Apple Event: May 7th at 7 am PT
I have recently installed EtreCheck and it is reporting I have a major Issue “Modified suoders file - The sudoers file has been modified. This is unusual and is sometimes evidence of malware - Found 2474 but expected 1563”. What do I need to do?
iMac, Mac OS X (10.7.2)
It is not unusual, and may not be an issue, but it is unexpected.
Some apps may modify the sudoers file. This may or may not be nefarious.
Viewing the contents would be the only way to verify the changes.
You have to be an admin user to view the file. In Terminal:
sudo cat /etc/sudoers
I'm not certain my sudoers file is "clean," so I don't want to post it as an example. If you post the output from that command, we can look to see what might be causing the discrepancy in size. Etrecheck only looks at the size of the file as it cannot read into it. There are some common sizes and that is what it is checking.
Output of file as requested.
EtreCheck version: 4.1 (4A162)
Report generated: 2018-03-03 13:14:20
Download EtreCheck from https://etrecheck.com
Runtime: 6:52
Performance: Below Average
Problem: Other problem
Major Issues:
Anything that appears on this list needs immediate attention.
Modified suoders file - The sudoers file has been modified. This is unusual and is sometimes evidence of malware.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Unsigned files - There is unsigned software installed. It appears to be legitimate but should be reviewed.
System modifications - There are a large number of system modifications running in the background.
Low performance - EtreCheck report took over 5 minutes to run. This is unusual.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
iMac (Retina 5K, 27-inch, Late 2014)
iMac Model: iMac15,1
1 3.5 GHz Intel Core i5 (i5-4690) CPU: 4-core
32 RAM At maximum
BANK 0/DIMM0
8 GB DDR3 1600 ok
BANK 1/DIMM0
8 GB DDR3 1600 ok
BANK 0/DIMM1
8 GB DDR3 1600 ok
BANK 1/DIMM1
8 GB DDR3 1600 ok
Video Information:
AMD Radeon R9 M290X - VRAM: 2 GB
iMac 5760 x 3240
Drives:
disk0 - APPLE SSD SD0128F 121.33 GB (Solid State - TRIM: Yes)
Internal PCI 5.0 GT/s x2 Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 [Core Storage Container] 120.99 GB
disk2 - Macintosh HD (Journaled HFS+) [Fusion Drive] 1.10 TB
disk0s3 - B*******X [Recovery] 134 MB
disk1 - APPLE HDD ST1000DM003 1.00 TB (Mechanical)
Internal SATA 3 Gigabit Serial ATA
disk1s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk1s2 [Core Storage Container] 981.35 GB
disk2 - Macintosh HD (Journaled HFS+) [Fusion Drive] 1.10 TB
disk1s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
disk1s4 - e****e (Journaled HFS+) 17.87 GB
disk3 - Built In SDXC Reader 61.98 GB
Internal Secure Digital
disk4 - ST3000DM001-1ER166 3.00 TB (Mechanical)
External Thunderbolt 6 Gigabit Serial ATA
disk4s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk4s2 - L********************e (Journaled HFS+) 3.00 TB
disk5 - LaCie d2 Quadra USB 3.0 3.00 TB
External USB 5 Gbit/s
disk5s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk5s2 - L*************p (Journaled HFS+) 3.00 TB
disk6 - Western Digital My Book 1144 3.00 TB
External USB 5 Gbit/s
disk6s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk6s2 - T*********e (Journaled HFS+) 3.00 TB
Mounted Volumes:
disk2 - Macintosh HD [Fusion Drive] 1.10 TB (460.51 GB free)
Journaled HFS+
Mount point: /
disk3s2 - S**********B 61.64 GB (41.59 GB free)
Journaled HFS+
Mount point: /Volumes/S************3
disk4s2 - L********************e 3.00 TB (1.82 TB free)
Journaled HFS+
Mount point: /Volumes/L**********************1
disk5s2 - L*************p 3.00 TB (1.72 TB free)
Journaled HFS+
Mount point: /Volumes/L*************p
disk6s2 - T*********e 3.00 TB (44.15 GB free)
Journaled HFS+
Mount point: /Volumes/T***********1
Network:
Interface en0: Ethernet
One IPv4 address
4 IPv6 addresses
Interface en1: Wi-Fi
802.11 a/b/g/n/ac
One IPv4 address
4 IPv6 addresses
Interface en5: Ethernet Adaptor (en5)
Interface en5: Tether
Interface fw0: Thunderbolt FireWire
Interface en4: Bluetooth PAN
Interface usbmodem14440: MT65xx Preloader
Interface en7: iPhone
Interface en6: iPad
iCloud Quota: 20.21 GB available
System Software:
macOS High Sierra 10.13.3 (17D102)
Time since boot: Less than an hour
System Load: 2.58 (1 min ago) 6.10 (5 min ago) 4.88 (15 min ago)
Configuration Files:
File /etc/sudoers size but expected
Security:
| System | Status |
|---|---|
| Gatekeeper | Mac App Store and identified developers |
| System Integrity Protection | Enabled |
Unsigned Files:
Launchd: /Library/LaunchDaemons/com.maintain.CocktailScheduler.plist
Executable: /usr/bin/osascript -e try -e set schedulerOwner to do shell script "defaults read /Library/'Application Support'/Cocktail/Scheduler.plist SchedulerOwner" -e do shell script "users" -e if the result contains schedulerOwner then -e do shell script "/bin/sh /Library/'Application Support'/Cocktail/Scheduler.sh" -e end if -e end try
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/net.culater.SIMBL.Agent.plist
Executable: /Library/ScriptingAdditions/SIMBL.osax/Contents/Resources/SIMBL Agent.app/Contents/MacOS/SIMBL Agent
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/tv.plex.player-helper.plist
Executable: /Applications/Plex Media Player.app/Contents/MacOS/../Resources/PMP Helper
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.maintain.ShutDown.plist
Executable: /usr/bin/osascript -e delay 3 -e try -e do shell script "killall Cocktail" -e end try -e ignoring application responses -e try -e tell application "System Events" to shut down -e end try -e end ignoring
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.maintain.Restart.plist
Executable: /usr/bin/osascript -e delay 3 -e try -e do shell script "killall Cocktail" -e end try -e ignoring application responses -e try -e tell application "System Events" to restart -e end try -e end ignoring
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.amazon.music.startup.plist
Executable: /Applications/Amazon Music.app/Contents/MacOS/Amazon Music
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.maintain.Sleep.plist
Executable: /usr/bin/osascript -e delay 3 -e try -e do shell script "killall Cocktail" -e end try -e ignoring application responses -e try -e tell application "System Events" to sleep -e end try -e end ignoring
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.maintain.LogOut.plist
Executable: /usr/bin/osascript -e delay 3 -e try -e do shell script "killall Cocktail" -e end try -e ignoring application responses -e try -e tell application "System Events" to log out -e end try -e end ignoring
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.amazon.music.plist
Executable: /Applications/Amazon Music.app/Contents/MacOS/Amazon Music Helper
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.privateinternetaccess.osx.PIA-VPN.plist
Executable: /Applications/Private Internet Access.app/Contents/MacOS/run.sh --startup
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.serviio.server.plist
Executable: /bin/bash /Library/Application Support/Serviio/bin/serviio.sh
Details: Exact match found in the whitelist - probably OK
32-bit Applications:
| Name | Version |
| STU_Messenger | 1.2 |
| Music Folder Files Not Added | 1.1 |
| Microsoft Office Reminders | 14.7.7 |
| Adobe Extension Manager CC | 7.2.1.6 |
| StellarPhoenixMacDataRecovery | |
| Microsoft Office Setup Assistant | 14.1.0 |
| AirRadar | 3.2 |
| Adobe Application Manager | 10.0.0.49 |
| My Day | 14.7.7 |
| Found | 1.2.5 |
| Microsoft Ship Asserts | 1.1.4 |
| Wondershare Passport | 1.3.5 |
| Video Converter - Clone2Go | 3.4.0 |
| QuickTime Player 7 | 7.6.6 |
| VideoSolo Free Video Converter | 1.0.8.63975 |
| Sky Go Download Player | 1.0 |
| ToastIt.service | ToastIt 2.0 (build 100) |
| Microsoft Chart Converter | 14.7.7 |
| HP Photo Creations | 1.0.0.11792 |
| Kindle | 1.21.1 |
| uTorrent | 1.8.7 |
| PhoneClean | 4.1 |
| Microsoft PowerPoint | 14.7.7 |
| Logitech Harmony Remote Software | 7.8.1 |
| OverDrive Media Console | Version 1.2.0 |
| Toast Titanium | 16 (4745) |
| Garmin MapInstall | 4.1.1 |
| Alarm Clock Pro | 9.6.1 |
| TextWrangler | 5.5.2 |
| Microsoft Clip Gallery | 14.7.7 |
| Microsoft Alerts Daemon | 14.7.7 |
| PlayMemories Home | 3.4.00.05021 |
| rapportd | 1609.67 |
| namebench | 1.3.1 |
| Performance Probe | 2.0 |
| Microsoft Error Reporting | 2.2.9 |
| OpenDNS Updater | 3.0 |
| Microsoft Database Utility | 14.7.7 |
| adobe_licutil | 7.0.1.109 |
| COCM_1_0_32 | 3.7.0.271 |
| Microsoft Database Daemon | 14.7.7 |
| Mac Product Key Finder Pro | 1.3 |
| Install Paragon NTFS for Mac 14 | |
| CORG_1_1_32 | 4.3.0.256 |
| Equation Editor | 14.2.0 |
| Microsoft Document Connection | 14.7.7 |
| Topaz Star Effects | |
| LAN_SpeedTest | 0.1 |
| AAMLauncherUtil | 10.0.0.49 |
| SonyGPSSupportTool | 3.4.00.05021 |
| Photo Mechanic 5 | 5.0, build 18040 (9e75cf5) |
| Microsoft Query | 12.0.0 |
| DVD Player | 5.8 |
| Preferential Treatment | 1.1.8 |
| MyHarmony | 1.0.0.67 |
| Uninstall Product | 5.0.65.0 |
| COSY_2_4_4_32 | 4.3.0.256 |
| LaCieFirmwareUpdater | 1.1.6 |
| Impactor | 0.9.38 |
| Paragon Updater | 1.151 |
| Emby.Server.Mac | 3 |
| Roxio Restore | 1.0.4 |
| Garmin BaseCamp | 4.6.3 |
| Change Hidden Preferences | 2.5 |
| Aimersoft DVD Ripper | 4.0.0 |
| CORE_1_0_32 | 3.7.0.271 |
| SilentCleanServer | 4.0 |
| Discus_429 | Discus 4.29 © 2016 Magic Mouse Productions |
| acphelper | 2.1.5 |
| myphotobook.co.uk | 1.6.5 |
| SLLauncher | 1.0 |
| Pro Player | 2.2.1 |
| Microsoft Upload Center | 14.7.7 |
| SpeedTools Utilities Pro | 3.9.2 |
| iMusic | 2.0.5.3 |
| FLAC MP3 Converter | 6.1.11 |
| RemoteCameraControl | 3.7.01.12130 |
| BBC iPlayer Downloads | 1.14.2 |
| COPS_1_0_32 | 3.7.0.271 |
| Adobe Flash Player Install Manager | 28.0.0.161 |
| AAM Updates Notifier | 9.0.0.281 |
| SoftwareAgent | 1.3 |
| iTunes Account Switcher | 1.1 |
| Find Any File | 1.9 |
| Purge | 1.0 |
| RapportGUI | 1609.67 |
| SetEXIFData | 6.0 |
| Google Photos Backup | 1.1.1 |
| Xbench | 1.3 |
| OsiriX Launcher | 1.0 |
| Microsoft Graph | 14.7.7 |
| SonyAutoLauncher | 3.4.00.05021 |
| Garmin WebUpdater | 2.1.3 |
| Topaz Lens Effects | |
| Printer Pro Desktop | 1.3.5 |
| Standard File Prep | 1.0 |
| Office365Service | 14.7.7 |
| Image Data Converter Ver.5 | 5.1.0.04260 |
| {244FD30F-63F1-49B9-9D98-1150FF4FFCB1} | 9.0.0.65 |
| DiskTools Pro | 3.9.1 |
| PMHAnnounce | 3.4.00.05021 |
| Xmarks for Safari | 2.0.19 |
| CrossOver | 16.2.5 |
| Android File Transfer Agent | 1.0.50.2266 |
| Microsoft Language Register | 14.7.7 |
| iMusic Helper | 1.0.0.1 |
| Microsoft Messenger | 8.0.1 |
| Garmin MapManager | 3.0.1 |
| Print Window | 5.3.1 |
| Microsoft Excel | 14.7.7 |
| PDF Merge | 3.0.3 |
| SMART Alert | 1.5.0 |
| InkServer | 10.9 |
| KCNScrew | 1.6 |
| AAM Registration Notifier | 7.0.0.485 |
| Scrivener | 2.8.1.2 |
| Append To Selected Tag | 2.2 |
| SyncServicesAgent | 14.7.7 |
| Open XML for Excel | 14.7.7 |
| KBRG_8_0_1 | 4.3.0.256 |
| Solver | 1.0 |
| Garmin Training Center | 3.2.1 |
| Picasa | 3.9.141 |
Kernel Extensions:
/Applications/DiskWarrior.app
[Not Loaded] DiskWarriorPreview.kext (Alsoft, Inc, 5.0 - SDK 10.5)
/Applications/Parallels Desktop.app
[Not Loaded] prl_hypervisor.kext (Parallels International GmbH, 13.1.0 43108 - SDK 10.9)
[Not Loaded] prl_netbridge.kext (Parallels International GmbH, 13.1.0 43108 - SDK 10.9)
[Not Loaded] prl_usb_connect.kext (Parallels International GmbH, 13.1.0 43108 - SDK 10.9)
[Not Loaded] prl_vnic.kext (Parallels International GmbH, 13.1.0 43108 - SDK 10.9)
/Applications/SystemSoftwareUpdater.app
[Not Loaded] SONYDeviceType01.kext (Sony Corporation, 1.2.00.01242 - SDK 10.5)
/Applications/TechTool Pro 9.app
[Not Loaded] spdKernel.kext (Micromat, Inc., 1.0 - SDK 10.11)
[Not Loaded] spdKernel_10.8.kext (1.0 - SDK 10.8)
/Applications/Toast 16 Titanium/MultiCam Capture.app
[Loaded] SoundflowerSigned.kext (Corel Inc., 1.6.7 - SDK 10.7)
/Applications/Toast 16 Titanium/Toast Titanium.app
[Not Loaded] TDIXController.kext (2.0)
/Applications/Viscosity.app
[Not Loaded] tap.kext (SparkLabs Pty Ltd, 1.2)
/Applications/iMusic.app
[Loaded] SystemAudioRecorder.kext (1.1.0 - SDK 10.6)
/Library/Extensions
[Loaded] LittleSnitch.kext (Objective Development Software GmbH, 4.0.6 nightly (5119) - SDK 10.11)
[Not Loaded] FTDIKext.kext (Wacom Technology Corp., 1.0 - SDK 10.12)
[Loaded] FileProtect.kext (Bitdefender SRL, 1.1 - SDK 10.11)
[Loaded] SelfProtect.kext (Bitdefender SRL, 1.2.9 - SDK 10.8)
[Loaded] TMProtection.kext (Bitdefender SRL, 5.0.0 - SDK 10.11)
[Loaded] MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.2 - SDK 10.13)
[Not Loaded] Wacom Tablet.kext (Wacom Technology Corp., Wacom Tablet 6.3.25-2 - SDK 10.12)
[Not Loaded] tap.kext (ExprsVPN LLC, 20150118)
[Not Loaded] tun.kext (ExprsVPN LLC, 20150118)
/Library/MacCheck/MacCheckWorkerDaemon.app
[Not Loaded] SPDKernel.kext (Micromat, Inc., 1.0 - SDK 10.9)
/System/Library/Extensions
[Not Loaded] Belcarra.USBLAN_netpart.kext (3.1.1 - SDK 10.6)
[Not Loaded] Belcarra.USBLAN_usbpart.kext (3.1.1 - SDK 10.6)
[Loaded] LaCieScsiType00.kext (1.9.1 - SDK 10.5)
[Not Loaded] RemoteControl.USBLAN_usbpart.kext (3.1.1 - SDK 10.7)
[Not Loaded] daspi.kext (1.5)
[Not Loaded] Tether.kext (1.1.0d4 - SDK 10.4)
[Loaded] Tether64.kext (1.1.0d3 - SDK 10.6)
[Not Loaded] SONYDeviceType04.kext (Sony Corporation, 1.3.0.06030 - SDK 10.10)
[Not Loaded] UsbEthernetGadget.kext (1.0.0d1)
[Not Loaded] SATSMARTDriver.kext (0.11 - SDK 10.6)
/System/Library/Extensions/2.2.0/Belcarra.USBLAN_netpart.kext/Contents/Plug-Ins
[Not Loaded] Belcarra.USBLAN_netpart.kext (1.6.3)
/System/Library/Extensions/2.2.0/Belcarra.USBLAN_usbpart.kext/Contents/Plug-Ins
[Not Loaded] Belcarra.USBLAN_usbpart.kext (1.6.3)
/System/Library/Extensions/2.2.0/RemoteControl.USBLAN_usbpart.kext/Contents/Plug -Ins
[Not Loaded] RemoteControl.USBLAN_usbpart.kext (1.6.2)
~/Library/Application Support/DAEMONToolsAgent/DAEMONToolsAgent.app
[Not Loaded] DAEMONToolsVirtualSCSIBus.10-9.kext (Disc Soft Ltd, 1.0.2 - SDK 10.12)
System Launch Agents:
| [Not Loaded] | 7 Apple tasks |
| [Loaded] | 163 Apple tasks |
| [Running] | 120 Apple tasks |
System Launch Daemons:
| [Not Loaded] | 33 Apple tasks |
| [Loaded] | 180 Apple tasks |
| [Running] | 119 Apple tasks |
Launch Agents:
| [Not Loaded] | com.maintain.SystemEvents.plist (Apple, Inc. - installed 2017-10-03) |
| [Not Loaded] | com.oracle.java.Java-Updater.plist (? c167cdc3 - installed 2017-12-20) |
| [Running] | com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2018-02-20) |
| [Running] | com.bjango.istatmenus.agent.plist (Bjango Pty Ltd - installed 2018-02-28) |
| [Not Loaded] | com.maintain.PurgeInactiveMemory.plist (Apple, Inc. - installed 2018-01-19) |
| [Not Loaded] | com.privateinternetaccess.osx.PIA-VPN.plist (? 352a723f - installed 2018-02-21) |
| [Not Loaded] | com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-01-18) |
| [Running] | com.bitdefender.antivirusformac.plist (Bitdefender SRL - installed 2017-09-20) |
| [Running] | com.bjango.istatmenus.status.plist (Bjango Pty Ltd - installed 2018-02-28) |
| [Not Loaded] | com.maintain.Sleep.plist (? 94f768ba - installed 2017-12-01) |
| [Not Loaded] | com.google.keystone.agent.plist (Google, Inc. - installed 2017-09-28) |
| [Not Loaded] | com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2017-08-17) |
| [Running] | com.trusteer.rapport.rapportd.plist (Trusteer LTD - installed 2017-11-12) |
| [Running] | com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-02-26) |
| [Running] | at.obdev.LittleSnitchHelper.plist (Objective Development Software GmbH - installed 2018-02-22) |
| [Not Loaded] | net.culater.SIMBL.Agent.plist (? 850e6250 - installed 2015-12-19) |
| [Not Loaded] | com.maintain.LogOut.plist (? 1d95663e - installed 2017-12-01) |
| [Not Loaded] | com.maintain.Restart.plist (? 5421a7fd - installed 2017-12-01) |
| [Not Loaded] | com.wacom.wacomtablet.plist (Wacom Technology Corp. - installed 2017-10-05) |
| [Running] | com.micromat.TechToolProAgent.plist (Micromat, Inc. - installed 2017-12-11) |
| [Running] | at.obdev.LittleSnitchUIAgent.plist (Objective Development Software GmbH - installed 2018-02-22) |
| [Not Loaded] | com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-01-29) |
| [Not Loaded] | com.maintain.ShutDown.plist (? 9b7e817c - installed 2017-12-01) |
Launch Daemons:
| [Loaded] | com.bitdefender.upgrade.plist (Bitdefender SRL - installed 2017-09-20) |
| [Running] | com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-02-26) |
| [Loaded] | com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-02-01) |
| [Loaded] | com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2011-03-10) |
| [Running] | com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-02-26) |
| [Loaded] | com.adobe.ARMDC.Communicator.plist (? d94017c4 - installed 2017-04-12) |
| [Loaded] | com.id-design.whatsizehelper.plist (ID-DESIGN INC. - installed 2017-12-02) |
| [Loaded] | com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2018-02-20) |
| [Loaded] | com.bombich.ccchelper.plist (Bombich Software, Inc. - installed 2018-02-16) |
| [Not Loaded] | com.maintain.CocktailScheduler.plist (? 300b8a41 - installed 2018-03-03) |
| [Running] | at.obdev.littlesnitchd.plist (Objective Development Software GmbH - installed 2018-02-22) |
| [Not Loaded] | com.maintain.HideSpotlightMenuBarIcon.plist (Apple, Inc. - installed 2017-10-03) |
| [Loaded] | com.google.keystone.daemon.plist (Google, Inc. - installed 2017-10-18) |
| [Loaded] | com.creativebe.MainMenuHelper.plist (? f3682b89 - installed 2017-07-13) |
| [Running] | com.bjango.istatmenus.daemon.plist (Bjango Pty Ltd - installed 2018-02-28) |
| [Running] | com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2018-01-29) |
| [Running] | com.econtechnologies.ChronoAgentRemote.plist (Econ Technologies, Inc. - installed 2017-10-23) |
| [Running] | com.cleverfiles.cfbackd.plist (Justin Johnson - installed 2018-02-14) |
| [Running] | org.serviio.server.plist (? 16e32f40 - installed 2017-10-03) |
| [Loaded] | com.micromat.MacCheckWorkerDaemon.plist (? 3de01455 - installed 2017-09-08) |
| [Running] | com.micromat.TechToolProDaemon.plist (Micromat, Inc. - installed 2017-12-11) |
| [Loaded] | com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-01-18) |
| [Running] | com.backblaze.bzserv.plist (Backblaze - installed 2018-01-26) |
| [Loaded] | com.daisydiskapp.DaisyDiskAdminHelper.plist (? de20d690 - installed 2017-11-29) |
| [Running] | com.bitdefender.agent.plist (Bitdefender SRL - installed 2018-01-26) |
| [Running] | com.wacom.UpdateHelper.plist (? 247c9951 - installed 2017-10-05) |
| [Loaded] | com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2017-12-20) |
| [Loaded] | com.bitdefender.AuthHelperTool.plist (Bitdefender SRL - installed 2017-09-20) |
| [Loaded] | com.macpaw.CleanMyMac3.Agent.plist (MacPaw Inc. - installed 2018-01-26) |
| [Loaded] | com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2017-09-02) |
| [Loaded] | com.wacom.displayhelper.plist (Apple, Inc. - installed 2018-01-19) |
| [Loaded] | com.sparklabs.ViscosityHelper.plist (SparkLabs Pty Ltd - installed 2018-03-03) |
| [Loaded] | com.bjango.istatmenus.installerhelper.plist (Bjango Pty Ltd - installed 2017-11-16) |
| [Running] | com.decisivetactics.printopia-server.plist (Decisive Tactics, Inc. - installed 2018-02-01) |
| [Loaded] | com.adobe.ARMDC.SMJobBlessHelper.plist (? 1574c81e - installed 2017-04-12) |
| [Running] | com.trusteer.rooks.rooksd.plist (Trusteer LTD - installed 2017-11-12) |
User Launch Agents:
| [Not Loaded] | com.adobe.AAM.Updater-1.0.plist (? 0 - installed 2016-09-11) |
| [Loaded] | com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2018-02-02) |
| [Loaded] | com.decisivetactics.printopia-agent.plist (Decisive Tactics, Inc. - installed 2018-01-30) |
| [Not Loaded] | com.maintain.ShowUserLibraryDirectory.plist (Apple, Inc. - installed 2017-10-03) |
| [Not Loaded] | com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-01-29) |
| [Not Loaded] | com.macpaw.CleanMyMac3.Scheduler.plist (MacPaw Inc. - installed 2017-12-27) |
| [Not Loaded] | com.amazon.music.startup.plist (? 0 - installed 2018-02-07) |
| [Not Loaded] | com.amazon.music.plist (? 0 - installed 2018-02-07) |
| [Running] | com.c-command.SpamSieve.LaunchAgent.plist (C-Command Software, LLC - installed 2018-01-30) |
| [Not Loaded] | com.imobie.silentcleanserver.plist (iMobie Inc. - installed 2016-02-18) |
| [Running] | com.backblaze.bzbmenu.plist (Backblaze - installed 2018-01-26) |
| [Not Loaded] | tv.plex.player-helper.plist (? 0 - installed 2017-10-26) |
User Login Items:
CloudyTabs Application (Josh Parnham
(/Applications/CloudyTabs.app)
Itsycal Application (Sanjay Madan
(/Applications/Itsycal.app)
Bartender 3 Application (Surtees Studios Limited
(/Applications/Bartender 3.app)
Messages Application (Apple, Inc.
(/Applications/Messages.app)
SizeUp (original) Application
(/Applications/SizeUp (original).app)
Dropbox Application (Dropbox, Inc.
(/Applications/Dropbox.app)
ChronoSync Scheduler Application (Econ Technologies, Inc. - installed 2018-02-09)
(/Applications/ChronoSync.app/Contents/Library/LoginItems/ChronoSync Scheduler.app)
PopClip Application (Mac App Store
(/Applications/PopClip.app)
Plex Media Server Application (Plex Inc.
(/Applications/Plex Media Server.app)
ChronoAgent Monitor Application (Econ Technologies, Inc.
(/Library/PreferencePanes/ChronoAgent.prefPane/Contents/Library/LoginItems/Chro noAgent Monitor.app)
IP Broadcaster Application (Mac App Store
(/Applications/IP Broadcaster.app)
FaceTime Application (Apple, Inc.
(/Applications/FaceTime.app)
DiskWarriorStarter Application (Alsoft, Inc
(/Applications/DiskWarrior.app/Contents/Helpers/DiskWarriorStarter.app)
Internet Plug-ins:
PMCADownloader: 1.3.0.06130 (installed 2017-01-12)
VLC Plugin: 2.2.8 (installed 2017-11-22)
AdobeAAMDetect: 3.0.0.0 (installed 2018-02-20)
FlashPlayer-10.6: 28.0.0.161 (installed 2018-02-09)
AdobePDFViewerNPAPI: 17.012.20098 (installed 2017-12-08)
Silverlight: 5.1.50901.0 (installed 2017-01-26)
QuickTime Plugin: 7.7.3 (installed 2018-01-23)
Flash Player: 28.0.0.161 (installed 2018-02-09)
PepperFlashPlayer: 28.0.0.161 (installed 2018-02-06)
SharePointBrowserPlugin: 14.7.7 (installed 2017-09-13)
AdobePDFViewer: 18.009.20050 (installed 2017-12-08)
JavaAppletPlugin: Java 8 Update 161 build 12 (installed 2018-03-03)
Audio Plug-ins:
BartenderAudioPlugIn: 1.0.0 (installed 2016-09-21)
Safari Extensions:
| Reload Button.safariextz - John Siracusa - http://siracusafamily.org/safari/extensions/ (installed 2016-03-08) |
| OpenIE.safariextz - Parallels - http://www.parallels.com (installed 2017-10-13) |
| Tab Reloader.safariextz - pjv - http://pjv.sofasage.com/reloader (installed 2016-05-03) |
| Amazon Assistant for Safari.safariextz - Amazon - https://www.amazon.com/gp/BIT/AmazonAssistant/TOU (installed 2018-01-11) |
| TrafficLight.safariextz - Bitdefender SRL - http://trafficlight.bitdefender.com/ (installed 2017-05-15) |
| 1Password.safariextz - AgileBits - https://agilebits.com/onepassword (installed 2017-11-08) |
| CustomReader.safariextz - Canisbos Computing - http://canisbos.com/customreader (installed 2016-11-28) |
| Translate.safariextz - SideTree.com - Apps for Mac - http://SideTree.com/extensions.html#Translate (installed 2017-09-23) |
3rd Party Preference Panes:
Backblaze Backup (installed 2018-02-04)
ChronoAgent (installed 2017-10-30)
Flash Player (installed 2018-02-01)
FUSE (installed 2017-09-21)
Java (installed 2018-03-03)
TechTool Protection (installed 2017-12-20)
Trusteer Endpoint Protection (installed 2017-12-08)
WacomTablet (installed 2017-11-24)
Xmarks for Safari (installed 2015-03-04)
Time Machine:
Skip System Files: No
Mobile backups: No
Auto backup: Yes
Volumes being backed up:
Macintosh HD: Disk size: 1.10 TB - Disk used: 635.90 GB
Destinations:
T*********e [Local] (Last used)
Total size: 3.00 TB
Total number of backups: 61
Oldest backup: 2017-08-12 00:34:22
Last backup: 2018-03-03 10:56:30
Top Processes by CPU:
| Process (count) | Source | % of CPU |
| backupd | Apple | 35 |
| mediaanalysisd | Apple | 33 |
| photolibraryd | Apple | 20 |
| kernel_task | Apple | 14 |
| helpd | Apple | 12 |
Top Processes by Memory:
| Process (count) | Source | RAM usage |
| kernel_task | Apple | 1.87 GB |
| mdworker (29) | Apple | 791 MB |
| Dock | Apple | 734 MB |
| com.apple.WebKit.WebContent (7) | Apple | 552 MB |
| mds_stores | Apple | 536 MB |
Top Processes by Network Use:
| Process | Source | Input | Output |
| mDNSResponder | Apple | 4 MB | 868 KB |
| java | Oracle America, Inc. | 2 MB | 21 KB |
| Dropbox | Dropbox, Inc. | 87 KB | 504 KB |
| Apple | 144 KB | 14 KB | |
| apsd | Apple | 24 KB | 39 KB |
Top Processes by Energy Use:
| Process (count) | Source | Energy usage (0-100) |
| mediaanalysisd (2) | Apple | 37 |
| helpd | Apple | 19 |
| backupd | Apple | 6 |
| mds | Apple | 3 |
| WindowServer | Apple | 2 |
Virtual Memory Information:
| Available RAM | 22.39 GB |
| Free RAM | 11.99 GB |
| Used RAM | 9.61 GB |
| Cached files | 10.40 GB |
| Swap Used | 0 B |
Software Installs (past 30 days):
| Name | Version | Install Date |
| Sync Folders Pro | 3.4.1 | 2018-02-05 |
| 1.7.1 | 2018-02-06 | |
| iNet Network Scanner | 2.4.6 | 2018-02-06 |
| Mactracker | 7.7.2 | 2018-02-06 |
| DeskApp for YouTube | 1.3 | 2018-02-07 |
| IP Scanner | 3.65 | 2018-02-07 |
| DeskCover | 1.3 | 2018-02-08 |
| Todoist | 7.0.11 | 2018-02-14 |
| Particulars | 22 | 2018-02-16 |
| Revisions | 3.0.1 | 2018-02-20 |
| Spark | 1.5.8 | 2018-02-21 |
| Simplenote | 1.3.1 | 2018-02-22 |
| Duplicate Photos Fixer Pro | 2.4 | 2018-02-22 |
| Zoom | 1.0 | 2018-02-23 |
| OneDrive | 17.005.0107 | 2018-02-26 |
| Dr. Cleaner | 3.3.4 | 2018-02-26 |
| Permute | 2.5.5 | 2018-02-28 |
| Movie Explorer | 1.8.2 | 2018-02-28 |
| Router | 1.6.8 | 2018-03-01 |
| Evernote | 7.0.2 | 2018-03-01 |
| Red Hot Timer | 1.5.1 | 2018-03-02 |
| Maxthon Browser | 5.1.42 | 2018-03-02 |
Diagnostics Information (past 7 days):
2018-03-03 13:01:48 SIMBL Agent.app Crash
dyld: launch running initializersusrliblibSystem.B.dylib |
2018-03-03 12:57:48 Last Shutdown Cause: 3 - Hard shutdown
2018-03-03 11:49:49 Downie 3.app Crash
Crashing on exception: -_NSXPCDistantObject ___nsx_pingHost:: unrecognized selector sent to instance 0x608000089790 |
End of report
Sorry, I trust this is what you are looking for?
Trevors-iMac-Retina-5K:~ tdunbar$ sudo cat /etc/sudoers
Password:
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
##
## Defaults specification
##
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
Defaults lecture_file = "/etc/sudo_lecture"
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
tdunbar ALL=(ALL) NOPASSWD: /Applications/SpeedUpMac.app/Contents/MacOS/SpeedUpMac.app/Contents/MacOS/Speed UpMac
## Added by Debookee
ALL ALL=NOPASSWD: /sbin/pfctl -s state
Trevors-iMac-Retina-5K:~ tdunbar$
SpeedUpMac has altered the sudoers file to allow your user to run it without a password.
Not sure why it has such a bizarre path.
Anything that purports to clean, optimize, speed up, protect, or otherwise maintain your Mac is completely unnecessary. You should uninstall it, and then check to make sure the sudoers file is corrected to remove that line.
"Debookee" altered it to allow any user to get the state fo the pfctl without authenticating.
I don't know what it is, but if it didn't tell you it would alter the sudoers file, I would uninstall it.
The Etrecheck report indicates you have bogged down your Mac with a lot of useless crapware:
bitdefender
trusteer
Cocktail
Tech Tool Pro
CleanMyMac
SIMBL -- something else may have installed that.
As there is so much junk in there, I may have missed some others.
SIMBL is designed to hack application code to change the behavior of an app. If you know of anything you installed that would do that, uninstall that system modification.
Based on the way High Sierra protects apps, I'm not sure if it actually does anything in High Sierra.
It is listed under Launch Agents, so the plist that launches it will be in /Library/LaunchAgents. Just delete the plist for SIMBL.
Given that you have an SSD and 32GB of RAM and it earned a "below average" performance rating, you are killing your performance with all of that junk.
Hi ... if I may, I'm having the same issue. Here's a copy of the EtreCheck report, if this helps at all:
Last login: Sat Mar 17 06:33:58 on console
ProfessorG:~ geoffreylantz$ sudo cat /etc/sudoers
Password:
## sudoers file.
##
## This file MUST be edited with the 'visudo' command as root.
## Failure to use 'visudo' may result in syntax or file permission errors
## that prevent sudo from running.
##
## See the sudoers man page for the details on how to write a sudoers file.
##
##
## Host alias specification
##
## Groups of machines. These may include host names (optionally with wildcards),
## IP addresses, network numbers or netgroups.
# Host_Alias WEBSERVERS = www1, www2, www3
##
## User alias specification
##
## Groups of users. These may consist of user names, uids, Unix groups,
## or netgroups.
# User_Alias ADMINS = millert, dowdy, mikef
##
## Cmnd alias specification
##
## Groups of commands. Often used to group related commands together.
# Cmnd_Alias PROCESSES = /usr/bin/nice, /bin/kill, /usr/bin/renice, \
# /usr/bin/pkill, /usr/bin/top
##
## Defaults specification
##
Defaults env_reset
Defaults env_keep += "BLOCKSIZE"
Defaults env_keep += "COLORFGBG COLORTERM"
Defaults env_keep += "__CF_USER_TEXT_ENCODING"
Defaults env_keep += "CHARSET LANG LANGUAGE LC_ALL LC_COLLATE LC_CTYPE"
Defaults env_keep += "LC_MESSAGES LC_MONETARY LC_NUMERIC LC_TIME"
Defaults env_keep += "LINES COLUMNS"
Defaults env_keep += "LSCOLORS"
Defaults env_keep += "SSH_AUTH_SOCK"
Defaults env_keep += "TZ"
Defaults env_keep += "DISPLAY XAUTHORIZATION XAUTHORITY"
Defaults env_keep += "EDITOR VISUAL"
Defaults env_keep += "HOME MAIL"
Defaults lecture_file = "/etc/sudo_lecture"
##
## Runas alias specification
##
##
## User privilege specification
##
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
## Uncomment to allow members of group wheel to execute any command
# %wheel ALL=(ALL) ALL
## Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
## Uncomment to allow members of group sudo to execute any command
# %sudo ALL=(ALL) ALL
## Uncomment to allow any user to run sudo if they know the password
## of the user they are running the command as (root by default).
# Defaults targetpw # Ask for the password of the target user
# ALL ALL=(ALL) ALL # WARNING: only use this together with 'Defaults targetpw'
## Read drop-in files from /private/etc/sudoers.d
## (the '#' here does not indicate a comment)
#includedir /private/etc/sudoers.d
# Tizen SDK generated the following script. Do not modify.
User_Alias QEMUERS=geoffreylantz
Cmnd_Alias QEMU=/etc/emulator-ifup.sh, /etc/emulator-ifdown.sh
QEMUERS ALL=(ALL) NOPASSWD: QEMU
## Added by Debookee
ALL ALL=NOPASSWD: /sbin/pfctl -s state
ProfessorG:~ geoffreylantz$
and ....
Configuration Files
| Unexpected /etc/sudoers size: | Found 2548 B but expected 1563 B |
|---|
Unexpected changes to your machine’s configuration. Developers will sometimes make such changes to their machines. Anything listed here that you do not recognize and that you did not change on purpose should be fixed immediately. Use theReveal in Finderbutton to locate the file for review. If available, use theFixbutton to fix the problem automatically. If listed, System Integrity Protection shouldalwaysbe fixed.
Virtual Memory
| Available RAM: | 7.48 GB |
|---|---|
| Free RAM: | 1.45 GB |
| Used RAM: | 8.52 GB |
| Cached files: | 6.03 GB |
| Swap Used: | 0 B |
Your machine’s virtual memory system. Modern machines are designed to use all installed RAM for maximum efficiency, so a small amount ofFree RAMmay not be a problem.Available RAMis more important. A large amount ofSwap Usedmeans your machine has run out of memory.
Diagnostics (past 7 days)
| Type: | Crash |
| Application: | ReportCrash |
| Count: | 2 |
| Last date: | 2018-03-17 06:37:53 |
| Details: | Analyzing process: EtreCheck[1110], path: ???; parent process: [1], path: /sbin/launchd |
Hi,
To return the sudoers file back to normal, delete the two applications that modified the sudoers file, as well as any apps that you don't use. Then, reinstall macOS High Sierra onto your Mac. You can either download the macOS High Sierra Installer from the App Store and run it, or you can boot Recovery Mode by holding down Command-R while you turn on or restart your Mac. (Release the keys when the Apple logo and a progress bar appear.) Reinstalling macOS High Sierra will not delete any of your data, but will write over the entire operating system, which would presumably include the sudoers file.
Hope this helps!
Thanks for the advice. Any idea how I remove the SIMBL?
Just read the above replies about the sudoers file. It should explain the issue.
You have two programs that altered it. You should contact the developers to ask exactly why they did what they did.
Thank you ... I'll muddle my way through, and let everyone know what manifest.
Modified suoders file
