icamenscic

Q: Got a malware on OS X Yosemite, how do I get rid of it?

I have some kind of malware present on my MacBook Pro, mid 2014 with OS X Yosemite Version 10.10, from trying to download a "flash player". I get full page pop-up ads for "mackeeper" and the like nearly every time I click on a link, have annoying ads on pages that I know weren't there before I downloaded this "program", and am now seeing other pop-up ads. As soon as I downloaded this program, my search engine changed to "Conduit", if this info helps.What can I do to get rid of this?

MacBook Pro with Retina display, OS X Yosemite (10.10)

Posted on Nov 5, 2014 5:52 AM

Close

Q: Got a malware on OS X Yosemite, how do I get rid of it?

  • All replies
  • Helpful answers

first Previous Page 3 of 4 last Next
  • by thomas_r.,

    thomas_r. thomas_r. Feb 16, 2015 10:02 AM in response to Michael Guthrie1
    Level 7 (30,929 points)
    Mac OS X
    Feb 16, 2015 10:02 AM in response to Michael Guthrie1

    Michael Guthrie1 wrote:

     

    I have had various issues with everything mentioned. Adwaremedic did not resolve this.

     

    Give it another try... I have added a number of additional signatures over the last few days... most of them this morning, in fact. Make sure you've got a network connection when you open AdwareMedic and it'll download the latest signatures.

     

    If it still finds nothing, the problems you're having are either not due to adware, or they're caused by adware I haven't seen before. Either way, you can find further steps here:

     

    http://www.adwaremedic.com/kb/unsolved.php

     

    (Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

  • by thomas_r.,

    thomas_r. thomas_r. Feb 16, 2015 10:05 AM in response to Michael Guthrie1
    Level 7 (30,929 points)
    Mac OS X
    Feb 16, 2015 10:05 AM in response to Michael Guthrie1

    Michael Guthrie1 wrote:

     

    Did you not read my post, or is this an automated ad post (which I really hope it is not)?

     

    That was definitely not an ad post. I don't know who MacBirdAir is... I would assume just a satisfied user. As the owner of AdwareMedic, I can assure you that I have never used any form of advertising (unless you count posting about it as a potential solution in replies on these forums, which I've been an active participant in since long before AdwareMedic existed), and will not ever do so. Advertising an adware remover would be more than a bit hypocritical.

  • by MacBirdAir,

    MacBirdAir MacBirdAir Feb 16, 2015 11:45 AM in response to thomas_r.
    Level 1 (5 points)
    Feb 16, 2015 11:45 AM in response to thomas_r.

    Yes I own adwaremedic thank you Tomas it helped  me remove search.strtpoint.com

  • by thomas_r.,

    thomas_r. thomas_r. Feb 16, 2015 12:33 PM in response to MacBirdAir
    Level 7 (30,929 points)
    Mac OS X
    Feb 16, 2015 12:33 PM in response to MacBirdAir

    MacBirdAir wrote:

     

    Yes I own adwaremedic thank you Tomas it helped  me remove search.strtpoint.com

     

    I'm glad I could help! And thanks for trying to help out here.

  • by Linc Davis,

    Linc Davis Linc Davis Feb 16, 2015 12:35 PM in response to Michael Guthrie1
    Level 10 (208,017 points)
    Applications
    Feb 16, 2015 12:35 PM in response to Michael Guthrie1

    1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

    The test works on OS X 10.7 ("Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.

    Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.

    2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

    There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

    3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.

    You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.

    In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.

    You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.

    Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.

    4. Here's a summary of what you need to do, if you choose to proceed:

    ☞ Copy a line of text in this window to the Clipboard.

    ☞ Paste into the window of another application.

    ☞ Wait for the test to run. It usually takes a few minutes.

    ☞ Paste the results, which will have been copied automatically, back into a reply on this page.

    The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.

    5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.

    You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

    6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

    7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.

    Triple-click anywhere in the line of text below on this page to select it:

    PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1241 ' 0.5 0.25 10 1000 15 5120 1000 25000 1 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1000 80 40 500 300 85 25 20480 262144 20 2000 524288 604800 5 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays PCI UniversalAccess InstallHistory ConfigurationProfile AirPort 'com\.apple\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d 'Mb/s:per sec:ms/s:KiB/s:%:total:MB:total' 'Net in:Net out:I/O wait time:I/O requests:CPU usage:Open files:Memory:Mach ports:File opens:Forks:Failed forks:System errors' 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' CFBundleIdentifier );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' '%s %s\n' '%s\n'"${k[22]}"'%s\n' '\nContents of %s\n    '"${k[22]}"'mod date: %s\n    '"${k[22]}"'checksum: %s\n%s\n' '%d MB: %s\n' '\n    ...and %s more line(s)\n' );c=(879294308 4071182229 461455494 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' BEGIN { FS=":";if(system("sw_vers -productVersion|grep -q ^10\.1")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' { sub(/ :/,"");print|"tail -n'${p[10]}'";} ' ' NR==2&&$4<='${p[7]}' { print $4;} ' ' ($1~"wir"&&$2>'${p[22]}')||($1~/P.+ts:/&&$2>'${p[19]}') { print $1" "int($2);} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q":"$0":"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/ /{print};END{if(NR<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { if(NR<'{${p[14]},${p[21]}}') printf("^/[Sp].+|'${k[21]}'");} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print $0"$";} END { split("'"${c[*]}"'",c);for(i in c) print "\t"c[i]"$";} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt))$/p;' ' $2=="=" { gsub(/[()"]/,"",$3);print $3;} ' ' /^\// { sub("/dev/","",$1);printf("%s: %s\n",$1,$9);} ' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' BEGIN{FS=": "} /^ {10}O/ {exit} /^ {0,12}[^ ]/ {next} $1~"Ne"&&$2!~/^In/{print} $1~"Si" { split($2,a," ");if(a[1]-a[4]<'${p[5]}') print;};$1~"T"&&$2<'${p[20]}'{print};$1~"Se"&&$2!~"2"{print};' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS=":";} $2<=m[$1]{next} $1<9 { o[$1]=o[$1]"\n    "$3" (UID "$4"): "$2;} $1==9&&$5!~"^/dev" { o[$1]=o[$1]"\n    "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==10&&$5 { p="ps -c -ocomm -p"$5"|sed 1d";p|getline n;close(p);if(n) $5=n;o[$1]=o[$1]"\n    "$5" => "$3" UID ("$4"): "$2;} $1~/1[12]/ { o[$1]=o[$1]"\n    "$3" (UID "$4", error "$5"): "$2;} END { n=split("'"${k[27]}"'",u,":");for(i=n+1;i<n+5;i++)u[i]=u[2];split("'"${k[28]}"'",l,":");for(i in o) print "\n"l[i]" ("u[i]")\n"o[i];} ' ' /^ {8}[^ ]/{print} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n    "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n    [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[30]}"' "F|getline g) { l++;if(l<=L) f=f"\n    "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n    '"${k[22]}"'"T;printf("'"${f[5]}"'",F,D,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[30]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[31]}"'\\ :'"${k[33]}"' \""$0"\"/*/'${k[32]}'";p|getline b;close(p);if(b~/ /||b=="") b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[32]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ / [VY]/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/:/;s/(\n)c/\1:/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */    /;p;' ' s/^.+ |\(.+\)$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2 \1/p' ' /es: ./{ s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/:(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8}':/;s/ *: */:/g;p;' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS=":"} { printf("'"${f[6]}"'",$1/1048576,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[29]}}'/ { getline d;if(d~"t") D=D"\n"$1;} END { print D;} ' ' NR>1&&$3!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $3":"$2;} ' '|tail -n'${p[6]} ' $1>1 { $NF=$NF" x"$1;} /\*/ { if(!f) f="\n\t* Code injection";} { $1="";} 1;END { print f;} ' ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;/^ +(([MNPRSV]|De|Li).+|Bus): .|d: Y/d;s/:$//;$d;p;' ' BEGIN { RS=",";FS=":";} $1~"name" { gsub("\"","",$2);print $2;} ' '|grep -q e:/' '/[^ .]/p' '{ print $1}' ' BEGIN{ FS=": "} /^C/ { getline t;if(a[split(t,a)]) print $2;} ' ' 3,4d;/^ +D|Of|Fu| [0B]/d;s/^  |:$//g;$!H;${ x;/:/p;} ' ' BEGIN { FS=": ";} NR==1 { sub(":","");h="\n"$1"\n";} /:$/ { l=$1;next;} $1~"S"&&$2!~3 { getline;next;} /^ {6}I/ { i++;L[i]=l" "$2;if(i=='${p[24]}') nextfile;} END { if(i) print h;for(j=0;j<i;j++) print L[i-j];} ' ' /services =/,/[\}]/!d;/[=\}]/!p ' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[30]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin' env pluginkit scutil 'dtrace -q -x aggsortrev -n' security sed\ -En awk 'dscl . -read' networksetup mdutil lsof test osascript\ -e netstat mdls route cat );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[32]} '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|(allow|call)ing|(mplet|nabl)ed|ry HD|safe b' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA[(]|pagin|Purg(ed|in)|error|Refus|TCON|tim(ed? ?|ing )o|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0<0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno!=0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1:%@d:%s:%d\n\",@a);printa(\"2:%@d:%s:%d\n\",@b);printa(\"9:%@d:%s:%d:%s:%d\n\",@c);printa(\"10:%@d:%s:%d:%d\n\",@d);printa(\"11:%@d:%s:%d:%d\n\",@e);printa(\"12:%@d:%s:%d:%d\n\",@f);printa(\"3:%@d:%s:%d\n\",@g);printa(\"4:%@d:%s:%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' /\ kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{aut*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/{Lau,Sec}*/*t .launchd.conf" list '-F "" -k Sender hidd -k Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' print\ system --dns -get{dnsservers,info} dump-trust-settings\ {-s,} '' -n1 '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |jnl_io.+)err','USBF:.+bus'}'"' -name\ kMDItem${k[33]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[33]} :CFBundleDisplayName $EUID {,'/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s $TMPDIR../C -type f -size +'${p[11]}'M -exec stat -f'%z:%N' {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' 'L*/A*/Fi*/P*/*/a*.json' users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$Sender \$(RefProc): \$Message" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "^[^A-Z]|deprec|sandbox ex" ' getenv '/ "kMDItemDateAdded>=\$time.now(-'${p[23]}')&&kMDItem'${k[33]}'=*"' -m\ / );N1=${#c2[@]};for j in {0..20};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console}\ log Activity SMC Login\ hook 'I/O per process' 'High file counts' UID Daemons Agents XPC\ cache Startup\ items {Admin,Root}\ access Stylesheet Library\ paths{,' ('{shell,launchd}\)} Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ {caches/logs,overrides} Shutdown\ codes Heat Diagnostic\ reports Bad\ plists Free\ space VM Bundles{,' (new)'} 'Trusted certs ('{system,user}\) );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D$((i-1))'() { A'$i' $@;C0;};';for j in 2 3;do eval D$((i+2*j-3))'() { local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D0 0 N1+1 2;D0 0 $N1 1;B1;C2 27;B1&&! B2&&C2 28;D2 22 15 63;D0 0 N1+2 3;D0 0 N1+15 17;D4 3 0 N1+3 4;D4 4 0 N1+4 5;D4 N3+4 0 N1+9 59;D0 0 N1+16 99; for i in 0 1 2;do D4 N3+i 0 N1+5+i 6;done;D4 N3+3 0 N1+8 71;D4 62 1 10 7;D4 10 1 11 8;B2&&D4 18 19 53 67;D2 11 2 12 9;D2 12 3 13 10;D2 13 32 70 101 25;D2 65 6 76 13;D2 45 20 52 66;D4 66 7 37 14;D4 17 8 15 38;D0 9 16 16 77 45;C4;B2&&D0 35 49 61 75 76 78 45;B2&&{ D0 28 17 45;C4;};D0 12 40 54 16 79 45;D0 12 39 54 16 80 45;D4 31 25 37 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 32;};B2&&D4 19 21 0;B2&&D4 40 10 42;D2 2 0 N1+19 46 84;D2 44 34 43 53;D2 25 22 20 32;D2 33 0 N1+14 51;D4 69 29 35 104 75 96;D4 70 29 36 104 75 96;D2 34 21 28 35;D4 35 27 29 36;A1 40 59 81;B3 18;A1 33 60 82;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D4 50 38 5 68;B4 19 0;D5 37 33 34 42;B2&&D4 46 35 45 55;D4 38 0 N1+20 43;B2&&D4 59 4 65 76 91;D4 63 4 19 44 75 95 96;B1&&{ D4 53 5 55 75 69&&D4 51 6 58 31;D4 56 5 56 97 75 98&&D0 0 N1+7 99;D2 55 5 27 84;D4 61 5 54 75 70;D4 14 5 14 12;D4 15 5 72 12;C4;};D4 16 5 73 12;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 50;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 0 11 73 102;A1 18 31 107 94 74||{ B2&&A1 18 26 94 74;}&&{ B7 11;B4 0 0 11;C3 23;};A1 18 26 94;B7 11;B4 0 0 11;C3 24;D4 60 14 66 92;D4 58 14 67 93;D4 26 4 21 24;D4 42 14 1 62;D4 43 37 2 90 48;D4 41 10 42;D2 48 36 47 25;A1 4 3 60&&{ B3 9;A2 14 61;B4 0 10 21;B4 9 0;A2 14 62;B4 0 0 21;B6 0 10 4;C3 5;};D4 9 41 69 100;D2 29 21 68 35;D2 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D4 54 5 7 75 76 69;D4 52 5 8 75 76 69;D4 57 4 64 76 91;D2 0 4 4 84;D2 1 4 51 84;D4 21 22 9 37;D0 0 N1+17 105; A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D1 31 47;D4 64 4 71 41;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B3 15;B6 14 15 4;C3 67;A1 24 75 74;B3 23;A2 39 57 30;B3 24;B6 23 24 4;C3 68;B4 4 13 27 89 65;A1 24 23;B7 13;C3 30;B4 4 0 87;A2 14 61 89 20;B4 0 17;A1 26 50 64;B7 17;C3 6;D0 0 N1+18 106;D4 7 11 6;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    8. Launch the built-in Terminal application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad and start typing the name.

    Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.

    9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter

    exec bash

    and press return. Then paste the script again.

    10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.

    If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

    11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:

    [Process started]
            Part 1 of 8 done at … sec
            …
            Part 8 of 8 done at … sec
            The test results are on the Clipboard.
            Please close this window.
    [Process completed]

    The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.

    Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it and go to the next step. You'll have incomplete results, but still something.

    12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

    At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.

    If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

    13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.

    14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I may not agree with them.

    ______________________________________________________________

    Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

  • by talhoo,

    talhoo talhoo Feb 20, 2015 1:09 PM in response to Linc Davis
    Level 1 (0 points)
    Feb 20, 2015 1:09 PM in response to Linc Davis

    i have the same problem  but in second step nothing open in finder..So do you have any suggestion for me.

  • by Jan-Dirk,

    Jan-Dirk Jan-Dirk Mar 2, 2015 2:17 AM in response to Linc Davis
    Level 1 (0 points)
    Mar 2, 2015 2:17 AM in response to Linc Davis

    I Had the same problem.

    Deleted the files. Some had different names. But I'm pretty sure these were the ones to be deleted.


    Hope this mf stays away from my machine.

     

    Linc, you the man

  • by jahn13,

    jahn13 jahn13 Mar 12, 2015 12:24 AM in response to Linc Davis
    Level 1 (0 points)
    Mar 12, 2015 12:24 AM in response to Linc Davis

    Still works as of today!  Thank you v much!

  • by bruttabuona,

    bruttabuona bruttabuona Apr 12, 2015 9:08 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 12, 2015 9:08 PM in response to Linc Davis

    Start time: 10:59:19 04/13/15

     

     

    Revision: 1241

     

     

    Model Identifier: MacBookAir7,2

    System Version: OS X 10.10.2 (14C2043)

    Kernel Version: Darwin 14.1.1

    Time since boot: 53 minutes

     

     

    UID: 501

     

     

    USB

     

     

        Backup+ SL (Seagate LLC)

        FreeAgent Go (Seagate LLC)

     

     

    VM

     

     

        Pageouts: 550

     

     

    CPU usage (%)

     

     

        com.apple.WebKit (UID 501): 18,8

        com.apple.WebKit (UID 501): 18,8

        WindowServer (UID 0): 16,2

     

     

    Font issues: 28

     

     

    DNS: 5.104.175.153

     

     

    Listeners

     

     

        kdc: kerberos

        launchd: afpovertcp

        launchd: microsoft-ds

     

     

    System caches/logs

     

     

        1021 MB: /System/Library/Caches/com.apple.coresymbolicationd/data

     

     

    Diagnostic reports

     

     

        2015-03-30 SystemUIServer crash

        2015-03-30 WindowServer crash

        2015-04-01 mdwrite crash

        2015-04-04 Skype crash

        2015-04-08 com.apple.WebKit.WebContent crash

        2015-04-11 deleted crash

        2015-04-12 Skype crash

     

     

    Kernel log

     

     

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 09:40:29 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)

        Apr 13 10:06:35 TBIOBlockStorageDriver: super::probe failed

        Apr 13 10:06:35 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

        Apr 13 10:06:35 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

        Apr 13 10:26:34 com_seagate_IOPowSec00_10_5-(2GE1987T) starting drive after failure of primary command

        Apr 13 10:26:36 com_seagate_IOPowSec00_10_5-(2GE1987T) mode parameters set failed

     

     

    System log

     

     

           value = California;

        }, {

           label = "2.5.4.7";

           "localized label" = "2.5.4.7";

           type = string;

           value = Cupertino;

        }, {

           label = "2.5.4.10";

           "localized label" = "2.5.4.10";

           type = string;

           value = "Apple Inc.";

        }, {

           label = "2.5.4.3";

           "localized label" = "2.5.4.3";

           type = string;

           value = "courier.sandbox.push.apple.com";

        })

        Apr 13 10:40:12 WindowServer WSGetSurfaceInWindow : Invalid surface 715988818 for window 314

        Apr 13 10:40:12 WindowServer WSGetSurfaceInWindow : Invalid surface 715988818 for window 314

        Apr 13 10:40:12 WindowServer WSGetSurfaceInWindow : Invalid surface 715988818 for window 314

        Apr 13 10:52:37 coreservicesd SFLEntryBase::ListHasChanged mach_msg returned 10000004d

        Apr 13 10:52:37 coreservicesd SFLEntryBase::ListHasChanged mach_msg returned 10000004d

        Apr 13 10:52:37 coreservicesd SFLEntryBase::ListHasChanged mach_msg returned 10000004d

        Apr 13 10:52:37 coreservicesd SFLEntryBase::ListHasChanged mach_msg returned 10000004d

        Apr 13 10:52:55 WindowServer WSGetSurfaceInWindow : Invalid surface 646943260 for window 498

     

     

    Console log

     

     

        Apr  7 09:39:51 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr  7 10:04:26 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr  7 10:07:16 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr  9 10:02:55 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr  9 14:34:27 ReportCrash Invoking spindump for pid=3137 thread=927693 percent_cpu=58 duration=156 because of excessive cpu utilization

        Apr 11 21:46:09 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 11 21:46:19 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 11 21:46:25 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 11 21:46:26 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 11 21:46:27 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 11 21:46:27 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 12 09:07:50 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 12 09:09:47 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 12 09:10:20 nsurlstoraged ERROR: unable to get the receiver data from the DB!

        Apr 12 10:35:04 nsurlstoraged purgeEntireFileSystemStore - failed to remove existing target dir /var/folders/rc/0970v06s735g7px84kl_0qfc0000gn/T/fsCachedData_remove.  Errno=2

     

     

    Loaded kernel extensions

     

     

        com.seagate.driver.PowSecDriverCore (5.2.6)

        com.seagate.driver.PowSecLeafDriver_10_5 (5.2.6)

     

     

    Daemons

     

     

        com.adobe.fpsaud

        com.apple.watchdogd

        com.seagate.TBDecorator.plist

     

     

    Agents

     

     

        com.apple.AirPortBaseStationAgent

        com.apple.FolderActions.folders

        com.bittorrent.uTorrent

     

     

    User login items

     

     

        iTunesHelper

        - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

     

     

    iCloud errors

     

     

        cloudd 4

     

     

    Continuity errors

     

     

        lsuseractivityd 74

        sharingd 56

     

     

    Restricted files: 46

     

     

    Contents of /System/Library/LaunchDaemons/com.seagate.TBDecorator.plist

        - mod date: Oct 12 05:46:28 2013

        - checksum: 3070240373

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <!--

           com.seagate.TBDecorator.plist

           SeagateDiagnostics

           Created by John Brisbin on 3/10/10.

           Copyright 2010 Seagate Technologies LLC.. All rights reserved.

        -->

        <plist version="1.0">

        <dict>

        <key>KeepAlive</key>

        <true/>

        <key>Label</key>

        <string>com.seagate.TBDecorator.plist</string>

        <key>RunAtLoad</key>

        <true/>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/Application Support/Seagate/TBLoopDriveParams</string>

        </array>

        </dict>

        </plist>

     

     

    Contents of /System/Library/Security/authorization.plist

        - mod date: Jan  8 10:14:02 2015

        - checksum: 2720110640

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>comment</key>

        <string>The name of the requested right is matched against the keys.  An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

        allow rule: this is always allowed

        &lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;

        &lt;string&gt;allow&lt;/string&gt;

        deny rule: this is always denied

        &lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;

        &lt;string&gt;deny&lt;/string&gt;

        user rule: successful authentication as a user in the specified group(5) allows the associated right.

        The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

        The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

        The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0.  This defaults to false if not specified.

        See remaining rules for examples.

        </string>

        <key>rights</key>

        <dict>

        <key></key>

        <dict>

        <key>class</key>

        <string>rule</string>

        <key>comment</key>

     

     

        ...and 1850 more line(s)

     

     

    Contents of Library/LaunchAgents/com.apple.FolderActions.folders.plist

        - mod date: Mar 30 18:24:42 2015

        - checksum: 1189540302

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.apple.FolderActions.folders</string>

        <key>Program</key>

        <string>/usr/bin/osascript</string>

        <key>ProgramArguments</key>

        <array>

        <string>osascript</string>

        <string>-e</string>

        <string>tell application "Folder Actions Dispatcher" to tick</string>

        </array>

        <key>WatchPaths</key>

        <array/>

        </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.bittorrent.uTorrent.plist

        - mod date: Mar 30 10:03:59 2015

        - checksum: 68136511

     

     

        <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> <plist version="1.0"> <dict> <key>Label</key> <string>com.bittorrent.uTorrent</string> <key>ProgramArguments</key> <array> <string>/usr/bin/open</string> <string>-W</string> <string>-a</string> <string>/Applications/uTorrent.app</string> </array> <key>KeepAlive</key> <false/> <key>LaunchOnlyOnce</key> <true/> </dict> </plist>

     

     

    Extensions

     

     

        /System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns/SeagateDriveIcons.kext

        - com.seagate.driver.SeagateDriveIcons

        /System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns/SeagateLeafPowSecDriver_10_4.kext

        - com.seagate.driver.PowSecLeafDriver_10_4

        /System/Library/Extensions/Seagate Storage Driver.kext/Contents/PlugIns/SeagateLeafPowSecDriver_10_5.kext

        - com.seagate.driver.PowSecLeafDriver_10_5

        /System/Library/Extensions/Seagate Storage Driver.kext

        - com.seagate.driver.PowSecDriverCore

     

     

    Applications

     

     

        /Applications/Microsoft Office 2011/Office/Equation Editor.app::

        - N/A

        /Applications/Microsoft Office 2011/Office/Microsoft Office Setup Assistant.app:Помощник по установке Microsoft Office:

        - N/A

        /Applications/Microsoft Office 2011/Office/Microsoft Query.app

        - com.microsoft.Query

        /Applications/Microsoft Office 2011/Office/Надстройки/Solver.app

        - com.microsoft.ASApplication

        /Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app

        - com.microsoft.autoupdate2

        /Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app

        - com.apple.ScriptEditor.id.cocoa-applet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app

        - com.apple.ScriptEditor.id.droplet-with-settable-properties-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app

        - com.apple.ScriptEditor.id.file-processing-droplet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app

        - com.apple.ScriptEditor.id.image-file-processing-droplet-template

     

     

    PrefPane

     

     

        /Library/PreferencePanes/DashboardPreferences.prefPane

        - com.seagate.dashboard.preferences

        /Library/PreferencePanes/Flash Player.prefPane

        - com.adobe.flashplayerpreferences

     

     

    Bundles

     

     

        /Library/Internet Plug-Ins/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Internet Plug-Ins/MeetingJoinPlugin.plugin

        - com.microsoft.communicator.meetingjoinplugin

        /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

        - com.microsoft.sharepoint.browserplugin

        /Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle

        - com.skype.skypeabdialer

        /Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle

        - com.skype.skypeabsms

        /Users/USER/Library/Application Support/Skype/EmoticonCache.bundle

        - com.skype.skype.emoticoncache.bundle

        /Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle

        - com.google.Keystone

     

     

    Bundles (new)

     

     

        /Applications/AdwareMedic.app

        - com.thesafemac.adwaremedic

        /Applications/Diptic.app

        - com.peaksystems.diptic-mac

        /Applications/Seagate Dashboard.app

        - com.seagate.dashboard

        /Library/PreferencePanes/DashboardPreferences.prefPane

        - com.seagate.dashboard.preferences

     

     

    Library paths

     

     

        /Applications/Microsoft Office 2011/Office/MicrosoftSetupUI.framework/Libraries/mbupgx.dylib

        /Applications/Microsoft Office 2011/Office/OPF.framework/Versions/14/Resources/OPF_Common.dylib

     

     

    Installations

     

     

        Microsoft Office for Mac 2011: 30.03.15, 12:22

        Microsoft Office for Mac 2011: 30.03.15, 11:56

        Microsoft Office for Mac 2011: 30.03.15, 10:50

        Office 2011 14.3.2 Update: 30.03.15, 10:17

        Microsoft Office for Mac 2011: 30.03.15, 10:11

     

     

    Elapsed time (sec): 261

  • by bruttabuona,

    bruttabuona bruttabuona Apr 12, 2015 9:11 PM in response to bruttabuona
    Level 1 (0 points)
    Apr 12, 2015 9:11 PM in response to bruttabuona

    the problem with these popups would not resolve after i tried all the recommendations here, unfortunately.

    is there anything else to be done? thank you all very much

  • by s_neeky,

    s_neeky s_neeky Jun 22, 2015 3:05 AM in response to Linc Davis
    Level 1 (0 points)
    Jun 22, 2015 3:05 AM in response to Linc Davis

    Start time: 18:03:28 06/22/15

     

     

    Revision: 1241

     

     

    Model Identifier: iMac12,1

    System Version: OS X 10.10.3 (14D136)

    Kernel Version: Darwin 14.3.0

    Time since boot: 1:32

     

     

    UID: 501

     

     

    SerialATA

     

     

        ST3500418AS                            

     

     

    Bluetooth

     

     

        Apple Wireless Keyboard

        Apple Magic Mouse

     

     

    Firewall: On

     

     

    DNS: 114.108.192.32

     

     

    Listeners

     

     

        kdc: kerberos

        launchd: afpovertcp

     

     

    Diagnostic reports

     

     

        2015-05-24 AppAS crash

        2015-05-24 AppBS crash x2

        2015-05-26 AppBS crash

        2015-05-27 AppAS crash

        2015-05-27 AppBS crash

        2015-05-29 AppBS crash

        2015-05-29 ScreenSaverEngine crash x2

        2015-06-04 AppAS crash x2

        2015-06-04 AppBS crash

        2015-06-05 AppAS crash x4

        2015-06-05 AppBS crash x4

        2015-06-10 AppAS crash

        2015-06-10 AppBS crash

        2015-06-16 AppAS crash

        2015-06-16 AppBS crash

        2015-06-22 Finder crash

     

     

    Kernel log

     

     

        Jun 16 10:42:15 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 16 11:17:43 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 17 11:18:02 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 17 13:50:50 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 17 16:08:08 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 18 10:41:45 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 18 10:41:57 IOHIDSystem: Seize of AppleEmbeddedKeyboard failed.

        Jun 19 10:52:17 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 20 11:48:26 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 22 10:36:28 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 22 16:31:57 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

     

     

    System log

     

     

        Jun 22 16:31:55 loginwindow Login Window Application Started

        Jun 22 16:31:56 mdmclient ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'

        Jun 22 16:31:57 configd DHCP en0: INIT transmit failed

        Jun 22 16:31:58 mdmclient ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'

        Jun 22 16:31:59 mdmclient ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'

        Jun 22 16:31:59 systemkeychain done file: /var/run/systemkeychaincheck.done

        Jun 22 16:32:04 airportd airportdProcessDLILEvent: en1 attached (up)

        Jun 22 16:32:05 stackshot Timed out waiting for IOKit to finish matching.

        Jun 22 16:32:10 fseventsd log dir: /.fseventsd getting new uuid: UUID

        Jun 22 16:32:11 WindowServer Set a breakpoint at CGSLogError to catch errors as they are logged.

        Jun 22 16:32:11 WindowServer WSSetWindowTransform: Singular matrix

        Jun 22 16:32:11 WindowServer WSSetWindowTransform: Singular matrix

        Jun 22 16:32:11 WindowServer WSSetWindowTransform: Singular matrix

        Jun 22 16:32:11 loginwindow Login Window Started Security Agent

        Jun 22 16:32:11 UserEventAgent Failed to copy info dictionary for bundle /System/Library/UserEventPlugins/alfUIplugin.plugin

        Jun 22 16:32:11 loginwindow Login Window - Returned from Security Agent

        Jun 22 16:32:16 BezelServices 250.15 ASSERTION FAILED: dvcAddrRef != ((void *)0) -[DriverServices getDeviceAddress:] line: 2727

        Jun 22 16:32:16 BezelServices 250.15 ASSERTION FAILED: dvcAddrRef != ((void *)0) -[DriverServices getDeviceAddress:] line: 2727

        Jun 22 16:32:52 cloudd Could not create primary backing account

        Jun 22 16:32:53 Finder assertion failed: 14D136: libxpc.dylib + 62495 [UUID]: 0x89

        Jun 22 16:33:00 loginwindow ERROR | -[LoginTransition tearDownTransitionsSpecialCaseIfNeeded] | Login interupt UI was shown with backup backgrounds generated, removing all transition windows

        Jun 22 17:47:26 WindowServer disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.

        Jun 22 17:47:28 SubmitDiagInfo Couldn't load config file from on-disk location. Falling back to default location. Reason: Won't serialize in _readDictionaryFromJSONData due to nil object

        Jun 22 17:47:43 Finder assertion failed: 14D136: libxpc.dylib + 62495 [UUID]: 0x89

        Jun 22 18:03:34 SubmitDiagInfo Couldn't load config file from on-disk location. Falling back to default location. Reason: Won't serialize in _readDictionaryFromJSONData due to nil object

     

     

    Console log

     

     

        Jun 16 11:12:47 nsurlstoraged Process 373 does not have access to path /Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/com.a pple.photomoments/Cache.db

        Jun 16 11:12:47 nsurlstoraged The read-connection to the DB=/Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/co m.apple.photomoments/Cache.db is NOT valid.  Unable to determine schema version.

        Jun 16 11:12:47 nsurlstoraged Process 373 does not have access to path /Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/com.a pple.photomoments/Cache.db

        Jun 16 11:12:47 nsurlstoraged Process 373 does not have access to path /Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/com.a pple.photomoments/Cache.db

     

     

    Daemons

     

     

        com.adobe.fpsaud

        com.apple.Kerberos.kdc

        - status: 1

        com.apple.installer.osmessagetracing

        com.apple.mtrecorder

        - status: 78

        com.apple.spirecorder

        - status: 78

        com.apple.watchdogd

        com.microsoft.office.licensing.helper

        com.v.helper

     

     

    Agents

     

     

        Listchack.download

        Listchack.ltvbit

        Listchack.update

        Texiday.download

        Texiday.ltvbit

        Texiday.update

        com.adobe.AAM.Scheduler-1.0

        com.adobe.CS5ServiceManager

        com.apple.AirPortBaseStationAgent

        com.apple.Finder

        - status: -11

        com.google.keystone.user.agent

        com.jdibackup.JustCloud.autostart

        - status: 1

        com.jdibackup.JustCloud.notify

        - status: 1

        com.nike.nikeplusconnect

        com.paragon.ntfs.trial

        com.paragon.updater

        com.spotify.webhelper

        com.v.agent

     

     

    User login items

     

     

        iTunesHelper

        - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

     

     

    Firefox extensions

     

     

        Mozilla Firefox hotfix

     

     

    iCloud errors

     

     

        cloudd 10

        Spotlight 1

     

     

    Continuity errors

     

     

        sharingd 1

     

     

    Restricted files: 216

     

     

    High file counts

     

     

        Desktop: 55

     

     

    Contents of /Library/LaunchAgents/com.c6f70d7ad08599d8.agent.plist

        - mod date: May 18 18:06:11 2015

        - checksum: 1345125934

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.v.agent</string>

        <key>OnDemand</key>

        <false/>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/Application Support/c6f70d7ad08599d8/Agent/agent.app/Contents/MacOS/agent</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>KeepAlive</key>

        <true/>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>ThrottleInterval</key>

        <integer>10</integer>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchAgents/com.nike.nikeplusconnect.plist

        - mod date: Mar  1 01:52:50 2014

        - checksum: 945038040

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>ProgramArguments</key>

        <array>

        <string>/Applications/Nike+ Connect.app/Contents/MacOS/Nike+ Connect Helper Daemon</string>

        </array>

        <key>Label</key>

        <string>com.nike.nikeplusconnect</string>

        <key>RunAtLoad</key>

        <true/>

        <key>KeepAlive</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchAgents/com.paragon.updater.plist

        - mod date: Mar 19 02:17:56 2015

        - checksum: 962844124

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>StartInterval</key>

        <integer>86400</integer>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/Application Support/Paragon Updater/Paragon Updater.app/Contents/MacOS/Paragon Updater</string>

        <string>--check</string>

        <string>--delay=30</string>

        </array>

        <key>Label</key>

        <string>com.paragon.updater</string>

        <key>RunAtLoad</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.c6f70d7ad08599d8.daemon.plist

        - mod date: May 18 18:06:11 2015

        - checksum: 2074595471

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Disabled</key>

                <true/>

        <key>Label</key>

        <string>com.v.daemon</string>

        <key>OnDemand</key>

        <true/>

        <key>ProgramArguments</key>

                <array>

                        <string>/Library/Application Support/c6f70d7ad08599d8/Agent/agent.app/Contents/MacOS/agent</string>

        <string>-update</string>

                </array>

        <key>KeepAlive</key>

        <true/>

        <key>RunAtLoad</key>

        <true/>

        <key>ThrottleInterval</key>

        <integer>10</integer>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.c6f70d7ad08599d8.helper.plist

        - mod date: May 18 18:06:11 2015

        - checksum: 606563049

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.v.helper</string>

        <key>OnDemand</key>

        <true/>

        <key>ProgramArguments</key>

                <array>

                        <string>/Library/Application Support/c6f70d7ad08599d8/Agent/agent.app/Contents/MacOS/agent</string>

        <string>-helper</string>

                </array>

        <key>KeepAlive</key>

        <true/>

        <key>RunAtLoad</key>

        <true/>

        <key>ThrottleInterval</key>

        <integer>10</integer>

        </dict>

        </plist>

     

     

    Contents of /System/Library/LaunchAgents/com.paragon.NTFS.notify.plist

        - mod date: Mar 19 02:18:06 2015

        - checksum: 3292335405

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.paragon.ntfs.trial</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/PreferencePanes/NTFSforMacOSX.prefPane/Contents/MacOS/notifica tor</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        </dict>

        </plist>

     

     

    Contents of /System/Library/Security/authorization.plist

        - mod date: Mar 20 11:42:17 2015

        - checksum: 2720110640

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>comment</key>

        <string>The name of the requested right is matched against the keys.  An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

        allow rule: this is always allowed

        &lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;

        &lt;string&gt;allow&lt;/string&gt;

        deny rule: this is always denied

        &lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;

        &lt;string&gt;deny&lt;/string&gt;

        user rule: successful authentication as a user in the specified group(5) allows the associated right.

        The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

        The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

        The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0.  This defaults to false if not specified.

        See remaining rules for examples.

        </string>

        <key>rights</key>

        <dict>

        <key></key>

        <dict>

        <key>class</key>

        <string>rule</string>

        <key>comment</key>

     

     

        ...and 1850 more line(s)

     

     

    Contents of /private/etc/authorization.deprecated

        - mod date: Jun  3 15:19:00 2015

        - checksum: 2675527024

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>comment</key>

        <string>The name of the requested right is matched against the keys.  An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

        allow rule: this is always allowed

        &lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;

        &lt;string&gt;allow&lt;/string&gt;

        deny rule: this is always denied

        &lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;

        &lt;string&gt;deny&lt;/string&gt;

        user rule: successful authentication as a user in the specified group(5) allows the associated right.

        The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

        The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

        The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0.  This defaults to false if not specified.

        See remaining rules for examples.

        </string>

        <key>rights</key>

        <dict>

        <key></key>

        <dict>

        <key>class</key>

        <string>rule</string>

        <key>comment</key>

     

     

        ...and 8742 more line(s)

     

     

    Contents of /private/etc/hosts

        - mod date: Jul 18 22:46:48 2012

        - checksum: 342357820

     

     

        127.0.0.1 localhost

        255.255.255.255 broadcasthost

        ::1             localhost

        fe80::1%lo0 localhost

        127.0.0.1 activate.adobe.com

        127.0.0.1 practivate.adobe.com

        127.0.0.1 ereg.adobe.com

        127.0.0.1 activate.wip3.adobe.com

        127.0.0.1 wip3.adobe.com

        127.0.0.1 3dns-3.adobe.com

        127.0.0.1 3dns-2.adobe.com

        127.0.0.1 adobe-dns.adobe.com

        127.0.0.1 adobe-dns-2.adobe.com

        127.0.0.1 adobe-dns-3.adobe.com

        127.0.0.1 ereg.wip3.adobe.com

        127.0.0.1 activate-sea.adobe.com

        127.0.0.1 wwis-dubc1-vip60.adobe.com

        127.0.0.1 activate-sjc0.adobe.com

        127.0.0.1 hl2rcv.adobe.com

     

     

    Contents of Library/LaunchAgents/Listchack.download.plist

        - mod date: Jun  6 18:06:32 2015

        - checksum: 329868818

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Listchack.download</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>

        <string>-trigger</string>

        <string>download</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18324</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Listchack</string>

        </array>

        <key>WatchPaths</key>

        <array>

        <string>/Users/USER/Downloads</string>

        </array>

        <key>isAllowToSuggest</key>

     

     

        ...and 3 more line(s)

     

     

    Contents of Library/LaunchAgents/Listchack.ltvbit.plist

        - mod date: Jun  6 18:06:32 2015

        - checksum: 4279669917

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Listchack.ltvbit</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>

        <string>-trigger</string>

        <string>ltvbit</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18324</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Listchack</string>

        </array>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

        <integer>4</integer>

        <key>Minute</key>

     

     

        ...and 4 more line(s)

     

     

    Contents of Library/LaunchAgents/Listchack.update.plist

        - mod date: Jun  6 18:06:32 2015

        - checksum: 2250700617

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Listchack.update</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>

        <string>-trigger</string>

        <string>update</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18324</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Listchack</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

     

     

        ...and 6 more line(s)

     

     

    Contents of Library/LaunchAgents/Texiday.download.plist

        - mod date: May 18 18:06:24 2015

        - checksum: 1979004617

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Texiday.download</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppBS</string>

        <string>-trigger</string>

        <string>download</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18062</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Texiday</string>

        </array>

        <key>WatchPaths</key>

        <array>

        <string>/Users/USER/Downloads</string>

        </array>

        <key>isAllowToSuggest</key>

     

     

        ...and 3 more line(s)

     

     

    Contents of Library/LaunchAgents/Texiday.ltvbit.plist

        - mod date: May 18 18:06:24 2015

        - checksum: 1364223386

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Texiday.ltvbit</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppBS</string>

        <string>-trigger</string>

        <string>ltvbit</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18062</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Texiday</string>

        </array>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

        <integer>4</integer>

        <key>Minute</key>

     

     

        ...and 4 more line(s)

     

     

    Contents of Library/LaunchAgents/Texiday.update.plist

        - mod date: May 18 18:06:24 2015

        - checksum: 3379066902

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Texiday.update</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppBS</string>

        <string>-trigger</string>

        <string>update</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18062</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Texiday</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

     

     

        ...and 6 more line(s)

     

     

    Contents of Library/LaunchAgents/com.google.keystone.agent.plist

        - mod date: Jun 19 10:52:43 2015

        - checksum: 2096706669

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.google.keystone.user.agent</string>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>ProgramArguments</key>

        <array>

         <string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>

         <string>-runMode</string>

         <string>ifneeded</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>StartInterval</key>

        <integer>3523</integer>

        <key>StandardErrorPath</key>

        <string>/dev/null</string>

        <key>StandardOutPath</key>

        <string>/dev/null</string>

        </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.jdibackup.JustCloud.autostart.plist

        - mod date: May 22 10:51:30 2015

        - checksum: 2671694367

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

            <key>Label</key>

            <string>com.jdibackup.JustCloud.autostart</string>

            <key>ProgramArguments</key>

            <array>

                <string>open</string>

                <string>/Applications/JustCloud.app/Contents/Resources/Utility.app</string>

                <string>-n</string>

                <string>--args</string>

                <string>9</string>

                <string>-l</string>

            </array>

            <key>StandardOutPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_out.log</string>

            <key>StandardErrorPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_err.log</string>

            <key>RunAtLoad</key>

            <true/>

        </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.jdibackup.JustCloud.notify.plist

        - mod date: May 22 10:51:30 2015

        - checksum: 4094674910

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

            <key>Label</key>

            <string>com.jdibackup.JustCloud.notify</string>

            <key>ProgramArguments</key>

            <array>

                <string>open</string>

                <string>/Applications/JustCloud.app/Contents/Resources/Utility.app</string>

                <string>--args</string>

                <string>7</string>

                <string>1</string>

            </array>

            <key>StandardOutPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_out.log</string>

            <key>StandardErrorPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_err.log</string>

            <key>StartInterval</key>

            <integer>1200</integer>

            <key>RunAtLoad</key>

            <false/>

        </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.spotify.webhelper.plist

        - mod date: Jun 11 15:32:39 2015

        - checksum: 2958153491

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

         <key>Label</key>

         <string>com.spotify.webhelper</string>

         <key>KeepAlive</key>

         <dict>

          <key>NetworkState</key>

          <true/>

         </dict>

         <key>RunAtLoad</key>

         <true/>

         <key>Program</key>

         <string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>

         <key>SpotifyPath</key>

         <string>/Applications/Spotify.app</string></dict>

        </plist>

     

     

    Bad plists

     

     

        Library/Preferences/com.Appe.Techworks.plist

        Library/Preferences/com.apple.Safari.plist.plist

        Library/Preferences/com.Secondspeed.Forfend.plist

     

     

    Extensions

     

     

        /System/Library/Extensions/EPSONUSBPrintClass.kext

        - com.epson.print.kext.USBPrintClass

        /System/Library/Extensions/JMicronATA.kext

        - com.jmicron.JMicronATA

        /System/Library/Extensions/NikeSportWatch.kext

        - com.nike.sportwatch

        /System/Library/Extensions/RoxioBluRaySupport.kext

        - com.roxio.BluRaySupport

     

     

    Applications

     

     

        /Applications/Adobe Acrobat 9 Pro/Acrobat Distiller.app

        - com.adobe.distiller

        /Applications/Adobe Acrobat 9 Pro/Acrobat Uninstaller.app

        - com.adobe.Acrobat.Uninstaller

        /Applications/Adobe Acrobat 9 Pro/Adobe Acrobat Pro.app

        - com.adobe.Acrobat.Pro

        /Applications/Adobe After Effects CS5/mocha/mocha for After Effects.app

        - com.ImagineerSystems.mocha4ae_adobe

        /Applications/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/lib/nai/lib/naib.app

        - APP_ID

        /Applications/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Flash CS5/AIK2.0/lib/nai/lib/naib.app

        - APP_ID

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/Current/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Analyze Documents.localized/Analyze Documents.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Calendar.localized/Make Calendar.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Contact Sheet Demo.localized/Contact Sheets.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Export Flash Animation.localized/Export Flash Animation.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Web Gallery.localized/Web Gallery.app

        - N/A

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/uninstall/Uninstall Product.app

        - N/A

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/uninstall/Uninstall Product.app

        - N/A

        /Applications/Adobe Media Player.app

        - com.adobe.amp.UUID.1

        /Applications/Adobe/Adobe Help.app

        - chc.UUID.1

        /Applications/Microsoft Communicator.app

        - com.microsoft.Communicator

        /Applications/Microsoft Messenger.app

        - com.microsoft.Messenger

        /Applications/Microsoft Office 2011/Additional Tools/Microsoft Language Register/Microsoft Language Register.app

        - com.microsoft.language_register

        /Applications/Microsoft Office 2011/Microsoft Document Connection.app

        - com.microsoft.DocumentConnection

        /Applications/Microsoft Office 2011/Microsoft Excel.app

        - com.microsoft.Excel

        /Applications/Microsoft Office 2011/Microsoft Outlook.app

        - com.microsoft.Outlook

        /Applications/Microsoft Office 2011/Microsoft PowerPoint.app

        - com.microsoft.Powerpoint

        /Applications/Microsoft Office 2011/Microsoft Word.app

        - com.microsoft.Word

        /Applications/Microsoft Office 2011/Office/Alerts Daemon.app

        - com.microsoft.AlertsDaemon

        /Applications/Microsoft Office 2011/Office/Equation Editor.app

        - com.microsoft.EquationEditor

        /Applications/Microsoft Office 2011/Office/Microsoft Chart Converter.app

        - com.microsoft.openxml.chart.app

        /Applications/Microsoft Office 2011/Office/Microsoft Clip Gallery.app

        - com.microsoft.ClipGallery

        /Applications/Microsoft Office 2011/Office/Microsoft Database Daemon.app

        - com.microsoft.outlook.database_daemon

        /Applications/Microsoft Office 2011/Office/Microsoft Database Utility.app

        - com.microsoft.outlook.database_utility

        /Applications/Microsoft Office 2011/Office/Microsoft Graph.app

        - com.microsoft.Graph

        /Applications/Microsoft Office 2011/Office/Microsoft Office Reminders.app

        - com.microsoft.outlook.office_reminders

        /Applications/Microsoft Office 2011/Office/Microsoft Office Setup Assistant.app

        - com.microsoft.office.setupassistant

        /Applications/Microsoft Office 2011/Office/Microsoft Query

        - N/A

        /Applications/Microsoft Office 2011/Office/Microsoft Upload Center.app

        - com.microsoft.office.uploadcenter

        /Applications/Microsoft Office 2011/Office/My Day.app

        - com.microsoft.myday

        /Applications/Microsoft Office 2011/Office/Open XML for Excel.app

        - com.microsoft.openxml.excel.app

        /Applications/Microsoft Office 2011/Office/SyncServicesAgent.app

        - com.microsoft.SyncServicesAgent

        /Applications/Remote Desktop Connection.app

        - com.microsoft.rdc

        /Applications/Skype.app

        - com.skype.skype

        /Applications/StuffIt/DropStuff.app

        - com.stuffit.DropStuff

        /Applications/StuffIt/Extras/Sample Droplets/Make StuffIt X.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Make Zip.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Make tgz.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/PDF Stuffer.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Stuff & Burn.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Stuff & Encrypt.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Zip & Encrypt.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/StuffIt 2010 Uninstaller.app

        - com.smithmicro.stuffitinstaller

        /Applications/StuffIt/Extras/StuffIt User Guide.app

        - com.stuffit.StuffIt_User_Guide

        /Applications/StuffIt/MagicMenu.app

        - com.stuffit.MagicMenu

        /Applications/StuffIt/StuffIt Archive Manager.app

        - com.stuffit.ArchiveManager

        /Applications/StuffIt/StuffIt Expander.app

        - com.stuffit.Expander

        /Applications/StuffIt/StuffIt SEA Maker.app

        - com.stuffit.StuffItSEAMaker

        /Applications/StuffIt/StuffIt Setup Assistant.app

        - com.stuffit.StuffItSetupAssistant

        /Applications/Toast 11 Titanium/Disc Cover 3 RE.app

        - com.belightsoft.DiscCover3.re

        /Applications/Toast 11 Titanium/DiskCatalogMaker.app

        - com.mac.fujisoft.DiskCatalogMaker

        /Applications/Toast 11 Titanium/Get Backup 2 RE.app

        - N/A

        /Applications/Toast 11 Titanium/Mac2Tivo.app

        - com.roxio.Mac2Tivo

        /Applications/Toast 11 Titanium/Spin Doctor.app

        - com.roxio.spindoctorx

        /Applications/Toast 11 Titanium/TiVo Transfer.app

        - com.tivo.desktop

        /Applications/Utilities/Adobe AIR Application Installer.app

        - com.adobe.air.ApplicationInstaller

        /Applications/Utilities/Adobe AIR Uninstaller.app

        - com.adobe.air.Installer

        /Applications/Utilities/Adobe Utilities.localized/Adobe Updater6/Adobe Updater.app

        - "com.Adobe.ESD.AdobeUpdaterApplication"

        /Applications/VLC.app

        - org.videolan.vlc

        /Applications/Yahoo! Messenger.app

        - com.yahoo.messenger3

        /Library/Application Support/Adobe/CS5ServiceManager/CS5ServiceManager.app

        - com.adobe.csi.CS5ServiceManager

        /Library/Application Support/Adobe/Installers/AdobeInDesign7AppBase/ExtraFiles/INSTALLDIR_EXE/Adobe InDesign CS5.app

        - N/A

        /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app

        - com.adobe.switchboard-2.0

        /Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app

        - com.apple.ScriptEditor.id.cocoa-applet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app

        - com.apple.ScriptEditor.id.droplet-with-settable-properties-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app

        - com.apple.ScriptEditor.id.file-processing-droplet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app

        - com.apple.ScriptEditor.id.image-file-processing-droplet-template

        /Library/Application Support/Synthetic Aperture Adobe CS5 Bundle/SA Color Finesse 3 UI.app

        - N/A

        /Library/Application Support/c6f70d7ad08599d8/Agent/agent.app

        - com.someproduct.agent

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR Application Installer.app

        - com.adobe.air.ApplicationInstaller

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Adobe AIR Updater.app

        - com.adobe.air.Installer

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app

        - com.adobe.air.Template

        /Library/Printers/hp/Fax/fax.backend

        - com.hp.fax

        /Library/Printers/hp/Fax/rastertofax.filter

        - com.hp.rastertofax

        /Library/Printers/hp/cups/filters/pdftopdf.filter

        - com.hp.print.cups.filter.pdftopdf

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 apdfllckaahabafndbhieahigkjlhalf.app

        - com.google.Chrome.app.Profile-2-apdfllckaahabafndbhieahigkjlhalf

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 blpcfgokakmgnkcojhhkbfbldkacnbeo.app

        - com.google.Chrome.app.Profile-2-blpcfgokakmgnkcojhhkbfbldkacnbeo

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 coobgpohoikkiipiblmjeljniedjpjpf.app

        - com.google.Chrome.app.Profile-2-coobgpohoikkiipiblmjeljniedjpjpf

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 pjkljhegncpnkpknbcohdijeoejaedia.app

        - com.google.Chrome.app.Profile-2-pjkljhegncpnkpknbcohdijeoejaedia

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Profile 2 apdfllckaahabafndbhieahigkjlhalf.app

        - com.google.Chrome.app.Profile-2-apdfllckaahabafndbhieahigkjlhalf-internal

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Profile 2 blpcfgokakmgnkcojhhkbfbldkacnbeo.app

        - com.google.Chrome.app.Profile-2-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_coobgpohoikkiipiblmjeljniedjpjpf/Profile 2 coobgpohoikkiipiblmjeljniedjpjpf.app

        - com.google.Chrome.app.Profile-2-coobgpohoikkiipiblmjeljniedjpjpf-internal

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_pjkljhegncpnkpknbcohdijeoejaedia/Profile 2 pjkljhegncpnkpknbcohdijeoejaedia.app

        - com.google.Chrome.app.Profile-2-pjkljhegncpnkpknbcohdijeoejaedia-internal

        /Users/USER/Library/Application Support/Roxio/Roxio Restore.app

        - com.roxio.restore

        /Users/USER/Library/Services/ToastIt.service

        - com.roxio.ToastItService

     

     

    Frameworks

     

     

        /Library/Frameworks/Adobe AIR.framework

        - com.adobe.AIR

        /Library/Frameworks/StuffIt.framework

        - com.stuffit.sdk

        /Library/Frameworks/StuffItCore.framework

        - com.stuffit.stuffitcore

        /System/Library/Frameworks/v.framework

        - N/A

     

     

    PrefPane

     

     

        /Library/PreferencePanes/Flash Player.prefPane

        - com.adobe.flashplayerpreferences

        /Library/PreferencePanes/NTFSforMacOSX.prefPane:® OS X:

        - N/A

     

     

    Bundles

     

     

        /Library/Application Support/Adobe/APE/3.1/adbeapecore.framework/Versions/A/Resources/Flash Player.plugin

        - com.macromedia.FlashPlayer-10.4-10.5.plugin

        /Library/Application Support/Adobe/Flash Player/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Application Support/Adobe/Plug-Ins/CS5/File Formats/Camera Raw.plugin

        - com.adobe.CameraRaw

        /Library/Contextual Menu Items/StuffItCM.plugin

        - com.stuffit.StuffItCM

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/AdobeCP.plugin

        - com.adobe.adobecp

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Internet Plug-Ins/AdobePDFViewer.plugin

        - com.adobe.acrobat.pdfviewer

        /Library/Internet Plug-Ins/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

        - com.microsoft.sharepoint.browserplugin

        /Library/Printers/Canon/BJPrinter/Plugins/BJNP/CIJNetworkIOM.plugin

        - jp.co.Canon.ij.print.iom.CIJNP

        /Library/Printers/Canon/BJPrinter/Plugins/BJNP/CIJNetworkPBM.plugin

        - jp.co.Canon.ij.print.pbm.CIJNP

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/BJUSBIOM.plugin

        - jp.co.canon.bj.print.bjusbiom

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/BJUSBPBM.plugin

        - jp.co.canon.bj.print.pbm.USB

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/CIJUSBClassDriver.plugin

        - jp.co.canon.ij.print.CIJUSBClassDriver

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/CIJUSBClassDriver2.plugin

        - jp.co.canon.ij.print.CIJUSBClassDriver2

        /Library/Printers/Canon/BJPrinter/Plugins/IJBluetooth/IJBluetoothIOM.plugin

        - jp.co.canon.ij.print.ijbluetoothiom

        /Library/Printers/Canon/IJScanner/Plugins/ag07_09.plugin

        - jp.co.canon.scangear.ag07.09

        /Library/Printers/Canon/IJScanner/Plugins/ag08_09.plugin

        - jp.co.canon.scangear.ag08.09

        /Library/Printers/Canon/IJScanner/Plugins/cncl09_09.plugin

        - jp.co.canon.scangear.lld09.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq2413_09.plugin

        - jp.co.canon.scanner.cnq2413.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq2414_09.plugin

        - jp.co.canon.scanner.cnq2414.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4807_09.plugin

        - jp.co.canon.scanner.cnq4807.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4808_09.plugin

        - jp.co.canon.scanner.cnq4808.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4809_09.plugin

        - jp.co.canon.scanner.cnq4809.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq9601_09.plugin

        - jp.co.canon.scanner.cnq9601.09

        /Library/Printers/Canon/IJScanner/Plugins/ijfshlib_09.plugin

        - jp.co.canon.scangear.ijfshlib.09

        /Library/Printers/Canon/IJScanner/Plugins/mld07_09.plugin

        - jp.co.canon.scangear.mld07.09

        /Library/Printers/Canon/IJScanner/Plugins/mld08_09.plugin

        - jp.co.canon.scangear.mld08.09

        /Library/Printers/Canon/IJScanner/Plugins/mld09_09.plugin

        - jp.co.canon.scangear.mld09.09

        /Library/Printers/Canon/IJScanner/Plugins/mld9601_09.plugin

        - jp.co.canon.scangear.mld9601.09

        /Library/Printers/Canon/IJScanner/Plugins/sfusb_09.plugin

        - jp.co.canon.sf.scanner.sfusb.09

        /Library/Printers/Canon/IJScanner/Plugins/sgusb_09.plugin

        - jp.co.canon.scangear.usb.09

        /Library/Printers/Canon/IJScanner/Plugins/smac_09.plugin

        - jp.co.canon.scangear.smac.09

        /Library/Printers/Canon/IJScanner/Plugins/zoom_09.plugin

        - jp.co.canon.scangear.zoom.09

        /Library/Printers/EPSON/CIOSupport/CIOHelper.plugin

        - com.epson.print.plugin.CIOHelper

        /Library/Printers/EPSON/CIOSupport/EPSONUSBPrintClass.plugin

        - com.epson.print.plugin.USBPrintClass

        /Library/Printers/EPSON/CIOSupport/XIOP.plugin

        - com.epson.print.plugin.XIOP

        /Library/Printers/EPSON/CIOSupport/XIORemoteClient.plugin

        - com.epson.print.plugin.XIORemoteClient

        /Library/Printers/EPSON/CIOSupport/XIORemoteServer.plugin

        - com.epson.print.plugin.XIORemoteServer

        /Library/Printers/PPD Plugins/AdobePDFPDE900.plugin

        - com.adobe.print.AdobePDF9.pde

        /Library/QuickLook/StuffIt.qlgenerator

        - com.stuffit.qlgenerator

        /Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle

        - com.skype.skypeabdialer

        /Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle

        - com.skype.skypeabsms

        /Users/USER/Library/Address Book Plug-Ins/YMsgrCallABPlugin.bundle

        - com.yahoo.YMsgrCallABPlugin

        /Users/USER/Library/Address Book Plug-Ins/YMsgrMsnABPlugin.bundle

        - com.yahoo.YMsgrMsnABPlugin

        /Users/USER/Library/Address Book Plug-Ins/YMsgrSmsABPlugin.bundle

        - com.yahoo.YMsgrSmsABPlugin

        /Users/USER/Library/Address Book Plug-Ins/YMsgrYimABPlugin.bundle

        - com.yahoo.YMsgrYimABPlugin

     

     

    Bundles (new)

     

     

        /Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle

        - com.google.Keystone

     

     

    Library paths

     

     

        /Applications/Adobe Contribute CS5/SupportFiles/FirefoxExtension/Installer/osx/FirefoxCustomHook.dylib

        /Applications/Adobe Contribute CS5/SupportFiles/FirefoxExtension/{UUID}/components/ContributeToolbar.dylib

        /Applications/Adobe Contribute CS5/libCocoa.dylib

        /Applications/Adobe Dreamweaver CS5/Configuration/browsers/webkit/WebKit.dylib

        /Applications/Adobe Dreamweaver CS5/libCocoa.dylib

        /Applications/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Flash Builder 4/sdks/4.0.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/Current/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libSystem.B.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libgcc_s.1.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libobjc.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libstdc++.6.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libz.dylib

        /Applications/Adobe Flash Catalyst CS5/plugins/com.adobe.flexide.nativelibs_1.0.0.273393/Frameworks/MFILoaderLibra ry_v3.dylib

        /Applications/Adobe Flash Catalyst CS5/sdks/4.0.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/ARKCmdCaps.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/ARKCmdFS.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/ARKEngine.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/AdobePIM.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/ARKCmdCaps.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/ARKCmdFS.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/ARKEngine.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/AdobePIM.dylib

        /Applications/Adobe Photoshop CS5/MATLAB/Required/psmatlab.dylib

        /Applications/Microsoft Office 2011/Office/MicrosoftSetupUI.framework/Libraries/mbupgx.dylib

        /Applications/Microsoft Office 2011/Office/OPF.framework/Versions/14/Resources/OPF_Common.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/Fm20.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/MicrosoftOLE2TypesLib.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/RefEdit.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/RichEdit.dylib

        /Library/Application Support/Adobe/APE/3.1/adbeapecore.framework/Versions/A/Resources/WebKit.dylib

        /Library/Application Support/Adobe/CS5ServiceManager/lib/CSXS-Installer-Hook.dylib

        /Library/Application Support/Adobe/CS5ServiceManager/lib/ServiceManager-Launcher.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/DWANative.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/ARKCmdCaps.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/ARKCmdFS.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/ARKEngine.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/AdobePIM.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/PWANative.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/adobe_caps.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/adobe_oobelib.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/adobe_upgrade.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/UWA/UWANative.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/core/AdobePIM.dylib

        /Library/Application Support/Adobe/SING/Mark II/TINthread.dylib

        /Library/Application Support/Mozilla/Extensions/{UUID}/{UUID}/components/ContributeToolbar.dylib

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /System/Library/Frameworks/v.framework/Versions/A/Libraries/libLoader.dylib

        /Users/USER/Library/Application Support/Firefox/Profiles/yls2qimr.default/gmp-gmpopenh264/1.1/libgmpopenh264.dy lib

        /Users/USER/Library/Application Support/Firefox/Profiles/yls2qimr.default/gmp-gmpopenh264/1.3/libgmpopenh264.dy lib

        /Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.8.823/_platform_specific/mac_x64/libwidev inecdm.dylib

        /usr/lib/libUFSDNTFS.dylib

     

     

    Installations

     

     

        Toast Titanium Update: 9/5/12, 3:58 PM

        PlugIn: 8/30/12, 4:06 PM

        Microsoft Office for Mac 2011: 3/18/12, 8:30 PM

        Growl: 3/18/12, 8:26 PM

        PlugIn: 3/18/12, 7:16 PM

     

     

    Bad kernel extensions

     

     

        /System/Library/Extensions/RoxioBluRaySupport.kext

     

     

    Elapsed time (sec): 325

  • by s_neeky,

    s_neeky s_neeky Jun 22, 2015 3:08 AM in response to Linc Davis
    Level 1 (0 points)
    Jun 22, 2015 3:08 AM in response to Linc Davis

    Start time: 18:03:28 06/22/15

     

     

    Revision: 1241

     

     

    Model Identifier: iMac12,1

    System Version: OS X 10.10.3 (14D136)

    Kernel Version: Darwin 14.3.0

    Time since boot: 1:32

     

     

    UID: 501

     

     

    SerialATA

     

     

        ST3500418AS                            

     

     

    Bluetooth

     

     

        Apple Wireless Keyboard

        Apple Magic Mouse

     

     

    Firewall: On

     

     

    DNS: 114.108.192.32

     

     

    Listeners

     

     

        kdc: kerberos

        launchd: afpovertcp

     

     

    Diagnostic reports

     

     

        2015-05-24 AppAS crash

        2015-05-24 AppBS crash x2

        2015-05-26 AppBS crash

        2015-05-27 AppAS crash

        2015-05-27 AppBS crash

        2015-05-29 AppBS crash

        2015-05-29 ScreenSaverEngine crash x2

        2015-06-04 AppAS crash x2

        2015-06-04 AppBS crash

        2015-06-05 AppAS crash x4

        2015-06-05 AppBS crash x4

        2015-06-10 AppAS crash

        2015-06-10 AppBS crash

        2015-06-16 AppAS crash

        2015-06-16 AppBS crash

        2015-06-22 Finder crash

     

     

    Kernel log

     

     

        Jun 16 10:42:15 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 16 11:17:43 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 17 11:18:02 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 17 13:50:50 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 17 16:08:08 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 18 10:41:45 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 18 10:41:57 IOHIDSystem: Seize of AppleEmbeddedKeyboard failed.

        Jun 19 10:52:17 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 20 11:48:26 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 22 10:36:28 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

        Jun 22 16:31:57 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)

     

     

    System log

     

     

        Jun 22 16:31:55 loginwindow Login Window Application Started

        Jun 22 16:31:56 mdmclient ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'

        Jun 22 16:31:57 configd DHCP en0: INIT transmit failed

        Jun 22 16:31:58 mdmclient ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'

        Jun 22 16:31:59 mdmclient ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'

        Jun 22 16:31:59 systemkeychain done file: /var/run/systemkeychaincheck.done

        Jun 22 16:32:04 airportd airportdProcessDLILEvent: en1 attached (up)

        Jun 22 16:32:05 stackshot Timed out waiting for IOKit to finish matching.

        Jun 22 16:32:10 fseventsd log dir: /.fseventsd getting new uuid: UUID

        Jun 22 16:32:11 WindowServer Set a breakpoint at CGSLogError to catch errors as they are logged.

        Jun 22 16:32:11 WindowServer WSSetWindowTransform: Singular matrix

        Jun 22 16:32:11 WindowServer WSSetWindowTransform: Singular matrix

        Jun 22 16:32:11 WindowServer WSSetWindowTransform: Singular matrix

        Jun 22 16:32:11 loginwindow Login Window Started Security Agent

        Jun 22 16:32:11 UserEventAgent Failed to copy info dictionary for bundle /System/Library/UserEventPlugins/alfUIplugin.plugin

        Jun 22 16:32:11 loginwindow Login Window - Returned from Security Agent

        Jun 22 16:32:16 BezelServices 250.15 ASSERTION FAILED: dvcAddrRef != ((void *)0) -[DriverServices getDeviceAddress:] line: 2727

        Jun 22 16:32:16 BezelServices 250.15 ASSERTION FAILED: dvcAddrRef != ((void *)0) -[DriverServices getDeviceAddress:] line: 2727

        Jun 22 16:32:52 cloudd Could not create primary backing account

        Jun 22 16:32:53 Finder assertion failed: 14D136: libxpc.dylib + 62495 [UUID]: 0x89

        Jun 22 16:33:00 loginwindow ERROR | -[LoginTransition tearDownTransitionsSpecialCaseIfNeeded] | Login interupt UI was shown with backup backgrounds generated, removing all transition windows

        Jun 22 17:47:26 WindowServer disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.

        Jun 22 17:47:28 SubmitDiagInfo Couldn't load config file from on-disk location. Falling back to default location. Reason: Won't serialize in _readDictionaryFromJSONData due to nil object

        Jun 22 17:47:43 Finder assertion failed: 14D136: libxpc.dylib + 62495 [UUID]: 0x89

        Jun 22 18:03:34 SubmitDiagInfo Couldn't load config file from on-disk location. Falling back to default location. Reason: Won't serialize in _readDictionaryFromJSONData due to nil object

     

     

    Console log

     

     

        Jun 16 11:12:47 nsurlstoraged Process 373 does not have access to path /Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/com.a pple.photomoments/Cache.db

        Jun 16 11:12:47 nsurlstoraged The read-connection to the DB=/Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/co m.apple.photomoments/Cache.db is NOT valid.  Unable to determine schema version.

        Jun 16 11:12:47 nsurlstoraged Process 373 does not have access to path /Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/com.a pple.photomoments/Cache.db

        Jun 16 11:12:47 nsurlstoraged Process 373 does not have access to path /Users/USER/Library/Containers/com.apple.photomoments/Data/Library/Caches/com.a pple.photomoments/Cache.db

     

     

    Daemons

     

     

        com.adobe.fpsaud

        com.apple.Kerberos.kdc

        - status: 1

        com.apple.installer.osmessagetracing

        com.apple.mtrecorder

        - status: 78

        com.apple.spirecorder

        - status: 78

        com.apple.watchdogd

        com.microsoft.office.licensing.helper

        com.v.helper

     

     

    Agents

     

     

        Listchack.download

        Listchack.ltvbit

        Listchack.update

        Texiday.download

        Texiday.ltvbit

        Texiday.update

        com.adobe.AAM.Scheduler-1.0

        com.adobe.CS5ServiceManager

        com.apple.AirPortBaseStationAgent

        com.apple.Finder

        - status: -11

        com.google.keystone.user.agent

        com.jdibackup.JustCloud.autostart

        - status: 1

        com.jdibackup.JustCloud.notify

        - status: 1

        com.nike.nikeplusconnect

        com.paragon.ntfs.trial

        com.paragon.updater

        com.spotify.webhelper

        com.v.agent

     

     

    User login items

     

     

        iTunesHelper

        - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

     

     

    Firefox extensions

     

     

        Mozilla Firefox hotfix

     

     

    iCloud errors

     

     

        cloudd 10

        Spotlight 1

     

     

    Continuity errors

     

     

        sharingd 1

     

     

    Restricted files: 216

     

     

    High file counts

     

     

        Desktop: 55

     

     

    Contents of /Library/LaunchAgents/com.c6f70d7ad08599d8.agent.plist

        - mod date: May 18 18:06:11 2015

        - checksum: 1345125934

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.v.agent</string>

        <key>OnDemand</key>

        <false/>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/Application Support/c6f70d7ad08599d8/Agent/agent.app/Contents/MacOS/agent</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>KeepAlive</key>

        <true/>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>ThrottleInterval</key>

        <integer>10</integer>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchAgents/com.nike.nikeplusconnect.plist

        - mod date: Mar  1 01:52:50 2014

        - checksum: 945038040

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>ProgramArguments</key>

        <array>

        <string>/Applications/Nike+ Connect.app/Contents/MacOS/Nike+ Connect Helper Daemon</string>

        </array>

        <key>Label</key>

        <string>com.nike.nikeplusconnect</string>

        <key>RunAtLoad</key>

        <true/>

        <key>KeepAlive</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchAgents/com.paragon.updater.plist

        - mod date: Mar 19 02:17:56 2015

        - checksum: 962844124

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>StartInterval</key>

        <integer>86400</integer>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/Application Support/Paragon Updater/Paragon Updater.app/Contents/MacOS/Paragon Updater</string>

        <string>--check</string>

        <string>--delay=30</string>

        </array>

        <key>Label</key>

        <string>com.paragon.updater</string>

        <key>RunAtLoad</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.c6f70d7ad08599d8.daemon.plist

        - mod date: May 18 18:06:11 2015

        - checksum: 2074595471

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Disabled</key>

                <true/>

        <key>Label</key>

        <string>com.v.daemon</string>

        <key>OnDemand</key>

        <true/>

        <key>ProgramArguments</key>

                <array>

                        <string>/Library/Application Support/c6f70d7ad08599d8/Agent/agent.app/Contents/MacOS/agent</string>

        <string>-update</string>

                </array>

        <key>KeepAlive</key>

        <true/>

        <key>RunAtLoad</key>

        <true/>

        <key>ThrottleInterval</key>

        <integer>10</integer>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.c6f70d7ad08599d8.helper.plist

        - mod date: May 18 18:06:11 2015

        - checksum: 606563049

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.v.helper</string>

        <key>OnDemand</key>

        <true/>

        <key>ProgramArguments</key>

                <array>

                        <string>/Library/Application Support/c6f70d7ad08599d8/Agent/agent.app/Contents/MacOS/agent</string>

        <string>-helper</string>

                </array>

        <key>KeepAlive</key>

        <true/>

        <key>RunAtLoad</key>

        <true/>

        <key>ThrottleInterval</key>

        <integer>10</integer>

        </dict>

        </plist>

     

     

    Contents of /System/Library/LaunchAgents/com.paragon.NTFS.notify.plist

        - mod date: Mar 19 02:18:06 2015

        - checksum: 3292335405

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.paragon.ntfs.trial</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/PreferencePanes/NTFSforMacOSX.prefPane/Contents/MacOS/notifica tor</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        </dict>

        </plist>

     

     

    Contents of /System/Library/Security/authorization.plist

        - mod date: Mar 20 11:42:17 2015

        - checksum: 2720110640

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>comment</key>

        <string>The name of the requested right is matched against the keys.  An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

        allow rule: this is always allowed

        &lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;

        &lt;string&gt;allow&lt;/string&gt;

        deny rule: this is always denied

        &lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;

        &lt;string&gt;deny&lt;/string&gt;

        user rule: successful authentication as a user in the specified group(5) allows the associated right.

        The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

        The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

        The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0.  This defaults to false if not specified.

        See remaining rules for examples.

        </string>

        <key>rights</key>

        <dict>

        <key></key>

        <dict>

        <key>class</key>

        <string>rule</string>

        <key>comment</key>

     

     

        ...and 1850 more line(s)

     

     

    Contents of /private/etc/authorization.deprecated

        - mod date: Jun  3 15:19:00 2015

        - checksum: 2675527024

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>comment</key>

        <string>The name of the requested right is matched against the keys.  An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

        allow rule: this is always allowed

        &lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;

        &lt;string&gt;allow&lt;/string&gt;

        deny rule: this is always denied

        &lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;

        &lt;string&gt;deny&lt;/string&gt;

        user rule: successful authentication as a user in the specified group(5) allows the associated right.

        The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

        The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

        The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0.  This defaults to false if not specified.

        See remaining rules for examples.

        </string>

        <key>rights</key>

        <dict>

        <key></key>

        <dict>

        <key>class</key>

        <string>rule</string>

        <key>comment</key>

     

     

        ...and 8742 more line(s)

     

     

    Contents of /private/etc/hosts

        - mod date: Jul 18 22:46:48 2012

        - checksum: 342357820

     

     

        127.0.0.1 localhost

        255.255.255.255 broadcasthost

        ::1             localhost

        fe80::1%lo0 localhost

        127.0.0.1 activate.adobe.com

        127.0.0.1 practivate.adobe.com

        127.0.0.1 ereg.adobe.com

        127.0.0.1 activate.wip3.adobe.com

        127.0.0.1 wip3.adobe.com

        127.0.0.1 3dns-3.adobe.com

        127.0.0.1 3dns-2.adobe.com

        127.0.0.1 adobe-dns.adobe.com

        127.0.0.1 adobe-dns-2.adobe.com

        127.0.0.1 adobe-dns-3.adobe.com

        127.0.0.1 ereg.wip3.adobe.com

        127.0.0.1 activate-sea.adobe.com

        127.0.0.1 wwis-dubc1-vip60.adobe.com

        127.0.0.1 activate-sjc0.adobe.com

        127.0.0.1 hl2rcv.adobe.com

     

     

    Contents of Library/LaunchAgents/Listchack.download.plist

        - mod date: Jun  6 18:06:32 2015

        - checksum: 329868818

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Listchack.download</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>

        <string>-trigger</string>

        <string>download</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18324</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Listchack</string>

        </array>

        <key>WatchPaths</key>

        <array>

        <string>/Users/USER/Downloads</string>

        </array>

        <key>isAllowToSuggest</key>

     

     

        ...and 3 more line(s)

     

     

    Contents of Library/LaunchAgents/Listchack.ltvbit.plist

        - mod date: Jun  6 18:06:32 2015

        - checksum: 4279669917

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Listchack.ltvbit</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>

        <string>-trigger</string>

        <string>ltvbit</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18324</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Listchack</string>

        </array>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

        <integer>4</integer>

        <key>Minute</key>

     

     

        ...and 4 more line(s)

     

     

    Contents of Library/LaunchAgents/Listchack.update.plist

        - mod date: Jun  6 18:06:32 2015

        - checksum: 2250700617

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Listchack.update</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>

        <string>-trigger</string>

        <string>update</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18324</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Listchack</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

     

     

        ...and 6 more line(s)

     

     

    Contents of Library/LaunchAgents/Texiday.download.plist

        - mod date: May 18 18:06:24 2015

        - checksum: 1979004617

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Texiday.download</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppBS</string>

        <string>-trigger</string>

        <string>download</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18062</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Texiday</string>

        </array>

        <key>WatchPaths</key>

        <array>

        <string>/Users/USER/Downloads</string>

        </array>

        <key>isAllowToSuggest</key>

     

     

        ...and 3 more line(s)

     

     

    Contents of Library/LaunchAgents/Texiday.ltvbit.plist

        - mod date: May 18 18:06:24 2015

        - checksum: 1364223386

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Texiday.ltvbit</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppBS</string>

        <string>-trigger</string>

        <string>ltvbit</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18062</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Texiday</string>

        </array>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

        <integer>4</integer>

        <key>Minute</key>

     

     

        ...and 4 more line(s)

     

     

    Contents of Library/LaunchAgents/Texiday.update.plist

        - mod date: May 18 18:06:24 2015

        - checksum: 3379066902

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>Texiday.update</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppBS</string>

        <string>-trigger</string>

        <string>update</string>

        <string>-isDev</string>

        <string>0</string>

        <string>-installVersion</string>

        <string>18062</string>

        <string>-firstAppId</string>

        <string>791900002</string>

        <string>-identity</string>

        <string>Texiday</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

     

     

        ...and 6 more line(s)

     

     

    Contents of Library/LaunchAgents/com.google.keystone.agent.plist

        - mod date: Jun 19 10:52:43 2015

        - checksum: 2096706669

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.google.keystone.user.agent</string>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>ProgramArguments</key>

        <array>

         <string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>

         <string>-runMode</string>

         <string>ifneeded</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>StartInterval</key>

        <integer>3523</integer>

        <key>StandardErrorPath</key>

        <string>/dev/null</string>

        <key>StandardOutPath</key>

        <string>/dev/null</string>

        </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.jdibackup.JustCloud.autostart.plist

        - mod date: May 22 10:51:30 2015

        - checksum: 2671694367

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

            <key>Label</key>

            <string>com.jdibackup.JustCloud.autostart</string>

            <key>ProgramArguments</key>

            <array>

                <string>open</string>

                <string>/Applications/JustCloud.app/Contents/Resources/Utility.app</string>

                <string>-n</string>

                <string>--args</string>

                <string>9</string>

                <string>-l</string>

            </array>

            <key>StandardOutPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_out.log</string>

            <key>StandardErrorPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_err.log</string>

            <key>RunAtLoad</key>

            <true/>

        </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.jdibackup.JustCloud.notify.plist

        - mod date: May 22 10:51:30 2015

        - checksum: 4094674910

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

            <key>Label</key>

            <string>com.jdibackup.JustCloud.notify</string>

            <key>ProgramArguments</key>

            <array>

                <string>open</string>

                <string>/Applications/JustCloud.app/Contents/Resources/Utility.app</string>

                <string>--args</string>

                <string>7</string>

                <string>1</string>

            </array>

            <key>StandardOutPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_out.log</string>

            <key>StandardErrorPath</key>

            <string>/Users/USER/Library/Logs/JustCloud/lagent_err.log</string>

            <key>StartInterval</key>

            <integer>1200</integer>

            <key>RunAtLoad</key>

            <false/>

        </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.spotify.webhelper.plist

        - mod date: Jun 11 15:32:39 2015

        - checksum: 2958153491

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

         <key>Label</key>

         <string>com.spotify.webhelper</string>

         <key>KeepAlive</key>

         <dict>

          <key>NetworkState</key>

          <true/>

         </dict>

         <key>RunAtLoad</key>

         <true/>

         <key>Program</key>

         <string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>

         <key>SpotifyPath</key>

         <string>/Applications/Spotify.app</string></dict>

        </plist>

     

     

    Bad plists

     

     

        Library/Preferences/com.Appe.Techworks.plist

        Library/Preferences/com.apple.Safari.plist.plist

        Library/Preferences/com.Secondspeed.Forfend.plist

     

     

    Extensions

     

     

        /System/Library/Extensions/EPSONUSBPrintClass.kext

        - com.epson.print.kext.USBPrintClass

        /System/Library/Extensions/JMicronATA.kext

        - com.jmicron.JMicronATA

        /System/Library/Extensions/NikeSportWatch.kext

        - com.nike.sportwatch

        /System/Library/Extensions/RoxioBluRaySupport.kext

        - com.roxio.BluRaySupport

     

     

    Applications

     

     

        /Applications/Adobe Acrobat 9 Pro/Acrobat Distiller.app

        - com.adobe.distiller

        /Applications/Adobe Acrobat 9 Pro/Acrobat Uninstaller.app

        - com.adobe.Acrobat.Uninstaller

        /Applications/Adobe Acrobat 9 Pro/Adobe Acrobat Pro.app

        - com.adobe.Acrobat.Pro

        /Applications/Adobe After Effects CS5/mocha/mocha for After Effects.app

        - com.ImagineerSystems.mocha4ae_adobe

        /Applications/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/lib/nai/lib/naib.app

        - APP_ID

        /Applications/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Flash CS5/AIK2.0/lib/nai/lib/naib.app

        - APP_ID

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/Current/Resources/Template.app

        - com.adobe.air.NativeTemplate

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Analyze Documents.localized/Analyze Documents.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Calendar.localized/Make Calendar.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Contact Sheet Demo.localized/Contact Sheets.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Export Flash Animation.localized/Export Flash Animation.app

        - N/A

        /Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Web Gallery.localized/Web Gallery.app

        - N/A

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/uninstall/Uninstall Product.app

        - N/A

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/uninstall/Uninstall Product.app

        - N/A

        /Applications/Adobe Media Player.app

        - com.adobe.amp.UUID.1

        /Applications/Adobe/Adobe Help.app

        - chc.UUID.1

        /Applications/Microsoft Communicator.app

        - com.microsoft.Communicator

        /Applications/Microsoft Messenger.app

        - com.microsoft.Messenger

        /Applications/Microsoft Office 2011/Additional Tools/Microsoft Language Register/Microsoft Language Register.app

        - com.microsoft.language_register

        /Applications/Microsoft Office 2011/Microsoft Document Connection.app

        - com.microsoft.DocumentConnection

        /Applications/Microsoft Office 2011/Microsoft Excel.app

        - com.microsoft.Excel

        /Applications/Microsoft Office 2011/Microsoft Outlook.app

        - com.microsoft.Outlook

        /Applications/Microsoft Office 2011/Microsoft PowerPoint.app

        - com.microsoft.Powerpoint

        /Applications/Microsoft Office 2011/Microsoft Word.app

        - com.microsoft.Word

        /Applications/Microsoft Office 2011/Office/Alerts Daemon.app

        - com.microsoft.AlertsDaemon

        /Applications/Microsoft Office 2011/Office/Equation Editor.app

        - com.microsoft.EquationEditor

        /Applications/Microsoft Office 2011/Office/Microsoft Chart Converter.app

        - com.microsoft.openxml.chart.app

        /Applications/Microsoft Office 2011/Office/Microsoft Clip Gallery.app

        - com.microsoft.ClipGallery

        /Applications/Microsoft Office 2011/Office/Microsoft Database Daemon.app

        - com.microsoft.outlook.database_daemon

        /Applications/Microsoft Office 2011/Office/Microsoft Database Utility.app

        - com.microsoft.outlook.database_utility

        /Applications/Microsoft Office 2011/Office/Microsoft Graph.app

        - com.microsoft.Graph

        /Applications/Microsoft Office 2011/Office/Microsoft Office Reminders.app

        - com.microsoft.outlook.office_reminders

        /Applications/Microsoft Office 2011/Office/Microsoft Office Setup Assistant.app

        - com.microsoft.office.setupassistant

        /Applications/Microsoft Office 2011/Office/Microsoft Query

        - N/A

        /Applications/Microsoft Office 2011/Office/Microsoft Upload Center.app

        - com.microsoft.office.uploadcenter

        /Applications/Microsoft Office 2011/Office/My Day.app

        - com.microsoft.myday

        /Applications/Microsoft Office 2011/Office/Open XML for Excel.app

        - com.microsoft.openxml.excel.app

        /Applications/Microsoft Office 2011/Office/SyncServicesAgent.app

        - com.microsoft.SyncServicesAgent

        /Applications/Remote Desktop Connection.app

        - com.microsoft.rdc

        /Applications/Skype.app

        - com.skype.skype

        /Applications/StuffIt/DropStuff.app

        - com.stuffit.DropStuff

        /Applications/StuffIt/Extras/Sample Droplets/Make StuffIt X.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Make Zip.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Make tgz.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/PDF Stuffer.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Stuff & Burn.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Stuff & Encrypt.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/Sample Droplets/Zip & Encrypt.app

        - com.stuffit.dropstuff.droplet

        /Applications/StuffIt/Extras/StuffIt 2010 Uninstaller.app

        - com.smithmicro.stuffitinstaller

        /Applications/StuffIt/Extras/StuffIt User Guide.app

        - com.stuffit.StuffIt_User_Guide

        /Applications/StuffIt/MagicMenu.app

        - com.stuffit.MagicMenu

        /Applications/StuffIt/StuffIt Archive Manager.app

        - com.stuffit.ArchiveManager

        /Applications/StuffIt/StuffIt Expander.app

        - com.stuffit.Expander

        /Applications/StuffIt/StuffIt SEA Maker.app

        - com.stuffit.StuffItSEAMaker

        /Applications/StuffIt/StuffIt Setup Assistant.app

        - com.stuffit.StuffItSetupAssistant

        /Applications/Toast 11 Titanium/Disc Cover 3 RE.app

        - com.belightsoft.DiscCover3.re

        /Applications/Toast 11 Titanium/DiskCatalogMaker.app

        - com.mac.fujisoft.DiskCatalogMaker

        /Applications/Toast 11 Titanium/Get Backup 2 RE.app

        - N/A

        /Applications/Toast 11 Titanium/Mac2Tivo.app

        - com.roxio.Mac2Tivo

        /Applications/Toast 11 Titanium/Spin Doctor.app

        - com.roxio.spindoctorx

        /Applications/Toast 11 Titanium/TiVo Transfer.app

        - com.tivo.desktop

        /Applications/Utilities/Adobe AIR Application Installer.app

        - com.adobe.air.ApplicationInstaller

        /Applications/Utilities/Adobe AIR Uninstaller.app

        - com.adobe.air.Installer

        /Applications/Utilities/Adobe Utilities.localized/Adobe Updater6/Adobe Updater.app

        - "com.Adobe.ESD.AdobeUpdaterApplication"

        /Applications/VLC.app

        - org.videolan.vlc

        /Applications/Yahoo! Messenger.app

        - com.yahoo.messenger3

        /Library/Application Support/Adobe/CS5ServiceManager/CS5ServiceManager.app

        - com.adobe.csi.CS5ServiceManager

        /Library/Application Support/Adobe/Installers/AdobeInDesign7AppBase/ExtraFiles/INSTALLDIR_EXE/Adobe InDesign CS5.app

        - N/A

        /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app

        - com.adobe.switchboard-2.0

        /Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app

        - com.apple.ScriptEditor.id.cocoa-applet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app

        - com.apple.ScriptEditor.id.droplet-with-settable-properties-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app

        - com.apple.ScriptEditor.id.file-processing-droplet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app

        - com.apple.ScriptEditor.id.image-file-processing-droplet-template

        /Library/Application Support/Synthetic Aperture Adobe CS5 Bundle/SA Color Finesse 3 UI.app

        - N/A

        /Library/Application Support/c6f70d7ad08599d8/Agent/agent.app

        - com.someproduct.agent

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR Application Installer.app

        - com.adobe.air.ApplicationInstaller

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Adobe AIR Updater.app

        - com.adobe.air.Installer

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app

        - com.adobe.air.Template

        /Library/Printers/hp/Fax/fax.backend

        - com.hp.fax

        /Library/Printers/hp/Fax/rastertofax.filter

        - com.hp.rastertofax

        /Library/Printers/hp/cups/filters/pdftopdf.filter

        - com.hp.print.cups.filter.pdftopdf

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 apdfllckaahabafndbhieahigkjlhalf.app

        - com.google.Chrome.app.Profile-2-apdfllckaahabafndbhieahigkjlhalf

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 blpcfgokakmgnkcojhhkbfbldkacnbeo.app

        - com.google.Chrome.app.Profile-2-blpcfgokakmgnkcojhhkbfbldkacnbeo

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 coobgpohoikkiipiblmjeljniedjpjpf.app

        - com.google.Chrome.app.Profile-2-coobgpohoikkiipiblmjeljniedjpjpf

        /Users/USER/Applications/Chrome Apps.localized/Profile 2 pjkljhegncpnkpknbcohdijeoejaedia.app

        - com.google.Chrome.app.Profile-2-pjkljhegncpnkpknbcohdijeoejaedia

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Profile 2 apdfllckaahabafndbhieahigkjlhalf.app

        - com.google.Chrome.app.Profile-2-apdfllckaahabafndbhieahigkjlhalf-internal

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Profile 2 blpcfgokakmgnkcojhhkbfbldkacnbeo.app

        - com.google.Chrome.app.Profile-2-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_coobgpohoikkiipiblmjeljniedjpjpf/Profile 2 coobgpohoikkiipiblmjeljniedjpjpf.app

        - com.google.Chrome.app.Profile-2-coobgpohoikkiipiblmjeljniedjpjpf-internal

        /Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_pjkljhegncpnkpknbcohdijeoejaedia/Profile 2 pjkljhegncpnkpknbcohdijeoejaedia.app

        - com.google.Chrome.app.Profile-2-pjkljhegncpnkpknbcohdijeoejaedia-internal

        /Users/USER/Library/Application Support/Roxio/Roxio Restore.app

        - com.roxio.restore

        /Users/USER/Library/Services/ToastIt.service

        - com.roxio.ToastItService

     

     

    Frameworks

     

     

        /Library/Frameworks/Adobe AIR.framework

        - com.adobe.AIR

        /Library/Frameworks/StuffIt.framework

        - com.stuffit.sdk

        /Library/Frameworks/StuffItCore.framework

        - com.stuffit.stuffitcore

        /System/Library/Frameworks/v.framework

        - N/A

     

     

    PrefPane

     

     

        /Library/PreferencePanes/Flash Player.prefPane

        - com.adobe.flashplayerpreferences

        /Library/PreferencePanes/NTFSforMacOSX.prefPane:® OS X:

        - N/A

     

     

    Bundles

     

     

        /Library/Application Support/Adobe/APE/3.1/adbeapecore.framework/Versions/A/Resources/Flash Player.plugin

        - com.macromedia.FlashPlayer-10.4-10.5.plugin

        /Library/Application Support/Adobe/Flash Player/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Application Support/Adobe/Plug-Ins/CS5/File Formats/Camera Raw.plugin

        - com.adobe.CameraRaw

        /Library/Contextual Menu Items/StuffItCM.plugin

        - com.stuffit.StuffItCM

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/AdobeCP.plugin

        - com.adobe.adobecp

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Internet Plug-Ins/AdobePDFViewer.plugin

        - com.adobe.acrobat.pdfviewer

        /Library/Internet Plug-Ins/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

        - com.microsoft.sharepoint.browserplugin

        /Library/Printers/Canon/BJPrinter/Plugins/BJNP/CIJNetworkIOM.plugin

        - jp.co.Canon.ij.print.iom.CIJNP

        /Library/Printers/Canon/BJPrinter/Plugins/BJNP/CIJNetworkPBM.plugin

        - jp.co.Canon.ij.print.pbm.CIJNP

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/BJUSBIOM.plugin

        - jp.co.canon.bj.print.bjusbiom

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/BJUSBPBM.plugin

        - jp.co.canon.bj.print.pbm.USB

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/CIJUSBClassDriver.plugin

        - jp.co.canon.ij.print.CIJUSBClassDriver

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/CIJUSBClassDriver2.plugin

        - jp.co.canon.ij.print.CIJUSBClassDriver2

        /Library/Printers/Canon/BJPrinter/Plugins/IJBluetooth/IJBluetoothIOM.plugin

        - jp.co.canon.ij.print.ijbluetoothiom

        /Library/Printers/Canon/IJScanner/Plugins/ag07_09.plugin

        - jp.co.canon.scangear.ag07.09

        /Library/Printers/Canon/IJScanner/Plugins/ag08_09.plugin

        - jp.co.canon.scangear.ag08.09

        /Library/Printers/Canon/IJScanner/Plugins/cncl09_09.plugin

        - jp.co.canon.scangear.lld09.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq2413_09.plugin

        - jp.co.canon.scanner.cnq2413.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq2414_09.plugin

        - jp.co.canon.scanner.cnq2414.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4807_09.plugin

        - jp.co.canon.scanner.cnq4807.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4808_09.plugin

        - jp.co.canon.scanner.cnq4808.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4809_09.plugin

        - jp.co.canon.scanner.cnq4809.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq9601_09.plugin

        - jp.co.canon.scanner.cnq9601.09

        /Library/Printers/Canon/IJScanner/Plugins/ijfshlib_09.plugin

        - jp.co.canon.scangear.ijfshlib.09

        /Library/Printers/Canon/IJScanner/Plugins/mld07_09.plugin

        - jp.co.canon.scangear.mld07.09

        /Library/Printers/Canon/IJScanner/Plugins/mld08_09.plugin

        - jp.co.canon.scangear.mld08.09

        /Library/Printers/Canon/IJScanner/Plugins/mld09_09.plugin

        - jp.co.canon.scangear.mld09.09

        /Library/Printers/Canon/IJScanner/Plugins/mld9601_09.plugin

        - jp.co.canon.scangear.mld9601.09

        /Library/Printers/Canon/IJScanner/Plugins/sfusb_09.plugin

        - jp.co.canon.sf.scanner.sfusb.09

        /Library/Printers/Canon/IJScanner/Plugins/sgusb_09.plugin

        - jp.co.canon.scangear.usb.09

        /Library/Printers/Canon/IJScanner/Plugins/smac_09.plugin

        - jp.co.canon.scangear.smac.09

        /Library/Printers/Canon/IJScanner/Plugins/zoom_09.plugin

        - jp.co.canon.scangear.zoom.09

        /Library/Printers/EPSON/CIOSupport/CIOHelper.plugin

        - com.epson.print.plugin.CIOHelper

        /Library/Printers/EPSON/CIOSupport/EPSONUSBPrintClass.plugin

        - com.epson.print.plugin.USBPrintClass

        /Library/Printers/EPSON/CIOSupport/XIOP.plugin

        - com.epson.print.plugin.XIOP

        /Library/Printers/EPSON/CIOSupport/XIORemoteClient.plugin

        - com.epson.print.plugin.XIORemoteClient

        /Library/Printers/EPSON/CIOSupport/XIORemoteServer.plugin

        - com.epson.print.plugin.XIORemoteServer

        /Library/Printers/PPD Plugins/AdobePDFPDE900.plugin

        - com.adobe.print.AdobePDF9.pde

        /Library/QuickLook/StuffIt.qlgenerator

        - com.stuffit.qlgenerator

        /Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle

        - com.skype.skypeabdialer

        /Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle

        - com.skype.skypeabsms

        /Users/USER/Library/Address Book Plug-Ins/YMsgrCallABPlugin.bundle

        - com.yahoo.YMsgrCallABPlugin

        /Users/USER/Library/Address Book Plug-Ins/YMsgrMsnABPlugin.bundle

        - com.yahoo.YMsgrMsnABPlugin

        /Users/USER/Library/Address Book Plug-Ins/YMsgrSmsABPlugin.bundle

        - com.yahoo.YMsgrSmsABPlugin

        /Users/USER/Library/Address Book Plug-Ins/YMsgrYimABPlugin.bundle

        - com.yahoo.YMsgrYimABPlugin

     

     

    Bundles (new)

     

     

        /Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle

        - com.google.Keystone

     

     

    Library paths

     

     

        /Applications/Adobe Contribute CS5/SupportFiles/FirefoxExtension/Installer/osx/FirefoxCustomHook.dylib

        /Applications/Adobe Contribute CS5/SupportFiles/FirefoxExtension/{UUID}/components/ContributeToolbar.dylib

        /Applications/Adobe Contribute CS5/libCocoa.dylib

        /Applications/Adobe Dreamweaver CS5/Configuration/browsers/webkit/WebKit.dylib

        /Applications/Adobe Dreamweaver CS5/libCocoa.dylib

        /Applications/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Flash Builder 4/sdks/4.0.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/Current/Resources/WebKit.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libSystem.B.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libgcc_s.1.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libobjc.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libstdc++.6.dylib

        /Applications/Adobe Flash CS5/PFI/lib/aot/stub/libz.dylib

        /Applications/Adobe Flash Catalyst CS5/plugins/com.adobe.flexide.nativelibs_1.0.0.273393/Frameworks/MFILoaderLibra ry_v3.dylib

        /Applications/Adobe Flash Catalyst CS5/sdks/4.0.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/ARKCmdCaps.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/ARKCmdFS.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/ARKEngine.dylib

        /Applications/Adobe Media Encoder CS5/PCI/AMEPCI/resources/libraries/AdobePIM.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/ARKCmdCaps.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/ARKCmdFS.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/ARKEngine.dylib

        /Applications/Adobe Media Encoder CS5/PCI/Dolby/resources/libraries/AdobePIM.dylib

        /Applications/Adobe Photoshop CS5/MATLAB/Required/psmatlab.dylib

        /Applications/Microsoft Office 2011/Office/MicrosoftSetupUI.framework/Libraries/mbupgx.dylib

        /Applications/Microsoft Office 2011/Office/OPF.framework/Versions/14/Resources/OPF_Common.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/Fm20.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/MicrosoftOLE2TypesLib.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/RefEdit.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/RichEdit.dylib

        /Library/Application Support/Adobe/APE/3.1/adbeapecore.framework/Versions/A/Resources/WebKit.dylib

        /Library/Application Support/Adobe/CS5ServiceManager/lib/CSXS-Installer-Hook.dylib

        /Library/Application Support/Adobe/CS5ServiceManager/lib/ServiceManager-Launcher.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/DWANative.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/ARKCmdCaps.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/ARKCmdFS.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/ARKEngine.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/DWA/resources/libraries/AdobePIM.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/PWANative.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/adobe_caps.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/adobe_oobelib.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/LWA/adobe_upgrade.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/UWA/UWANative.dylib

        /Library/Application Support/Adobe/OOBE/PDApp/core/AdobePIM.dylib

        /Library/Application Support/Adobe/SING/Mark II/TINthread.dylib

        /Library/Application Support/Mozilla/Extensions/{UUID}/{UUID}/components/ContributeToolbar.dylib

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /System/Library/Frameworks/v.framework/Versions/A/Libraries/libLoader.dylib

        /Users/USER/Library/Application Support/Firefox/Profiles/yls2qimr.default/gmp-gmpopenh264/1.1/libgmpopenh264.dy lib

        /Users/USER/Library/Application Support/Firefox/Profiles/yls2qimr.default/gmp-gmpopenh264/1.3/libgmpopenh264.dy lib

        /Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.8.823/_platform_specific/mac_x64/libwidev inecdm.dylib

        /usr/lib/libUFSDNTFS.dylib

     

     

    Installations

     

     

        Toast Titanium Update: 9/5/12, 3:58 PM

        PlugIn: 8/30/12, 4:06 PM

        Microsoft Office for Mac 2011: 3/18/12, 8:30 PM

        Growl: 3/18/12, 8:26 PM

        PlugIn: 3/18/12, 7:16 PM

     

     

    Bad kernel extensions

     

     

        /System/Library/Extensions/RoxioBluRaySupport.kext

     

     

    Elapsed time (sec): 325

  • by s_neeky,

    s_neeky s_neeky Jun 22, 2015 3:11 AM in response to Linc Davis
    Level 1 (0 points)
    Jun 22, 2015 3:11 AM in response to Linc Davis
  • by Linc Davis,

    Linc Davis Linc Davis Jun 22, 2015 5:20 AM in response to s_neeky
    Level 10 (208,017 points)
    Applications
    Jun 22, 2015 5:20 AM in response to s_neeky

    A

    You installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.

    If you have trouble following those instructions, see below.

    Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

    The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.

    Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination  command-C:

    /Library/LaunchDaemons

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

    A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form

              com.something.daemon.plist

    and

               com.something.helper.plist

    Here something is a variable string of characters, which can be different in each VSearch infection. So far it has always been an alphanumeric string without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.

    If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:

    /Library/LaunchAgents

    In this folder, there may be a file named

              com.something.agent.plist

    where the string something is the same as before.

    If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.

    Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.

    The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.

    Open this folder:

    /Library/Application Support

    If it has a subfolder named just

               something

    where something is the same string you saw before, drag that subfolder to the Trash and close the window.

    Don't delete the "Application Support" folder or anything else inside it.

    Finally, in this folder:

    /System/Library/Frameworks

    there may be an item named exactly

                v.framework

    It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.

    Don't delete the "Frameworks" folder or anything else inside it.

    If you didn't find the files or you're not sure about the identification, post what you found.

    If in doubt, or if you have no backups, change nothing at all.

    The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it. I don't recommend that you install the genuine "MPlayerX," because it's hosted on the rogue "SourceForge" website and is bundled with other malware.

    This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.

    B

    You also installed a variant of the "InstallMac" trojan. Take the steps below to disable it.

    The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

    Back up all data before continuing.

    1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

    ~/Library/LaunchAgents

    In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

    2. Inside the folder you just opened, there may files with a name of the form

              something.download.plist

              something.ltvbit.plist

              something.update.plist

    where something is usually a meaningless string, such as "InKeepr," "Listchack," "Oliverto," or "Texiday." It could be anything. The point is that the same string will appear in the name of three files.

    You could have more than one copy of the malware, with different values of something.

    Move all such items to the Trash. There may not be any other files in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)

    Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

    3. Open this folder in the same way as above:

    ~/Library/Application Support

    and move to the Trash any subfolders named with the same something you found in Step 2.

    Don't move the Application Support folder or anything else inside it.

    4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, drag it to the Trash.

    If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.

    Empty the Trash.

    If you get an alert that the application is in use, force it to quit.

    5. From the Safari menu bar, select

              Safari Preferences... Extensions

    Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.

    6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select

              Safari Preferences... General

    and click

              Set to Current Page

    C

    "ZipCloud," sometimes named "JustCloud," is a cloud-storage service with a doubtful reputation. The OS X client is sometimes distributed along with malware. Although ZipCloud may not be malicious itself, it should be suspected by virtue of the company it keeps.

    To remove ZipCloud, start by backing up all data (not with ZipCloud itself, of course.)

    Quit the "ZipCloud" or "JustCloud" application, if it's running, and drag it from the Applications folder to the Trash. Don't try to empty yet.

    Triple-click anywhere in the line below on this page to select it:

    ~/Library/LaunchAgents

    Right-click or control-click the highlighted line and select

              Services Open

    from the contextual menu.* A folder named "LaunchAgents" should open.

    In the folder, there may be one or more files with a name beginning as follows:

               com.jdibackup.

    Move all such files to the Trash.

    Log out or restart the computer and empty the Trash.

    *If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination  command-C. In the Finder, select

              Go Go to Folder...

    from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

    D

    You need to become much more cautious about installing software. Until you have more experience as a Mac user, I suggest you change a setting to allow only Apple updates and software from the App Store to be installed.

    Open the Security & Privacy pane in System Preferences and select the General tab. Click the lock icon in the lower left corner and enter your password to unlock the settings. Select the button marked

              Mac App Store

    and close the preference pane. For information about the effects of this setting, see this support article. You may need to change the setting temporarily to install some third-party software, such as Flash Player. Be especially careful with that, as malware is often distributed in the form of a fake Flash update. Never follow a link to a Flash update on any web page. Instead use the built-in updater in the Flash Player preference pane.

    The products in the App Store, while they aren't always very good, can at least be considered safe enough to use.

  • by Keith Dvorak,

    Keith Dvorak Keith Dvorak Jul 10, 2015 11:06 AM in response to Linc Davis
    Level 1 (0 points)
    Jul 10, 2015 11:06 AM in response to Linc Davis

    Here are my results. I just got this, and it freaked me out. However, I saw some of your earlier advice and I can't find any of the files on my system. I did manage to keep it from launching on Safari after a couple fast force-quits. I hope I'm okay.

     

    Start time: 10:42:16 07/10/15

     

     

    Revision: 1241

     

     

    Model Identifier: MacBookAir4,2

    System Version: OS X 10.10.4 (14E46)

    Kernel Version: Darwin 14.4.0

    Time since boot: 1 day2:41

     

     

    UID: 501

     

     

    Font issues: 3

     

     

    Trusted certs (user)

     

     

        phvapr06.safeway.com

     

     

    Firewall: On

     

     

    TCP/IP

     

     

        Subnet mask: 255.255.255.240

     

     

    Listeners

     

     

        kdc: kerberos

        launchd: afpovertcp

        launchd: ssh

     

     

    Wi-Fi

     

     

        Signal / Noise: -81 dBm / -85 dBm

        Security: None

        Security: None

        Security: None

        Security: None

        Security: None

        Security: None

        Security: None

        Security: None

        Security: None

        Security: None

     

     

    System caches/logs

     

     

        3549 MB: /System/Library/Caches/com.apple.coresymbolicationd/data

        1252 MB: /var/folders/gv/gs_jk4xd3rgc24pl0nfk_5fr0000gn/T/../C/com.apple.iBooksX/5546385 79/mzbf.puztqtny..d2.dlv.d2.dlv.ibooks

     

     

    Diagnostic reports

     

     

        2015-06-14 discoveryd crash

        2015-06-14 sharingd crash

        2015-06-21 Fantastical 2 crash

        2015-06-23 SystemUIServer crash

        2015-07-02 SystemUIServer crash

        2015-07-02 com.apple.WebKit.Networking crash

        2015-07-05 AdobeCrashDaemon crash

        2015-07-05 CalendarAgent crash

     

     

    Kernel log

     

     

        Jul  6 11:17:12 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0

        Jul  7 07:30:10 AppleUSBEthernetHost::enable: failed to set alt interface 1, e00002ed

        Jul  7 07:30:10 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0

        Jul  7 11:32:35 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0

        Jul  7 13:53:20 Warning: IOSurface 0000006f modified by process com.apple.WebKit using the GPU while surface is write locked by process com.apple.WebKit

        Jul  7 13:53:20 Warning: IOSurface 0000006f modified by process com.apple.WebKit using the GPU while surface is write locked by process com.apple.WebKit

        Jul  7 13:59:10 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0

        Jul  7 15:09:31 WARNING: hibernate_page_list_setall skipped 13956 xpmapped pages

        Jul  8 05:19:14 WARNING: hibernate_page_list_setall skipped 15038 xpmapped pages

        Jul  8 07:14:07 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0

        Jul  8 12:39:12 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0

        Jul  8 13:49:37 WARNING: hibernate_page_list_setall skipped 15038 xpmapped pages

        Jul  9 07:22:09 WARNING: hibernate_page_list_setall skipped 15794 xpmapped pages

        Jul  9 08:01:55 utun_start: ifnet_disable_output returned error 12

        Jul  9 08:02:36 OSUnserializeXML: syntax error near line 1

        Jul  9 08:02:39 OSUnserializeXML: syntax error near line 1

        Jul  9 08:02:45 OSUnserializeXML: syntax error near line 1

        Jul  9 08:13:08 Warning: IOSurface 0000001d modified by process com.apple.WebKit using the GPU while surface is write locked by process com.apple.WebKit

        Jul  9 08:13:08 Warning: IOSurface 0000001d modified by process com.apple.WebKit using the GPU while surface is write locked by process com.apple.WebKit

        Jul  9 12:50:41 AppleUSBEthernetHost::enable: failed to set alt interface 1, e00002ed

        Jul  9 12:50:41 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0

        Jul 10 06:39:20 WARNING: hibernate_page_list_setall skipped 22567 xpmapped pages

        Jul 10 07:18:18 esp6_input: mbuf allocation failed

        Jul 10 07:18:19 esp6_input: mbuf allocation failed

        Jul 10 07:20:15 esp6_input: mbuf allocation failed

     

     

    System log

     

     

        Jul 10 09:56:31 racoon IPv6 not supported for mode config.

        Jul 10 09:56:31 racoon unable to allocate space for vpn control message.

        Jul 10 10:08:33 launchservicesd Application App:"loginwindow" asn:0x0-1001 pid:89 refs=7 @ 0x7facf2f09580 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x14a14a pid=2644 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue

        Jul 10 10:08:33 launchservicesd Application App:"loginwindow" asn:0x0-1001 pid:89 refs=8 @ 0x7facf2f09580 tried to be brought forward, but isn't in fPermittedFrontApps ( ( "LSApplication:0x0-0x14a14a pid=2644 "ScreenSaverEngine"")), so denying. : LASSession.cp #1521 SetFrontApplication() q=LSSession 100005/0x186a5 queue

        Jul 10 10:08:36 powerd Activity changes from 0x1 to 0x9. Assertions:1 HidState:1

        Jul 10 10:08:40 racoon IPv6 not supported for mode config.

        Jul 10 10:08:40 racoon unable to allocate space for vpn control message.

        Jul 10 10:08:46 powerd Activity changes from 0x9 to 0x1. Assertions:1 HidState:1

        Jul 10 10:20:12 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:20:12 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:20:12 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:20:12 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:20:12 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:20:12 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:20:56 racoon IPv6 not supported for mode config.

        Jul 10 10:20:56 racoon unable to allocate space for vpn control message.

        Jul 10 10:27:32 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:27:32 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:27:32 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:27:32 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:27:32 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:27:32 EvernoteHelper AppleEvents: Send port for process has no send right, port=( port:20475/0x4ffb rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread

        Jul 10 10:32:59 racoon IPv6 not supported for mode config.

        Jul 10 10:32:59 racoon unable to allocate space for vpn control message.

        Jul 10 10:34:25 WindowServer WSGetSurfaceInWindow : Invalid surface 631221912 for window 1519

     

     

    Console log

     

     

        Jul  7 11:11:07 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  7 11:11:26 nsurlstoraged writeDBwithCachedResponse-ERROR: task-mgr=MacGourmet Deluxe-write (_dbWriteConnection=0x7ff28bc9b310) insert SQL stmnt. is nil for item: https://www.marinercloud.com/device/wine_notes/number_of_transactions?authentica tion_token=UUID&type=DELETE

        Jul  7 11:11:26 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  7 11:11:26 nsurlstoraged writeDBwithCachedResponse-ERROR: task-mgr=MacGourmet Deluxe-write (_dbWriteConnection=0x7ff28bc9b310) insert SQL stmnt. is nil for item: https://www.marinercloud.com/device/wine_notes/number_of_transactions?authentica tion_token=UUID&type=CREATE

        Jul  7 11:11:26 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  7 11:11:29 nsurlstoraged writeDBwithCachedResponse-ERROR: task-mgr=MacGourmet Deluxe-write (_dbWriteConnection=0x7ff28bc9b310) insert SQL stmnt. is nil for item: https://www.marinercloud.com/device/wine_notes/number_of_transactions?authentica tion_token=UUID&type=UPDATE

        Jul  7 11:11:29 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  7 11:11:29 nsurlstoraged writeDBwithCachedResponse-ERROR: task-mgr=MacGourmet Deluxe-write (_dbWriteConnection=0x7ff28bc9b310) insert SQL stmnt. is nil for item: https://www.marinercloud.com/device/beer_notes/number_of_transactions?authentica tion_token=UUID&type=DELETE

        Jul  7 11:11:29 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  7 11:11:29 nsurlstoraged writeDBwithCachedResponse-ERROR: task-mgr=MacGourmet Deluxe-write (_dbWriteConnection=0x7ff28bc9b310) insert SQL stmnt. is nil for item: https://www.marinercloud.com/device/beer_notes/number_of_transactions?authentica tion_token=UUID&type=CREATE

        Jul  7 11:11:29 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  7 11:11:29 nsurlstoraged writeDBwithCachedResponse-ERROR: task-mgr=MacGourmet Deluxe-write (_dbWriteConnection=0x7ff28bc9b310) insert SQL stmnt. is nil for item: https://www.marinercloud.com/device/beer_notes/number_of_transactions?authentica tion_token=UUID&type=UPDATE

        Jul  7 11:11:29 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  7 11:11:56 nsurlstoraged writeDBwithCachedResponse-ERROR: task-mgr=MacGourmet Deluxe-write (_dbWriteConnection=0x7ff28bc9b310) insert SQL stmnt. is nil for item: https://www.marinercloud.com/user/recipes88780015

        Jul  7 11:11:56 nsurlstoraged Error: execSQLStatement:onConnection:toCompletionWithRetry - SQL=COMMIT;, error-code=1, error-message=cannot commit - no transaction is active

        Jul  9 07:39:58 ReportCrash Invoking spindump for pid=5456 wakeups_rate=160 duration=282 because of excessive wakeups

        Jul  9 08:02:41 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd

        Jul  9 08:02:41 nsurlstoraged The read-connection to the DB=/Users/USER/Library/Caches/com.apple.icloud.fmfd/Cache.db is NOT valid.  Unable to determine schema version.

        Jul  9 08:02:41 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd

        Jul  9 08:02:41 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd

        Jul  9 08:02:46 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd

        Jul  9 08:02:46 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd

        Jul  9 08:02:53 nsurlstoraged realpath() returned NULL for /Users/USER/Library/Caches/com.apple.icloud.fmfd

        Jul  9 08:04:03 ReportCrash Invoking spindump for pid=239 wakeups_rate=492 duration=92 because of excessive wakeups

        Jul  9 09:44:31 ReportCrash Invoking spindump for pid=405 wakeups_rate=452 duration=100 because of excessive wakeups

     

     

    Daemons

     

     

        com.adobe.ARMDC.Communicator

        com.adobe.ARMDC.SMJobBlessHelper

        com.adobe.adobeupdatedaemon

        com.adobe.fpsaud

        com.apple.GSSCred

        com.apple.awdd

        com.apple.cmio.registerassistantservice

        com.apple.corestorage.corestoragehelperd

        com.apple.ctkd

        com.apple.icloud.findmydeviced

        com.apple.iconservices.iconservicesagent

        com.apple.ifdreader

        com.apple.installd

        com.apple.installer.osmessagetracing

        com.apple.nehelper

        com.apple.nsurlsessiond_privileged

        com.apple.sandboxd

        com.apple.softwareupdated

        com.apple.spindump

        - status: 75

        com.apple.systemadministration.writeconfig

        com.apple.watchdogd

        com.apple.wdhelper

        com.apple.xpc.smd

        com.barebones.authd

        com.bjango.istatmenusdaemon

        com.microsoft.office.licensing.helper

        com.oracle.java.Helper-Tool

        com.oracle.java.JavaUpdateHelper

     

     

    Agents

     

     

        2BUA8C4S2C.com.agilebits.onepassword4-helper

        com.adobe.AAM.Scheduler-1.0

        com.adobe.ARMDCHelper.UUID

        - status: 111

        com.adobe.AdobeCreativeCloud

        com.akamai.single-user-client

        com.apple.AirPortBaseStationAgent

        com.apple.CSConfigDotMacCert-EMAIL-SharedServices

        - status: 78

        com.bjango.istatmenusagent

        com.bjango.istatmenusnotifications

        com.dayoneapp.dayone-agent

        com.flexibits.fantastical2.mac.launcher

        com.houdah.HoudahSpot4.HoudahSpotHelper

        com.microsoft.OneDriveLauncher

        com.omnigroup.OmniPresenceLauncher

        com.oracle.java.Java-Updater

        com.spotify.webhelper

     

     

    User overrides

     

     

        com.dayoneapp.dayone-agent

        com.adobe.AAM.Scheduler-1.0

     

     

    User login items

     

     

        Bartender

        - /Applications/Bartender.app

        Default Folder X Helper

        - /Library/PreferencePanes/Default Folder X.prefPane/Contents/Resources/Default Folder X Helper.app

        iTunesHelper

        - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

        OmniFocus

        - /Applications/OmniFocus.app

        TextExpander

        - /Applications/TextExpander.app

        BusyCalAlarm

        - missing value

        EvernoteHelper

        - missing value

        HoudahSpotHelper

        - missing value

        LaunchBar

        - /Applications/LaunchBar.app

        HazelHelper

        - missing value

        MailTagsHelper

        - /Users/USER/Library/Application Support/Indev/MailTagsHelper.app

        Fantastical

        - missing value

        Dropbox

        - /Applications/Dropbox.app

        AdobeResourceSynchronizer

        - /Applications/Adobe Acrobat DC/Adobe Acrobat.app/Contents/Helpers/AdobeResourceSynchronizer.app

        MailTags Helper

        - /Users/USER/Library/Application Support/Indev/MailTagsHelper.app

     

     

    Safari extensions

     

     

        1Password

        - com.agilebits.onepassword4-safari

        Delibar Button

        - net.shinyfrog.delibarbutton

        Evernote Web Clipper

        - com.evernote.safari.clipper

        Fontface Ninja

        - com.creaktif.fontfaceninja

        FontScope

        - com.pjkh.fontscope

        Instapaper

        - com.instapaper.extension

        iThoughtsX

        - com.toketaware.ithoughtsx.safariextension

        Sessions

        - yoo.david.sessions

     

     

    iCloud errors

     

     

        Photos 25

        comapple.CloudPhotosConfiguration 5

        cloudphotosd 5

        cloudd 4

        Finder 2

        Spotlight 1

     

     

    Continuity errors

     

     

        sharingd 2

     

     

    User caches/logs

     

     

        1252 MB: /var/folders/gv/gs_jk4xd3rgc24pl0nfk_5fr0000gn/T/../C/com.apple.iBooksX/5546385 79/mzbf.puztqtny..d2.dlv.d2.dlv.ibooks

     

     

    Restricted files: 132

     

     

    Lockfiles: 14

     

     

    Contents of /Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist

        - mod date: Apr  7 09:53:54 2015

        - checksum: 2197523146

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.adobe.ARMDCHelper.UUID</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/Application Support/Adobe/ARMDC/Application/Acrobat Update Helper.app/Contents/MacOS/Acrobat Update Helper</string>

        </array>

        <key>RunAtLoad</key>

        <true/>

        <key>StartInterval</key>

        <integer>12600</integer>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchAgents/com.bjango.istatmenusagent.plist

        - mod date: Apr  9 07:50:06 2015

        - checksum: 2262789825

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>MachServices</key>

        <dict>

        <key>com.bjango.istatmenusagent</key>

        <true/>

        </dict>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>KeepAlive</key>

        <true/>

        <key>Label</key>

        <string>com.bjango.istatmenusagent</string>

        <key>Program</key>

        <string>/Library/Application Support/iStat Menus 5/iStatMenusAgent.app/Contents/MacOS/iStatMenusAgent</string>

        <key>RunAtLoad</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchAgents/com.bjango.istatmenusnotifications.plist

        - mod date: Apr  9 07:50:06 2015

        - checksum: 1266143884

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>MachServices</key>

        <dict>

        <key>com.bjango.istatmenusnotifications</key>

        <true/>

        </dict>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>KeepAlive</key>

        <true/>

        <key>Label</key>

        <string>com.bjango.istatmenusnotifications</string>

        <key>Program</key>

        <string>/Library/Application Support/iStat Menus 5/iStat Menus Notifications.app/Contents/MacOS/iStat Menus Notifications</string>

        <key>RunAtLoad</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist

        - mod date: Jan 27 11:17:34 2013

        - checksum: 366297641

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.oracle.java.Java-Updater</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>

        <string>-bgcheck</string>

        </array>

        <key>StandardErrorPath</key>

        <string>/dev/null</string>

        <key>StandardOutPath</key>

        <string>/dev/null</string>

        <key>StartCalendarInterval</key>

        <dict>

        <key>Hour</key>

        <integer>6</integer>

        <key>Minute</key>

        <integer>8</integer>

        <key>Weekday</key>

        <integer>7</integer>

        </dict>

        </dict>

     

     

        ...and 1 more line(s)

     

     

    Contents of /Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist

        - mod date: Apr  7 09:53:54 2015

        - checksum: 3887726299

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.adobe.ARMDC.Communicator</string>

        <key>MachServices</key>

        <dict>

        <key>com.adobe.ARMDC.Communicator</key>

        <true/>

        </dict>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/PrivilegedHelperTools/com.adobe.ARMDC.Communicator</string>

        </array>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist

        - mod date: Apr  7 09:53:54 2015

        - checksum: 930028549

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Label</key>

        <string>com.adobe.ARMDC.SMJobBlessHelper</string>

        <key>MachServices</key>

        <dict>

        <key>com.adobe.ARMDC.SMJobBlessHelper</key>

        <true/>

        </dict>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/PrivilegedHelperTools/com.adobe.ARMDC.SMJobBlessHelper</string >

        </array>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.adobe.adobeupdatedaemon.plist

        - mod date: Jul  9 07:35:16 2015

        - checksum: 2254479735

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>KeepAlive</key>

        <true/>

        <key>Label</key>

        <string>com.adobe.adobeupdatedaemon</string>

        <key>LaunchOnlyOnce</key>

        <true/>

        <key>Program</key>

        <string>/Library/Application Support/Adobe/Adobe Desktop Common/ElevationManager/AdobeUpdateDaemon</string>

        <key>RunAtLoad</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.barebones.authd.plist

        - mod date: Jan 19 14:11:25 2012

        - checksum: 1995816654

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>EnableTransactions</key>

        <true/>

        <key>Label</key>

        <string>com.barebones.authd</string>

        <key>ProgramArguments</key>

        <array>

        <string>/Library/PrivilegedHelperTools/com.barebones.authd</string>

        </array>

        <key>Sockets</key>

        <dict>

        <key>com.barebones.authd.socket</key>

        <dict>

        <key>SockPathMode</key>

        <integer>438</integer>

        <key>SockPathName</key>

        <string>/var/tmp/com.barebones.authd.socket</string>

        </dict>

        </dict>

        </dict>

        </plist>

     

     

    Contents of /Library/LaunchDaemons/com.bjango.istatmenusdaemon.plist

        - mod date: Apr  9 07:50:06 2015

        - checksum: 3697781966

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>MachServices</key>

        <dict>

        <key>com.bjango.istatmenusdaemon</key>

        <true/>

        </dict>

        <key>KeepAlive</key>

        <true/>

        <key>Label</key>

        <string>com.bjango.istatmenusdaemon</string>

        <key>Program</key>

        <string>/Library/Application Support/iStat Menus 5/iStatMenusDaemon</string>

        <key>RunAtLoad</key>

        <true/>

        </dict>

        </plist>

     

     

    Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist

        - mod date: Apr  9 06:22:19 2015

        - checksum: 3012644940

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>Disabled</key>

        <true/>

        <key>Label</key>

        <string>org.apache.httpd</string>

        <key>EnvironmentVariables</key>

        <dict>

        <key>XPC_SERVICES_UNAVAILABLE</key>

        <string>1</string>

        </dict>

        <key>ProgramArguments</key>

        <array>

        <string>/usr/sbin/httpd-wrapper</string>

        <string>-D</string>

        <string>FOREGROUND</string>

        </array>

        <key>OnDemand</key>

        <false/>

        </dict>

        </plist>

     

     

    Contents of /System/Library/Security/authorization.plist

        - mod date: Oct  9 02:17:00 2014

        - checksum: 2720110640

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>comment</key>

        <string>The name of the requested right is matched against the keys.  An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

        allow rule: this is always allowed

        &lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;

        &lt;string&gt;allow&lt;/string&gt;

        deny rule: this is always denied

        &lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;

        &lt;string&gt;deny&lt;/string&gt;

        user rule: successful authentication as a user in the specified group(5) allows the associated right.

        The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

        The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

        The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0.  This defaults to false if not specified.

        See remaining rules for examples.

        </string>

        <key>rights</key>

        <dict>

        <key></key>

        <dict>

        <key>class</key>

        <string>rule</string>

        <key>comment</key>

     

     

        ...and 1850 more line(s)

     

     

    Contents of /private/etc/authorization.deprecated

        - mod date: Sep 19 13:15:38 2013

        - checksum: 1780669285

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>comment</key>

        <string>The name of the requested right is matched against the keys.  An exact match has priority, otherwise the longest match from the start is used. Note that the right will only match wildcard rules (ending in a ".") during this reduction.

        allow rule: this is always allowed

        &lt;key&gt;com.apple.TestApp.benign&lt;/key&gt;

        &lt;string&gt;allow&lt;/string&gt;

        deny rule: this is always denied

        &lt;key&gt;com.apple.TestApp.dangerous&lt;/key&gt;

        &lt;string&gt;deny&lt;/string&gt;

        user rule: successful authentication as a user in the specified group(5) allows the associated right.

        The shared property specifies whether a credential generated on success is shared with other apps (i.e., those in the same "session"). This property defaults to false if not specified.

        The timeout property specifies the maximum age of a (cached/shared) credential accepted for this rule.

        The allow-root property specifies whether a right should be allowed automatically if the requesting process is running with uid == 0.  This defaults to false if not specified.

        See remaining rules for examples.

        </string>

        <key>rights</key>

        <dict>

        <key></key>

        <dict>

        <key>class</key>

        <string>rule</string>

        <key>comment</key>

     

     

        ...and 9707 more line(s)

     

     

    Contents of Library/LaunchAgents/com.akamai.single-user-client.plist

        - mod date: Jun  9 10:34:23 2015

        - checksum: 1151437036

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

          <dict>

            <key>Label</key>

            <string>com.akamai.single-user-client</string>

            <key>Nice</key>

            <integer>-18</integer>

            <key>KeepAlive</key>

            <dict>

              <key>SuccessfulExit</key>

              <false/>

            </dict>

            <key>ProgramArguments</key>

            <array>

              <string>/Users/USER/Applications/Akamai/netsession_mac</string>

            </array>

            <key>RunAtLoad</key>

            <true/>

            <key>AbandonProcessGroup</key>

            <true/>

          </dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-EMAIL-SharedServices.Agent.pl ist

        - mod date: Oct  9 12:41:32 2011

        - checksum: 794059265

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>KeepAlive</key>

        <false/>

        <key>Label</key>

        <string>com.apple.CSConfigDotMacCert-EMAIL-SharedServices</string>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        <key>LowPriorityIO</key>

        <true/>

        <key>Nice</key>

        <integer>10</integer>

        <key>ProgramArguments</key>

        <array>

        <string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>

        <string>-l</string>

        <string>/Users/USER/Library/Logs/CSConfigDotMacCert.log</string>

        <string>-u</string>

        <string>EMAIL</string>

        <string>-t</string>

        <string>SharedServices</string>

        <string>-s</string>

        </array>

     

     

        ...and 4 more line(s)

     

     

    Contents of Library/LaunchAgents/com.spotify.webhelper.plist

        - mod date: Aug 24 23:50:17 2013

        - checksum: 2562137178

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

         <key>Label</key>

         <string>com.spotify.webhelper</string>

         <key>KeepAlive</key>

         <dict>

          <key>NetworkState</key>

          <true/>

         </dict>

         <key>RunAtLoad</key>

         <true/>

         <key>Program</key>

         <string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>

         <key>SpotifyPath</key>

         <string>/Applications/Spotify.app</string></dict>

        </plist>

     

     

    Contents of Library/LaunchAgents/ws.agile.1PasswordAgent.plist

        - mod date: Sep 26 23:36:09 2013

        - checksum: 3525283474

     

     

        <?xml version="1.0" encoding="UTF-8"?>

        <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

        <plist version="1.0">

        <dict>

        <key>OnDemand</key>

        <false/>

        <key>KeepAlive</key>

        <true/>

        <key>RunAtLoad</key>

        <true/>

        <key>Label</key>

        <string>ws.agile.1PasswordAgent</string>

        <key>Program</key>

        <string>/Users/USER/Library/Application Support/1Password/Agent/1PasswordAgent.app/Contents/MacOS/1PasswordAgent</strin g>

        <key>LimitLoadToSessionType</key>

        <string>Aqua</string>

        </dict>

        </plist>

     

     

    Bad plists

     

     

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Common/Colors.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Science/Circuit Engineering.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/Entity Relationship.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/ERD.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/Flow Chart.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/FlowChart.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/Garrett IA.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/Konigi Wireframes.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/UML-General.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/UML-Sequence.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/UML-State.gstencil/data.plist

        Library/Containers/com.omnigroup.OmniGraffle6/Data/Library/Application Support/The Omni Group/OmniGraffle/Stencils/Software/UML-UseCase.gstencil/data.plist

     

     

    Extensions

     

     

        /System/Library/Extensions/JMicronATA.kext

        - com.jmicron.JMicronATA

     

     

    Applications

     

     

        /Applications/AppZapper.app

        - com.appzapper.AppZapper

        /Applications/Kaleidoscope.app

        - com.blackpixel.kaleidoscope

        /Applications/Microsoft Office 2011/Office/Add-Ins/Solver.app

        - com.microsoft.ASApplication

        /Applications/Microsoft Office 2011/Office/Equation Editor.app

        - com.microsoft.EquationEditor

        /Applications/Microsoft Office 2011/Office/Microsoft Office Setup Assistant.app

        - com.microsoft.office.setupassistant

        /Applications/Microsoft Office 2011/Office/Microsoft Query.app

        - com.microsoft.Query

        /Applications/OmniGraphSketcher.app

        - com.omnigroup.OmniGraphSketcher

        /Applications/OnyX.app

        - com.titanium.OnyX

        /Applications/Skim.app

        - net.sourceforge.skim-app.skim

        /Applications/Utilities/Adobe AIR Application Installer.app

        - com.adobe.air.ApplicationInstaller

        /Applications/zoom.us.app

        - us.zoom.xos

        /Library/Application Support/Adobe/ARMDC/Application/Adobe Acrobat Updater.app

        - com.adobe.ARMDC

        /Library/Application Support/Adobe/Installers/AdobeInDesign11AppBase/ExtraFiles/INSTALLDIR_EXE/Adobe InDesign CC 2015.app

        - N/A

        /Library/Application Support/Script Editor/Templates/Cocoa-AppleScript Applet.app

        - com.apple.ScriptEditor.id.cocoa-applet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Droplet with Settable Properties.app

        - com.apple.ScriptEditor.id.droplet-with-settable-properties-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive File Processing Droplet.app

        - com.apple.ScriptEditor.id.file-processing-droplet-template

        /Library/Application Support/Script Editor/Templates/Droplets/Recursive Image File Processing Droplet.app

        - com.apple.ScriptEditor.id.image-file-processing-droplet-template

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR Application Installer.app

        - com.adobe.air.ApplicationInstaller

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app

        - com.adobe.air.Template

        /Library/PDF Services/Save as Adobe PDF.app

        - com.apple.automator.SaveasAdobePDF

        /Library/Printers/hp/Fax/fax.backend

        - com.hp.fax

        /Library/Printers/hp/Fax/rastertofax.filter

        - com.hp.rastertofax

        /Library/Printers/hp/cups/filters/commandtohp.filter

        - com.hp.print.cups.filter.commandtohp

        /Library/Printers/hp/filter/hpPreProcessing.filter

        - com.hp.print.cups.filter.hpPreProcessing

        /Library/Services/Default Folder X Service.app

        - com.stclairsoft.DefaultFolderX.service

        /Users/USER/Dropbox/05 Projects/Freelance/CDI/05 Files/Keynote Tweet/Keynote Tweet.app

        - N/A

        /Users/USER/Dropbox/05 Projects/Freelance/CDI/IBM/State Street/05 Files/Keynote Tweet/Keynote Tweet.app

        - N/A

        /Users/USER/Dropbox/05 Projects/Precarious Audio Theater/Postcard/05 Files/Keynote Tweet/Keynote Tweet.app

        - N/A

        /Users/USER/Library/Application Support/Indev/MailTagsHelper.app

        - ca.indev.MailTagsHelper

        /Users/USER/Library/Mail/Bundles/MailActOn.mailbundle/Contents/Resources/MAOSpa rkleHelper.app

        - ca.indev.MAOSparkleHelper

        /Users/USER/Library/Mail/Bundles/MailActOn.mailbundle/Contents/Resources/MailAc tOnHelper.app

        - ca.indev.MailActOnHelper

        /Users/USER/Library/Mail/Bundles/MailTags.mailbundle/Contents/Resources/MailTag sHelper.app

        - ca.indev.MailTagsHelper

        /Users/USER/Library/Mail/Bundles/MailTags.mailbundle/Contents/Resources/MailTag sSparkleHelper.app

        - ca.indev.MailTagsSparkleHelper

        /Users/USER/Library/Services/OmniOutliner Professional.service

        - com.omnigroup.OmniOutlinerPro3.ClippingService

     

     

    Frameworks

     

     

        /Library/Frameworks/Adobe AIR.framework

        - com.adobe.AIR

        /Users/USER/Library/Frameworks/EWSMac-GC.framework

        - com.eSellerate.EWSMac67108872

        /Users/USER/Library/Frameworks/EWSMac.framework

        - com.eSellerate.EWSMac67108872

     

     

    PrefPane

     

     

        /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.pref Pane

        - com.oracle.java.JavaControlPanel

        /Library/PreferencePanes/Default Folder X.prefPane

        - com.stclairsoft.prefpane.DefaultFolderX

        /Library/PreferencePanes/Flash Player.prefPane

        - com.adobe.flashplayerpreferences

        /Library/PreferencePanes/Hazel.prefPane

        - com.noodlesoft.Hazel

        /Users/USER/Library/PreferencePanes/AkamaiNetSession.prefPane

        - com.yourcompany.AkamaiNetSession

     

     

    Bundles

     

     

        /Library/Application Support/Adobe/Plug-Ins/CC/File Formats/Camera Raw.plugin

        - com.adobe.CameraRaw

        /Library/Application Support/MacPhun Software/Noiseless/Plug-Ins/NoiselessPlugin.plugin

        - null

        /Library/Application Support/MacPhun Software/Noiseless/Plug-Ins/NoiselessPlugin32.plugin

        - null

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/AdobeCP15.plugin

        - com.adobe.adobecp

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Flash Player.plugin

        - com.macromedia.FlashPlayer-10.6.plugin

        /Library/Internet Plug-Ins/AdobeAAMDetect.plugin

        - com.AdobeAAMDetectLib.AdobeAAMDetect

        /Library/Internet Plug-Ins/AdobePDFViewer.plugin

        - com.adobe.acrobat.pdfviewer

        /Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

        - com.adobe.acrobat.pdfviewerNPAPI

        /Library/Internet Plug-Ins/Flash Player.plugin

        - com.macromedia.Flash

        /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

        - com.oracle.java.JavaAppletPlugin

        /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

        - com.microsoft.sharepoint.browserplugin

        /Library/Printers/Canon/BJPrinter/Plugins/BJNP/CIJNetworkIOM.plugin

        - jp.co.Canon.ij.print.iom.CIJNP

        /Library/Printers/Canon/BJPrinter/Plugins/BJNP/CIJNetworkPBM.plugin

        - jp.co.Canon.ij.print.pbm.CIJNP

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/BJUSBIOM.plugin

        - jp.co.canon.bj.print.bjusbiom

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/BJUSBPBM.plugin

        - jp.co.canon.bj.print.pbm.USB

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/CIJUSBClassDriver.plugin

        - jp.co.canon.ij.print.CIJUSBClassDriver

        /Library/Printers/Canon/BJPrinter/Plugins/BJUSB/CIJUSBClassDriver2.plugin

        - jp.co.canon.ij.print.CIJUSBClassDriver2

        /Library/Printers/Canon/BJPrinter/Plugins/IJBluetooth/IJBluetoothIOM.plugin

        - jp.co.canon.ij.print.ijbluetoothiom

        /Library/Printers/Canon/IJScanner/Plugins/ag07_09.plugin

        - jp.co.canon.scangear.ag07.09

        /Library/Printers/Canon/IJScanner/Plugins/ag08_09.plugin

        - jp.co.canon.scangear.ag08.09

        /Library/Printers/Canon/IJScanner/Plugins/cncl09_09.plugin

        - jp.co.canon.scangear.lld09.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq2413_09.plugin

        - jp.co.canon.scanner.cnq2413.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq2414_09.plugin

        - jp.co.canon.scanner.cnq2414.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4807_09.plugin

        - jp.co.canon.scanner.cnq4807.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4808_09.plugin

        - jp.co.canon.scanner.cnq4808.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq4809_09.plugin

        - jp.co.canon.scanner.cnq4809.09

        /Library/Printers/Canon/IJScanner/Plugins/cnq9601_09.plugin

        - jp.co.canon.scanner.cnq9601.09

        /Library/Printers/Canon/IJScanner/Plugins/ijfshlib_09.plugin

        - jp.co.canon.scangear.ijfshlib.09

        /Library/Printers/Canon/IJScanner/Plugins/mld07_09.plugin

        - jp.co.canon.scangear.mld07.09

        /Library/Printers/Canon/IJScanner/Plugins/mld08_09.plugin

        - jp.co.canon.scangear.mld08.09

        /Library/Printers/Canon/IJScanner/Plugins/mld09_09.plugin

        - jp.co.canon.scangear.mld09.09

        /Library/Printers/Canon/IJScanner/Plugins/mld9601_09.plugin

        - jp.co.canon.scangear.mld9601.09

        /Library/Printers/Canon/IJScanner/Plugins/sfusb_09.plugin

        - jp.co.canon.sf.scanner.sfusb.09

        /Library/Printers/Canon/IJScanner/Plugins/sgusb_09.plugin

        - jp.co.canon.scangear.usb.09

        /Library/Printers/Canon/IJScanner/Plugins/smac_09.plugin

        - jp.co.canon.scangear.smac.09

        /Library/Printers/Canon/IJScanner/Plugins/zoom_09.plugin

        - jp.co.canon.scangear.zoom.09

        /Library/Printers/EPSON/CIOSupport/CIOHelper.plugin

        - com.epson.print.plugin.CIOHelper

        /Library/Printers/EPSON/CIOSupport/EPSONUSBPrintClass.plugin

        - com.epson.print.plugin.USBPrintClass

        /Library/Printers/EPSON/CIOSupport/XIOP.plugin

        - com.epson.print.plugin.XIOP

        /Library/Printers/EPSON/CIOSupport/XIORemoteClient.plugin

        - com.epson.print.plugin.XIORemoteClient

        /Library/Printers/EPSON/CIOSupport/XIORemoteServer.plugin

        - com.epson.print.plugin.XIORemoteServer

        /Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle

        - com.skype.skypeabdialer

        /Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle

        - com.skype.skypeabsms

        /Users/USER/Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin

        - com.citrixonline.mac.WebDeploymentPlugin

        /Users/USER/Library/Internet Plug-Ins/ZoomUsPlugIn.plugin

        - us.zoom.plugin

     

     

    Bundles (new)

     

     

        /Applications/LaunchBar.app

        - at.obdev.LaunchBar

        /Applications/OmniFocus.app

        - com.omnigroup.OmniFocus2

        /Applications/PDFpenPro.app

        - com.smileonmymac.PDFpenPro

        /Applications/Utilities/Adobe Creative Cloud/ACC/ContainerUI.bundle

        - com.adobe.acc.ContainerUI

        /Applications/Utilities/Adobe Creative Cloud/ACC/Creative Cloud.app

        - com.adobe.acc.AdobeCreativeCloud

        /Applications/Utilities/Adobe Creative Cloud/AppsPanel/AppsPanelBL.bundle

        - com.adobe.acc.appspanel

        /Applications/Utilities/Adobe Creative Cloud/BehancePanel/BehancePanelBL.bundle

        - com.adobe.acc.behancepanel

        /Applications/Utilities/Adobe Creative Cloud/CoreSync/Core Sync.app

        - com.adobe.accmac

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncExtension/ACCFinderBundleLoader_32.app

        - Adobe.ACCFinderBundleLoader-32

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncExtension/ACCFinderBundleLoader_64.app

        - Adobe.ACCFinderBundleLoader-64

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/CCSyncPlugin/CCSyncPlugin.framework

        - com.adobe.CCSyncPlugin.framework

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/DesignLibraryPlugin/DesignLibraryPlugin.framework

        - com.adobe.DesignLibraryPlugin

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/ExchangePlugin/ExManCoreLib/Contents/Frameworks/adobe_cap s.framework

        - com.adobe.adobe_caps

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/ExchangePlugin/ExchangePlugin.framework

        - com.adobe.ExchangePlugin

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/LiveType/LiveType.framework

        - com.adobe.livetype

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/SynKit/SynKit.framework

        - com.adobe.SynKitPlugin

        /Applications/Utilities/Adobe Creative Cloud/FilesPanel/FilesPanelBL.bundle

        - com.adobe.acc.filespanel

        /Applications/Utilities/Adobe Creative Cloud/FontsPanel/FontsPanelBL.bundle

        - com.adobe.acc.fontspanel

        /Applications/Utilities/Adobe Creative Cloud/HDCore/Uninstaller.app

        - com.adobe.ACCC.Uninstaller

        /Applications/Utilities/Adobe Creative Cloud/HomePanel/HomePanelBL.bundle

        - com.adobe.acc.homepanel

        /Applications/Utilities/Adobe Creative Cloud/Utils/AdobeAAMDetect.plugin

        - com.AdobeAAMDetectLib.AdobeAAMDetect

        /Applications/Utilities/Adobe Creative Cloud/Utils/Creative Cloud Installer.app

        - com.adobe.Install

        /Applications/Utilities/Adobe Creative Cloud/Utils/Creative Cloud Uninstaller.app

        - com.adobe.ACCC.Uninstaller

        /Applications/Utilities/Adobe Creative Cloud/Utils/CreativeCloud(URIHandler).app

        - com.adobe.CreativeCloud-URIHandler-

        /Applications/Utilities/Adobe Flash Player Install Manager.app

        - com.adobe.flashplayer.installmanager

        /Library/Application Support/Adobe/Adobe Desktop Common/ADS/Adobe Desktop Service.app

        - com.adobe.acc.AdobeDesktopService

        /Library/Application Support/Adobe/Adobe Desktop Common/HEX/Adobe CEF Helper EH.app

        - com.adobe.acc.HEXHelper.EH

        /Library/Application Support/Adobe/Adobe Desktop Common/HEX/Adobe CEF Helper NP.app

        - com.adobe.acc.HEXHelper.NP

        /Library/Application Support/Adobe/Adobe Desktop Common/HEX/Adobe CEF Helper.app

        - com.adobe.acc.HEXHelper

        /Library/Application Support/Adobe/Adobe Desktop Common/TCC/adobe_caps.framework

        - com.adobe.adobe_caps

        /Library/Internet Plug-Ins/AdobeAAMDetect.plugin

        - com.AdobeAAMDetectLib.AdobeAAMDetect

        /Library/Internet Plug-Ins/Flash Player.plugin

        - com.macromedia.Flash

        /Library/PreferencePanes/Flash Player.prefPane

        - com.adobe.flashplayerpreferences

        /Users/USER/Library/Application Support/eSellerate/457973200/EWSMac.framework

        - com.eSellerate.EWSMac67108870

     

     

    Library paths

     

     

        /Applications/Microsoft Office 2011/Office/MicrosoftSetupUI.framework/Libraries/mbupgx.dylib

        /Applications/Microsoft Office 2011/Office/OPF.framework/Versions/14/Resources/OPF_Common.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/Fm20.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/MicrosoftOLE2TypesLib.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/RefEdit.dylib

        /Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework/Versions/14/Frameworks/RichEdit.dylib

        /Applications/Utilities/Adobe Application Manager/D6/D6Native.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/ARKSelector.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE5/Setup.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKCmdCaps.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKCmdFS.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKEngine.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/AdobePIM.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE6/Setup.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKCmdCaps.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKCmdFS.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKEngine.dylib

        /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/AdobePIM.dylib

        /Applications/Utilities/Adobe Application Manager/DWA/DWANative.dylib

        /Applications/Utilities/Adobe Application Manager/LWA/PWANative.dylib

        /Applications/Utilities/Adobe Application Manager/LWA/adobe_caps.dylib

        /Applications/Utilities/Adobe Application Manager/LWA/adobe_oobelib.dylib

        /Applications/Utilities/Adobe Application Manager/LWA/adobe_upgrade.dylib

        /Applications/Utilities/Adobe Application Manager/P6/IMSLib.dylib

        /Applications/Utilities/Adobe Application Manager/P6/P6Native.dylib

        /Applications/Utilities/Adobe Application Manager/P6/VulcanBridge.dylib

        /Applications/Utilities/Adobe Application Manager/P6/VulcanMessage.dylib

        /Applications/Utilities/Adobe Application Manager/P6/adobe_oobelib.dylib

        /Applications/Utilities/Adobe Application Manager/P6/adobe_upgrade.dylib

        /Applications/Utilities/Adobe Application Manager/P6/axlib.dylib

        /Applications/Utilities/Adobe Application Manager/P7/IMSLib.dylib

        /Applications/Utilities/Adobe Application Manager/P7/P7Native.dylib

        /Applications/Utilities/Adobe Application Manager/P7/VulcanBridge.dylib

        /Applications/Utilities/Adobe Application Manager/P7/VulcanMessage4.dylib

        /Applications/Utilities/Adobe Application Manager/P7/VulcanMessage5.dylib

        /Applications/Utilities/Adobe Application Manager/P7/adobe_oobelib.dylib

        /Applications/Utilities/Adobe Application Manager/P7/adobe_upgrade.dylib

        /Applications/Utilities/Adobe Application Manager/P7/axlibv7.dylib

        /Applications/Utilities/Adobe Application Manager/UWA/UWANative.dylib

        /Applications/Utilities/Adobe Application Manager/core/AdobePIM.dylib

        /Applications/Utilities/Adobe Application Manager/core/switcher/CCM_UI.dylib

        /Applications/Utilities/Adobe Application Manager/core/switcher/DWA_UI.dylib

        /Applications/Utilities/Adobe Application Manager/core/switcher/LWA_UI.dylib

        /Applications/Utilities/Adobe Application Manager/core/switcher/UWA_UI.dylib

        /Applications/Utilities/Adobe Creative Cloud/ACC/ContainerBL.dylib

        /Applications/Utilities/Adobe Creative Cloud/AppsPanel/AppsPanelIL.dylib

        /Applications/Utilities/Adobe Creative Cloud/AssetsPanel/AssetsPanelBL.dylib

        /Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/ExchangePlugin/ExManCoreLib/Contents/Frameworks/libExManC oreLibCoreSync64.dylib

        /Applications/Utilities/Adobe Creative Cloud/HDCore/HDPIM.dylib

        /Applications/Utilities/Adobe Creative Cloud/MarketPanel/MarketPanelBL.dylib

        /Applications/Utilities/Adobe Creative Cloud/SPanel/SPanelBL.dylib

        /Library/Application Support/Adobe/ARMDC/Application/AcrobatUpdateHelperLib.dylib

        /Library/Application Support/Adobe/ARMNext/Application/AcrobatUpdateHelperLib.dylib

        /Library/Application Support/Adobe/Acrobat DC Helper Frameworks/adobe_oobelib/adobe_caps.dylib

        /Library/Application Support/Adobe/Acrobat DC Helper Frameworks/adobe_oobelib/adobe_oobelib.dylib

        /Library/Application Support/Adobe/Acrobat DC Helper Frameworks/adobe_oobelib/adobe_upgrade.dylib

        /Library/Application Support/Adobe/Acrobat DC Helper Frameworks/adobe_oobelib/axlibv7.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/CEF/Chromium Embedded Framework.framework/Libraries/libcef.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/CEF/libplugin_carbon_interpose.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/Core/AdobePIM.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/Core/Core.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/CoreExt/Analytics.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/CoreExt/LocManager.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/CoreExt/PrefsManager.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/ElevationManager/ElevationManager.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/HEX/HEX.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/Notifications/ANSClient.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/Notifications/NotificationManager.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/Notifications/TrayNotificationManager.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/SignInApp/SignInAppBL.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/TCC/CmdCntr.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/TCC/VulcanControl.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/TCC/VulcanMessage5.dylib

        /Library/Application Support/Adobe/Adobe Desktop Common/TCC/VulcanWrapper.dylib

        /Library/Application Support/Adobe/SING/Mark II/TINthread.dylib

        /Library/Application Support/Mozilla/Extensions/{UUID}/EMAILedotcom/components/WCFirefox_x86Extn.dyl ib

        /Library/Application Support/Mozilla/Extensions/{UUID}/EMAILedotcom/components/WCFirefox_x86_64Extn. dylib

        /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

        /Users/USER/Library/Application Support/1Password/Extensions/31318/EMAIL/components/libosxform_xpcom.dylib

        /Users/USER/Library/Application Support/1Password/Extensions/31318/EMAIL/components/libosxform_xpcom.dylib

        /Users/USER/Library/Application Support/1Password/Extensions/31499/EMAIL/components/libosxform_xpcom.dylib

        /Users/USER/Library/Application Support/1Password/Extensions/31499/EMAIL/components/libosxform_xpcom.dylib

        /Users/USER/Library/Application Support/1Password/Extensions/32009/EMAIL/components/libosxform_xpcom.dylib

        /Users/USER/Library/Application Support/1Password/Extensions/32009/EMAIL/components/libosxform_xpcom.dylib

     

     

    App extensions

     

     

        com.dayoneapp.dayone.Day-One-Share-Extension

        com.evernote.Evernote.SharingExtension

        com.flexibits.fantastical2.mac.action-extension

        com.flexibits.fantastical2.mac.share-extension

        com.flexibits.fantastical2.mac.today-widget

        com.getdropbox.dropbox.garcon

        com.omnigroup.OmniFocus2.Share

        com.omnigroup.OmniFocus2.Today

     

     

    Installations

     

     

        Adobe Acrobat X Pro (10.1.2): 1/15/12, 10:44 AM

        Adobe Acrobat X Pro (10.1.1): 12/14/11, 6:24 AM

         Adobe Acrobat X Pro : 12/14/11, 5:50 AM

        PlugIn: 12/3/11, 3:48 PM

        PlugIn: 10/9/11, 1:01 PM

     

     

    Elapsed time (sec): 415

first Previous Page 3 of 4 last Next