Thanks Linc, an impressively organised response and coding (hat tip).
Here's the results:
Start time: 11:25:35 04/01/15
Revision: 1309
Model Identifier: MacBookPro11,1
System Version: OS X 10.10.2 (14C1514)
Kernel Version: Darwin 14.1.0
Time since boot: 1 day16:53
UID: 501
Bluetooth
Apple Wireless Keyboard
Apple Wireless Trackpad
Energy (lifetime)
WindowServer (UID 88): 24.82
Profiles: 11
Trust settings: admin 4, user 4
DNS: 8.8.8.8 (static)
Listeners
kdc: kerberos
launchd: afpovertcp
launchd: microsoft-ds
System caches/logs
2.1 GiB: /System/Library/Caches/com.apple.coresymbolicationd/data
Diagnostic reports
2015-03-25 com.apple.AmbientDisplayAgent crash
2015-03-27 discoveryd crash x2
HID errors: 9
Kernel log
Apr 1 08:19:03 ASP_TCP Disconnect: triggering reconnect by bumping reconnTrigger from curr value 5 on so 0xffffff802e91b3d8
Apr 1 08:19:03 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Seagate-420BF6 TM Backup
Apr 1 08:19:03 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 08:19:03 AFP_VFS afpfs_DoReconnect: connect on /Volumes/Seagate-420BF6 TM Backup failed 51.
Apr 1 08:19:04 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 08:19:04 AFP_VFS afpfs_DoReconnect: connect on /Volumes/Seagate-420BF6 TM Backup failed 51.
Apr 1 08:19:05 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 08:19:05 AFP_VFS afpfs_DoReconnect: connect on /Volumes/Seagate-420BF6 TM Backup failed 51.
Apr 1 08:19:06 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 08:19:06 AFP_VFS afpfs_DoReconnect: connect on /Volumes/Seagate-420BF6 TM Backup failed 51.
Apr 1 08:19:07 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 08:19:07 AFP_VFS afpfs_DoReconnect: connect on /Volumes/Seagate-420BF6 TM Backup failed 51.
Apr 1 08:19:08 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 08:19:08 AFP_VFS afpfs_DoReconnect: connect on /Volumes/Seagate-420BF6 TM Backup failed 51.
Apr 1 08:19:09 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 09:06:09 ASP_TCP Disconnect: triggering reconnect by bumping reconnTrigger from curr value 6 on so 0xffffff802e91b3d8
Apr 1 09:06:10 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/Seagate-420BF6 TM Backup
Apr 1 09:06:10 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 09:06:27 AFP_VFS afpfs_DoReconnect: connect on /Volumes/Seagate-420BF6 TM Backup failed 60.
Apr 1 09:06:27 ASP_TCP asp_SetTCPQoS: sock_settclassopt got error 57
Apr 1 09:10:20 ASP_TCP Disconnect: triggering reconnect by bumping reconnTrigger from curr value 7 on so 0xffffff802e91b3d8
Apr 1 09:37:31 firefox (map: 0xffffff802ac2e4b0) triggered DYLD shared region unnest for map: 0xffffff802ac2e4b0, region 0x7fff8b800000->0x7fff8ba00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
Apr 1 10:12:35 ASP_TCP Disconnect: triggering reconnect by bumping reconnTrigger from curr value 0 on so 0xffffff80314e87b0
Apr 1 11:15:54 firefox (map: 0xffffff80321d0b40) triggered DYLD shared region unnest for map: 0xffffff80321d0b40, region 0x7fff8b800000->0x7fff8ba00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.
Apr 1 11:18:53 ASP_TCP Disconnect: triggering reconnect by bumping reconnTrigger from curr value 0 on so 0xffffff80327c4000
System log
Apr 1 07:01:53 configd: [0x7fed81d2f2b0] [m]DNS query timeout (query time = 35.123253), [46TE]
Apr 1 07:02:28 configd: [0x7fed81f35580] [m]DNS query timeout (query time = 35.138744), [46TE]
Apr 1 08:19:16 com.apple.usbmuxd: LOCKDOWN_V2_BONJOUR_SERVICE_NAME is _apple-mobdev2._tcp,884e0777
Apr 1 08:19:39 com.apple.usbmuxd: SCEDeviceSocketCallback 0x10040a380-iTunes/com.apple.iTunes remote peer closed connection for sce 0x10040a380.
Apr 1 08:19:48 configd: [0x7fed81f35960] [m]DNS query timeout (query time = 35.148206), [46TE]
Apr 1 08:20:23 configd: [0x7fed81d2cf10] [m]DNS query timeout (query time = 35.120730), [46TE]
Apr 1 08:20:58 configd: [0x7fed81d2cf10] [m]DNS query timeout (query time = 35.130086), [46TE]
Apr 1 09:06:12 com.apple.usbmuxd: LOCKDOWN_V2_BONJOUR_SERVICE_NAME is _apple-mobdev2._tcp,884e0777
Apr 1 09:07:10 com.apple.backupd: Disk image already attached: /Volumes/Seagate-420BF6 TM Backup/Jane’s MacBook Pro.sparsebundle, DIHLDiskImageAttach returned: 35
Apr 1 09:10:08 fseventsd: Logging disabled completely for device:1: /Volumes/Recovery HD
Apr 1 09:34:03 com.apple.WebKit.WebContent: GVA warning: addNewReferenceEntry_MMCO mmcoFunc1 not found requested 4, curr = 6
Apr 1 10:05:00 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:73 refs=7 @ 0x7fb3b3c280c0 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0xad0ad pid=3626 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue
Apr 1 10:05:00 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:73 refs=8 @ 0x7fb3b3c280c0 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0xad0ad pid=3626 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue
Apr 1 10:08:07 diskarbitrationd: loginwindow [73]:43899 not responding.
Apr 1 10:12:10 fseventsd: Logging disabled completely for device:1: /Volumes/Recovery HD
Apr 1 10:25:25 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Safari" for over 1.00 seconds. Server has re-enabled them.
Apr 1 11:05:10 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Safari" for over 1.00 seconds. Server has re-enabled them.
Apr 1 11:13:57 NetAuthSysAgent: ERROR: AFP_GetServerInfo - connect failed 64
Apr 1 11:13:57 com.apple.backupd: NAConnectToServerSync failed with error: 64 (Host is down) for url: afp://Jane@Seagate-420BF6._afpovertcp._tcp.local./Seagate-420BF6%20TM%20Backup
Apr 1 11:13:57 com.apple.backupd: Backup failed with error 18: The backup disk could not be found.
Apr 1 11:14:09 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Mail" for over 1.00 seconds. Server has re-enabled them.
Apr 1 11:14:17 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Mail" for over 1.00 seconds. Server has re-enabled them.
Apr 1 11:15:06 com.apple.backupd: Disk image already attached: /Volumes/Seagate-420BF6 TM Backup/Jane’s MacBook Pro.sparsebundle, DIHLDiskImageAttach returned: 35
Apr 1 11:18:25 fseventsd: Logging disabled completely for device:1: /Volumes/Recovery HD
Apr 1 11:18:49 diskarbitrationd: mds [37]:20271 not responding.
Loaded kernel extensions
com.avast.AvastFileShield (2.1.0)
com.avast.PacketForwarder (2.0)
System services loaded
com.adobe.fpsaud
com.apple.spindump
- status: 75
com.apple.watchdogd
com.avast.crashreport
com.avast.daemon
com.avast.fileshield
com.avast.init
com.avast.proxy
com.avast.service
com.avast.uninstall
com.avast.update
com.oracle.java.Helper-Tool
net.cloudpath.HelperTool2
Login services loaded
com.avast.helper
com.avast.home.userinit
com.avast.update-agent
com.avast.userinit
com.oracle.java.Java-Updater
com.valvesoftware.steamclean
User services loaded
com.valvesoftware.steam.ipctool
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Steam
- /Applications/Steam.app
Safari extensions
Avast Online Security
- com.avast.wrc
iCloud errors
bird 387
cloudd 42
Continuity errors
sharingd 27
lsuseractivityd 7
Restricted files: 234
Lockfiles: 1
Contents of /Library/LaunchAgents/com.avast.update-agent.plist
- mod date: Mar 27 21:34:50 2015
- size (B): 638
- checksum: 4192623169
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.avast.update-agent</string>
<key>Program</key>
<string>/Library/Application Support/Avast/components/update/com.avast.update-agent</string>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.avast.userinit.plist
- mod date: Mar 27 21:34:50 2015
- size (B): 436
- checksum: 84920623
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.avast.userinit</string>
<key>Program</key>
<string>/Library/Application Support/Avast/hub/userinit.sh</string>
<key>KeepAlive</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>AbandonProcessGroup</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- mod date: Mar 25 14:05:54 2015
- size (B): 104
- checksum: 3388305437
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
<string>-bgcheck</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>14</integer>
<key>Minute</key>
<integer>05</integer>
<key>Weekday</key>
<integer>4</integer>
</dict>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchDaemons/com.avast.init.plist
- mod date: Mar 27 21:34:50 2015
- size (B): 571
- checksum: 17654464
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>AbandonProcessGroup</key>
<true/>
<key>Label</key>
<string>com.avast.init</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Avast/hub/init.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.avast.uninstall.plist
- mod date: Mar 27 21:34:50 2015
- size (B): 685
- checksum: 3425227779
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/Applications/Avast.app</key>
<false/>
</dict>
</dict>
<key>AbandonProcessGroup</key>
<true/>
<key>Label</key>
<string>com.avast.uninstall</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Avast/hub/autouninstall.sh</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
...and 3 more line(s)
Contents of /Library/LaunchDaemons/com.avast.update.plist
- mod date: Mar 27 21:34:50 2015
- size (B): 694
- checksum: 3870293393
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>AbandonProcessGroup</key>
<true/>
<key>Label</key>
<string>com.avast.update</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Avast/components/update/update.sh</string>
</array>
<key>StartInterval</key>
<integer>600</integer>
<key>ThrottleInterval</key>
<integer>10800</integer>
<key>RunAtLoad</key>
<false/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchDaemons/net.cloudpath.HelperTool2.plist
- mod date: Mar 4 13:38:04 2015
- size (B): 560
- checksum: 1065498150
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>net.cloudpath.HelperTool2</string>
<key>MachServices</key>
<dict>
<key>net.cloudpath.HelperTool2</key>
<true/>
</dict>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/net.cloudpath.HelperTool2</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/net.cloudpath.HelperTool2</string>
</array>
</dict>
</plist>
Contents of /private/etc/sysctl.conf
- mod date: Apr 26 10:07:47 2014
- size (B): 143
- checksum: 2361064242
kern.sysv.shmall=268435456
kern.sysv.shmmax=268435456
kern.sysv.shmmni=64
kern.sysv.shmseg=32
Contents of Library/LaunchAgents/com.avast.home.userinit.plist
- mod date: Mar 27 21:34:54 2015
- size (B): 481
- checksum: 4186448817
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.avast.home.userinit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Avast/hub/userinit.sh</string>
</array>
<key>KeepAlive</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>AbandonProcessGroup</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.valvesoftware.steamclean.plist
- mod date: Mar 30 18:33:42 2015
- size (B): 810
- checksum: 3270608231
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.valvesoftware.steamclean</string>
<key>Program</key>
<string>/Users/USER/Library/Application Support/Steam/SteamApps/steamclean</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Steam/SteamApps/steamclean</string>
<string>Public</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>SteamContentPaths</key>
<array>
<string>/Users/USER/Library/Application Support/Steam/SteamApps</string>
</array>
<key>ThrottleInterval</key>
<integer>60</integer>
<key>WatchPaths</key>
<array>
<string>/Applications/Steam.app</string>
</array>
...and 2 more line(s)
Extensions
/System/Library/Extensions/CyborgRAT.kext
- com.madcatz.driver.CyborgRAT
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
Applications
/Applications/AVG AntiVirus.app
- com.avg.Antivirus
/Library/Printers/Brother/Utilities/BrStatusMonitor.app
- com.brother.utility.BrStatusMonitor
/Library/Printers/hp/Fax/fax.backend
- com.hp.fax
/Library/Printers/hp/Fax/rastertofax.filter
- com.hp.rastertofax
/Library/Printers/hp/cups/filters/pdftopdf.filter
- com.hp.print.cups.filter.pdftopdf
/Users/USER/Desktop/XCOM Enemy Unknown.app
- N/A
/Users/USER/Downloads/Cuevana Storm.app
- com.intel.nw
PrefPane
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.pref Pane
- com.oracle.java.JavaControlPanel
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/MadCatzRAT.prefPane
- com.madcatz.prefPane.MadCatz
Bundles
/Library/Internet Plug-Ins/Flash Player.plugin
- com.macromedia.Flash Player.plugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
Bundles (new)
/Applications/AdwareMedic.app
- com.thesafemac.adwaremedic
/Applications/Avast.app
- com.avast.AAFM
/Applications/Utilities/Adobe Flash Player Install Manager.app
- com.adobe.flashplayer.installmanager
/Library/Application Support/Avast/components/helper/com.avast.helper.app
- com.avast.helper
/Library/Application Support/Avast/components/uninstall/com.avast.uninstall.app
- com.avast.uninstall
/Library/Internet Plug-Ins/Flash Player.plugin
- com.macromedia.Flash Player.plugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library paths
/Library/Application Support/Avast/components/proxy/certutil/libfreebl3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnspr4.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnss3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnssdbm3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libnssutil3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libplc4.dylib
/Library/Application Support/Avast/components/proxy/certutil/libplds4.dylib
/Library/Application Support/Avast/components/proxy/certutil/libsmime3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libsoftokn3.dylib
/Library/Application Support/Avast/components/proxy/certutil/libssl3.dylib
/Library/Application Support/Avast/lib/libcrypto.1.0.0.dylib
/Library/Application Support/Avast/lib/libprotobuf-lite.8.dylib
/Library/Application Support/Avast/lib/libssl.1.0.0.dylib
/Library/Application Support/com.avg.Antivirus/update/backup/#Applications#AVG AntiVirus.app#Contents#Backend##lib#libavgcore.dylib
/Users/USER/Library/Application Support/Avast/nss/libfreebl3.dylib
/Users/USER/Library/Application Support/Avast/nss/libnspr4.dylib
/Users/USER/Library/Application Support/Avast/nss/libnss3.dylib
/Users/USER/Library/Application Support/Avast/nss/libnssdbm3.dylib
/Users/USER/Library/Application Support/Avast/nss/libnssutil3.dylib
/Users/USER/Library/Application Support/Avast/nss/libplc4.dylib
/Users/USER/Library/Application Support/Avast/nss/libplds4.dylib
/Users/USER/Library/Application Support/Avast/nss/libsmime3.dylib
/Users/USER/Library/Application Support/Avast/nss/libsoftokn3.dylib
/Users/USER/Library/Application Support/Avast/nss/libssl3.dylib
/Users/USER/Library/Application Support/Firefox/Profiles/azpajdzz.default/gmp-gmpopenh264/1.3/libgmpopenh264.dy lib
Installations
Adobe Flash Player: 1/04/2015 9:37 am
Adobe Flash Player: 29/03/2015 3:50 pm
Java 8 Update 40: 25/03/2015 2:05 pm
Remote Mouse: 7/03/2015 6:57 pm
Brother Drivers: 7/02/2015 6:12 pm
Elapsed time (sec): 284