet8_io_enabler.kext

       - com.hp.print.hpio.inkjet8.kext

       /System/Library/Extensions/hp_Inkjet_io_enabler.kext

       - com.hp.print.hpio.Inkjet.kext

       /System/Library/Extensions/hp_Laserjet_io_enabler.kext

       - com.hp.print.hpio.Laserjet.kext

       /System/Library/Extensions/hp_Officejet_io_enabler.kext

       - com.hp.print.hpio.Officejet.kext

       /System/Library/Extensions/hp_Photosmart_io_enabler.kext

       - com.hp.print.hpio.Photosmart.kext

       /System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext

       - com.hp.print.hpio.PhotosmartPro.kext

       /System/Library/Extensions/hp_qc_io_enabler.kext

       - com.hp.hpio.hp_psa530_630_io_enabler

       /System/Library/Extensions/LexmarkUSBMerge.kext

       - com.lexmark.print.usbmerge

       /System/Library/Extensions/Soundflower.kext

       - com.Cycling74.driver.Soundflower

       /Library/Audio/Plug-Ins/Components/A52Codec.component

       - com.shepmater.A52Codec

       /Library/Extensions/VBoxDrv.kext

       - org.virtualbox.kext.VBoxDrv

       /Library/Extensions/VBoxNetAdp.kext

       - org.virtualbox.kext.VBoxNetAdp

       /Library/Extensions/VBoxNetFlt.kext

       - org.virtualbox.kext.VBoxNetFlt

       /Library/Extensions/VBoxUSB.kext

       - org.virtualbox.kext.VBoxUSB

       /Library/Internet Plug-Ins/DivXBrowserPlugin.plugin

       - com.divx.DivXBrowserPlugin

       /Library/Internet Plug-Ins/Flash Player.plugin

       - N/A

       /Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin

       - net.telestream.wmv.plugin

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

       - com.apple.java.JavaAppletPlugin

       /Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin

       - com.microsoft.officelive.browserplugin

       /Library/Internet Plug-Ins/OVSHelper.plugin

       - com.divx.OVSHelper

       /Library/Internet Plug-Ins/Silverlight.plugin

       - com.microsoft.SilverlightPlugin

       /Library/Internet Plug-Ins/Unity Web Player.plugin

       - com.unity.UnityWebPlayer

       /Library/PreferencePanes/DivX.prefPane

       - com.divx.divxprefs

       /Library/PreferencePanes/Flash Player.prefPane

       - com.adobe.flashplayerpreferences

       /Library/PreferencePanes/Flip4Mac WMV.prefPane

       - net.telestream.wmv.prefpane

       /Library/PreferencePanes/Growl.prefPane

       - com.growl.prefpanel

       /Library/PreferencePanes/Perian.prefPane

       - org.perian.PerianPane

       /Library/QuickTime/AC3MovieImport.component

       - com.cod3r.ac3movieimport

       /Library/QuickTime/EyeTV MPEG Support.component

       - com.elgato.mpegsupport

       /Library/QuickTime/Perian.component

       - org.perian.Perian

       /Library/ScriptingAdditions/Adobe Unit Types.osax

       - N/A

       /Library/Widgets/CI Filter Browser.wdgt

       - com.apple.CIFilterBrowser

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

       - com.skype.skypeabdialer

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

       - com.skype.skypeabsms

       Library/iTunes/iTunes Plug-ins/TuneUp/TuneUp Visualizer.bundle

       - N/A

     

    dylibs

     

       /usr/lib/libgutenprint.2.0.3.dylib

     

    Contents of /etc/hosts

     

       127.0.0.1 localhost

       255.255.255.255 broadcasthost

       ::1             localhost

       fe80::1%lo0 localhost

       127.0.0.1 activate.adobe.com

       127.0.0.1 practivate.adobe.com

       127.0.0.1 ereg.adobe.com

       127.0.0.1 activate.wip3.adobe.com

       127.0.0.1 wip3.adobe.com

       127.0.0.1 3dns-3.adobe.com

       127.0.0.1 3dns-2.adobe.com

       127.0.0.1 adobe-dns.adobe.com

       127.0.0.1 adobe-dns-2.adobe.com

       127.0.0.1 adobe-dns-3.adobe.com

       127.0.0.1 ereg.wip3.adobe.com

       127.0.0.1 activate-sea.adobe.com

       127.0.0.1 wwis-dubc1-vip60.adobe.com

       127.0.0.1 activate-sjc0.adobe.com

       127.0.0.1 hl2rcv.adobe.com

       127.0.0.1 activate.adobe.com

       127.0.0.1 practivate.adobe.com

       127.0.0.1 ereg.adobe.com

       127.0.0.1 activate.wip3.adobe.com

       127.0.0.1 wip3.adobe.com

       127.0.0.1 3dns-3.adobe.com

     

       ...and 9 more line(s)

     

    Contents of /etc/pf.conf

     

       scrub-anchor "com.apple/*"

       nat-anchor "com.apple/*"

       rdr-anchor "com.apple/*"

       dummynet-anchor "com.apple/*"

       anchor "com.apple/*"

       load anchor "com.apple" from "/etc/pf.anchors/com.apple"

     

    Contents of /etc/syslog.conf

     

       install.* @127.0.0.1:32376

     

    Contents of /etc/pam.d/authorization

     

       auth       optional       pam_krb5.so use_first_pass use_kcminit

       auth       optional       pam_ntlm.so use_first_pass

       auth       required       pam_opendirectory.so use_first_pass nullok

       account    required       pam_opendirectory.so

     

    Contents of /etc/pam.d/checkpw

     

       auth       required       pam_opendirectory.so use_first_pass nullok

       account    required       pam_opendirectory.so no_check_home no_check_shell

     

    Contents of /etc/pam.d/chkpasswd

     

       auth       required       pam_opendirectory.so

       account    required       pam_opendirectory.so

       password   required       pam_permit.so

       session    required       pam_permit.so

     

    Contents of /etc/pam.d/cups

     

       auth       required       pam_opendirectory.so

       account    required       pam_permit.so

       password   required       pam_deny.so

       session    required       pam_permit.so

     

    Contents of /etc/pam.d/ftpd

     

       auth       required       pam_opendirectory.so

       account    required       pam_permit.so

       password   required       pam_deny.so

       session    required       pam_permit.so

     

    Contents of /etc/pam.d/login

     

       auth       optional       pam_krb5.so use_kcminit

       auth       optional       pam_ntlm.so try_first_pass

       auth       optional       pam_mount.so try_first_pass

       auth       required       pam_opendirectory.so try_first_pass

       account    required       pam_nologin.so

       account    required       pam_opendirectory.so

       password   required       pam_opendirectory.so

       session    required       pam_launchd.so

       session    required       pam_uwtmp.so

       session    optional       pam_mount.so

     

    Contents of /etc/pam.d/login.term

     

       account    required       pam_nologin.so

       account    required       pam_opendirectory.so

       session    required       pam_uwtmp.so

     

    Contents of /etc/pam.d/other

     

       auth       required       pam_deny.so

       account    required       pam_deny.so

       password   required       pam_deny.so

       session    required       pam_deny.so

     

    Contents of /etc/pam.d/passwd

     

       auth       required       pam_permit.so

       account    required       pam_opendirectory.so

       password   required       pam_opendirectory.so

       session    required       pam_permit.so

     

    Contents of /etc/pam.d/rshd

     

       auth        required       pam_permit.so

       account     required       pam_nologin.so

       account     required       pam_opendirectory.so

       session     required       pam_launchd.so

     

    Contents of /etc/pam.d/screensaver

     

       auth       optional       pam_krb5.so use_first_pass use_kcminit

       auth       required       pam_opendirectory.so use_first_pass nullok

       account    required       pam_opendirectory.so

       account    sufficient     pam_self.so

       account    required       pam_group.so no_warn group=admin,wheel fail_safe

       account    required       pam_group.so no_warn deny group=admin,wheel ruser fail_safe

     

    Contents of /etc/pam.d/smbd

     

       account required pam_sacl.so sacl_service=smb allow_trustacct

       session required pam_permit.so

     

    Contents of /etc/pam.d/sshd

     

       auth       optional       pam_krb5.so use_kcminit

       auth       optional       pam_ntlm.so try_first_pass

       auth       optional       pam_mount.so try_first_pass

       auth       required       pam_opendirectory.so try_first_pass

       account    required       pam_nologin.so

       account    required       pam_sacl.so sacl_service=ssh

       account    required       pam_opendirectory.so

       password   required       pam_opendirectory.so

       session    required       pam_launchd.so

       session    optional       pam_mount.so

     

    Contents of /etc/pam.d/su

     

       auth       sufficient     pam_rootok.so

       auth       required       pam_opendirectory.so

       account    required       pam_group.so no_warn group=admin,wheel ruser root_only fail_safe

       account    required       pam_opendirectory.so no_check_shell

       password   required       pam_opendirectory.so

       session    required       pam_launchd.so

     

    Contents of /etc/pam.d/sudo

     

       auth       required       pam_opendirectory.so

       account    required       pam_permit.so

       password   required       pam_deny.so

       session    required       pam_permit.so

     

    Contents of /etc/periodic/daily/110.clean-tmps

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_clean_tmps_enable" in

           [Yy][Ee][Ss])

       if [ -z "$daily_clean_tmps_days" ]

       then

           echo '$daily_clean_tmps_enable is set but' \

       '$daily_clean_tmps_days is not'

           rc=2

       else

           echo ""

           echo "Removing old temporary files:"

           set -f noglob

           args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"

           args="${args} -ctime +$daily_clean_tmps_days"

           dargs="-empty -mtime +$daily_clean_tmps_days"

           dargs="${dargs} ! -name .vfs_rsrc_streams_*"

           [ -n "$daily_clean_tmps_ignore" ] && {

       args="$args "`echo " ${daily_clean_tmps_ignore% }" |

           sed 's/[ ][ ]*/ ! -name /g'`

       dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |

           sed 's/[ ][ ]*/ ! -name /g'`

     

       ...and 21 more line(s)

     

    Contents of /etc/periodic/daily/130.clean-msgs

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_clean_msgs_enable" in

           [Yy][Ee][Ss])

       if [ ! -d /var/msgs ]

       then

           echo '$daily_clean_msgs_enable is set but /var/msgs' \

       "doesn't exist"

           rc=2

       else

           echo ""

           echo "Cleaning out old system announcements:"

           [ -n "$daily_clean_msgs_days" ] &&

       arg=-${daily_clean_msgs_days#-} || arg=

           msgs -c $arg && rc=0 || rc=3

       fi;;

           *)  rc=0;;

       esac

       exit $rc

     

    Contents of /etc/periodic/daily/140.clean-rwho

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_clean_rwho_enable" in

           [Yy][Ee][Ss])

       if [ -z "$daily_clean_rwho_days" ]

       then

           echo '$daily_clean_rwho_enable is enabled but' \

       '$daily_clean_rwho_days is not set'

           rc=2

       elif [ ! -d /var/rwho ]

       then

           echo '$daily_clean_rwho_enable is enabled but /var/rwho' \

       "doesn't exist"

           rc=2

       else

           echo ""

           echo "Removing stale files from /var/rwho:"

           case "$daily_clean_rwho_verbose" in

       [Yy][Ee][Ss])

           print=-print;;

       *)

           print=;;

     

       ...and 14 more line(s)

     

    Contents of /etc/periodic/daily/199.clean-fax

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       if [ -d /var/spool/fax ]; then

           echo ""

           echo "Removing scratch fax files"

           cd /var/spool/fax && \

           find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;

       fi

     

    Contents of /etc/periodic/daily/310.accounting

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_accounting_enable" in

           [Yy][Ee][Ss])

       if [ ! -f /var/account/acct ]

       then

           echo '$daily_accounting_enable is set but /var/account/acct' \

       "doesn't exist"

           rc=2

       elif [ -z "$daily_accounting_save" ]

       then

           echo '$daily_accounting_enable is set but ' \

       '$daily_accounting_save is not'

           rc=2

       else

           echo ""

           echo "Rotating accounting logs and gathering statistics:"

           cd /var/account

           rc=0

           n=$daily_accounting_save

           rm -f acct.$n.gz acct.$n || rc=3

           m=$n

     

       ...and 18 more line(s)

     

    Contents of /etc/periodic/daily/400.status-disks

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_status_disks_enable" in

           [Yy][Ee][Ss])

       echo ""

       echo "Disk status:"

       df $daily_status_disks_df_flags && rc=1 || rc=3

       ;;

           *)  rc=0;;

       esac

       exit $rc

     

    Contents of /etc/periodic/daily/420.status-network

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_status_network_enable" in

           [Yy][Ee][Ss])

       echo ""

       echo "Network interface status:"

       case "$daily_status_network_usedns" in

           [Yy][Ee][Ss])

       netstat -i && rc=0 || rc=3;;

           *)

       netstat -in && rc=0 || rc=3;;

       esac;;

           *)  rc=0;;

       esac

       exit $rc

     

    Contents of /etc/periodic/daily/430.status-rwho

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$daily_status_rwho_enable" in

           [Yy][Ee][Ss])

       rwho=$(echo /var/rwho/*)

               if [ -f "${rwho%% *}" ]

               then

           echo ""

           echo "Local network system status:"

           prog=ruptime

       else

           echo ""

           echo "Local system status:"

           prog=uptime

       fi

       rc=$($prog | tee /dev/stderr | wc -l)

       if [ $? -eq 0 ]

       then

           [ $rc -gt 1 ] && rc=1

       else

           rc=3

       fi;;

     

       ...and 3 more line(s)

     

    Contents of /etc/periodic/daily/999.local

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       rc=0

       for script in $daily_local

       do

           echo ''

           case "$script" in

       /*)

           if [ -f "$script" ]

           then

       echo "Running $script:"

       sh $script || rc=3

           else

       echo "$script: No such file"

       [ $rc -lt 2 ] && rc=2

           fi;;

       *)

           echo "$script: Not an absolute path"

           [ $rc -lt 2 ] && rc=2;;

           esac

       done

       exit $rc

     

    Contents of /etc/periodic/monthly/199.rotate-fax

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       echo ""

       printf %s "Rotating fax log files:"

       cd /var/log/fax

       for i in *.log; do

           if [ -f "${i}" ]; then

           echo -n " $i"

           if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi

           if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi

           if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi

           if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi

           if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi

           if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi

           touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"

           fi

       done

       echo ""

     

    Contents of /etc/periodic/monthly/200.accounting

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       oldmask=$(umask)

       umask 066

       case "$monthly_accounting_enable" in

           [Yy][Ee][Ss])

       W=/var/log/wtmp

       rc=0

       remove=NO

       if [ $rc -eq 0 ]

       then

           echo ""

           echo "Doing login accounting:"

           rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)

           [ $rc -gt 0 ] && rc=1

       fi

       [ $remove = YES ] && rm -f $W.0;;

           *)  rc=0;;

       esac

       umask $oldmask

       exit $rc

     

    Contents of /etc/periodic/monthly/999.local

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       rc=0

       for script in $monthly_local

       do

           echo ''

           case "$script" in

       /*)

           if [ -f "$script" ]

           then

       echo "Running $script:"

       sh $script || rc=3

           else

       echo "$script: No such file"

       [ $rc -lt 2 ] && rc=2

           fi;;

       *)

           echo "$script: Not an absolute path"

           [ $rc -lt 2 ] && rc=2;;

           esac

       done

       exit $rc

     

    Contents of /etc/periodic/weekly/320.whatis

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       case "$weekly_whatis_enable" in

           [Yy][Ee][Ss])

       echo ""

       echo "Rebuilding whatis database:"

       MANPATH=`/usr/bin/manpath -q`

       if [ $? = 0 ]

       then

           if [ -z "${MANPATH}" ]

           then

       echo "manpath failed to find any manpage directories"

       rc=3

           else

       rc=0

       /usr/libexec/makewhatis.local "${MANPATH}" || rc=3

       if [ X"${man_locales}" != X ]

       then

           for i in ${man_locales}

           do

       LC_ALL=$i /usr/libexec/makewhatis.local -a \

           -L "${MANPATH}" || rc=3

     

       ...and 9 more line(s)

     

    Contents of /etc/periodic/weekly/999.local

     

       if [ -r /etc/defaults/periodic.conf ]

       then

           . /etc/defaults/periodic.conf

           source_periodic_confs

       fi

       rc=0

       for script in $weekly_local

       do

           echo ''

           case "$script" in

       /*)

           if [ -f "$script" ]

           then

       echo "Running $script:"

       sh $script || rc=3

           else

       echo "$script: No such file"

       [ $rc -lt 2 ] && rc=2

           fi;;

       *)

           echo "$script: Not an absolute path"

           [ $rc -lt 2 ] && rc=2;;

           esac

       done

       exit $rc

     

    Contents of /Library/Preferences/com.apple.security.appsandbox.plist (XML  document text)

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

           <key>UnrestrictSpotlightContainerScope</key>

           <true/>

       </dict>

       </plist>

     

    Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (XML  document text)

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

       <key>Kernel Flags</key>

       <string></string>

       </dict>

       </plist>

     

    Font issues: 34

     

    Widgets

     

       iCal

     

    Restricted files: 107

     

    Elapsed time (s): 242

  • by etresoft,

    etresoft etresoft Aug 13, 2016 7:29 AM in response to apmoroney
    Level 7 (29,056 points)
    Aug 13, 2016 7:29 AM in response to apmoroney

    Hello apmoroney,

    This thread is over two years old. Please start your own thread for your question. Do NOT run any more random scripts you find on the Internet. You have no idea what they are going to do. In this case the script you ran exposed your piracy of several hundred dollars worth of Adobe software.

  • by sportsstef,

    sportsstef sportsstef Aug 17, 2016 6:29 AM in response to Linc Davis
    Level 1 (4 points)
    Aug 17, 2016 6:29 AM in response to Linc Davis

    Start time: 08:46:14 08/17/16

     

     

    Model Identifier: MacBookPro9,2

    System Version: OS X 10.10.5 (14F1909)

    Kernel Version: Darwin 14.5.0

    Time since boot: 2 days 14:24

     

     

    Battery

     

     

       Condition: Service Battery

     

     

    FileVault: On

     

     

    Diagnostic reports

     

     

       2016-08-15 MacKeeper Helper crash x19

       2016-08-15 MyShopMate crash x6

     

     

    Log

     

     

       Aug 11 14:24:06 PM notification timeout (pid 50, powerd)

       Aug 11 14:28:54 Sound assertion in AppleHDAFunctionGroup at line 1058

       Aug 14 12:49:27 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 14 15:47:07 process Support-LogMeInR[40819] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback

       Aug 14 18:13:18 SIOCPROTODETACH_IN6: utun0 error=6

       Aug 14 18:13:26 SIOCPROTODETACH_IN6: utun0 error=6

       Aug 14 18:23:23 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 14 18:23:24 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 14 18:23:26 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

       Aug 14 18:26:38 process Microsoft Word[422] caught causing excessive wakeups. Observed wakeups rate (per sec): 295; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45006

       Aug 15 10:24:13 SIOCPROTODETACH_IN6: utun0 error=6

       Aug 16 16:29:54 ALF: ifnet_get_address_list_family error 12

       Aug 16 16:30:04 ip4_output (ipsec): error code 22

       Aug 16 18:56:18 ip4_output (ipsec): error code 22

       Aug 16 19:55:01 ALF: ifnet_get_address_list_family error 12

       Aug 16 19:59:28 SIOCPROTODETACH_IN6: utun0 error=6

       Aug 16 21:00:01 SIOCPROTODETACH_IN6: utun0 error=6

       Aug 17 08:23:12 ALF: ifnet_get_address_list_family error 12

       Aug 17 08:29:27 ALF: ifnet_get_address_list_family error 12

     

     

    kexts

     

     

       com.avast.PacketForwarder (2.1)

       com.avast.AvastFileShield (3.0.0)

       com.avg.Antivirus.OnAccess.kext (2015.0)

     

     

    Daemons

     

     

       com.avast.secureline.update

       com.avast.uninstall

       com.avast.daemon

       com.adobe.ARMDC.Communicator

       com.avast.update

       com.avast.secureline.uninstall

       com.avast.proxy

       com.microsoft.office.licensing.helper

       com.MyShopMate.agent

       com.avg.Antivirus

       com.oracle.java.Helper-Tool

       com.avast.service

       com.avast.fileshield

       com.avast.account

       com.Software-Updater.agent

       com.avg.Antivirus.crashpad

       com.mackeeper.MacKeeper.plugin.AntiTheft.daemon

       com.avg.Antivirus.infosd

       com.adobe.fpsaud

       com.adobe.ARMDC.SMJobBlessHelper

       com.avast.secureline.service

       com.avast.secureline.init

       com.avast.secureline.burger

       com.avast.init

     

     

    Agents

     

     

       6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper

       com.avast.home.userinit

       com.avast.userinit

       com.avast.helper

       com.avast.secureline.userinit

       com.avast.secureline.home.userinit

       com.mackeeper.MacKeeper.Helper

       com.avg.Antivirus

       com.jdibackup.ZipCloud.autostart

       com.adobe.ARMDCHelper.UUID

       com.oracle.java.Java-Updater

       com.avast.update-agent

       com.spotify.webhelper

       com.jdibackup.ZipCloud.notify

       com.google.keystone.user.agent

       com.avast.secureline.update-agent

       com.pcv.hlpramc

     

     

    launchd

     

     

       /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist

       - com.apple.installer.osmessagetracing

       /Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist

       - com.adobe.ARMDCHelper.UUID

       /Library/LaunchAgents/com.avast.secureline.update-agent.plist

       - com.avast.secureline.update-agent

       /Library/LaunchAgents/com.avast.secureline.userinit.plist

       - com.avast.secureline.userinit

       /Library/LaunchAgents/com.avast.update-agent.plist

       - com.avast.update-agent

       /Library/LaunchAgents/com.avast.userinit.plist

       - com.avast.userinit

       /Library/LaunchAgents/com.avg.Antivirus.gui.plist

       - com.avg.Antivirus

       /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

       - com.oracle.java.Java-Updater

       /Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist

       - com.adobe.ARMDC.Communicator

       /Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist

       - com.adobe.ARMDC.SMJobBlessHelper

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

       - com.adobe.fpsaud

       /Library/LaunchDaemons/com.avast.init.plist

       - com.avast.init

       /Library/LaunchDaemons/com.avast.secureline.init.plist

       - com.avast.secureline.init

       /Library/LaunchDaemons/com.avast.secureline.uninstall.plist

       - com.avast.secureline.uninstall

       /Library/LaunchDaemons/com.avast.secureline.update.plist

       - com.avast.secureline.update

       /Library/LaunchDaemons/com.avast.uninstall.plist

       - com.avast.uninstall

       /Library/LaunchDaemons/com.avast.update.plist

       - com.avast.update

       /Library/LaunchDaemons/com.avg.Antivirus.crashpad.plist

       - com.avg.Antivirus.crashpad

       /Library/LaunchDaemons/com.avg.Antivirus.infosd.plist

       - com.avg.Antivirus.infosd

       /Library/LaunchDaemons/com.avg.Antivirus.services.plist

       - com.avg.Antivirus

       /Library/LaunchDaemons/com.mackeeper.MacKeeper.plugin.AntiTheft.daemon.plist

       - com.mackeeper.MacKeeper.plugin.AntiTheft.daemon

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

       - com.microsoft.office.licensing.helper

       /Library/LaunchDaemons/com.MyShopMate.agent.plist

       - com.MyShopMate.agent

       /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

       - com.oracle.java.Helper-Tool

       /Library/LaunchDaemons/com.Software-Updater.agent.plist

       - com.Software-Updater.agent

       Library/LaunchAgents/com.avast.home.userinit.plist

       - com.avast.home.userinit

       Library/LaunchAgents/com.avast.secureline.home.userinit.plist

       - com.avast.secureline.home.userinit

       Library/LaunchAgents/com.google.keystone.agent.plist

       - com.google.keystone.user.agent

       Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

       - com.jdibackup.ZipCloud.autostart

       Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

       - com.jdibackup.ZipCloud.notify

       Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist

       - com.mackeeper.MacKeeper.Helper

       Library/LaunchAgents/com.pcv.hlpramc.plist

       - com.pcv.hlpramc

       Library/LaunchAgents/com.spotify.webhelper.plist

       - com.spotify.webhelper

     

     

    Bundles

     

     

       /System/Library/Extensions/JMicronATA.kext

       - com.jmicron.JMicronATA

       /Library/Internet Plug-Ins/AdobePDFViewer.plugin

       - com.adobe.acrobat.pdfviewer

       /Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

       - com.adobe.acrobat.pdfviewerNPAPI

       /Library/Internet Plug-Ins/CouponPrinter-FireFox_v2.plugin

       - com.coupons.plugin.mozilla-plugin

       /Library/Internet Plug-Ins/CouponPrinter-Safari.webplugin

       - BUNDLE_ID

       /Library/Internet Plug-Ins/Flash Player.plugin

       - N/A

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

       - com.oracle.java.JavaAppletPlugin

       /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

       - com.microsoft.sharepoint.browserplugin

       /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

       - com.microsoft.sharepoint.webkitplugin

       /Library/Internet Plug-Ins/Silverlight.plugin

       - com.microsoft.SilverlightPlugin

       /Library/PreferencePanes/Flash Player.prefPane

       - com.adobe.flashplayerpreferences

       /Library/PreferencePanes/JavaControlPanel.prefPane

       - com.oracle.java.JavaControlPanel

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

       - com.skype.skypeabdialer

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

       - com.skype.skypeabsms

       Library/Caches/com.apple.Safari/Extensions/Listchack.safariextz

       - com.listchack.safari

       Library/Caches/com.apple.Safari/Extensions/Save to Pocket.safariextension

       - com.ideashower.pocket.safari

       Library/Caches/com.apple.Safari/Extensions/xsearch.safariextension

       - com.xsearch.safariext

       Library/Internet Plug-Ins/npBcsMcTcIO.plugin

       - org.mozilla.basicPlugin

     

     

    Apps

     

     

       /Applications/Dropbox.app

     

     

    Contents of /etc/sysctl.conf

     

     

       kern.sysv.shmall=65536

       kern.sysv.shmmax=268435456

       kern.sysv.shmmni=64

       kern.sysv.shmseg=64

     

     

    Contents of /System/Library/LaunchAgents/com.apple.SafariPlugInUpdateNotifier.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>EnablePressuredExit</key>

        <true/>

        <key>Label</key>

        <string>com.apple.SafariPlugInUpdateNotifier</string>

        <key>Program</key>

        <string>/usr/libexec/SafariPlugInUpdateNotifier</string>

        <key>LaunchEvents</key>

        <dict>

        <key>com.apple.fsevents.matching</key>

        <dict>

        <key>UserFlashPlugInModified</key>

        <dict>

        <key>Path</key>

        <string>~/Library/Internet Plug-Ins/Flash Player.plugin</string>

        </dict>

        <key>SystemFlashPlugInModified</key>

        <dict>

        <key>Path</key>

        <string>/Library/Internet Plug-Ins/Flash Player.plugin</string>

        </dict>

        </dict>

     

     

       ...and 3 more line(s)

     

     

    Contents of /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Label</key>

        <string>com.apple.installer.osmessagetracing</string>

        <key>LaunchOnlyOnce</key>

        <true/>

        <key>ProgramArguments</key>

        <array>

        <string>/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMes sageTracer</string>

        </array>

        <key>UserName</key>

        <string>root</string>

        <key>GroupName</key>

        <string>wheel</string>

        <key>WatchPaths</key>

        <array>

        <string>/var/db/.AppleDiagnosticsSetupDone</string>

        </array>

       </dict>

       </plist>

     

     

    Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (XML  document text)

     

     

       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

       <plist version="1.0">

       <dict>

        <key>Disabled</key>

        <true/>

        <key>Label</key>

        <string>org.apache.httpd</string>

        <key>EnvironmentVariables</key>

        <dict>

        <key>XPC_SERVICES_UNAVAILABLE</key>

        <string>1</string>

        </dict>

        <key>ProgramArguments</key>

        <array>

        <string>/usr/sbin/httpd-wrapper</string>

        <string>-D</string>

        <string>FOREGROUND</string>

        </array>

        <key>OnDemand</key>

        <false/>

       </dict>

       </plist>

     

     

    Profiles: 1

     

     

    Firewall: On

     

     

    DNS: 77.234.40.79 (static)

     

     

    Safari extensions

     

     

       Listchack

       Save to Pocket

       XSearch

     

     

    Restricted files: 88

     

     

    Elapsed time (s): 610

     

     

     

    What does this mean now?

  • by Eric Root,

    Eric Root Eric Root Aug 17, 2016 8:14 AM in response to sportsstef
    Level 9 (70,011 points)
    iTunes
    Aug 17, 2016 8:14 AM in response to sportsstef

    You might want to consider starting a new discussion. Since this one is a couple of years old, less people are likely to look at it. A new post would be much more visible. You can link to this one. In the new post, please provide details of the problem(s) you are having.

     

    MacKeeper – Do Not Install

     

    MacKeeper – Do Not Install (2)        See  SDW2001’s post

     

    MacKeeper Removal

     

    MacKeeper Removal


    ZipCloud uninstall


    Uninstall Avast. Its tends to interfere with the computer's operation while providing minimal to no benefit.

     

    Avast

     

    Avast Un-install

     

    AVG Uninstall