-
All replies
-
Helpful answers
-
Jul 13, 2015 6:13 PM in response to AggelakasKby Kimmiegrif,Start time: 21:02:31 07/13/15
Model Identifier: MacBookPro9,2
System Version: OS X 10.10.2 (14C1514)
Kernel Version: Darwin 14.1.0
Time since boot: 39 minutes
Diagnostic reports
2015-06-22 AntiMalwareUpdate crash
2015-06-24 AntiMalwareUpdate crash
2015-06-29 AntiMalwareUpdate crash x2
2015-06-30 VerizonUpdateCenter crash
2015-07-01 AntiMalwareUpdate crash
2015-07-02 AppAS crash
2015-07-02 AppBS crash
2015-07-04 AntiMalwareUpdate crash
2015-07-04 VerizonUpdateCenter crash
2015-07-05 AntiMalwareUpdate crash
2015-07-06 AntiMalwareUpdate crash
2015-07-06 VerizonUpdateCenter crash
2015-07-07 AntiMalwareUpdate crash
2015-07-07 com.apple.WebKit.Plugin.64 crash
2015-07-08 AntiMalwareUpdate crash
2015-07-10 AntiMalwareUpdate crash
2015-07-11 AntiMalwareUpdate crash
2015-07-11 LegacyFileVaultMessageTracer crash
2015-07-12 AntiMalwareUpdate crash
2015-07-12 AppAS crash
2015-07-12 AppBS crash
2015-07-12 com.apple.WebKit.Networking crash
2015-07-13 AntiMalwareUpdate crash
2015-07-13 VerizonUpdateCenter crash
Log
Jul 13 00:01:36 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 00:30:32 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 01:06:55 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 01:06:58 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 13 01:07:01 com.apple.iTunesHelper.43200: Service exited with abnormal code: 1
Jul 13 01:37:56 com.apple.spindump: Service exited with abnormal code: 75
Jul 13 01:38:06 com.apple.spindump: Service exited with abnormal code: 75
Jul 13 01:38:34 process Mail[912] caught causing excessive wakeups. Observed wakeups rate (per sec): 873; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45001
Jul 13 18:54:48 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:13:20 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:15:24 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:15:31 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:15:32 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 13 19:23:15 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:27:12 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:35:25 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:38:00 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 13 19:38:04 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 19:41:36 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 20:13:18 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 13 20:13:21 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 20:13:21 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 13 20:13:21 com.apple.iTunesHelper.43200: Service exited with abnormal code: 1
Jul 13 20:17:19 com.apple.iTunesHelper.43200: Service exited with abnormal code: 1
Jul 13 20:23:48 com.apple.iTunesHelper.43200: Service exited with abnormal code: 1
kexts
com.McAfee.SFKext (1)
com.McAfee.kext.AppProtection (3.3)
com.mcafee.kext.Virex (1.1.0d1)
Daemons
com.mcafee.virusscan.ssm.ScanFactory
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.mcafee.virusscan.fmpd
com.apple.xprotectupdater
com.adobe.fpsaud
com.mcafee.ssm.ScanManager
Agents
Listchack.update
com.Installer.completer.update
Texiday.ltvbit
com.adobe.AdobeCreativeCloud
com.google.keystone.system.agent
Listchack.download
com.Installer.completer.download
com.adobe.acc.AdobeDesktopService.151120.UUID
Listchack.ltvbit
com.Installer.completer.ltvbit
com.mcafee.reporter
Texiday.update
com.mcafee.menulet
Texiday.download
com.apple.AirPortBaseStationAgent
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobeAAMDetect.plugin
- com.AdobeAAMDetectLib.AdobeAAMDetect
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/NP_2020Player_IKEA.plugin
- com.2020technologies.2020Player-IKEA.NP
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/SiteAdvisor.plugin
- com.mcafee.siteadvisor
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Contents of /etc/syslog.conf (checksum 3920907068)
install.* @127.0.0.1:32376
local7.info /var/log/McAfeeInternetSecurity.log
Contents of /etc/periodic/daily/555.siteadvisor (checksum 653940657)
/usr/local/McAfee/SiteAdvisor/saupkeep -su
Contents of /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist (checksum 1520599159)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.xprotectupdater</string>
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/XProtectUpdater</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>17</integer>
<key>Minute</key>
<integer>33</integer>
</dict>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.mcafee.menulet.plist (checksum 1852533552)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.mcafee.menulet</string>
<key>GroupName</key>
<string>Virex</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/McAfee/MSS/Applications/Menulet.app/Contents/MacOS/Menulet</string>
</array>
<key>KeepAlive</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.mcafee.reporter.plist (checksum 1074323989)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.mcafee.reporter</string>
<key>GroupName</key>
<string>Virex</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/McAfee/MSS/Applications/McAfee Reporter.app/Contents/MacOS/McAfee Reporter</string>
</array>
<key>KeepAlive</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.mcafee.virusscan.fmpd.plist (checksum 902982707)
<?xml version="1.0" encoding="UTF-8"?>
<!-- Copyright (C) 2011 McAfee, Inc. All rights reserved. -->
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>DYLD_LIBRARY_PATH</key>
<string>/usr/local/McAfee/fmp/lib</string>
</dict>
<key>GroupName</key>
<string>Virex</string>
<key>InitGroups</key>
<false/>
<key>Label</key>
<string>com.mcafee.virusscan.fmpd</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/McAfee/fmp/bin/fmpd</string>
</array>
</dict>
</plist>
Contents of Library/LaunchAgents/Listchack.download.plist (checksum 401896494)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppBS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>730980002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Listchack.ltvbit.plist (checksum 2044903133)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppBS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>730980002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Listchack.update.plist (checksum 3919989154)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppBS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>730980002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
...and 6 more line(s)
Contents of Library/LaunchAgents/Texiday.download.plist (checksum 4114670599)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Texiday.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>730980002</string>
<string>-identity</string>
<string>Texiday</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Texiday.ltvbit.plist (checksum 3053726906)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Texiday.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>730980002</string>
<string>-identity</string>
<string>Texiday</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Texiday.update.plist (checksum 1560399178)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Texiday.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Texiday/Texiday.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>730980002</string>
<string>-identity</string>
<string>Texiday</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
...and 6 more line(s)
Contents of Library/LaunchAgents/com.Installer.completer.download.plist (checksum 1897396633)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>1</string>
<string>-firstAppId</string>
<string>730980002</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
<string>false</string>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.Installer.completer.ltvbit.plist (checksum 3883569369)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>1</string>
<string>-firstAppId</string>
<string>730980002</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
<integer>36</integer>
</dict>
...and 2 more line(s)
Contents of Library/LaunchAgents/com.Installer.completer.update.plist (checksum 2743594649)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>1</string>
<string>-firstAppId</string>
<string>730980002</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>19</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Root crontab
0 */4 * * * /usr/local/McAfee/fmp/bin/UpdateHelper update >> /dev/null 2>&1
46 22 * * * /usr/local/McAfee/fmp/bin/GenUtility 5 >> /dev/null 2>&1
0 4 * * 2 /usr/local/McAfee/AntiMalware/VShieldTaskManager 4 >> /dev/null 2>&1
TCP/IP
IPv6: Off
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Genieo
- /Users/USER/.Trash/Genieo.app
Genieo
- /Users/USER/.Trash/Genieo.app
Genieo
- /Users/USER/.Trash/Genieo.app
Android File Transfer Agent
- /Users/USER/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app
VerizonUpdateCenter
- /Applications/VerizonUpdateCenter.app
Hidden apps
.magicJack/Softphone/magicJack.app
.magicJack/Softphone/splash.app
Restricted files: 137
Lockfiles: 8
Elapsed time (s): 242
-
Jul 13, 2015 7:30 PM in response to Kimmiegrifby petermac87,Uninstall McAfee as per the developers instructions.
Pete
-
-
Jul 16, 2015 7:31 AM in response to Linc Davisby jfras311,Start time: 10:18:54 07/16/15
Model Identifier: MacBookAir5,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 43 minutes
Diagnostic reports
2015-07-01 Kernel panic
2015-07-15 Kernel panic
Log
Jul 16 09:33:27 com.apple.WebKit.Plugin.32.UUID: Service exited with abnormal code: 1
Jul 16 09:34:33 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 09:34:57 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 16 09:34:57 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 09:34:57 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 09:34:57 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.Plugin.32.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 09:35:19 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 09:35:25 com.apple.iTunesHelper.13380: Service exited with abnormal code: 1
Jul 16 09:36:16 [SendRawHCICommand] ### ERROR: EnqueueRequestForController failed (err=e00002d8)
Jul 16 09:36:30 utun_start: ifnet_disable_output returned error 12
Jul 16 09:36:37 OSUnserializeXML: syntax error near line 1
Jul 16 09:36:38 OSUnserializeXML: syntax error near line 1
Jul 16 09:36:40 OSUnserializeXML: syntax error near line 1
Jul 16 09:46:49 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 09:46:49 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 09:46:49 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 09:46:49 com.apple.WebKit.Plugin.32.UUID: Service exited with abnormal code: 1
Jul 16 10:03:38 process com.apple.WebKit[571] caught causing excessive wakeups. Observed wakeups rate (per sec): 252; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45024
Activity
CPU: user 23%, system 3%
CPU per process: clamscan (UID 501) is using 95.1 %
I/O per process: clamscan (UID 501) is using 3 MB/s
Daemons
com.oracle.java.JavaUpdateHelper
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
com.oracle.java.Helper-Tool
com.Undiminutive.helper
com.adobe.fpsaud
com.examsoft.softest.service
Agents
com.examsoft.softest
uk.co.markallan.clamxav.freshclam
com.Undiminutive.agent
com.microsoft.OneDriveLauncher
com.oracle.java.Java-Updater
com.amazon.music
com.apple.CSConfigDotMacCert-EMAIL-SharedServices
com.apple.PTPCamera.63364.UUID
com.google.keystone.user.agent
com.apple.AirPortBaseStationAgent
Bundles
/System/Library/Extensions/EPSONUSBPrintClass.kext
- com.epson.print.kext.USBPrintClass
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.examsoft.softest.plist (checksum 574561436)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Umask</key>
<integer>0</integer>
<key>Label</key>
<string>com.examsoft.softest</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/SofTest.app/Contents/MacOS/SofTest</string>
<string>-launchd</string>
</array>
<key>QueueDirectories</key>
<array>
<string>/Library/Application Support/SofTest/.q</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist (checksum 3409472972)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
<string>-bgcheck</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>14</integer>
<key>Minute</key>
<integer>30</integer>
<key>Weekday</key>
<integer>7</integer>
</dict>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchAgents/com.undiminutive.agent.plist (checksum 3494481861)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Undiminutive.agent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Undiminutive/Agent/agent.app/Contents/MacOS/agent</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.examsoft.softest.service.plist (checksum 1932046632)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>StandardOutPath</key>
<string>/Library/Application Support/SofTest/.svclog</string>
<key>StandardErrorPath</key>
<string>/Library/Application Support/SofTest/.svcerr</string>
<key>Label</key>
<string>com.examsoft.softest.service</string>
<key>OnDemand</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/SofTest/Service</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.undiminutive.daemon.plist (checksum 2115058870)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.Undiminutive.daemon</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Undiminutive/Agent/agent.app/Contents/MacOS/agent</string>
<string>-update</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.undiminutive.helper.plist (checksum 3112399865)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Undiminutive.helper</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Undiminutive/Agent/agent.app/Contents/MacOS/agent</string>
<string>-helper</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.amazon.music.plist (checksum 3668832669)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.amazon.music</string>
<key>Program</key>
<string>/Applications/Amazon Music.app/Contents/MacOS/Amazon Music Helper</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-EMAIL-SharedServices.Agent.pl ist (checksum 3852890399)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.apple.CSConfigDotMacCert-EMAIL-SharedServices</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>10</integer>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>
<string>-l</string>
<string>/Users/USER/Library/Logs/CSConfigDotMacCert.log</string>
<string>-u</string>
<string>EMAIL</string>
<string>-t</string>
<string>SharedServices</string>
<string>-s</string>
</array>
...and 4 more line(s)
Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 2392449207)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/uk.co.markallan.clamxav.freshclam.plist (checksum 1224648829)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>uk.co.markallan.clamxav.freshclam</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Applications/ClamXav.app/Contents/Resources/ScheduleHelper</string>
<string>update</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Hour</key>
<integer>6</integer>
<key>Minute</key>
<integer>45</integer>
</dict>
</array>
</dict>
...and 1 more line(s)
Bad plists
Library/Preferences/com.solidstatenetworks.host.plist
Listeners
kdc: kerberos
launchd: ssh
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Box Sync
- /Applications/Box Sync.app
Dropbox
- missing value
Restricted files: 60
Lockfiles: 16
Elapsed time (s): 259
-
Jul 16, 2015 11:39 AM in response to jfras311by Linc Davis,You haven't asked a question, but I assume you ran that now long-obsolete script because of an adware problem. I've probably posted the instructions below already in this thread, but here they are again. In your case, "something" is "Undiminutive".
You installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it.
If you have trouble following those instructions, see below.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.
Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
/Library/LaunchDaemons
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form
com.something.daemon.plist
and
com.something.helper.plist
Here something is a variable string of characters, which can be different in each VSearch infection. So far it has always been an alphanumeric string without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes it's a meaningless string such as "e8dec5ae7fc75c28" rather than a word. Sometimes the string is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.
If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:
/Library/LaunchAgents
In this folder, there may be a file named
com.something.agent.plist
where the string something is the same as before.
If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.
Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.
The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.
Open this folder:
/Library/Application Support
If it has a subfolder named just
something
where something is the same string you saw before, drag that subfolder to the Trash and close the window.
Don't delete the "Application Support" folder or anything else inside it.
Finally, in this folder:
/System/Library/Frameworks
there may be an item named exactly
v.framework
It's actually a folder, though it has a different icon than usual. This item always has the above name; it doesn't vary. Drag it to the Trash and close the window.
Don't delete the "Frameworks" folder or anything else inside it.
If you didn't find the files or you're not sure about the identification, post what you found.
If in doubt, or if you have no backups, change nothing at all.
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it. I don't recommend that you install the genuine "MPlayerX," because it's hosted on the rogue "SourceForge" website and is bundled with other malware.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Then, still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
-
Jul 16, 2015 12:17 PM in response to Linc Davisby Csound1,Linc Davis wrote:
You haven't asked a question, but I assume you ran that now long-obsolete script because of an adware problem.
One of your scripts?
-
Jul 16, 2015 12:55 PM in response to Csound1by jfras311,Yes. Thank you for the help. I just decided to restore my Mac using a backup off my time capsule and that took care of the problem. I sincerely appreciate your help though.
-
Jul 16, 2015 1:31 PM in response to jfras311by ChitlinsCC,jfras311
The title of this thread is "AdwareMedic is it safe?" - the answer is unequivocally yes. Before taking drastic measures, run it (links abound here and elsewhere throughout ASC - even been reviewed and recommended by a MacWorld Senior Editor)
for your convenience:
The Safe Mac » Adware Removal Guide
Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support
-
Jul 16, 2015 1:50 PM in response to Csound1by ChitlinsCC,Csound1 wrote:
Linc Davis wrote:
You haven't asked a question, but I assume you ran that now long-obsolete script because of an adware problem.
One of your scripts?
I think, perhaps, that your subtle point may be that Thomas keeps AdwareMedic updated for new variants?
Easy as pie for those not inclined to take risky steps behind the system file level curtain?
[thanks Thomas!]
Of course, the best medicine is the preventative kind -
" Let’s be careful out there. "
[close of every roll call]
- Michael Conrad as Sgt. Phil Esterhaus – NYPD Blue -
-
-
Jul 18, 2015 6:27 PM in response to Linc Davisby lmcph,Is there anyone who can help me fix this mess I've caused?
Start time: 21:08:21 07/18/15
Model Identifier: MacBookAir6,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 3 days 4:34
System load
combined level = Bad
- battery level = Bad
FileVault: On
Diagnostic reports
2015-04-17 UserKernel crash
2015-06-29 AppAS crash
2015-07-03 AppAS crash
2015-07-11 com.apple.WebKit.Plugin.64 crash
2015-07-18 AppAS crash x3
2015-07-18 com.apple.WebKit.Plugin.64 crash
Log
Jul 16 19:22:30 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.32.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 19:22:30 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 16 19:28:14 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 19:28:14 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 19:29:07 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 16 19:29:07 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 16 19:38:58 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 17 07:29:33 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 17 07:29:33 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 17 08:02:24 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 18 17:39:38 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 17:39:38 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 18 17:40:20 utun_start: ifnet_disable_output returned error 12
Jul 18 17:40:22 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 18 17:41:05 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 18:16:19 process com.apple.WebKit[8460] caught causing excessive wakeups. Observed wakeups rate (per sec): 206; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 158688
Jul 18 19:00:33 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 18 19:49:49 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 18 20:31:56 process com.apple.WebKit[8460] caught causing excessive wakeups. Observed wakeups rate (per sec): 206; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 744358
Jul 18 20:58:38 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 18 21:02:21 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Swap (MiB): 81602
Daemons
com.v.daemon
com.v.helper
com.adobe.ARMDC.Communicator
com.apple.installer.osmessagetracing
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
Agents
Listchack.update
Otwexplain.update
com.Wondershare.TunesGoWatchDemo
Manroling.update
com.v.agent
com.bittorrent.uTorrent
com.apple.photostream-agent
Listchack.download
Listchack.ltvbit
com.adobe.ARMDCHelper.UUID
Otwexplain.download
Otwexplain.ltvbit
com.google.keystone.user.agent
com.apple.AirPortBaseStationAgent
com.spigot.ApplicationManager
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /etc/hosts (checksum 2113027887)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 www.secureopensoftware.com
127.0.0.1 www.mackeeperapp3.mackeeper.com
127.0.0.1 www.mackeeperapp3.mackeeper.com/landings/123.1/?affid=mzb_263.5777651.143579969 4.2.mzb&utm_source=tared&utm_medium=cpi&utm_campaign=mk_tared_nt_cpi_us_sp160_34 10jcysff_1jun&utm_term=&utm_content=&userDefiner=mzb_2351&trt=29_3410456611&aler t=10&tid_ext=TR_02D50SRzz2K500CG
Contents of /Library/LaunchAgents/com.6d094b283f1dbf9e.agent.plist (checksum 116527040)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.v.agent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/6d094b283f1dbf9e/Agent/agent.app/Contents/MacOS/agent</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist (checksum 2197523146)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDCHelper.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/ARMDC/Application/Acrobat Update Helper.app/Contents/MacOS/Acrobat Update Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.6d094b283f1dbf9e.daemon.plist (checksum 2523588330)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.v.daemon</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/6d094b283f1dbf9e/Agent/agent.app/Contents/MacOS/agent</string>
<string>-update</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.6d094b283f1dbf9e.helper.plist (checksum 3387579532)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.v.helper</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/6d094b283f1dbf9e/Agent/agent.app/Contents/MacOS/agent</string>
<string>-helper</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist (checksum 3887726299)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDC.Communicator</string>
<key>MachServices</key>
<dict>
<key>com.adobe.ARMDC.Communicator</key>
<true/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.adobe.ARMDC.Communicator</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist (checksum 930028549)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDC.SMJobBlessHelper</string>
<key>MachServices</key>
<dict>
<key>com.adobe.ARMDC.SMJobBlessHelper</key>
<true/>
</dict>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.adobe.ARMDC.SMJobBlessHelper</string >
</array>
</dict>
</plist>
Contents of Library/LaunchAgents/Listchack.download.plist (checksum 2152440803)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Listchack.ltvbit.plist (checksum 2698371100)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Listchack.update.plist (checksum 1931991178)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
...and 6 more line(s)
Contents of Library/LaunchAgents/Manroling.update.plist (checksum 2684355723)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Manroling.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Manroling/Manroling.app/Contents/MacOS/AppNOS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>1434976216979282</string>
<string>-identity</string>
<string>Manroling</string>
<string>-sig</string>
<string>NOSIGNATURE_SIGNATURE</string>
<string>-agentUpdate</string>
<string>2</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/Otwexplain.download.plist (checksum 1906304841)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Otwexplain.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Otwexplain</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Otwexplain.ltvbit.plist (checksum 1218373212)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Otwexplain.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Otwexplain</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Otwexplain.update.plist (checksum 2826203092)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Otwexplain.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Otwexplain/Otwexplain.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Otwexplain</string>
<string>-sig</string>
<string>ASSAF_SIGNATURE</string>
<string>-agentUpdate</string>
<string>0</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/com.Wondershare.TunesGoWatchDemo.plist (checksum 3260814556)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.Wondershare.TunesGoWatchDemo</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Wondershare TunesGo/TunesGoWatch.app</string>
</array>
</dict>
</plist>
Contents of Library/LaunchAgents/com.bittorrent.uTorrent.plist (checksum 68136511)
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> <plist version="1.0"> <dict> <key>Label</key> <string>com.bittorrent.uTorrent</string> <key>ProgramArguments</key> <array> <string>/usr/bin/open</string> <string>-W</string> <string>-a</string> <string>/Applications/uTorrent.app</string> </array> <key>KeepAlive</key> <false/> <key>LaunchOnlyOnce</key> <true/> </dict> </plist>
Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 1735178792)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.spigot.ApplicationManager.plist (checksum 3609818847)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.spigot.ApplicationManager</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Spigot/ApplicationManager</string>
<string>--protect</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
User login items
Steam
- missing value
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
uTorrent
- missing value
Dropbox
- /Applications/Dropbox.app
Restricted files: 68
Lockfiles: 9
Elapsed time (s): 270
-
Jul 18, 2015 7:18 PM in response to lmcphby Linc Davis,The instructions for removing "InstallMac" variants (of which you've installed four, a new world record) are on page 10 of this thread. The instructions for removing "VSearch," which you've also installed, are on page 11. Not to be outdone, you also have yet another kind of malware, "Spigot," for which the removal instructions are below.
The larger issue is that you're a setup for Internet crime. Unless you change the way you use the computer, you're going to be reinfected immediately with yet more adware, and worse to follow. In that case, you might as well not bother to remove the malware you have now. No one and nothing can protect you from the consequences of unsafe computing practices such as torrenting software.
You installed the "Spigot" ad-injection malware. Take the steps below to disable it.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be one or more files with a name beginning as follows:
com.spigot
Move all such items to the Trash.
Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
and remove an item named
Spigot
If it's present.
Empty the Trash.
4. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need, including any with the word "Spigot" in the description. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic," "CNET Download," or "SourceForge." Never visit any of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
-
Jul 20, 2015 6:39 AM in response to Linc Davisby lmcph,My computer is running extremely well compared to what it was before I followed your instructions to delete all the trash. I won't be visiting anymore of those websites; I didn't even realize what I was doing...obviously. Is there anything else you can see that still needs to be wiped clean?
Thanks for all your help. You saved my computer.
Also, is every file with something.plist, bad?
Start time: 09:25:35 07/20/15
Model Identifier: MacBookAir6,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 13 minutes
FileVault: On
Diagnostic reports
2015-04-17 UserKernel crash
2015-06-29 AppAS crash
2015-07-03 AppAS crash
2015-07-11 com.apple.WebKit.Plugin.64 crash
2015-07-18 AppAS crash
2015-07-18 com.apple.WebKit.Plugin.64 crash
2015-07-19 AppAS crash x2
Log
Jul 18 23:25:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:25:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:25:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:26:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:26:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:26:20 com.apple.spindump: Service exited with abnormal code: 75
Jul 18 23:34:57 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 23:35:40 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 18 23:36:13 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 19 10:33:54 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 19 14:50:46 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 20 09:11:51 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 20 09:11:52 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 20 09:12:00 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 20 09:12:56 com.adobe.ARMDCHelper.UUID: Service exited with abnormal code: 111
Jul 20 09:13:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:20 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:13:40 com.apple.iTunesHelper.58820: Service exited with abnormal code: 1
Jul 20 09:13:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:14:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:14:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 20 09:14:20 com.apple.spindump: Service exited with abnormal code: 75
Daemons
com.apple.installer.osmessagetracing
Agents
com.apple.photostream-agent
com.adobe.ARMDCHelper.UUID
com.apple.AirPortBaseStationAgent
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /etc/hosts (checksum 2113027887)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 www.secureopensoftware.com
127.0.0.1 www.mackeeperapp3.mackeeper.com
127.0.0.1 www.mackeeperapp3.mackeeper.com/landings/123.1/?affid=mzb_263.5777651.143579969 4.2.mzb&utm_source=tared&utm_medium=cpi&utm_campaign=mk_tared_nt_cpi_us_sp160_34 10jcysff_1jun&utm_term=&utm_content=&userDefiner=mzb_2351&trt=29_3410456611&aler t=10&tid_ext=TR_02D50SRzz2K500CG
Contents of /Library/LaunchAgents/com.adobe.ARMDCHelper.UUID.plist (checksum 2197523146)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARMDCHelper.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/ARMDC/Application/Acrobat Update Helper.app/Contents/MacOS/Acrobat Update Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
User login items
Steam
- missing value
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
uTorrent
- missing value
Dropbox
- /Applications/Dropbox.app
Restricted files: 68
Lockfiles: 9
Elapsed time (s): 240
-
Jul 20, 2015 6:35 PM in response to Jules237by ~Bee,Jules --
This thread has too many add-on reports, other than the Original Poster's. However, in addition to other good advice here, You really need to uninstall and quit using uTorrent! All kinds of really serious stuff can be left on your wide open Mac using Torrents. Also you've got MacKeeper on there as well? Do you know what AppAS would stand for in your reports? It keeps crashing.
