Hi everyone, every time I open Chrome the default page is installmac. This virus have been giving me internet connection problems and my computer is also slowing down.
Is there any way I can delete this virus?
Thanks.
thank you. That was supposed to be ALL CAP
System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Boot Mode: Normal
Model: MacBookPro9,2
USB
Slim Mac SL (Seagate LLC)
User diagnostics
2014-12-16 iFunBox crash
2014-12-16 iFunBox crash
2014-12-16 iFunBox crash
2014-12-16 iFunBox crash
Kernel messages
--- last message repeated 1 time ---
Jan 2 16:04:23 WARNING: hibernate_page_list_setall skipped 18335 xpmapped pages
Jan 2 16:22:15 BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 118 times ---
Jan 2 16:22:41 BUG in process suhelperd[167]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Jan 2 16:49:48 WARNING: hibernate_page_list_setall skipped 4908 xpmapped pages
--- last message repeated 1 time ---
Jan 2 17:13:11 WARNING: hibernate_page_list_setall skipped 5491 xpmapped pages
--- last message repeated 1 time ---
Jan 2 17:45:08 WARNING: hibernate_page_list_setall skipped 5940 xpmapped pages
--- last message repeated 1 time ---
Jan 2 20:30:06 WARNING: hibernate_page_list_setall skipped 6170 xpmapped pages
--- last message repeated 1 time ---
Jan 2 20:43:15 WARNING: hibernate_page_list_setall skipped 7380 xpmapped pages
Jan 3 14:02:46 BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 3 14:02:47 utun_start: ifnet_disable_output returned error 12
Jan 3 14:04:01 BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 129 times ---
Jan 3 15:01:35 WARNING: hibernate_page_list_setall skipped 7380 xpmapped pages
Jan 3 15:01:56 WARNING: hibernate_page_list_setall skipped 23007 xpmapped pages
Jan 3 15:47:54 Over-release of kernel-internal importance assertions for pid 17 (syslogd), dropping 1 assertion(s) but task only has 3 remaining (3 external).
Jan 3 16:03:37 BUG in process suhelperd[178]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 118 times ---
Jan 3 16:04:15 BUG in process suhelperd[178]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Jan 3 16:39:49 process Finder[207] caught causing excessive wakeups. Observed wakeups rate (per sec): 151; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 80261
Extrinsic daemons
com.microsoft.office.licensing.helper
com.adobe.fpsaud
com.seagate.TBDecorator.plist
Extrinsic agents
com.genieo.completer.ltvbit
com.leadertech.PowerRegister.SEA1.UUID
com.genieo.completer.download
com.genieo.completer.update
com.google.keystone.user.agent
launchd items
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
Library/LaunchAgents/com.genieo.completer.download.plist
(com.genieo.completer.download)
Library/LaunchAgents/com.genieo.completer.ltvbit.plist
(com.genieo.completer.ltvbit)
Library/LaunchAgents/com.genieo.completer.update.plist
(com.genieo.completer.update)
Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.user.agent)
Library/LaunchAgents/com.leadertech.PowerRegister.SEA1.UUID.plist
(com.leadertech.PowerRegister.SEA1.UUID)
Extrinsic loadable bundles
/System/Library/Extensions/JMicronATA.kext
(com.jmicron.JMicronATA)
/System/Library/Extensions/Seagate Storage Driver.kext
(com.seagate.driver.PowSecDriverCore)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
DNS (from DHCP): 75.75.75.75
User login items
iTunesHelper
Safari extensions
Omnibar
Restricted user files: 136
Elapsed time (s): 695
System Version: OS X 10.9.4 (13E28)
Kernel Version: Darwin 13.3.0
Boot Mode: Normal
Model: MacBookPro6,2
Battery cycles: 905
USB
BRCM2070 Hub (Broadcom Corp.)
Bluetooth USB Host Controller (Apple Inc.)
Apple Internal Keyboard / Trackpad (Apple Inc.)
Internal Memory Card Reader (Apple Inc.)
IR Receiver (Apple Inc.)
System diagnostics
2014-12-31 Photo Booth spin
2014-12-31 Photo Booth spin
2015-01-05 Google Chrome Helper spin
2015-01-09 PluginProcess spin
2015-01-09 iPhoto spin
2015-01-10 PluginProcess spin
2015-01-12 WindowServer spin
2015-01-13 PluginProcess spin
2015-01-13 PluginProcess spin
2015-01-14 WindowServer spin
User diagnostics
2014-12-25 PluginProcess crash
2014-12-25 PluginProcess crash
2014-12-31 iMovie crash
2014-12-31 iMovie crash
2015-01-12 NotificationCenter crash
Kernel messages
Jan 14 10:43:28 MacAuthEvent en1 Auth result for: 56:02:02:06:20:d7 Auth timed out
Jan 14 11:02:01 WARNING: hibernate_page_list_setall skipped 109108 xpmapped pages
Jan 14 11:02:19 WARNING: hibernate_page_list_setall skipped 165053 xpmapped pages
Jan 14 15:40:47 MacAuthEvent en1 Auth result for: 56:02:02:06:21:84 Auth timed out
Jan 14 15:40:47 MacAuthEvent en1 Auth result for: 56:02:01:06:21:81 Auth timed out
Jan 14 15:40:48 MacAuthEvent en1 Auth result for: 56:02:01:06:21:66 Auth timed out
Jan 14 15:40:48 MacAuthEvent en1 Auth result for: 56:02:02:06:21:81 Auth timed out
Jan 14 15:51:04 WARNING: hibernate_page_list_setall skipped 165053 xpmapped pages
Jan 14 15:51:24 WARNING: hibernate_page_list_setall skipped 225290 xpmapped pages
Jan 14 17:19:26 WARNING: hibernate_page_list_setall skipped 225290 xpmapped pages
Jan 14 17:19:42 WARNING: hibernate_page_list_setall skipped 285580 xpmapped pages
Jan 14 21:31:10 wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8
Jan 14 21:34:06 wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8
Jan 14 21:53:15 wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8
--- last message repeated 4 times ---
Jan 14 21:56:46 wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8
Jan 14 21:57:14 wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8
Jan 14 21:59:27 process WindowServer[98] caught causing excessive wakeups. Observed wakeups rate (per sec): 315; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 283447
Jan 14 21:59:30 wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8
--- last message repeated 1 time ---
Jan 14 22:06:11 process Google Chrome He[19909] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Jan 14 22:07:07 process Google Chrome He[19894] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Jan 14 22:16:08 WARNING: hibernate_page_list_setall skipped 285580 xpmapped pages
Jan 14 22:16:25 WARNING: hibernate_page_list_setall skipped 357692 xpmapped pages
Jan 15 10:46:46 Previous Shutdown Cause: -60
Extrinsic daemons
scManagerD
com.oracle.java.Helper-Tool
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.cloudpath.maccmd
com.adobe.fpsaud
Extrinsic agents
com.oracle.java.Java-Updater
com.google.keystone.system.agent
com.flashmall.updater
com.flashmall.enabler
com.zeobit.MacKeeper.Helper
com.webtools.update.agent
com.webhelper
com.crossrider.wss002501.agent.plist
com.adobe.ARM.UUID
launchd items
/Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.system.agent)
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
(com.oracle.java.Java-Updater)
/Library/LaunchAgents/com.teamviewer.teamviewer.plist
(com.teamviewer.teamviewer)
/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist
(com.teamviewer.desktop)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.cloudpath.maccmd.plist
(com.cloudpath.maccmd)
/Library/LaunchDaemons/com.google.keystone.daemon.plist
(com.google.keystone.daemon)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
(com.oracle.java.Helper-Tool)
/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist
(com.teamviewer.service)
/Library/LaunchDaemons/Safe.Connect.plist
(scManagerD)
Library/LaunchAgents/com.adobe.ARM.UUID.plist
(com.adobe.ARM.UUID)
Library/LaunchAgents/com.apple.FolderActions.enabled.plist
(com.apple.FolderActions.enabled)
Library/LaunchAgents/com.apple.FolderActions.folders.plist
(com.apple.FolderActions.folders)
Library/LaunchAgents/com.crossrider.wss002501.agent.plist
(com.crossrider.wss002501.agent.plist)
Library/LaunchAgents/com.webhelper.plist
(com.webhelper)
Library/LaunchAgents/com.webtools.update.agent.plist
(com.webtools.update.agent)
Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist
(com.zeobit.MacKeeper.Helper)
Library/LaunchAgents/Safari Security
(No job label)
Library/LaunchAgents/WebSocketServerApp
(No job label)
Extrinsic loadable bundles
/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle
(com.apple.SecurityAgentPlugin.HomeDirMechanism)
/System/Library/CoreServices/SecurityAgentPlugins/KerberosAgent.bundle
(com.apple.KerberosAgent)
/System/Library/CoreServices/SecurityAgentPlugins/loginwindow.bundle
(com.apple.securityAgentPlugins.loginwindowUI)
/System/Library/CoreServices/SecurityAgentPlugins/MCXMechanism.bundle
(com.apple.securityAgentPlugin.MCXMechanism)
/System/Library/CoreServices/SecurityAgentPlugins/PKINITMechanism.bundle
(com.apple.PKINITMechanism)
/System/Library/CoreServices/SecurityAgentPlugins/RestartAuthorization.bundle
(com.apple.securityAgentPlugin.RestartAuthorization)
/System/Library/Extensions/AMDRadeonVADriver.bundle
(com.apple. AMDRadeonVADriver)
/System/Library/Extensions/AMDRadeonX3000.kext
(com.apple.AMDRadeonX3000)
/System/Library/Extensions/AMDRadeonX3000GLDriver.bundle
(com.apple.AMDRadeonX3000GLDriver)
/System/Library/Extensions/AMDRadeonX4000.kext
(com.apple.AMDRadeonX4000)
/System/Library/Extensions/AMDRadeonX4000GLDriver.bundle
(com.apple.AMDRadeonX4000GLDriver)
/System/Library/Extensions/AppleFSCompressionTypeLZVN.kext
(com.apple.AppleFSCompression.AppleFSCompressionTypeLZVN)
/System/Library/Extensions/AppleIntelHD3000Graphics.kext
(com.apple.driver.AppleIntelHD3000Graphics)
/System/Library/Extensions/AppleIntelHD3000GraphicsGA.plugin
(com.apple.driver.AppleIntelHD3000GraphicsGA)
/System/Library/Extensions/AppleIntelHD3000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD3000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD3000GraphicsVADriver.bundle
(com.apple.AppleIntelHD3000GraphicsVADriver)
/System/Library/Extensions/AppleIntelHD4000Graphics.kext
(com.apple.driver.AppleIntelHD4000Graphics)
/System/Library/Extensions/AppleIntelHD4000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD4000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD4000GraphicsVADriver.bundle
(com.apple.AppleIntelHD4000GraphicsVADriver)
/System/Library/Extensions/AppleIntelHD5000Graphics.kext
(com.apple.driver.AppleIntelHD5000Graphics)
/System/Library/Extensions/AppleIntelHD5000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD5000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle
(com.apple.AppleIntelHD5000GraphicsVADriver)
/System/Library/Extensions/AppleIntelHDGraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHDGraphicsGLDriver)
/System/Library/Extensions/AppleIntelHSWVA.bundle
(com.apple.AppleIntelHSWFBVA)
/System/Library/Extensions/AppleIntelIVBVA.bundle
(com.apple.AppleIntelIVBFBVA)
/System/Library/Extensions/ATIRadeonX2000.kext
(com.apple.ATIRadeonX2000)
/System/Library/Extensions/ATIRadeonX2000GA.plugin
(com.apple.ATIRadeonX2000GA)
/System/Library/Extensions/ATIRadeonX2000GLDriver.bundle
(com.apple.ATIRadeonX2000GLDriver)
/System/Library/Extensions/ATIRadeonX2000VADriver.bundle
(com.apple.ATIRadeonX2000VADriver)
/System/Library/Extensions/BJUSBMP.kext
(jp.co.canon.bj.kext.BJUSBMP)
/System/Library/Extensions/EPSONUSBPrintClass.kext
(com.epson.print.kext.USBPrintClass)
/System/Library/Extensions/GeForce.kext
(com.apple.GeForce)
/System/Library/Extensions/GeForceGA.plugin
(com.apple.GeForceGA)
/System/Library/Extensions/GeForceGLDriver.bundle
(com.apple.GeForceGLDriver)
/System/Library/Extensions/GeForceTesla.kext
(com.apple.GeForceTesla)
/System/Library/Extensions/GeForceTeslaGLDriver.bundle
(com.apple.GeForceTeslaGLDriver)
/System/Library/Extensions/GeForceTeslaVADriver.bundle
(com.apple.GeForceTeslaVADriver)
/System/Library/Extensions/GeForceVADriver.bundle
(com.apple.GeForceVADriver)
/System/Library/Extensions/hp_designjet_series.kext
(com.hp.print.hpio.Designjet.kext)
/System/Library/Extensions/hp_Deskjet_io_enabler.kext
(com.hp.print.hpio.Deskjet.kext)
/System/Library/Extensions/hp_fax_io.kext
(com.hp.kext.hp-fax-io)
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
(com.hp.print.hpio.Inkjet1.kext)
/System/Library/Extensions/hp_Inkjet2_io_enabler.kext
(com.hp.print.hpio.Inkjet2.kext)
/System/Library/Extensions/hp_Inkjet3_io_enabler.kext
(com.hp.print.hpio.Inkjet3.kext)
/System/Library/Extensions/hp_Inkjet4_io_enabler.kext
(com.hp.print.hpio.Inkjet4.kext)
/System/Library/Extensions/hp_Inkjet5_io_enabler.kext
(com.hp.print.hpio.Inkjet5.kext)
/System/Library/Extensions/hp_Inkjet7_io_enabler.kext
(com.hp.print.hpio.inkjet7.kext)
/System/Library/Extensions/hp_Inkjet8_io_enabler.kext
(com.hp.print.hpio.inkjet8.kext)
/System/Library/Extensions/hp_Inkjet_io_enabler.kext
(com.hp.print.hpio.Inkjet.kext)
/System/Library/Extensions/hp_io_printerclassdriver_enabler.kext
(com.hp.hpio.hp_io_printerclassdriver_enabler)
/System/Library/Extensions/hp_Laserjet_io_enabler.kext
(com.hp.print.hpio.Laserjet.kext)
/System/Library/Extensions/hp_Officejet_io_enabler.kext
(com.hp.print.hpio.Officejet.kext)
/System/Library/Extensions/hp_Photosmart_io_enabler.kext
(com.hp.print.hpio.Photosmart.kext)
/System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext
(com.hp.print.hpio.PhotosmartPro.kext)
/System/Library/Extensions/hp_psa640_io_enabler.kext
(com.hp.hpio.hp_psa640_io_enabler)
/System/Library/Extensions/hp_qc_io_enabler.kext
(com.hp.hpio.hp_psa530_630_io_enabler)
/System/Library/Extensions/LexmarkUSBMerge.kext
(com.lexmark.print.usbmerge)
/Library/Audio/Plug-Ins/HAL/AirPlay.driver
(com.apple.audio.AirTunesHALPlugin)
/Library/Audio/Plug-Ins/HAL/AppleAVBAudio.driver
(com.apple.audio.AppleAVBAudio)
/Library/Audio/Plug-Ins/HAL/BluetoothAudioPlugIn.driver
(com.apple.audio.BluetoothAudioPlugIn)
/Library/Audio/Plug-Ins/HAL/iSightAudio.driver
(com.apple.iSightAudio)
/Library/Extensions/hp_io_enabler_compound.kext
(com.hp.kext.io.enabler.compound)
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
(com.adobe.acrobat.pdfviewer)
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
(com.adobe.acrobat.pdfviewerNPAPI)
/Library/Internet Plug-Ins/Default Browser.plugin
(com.apple.DefaultBrowser.PlugIn)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
(net.telestream.wmv.plugin)
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
(com.google.googletalkbrowserplugin)
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
(com.apple.plugin.iPhotoPhotocast)
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
(com.oracle.java.JavaAppletPlugin)
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
(com.google.o1dbrowserplugin)
/Library/Internet Plug-Ins/Quartz Composer.webplugin
(com.apple.QuartzComposer.webplugin)
/Library/Internet Plug-Ins/QuickTime Plugin.plugin
(com.apple.QuickTime Plugin.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/iTunes/iTunes Plug-ins/Quartz Composer Visualizer.bundle
(com.apple.QuartzComposer.iTunesPlugIn)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
/Library/PreferencePanes/JavaControlPanel.prefPane
(com.oracle.java.JavaControlPanel)
/Library/QuickTime/AppleMPEG2Codec.component
(com.apple.AppleMPEG2Codec)
/Library/Spotlight/GBSpotlightImporter.mdimporter
(com.apple.garageband.spotlightimporter)
/Library/Spotlight/GraphPad Prism.mdimporter
(com.GraphPad.PrismMDImporter)
/Library/Spotlight/iBooksAuthor.mdimporter
(com.apple.MDImporter.iBooksAuthor)
/Library/Spotlight/iWork.mdimporter
(com.apple.MDImporter.iWork)
/Library/Spotlight/Microsoft Office.mdimporter
(com.microsoft.MDImporter.Office)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
Library/Internet Plug-Ins/WebEx64.plugin
(com.cisco_webex.plugin.gpc64)
Library/iTunes/iTunes Plug-ins/TuneUp/TuneUp Visualizer.bundle
(com.TuneUp.app.iTuneUp Visualizer)
Extrinsic shared libraries
/usr/lib/dtrace/libdtrace_dyld.dylib
/usr/lib/libgmalloc.B.dylib
/usr/lib/libruby.2.0.0.dylib
/usr/lib/libXplugin.1.dylib
Proxies
ProxyAutoConfigEnable : 1
ProxyAutoConfigURLString : http://wpad/wpad.dat
ProxyAutoDiscoveryEnable : 1
DNS (from DHCP): 75.75.75.75
Profiles: 1
User login items
iTunesHelper
Dropbox
AdobeResourceSynchronizer
SpeechSynthesisServer
Google Drive.app
TuneupMyMac
Restricted user files: 117
Font problems: 45
Elapsed time (s): 194
You installed the "Crossrider" trojan. Take the steps below to disable it.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with any of the following names:
com.crossrider.wss*.agent.plist
flashmall_updater.plist
flashmall_updater.sh
com.webhelper.plist
com.webtools.update.agent.plist
WebSocketServerApp
Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with this name:
webHelperApp
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Finally, open this folder in the same way as above:
~/Library
Look for a subfolder with this name:
WebTools
and move it to the Trash, if present. Finally, empty the Trash.
Thank you very much Linc Davis! Problem resolved. I really appreciate the help.
System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Boot Mode: Normal
Model: MacBookPro9,2
System diagnostics
2015-01-19 com.apple.WebKit.WebContent hang
2015-01-19 com.apple.WebKit.WebContent hang
Kernel messages
Jan 14 19:12:41 WARNING: hibernate_page_list_setall skipped 4404 xpmapped pages
Jan 17 14:12:55 BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 136 times ---
Jan 17 14:14:29 BUG in process suhelperd[168]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 132 times ---
Jan 17 14:14:35 BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 4 times ---
Jan 17 14:14:39 BUG in process suhelperd[168]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 1 time ---
Jan 17 15:04:38 process Image Capture Ex[3340] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Jan 17 15:06:36 Sound assertion in AppleHDAFunctionGroup at line 1053
Jan 17 16:28:15 WARNING: hibernate_page_list_setall skipped 220 xpmapped pages
--- last message repeated 1 time ---
Jan 17 18:17:08 WARNING: hibernate_page_list_setall skipped 237 xpmapped pages
--- last message repeated 1 time ---
Jan 17 18:52:45 WARNING: hibernate_page_list_setall skipped 899 xpmapped pages
--- last message repeated 1 time ---
Jan 17 19:08:28 WARNING: hibernate_page_list_setall skipped 989 xpmapped pages
--- last message repeated 1 time ---
Jan 17 19:11:17 WARNING: hibernate_page_list_setall skipped 981 xpmapped pages
--- last message repeated 1 time ---
Jan 18 23:07:14 WARNING: hibernate_page_list_setall skipped 1178 xpmapped pages
--- last message repeated 1 time ---
Jan 19 17:41:56 BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 131 times ---
Extrinsic daemons
com.microsoft.office.licensing.helper
com.adobe.fpsaud
com.seagate.TBDecorator.plist
Extrinsic agents
com.genieo.completer.ltvbit
com.leadertech.PowerRegister.SEA1.UUID
com.genieo.completer.download
com.genieo.completer.update
launchd items
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
Library/LaunchAgents/com.genieo.completer.download.plist
(com.genieo.completer.download)
Library/LaunchAgents/com.genieo.completer.ltvbit.plist
(com.genieo.completer.ltvbit)
Library/LaunchAgents/com.genieo.completer.update.plist
(com.genieo.completer.update)
Library/LaunchAgents/com.leadertech.PowerRegister.SEA1.UUID.plist
(com.leadertech.PowerRegister.SEA1.UUID)
Extrinsic loadable bundles
/System/Library/Extensions/JMicronATA.kext
(com.jmicron.JMicronATA)
/System/Library/Extensions/Seagate Storage Driver.kext
(com.seagate.driver.PowSecDriverCore)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
DNS (from DHCP): 75.75.75.75
User login items
iTunesHelper
Safari extensions
Omnibar
Restricted user files: 133
Elapsed time (s): 316
If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.
You installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.
Back up all data before making any changes.
Besides the files listed in the linked support article, you may also need to remove this file in the same way:
~/Library/LaunchAgents/com.genieo.completer.ltvbit.plist
If there are other items with a name that includes "Genieo" or "genieo" alongside any of those you find, remove them as well.
One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.
If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.
Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
Thank you so very much Linc Davis! You are a life saver! I promise to be extremely selective with any downloads from this point on. Have a great night 🙂
Upon start up of my Mac Pro Tower I am getting a window
Is this different from what you are referring to? How can I delete this?
Thank you.
Try Linc Davis recommended action on the first page of this discussion to remove it
It is a quicker and less daunting task to run AdwareMedic, and have it search for and remove adware: http://adwaremedic.com/index.php.
This is new behavior on the part of the Genieo (aka InstallMac) adware. I'd be very curious to find out what you downloaded, and from where, around the time this problem started. I have not yet located a copy of Genieo that behaves this way, and don't know whether existing removal instructions will be adequate or whether they need revision. If you can help me find a copy of the installer for this thing, you would be helping yourself as well as countless others.
There is no need to download anything to solve this problem.
If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.
You may have installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.
Back up all data before proceeding.
Malware is always changing to get around the defenses against it. In addition to the files listed in the support article, you may also have to remove the following in the same way:
~/Library/LaunchAgents/com.Installer.completer.download.plist
~/Library/LaunchAgents/com.Installer.completer.ltvbit.plist
~/Library/LaunchAgents/com.Installer.completer.update.plist
~/Library/Application Support/IM.Installer/Completer.app
One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.
If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.
If you find Apple's instructions too hard to follow, ask for an alternative that doesn't require you to trust a black-box application without knowing what it does.
Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
How can I remove installmac virus from my Mac Pro
