Previous 1 2 Next 21 Replies Latest reply: Aug 15, 2014 7:01 AM by Linc Davis
Sud30 Level 1 Level 1 (0 points)



I am new to these forums and this is my first post, thankfully as a result of my mac never giving me any problems until now. I have a Macbook Pro 13" (Mid-2010) running Snow Leopard V10.6.8 with Safari V5.1.10


I am hoping someone in the Mac community may assist me with the following problem:


I seem to have picked up some sort of malware/spyware called It appears as a pop up when I restart Safari or sometimes when I press the Home button it redirects and loads this pop up message. Every time it happens I force quit Safari as there is no other option for exiting. I performed a simple google search for it and it appears to be a well know PC problem with many sites giving details as to how to remove it from a Windows PC. However I did not find any solutions for the mac. Therefore I decided to try out a couple of antivirus solutions. The first one I tried was Sophos Anti-Virus Home Edition, however it did not pick up any threats. The second AV I tried was a trial of ESET Cyber Security, however it also did not pick up any problems.


I have also tried emptying the cache, deleting all website data and resetting safari a few times consecutively. However this pop up still appears. Please find screen grab below.


Screen Grab.tiff


Please may someone assist me with finding a mac solution to removing this virus/spyware/malware as I no longer feel save using internet banking and so forth knowing that someone or something maybe spying on me. Your assistance would be greatly appreciated.

MacBook Pro (13-inch Mid 2010), Mac OS X (10.6.8), 8GB Ram, 750GB HDD
  • Kappy Level 10 Level 10 (249,640 points)

    This is just a PC site scam. It is not spyware. Just switch to another page in your browser. For more information:


    Helpful Links Regarding Malware Protection


    An excellent link to read is Tom Reed's Mac Malware Guide.

    Also, visit The XLab FAQs and read Detecting and avoiding malware and spyware.

    See these Apple articles:


      Mac OS X Snow Leopard and malware detection

      OS X Lion- Protect your Mac from malware

      OS X Mountain Lion- Protect your Mac from malware

      OS X Mavericks- Protect your Mac from malware

      About file quarantine in OS X


    If you require anti-virus protection Thomas Reed recommends using ClamXAV. (Thank you to Thomas Reed for this recommendation.)


    From user Joe Bailey comes this equally useful advice:


    The facts are:


    1. There is no anti-malware software that can detect 100% of the malware out there.

    2. There is no anti-malware that can detect anything targeting the Mac because there

         is no Mac malware in the wild, and therefore, no "signatures" to detect.

    3. The very best way to prevent the most attacks is for you as the user to be aware that

         the most successful malware attacks rely on very sophisticated social engineering

         techniques preying on human avarice, ****, and fear.

    4. Internet popups saying the FBI, NSA, Microsoft, your ISP has detected malware on

        your computer is intended to entice you to install their malware thinking it is a

        protection against malware.

    5. Some of the anti-malware products on the market are worse than the malware

        from which they purport to protect you.

    6. Be cautious where you go on the internet.

    7. Only download anything from sites you know are safe.

    8. Avoid links you receive in email, always be suspicious even if you get something

        you think is from a friend, but you were not expecting.

    9. If there is any question in your mind, then assume it is malware.

  • Sud30 Level 1 Level 1 (0 points)

    Thank you so much for your response.


    Please may you elaborate on PC site scam, I do not fully understand. The reason been is that I only attempt to open my ISPs homepage which I have had set as my homepage for the last 13 odd years or so. Also when I load Safari it would normally open that page.


    However when it redirects to this popup it worries me as my other PCs do not have this issue so it can't be the ISP site that is at fault and its not as if I clicked on a suspicious link for it to take me to this popup. It just appears to randomly redirect me to this popup on its own. It has also only started doing this in the last few weeks, so I don't feel comfortable just opening a new page as I'm sure there must be something causing it to redirect on its own. Also there is no way to open a new page without force quiting safari, as the only option would be to press ok as seen in the screen grab above which I am not willing to do.


    Please assist further.

  • Linc Davis Level 10 Level 10 (153,390 points)

    From the menu bar, select


              ▹ System Preferences... ▹ Network ▹ Advanced... ▹ DNS


    Under DNS Servers you should have one or more numerical addresses, such as “” or “”. What are those addresses?

  • Sud30 Level 1 Level 1 (0 points)



    I entered the following 2 DNS Servers that were on my modem settings as given by the ISP:



    I currently have my adsl modem connected to my airport extreme. The ISP router established the PPPoE connection.

  • Linc Davis Level 10 Level 10 (153,390 points)

    From the Safari menu bar, select


              Safari Preferences... Extensions


    Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.

  • Sud30 Level 1 Level 1 (0 points)

    I do not have any extensions.


    Please assist further and thanks for all your assistance thus far.

  • Linc Davis Level 10 Level 10 (153,390 points)

    Please read this whole message before doing anything.

    This procedure is a test, not a solution. Don’t be disappointed when you find that nothing has changed after you complete it.

    Step 1

    The purpose of this step is to determine whether the problem is localized to your user account.

    Enable guest logins* and log in as Guest. Don't use the Safari-only “Guest User” login created by “Find My Mac.”

    While logged in as Guest, you won’t have access to any of your documents or settings. Applications will behave as if you were running them for the first time. Don’t be alarmed by this behavior; it’s normal. If you need any passwords or other personal data in order to complete the test, memorize, print, or write them down before you begin.

    Test while logged in as Guest. Same problem?

    After testing, log out of the guest account and, in your own account, disable it if you wish. Any files you created in the guest account will be deleted automatically when you log out of it.

    *Note: If you’ve activated “Find My Mac” or FileVault, then you can’t enable the Guest account. The “Guest User” login created by “Find My Mac” is not the same. Create a new account in which to test, and delete it, including its home folder, after testing.

    Step 2

    The purpose of this step is to determine whether the problem is caused by third-party system modifications that load automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.

    Please take this step regardless of the results of Step 1.

    Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem. You must hold down the shift key twice: once when you turn on the computer, and again when you log in.

    Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.

    Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.

    The login screen appears even if you usually log in automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

    Test while in safe mode. Same problem?

    After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of Steps 1 and 2.

  • Sud30 Level 1 Level 1 (0 points)



    I will perform the above tests and post my results as soon as I am completed. Note that this may take some time, as the pop ups are completely random.

  • Sud30 Level 1 Level 1 (0 points)



    I have performed the above 2 steps. Both steps still had the pop up occur. Please assist further.

  • Linc Davis Level 10 Level 10 (153,390 points)

    Back up all data.

    Unlock the Network preference pane, if necessary, by clicking the lock icon in the lower left corner and entering your password. Cllck Advanced, open the DNS tab, and change the server addresses to the following:



    That's Google DNS. Click OK, then Apply.

    In Safari, select

              Safari ▹ Preferences... Privacy Remove All Website Data

    and confirm. If you’re using another browser, empty the cache. Test. Any difference?


    1. If you lose Internet access after making the above change to your network settings, delete the Google servers in theNetwork preference pane, then select the TCP/IP tab and click Renew DHCP Lease. That should restore the original DNS settings; otherwise restore them yourself. Remember that you must click Apply in order for any changes to take effect.

    2. I don't use Google DNS myself, though I have tested it, and I'm not recommending it or any other DNS provider; the server addresses are offered merely for testing purposes. There may be privacy and technical issues involved in using that service, which you should investigate personally before you decide whether to keep the settings. Other public DNS services exist.

  • Sud30 Level 1 Level 1 (0 points)

    I have performed the above changes. I used the Google DNS. However the redirects still take place and the popup occurs.

  • Linc Davis Level 10 Level 10 (153,390 points)

    1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

    Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.

    2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

    There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

    3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can read it yourself without disclosing the contents to me or anyone else.

    You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.

    In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.

    You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.

    Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.

    4. Here's a summary of what you need to do, if you choose to proceed:

    ☞ Copy a line of text in this window to the Clipboard.

    ☞ Paste into the window of another application.

    ☞ Wait for the test to run. It usually takes a few minutes.

    ☞ Paste the results, which will have been copied automatically, back into a reply on this page.

    The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.

    5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

    6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

    7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.

    Triple-click anywhere in the line of text below on this page to select it:

    PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */   /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;/(de|[nst]):/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p) if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n   "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n   [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n   ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(\ LoginHook '" /L*/P*/loginw*' '" L*/P*/*loginit*' 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Compon,Ex,Inter,iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023'\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    8. Launch the built-in Terminal application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

    Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press thereturn key.

    9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter

    exec bash

    and press return. Then paste the script again.

    10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press returnthree times at the password prompt. Again, the script will still run.

    If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

    11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line

    [Process completed]

    to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.

    12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

    At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.

    If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

    13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.

    14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.


    Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

  • Sud30 Level 1 Level 1 (0 points)

    Start time: 18:20:37 08/09/14



    Model Identifier: MacBookPro7,1

    System Version: Mac OS X 10.6.8 (10K549)

    Kernel Version: Darwin 10.8.0

    Boot Mode: Normal

    64-bit Kernel and Extensions: No

    Time since boot: 1 day3:18












       Tue Aug  5 20:38:49 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Wed Aug  6 08:45:57 TBIOBlockStorageDriver: super::probe failed

       Wed Aug  6 08:45:57 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Wed Aug  6 08:45:57 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Wed Aug  6 08:46:20 AppleBCM5701Ethernet:        0        0 setFixedSpeed - logic error, speed any?

       Wed Aug  6 12:13:18 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Wed Aug  6 12:13:18 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Wed Aug  6 17:38:13 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Wed Aug  6 17:38:13 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Thu Aug  7 09:16:13 TBIOBlockStorageDriver: super::probe failed

       Thu Aug  7 09:16:13 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Thu Aug  7 09:16:13 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Thu Aug  7 09:16:33 AppleBCM5701Ethernet:        0        0 setFixedSpeed - logic error, speed any?

       Thu Aug  7 19:37:57 TBIOBlockStorageDriver: super::probe failed

       Thu Aug  7 19:37:57 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Thu Aug  7 19:37:57 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Thu Aug  7 19:38:23 AppleBCM5701Ethernet:        0        0 setFixedSpeed - logic error, speed any?

       Thu Aug  7 21:58:55 TBIOBlockStorageDriver: super::probe failed

       Thu Aug  7 21:58:55 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Thu Aug  7 21:58:55 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Fri Aug  8 06:53:04 Safari[787] Unable to quarantine `~/Library/Caches/': 2 (error suppressed)

       Fri Aug  8 15:03:00 TBIOBlockStorageDriver: super::probe failed

       Fri Aug  8 15:03:00 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Fri Aug  8 15:03:00 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

       Fri Aug  8 15:03:21 AppleBCM5701Ethernet:        0        0 setFixedSpeed - logic error, speed any?






       e.iokit.IOACPIFamily (1.3.0)

       e.iokit.IOPCIFamily (2.6.5)

       e.driver.AppleACPIPlatform (1.3.6)

       e.driver.AppleIntelCPUPowerManagement (142.6.0)

       e.iokit.IOStorageFamily (1.6.3)

       e.driver.DiskImages (289.1)

       e.nke.applicationfirewall (2.1.14) (6)

       e.kext.AppleMatch (1.0.0d1) (0) (1)

       e.driver.AppleIntelCPUPowerManagementClient (142.6.0)

       e.driver.AppleAPIC (1.4)

       e.iokit.IOSMBusFamily (1.1)

       e.driver.AppleACPIEC (1.3.6)

       e.driver.AppleSMBIOS (1.7)

       e.iokit.IOHIDFamily (1.6.6)

       e.driver.AppleACPIButtons (1.3.6)

       e.iokit.IOAHCIFamily (2.0.6)

       e.driver.AppleAHCIPort (2.1.7)

       e.driver.AppleHPET (1.5)

       e.driver.AppleRTC (1.3.1)

       e.driver.AppleEFIRuntime (1.4.0)

       e.driver.AppleEFINVRAM (1.4.0)

       e.driver.NVSMU (2.2.7)

       e.iokit.IOUSBFamily (4.2.4)

       e.driver.AppleUSBOHCI (4.2.0)

       e.driver.AppleUSBEHCI (4.2.4)

       e.driver.AppleSmartBatteryManager (160.0.0)

       e.iokit.IOUSBUserClient (4.2.4)

       e.driver.AppleUSBHub (4.2.4)

       e.iokit.IONetworkingFamily (1.10)

       e.iokit.IO80211Family (320.1)

       e.driver.AirPortBrcm43224 (428.42.4)

       e.iokit.AppleBCM5701Ethernet (3.0.5b8)

       e.iokit.IOFireWireFamily (4.2.6)

       e.driver.AppleFWOHCI (4.7.3)

       e.iokit.IOAHCIBlockStorage (1.6.4)

       e.iokit.IOSCSIArchitectureModelFamily (2.6.8)

       e.iokit.IOAHCISerialATAPI (1.2.6)

       e.AppleFSCompression.AppleFSCompressionTypeZlib (1.0.0d1)

       e.BootCache (31.1)

       e.iokit.IOSCSIBlockCommandsDevice (2.6.8)

       e.driver.XsanFilter (402.1)

       e.driver.AppleUSBComposite (3.9.0)

       e.driver.AppleUSBMergeNub (4.2.4)

       e.iokit.IOCDStorageFamily (1.6.1)

       e.iokit.IODVDStorageFamily (1.6)

       e.iokit.IOBDStorageFamily (1.6)

       e.iokit.IOSCSIMultimediaCommandsDevice (2.6.8)

       e.iokit.SCSITaskUserClient (2.6.8)

       e.iokit.IOUSBMassStorageClass (2.6.7)

       e.driver.AppleUSBCardReader (2.6.1)

       e.iokit.IOUSBHIDDriver (4.2.0)

       e.driver.AppleIRController (303.8)

       e.driver.AppleUSBTCKeyboard (201.6)

       e.driver.AppleUSBMultitouch (207.7)

       e.iokit.IOBluetoothFamily (2.4.5f3)

       e.driver.AppleUSBBluetoothHCIController (2.4.5f3)

       e.driver.BroadcomUSBBluetoothHCIController (2.4.5f3)

       e.driver.AppleUSBTCButtons (201.6)

       e.iokit.IOGraphicsFamily (2.2.1)

       e.iokit.IONDRVSupport (2.2.1)

       e.NVDAResman (6.3.6)

       e.nvidia.nv50hal (6.3.6)

       e.driver.AppleBacklightExpert (1.0.1)

       e.driver.AppleBacklight (170.0.46)

       e.GeForce (6.3.6)

       e.driver.AppleLPC (1.5.1)

       e.driver.AppleSMC (3.1.0d5)

       e.kext.AppleSMCLMU (1.5.2d10)

       e.driver.AppleSMBusPCI (1.0.10d0)

       e.driver.IOPlatformPluginFamily (4.7.0a1)

       e.driver.ACPI_SMC_PlatformPlugin (4.7.0a1)

       e.iokit.AppleProfileFamily (41)

       e.driver.AppleIntelPenrynProfile (17)

       e.driver.AppleSMBusController (1.0.10d0)

       e.iokit.IOHDAFamily (2.0.5f14)

       e.driver.AppleHDAController (2.0.5f14)

       e.kext.OSvKernDSPLib (1.3)

       e.iokit.IOAudioFamily (1.8.3fc2)

       e.driver.AudioIPCDriver (1.1.6)

       stems.driver.CDSDAudioCaptureSupport (1.5)

       e.Dont_Steal_Mac_OS_X (7.0.0)

       e.iokit.IOSurface (74.2)

       e.iokit.IOFireWireIP (2.0.3)

       e.driver.SMCMotionSensor (3.0.1d2)

       e.driver.AppleMikeyDriver (2.0.5f14)

       e.driver.AppleProfileCallstackAction (20)

       e.driver.AppleProfileKEventAction (10)

       e.driver.AppleProfileRegisterStateAction (10)

       e.driver.AppleProfileThreadInfoAction (14)

       e.driver.AppleProfileTimestampAction (10)

       e.driver.AudioAUUC (1.57)

       e.driver.AppleMCCSControl (1.0.20)

       e.driver.AppleUpstreamUserClient (3.5.7)

       e.driver.AppleProfileReadCounterAction (17)

       e.driver.AppleMikeyHIDDriver (1.2.0)

       e.driver.DspFuncLib (2.0.5f14)

       e.driver.AppleHDA (2.0.5f14)

       e.iokit.IOSerialFamily (10.0.3)

       e.iokit.IOBluetoothSerialManager (2.4.5f3)

       e.filesystems.autofs (2.1.0)

       e.driver.AGPM (100.12.31)

       e.driver.AppleHWSensor (1.9.3d0)




























       - com.seagate.SeagateStorageGauge.plist


       - com.adobe.fpsaud



























































       - com.hzsystems.driver.CDSDAudioCaptureSupport






       - com.hp.print.hpio.Designjet.kext


       - com.hp.print.hpio.Deskjet.kext


       - com.hp.kext.hp-fax-io


       - com.hp.print.hpio.Inkjet1.kext


       - com.hp.print.hpio.Inkjet2.kext


       - com.hp.print.hpio.Inkjet3.kext


       - com.hp.print.hpio.Inkjet4.kext


       - com.hp.print.hpio.Inkjet5.kext


       - com.hp.print.hpio.inkjet7.kext


       - com.hp.print.hpio.inkjet8.kext


       - com.hp.print.hpio.Inkjet.kext


       - com.hp.hpio.hp_io_printerclassdriver_enabler


       - com.hp.print.hpio.Laserjet.kext


       - com.hp.print.hpio.Officejet.kext


       - com.hp.print.hpio.Photosmart.kext


       - com.hp.print.hpio.PhotosmartPro.kext


       - com.hp.hpio.hp_psa530_630_io_enabler




       - com.lexmark.print.usbmerge


       - com.promise.driver.stex

       /System/Library/Extensions/Seagate Storage Driver.kext

       - com.seagate.driver.PowSecDriverCore

       /Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin

       - info.emagic.driver.unitor





       /Library/Internet Plug-Ins/AdobePDFViewer.plugin

       - com.adobe.acrobat.pdfviewer

       /Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

       - com.adobe.acrobat.pdfviewerNPAPI

       /Library/Internet Plug-Ins/DivXBrowserPlugin.plugin

       - com.divx.DivXBrowserPlugin

       /Library/Internet Plug-Ins/Flash Player.plugin

       - N/A

       /Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin

       - net.telestream.wmv.plugin

       /Library/Internet Plug-Ins/iPhotoPhotocast.plugin


       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin


       /Library/Internet Plug-Ins/Quartz Composer.webplugin


       /Library/Internet Plug-Ins/QuickTime Plugin.plugin

       - N/A

       /Library/Internet Plug-Ins/Silverlight.plugin


       /Library/iTunes/iTunes Plug-ins/Quartz Composer Visualizer.bundle


       /Library/PreferencePanes/Apple Qmaster.prefPane



       - com.divx.divxprefs

       /Library/PreferencePanes/Flash Player.prefPane

       - com.adobe.flashplayerpreferences

       /Library/PreferencePanes/Flip4Mac WMV.prefPane

       - net.telestream.wmv.prefpane


       - com.paragon-software.filesystems.ntfs.prefpanel







       /Library/QuickTime/DivX Decoder.component

       - com.DivXInc.DivXDecoder

       /Library/QuickTime/DivX Decoder.component/Contents/Resources

       - com.DivXInc.DivXDecoder

       /Library/QuickTime/DivX Encoder.component

       - com.DivXInc.DivXCodec











       /Library/QuickTime/FCP Uncompressed 422.component

       - N/A

       /Library/QuickTime/Flip4Mac WMV Advanced.component

       - net.telestream.wmv.advanced

       /Library/QuickTime/Flip4Mac WMV Export.component

       - net.telestream.wmv.export

       /Library/QuickTime/Flip4Mac WMV Import.component

       - net.telestream.wmv.import













       /Library/Spotlight/Microsoft Office.mdimporter


       Library/Address Book Plug-Ins/SkypeABDialer.bundle


       Library/Address Book Plug-Ins/SkypeABSMS.bundle



       - com.shepmater.A52Codec


       - org.perian.PerianPane


       - com.cod3r.ac3movieimport


       - org.perian.Perian


       - com.roxio.ToastItService

       Library/Widgets/Currency Converter.wdgt

       - net.palple.widget.currencyconverter

























































    Contents of /System/Library/LaunchAgents/ (XML  document text)



       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">

       <plist version="1.0">
















        <string>/System/Library/CoreServices/AirPort Base Station Base Station Agent</string>








    Contents of /System/Library/LaunchAgents/com.paragon.NTFS.auth.plist (XML  document text)



       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">

       <plist version="1.0">






        <string>/Applications/Paragon NTFS for Mac OS X/</string>











    Contents of /System/Library/LaunchDaemons/ (XML  document text)



       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">

       <plist version="1.0">










        <string>/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Res ources/usbmuxd</string>















       ...and 12 more line(s)



    Contents of /System/Library/LaunchDaemons/ (XML  document text)



       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">

       <plist version="1.0">





















    Contents of /System/Library/LaunchDaemons/com.seagate.TBDecorator.plist (XML  document text)



       <?xml version="1.0" encoding="UTF-8"?>

       <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "">




          Created by John Brisbin on 3/10/10.

          Copyright 2010 Seagate Technologies LLC.. All rights reserved.


       <plist version="1.0">










        <string>/Library/Application Support/Seagate/TBLoopDriveParams</string>






    Font issues: 34



    Bad plists

















    Firewall: On



    User login items






       Android File Transfer Agent






       Currency Converter



    Restricted files: 411



    Elapsed time (s): 133

  • Linc Davis Level 10 Level 10 (153,390 points)

    You don't have any recognizable malware or other configuration changes that would explain the problem. I have to wonder about the consistency of all the facts stated in this thread. If possible, connect to a different network, such as a public hotspot or the hotspot created by a mobile phone, and test.

Previous 1 2 Next