Bad Request Error

Just shut down the MacBook and modem/router and restarted them both, but this has not solved the problem. Thanks for the suggestion though.

I started up in safe mode and the issue was gone - no more Bad Request error messages; then did a normal startup and the problem has returned. I have since removed the login items from 'User & Groups', restarted, but the problem persists.

Thanks. I have Sophos anti-virus, but this has been running for ages without issue. Also, a web monitoring app ('Covenant Eyes') which I suspect is the culprit, as this was recently upgraded to a newer version. I will try reverting to an older version to test this. This is the results of the test:

1 Start time: 15:36:19 09/27/15

2

3 Revision: 1347

4

5 Model Identifier: MacBookPro8,1

6 System Version: OS X 10.10.5 (14F27)

7 Kernel Version: Darwin 14.5.0

8 Time since boot: 17:44

9

10 SerialATA

11

12 ST*******ASG

13

14 Energy (lifetime)

15

16 kernel_task (UID 0): 14.38

17

18 Energy (sampled)

19

20 kernel_task (UID 0): 8.54

21

22 Profiles: 3

23

24 Font issues: 23

25

26 Global prefs (system)

27

28 MultipleSessionEnabled = 1

29

30 Firewall: On

31

32 DNS: 194.168.4.100

33

34 Listeners

35

36 kdc: kerberos

37 launchd: afpovertcp

38 launchd: microsoft-ds

39

40 System caches/logs

41

42 4.2 GiB: /System/Library/Caches/com.apple.coresymbolicationd/data

43

44 Diagnostic reports

45

46 2015-09-01 Citrix Viewer crash

47 2015-09-08 com.apple.security.pboxd crash

48 2015-09-08 mapspushd crash

49 2015-09-10 Photos crash

50 2015-09-14 Citrix Viewer crash

51 2015-09-16 Citrix Viewer crash

52 2015-09-26 Finder crash* x5

53 2015-09-26 com.apple.AmbientDisplayAgent crash

54 * Code injection

55

56 HID errors: 6

57

58 Kernel log

59

60 Sep 24 21:25:12 sflt_register for AF_INET6 TCP returned error 0.

61 Sep 24 21:27:49 Finder (map: 0xffffff8023878a50) triggered DYLD shared region unnest for map: 0xffffff8023878a50, region 0x7fff8ee00000->0x7fff8f000000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

62 Sep 24 22:17:38 firefox (map: 0xffffff8031af9f00) triggered DYLD shared region unnest for map: 0xffffff8031af9f00, region 0x7fff89a00000->0x7fff89c00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

63 Sep 26 16:09:08 AppleUSBMultitouchDriver::checkStatus - received Status Packet, Payload 2: device was reinitialized

64 Sep 26 16:09:09 sflt_register for AF_INET TCP returned error 0.

65 Sep 26 16:09:09 sflt_register for AF_INET6 TCP returned error 0.

66 Sep 26 16:11:17 Finder (map: 0xffffff801e0b4870) triggered DYLD shared region unnest for map: 0xffffff801e0b4870, region 0x7fff8fc00000->0x7fff8fe00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

67 Sep 26 20:39:21 AppleUSBMultitouchDriver::checkStatus - received Status Packet, Payload 2: device was reinitialized

68 Sep 26 20:39:48 Dependency com.Cvnt.nke of kext com.Cvnt.driver.CvntDriver failed to load.

69 Sep 26 20:39:48 Kext com.Cvnt.driver.CvntDriver failed to load (0xdc008015).

70 Sep 26 20:51:08 AppleUSBMultitouchDriver::checkStatus - received Status Packet, Payload 2: device was reinitialized

71 Sep 26 20:51:13 sflt_register for AF_INET TCP returned error 0.

72 Sep 26 20:51:13 sflt_register for AF_INET6 TCP returned error 0.

73 Sep 26 20:53:31 ctl_enqueuedata: m_allocpacket_internal(7805) failed

74 Sep 26 20:53:31 tl_ctl_enqueuedata failed with error: 12

75 Sep 26 21:02:26 AppleUSBMultitouchDriver::checkStatus - received Status Packet, Payload 2: device was reinitialized

76 Sep 26 21:02:37 sflt_register for AF_INET TCP returned error 0.

77 Sep 26 21:02:37 sflt_register for AF_INET6 TCP returned error 0.

78 Sep 26 21:05:06 considerRebuildOfPrelinkedKernel com.apple.kext.OSvKernDSPLib triggered rebuild

79 Sep 26 21:23:50 CoreStorageFamily::unlockVEKs(UUID) VEK unwrap failed. this is normal, except for the root volume.

80 Sep 26 21:53:17 AppleUSBMultitouchDriver::checkStatus - received Status Packet, Payload 2: device was reinitialized

81 Sep 26 21:53:27 sflt_register for AF_INET TCP returned error 0.

82 Sep 26 21:53:27 sflt_register for AF_INET6 TCP returned error 0.

83 Sep 27 09:28:06 CoreStorageFamily::unlockVEKs(UUID) VEK unwrap failed. this is normal, except for the root volume.

84 Sep 27 15:23:05 CoreStorageFamily::unlockVEKs(UUID) VEK unwrap failed. this is normal, except for the root volume.

85

86 System log

87

88 Sep 27 14:32:17 InterCheck: loaded code with pid 1230 is trusted

89 Sep 27 15:13:08 WindowServer: WSGetSurfaceInWindow : Invalid surface 1117911046 for window 194

90 Sep 27 15:13:08 WindowServer: WSGetSurfaceInWindow : Invalid surface 1117911046 for window 194

91 Sep 27 15:13:08 WindowServer: WSGetSurfaceInWindow : Invalid surface 1117911046 for window 194

92 Sep 27 15:13:39 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.

93 Sep 27 15:14:40 WindowServer: WSGetSurfaceInWindow : Invalid surface 1066001118 for window 214

94 Sep 27 15:14:40 WindowServer: WSGetSurfaceInWindow : Invalid surface 1100251401 for window 214

95 Sep 27 15:14:40 WindowServer: WSBindSurface : Invalid surface 1100251401 for window 214

96 Sep 27 15:15:48 com.apple.kextd: LVG changed

97 Sep 27 15:15:48 com.apple.kextd: LVG changed

98 Sep 27 15:16:16 SophosWebD: [FilterRequestBroker.m:212] Timeout waiting for content scan.

99 Sep 27 15:16:16 SophosWebD: [FilterRequestBroker.m:212] Timeout waiting for content scan.

100 Sep 27 15:16:19 SophosWebD: [FilterRequestBroker.m:212] Timeout waiting for content scan.

101 Sep 27 15:22:19 WindowServer: WSGetSurfaceInWindow : Invalid surface 1281541070 for window 250

102 Sep 27 15:22:19 WindowServer: WSGetSurfaceInWindow : Invalid surface 1281541070 for window 250

103 Sep 27 15:22:19 WindowServer: WSGetSurfaceInWindow : Invalid surface 1281541070 for window 250

104 Sep 27 15:23:05 com.apple.kextd: LVG changed

105 Sep 27 15:23:05 com.apple.kextd: LVG changed

106 Sep 27 15:25:33 fseventsd: Events arrived for /Volumes/Iomega_HDD after an unmount request! Re-initializing.

107 Sep 27 15:25:33 fseventsd: creating a dls for /Volumes/Iomega_HDD but it already has one...

108 Sep 27 15:25:44 diskarbitrationd: mds [61]:19755 not responding.

109 Sep 27 15:26:02 com.apple.kextd: LVG changed

110 Sep 27 15:26:02 com.apple.kextd: LVG changed

111 Sep 27 15:31:01 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:99 refs=7 @ 0x7f879961e750 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x7d07d pid=1362 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100006/0x186a6 queue

112 Sep 27 15:31:01 launchservicesd: Application App:"loginwindow" asn:0x0-1001 pid:99 refs=8 @ 0x7f879961e750 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x7d07d pid=1362 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100006/0x186a6 queue

113

114 launchd log

115

116 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

117 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

118 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

119 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

120 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

121 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc/Contents/MacOS/XPCTimeStampingService error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

122 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc/Contents/MacOS/com.apple.DictionaryServiceHelper error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

123 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc/Contents/MacOS/XPCKeychainSandboxCheck error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

124 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc/Contents/MacOS/IOServiceAuthorizeAgent error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

125 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

126 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCTimeSta mpingService.xpc, error = 1: Operation not permitted

127 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc, error = 1: Operation not permitted

128 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Failed to bootstrap path: path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc, error = 1: Operation not permitted

129 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Failed to bootstrap path: path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc, error = 1: Operation not permitted

130 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Failed to bootstrap path: path = /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Diction aryServices.framework/Versions/A/XPCServices/com.apple.DictionaryServiceHelper.x pc, error = 1: Operation not permitted

131 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Failed to bootstrap path: path = /System/Library/Frameworks/IOKit.framework/Versions/A/XPCServices/IOServiceAuth orizeAgent.xpc, error = 1: Operation not permitted

132 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Failed to bootstrap path: path = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/XPCKeychai nSandboxCheck.xpc, error = 1: Operation not permitted

133 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/Frameworks/AppKit.framework/Versions/C/XPCServices/SandboxedSer viceRunner.xpc/Contents/MacOS/SandboxedServiceRunner error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

134 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/SpeechRecognitionCore.framework/Versions/A/XP CServices/com.apple.SpeechRecognitionCore.brokerd.xpc/Contents/MacOS/com.apple.S peechRecognitionCore.brokerd error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

135 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/XPCSer vices/DataDetectorsDynamicData.xpc/Contents/MacOS/DataDetectorsDynamicData error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

136 Sep 26 21:53:50 com.apple.xpc.launchd.domain.pid.SecurityAgent.238: Path not allowed in target domain: type = uid, path = /System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/ com.apple.geod.xpc/Contents/MacOS/com.apple.geod error = 1: Operation not permitted, origin = /System/Library/Frameworks/Security.framework/Versions/A/XPCServices/SecurityAg ent.xpc

137 Sep 26 21:56:32 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.281, service = com.linebreak.CloudLoginHelper, error = 119: Service is disabled

138 Sep 26 21:56:32 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.281, service = com.jetson.Magic-Window-Helper, error = 119: Service is disabled

139 Sep 26 21:56:32 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.281, service = com.sockii.helper.capture365journalmac, error = 119: Service is disabled

140 Sep 26 21:56:32 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.281, service = com.apple.photostream-agent, error = 119: Service is disabled

141

142 Console log

143

144 Sep 22 00:02:19 mdworker: -[__NSArrayM objectForKey:]: unrecognized selector sent to instance 0x7fc3b36298a0

145 Sep 22 00:03:40 mdworker: -[__NSArrayM objectForKey:]: unrecognized selector sent to instance 0x7fc3b3625470

146 Sep 26 20:52:10 fontd: Failed to open read-only database, regenerating DB

147

148 Loaded kernel extensions

149

150 com.Cvnt.driver.CvntDriver (0208.05.97)

151 com.Cvnt.nke (0208.05.97)

152 com.sophos.kext.sav (9.4.50)

153 com.sophos.nke.swi (9.4.50)

154

155 System services loaded

156

157 com.Cvnt.daemon

158 com.adobe.fpsaud

159 com.apple.Kerberos.kdc

160 - status: 1

161 com.apple.watchdogd

162 com.cvnt.cehostsd

163 com.cvnt.celapid

164 com.google.keystone.daemon

165 com.oracle.java.Helper-Tool

166 com.oracle.java.JavaUpdateHelper

167 com.sophos.autoupdate

168 com.sophos.common.servicemanager

169 com.sophos.configuration

170 com.sophos.intercheck

171 com.sophos.notification

172 com.sophos.scan

173 com.sophos.sxld

174 com.sophos.webd

175 net.waterroof.rules

176

177 Login services loaded

178

179 2BUA8C4S2C.com.agilebits.onepassword-osx-helper

180 com.Cvnt.start

181 com.apple.Finder

182 - status: -15

183 com.citrix.AuthManager_Mac

184 com.citrix.ReceiverHelper

185 com.citrix.ServiceRecords

186 com.google.keystone.system.agent

187 com.hp.devicemonitor

188 com.oracle.java.Java-Updater

189 com.sophos.uiserver

190

191 Login services disabled

192

193 com.apple.photostream-agent

194

195 User services disabled

196

197 com.apple.photostream-agent

198

199 User login items

200

201 CitrixFMDPrefPlugin

202 - /Applications/Citrix/FollowMeData/CitrixFMDPrefPlugin.app

203

204 Parental Controls: On

205

206 Safari extensions

207

208 1Password

209 - com.agilebits.onepassword4-safari

210 ClickToFlash

211 - com.hoyois.safari.clicktoflash

212 Covenant Eyes

213 - com.covenanteyes.safari-extension

214 Save to Pocket

215 - com.ideashower.pocket.safari

216 Twitter for Safari

217 - com.twitter.safari-extension

218 YouTube5

219 - com.verticalforest.youtube5

220

221 Widgets

222

223 iCal Events

224

225 iCloud errors

226

227 Finder 606

228 cloudd 167

229 bird 15

230 Spotlight 4

231 CallHistorySyncHelper 3

232 comapple.CloudPhotosConfiguration 2

233

234 Continuity errors

235

236 sharingd 1

237

238 Restricted files: 9089

239

240 Lockfiles: 38

241

242 Global prefs (user)

243

244 NSCloseAlwaysConfirmsChanges = 1

245 NSQuitAlwaysKeepsWindows = 1

246

247 Contents of /Library/LaunchAgents/com.Cvnt.start.plist

248 - mod date: Sep 23 17:57:18 2015

249 - size (B): 496

250 - checksum: 1162679678

251

252 <?xml version="1.0" encoding="UTF-8"?>

253 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

254 <plist version="1.0">

255 <dict>

256 <key>KeepAlive</key>

257 <true/>

258 <key>Label</key>

259 <string>com.Cvnt.start</string>

260 <key>ProgramArguments</key>

261 <array>

262 <string>/Applications/Covenant Eyes.app/Contents/MacOS/Covenant Eyes</string>

263 </array>

264 <key>RunAtLoad</key>

265 <true/>

266 <key>LaunchOnlyOnce</key>

267 <true/>

268 <key>Disabled</key>

269 <false/>

270 </dict>

271 </plist>

272

273 Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

274 - mod date: Apr 18 10:35:39 2013

275 - size (B): 104

276 - checksum: 3703665025

277

278 <?xml version="1.0" encoding="UTF-8"?>

279 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

280 <plist version="1.0">

281 <dict>

282 <key>Label</key>

283 <string>com.oracle.java.Java-Updater</string>

284 <key>ProgramArguments</key>

285 <array>

286 <string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>

287 <string>-bgcheck</string>

288 </array>

289 <key>StandardErrorPath</key>

290 <string>/dev/null</string>

291 <key>StandardOutPath</key>

292 <string>/dev/null</string>

293 <key>StartCalendarInterval</key>

294 <dict>

295 <key>Hour</key>

296 <integer>21</integer>

297 <key>Minute</key>

298 <integer>7</integer>

299 <key>Weekday</key>

300 <integer>5</integer>

301 </dict>

302 </dict>

303

304 ...and 1 more line(s)

305

306 Contents of /Library/LaunchAgents/com.sophos.uiserver.plist

307 - mod date: Sep 24 17:34:47 2015

308 - size (B): 563

309 - checksum: 40276757

310

311 <?xml version="1.0" encoding="UTF-8"?>

312 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

313 <plist version="1.0">

314 <dict>

315 <key>KeepAlive</key>

316 <true/>

317 <key>Label</key>

318 <string>com.sophos.uiserver</string>

319 <key>ProgramArguments</key>

320 <array>

321 <string>/Library/Sophos Anti-Virus/SophosUIServer.app/Contents/MacOS/SophosUIServer</string>

322 </array>

323 <key>RunAtLoad</key>

324 <true/>

325 <key>StandardErrorPath</key>

326 <string>/dev/null</string>

327 <key>StandardOutPath</key>

328 <string>/dev/null</string>

329 </dict>

330 </plist>

331

332 Contents of /Library/LaunchDaemons/com.Cvnt.daemon.plist

333 - mod date: Sep 23 17:57:18 2015

334 - size (B): 957

335 - checksum: 3551062947

336

337 <?xml version="1.0" encoding="UTF-8"?>

338 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

339 <plist version="1.0">

340 <dict>

341 <key>Label</key>

342 <string>com.Cvnt.daemon</string>

343 <key>ProgramArguments</key>

344 <array>

345 <string>/usr/local/libexec/CvntDaemon</string>

346 </array>

347 <key>RunAtLoad</key>

348 <true/>

349 <key>WatchPaths</key>

350 <array>

351 <string>/System/Library/Extensions/Cvnt.legacy.kext</string>

352 <string>/System/Library/Extensions/CvntDriver.legacy.kext</string>

353 <string>/Library/Extensions/Cvnt.kext</string>

354 <string>/Library/Extensions/CvntDriver.kext</string>

355 <string>/Applications/Covenant Eyes.app</string>

356 <string>/usr/local/libexec/cehostsd</string>

357 <string>/usr/local/libexec/celapid</string>

358 <string>/Library/LaunchDaemons/com.cvnt.cehostsd.plist</string>

359 <string>/Library/LaunchDaemons/com.cvnt.celapid.plist</string>

360 <string>/private/var/.ce</string>

361 </array>

362

363 ...and 2 more line(s)

364

365 Contents of /Library/LaunchDaemons/com.cvnt.cehostsd.plist

366 - mod date: Sep 23 17:57:18 2015

367 - size (B): 535

368 - checksum: 3123200950

369

370 <?xml version="1.0" encoding="UTF-8"?>

371 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

372 <plist version="1.0">

373 <dict>

374 <key>Label</key>

375 <string>com.cvnt.cehostsd</string>

376 <key>ProgramArguments</key>

377 <array>

378 <string>/usr/local/libexec/cehostsd</string>

379 </array>

380 <key>RunAtLoad</key>

381 <true/>

382 <key>StartInterval</key>

383 <integer>3600</integer>

384 <key>UserName</key>

385 <string>root</string>

386 <key>WatchPaths</key>

387 <array>

388 <string>/etc/hosts</string>

389 </array>

390 </dict>

391 </plist>

392

393 Contents of /Library/LaunchDaemons/com.cvnt.celapid.plist

394 - mod date: Sep 23 17:57:18 2015

395 - size (B): 410

396 - checksum: 3440685966

397

398 <?xml version="1.0" encoding="UTF-8"?>

399 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

400 <plist version="1.0">

401 <dict>

402 <key>Label</key>

403 <string>com.cvnt.celapid</string>

404 <key>KeepAlive</key>

405 <true/>

406 <key>ProgramArguments</key>

407 <array>

408 <string>/usr/local/libexec/celapid</string>

409 </array>

410 <key>UserName</key>

411 <string>root</string>

412 </dict>

413 </plist>

414

415 Contents of /Library/LaunchDaemons/com.sophos.common.servicemanager.plist

416 - mod date: Sep 24 17:34:38 2015

417 - size (B): 658

418 - checksum: 521223032

419

420 <?xml version="1.0" encoding="UTF-8"?>

421 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

422 <plist version="1.0">

423 <dict>

424 <key>StandardErrorPath</key>

425 <string>/dev/null</string>

426 <key>StandardOutPath</key>

427 <string>/dev/null</string>

428 <key>Label</key>

429 <string>com.sophos.common.servicemanager</string>

430 <key>ProgramArguments</key>

431 <array>

432 <string>/Library/Sophos Anti-Virus/SophosServiceManager.bundle/Contents/MacOS/SophosServiceManager</str ing>

433 </array>

434 <key>KeepAlive</key>

435 <true/>

436 <key>MachServices</key>

437 <dict>

438 <key>com.sophos.common.servicemanager</key>

439 <true/>

440 </dict>

441 </dict>

442 </plist>

443

444 Contents of /Library/LaunchDaemons/net.waterroof.rules.plist

445 - mod date: Sep 21 14:29:51 2011

446 - size (B): 449

447 - checksum: 3313947869

448

449 <?xml version="1.0" encoding="UTF-8"?>

450 <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

451 <plist version="1.0">

452 <dict>

453 <key>Label</key>

454 <string>net.waterroof.rules</string>

455 <key>ProgramArguments</key>

456 <array>

457 <string>/etc/waterroof.sh</string>

458 </array>

459 <key>RunAtLoad</key>

460 <true/>

461 <key>ServiceDescription</key>

462 <string>WaterRoof: load firewall rules</string>

463 </dict>

464 </plist>

465

466 Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist

467 - mod date: Apr 12 21:22:07 2015

468 - size (B): 554

469 - checksum: 3012644940

470

471 <?xml version="1.0" encoding="UTF-8"?>

472 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

473 <plist version="1.0">

474 <dict>

475 <key>Disabled</key>

476 <true/>

477 <key>Label</key>

478 <string>org.apache.httpd</string>

479 <key>EnvironmentVariables</key>

480 <dict>

481 <key>XPC_SERVICES_UNAVAILABLE</key>

482 <string>1</string>

483 </dict>

484 <key>ProgramArguments</key>

485 <array>

486 <string>/usr/sbin/httpd-wrapper</string>

487 <string>-D</string>

488 <string>FOREGROUND</string>

489 </array>

490 <key>OnDemand</key>

491 <false/>

492 </dict>

493 </plist>

494

495 Contents of /private/etc/hosts

496 - mod date: Apr 2 09:21:35 2014

497 - size (B): 9950

498 - checksum: 2249785262

499

500 216.239.32.20 www.google.ac # __CE_WATERMARK__

501 216.239.32.20 www.google.ad # __CE_WATERMARK__

502 216.239.32.20 www.google.ae # __CE_WATERMARK__

503 216.239.32.20 www.google.al # __CE_WATERMARK__

504 216.239.32.20 www.google.am # __CE_WATERMARK__

505 216.239.32.20 www.google.as # __CE_WATERMARK__

506 216.239.32.20 www.google.at # __CE_WATERMARK__

507 216.239.32.20 www.google.az # __CE_WATERMARK__

508 216.239.32.20 www.google.ba # __CE_WATERMARK__

509 216.239.32.20 www.google.be # __CE_WATERMARK__

510 216.239.32.20 www.google.bf # __CE_WATERMARK__

511 216.239.32.20 www.google.bg # __CE_WATERMARK__

512 216.239.32.20 www.google.bi # __CE_WATERMARK__

513 216.239.32.20 www.google.bj # __CE_WATERMARK__

514 216.239.32.20 www.google.bs # __CE_WATERMARK__

515 216.239.32.20 www.google.bt # __CE_WATERMARK__

516 216.239.32.20 www.google.by # __CE_WATERMARK__

517 216.239.32.20 www.google.ca # __CE_WATERMARK__

518 216.239.32.20 www.google.cat # __CE_WATERMARK__

519 216.239.32.20 www.google.cc # __CE_WATERMARK__

520 216.239.32.20 www.google.cd # __CE_WATERMARK__

521 216.239.32.20 www.google.cf # __CE_WATERMARK__

522 216.239.32.20 www.google.cg # __CE_WATERMARK__

523 216.239.32.20 www.google.ch # __CE_WATERMARK__

524 216.239.32.20 www.google.ci # __CE_WATERMARK__

525

526 ...and 179 more line(s)

527

528 Extensions

529

530 /Library/Extensions/Cvnt.kext

531 - com.Cvnt.nke

532 /Library/Extensions/CvntDriver.kext

533 - com.Cvnt.driver.CvntDriver

534 /Library/Extensions/SophosNetworkInterceptor.kext

535 - com.sophos.nke.swi

536 /Library/Extensions/SophosOnAccessInterceptor.kext

537 - com.sophos.kext.sav

538 /System/Library/Extensions/JMicronATA.kext

539 - com.jmicron.JMicronATA

540 /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns/ssudmdmcontrol.kext

541 - com.devguru.driver.SamsungACMControl

542 /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns/ssudmdmdata.kext

543 - com.devguru.driver.SamsungACMData

544 /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns/ssudmtp.kext

545 - com.devguru.driver.SamsungMTP

546 /System/Library/Extensions/ssuddrv.kext/Contents/PlugIns/ssudserial.kext

547 - com.devguru.driver.SamsungSerial

548 /System/Library/Extensions/ssuddrv.kext

549 - com.devguru.driver.SamsungComposite

550

551 Applications

552

553 /Applications/Citrix Receiver.app

554 - com.citrix.receiver.nomas

555 /Applications/Citrix/FollowMeData/CitrixFMDAgent.app

556 - com.citrix.FMDAgent

557 /Applications/Citrix/FollowMeData/CitrixFMDPrefPlugin.app

558 - com.citrix.FMDPlugin

559 /Applications/Citrix/FollowMeData/ContextMenuApp.app

560 - Citrix.ContextMenuApp

561 /Applications/Citrix/FollowMeData/SyncEngine/SyncEngine.app

562 - com.citrix.SyncEngine

563 /Applications/Citrix/FollowMeData/Uninstall ShareFile Plug-in.app

564 - com.citrix.FMDUninStaller

565 /Applications/Google Earth.app

566 - com.Google.GoogleEarthPlus

567 /Applications/Hewlett-Packard/HP Scan 3.app

568 - com.hp.scan.app

569 /Applications/Hewlett-Packard/HP Uninstaller.app

570 - com.hp.Uninstaller

571 /Applications/Keynote '09.app

572 - com.apple.automator.Keynote '09

573 /Applications/Numbers '09.app

574 - com.apple.automator.Numbers '09

575 /Applications/Pages '09.app

576 - com.apple.automator.iWork '09 - Pages

577 /Applications/Utilities/Adobe AIR Application Installer.app

578 - com.adobe.air.ApplicationInstaller

579 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Add to iPhoto Library.app

580 - com.apple.automator.AddtoiPhotoLibrary

581 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Email Image.app

582 - com.apple.automator.EmailImage

583 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Email PDF.app

584 - com.apple.automator.EmailPDF

585 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Open HP Scan.app

586 - com.apple.automator.OpenHPScan

587 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Open PDF in Preview.app

588 - com.apple.automator.OpenPDFinPreview

589 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Open in Preview.app

590 - com.apple.automator.OpeninPreview

591 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Save PDF in Documents.app

592 - com.apple.automator.SavePDFinDocuments

593 /Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Save in Pictures.app

594 - com.apple.automator.SaveinPictures

595 /Library/Application Support/Microsoft/Silverlight/OutOfBrowser/SLLauncher.app

596 - com.microsoft.silverlight.sllauncher

597 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR Application Installer.app

598 - com.adobe.air.ApplicationInstaller

599 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app

600 - com.adobe.air.Template

601 /Library/Printers/hp/Fax/fax.backend

602 - com.hp.fax

603 /Library/Printers/hp/Fax/rastertofax.filter

604 - com.hp.rastertofax

605 /Library/Printers/hp/cups/filters/commandtohp.filter

606 - com.hp.print.cups.filter.commandtohp

607 /Library/Printers/hp/cups/filters/pdftopdf.filter

608 - com.hp.print.cups.filter.pdftopdf

609 /Library/Printers/hp/cups/tools/autosetup.tool

610 - com.hp.print.autosetup

611 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Add to iPhoto Library.app

612 - com.apple.automator.AddtoiPhotoLibrary

613 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Email Image.app

614 - com.apple.automator.EmailImage

615 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Email PDF.app

616 - com.apple.automator.EmailPDF

617 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Open HP Scan.app

618 - com.apple.automator.OpenHPScan

619 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Open PDF in Preview.app

620 - com.apple.automator.OpenPDFinPreview

621 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Open in Preview.app

622 - com.apple.automator.OpeninPreview

623 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Save PDF in Documents.app

624 - com.apple.automator.SavePDFinDocuments

625 /Users/USER/Library/Application Support/Hewlett-Packard/Workflows/Shortcuts/Save in Pictures.app

626 - com.apple.automator.SaveinPictures

627 /usr/local/libexec/AuthManager_Mac.app

628 - com.citrix.AuthManagerMac

629 /usr/local/libexec/ReceiverHelper.app

630 - com.citrix.ReceiverHelper

631 /usr/local/libexec/ServiceRecords.app

632 - Citrix.ServiceRecords

633

634 Frameworks

635

636 /Library/Frameworks/Adobe AIR.framework

637 - com.adobe.AIR

638 /Library/Frameworks/SAVI.framework

639 - com.sophos.sav.savi

640 /Library/Frameworks/SUMScanKit.framework

641 - com.sophos.sum.scan.kit

642 /Library/Frameworks/SophosGenericsCommon.framework

643 - com.sophos.macendpoint.SophosGenericsCommon

644 /Library/Frameworks/SophosGenericsCore.framework

645 - com.sophos.macendpoint.SophosGenericsCore

646 /Users/USER/Library/Frameworks/SamsungKiesFoundation.framework

647 - com.samsung.kies.framework.foundation

648 /Users/USER/Library/Frameworks/SamsungKiesSerialPort.framework

649 - com.samsung.kies.framework.serialport

650

651 PrefPane

652

653 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.pref Pane

654 - com.oracle.java.JavaControlPanel

655 /Library/PreferencePanes/FMDSysPrefPane.prefPane

656 - Citrix.FMDSysPrefPane

657 /Library/PreferencePanes/Flash Player.prefPane

658 - com.adobe.flashplayerpreferences

659

660 Bundles

661

662 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/AdobeCP15.plugin

663 - com.adobe.adobecp

664 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Flash Player.plugin

665 - com.macromedia.FlashPlayer-10.6.plugin

666 /Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin

667 - com.citrix.citrixicaclientplugIn

668 /Library/Internet Plug-Ins/Flash Player.plugin

669 - com.macromedia.Flash Player.plugin

670 /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

671 - com.oracle.java.JavaAppletPlugin

672 /Library/Internet Plug-Ins/NP_2020Player_IKEA.plugin

673 - com.2020technologies.2020Player-IKEA.NP

674 /Library/Internet Plug-Ins/Silverlight.plugin

675 - com.microsoft.SilverlightPlugin

676 /Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle

677 - com.skype.skypeabdialer

678 /Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle

679 - com.skype.skypeabsms

680 /Users/USER/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin

681 - com.Google.GoogleEarthPlugin.plugin

682 /Users/USER/Library/Widgets/iCal Events.wdgt

683 - com.benkazez.widget.icalevents

684

685 Bundles (new)

686

687 /Applications/Covenant Eyes.app

688 - com.Cvnt.ce

689 /Applications/Remove Sophos Anti-Virus.app

690 - com.sophos.macendpoint.Remove-Sophos-Anti-Virus

691 /Applications/Sophos Anti-Virus.app

692 - com.sophos.macendpoint.Sophos-Anti-Virus

693 /Applications/Utilities/Adobe Flash Player Install Manager.app

694 - com.adobe.flashplayer.installmanager

695 /Applications/Utilities/Uninstall Covenant Eyes.app

696 - com.Cvnt.Uninstall

697 /Library/Application Support/Sophos/he/Installer.app

698 - com.sophos.macendpoint.Installer

699 /Library/Application Support/Sophos/he/Sophos Installer Components/savi.bundle

700 - com.sophos.macinstallpkg.savi

701 /Library/Frameworks/SAVI.framework

702 - com.sophos.sav.savi

703 /Library/Frameworks/SAVI.framework/Versions/A/Frameworks/Python.framework

704 - org.python.python

705 /Library/Frameworks/SUMScanKit.framework

706 - com.sophos.sum.scan.kit

707 /Library/Frameworks/SophosGenericsCommon.framework

708 - com.sophos.macendpoint.SophosGenericsCommon

709 /Library/Frameworks/SophosGenericsCore.framework

710 - com.sophos.macendpoint.SophosGenericsCore

711 /Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle

712 - com.google.Keystone

713 /Library/Internet Plug-Ins/Flash Player.plugin

714 - com.macromedia.Flash Player.plugin

715 /Library/PreferencePanes/Flash Player.prefPane

716 - com.adobe.flashplayerpreferences

717 /Library/Sophos Anti-Virus/InterCheck.app

718 - com.sophos.sav.ic

719 /Library/Sophos Anti-Virus/SophosAntiVirus.app

720 - com.sophos.SophosAntiVirus

721 /Library/Sophos Anti-Virus/SophosAutoUpdate.app

722 - com.sophos.autoupdate

723 /Library/Sophos Anti-Virus/SophosSXLD.app

724 - com.Sophos.macendpoint.SophosSXLD

725 /Library/Sophos Anti-Virus/SophosScanD.app

726 - com.sophos.SophosScanD

727 /Library/Sophos Anti-Virus/SophosServiceManager.bundle

728 - com.sophos.macendpoint.SophosServiceManager

729 /Library/Sophos Anti-Virus/SophosUIServer.app

730 - com.sophos.ui

731 /Library/Sophos Anti-Virus/SophosWebIntelligence.bundle

732 - com.sophos.macendpoint.SophosWebIntelligence

733 /Library/Sophos Anti-Virus/Tools/SDU4OSX.app

734 - com.sophos.SDU4OSX

735

736 Library paths

737

738 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

739 /Library/Image Capture/Support/Hewlett-Packard/Frameworks/HPScanAnalysis.framework/Versions/A/ Resources/Libraries/libopencv_core.dylib

740 /Library/Image Capture/Support/Hewlett-Packard/Frameworks/HPScanAnalysis.framework/Versions/A/ Resources/Libraries/libopencv_highgui.dylib

741 /Library/Image Capture/Support/Hewlett-Packard/Frameworks/HPScanAnalysis.framework/Versions/A/ Resources/Libraries/libopencv_imgproc.dylib

742 /Library/Image Capture/Support/Hewlett-Packard/Frameworks/HPScanAnalysis.framework/Versions/A/ Resources/Libraries/libopencv_objdetect.dylib

743 /Library/Printers/Samsung/ML-1660/SCMS/libscmssc.dylib

744 /Library/Sophos Anti-Virus/Libraries/libcrypto.dylib

745 /Library/Sophos Anti-Virus/Libraries/libssl.dylib

746 /Users/USER/Library/Application Support/Digiarty/MacX YouTube Downloader/onlinevideo.dylib

747 /Users/USER/Library/Application Support/Firefox/Profiles/m1jm9hxg.default/gmp-gmpopenh264/1.4/libgmpopenh264.dy lib

748 /usr/lib/libMonoPosixHelper.dylib

749 /usr/lib/libSFFileMonitor.32.dylib

750 /usr/lib/libSFIPC.32.dylib

751 /usr/lib/libSFIPC.I.dylib

752 /usr/lib/libSFSyncEngine.I.dylib

753 /usr/lib/libSFsqlite3.7.4.dylib

754 /usr/local/lib/libMonoPosixHelper.dylib

755 /usr/local/lib/libSFFileMonitor.32.dylib

756 /usr/local/lib/libSFIPC.32.dylib

757 /usr/local/lib/libSFIPC.I.dylib

758 /usr/local/lib/libSFSyncEngine.I.dylib

759 /usr/local/lib/libSFsqlite3.7.4.dylib

760

761 App extensions

762

763 com.linebreak.CloudAppMacOSX.Share

764 com.linebreak.CloudAppMacOSX.Today

765 com.microsoft.onenote.mac.shareextension

766 it.bloop.airmail2.Airmail-Compose

767 it.bloop.airmail2.Airmail-Share

768 it.bloop.airmail2.Airmail-Today

769

770 Modifications

771

772 file added: /Applications/VLC.app/Contents/MacOS/plugins/plugins.dat

773

774 Installations

775

776 Covenant Eyes: 24/09/2015 21:18

777 Adobe Flash Player: 21/09/2015 21:44

778 Capture 365 Journal: 16/09/2015 10:28

779 Airmail: 07/09/2015 17:39

780 Capture 365 Journal: 03/09/2015 08:11

781

782 Elapsed time (sec): 958

<Edited By Host>

Many thanks for the comprehensive advice.

I uninstalled Covenant Eyes and the problem was resolved. I then installed an earlier version and the problem returned - a bit odd, as the problem only occurred when the latest version was installed. Anyway, I removed the old version and the problem has gone. I will inform the developer of the issue and see whether they can resolve it.

I note your comment about installing 'system modifications', but, unfortunately, Apple do not provide the service that this third party does and there is nothing similar available in the app store.

I also implemented the other actions you suggested and so far, all seems to be well. I had a bit of a panic after doing 'F' because, after I restarted, the Finder bar and desktop were continually blinking, but I restarted again and all seems to be well now.

By way of an update and in case anybody else experiences this issue, I have received the following response from the developer of Covenant Eyes:

Do you have Sophos anti-virus installed? They recently released a new update that conflicts with Covenant Eyes, resulting in the problems you describe.

1. Click on the Sophos icon on the top menu bar.
2. On the menu, select preferences.
3. Under the Web Protection tab, select General Items.
4. Select the lock on the bottom left and type in the Mac admin password.
5. You will see two different options that you have the ability to disable.
6. Block access to malicious websites using realtime URL reputation checks This feature protects your Mac from sites identified to be hosting malicious content, or representing a significant security concern.
7. Block malicious downloads from websites, protecting your Mac from obfuscated, polymorphic and zero-day threats before reaching your browser.
8. Turn both of these off

I have reinstalled Covenant Eyes and, having removed Sophos, it is all working fine.

Thanks for your help.