Hello everyone .. I would like to ask if the adwaremedic program is the safest way to remove adware from the mac. Lately I m having some pop up advertisements from a specific site called mac keeper. I have no idea how this ad came up since I am not downloading torrents nor visiting any suspicious site .
So is this the only way to permanently remove the adware? Is it safe , since this is a third party program? Thanks in advance everyone
so here is the result, any help interpreting it pease? Thanks in advance
Start time: 23:43:13 01/29/17
Model Identifier: MacBookAir7,2
System Version: macOS 10.12.2 (16C67)
Kernel Version: Darwin 16.3.0
System Integrity Protection: Enabled
Time since boot: 10 days 12:51
System load
combined level = Bad
- battery level = Bad
Diagnostic reports
2017-01-04 Installer crash
2017-01-05 Installer crash x2
2017-01-09 Installer crash
2017-01-09 WindowServer crash
2017-01-10 com.apple.WebKit.WebContent crash
2017-01-10 com.apple.appkit.xpc.openAndSavePanelService crash
2017-01-11 GRIBview crash
2017-01-11 Installer crash
2017-01-11 com.apple.WebKit.WebContent crash
2017-01-12 Installer crash
2017-01-12 ReportCrash crash x2
2017-01-12 mtmd crash x3
2017-01-13 Installer crash x2
2017-01-19 Installer crash
2017-01-20 Installer crash
2017-01-21 Installer crash
2017-01-24 Installer crash
2017-01-25 GRIBview crash
2017-01-26 Installer crash
2017-01-28 Installer crash
Log
Jan 22 11:56:24 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 22 14:35:01 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 22 14:35:02 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 22 14:35:02 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 22 21:03:37 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 23 15:38:43 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 25 16:55:40 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 27 14:30:08 com.adobe.fpsaud: Service exited with abnormal code: 210
Jan 27 20:06:18 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 28 19:32:49 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 28 19:33:46 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 28 19:42:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 28 19:42:09 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jan 28 20:03:30 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 29 16:14:32 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 29 16:31:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 29 22:35:50 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Swap (MiB): 34326
Daemons
org.postfix.master
com.microsoft.office.licensing.helper
com.adobe.fpsaud
Agents
com.pcv.hlpramcn
com.bittorrent.uTorrent
com.macalive.status.user.update
com.adwarecleaner.hlprawc
com.apple.iBooks.CacheDelete
com.apple.AirPortBaseStationAgent
com.spigot.ApplicationManager
Bundles
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library/Address Book Plug-Ins/SkypeABCaller.bundle
- com.skype.SkypeABCaller
Library/Address Book Plug-Ins/SkypeABChatter.bundle
- com.skype.SkypeABChatter
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.SkypeABDialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.SkypeABSMS
Library/Keyboard/de-dynamic.lm
- com.apple.LanguageModeling.de
Library/Keyboard/en-dynamic.lm
- com.apple.LanguageModeling.en
Library/Keyboard/es-dynamic.lm
- com.apple.LanguageModeling.es
Library/Keyboard/fr-dynamic.lm
- com.apple.LanguageModeling.fr
Library/Keyboard/it-dynamic.lm
- com.apple.LanguageModeling.it
Library/Keyboard/pt-dynamic.lm
- com.apple.LanguageModeling.pt
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /etc/hosts (checksum 3164423663)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_aks (checksum 841932527)
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_ctk (checksum 2418984201)
auth required pam_smartcard.so use_first_pass pkinit
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_la (checksum 2713564393)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_aks (checksum 3209544573)
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_ctk (checksum 367670211)
auth required pam_smartcard.so use_first_pass
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_la (checksum 589164084)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Dropbox
- /Applications/Dropbox.app
Advanced Mac Cleaner
- missing value
Mac Adware Cleaner
- /Users/USER/.Trash/Mac Adware Cleaner.app
Restricted files: 1652
Lockfiles: 2
High file counts
Desktop: 73
Elapsed time (s): 300
Start time: 22:03:27 02/21/17
Model Identifier: iMac14,2
System Version: OS X 10.11.6 (15G1217)
Kernel Version: Darwin 15.6.0
System Integrity Protection: Enabled
Time since boot: 9 days 4:37
Memory
BANK 0/DIMM0:
Size: 4 GB
Speed: 1600 MHz
Status: OK
Manufacturer: 0x859B
BANK 1/DIMM0:
Size: 4 GB
Speed: 1600 MHz
Status: OK
Manufacturer: 0x02FE
BANK 0/DIMM1:
Size: 4 GB
Speed: 1600 MHz
Status: OK
Manufacturer: 0x859B
BANK 1/DIMM1:
Size: 4 GB
Speed: 1600 MHz
Status: OK
Manufacturer: 0x02FE
USB
My Passport 0829 (Western Digital Technologies, Inc.)
SanDisk Ultra (SanDisk Corporation)
USB Receiver (Logitech Inc.)
CodeMeter-Stick (WIBU-Systems AG)
Log
Feb 21 15:28:03 PM notification timeout (pid 24059, Spotify)
Feb 21 15:28:33 PM notification timeout (pid 24059, Spotify)
Feb 21 15:39:31 process ArchiCAD[13693] thread 7034599 caught burning CPU! It used more than 50% CPU (Actual recent usage: 58%) over 180 seconds. thread lifetime cpu usage 2001.959635 seconds, (1688.008930 user, 313.950705 system) ledger info: balance: 90003924250 credit: 1995940345803 debit: 1905936421553 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 153606825217
Feb 21 15:59:08 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Feb 21 16:03:23 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Feb 21 17:28:17 PM notification timeout (pid 24059, Spotify)
Feb 21 17:28:47 PM notification timeout (pid 24059, Spotify)
Feb 21 18:31:06 PM notification timeout (pid 24059, Spotify)
Feb 21 18:31:36 PM notification timeout (pid 24059, Spotify)
Feb 21 18:43:06 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Feb 21 19:22:38 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Feb 21 19:22:38 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Feb 21 21:43:11 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Feb 21 21:43:11 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Feb 21 21:43:53 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Swap (MiB): 7418
Memory: kernel_task (UID 0) is using 2053 MB
kexts
com.avast.PacketForwarder (2.1) UUID
com.avast.FileShield (3.0.0) UUID
Daemons
com.avast.uninstall
com.avast.daemon
com.adobe.ARMDC.Communicator
com.adobe.adobeupdatedaemon
com.avast.update
com.avast.proxy
com.microsoft.office.licensing.helper
com.google.keystone.daemon
Adobe_Genuine_Software_Integrity_Service
com.oracle.java.Helper-Tool
com.avast.service
com.avast.fileshield
com.avast.account
com.wibu.CodeMeter.Server
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
org.macosforge.xquartz.privileged_startx
com.teamviewer.Helper
com.avast.init
Agents
com.hp.StatusMonitor
com.brother.LOGINserver
com.avast.userinit
com.avast.helper
com.mackeeper.MacKeeper.service.clean
com.adobe.AdobeCreativeCloud
com.google.keystone.system.agent
com.apple.photostream-agent
org.macosforge.xquartz.startx
com.adobe.ARMDCHelper.UUID
com.oracle.java.Java-Updater
com.avast.update-agent
com.citrixonline.GoToMeeting.G2MUpdate
com.spotify.webhelper
com.adobe.acc.AdobeDesktopService.164512.UUID
com.adobe.ARM.UUID
com.apple.AirPortBaseStationAgent
Startup items
/Library/StartupItems/WkSvMacX/StartupParameters.plist
/Library/StartupItems/WkSvMacX/WkSvMacX
Bundles
/System/Library/Extensions/CmUSBMassStorage.kext
- com.wibu.codemeter.CmUSBMassStorage
/System/Library/Extensions/GAROFWPrintClassDriver.kext
- jp.co.canon.GARO.iokit.FWPrintClassDriver
/System/Library/Extensions/GAROFWPrintClassDriver.plugin
- jp.co.canon.GARO.fwPrintClassDriver
/System/Library/Extensions/UsbEthernetGadget.kext
- com.tomtom.driver.UsbEthernetGadget
/Library/Extensions/hp_designjet_series.kext
- com.hp.print.hpio.Designjet.kext
/Library/Internet Plug-Ins/AdobeAAMDetect.plugin
- com.AdobeAAMDetectLib.AdobeAAMDetect
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/PepperFlashPlayer/PepperFlashPlayer.plugin
- com.macromedia.PepperFlashPlayer.pepper
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/CodeMeter.prefPane
- com.wibu.codemeter.kea.cm_pref
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
/Library/Security/SecurityAgentPlugins/TeamViewerAuthPlugin.bundle
- com.teamviewer.AuthorizationPlugin
/Library/Spotlight/GSMDimporter.mdimporter
- com.graphisoft.GSMDimporter
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GDL.framew ork/Resources
- com.graphisoft.GDL
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GDL.framew ork/Versions/A/Resources
- com.graphisoft.GDL
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GDL.framew ork/Versions/Current/Resources
- com.graphisoft.GDL
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Geometry.f ramework/Resources
- com.graphisoft.Geometry
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Geometry.f ramework/Versions/A/Resources
- com.graphisoft.Geometry
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Geometry.f ramework/Versions/Current/Resources
- com.graphisoft.Geometry
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Graphix.fr amework/Resources
- com.graphisoft.Graphix
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Graphix.fr amework/Versions/A/Resources
- com.graphisoft.Graphix
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Graphix.fr amework/Versions/Current/Resources
- com.graphisoft.Graphix
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSProfiler .framework/Resources
- com.graphisoft.GSProfiler
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSProfiler .framework/Versions/A/Resources
- com.graphisoft.GSProfiler
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSProfiler .framework/Versions/Current/Resources
- com.graphisoft.GSProfiler
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSQuickTim e.framework/Resources
- com.graphisoft.GSQuickTime
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSQuickTim e.framework/Versions/A/Resources
- com.graphisoft.GSQuickTime
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSQuickTim e.framework/Versions/Current/Resources
- com.graphisoft.GSQuickTime
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSRoot.fra mework/Resources
- com.graphisoft.GSRoot
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSRoot.fra mework/Versions/A/Resources
- com.graphisoft.GSRoot
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSRoot.fra mework/Versions/Current/Resources
- com.graphisoft.GSRoot
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSUtils.fr amework/Resources
- com.graphisoft.GSUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSUtils.fr amework/Versions/A/Resources
- com.graphisoft.GSUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSUtils.fr amework/Versions/Current/Resources
- com.graphisoft.GSUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSXML.fram ework/Resources
- com.graphisoft.GSXML
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSXML.fram ework/Versions/A/Resources
- com.graphisoft.GSXML
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSXML.fram ework/Versions/Current/Resources
- com.graphisoft.GSXML
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSXMLUtils .framework/Resources
- com.graphisoft.GSXMLUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSXMLUtils .framework/Versions/A/Resources
- com.graphisoft.GSXMLUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSXMLUtils .framework/Versions/Current/Resources
- com.graphisoft.GSXMLUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSZLib.fra mework/Resources
- com.graphisoft.GSZLib
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSZLib.fra mework/Versions/A/Resources
- com.graphisoft.GSZLib
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GSZLib.fra mework/Versions/Current/Resources
- com.graphisoft.GSZLib
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GX.framewo rk/Resources
- com.graphisoft.GX
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GX.framewo rk/Versions/A/Resources
- com.graphisoft.GX
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GX.framewo rk/Versions/Current/Resources
- com.graphisoft.GX
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GXImageBas e.framework/Resources
- com.graphisoft.GXImageBase
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GXImageBas e.framework/Versions/A/Resources
- com.graphisoft.GXImageBase
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/GXImageBas e.framework/Versions/Current/Resources
- com.graphisoft.GXImageBase
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/InputOutpu t.framework/Resources
- com.graphisoft.InputOutput
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/InputOutpu t.framework/Versions/A/Resources
- com.graphisoft.InputOutput
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/InputOutpu t.framework/Versions/Current/Resources
- com.graphisoft.InputOutput
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/JACK.frame work/Resources
- com.graphisoft.JACK
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/JACK.frame work/Versions/A/Resources
- com.graphisoft.JACK
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/JACK.frame work/Versions/Current/Resources
- com.graphisoft.JACK
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Network.fr amework/Resources
- com.graphisoft.Network
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Network.fr amework/Versions/A/Resources
- com.graphisoft.Network
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/Network.fr amework/Versions/Current/Resources
- com.graphisoft.Network
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ObjectData base.framework/Resources
- com.graphisoft.ObjectDatabase
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ObjectData base.framework/Versions/A/Resources
- com.graphisoft.ObjectDatabase
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ObjectData base.framework/Versions/Current/Resources
- com.graphisoft.ObjectDatabase
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectFil e.framework/Resources
- com.graphisoft.ProjectFile
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectFil e.framework/Versions/A/Resources
- com.graphisoft.ProjectFile
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectFil e.framework/Versions/Current/Resources
- com.graphisoft.ProjectFile
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectInf o.framework/Resources
- com.graphisoft.ProjectInfo
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectInf o.framework/Versions/A/Resources
- com.graphisoft.ProjectInfo
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectInf o.framework/Versions/Current/Resources
- com.graphisoft.ProjectInfo
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectIO. framework/Resources
- com.graphisoft.ProjectIO
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectIO. framework/Versions/A/Resources
- com.graphisoft.ProjectIO
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/ProjectIO. framework/Versions/Current/Resources
- com.graphisoft.ProjectIO
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/TextEngine .framework/Resources
- com.graphisoft.TextEngine
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/TextEngine .framework/Versions/A/Resources
- com.graphisoft.TextEngine
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/TextEngine .framework/Versions/Current/Resources
- com.graphisoft.TextEngine
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/TWRoot.fra mework/Resources
- com.graphisoft.TWRoot
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/TWRoot.fra mework/Versions/A/Resources
- com.graphisoft.TWRoot
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/TWRoot.fra mework/Versions/Current/Resources
- com.graphisoft.TWRoot
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/VBUtils.fr amework/Resources
- com.graphisoft.VBUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/VBUtils.fr amework/Versions/A/Resources
- com.graphisoft.VBUtils
/Library/Spotlight/GSMDimporter.mdimporter/Contents/MacOS/_GSSupport/VBUtils.fr amework/Versions/Current/Resources
- com.graphisoft.VBUtils
Library/Address Book Plug-Ins/SkypeABCaller.bundle
- com.skype.SkypeABCaller
Library/Address Book Plug-Ins/SkypeABChatter.bundle
- com.skype.SkypeABChatter
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.SkypeABDialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.SkypeABSMS
Library/Caches/com.apple.Safari/Extensions/Pin It Button.safariextension
- com.pinterest.extension
Library/Caches/com.apple.Safari/Extensions/wrc.safariextension
- com.avast.wrc
Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin
- com.citrixonline.mac.WebDeploymentPlugin
Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
Library/Widgets/WkView.wdgt
- com.wibu.codemeter.widget.wkview
App extensions
com.adobe.accmac.ACCFinderSync
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /etc/hosts (checksum 85078130)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/rshd (checksum 1553764881)
auth required pam_permit.so
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
Global login items
/Library/Printers/hp/Utilities/HP Printer Monitor.app/Contents/Resources/hpStatusAlert.app
Firewall: On
User login items
TomTomMyDriveConnectHelper
- /Applications/TomTom MyDrive Connect.app/Contents/MacOS/TomTomMyDriveConnectHelper.app
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
MyDriveConnect
- missing value
Dropbox
- /Applications/Dropbox.app
AdobeResourceSynchronizer
- missing value
Spotify
- /Applications/Spotify.app
TomTomHOMERunner
- /Users/USER/Library/Application Support/TomTom HOME/TomTomHOMERunner.app
Microsoft Outlook
- /Applications/Microsoft Office 2011/Microsoft Outlook.app
hpStatusAlert
- /Library/Printers/hp/Utilities/HP Printer Monitor.app/Contents/Resources/hpStatusAlert.app
Safari extensions
Avast Online Security
Pin It Button
Restricted files: 1086
Lockfiles: 10
High file counts
Desktop: 53
Elapsed time (s): 397
Start time: 16:03:33 03/25/17
Model Identifier: MacBookAir6,2
System Version: macOS 10.12.3 (16D32)
Kernel Version: Darwin 16.4.0
System Integrity Protection: Enabled
Time since boot: 18 minutes
FileVault: On
Diagnostic reports
2017-03-22 iTunesHelper crash
2017-03-24 iTunesHelper crash
2017-03-25 Google Chrome hang x2
2017-03-25 Safari hang x2
Log
Mar 25 15:32:18 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Mar 25 15:32:18 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Mar 25 15:32:18 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Mar 25 15:33:44 com.apple.iTunesHelper.6236: Service exited with abnormal code: 1
Mar 25 15:33:44 com.apple.Siri.agent: Service exited with abnormal code: 1
Mar 25 15:34:36 com.f-secure.fsmac.fsupdated_guts2: Service exited with abnormal code: 11
Mar 25 15:34:43 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Mar 25 15:35:02 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Mar 25 15:35:04 com.f-secure.fsmac.fsupdated_guts2: Service exited with abnormal code: 11
Mar 25 15:35:10 com.f-secure.fsmac.fsupdated_guts2: Service exited with abnormal code: 11
Mar 25 15:35:17 com.f-secure.fsmac.fsupdated_guts2: Service exited with abnormal code: 11
Mar 25 15:45:12 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Mar 25 15:45:13 com.apple.iTunesHelper.6236: Service exited with abnormal code: 1
Mar 25 15:45:13 com.apple.Siri.agent: Service exited with abnormal code: 1
Mar 25 15:46:07 com.apple.ionodecache: Service exited with abnormal code: 1
Mar 25 15:46:14 com.f-secure.fsmac.guts2downloader: Service exited with abnormal code: 11
Mar 25 15:46:22 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Mar 25 15:46:41 com.f-secure.fsmac.guts2downloader: Service exited with abnormal code: 11
Mar 25 15:46:42 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Mar 25 15:46:46 com.f-secure.fsmac.guts2downloader: Service exited with abnormal code: 11
Mar 25 15:46:52 com.f-secure.fsmac.guts2downloader: Service exited with abnormal code: 11
Mar 25 15:50:28 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Mar 25 15:51:24 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Mar 25 15:51:44 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Mar 25 15:52:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
CPU per process: fsavd (UID 501) is using 81.6 %
kexts
com.f-secure.kext.fsauth (1.0.0d1) UUID
Daemons
com.f-secure.fsavd-suppressor
com.f-secure.orspclient
org.postfix.master
com.adobe.ARMDC.Communicator
com.f-secure.fsmac.fsupdated_guts2
com.f-secure.fscsafeadmind
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.f-secure.urlexceptiond
com.f-secure.fsmac.licensetool
com.f-secure.fsavd.dbhelper
com.f-secure.fsmac.firewall
com.f-secure.fsavd
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
com.f-secure.fsmac.guts2downloader
Agents
P72E3GC48.com.dashlane.DashlaneAgent
com.adobe.ARM.UUID
com.google.keystone.system.agent
com.epson.Epson_Low_Ink_Reminder.launcher
com.f-secure.fsmac.relauncher
com.adobe.ARMDCHelper.UUID
com.f-secure.fsmac.trasher
com.apple.iBooks.CacheDelete
com.apple.AirPortBaseStationAgent
com.epson.eventmanager.agent
com.dropbox.DropboxMacUpdate.agent
Bundles
/System/Library/Extensions/EPSONUSBPrintClass.kext
- com.epson.print.kext.USBPrintClass
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
- com.hp.print.hpio.Inkjet1.kext
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Extensions/fsauth.kext
- com.f-secure.kext.fsauth
/Library/Extensions/hp_fax_io.kext
- com.hp.kext.hp-fax-io
/Library/Extensions/hp_Inkjet1_io_enabler.kext
- com.hp.print.hpio.Inkjet1.kext
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Safe Anywhere Mac Settings.prefPane
- com.f-secure.Safe-Anywhere-Mac-Settings
Library/Caches/com.apple.Safari/Extensions/Browsing protection.safariextension
- com.f-secure.browsing-protection
Library/Caches/com.apple.Safari/Extensions/Dashlane.safariextension
- com.dashlane.dashlanesafari
Library/Caches/com.apple.Safari/Extensions/Pin It Button.safariextension
- com.pinterest.extension
Library/Keyboard/en-dynamic.lm
- com.apple.LanguageModeling.en
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /etc/hosts (checksum 3164423663)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_aks (checksum 841932527)
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_ctk (checksum 2418984201)
auth required pam_smartcard.so use_first_pass pkinit
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_la (checksum 2713564393)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_aks (checksum 3209544573)
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_ctk (checksum 367670211)
auth required pam_smartcard.so use_first_pass
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_la (checksum 589164084)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
Global login items
/Applications/F-Secure/F-Secure Mac Protection.app
Bad plists
/Library/Preferences/com.epson.Epson Event Manager.UnInstallList.plist
/Library/Preferences/com.epson.Epson Scanner ICA Driver.UnInstallList.plist
/Library/Preferences/com.epson.Inkjet Printer Driver.UnInstallList.plist
/Library/Preferences/com.epson.PC-FAX Driver.UnInstallList.plist
Firewall: On
DNS: 2602 304
Listeners
kdc: kerberos
launchd: afpovertcp
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Dropbox
- /Applications/Dropbox.app
AdobeResourceSynchronizer
- missing value
F-Secure SAFE
- /Applications/F-Secure/F-Secure Mac Protection.app
Safari extensions
Browsing protection
Dashlane
Pin It Button
Restricted files: 73
Elapsed time (s): 330
Start time: 13:39:37 05/22/17
Model Identifier: MacBookPro6,2
System Version: macOS 10.12.4 (16E195)
Kernel Version: Darwin 16.5.0
System Integrity Protection: Enabled
Time since boot: 53 minutes
Battery
Condition: Service Battery
SATA
Samsung SSD 850 PRO 1TB
HGST HTS721010A9E630
FileVault: On
Diagnostic reports
2017-04-22 Mail crash
2017-04-28 Kodi hang
2017-05-03 iTunes hang
2017-05-04 Kernel panic
2017-05-11 Mail hang
2017-05-14 com.apple.WebKit.Plugin.32 crash
2017-05-15 softwareupdate_download_service crash
2017-05-16 com.apple.WebKit.WebContent crash
2017-05-22 com.apple.WebKit.Plugin.32 crash
Log
May 19 18:05:23 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 105
May 19 21:35:39 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
May 20 01:06:55 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 105
May 20 08:40:20 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 20 10:26:49 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 21 18:54:50 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 105
May 21 22:25:07 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
May 22 11:25:57 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 11:37:00 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 105
May 22 12:06:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:07:13 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:07:13 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 22 12:36:18 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:36:27 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:44:35 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:45:02 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:45:03 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
May 22 12:45:03 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:45:04 com.apple.xpc.launchd.oneshot.0x10000001.iTunesHelper: Service exited with abnormal code: 1
May 22 12:47:02 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:47:04 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 12:47:29 com.apple.iTunesHelper.19856: Service exited with abnormal code: 1
May 22 12:48:31 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 105
May 22 12:51:34 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 22 13:20:04 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
kexts
com.plantronics.driver.PlantronicsDriverShield (4.3) UUID
at.obdev.nke.LittleSnitch (4728) UUID
Daemons
com.rim.BBDaemon
org.postfix.master
com.adobe.ARMDC.Communicator
at.obdev.littlesnitchd
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
Adobe_Genuine_Software_Integrity_Service
com.oracle.java.Helper-Tool
com.microsoft.office.licensingV2.helper
com.adobe.SwitchBoard
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
com.microsoft.autoupdate.helper
com.anchorfree.ajaxserver
Agents
com.samsung.AWPAgent
com.rim.BBLaunchAgent
com.codecm.uploader
at.obdev.LittleSnitchUIAgent
com.fiplab.MemoryCleanHelper
com.bittorrent.BitTorrent
com.adobe.CS5ServiceManager
com.adobe.ARMDCHelper.UUID
com.oracle.java.Java-Updater
com.citrixonline.GoToMeeting.G2MUpdate
com.spotify.webhelper
com.apple.Safari
com.apple.iBooksX.CacheDelete
com.adobe.ARM.UUID
com.google.keystone.user.agent
com.divx.update.agent
com.apple.AirPortBaseStationAgent
com.spigot.ApplicationManager
com.dropbox.DropboxMacUpdate.agent
com.divx.dms.agent
Startup items
/System/Library/StartupItems/vpnagentd/StartupParameters.plist
/System/Library/StartupItems/vpnagentd/vpnagentd
/Library/StartupItems/EyeConnect/EyeConnect
/Library/StartupItems/EyeConnect/StartupParameters.plist
/Library/StartupItems/HWNetMgr/HWNetCfg: [ppc: Mach-O executable ppc] [i386: Mach-O executable i386]
/Library/StartupItems/HWNetMgr/HWNetMgr
/Library/StartupItems/HWNetMgr/StartupParameters.plist
/Library/StartupItems/HWPortDetect/HWPortCfg: [ppc: Mach-O executable ppc] [i386: Mach-O executable i386]
/Library/StartupItems/HWPortDetect/HWPortDetect
/Library/StartupItems/HWPortDetect/StartupParameters.plist
/Library/StartupItems/StartOuc/libQtCore.4.6.2.dylib: [i386: Mach-O dynamically linked shared library i386] [ppc]
/Library/StartupItems/StartOuc/libQtCore.4.6.dylib: [i386: Mach-O dynamically linked shared library i386] [ppc]
/Library/StartupItems/StartOuc/libQtCore.4.dylib: [i386: Mach-O dynamically linked shared library i386] [ppc]
/Library/StartupItems/StartOuc/libQtCore.dylib: [i386: Mach-O dynamically linked shared library i386] [ppc]
/Library/StartupItems/StartOuc/RunOuc: [i386: Mach-O executable i386] [ppc: Mach-O executable ppc]
/Library/StartupItems/StartOuc/StartOuc
/Library/StartupItems/StartOuc/StartupParameters.plist
Bundles
/System/Library/Extensions/fuse4x.kext
- org.fuse4x.kext.fuse4x
/System/Library/Extensions/hp_fax_io.kext
- com.hp.kext.hp-fax-io
/System/Library/Extensions/hp_Officejet_io_enabler.kext
- com.hp.print.hpio.Officejet.kext
/System/Library/Extensions/HuaweiDataCardDriver.kext
- com.huawei.driver.HuaweiDataCardDriver
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/RIMBBUSB.kext
- com.rim.driver.BlackBerryUSBDriverInt
/System/Library/Extensions/Soundflower.kext
- com.Cycling74.driver.Soundflower
/System/Library/Extensions/tun.kext
- com.cisco.cscotun
/System/Library/Extensions/USBExpressCardCantWake_Huawei.kext
- com.apple.dts.driver.USBExpressCardCantWake
/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin
- info.emagic.driver.unitor
/Library/Audio/Plug-Ins/Components/Flip4Mac WMA Import.component
- net.telestream.wmv.import
/Library/Extensions/hp_io_enabler_compound.kext
- com.hp.kext.io.enabler.compound
/Library/Extensions/LittleSnitch.kext
- at.obdev.nke.LittleSnitch
/Library/Extensions/PlantronicsDriverShield.kext
- com.plantronics.driver.PlantronicsDriverShield
/Library/Internet Plug-Ins/AdobeAAMDetect.plugin
- com.AdobeAAMDetectLib.AdobeAAMDetect
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/AWP Plug-in.webplugin
- com.samsung.AWP_Plug_in
/Library/Internet Plug-Ins/DivX Web Player.plugin
- com.divx.DivXWebPlayer
/Library/Internet Plug-Ins/FirefoxAPI.bundle
- com.researchinmotion.npappworld
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
- net.telestream.wmv.plugin
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
- com.apple.plugin.iPhotoPhotocast
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/npContributeMac.bundle
- com.adobe.npContributeMacBundle
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/OVSHelper.plugin
- com.divx.OVSHelper
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/EyeConnect.prefPane
- EyeConnect
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Flip4Mac WMV.prefPane
- net.telestream.wmv.prefpane
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/QuickTime/SoundboothScoreCodec.component
- com.adobe.SoundboothScoreAudioCodec
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
Library/Address Book Plug-Ins/SkypeABCaller.bundle
- com.skype.SkypeABCaller
Library/Address Book Plug-Ins/SkypeABChatter.bundle
- com.skype.SkypeABChatter
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.SkypeABDialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.SkypeABSMS
Library/Caches/com.apple.Safari/Extensions/AdBlock.safariextension
- com.betafish.adblockforsafari
Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin
- com.citrixonline.mac.WebDeploymentPlugin
Library/Internet Plug-Ins/CVPlugin.plugin
- com.CVPluginLib.CloudVideoPlugin_x86_64
Library/Internet Plug-Ins/WebEx64.plugin
- com.cisco_webex.plugin.gpc64
Library/Keyboard/en-dynamic.lm
- com.apple.LanguageModeling.en
Library/Keyboard/es-dynamic.lm
- com.apple.LanguageModeling.es
Library/Keyboard/it-dynamic.lm
- com.apple.LanguageModeling.it
App extensions
com.google.GoogleDrive.FinderSyncAPIExtension
com.apple.InternalFiltersXPC
com.microsoft.onenote.mac.shareextension
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /etc/hosts (checksum 1038597208)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 na1r.services.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_aks (checksum 841932527)
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_ctk (checksum 2418984201)
auth required pam_smartcard.so use_first_pass pkinit
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_la (checksum 2713564393)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_aks (checksum 3209544573)
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_ctk (checksum 367670211)
auth required pam_smartcard.so use_first_pass
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_la (checksum 589164084)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
Font issues: 4
Bad plists
Library/Preferences/com.agiedplc.bioextra.plist
Library/Preferences/com.voippnea.dolman.plist
DNS: fe80
TCP/IP
Subnet mask: 255.255.255.240
Listeners
cupsd: ipp
kdc: kerberos
launchd: 895
launchd: afpovertcp
launchd: microsoft-ds
User login items
gfxCardStatus
- missing value
Plantronics Hub
- /Applications/Plantronics Hub.app
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
SpokesLoginItem
- missing value
iTunesHelper
- missing value
Microsoft Database Daemon
- /Applications/Microsoft Office 2011/Office/Microsoft Database Daemon.app
Dropbox
- /Applications/Dropbox.app
Box Sync
- /Applications/Box Sync.app
Google Drive
- /Applications/Google Drive.app
Spotify
- /Applications/Spotify.app
DaemonManager
- /Library/Printers/Samsung/Daemon/DaemonManager/DaemonManager.app
SPanel
- missing value
Hidden apps
.Fuze_Meeting/FUZE Meeting.app
Safari extensions
AdBlock
Restricted files: 10273
Lockfiles: 180
Elapsed time (s): 257
Start time: 09:46:32 05/27/17
Model Identifier: MacBookAir7,2
System Version: OS X 10.11.6 (15G1421)
Kernel Version: Darwin 15.6.0
System Integrity Protection: Enabled
Time since boot: 1 day 1:31
Diagnostic reports
2017-04-30 Spotlight crash
2017-05-01 EvernoteHelper crash
2017-05-10 coreaudiod crash
2017-05-11 Spotify hang
2017-05-16 Spotify hang
2017-05-16 coreaudiod crash
2017-05-23 FinderSyncAPIExtension crash
Log
May 24 18:48:09 PM notification timeout (pid 613, Spotify)
May 24 21:20:21 PM notification timeout (pid 613, Spotify)
May 25 07:19:42 PM notification timeout (pid 613, Spotify)
May 25 10:41:53 PM notification timeout (pid 613, Spotify)
May 25 11:15:20 PM notification timeout (pid 613, Spotify)
May 25 11:27:39 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 25 11:39:11 PM notification timeout (pid 20787, Spotify)
May 25 11:42:22 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 25 11:47:51 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 25 12:29:34 PM notification timeout (pid 20787, Spotify)
May 25 16:45:19 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 25 16:47:21 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 08:15:16 [IGPU] Scheduler Throttle Cap = 100ms.
May 26 08:18:05 process WindowServer[166] caught causing excessive wakeups. Observed wakeups rate (per sec): 267; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45204
May 26 09:12:52 AppleHSSPIHIDDriver::InterruptHandlerEntry Transfer number error. Expected: 90 Received: 91AppleCamIn::power_off_hardware
May 26 09:42:57 PM notification timeout (pid 583, Slack)
May 26 11:10:09 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 11:49:39 PM notification timeout (pid 583, Slack)
May 26 12:50:50 Sound Assert: IOAudioEngine::startClient timed out waiting
May 26 13:36:57 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 14:06:03 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 14:32:25 PM notification timeout (pid 583, Slack)
May 26 14:32:25 PM notification timeout (pid 31566, Spotify)
May 26 15:20:30 PM notification timeout (pid 31566, Spotify)
May 27 09:37:21 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Activity
CPU: user 18%, system 12%
CPU per process: Google Chrome (UID 501) is using 31 %
Memory: kernel_task (UID 0) is using 1115 MB
Daemons
/Library/moxvUNMp/moxvUNMp.app/Contents/MacOS/moxvUNMp
/Library/Ectocarpus/Ectocarpus
com.apple.nomaro
/Library/jcqlndcyqefc/jcqlndcyqefc
com.apple.NetBootClientHelper
/var/root/Library/Benacus/Benacus
com.teamviewer.service
com.apple.crybur
/Library/jqjlldaqufgv/jqjlldaqufgv
org.macosforge.xquartz.privileged_startx
com.teamviewer.Helper
Agents
com.skype.skype.shareagent
2BUA8C4S2C.com.agilebits.onepassword4-helper
org.macosforge.xquartz.startx
com.teamviewer.desktop
com.spotify.webhelper
/Library/shikimic-seller/uSvEMszd/HjaAdhAI/BKCwONdI/plandok-arranger
com.google.keystone.user.agent
com.teamviewer.teamviewer
com.apple.AirPortBaseStationAgent
com.dropbox.DropboxMacUpdate.agent
Bundles
/Library/Security/SecurityAgentPlugins/TeamViewerAuthPlugin.bundle
- com.teamviewer.AuthorizationPlugin
Library/Address Book Plug-Ins/SkypeABCaller.bundle
- com.skype.SkypeABCaller
Library/Address Book Plug-Ins/SkypeABChatter.bundle
- com.skype.SkypeABChatter
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.SkypeABDialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.SkypeABSMS
Library/Internet Plug-Ins/ZoomUsPlugIn.plugin
- us.zoom.plugin
App extensions
com.getdropbox.dropbox.garcon
com.google.GoogleDrive.FinderSyncAPIExtension
com.skype.skype.ShareExtension
com.agilebits.onepassword4.safariextensioncompanion
net.pornel.ImageOptimizeExtension
com.evernote.Evernote.SharingExtension
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /etc/hosts (checksum 3164423663)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/rshd (checksum 1553764881)
auth required pam_permit.so
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
DNS: 202.58.203.204 (static)
Wi-Fi
link auth: wpa-psk
User login items
Alfred 3
- /Applications/Alfred 3.app
Dropbox
- /Applications/Dropbox.app
Google Drive
- /Applications/Google Drive.app
Restricted files: 624
Lockfiles: 6
Elapsed time (s): 272
Start time: 09:46:32 05/27/17
Model Identifier: MacBookAir7,2
System Version: OS X 10.11.6 (15G1421)
Kernel Version: Darwin 15.6.0
System Integrity Protection: Enabled
Time since boot: 1 day 1:31
Diagnostic reports
2017-04-30 Spotlight crash
2017-05-01 EvernoteHelper crash
2017-05-10 coreaudiod crash
2017-05-11 Spotify hang
2017-05-16 Spotify hang
2017-05-16 coreaudiod crash
2017-05-23 FinderSyncAPIExtension crash
Log
May 24 18:48:09 PM notification timeout (pid 613, Spotify)
May 24 21:20:21 PM notification timeout (pid 613, Spotify)
May 25 07:19:42 PM notification timeout (pid 613, Spotify)
May 25 10:41:53 PM notification timeout (pid 613, Spotify)
May 25 11:15:20 PM notification timeout (pid 613, Spotify)
May 25 11:27:39 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 25 11:39:11 PM notification timeout (pid 20787, Spotify)
May 25 11:42:22 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 25 11:47:51 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 25 12:29:34 PM notification timeout (pid 20787, Spotify)
May 25 16:45:19 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 25 16:47:21 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 08:15:16 [IGPU] Scheduler Throttle Cap = 100ms.
May 26 08:18:05 process WindowServer[166] caught causing excessive wakeups. Observed wakeups rate (per sec): 267; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45204
May 26 09:12:52 AppleHSSPIHIDDriver::InterruptHandlerEntry Transfer number error. Expected: 90 Received: 91AppleCamIn::power_off_hardware
May 26 09:42:57 PM notification timeout (pid 583, Slack)
May 26 11:10:09 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 11:49:39 PM notification timeout (pid 583, Slack)
May 26 12:50:50 Sound Assert: IOAudioEngine::startClient timed out waiting
May 26 13:36:57 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 14:06:03 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 14:32:25 PM notification timeout (pid 583, Slack)
May 26 14:32:25 PM notification timeout (pid 31566, Spotify)
May 26 15:20:30 PM notification timeout (pid 31566, Spotify)
May 27 09:37:21 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Activity
CPU: user 18%, system 12%
CPU per process: Google Chrome (UID 501) is using 31 %
Memory: kernel_task (UID 0) is using 1115 MB
Daemons
/Library/moxvUNMp/moxvUNMp.app/Contents/MacOS/moxvUNMp
/Library/Ectocarpus/Ectocarpus
com.apple.nomaro
/Library/jcqlndcyqefc/jcqlndcyqefc
com.apple.NetBootClientHelper
/var/root/Library/Benacus/Benacus
com.teamviewer.service
com.apple.crybur
/Library/jqjlldaqufgv/jqjlldaqufgv
org.macosforge.xquartz.privileged_startx
com.teamviewer.Helper
Agents
com.skype.skype.shareagent
2BUA8C4S2C.com.agilebits.onepassword4-helper
org.macosforge.xquartz.startx
com.teamviewer.desktop
com.spotify.webhelper
/Library/shikimic-seller/uSvEMszd/HjaAdhAI/BKCwONdI/plandok-arranger
com.google.keystone.user.agent
com.teamviewer.teamviewer
com.apple.AirPortBaseStationAgent
com.dropbox.DropboxMacUpdate.agent
Bundles
/Library/Security/SecurityAgentPlugins/TeamViewerAuthPlugin.bundle
- com.teamviewer.AuthorizationPlugin
Library/Address Book Plug-Ins/SkypeABCaller.bundle
- com.skype.SkypeABCaller
Library/Address Book Plug-Ins/SkypeABChatter.bundle
- com.skype.SkypeABChatter
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.SkypeABDialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.SkypeABSMS
Library/Internet Plug-Ins/ZoomUsPlugIn.plugin
- us.zoom.plugin
App extensions
com.getdropbox.dropbox.garcon
com.google.GoogleDrive.FinderSyncAPIExtension
com.skype.skype.ShareExtension
com.agilebits.onepassword4.safariextensioncompanion
net.pornel.ImageOptimizeExtension
com.evernote.Evernote.SharingExtension
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /etc/hosts (checksum 3164423663)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/rshd (checksum 1553764881)
auth required pam_permit.so
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
DNS: 202.58.203.204 (static)
Wi-Fi
link auth: wpa-psk
User login items
Alfred 3
- /Applications/Alfred 3.app
Dropbox
- /Applications/Dropbox.app
Google Drive
- /Applications/Google Drive.app
Restricted files: 624
Lockfiles: 6
Elapsed time (s): 272
Hi Linc, thanks for your post. Can you (or anyone else) help me read the following output?
Start time: 20:25:03 09/16/17
Model Identifier: MacBookAir5,1
System Version: macOS 10.12.3 (16D32)
Kernel Version: Darwin 16.4.0
System Integrity Protection: Enabled
Time since boot: 77 days 29 minutes
SATA
TS480GJDM520
Diagnostic reports
2017-09-02 Kernel gpuRestart
2017-09-10 Photos crash
2017-09-13 Autodesk Fusion 360 hang
Log
Sep 14 09:16:11 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 14 09:17:34 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 14 10:02:26 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 14 10:02:26 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Sep 14 12:49:03 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 14 12:49:30 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Sep 14 12:50:47 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 14 12:54:20 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Sep 14 12:54:26 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Sep 15 01:24:01 com.apple.postfix.master: Service exited with abnormal code: 1
Sep 15 10:45:12 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 15 12:33:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 15 12:33:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 15 12:33:55 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Sep 15 12:33:59 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 15 13:22:32 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Sep 15 13:24:02 com.apple.postfix.master: Service exited with abnormal code: 1
Sep 15 13:36:38 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 15 15:50:03 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 16 19:15:44 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 16 19:25:37 org.postfix.master: Service exited with abnormal code: 1
Sep 16 19:44:36 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Sep 16 19:44:37 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Sep 16 19:45:37 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Sep 16 20:24:01 com.apple.postfix.master: Service exited with abnormal code: 1
Swap (MiB): 183750
CPU per process: RTProtectionDaem (UID 0) is using 50.6 %
Mach ports: launchservicesd (UID 0) is using 282240 ports
kexts
com.logitech.manager.kernel.driver (6.40.1) UUID
com.bitdefender.SelfProtect (1.2.8) UUID
com.bitdefender.TMProtection (5.0.0) UUID
com.bitdefender.FileProtect (1) UUID
com.malwarebytes.mbam.rtprotection (3.0.2) UUID
Daemons
com.malwarebytes.mbam.rtprotection.daemon
com.bitdefender.AuthHelperTool
org.postfix.master
com.bitdefender.CoreIssues
/Library/ynihlxehhcyl/ynihlxehhcyl
com.bitdefender.credentials
/Library/YPrJNsSa/YPrJNsSa.app/Contents/MacOS/YPrJNsSa
/Library/vaqoivqsmvks/vaqoivqsmvks
com.transcend.TSSleepHandlerHelp
com.regularrateandrhythm.rowmotehelperaide
com.google.keystone.daemon
com.transcend.TSTRIMHandlerHelp
com.oracle.java.Helper-Tool
com.bitdefender.UpdDaemon
com.leapmotion.leapd
com.bitdefender.Daemon
com.microsoft.office.licensingV2.helper
com.malwarebytes.mbam.settings.daemon
com.adobe.SwitchBoard
/Library/furrow/furrow
com.ea.origin.ESHelper
com.bitdefender.upgrade
com.adobe.fpsaud
/Library/taliation-fruticetum/GmWDbpFN/capricious
org.macosforge.xquartz.privileged_startx
com.apple.elmeld
com.bitdefender.agent
com.apple.vayt
Agents
/Library/foreturn/foreturn
com.malwarebytes.mbam.frontend.agent
com.google.keystone.system.agent
com.adobe.PDApp.AAMUpdatesNotifier.47284.UUID
org.macosforge.xquartz.startx
com.adobe.CS5ServiceManager
com.oracle.java.Java-Updater
com.apple.iBooksX.DiskSpaceEfficiency
com.logitech.manager.daemon
com.spotify.webhelper
com.apple.iBooks.CacheDelete
com.apple.CoreSimulator.CoreSimulatorService.179.1.E8ttyeDeVgWK
com.bitdefender.antivirusformac
com.apple.AirPortBaseStationAgent
com.wacom.pentablet
com.leapmotion.Leap-Motion
Bundles
/System/Library/Extensions/FTDIUSBSerialDriver.kext
- com.FTDI.driver.FTDIUSBSerialDriver
/System/Library/Extensions/hp_designjet_series.kext
- com.hp.print.hpio.Designjet.kext
/System/Library/Extensions/hp_Deskjet_io_enabler.kext
- com.hp.print.hpio.Deskjet.kext
/System/Library/Extensions/hp_fax_io.kext
- com.hp.kext.hp-fax-io
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
- com.hp.print.hpio.Inkjet1.kext
/System/Library/Extensions/hp_Inkjet2_io_enabler.kext
- com.hp.print.hpio.Inkjet2.kext
/System/Library/Extensions/hp_Inkjet3_io_enabler.kext
- com.hp.print.hpio.Inkjet3.kext
/System/Library/Extensions/hp_Inkjet4_io_enabler.kext
- com.hp.print.hpio.Inkjet4.kext
/System/Library/Extensions/hp_Inkjet5_io_enabler.kext
- com.hp.print.hpio.Inkjet5.kext
/System/Library/Extensions/hp_Inkjet7_io_enabler.kext
- com.hp.print.hpio.inkjet7.kext
/System/Library/Extensions/hp_Inkjet8_io_enabler.kext
- com.hp.print.hpio.inkjet8.kext
/System/Library/Extensions/hp_Inkjet9_io_enabler.kext
- com.hp.print.hpio.Inkjet9.kext
/System/Library/Extensions/hp_Inkjet_io_enabler.kext
- com.hp.print.hpio.Inkjet.kext
/System/Library/Extensions/hp_Laserjet_io_enabler.kext
- com.hp.print.hpio.Laserjet.kext
/System/Library/Extensions/hp_Officejet_io_enabler.kext
- com.hp.print.hpio.Officejet.kext
/System/Library/Extensions/hp_Photosmart_io_enabler.kext
- com.hp.print.hpio.Photosmart.kext
/System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext
- com.hp.print.hpio.PhotosmartPro.kext
/System/Library/Extensions/hp_psa640_io_enabler.kext
- com.hp.hpio.hp_psa640_io_enabler
/System/Library/Extensions/hp_qc_io_enabler.kext
- com.hp.hpio.hp_psa530_630_io_enabler
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/Pen Tablet.kext
- com.wacom.kext.pentablet
/System/Library/Extensions/TabletDriverCFPlugin.bundle
- N/A
/Library/Audio/Plug-Ins/Components/A52Codec.component
- com.shepmater.A52Codec
/Library/Extensions/com.malwarebytes.mbam.rtprotection.kext
- com.malwarebytes.mbam.rtprotection
/Library/Extensions/FileProtect.kext
- com.bitdefender.FileProtect
/Library/Extensions/FileProtect.kext/Contents/Resources
- $(PRODUCT_BUNDLE_IDENTIFIER)
/Library/Extensions/LogiMgrDriver.kext
- com.logitech.manager.kernel.driver
/Library/Extensions/SelfProtect.kext
- com.bitdefender.SelfProtect
/Library/Extensions/TMProtection.kext
- com.bitdefender.TMProtection
/Library/Extensions/usbserial.kext
- com.wch.usbserial
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/Internet Plug-Ins/WacomNetscape.plugin
- com.wacom.tabletplugin
/Library/Internet Plug-Ins/WacomSafari.plugin
- com.wacom.safaritabletplugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/PreferencePanes/Logi Options Launcher.prefPane
- com.logitech.Logi-Options-Launcher
/Library/PreferencePanes/Perian.prefPane
- org.perian.PerianPane
/Library/QuickTime/AC3MovieImport.component
- com.cod3r.ac3movieimport
/Library/QuickTime/Perian.component
- org.perian.Perian
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
/Library/ScriptingAdditions/SynologySIMBL.osax
- net.culater.SynologySIMBL.osax
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Caches/com.apple.Safari/Extensions/TrafficLight.safariextension
- com.BitDefender.TrafficLight
Library/Widgets/Ask Dave.wdgt
- com.blogography.widget.askdave
Library/Widgets/BigBen.wdgt
- com.ClockWidgets.widget.BigBen
Library/Widgets/DrMac.wdgt
- ch.znerol.widget.drmac
Library/Widgets/Earth.wdgt
- com.Earth.widget.Earth
Library/Widgets/pongClock.wdgt
- de.widgetschmiede.pongClock
Library/Widgets/Street Fighter 2.wdgt
- com.softomate.widget.Street.Fighter.2
Library/Widgets/Virtual Fruitcake.wdgt
- com.sethgunderson.widget.VirtualFruitcake
Library/Widgets/Wikipedia 2.wdgt
- com.whatsinthehouse.widget.wikipedia
App extensions
com.microsoft.onenote.mac.shareextension
com.synology.CloudStation.FinderSync
Contents of /etc/hosts (checksum 3164423663)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_aks (checksum 841932527)
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_ctk (checksum 2418984201)
auth required pam_smartcard.so use_first_pass pkinit
account required pam_opendirectory.so
Contents of /etc/pam.d/authorization_la (checksum 2713564393)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_aks (checksum 3209544573)
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_ctk (checksum 367670211)
auth required pam_smartcard.so use_first_pass
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/screensaver_la (checksum 589164084)
auth required pam_localauthentication.so
auth required pam_aks.so
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
Root crontab
24 * * * * /Library/Hindi.bg/Hindi.bg cr
Bad plists
/Library/Preferences/com.epson.EPSON Software Updater.UnInstallList.plist
Library/Preferences/DSS/auth.plist
Firewall: On
DNS: 2001 730
Listeners
cupsd: ipp
User login items
Bose Updater
- /Applications/Bose Updater.app
Hidden apps
.CloudStation/CloudStation.app
Safari extensions
TrafficLight
Widgets
BigBen
Restricted files: 760
Lockfiles: 54
High file counts
Desktop: 105
Elapsed time (s): 238
Start time: 13:51:54 10/19/17
Model Identifier: MacBookAir7,2
System Version: OS X 10.11.6 (15G1611)
Kernel Version: Darwin 15.6.0
System Integrity Protection: Enabled
Time since boot: 32 days 10:39
Diagnostic reports
2017-10-07 videoconverter crash
2017-10-09 ScreenSaverEngine crash
2017-10-09 vncagent crash
2017-10-15 Microsoft OneNote hang
2017-10-17 Finder crash
2017-10-17 com.apple.preference.network.remoteservice crash
Log
Oct 15 17:55:25 ARPT: 528254.400919: wl0: fatal error, reinitializing, total count of reinit's[7], @'wlc_bmac_report_fatal_errors':18080
Oct 15 17:55:25 ARPT: 528254.416237: wl0: fatal error, reinitializing, total count of reinit's[8], @'wlc_bmac_report_fatal_errors':18080
Oct 15 17:55:25 ARPT: 528254.431641: wl0: fatal error, reinitializing, total count of reinit's[9], @'wlc_bmac_report_fatal_errors':18080
Oct 15 21:52:58 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 16 01:01:15 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 16 10:18:03 com_apple_driver_AppleUSBCardReaderDriverNub::setPowerState(0xae7998c8ce40dcf5, 0 -> 2) timed out after 10556 ms
Oct 17 02:34:06 ARPT: 566562.939864: wl0: Beacon Loss Event, last RSSI[-88]
Oct 17 03:37:05 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 17 09:53:12 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 18 18:26:44 Error: AppleHSSPIHIDDriver::_setReportGated Return packet status unsuccessful (2)
Oct 18 18:26:44 Error: AppleHSSPIHIDDriver::_setReportGated Return packet status unsuccessful (2)
Oct 18 18:26:44 Error: AppleHSSPIHIDDriver::_setReportGated Return packet status unsuccessful (2)
Oct 18 18:26:44 [HID] [ATC] [Error] AppleMultitouchInputHIDEventDriver::unleashDeviceGated Failed to set device leash state. Error = 0xe00002ca
Oct 18 19:24:03 com.google.keystone.user.agent: Service exited with abnormal code: 1
Oct 18 19:26:56 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 18 19:27:06 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 18 22:26:56 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 19 00:44:12 com.google.keystone.user.agent: Service exited with abnormal code: 1
Oct 19 01:44:35 com.google.keystone.user.agent: Service exited with abnormal code: 1
Oct 19 02:44:59 com.google.keystone.user.agent: Service exited with abnormal code: 1
Oct 19 03:45:22 com.google.keystone.user.agent: Service exited with abnormal code: 1
Oct 19 12:12:51 com.google.keystone.user.agent: Service exited with abnormal code: 1
Oct 19 12:15:50 com.apple.softwareupdate_notify_agent: Service exited with abnormal code: 1
Oct 19 12:20:27 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Oct 19 13:13:15 com.google.keystone.user.agent: Service exited with abnormal code: 1
Swap (MiB): 65165
Activity
CPU: user 12%, system 4%
Memory: kernel_task (UID 0) is using 1312 MB
kexts
com.malwarebytes.mbam.rtprotection (3.0.3) UUID
Daemons
com.malwarebytes.mbam.rtprotection.daemon
com.realvnc.vncserver
com.malwarebytes.mbam.settings.daemon
6H4HRTU5E3.com.avast.passwords.AgentXPC
Agents
com.avast.home.userinit
com.pcv.hlpramcn
com.malwarebytes.mbam.frontend.agent
6H4HRTU5E3.com.avast.passwords.PasswordsHelperApp
com.realvnc.vncserver.peruser
com.google.keystone.user.agent
6H4HRTU5E3.com.avast.passwords.Agent
com.apple.AirPortBaseStationAgent
Bundles
/Library/Extensions/com.malwarebytes.mbam.rtprotection.kext
- com.malwarebytes.mbam.rtprotection
Contents of /etc/hosts (checksum 3164423663)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Contents of /etc/pf.conf (checksum 2891177609)
scrub-anchor "com.apple/*"
nat-anchor "com.apple/*"
rdr-anchor "com.apple/*"
dummynet-anchor "com.apple/*"
anchor "com.apple/*"
load anchor "com.apple" from "/etc/pf.anchors/com.apple"
Contents of /etc/syslog.conf (checksum 2399118465)
install.* @127.0.0.1:32376
Contents of /etc/pam.d/authorization (checksum 1288902703)
auth optional pam_krb5.so use_first_pass use_kcminit
auth optional pam_ntlm.so use_first_pass
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
Contents of /etc/pam.d/checkpw (checksum 2672765862)
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so no_check_home no_check_shell
Contents of /etc/pam.d/chkpasswd (checksum 335781771)
auth required pam_opendirectory.so
account required pam_opendirectory.so
password required pam_permit.so
session required pam_permit.so
Contents of /etc/pam.d/cups (checksum 2842188894)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/ftpd (checksum 2001169128)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/login (checksum 1242678644)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session required pam_uwtmp.so
session optional pam_mount.so
Contents of /etc/pam.d/login.term (checksum 3930746290)
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_uwtmp.so
Contents of /etc/pam.d/other (checksum 2748091512)
auth required pam_deny.so
account required pam_deny.so
password required pam_deny.so
session required pam_deny.so
Contents of /etc/pam.d/passwd (checksum 1026516346)
auth required pam_permit.so
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_permit.so
Contents of /etc/pam.d/rshd (checksum 1553764881)
auth required pam_permit.so
account required pam_nologin.so
account required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/screensaver (checksum 3141704602)
auth optional pam_krb5.so use_first_pass use_kcminit
auth required pam_opendirectory.so use_first_pass nullok
account required pam_opendirectory.so
account sufficient pam_self.so
account required pam_group.so no_warn group=admin,wheel fail_safe
account required pam_group.so no_warn deny group=admin,wheel ruser fail_safe
Contents of /etc/pam.d/smbd (checksum 2516643123)
account required pam_sacl.so sacl_service=smb allow_trustacct
session required pam_permit.so
Contents of /etc/pam.d/sshd (checksum 2989478361)
auth optional pam_krb5.so use_kcminit
auth optional pam_ntlm.so try_first_pass
auth optional pam_mount.so try_first_pass
auth required pam_opendirectory.so try_first_pass
account required pam_nologin.so
account required pam_sacl.so sacl_service=ssh
account required pam_opendirectory.so
password required pam_opendirectory.so
session required pam_launchd.so
session optional pam_mount.so
Contents of /etc/pam.d/su (checksum 2045483434)
auth sufficient pam_rootok.so
auth required pam_opendirectory.so
account required pam_group.so no_warn group=admin,wheel ruser root_only fail_safe
account required pam_opendirectory.so no_check_shell
password required pam_opendirectory.so
session required pam_launchd.so
Contents of /etc/pam.d/sudo (checksum 3515993703)
auth required pam_opendirectory.so
account required pam_permit.so
password required pam_deny.so
session required pam_permit.so
Contents of /etc/pam.d/vncserver (checksum 2472402372)
account required pam_opendirectory.so
auth required pam_opendirectory.so
Contents of /etc/periodic/daily/110.clean-tmps (checksum 4099837049)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_tmps_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_tmps_days" ]
then
echo '$daily_clean_tmps_enable is set but' \
'$daily_clean_tmps_days is not'
rc=2
else
echo ""
echo "Removing old temporary files:"
set -f noglob
args="-atime +$daily_clean_tmps_days -mtime +$daily_clean_tmps_days"
args="${args} -ctime +$daily_clean_tmps_days"
dargs="-empty -mtime +$daily_clean_tmps_days"
dargs="${dargs} ! -name .vfs_rsrc_streams_*"
[ -n "$daily_clean_tmps_ignore" ] && {
args="$args "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
dargs="$dargs "`echo " ${daily_clean_tmps_ignore% }" |
sed 's/[ ][ ]*/ ! -name /g'`
...and 21 more line(s)
Contents of /etc/periodic/daily/130.clean-msgs (checksum 4292599426)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_msgs_enable" in
[Yy][Ee][Ss])
if [ ! -d /var/msgs ]
then
echo '$daily_clean_msgs_enable is set but /var/msgs' \
"doesn't exist"
rc=2
else
echo ""
echo "Cleaning out old system announcements:"
[ -n "$daily_clean_msgs_days" ] &&
arg=-${daily_clean_msgs_days#-} || arg=
msgs -c $arg && rc=0 || rc=3
fi;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/140.clean-rwho (checksum 659374794)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_clean_rwho_enable" in
[Yy][Ee][Ss])
if [ -z "$daily_clean_rwho_days" ]
then
echo '$daily_clean_rwho_enable is enabled but' \
'$daily_clean_rwho_days is not set'
rc=2
elif [ ! -d /var/rwho ]
then
echo '$daily_clean_rwho_enable is enabled but /var/rwho' \
"doesn't exist"
rc=2
else
echo ""
echo "Removing stale files from /var/rwho:"
case "$daily_clean_rwho_verbose" in
[Yy][Ee][Ss])
print=-print;;
*)
print=;;
...and 14 more line(s)
Contents of /etc/periodic/daily/199.clean-fax (checksum 1104983357)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
if [ -d /var/spool/fax ]; then
echo ""
echo "Removing scratch fax files"
cd /var/spool/fax && \
find . -type f -name '[0-9]*.[0-9][0-9][0-9]' -mtime +7 -delete >/dev/null 2>&1;
fi
Contents of /etc/periodic/daily/310.accounting (checksum 3208203734)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_accounting_enable" in
[Yy][Ee][Ss])
if [ ! -f /var/account/acct ]
then
echo '$daily_accounting_enable is set but /var/account/acct' \
"doesn't exist"
rc=2
elif [ -z "$daily_accounting_save" ]
then
echo '$daily_accounting_enable is set but ' \
'$daily_accounting_save is not'
rc=2
else
echo ""
echo "Rotating accounting logs and gathering statistics:"
cd /var/account
rc=0
n=$daily_accounting_save
rm -f acct.$n.gz acct.$n || rc=3
m=$n
...and 18 more line(s)
Contents of /etc/periodic/daily/400.status-disks (checksum 1480768650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_disks_enable" in
[Yy][Ee][Ss])
echo ""
echo "Disk status:"
df $daily_status_disks_df_flags && rc=1 || rc=3
;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/420.status-network (checksum 2730873650)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_network_enable" in
[Yy][Ee][Ss])
echo ""
echo "Network interface status:"
case "$daily_status_network_usedns" in
[Yy][Ee][Ss])
netstat -i && rc=0 || rc=3;;
*)
netstat -in && rc=0 || rc=3;;
esac;;
*) rc=0;;
esac
exit $rc
Contents of /etc/periodic/daily/430.status-rwho (checksum 3455351261)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$daily_status_rwho_enable" in
[Yy][Ee][Ss])
rwho=$(echo /var/rwho/*)
if [ -f "${rwho%% *}" ]
then
echo ""
echo "Local network system status:"
prog=ruptime
else
echo ""
echo "Local system status:"
prog=uptime
fi
rc=$($prog | tee /dev/stderr | wc -l)
if [ $? -eq 0 ]
then
[ $rc -gt 1 ] && rc=1
else
rc=3
fi;;
...and 3 more line(s)
Contents of /etc/periodic/daily/999.local (checksum 2319755381)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $daily_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/monthly/199.rotate-fax (checksum 3437454680)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
echo ""
printf %s "Rotating fax log files:"
cd /var/log/fax
for i in *.log; do
if [ -f "${i}" ]; then
echo -n " $i"
if [ -x /usr/bin/gzip ]; then gzext=".gz"; else gzext=""; fi
if [ -f "${i}.3${gzext}" ]; then mv -f "${i}.3${gzext}" "${i}.4${gzext}"; fi
if [ -f "${i}.2${gzext}" ]; then mv -f "${i}.2${gzext}" "${i}.3${gzext}"; fi
if [ -f "${i}.1${gzext}" ]; then mv -f "${i}.1${gzext}" "${i}.2${gzext}"; fi
if [ -f "${i}.0${gzext}" ]; then mv -f "${i}.0${gzext}" "${i}.1${gzext}"; fi
if [ -f "${i}" ]; then mv -f "${i}" "${i}.0" && if [ -x /usr/bin/gzip ]; then gzip -9 "${i}.0"; fi; fi
touch "${i}" && chmod 640 "${i}" && chown root:admin "${i}"
fi
done
echo ""
Contents of /etc/periodic/monthly/200.accounting (checksum 3541581936)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
oldmask=$(umask)
umask 066
case "$monthly_accounting_enable" in
[Yy][Ee][Ss])
W=/var/log/wtmp
rc=0
remove=NO
if [ $rc -eq 0 ]
then
echo ""
echo "Doing login accounting:"
rc=$(ac -p | sort -nr -k 2 | tee /dev/stderr | wc -l)
[ $rc -gt 0 ] && rc=1
fi
[ $remove = YES ] && rm -f $W.0;;
*) rc=0;;
esac
umask $oldmask
exit $rc
Contents of /etc/periodic/monthly/999.local (checksum 2355967272)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $monthly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /etc/periodic/weekly/320.whatis (checksum 922328658)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
case "$weekly_whatis_enable" in
[Yy][Ee][Ss])
echo ""
echo "Rebuilding whatis database:"
MANPATH=`/usr/bin/manpath -q`
if [ $? = 0 ]
then
if [ -z "${MANPATH}" ]
then
echo "manpath failed to find any manpage directories"
rc=3
else
rc=0
/usr/libexec/makewhatis.local "${MANPATH}" || rc=3
if [ X"${man_locales}" != X ]
then
for i in ${man_locales}
do
LC_ALL=$i /usr/libexec/makewhatis.local -a \
-L "${MANPATH}" || rc=3
...and 9 more line(s)
Contents of /etc/periodic/weekly/999.local (checksum 3078968429)
if [ -r /etc/defaults/periodic.conf ]
then
. /etc/defaults/periodic.conf
source_periodic_confs
fi
rc=0
for script in $weekly_local
do
echo ''
case "$script" in
/*)
if [ -f "$script" ]
then
echo "Running $script:"
sh $script || rc=3
else
echo "$script: No such file"
[ $rc -lt 2 ] && rc=2
fi;;
*)
echo "$script: Not an absolute path"
[ $rc -lt 2 ] && rc=2;;
esac
done
exit $rc
Contents of /Library/Preferences/com.apple.security.appsandbox.plist (checksum 2599182411)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>UnrestrictSpotlightContainerScope</key>
<true/>
</dict>
</plist>
Contents of /Library/Preferences/SystemConfiguration/com.apple.Boot.plist (checksum 1199119104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Kernel Flags</key>
<string></string>
</dict>
</plist>
Firewall: On
DNS: 68.105.28.11 (static)
Listeners
kdc: kerberos
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
SpeechSynthesisServer
- /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app
Advanced Mac Cleaner
- missing value
Restricted files: 9
Elapsed time (s): 181
Adware Medic (formerly, now 'Malwarebytes Anti-Malware') is cool but your problem is not a malware issue, just you get some ads by those MacKeeper jerks.
If you have a router, then you surely can exclude URLs (or even URL parts, as if you would use wildcards without using wildcard chars) and keywords. E.g. you exclude "mackeeper" as URL part and Keyword then your router will not grant pages containing this word to reach your browser.
I'm the developer of AdwareMedic, and I'd say it's safe, though you could easily make the claim that I'm slightly biased! 😉
You can search for other opinions here (search for "AdwareMedic" using the search link at the top of this page), but in the end, if downloading an app like AdwareMedic makes you nervous, that's probably a good thing. If you are unable to satisfy yourself that it is legit, I've also got a set of manual removal instructions that will remove anything that AdwareMedic does:
This can be a bit more difficult - and can result in damage to your system if you delete the wrong thing in some cases - but it is an option if you are comfortable with such things. (Not everyone is, which is why I created AdwareMedic.)
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)
Thank you both for the replies! About the second solution , I followed. exactly the steps that you provide me and in safari I didn't find any extensions at all! At step 2 also the finder didn't reveal to me anything, but the annoying advertisement of mackeeper is still here! Perhaps is something else here and probably I will use the adwaremedic to see if anything happens !
AggelakasK wrote:
About the second solution , I followed. exactly the steps that you provide me and in safari I didn't find any extensions at all! At step 2 also the finder didn't reveal to me anything, but the annoying advertisement of mackeeper is still here!
Yes, Linc's instructions are really only applicable to one particular adware program: Downlite, aka VSearch. (Although it mentions others, such as Spigot, Conduit and Trovi, his instructions do not actually provide workable removal instructions for those.) If you had Downlite, his instructions would work. However, there are almost two dozen others I'm aware of that you could be infected with, and Downlite is certainly not the only one to show MacKeeper ads.
In addition, it's possible this isn't due to adware at all. There are other possibilities, such as network-related problems. You can work your way through all these issues with either AdwareMedic or my Adware Removal Guide, mentioned in my previous post.
AggelakasK
Yes, AdwareMedic is safe. It has tons of very positive reviews and posts of appreciation here.
Tom is a LONG-time volunteer helper here, and has worked very hard to find solutions to adware and malware.
You can use it with confidence.
--Another volunteer here,
Bee
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB ' com.adobe.AAM.Updater-1.0 com.adobe.AdobeCreativeCloud com.adobe.CS4ServiceManager com.adobe.CS5ServiceManager com.adobe.fpsaud com.adobe.SwitchBoard com.adobe.SwitchBoard com.apple.aelwriter com.apple.AirPortBaseStationAgent com.apple.FolderActions.enabled com.apple.FolderActions.folders com.apple.FolderActions.folders com.apple.installer.osmessagetracing com.apple.mrt.uiagent com.apple.ReportCrash.Self com.apple.rpmuxd com.apple.SafariNotificationAgent com.apple.usbmuxd com.google.keystone.agent com.google.keystone.daemon com.microsoft.office.licensing.helper com.oracle.java.Helper-Tool com.oracle.java.JavaUpdateHelper com.oracle.java.JavaUpdateHelper org.macosforge.xquartz.privileged_startx org.macosforge.xquartz.startx ' ' 879294308 461455494 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 3694147963 1417519526 1189540302 1233118628 2456546649 2806998573 2778718105 2636415542 842973933 3301885676 891055588 998894468 695903914 1443423563 4136085286 523110921 3873345487 ' 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<10) print "com.apple.";} ' ' { sub(/ :/,"");print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { split("'"${p[41]}"'",b);split("'"${p[42]}"'",c);for(i in b) print b[i]".plist\t"c[i];if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"cksum "F|getline C;split(C, A);C="checksum "A[1];"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F" ("T", "C")";else F=F" ("C")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */ /;' ' s/^.+ |\(.+\)$//g;p ' '/\.(appex|pluginkit)\/Contents\/Info\.plist$/p' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR/d;s/^.+: //p;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' pluginkit scutil dtrace profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$(RefProc): \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|corru|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|Roame|SMC:|suhel| VALI|ver-r|xpma' -o -o -k Sender fseventsd -k Message Req SL -o -k Sender Req launchd -k Message Req de: " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '/S*/*/Ca*/*xpc* >&- ||echo No' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,Ex}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,In{p,ter},iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????|wc -l' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents XPC\ cache Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors App\ extensions Lockfiles Memory\ pressure SMC );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};A'$((7+i))'() { v=` eval sudo "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};';done;A9(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "${s[63]}"<<<"$v"`&&C1 1 $1;};for i in 1 2 7 8;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;B1&&D73 19 53 67 55;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 20 52 66 54;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D82 35 49 61 51;D82 11 17 17 20;for i in 0 1;do D82 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A8 18 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;B3 4 0 65;A3 14 6 32 0;B4 0 16 11;A1 26 50 64;B7 16;C3 52;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D73 21 0 32 19;D73 10 42 32 40;D82 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 20 32 25;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 21 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D83 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 10 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 21 48 49 49;B3 4 22 57;A1 21 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D12 4 51 32 53;D23 22 9 37 7;A9;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
______________________________________________________________
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.
Dear Linc
i appreciate your efford , trying to find me a solution and I really want to thank you about it . I read carefully the procedure that you post but I find it very difficult to follow. You see my experience in macs is very small , (switcher from pc to Mac ). This is my the first time in Mac interface and typing in terminal makes me really nervous because there is always a possibility to make another mistake . Of course I admit that it is my mistake the hole thing ....i think that responsible for the adware is mp3fiber , since I don't use any torrent client, I don't watch online films nor visiting any suspicious sites .... The only programs that running on Mac is vdj8 ( i have payed it) , tractor ( also) , easyfind (AppStore) and NTfs paragon( also payed it) . I hope these new informations may help you provide me a simplest way of finding the adware ! If no I would like to thank once more and probably I will try Thomas's adwaremedic app
Thomas you said before that if I want to remove completely the app I had to do it only manually?
Adwaremedic is it safe ?
