-
All replies
-
Helpful answers
-
Aug 19, 2014 3:09 AM in response to vietitaliby thomas_r.,vietitali wrote:
I still get the "search install" and bing when I search in the address bar on Google Chrome.
I'm not sure I understand that. You can't have two different search engines selected at once. What exactly are you seeing? A screenshot would help.
Make a screenshot by following the directions here:
http://support.apple.com/kb/HT5775
Be sure no sensitive personal information is displayed. To add that image to a post here, click the camera icon in the post editor toolbar.
-
Aug 20, 2014 11:33 AM in response to thomas_r.by John Darrah,thank you. That was supposed to be ALL CAP
-
Jan 3, 2015 2:23 PM in response to Linc Davisby jwelsh802,System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Boot Mode: Normal
Model: MacBookPro9,2
USB
Slim Mac SL (Seagate LLC)
User diagnostics
2014-12-16 iFunBox crash
2014-12-16 iFunBox crash
2014-12-16 iFunBox crash
2014-12-16 iFunBox crash
Kernel messages
--- last message repeated 1 time ---
Jan 2 16:04:23 WARNING: hibernate_page_list_setall skipped 18335 xpmapped pages
Jan 2 16:22:15 BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 118 times ---
Jan 2 16:22:41 BUG in process suhelperd[167]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Jan 2 16:49:48 WARNING: hibernate_page_list_setall skipped 4908 xpmapped pages
--- last message repeated 1 time ---
Jan 2 17:13:11 WARNING: hibernate_page_list_setall skipped 5491 xpmapped pages
--- last message repeated 1 time ---
Jan 2 17:45:08 WARNING: hibernate_page_list_setall skipped 5940 xpmapped pages
--- last message repeated 1 time ---
Jan 2 20:30:06 WARNING: hibernate_page_list_setall skipped 6170 xpmapped pages
--- last message repeated 1 time ---
Jan 2 20:43:15 WARNING: hibernate_page_list_setall skipped 7380 xpmapped pages
Jan 3 14:02:46 BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 3 14:02:47 utun_start: ifnet_disable_output returned error 12
Jan 3 14:04:01 BUG in process suhelperd[167]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 129 times ---
Jan 3 15:01:35 WARNING: hibernate_page_list_setall skipped 7380 xpmapped pages
Jan 3 15:01:56 WARNING: hibernate_page_list_setall skipped 23007 xpmapped pages
Jan 3 15:47:54 Over-release of kernel-internal importance assertions for pid 17 (syslogd), dropping 1 assertion(s) but task only has 3 remaining (3 external).
Jan 3 16:03:37 BUG in process suhelperd[178]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 118 times ---
Jan 3 16:04:15 BUG in process suhelperd[178]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Jan 3 16:39:49 process Finder[207] caught causing excessive wakeups. Observed wakeups rate (per sec): 151; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 80261
Extrinsic daemons
com.microsoft.office.licensing.helper
com.adobe.fpsaud
com.seagate.TBDecorator.plist
Extrinsic agents
com.genieo.completer.ltvbit
com.leadertech.PowerRegister.SEA1.UUID
com.genieo.completer.download
com.genieo.completer.update
com.google.keystone.user.agent
launchd items
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
Library/LaunchAgents/com.genieo.completer.download.plist
(com.genieo.completer.download)
Library/LaunchAgents/com.genieo.completer.ltvbit.plist
(com.genieo.completer.ltvbit)
Library/LaunchAgents/com.genieo.completer.update.plist
(com.genieo.completer.update)
Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.user.agent)
Library/LaunchAgents/com.leadertech.PowerRegister.SEA1.UUID.plist
(com.leadertech.PowerRegister.SEA1.UUID)
Extrinsic loadable bundles
/System/Library/Extensions/JMicronATA.kext
(com.jmicron.JMicronATA)
/System/Library/Extensions/Seagate Storage Driver.kext
(com.seagate.driver.PowSecDriverCore)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
DNS (from DHCP): 75.75.75.75
User login items
iTunesHelper
Safari extensions
Omnibar
Restricted user files: 136
Elapsed time (s): 695
-
Jan 15, 2015 8:17 AM in response to Linc Davisby life_doc13,System Version: OS X 10.9.4 (13E28)
Kernel Version: Darwin 13.3.0
Boot Mode: Normal
Model: MacBookPro6,2
Battery cycles: 905
USB
BRCM2070 Hub (Broadcom Corp.)
Bluetooth USB Host Controller (Apple Inc.)
Apple Internal Keyboard / Trackpad (Apple Inc.)
Internal Memory Card Reader (Apple Inc.)
IR Receiver (Apple Inc.)
System diagnostics
2014-12-31 Photo Booth spin
2014-12-31 Photo Booth spin
2015-01-05 Google Chrome Helper spin
2015-01-09 PluginProcess spin
2015-01-09 iPhoto spin
2015-01-10 PluginProcess spin
2015-01-12 WindowServer spin
2015-01-13 PluginProcess spin
2015-01-13 PluginProcess spin
2015-01-14 WindowServer spin
User diagnostics
2014-12-25 PluginProcess crash
2014-12-25 PluginProcess crash
2014-12-31 iMovie crash
2014-12-31 iMovie crash
2015-01-12 NotificationCenter crash
Kernel messages
Jan 14 10:43:28 MacAuthEvent en1 Auth result for: 56:02:02:06:20:d7 Auth timed out
Jan 14 11:02:01 WARNING: hibernate_page_list_setall skipped 109108 xpmapped pages
Jan 14 11:02:19 WARNING: hibernate_page_list_setall skipped 165053 xpmapped pages
Jan 14 15:40:47 MacAuthEvent en1 Auth result for: 56:02:02:06:21:84 Auth timed out
Jan 14 15:40:47 MacAuthEvent en1 Auth result for: 56:02:01:06:21:81 Auth timed out
Jan 14 15:40:48 MacAuthEvent en1 Auth result for: 56:02:01:06:21:66 Auth timed out
Jan 14 15:40:48 MacAuthEvent en1 Auth result for: 56:02:02:06:21:81 Auth timed out
Jan 14 15:51:04 WARNING: hibernate_page_list_setall skipped 165053 xpmapped pages
Jan 14 15:51:24 WARNING: hibernate_page_list_setall skipped 225290 xpmapped pages
Jan 14 17:19:26 WARNING: hibernate_page_list_setall skipped 225290 xpmapped pages
Jan 14 17:19:42 WARNING: hibernate_page_list_setall skipped 285580 xpmapped pages
Jan 14 21:31:10 wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8
Jan 14 21:34:06 wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8
Jan 14 21:53:15 wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8
--- last message repeated 4 times ---
Jan 14 21:56:46 wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8
Jan 14 21:57:14 wl0: Roamed or switched channel, reason #4, bssid 78:cd:8e:21:4d:d8
Jan 14 21:59:27 process WindowServer[98] caught causing excessive wakeups. Observed wakeups rate (per sec): 315; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 283447
Jan 14 21:59:30 wl0: Roamed or switched channel, reason #8, bssid 78:cd:8e:21:4d:d8
--- last message repeated 1 time ---
Jan 14 22:06:11 process Google Chrome He[19909] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Jan 14 22:07:07 process Google Chrome He[19894] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Jan 14 22:16:08 WARNING: hibernate_page_list_setall skipped 285580 xpmapped pages
Jan 14 22:16:25 WARNING: hibernate_page_list_setall skipped 357692 xpmapped pages
Jan 15 10:46:46 Previous Shutdown Cause: -60
Extrinsic daemons
scManagerD
com.oracle.java.Helper-Tool
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.cloudpath.maccmd
com.adobe.fpsaud
Extrinsic agents
com.oracle.java.Java-Updater
com.google.keystone.system.agent
com.flashmall.updater
com.flashmall.enabler
com.zeobit.MacKeeper.Helper
com.webtools.update.agent
com.webhelper
com.crossrider.wss002501.agent.plist
com.adobe.ARM.UUID
launchd items
/Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.system.agent)
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
(com.oracle.java.Java-Updater)
/Library/LaunchAgents/com.teamviewer.teamviewer.plist
(com.teamviewer.teamviewer)
/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist
(com.teamviewer.desktop)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.cloudpath.maccmd.plist
(com.cloudpath.maccmd)
/Library/LaunchDaemons/com.google.keystone.daemon.plist
(com.google.keystone.daemon)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
(com.oracle.java.Helper-Tool)
/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist
(com.teamviewer.service)
/Library/LaunchDaemons/Safe.Connect.plist
(scManagerD)
Library/LaunchAgents/com.adobe.ARM.UUID.plist
(com.adobe.ARM.UUID)
Library/LaunchAgents/com.apple.FolderActions.enabled.plist
(com.apple.FolderActions.enabled)
Library/LaunchAgents/com.apple.FolderActions.folders.plist
(com.apple.FolderActions.folders)
Library/LaunchAgents/com.crossrider.wss002501.agent.plist
(com.crossrider.wss002501.agent.plist)
Library/LaunchAgents/com.webhelper.plist
(com.webhelper)
Library/LaunchAgents/com.webtools.update.agent.plist
(com.webtools.update.agent)
Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist
(com.zeobit.MacKeeper.Helper)
Library/LaunchAgents/Safari Security
(No job label)
Library/LaunchAgents/WebSocketServerApp
(No job label)
Extrinsic loadable bundles
/System/Library/CoreServices/SecurityAgentPlugins/HomeDirMechanism.bundle
(com.apple.SecurityAgentPlugin.HomeDirMechanism)
/System/Library/CoreServices/SecurityAgentPlugins/KerberosAgent.bundle
(com.apple.KerberosAgent)
/System/Library/CoreServices/SecurityAgentPlugins/loginwindow.bundle
(com.apple.securityAgentPlugins.loginwindowUI)
/System/Library/CoreServices/SecurityAgentPlugins/MCXMechanism.bundle
(com.apple.securityAgentPlugin.MCXMechanism)
/System/Library/CoreServices/SecurityAgentPlugins/PKINITMechanism.bundle
(com.apple.PKINITMechanism)
/System/Library/CoreServices/SecurityAgentPlugins/RestartAuthorization.bundle
(com.apple.securityAgentPlugin.RestartAuthorization)
/System/Library/Extensions/AMDRadeonVADriver.bundle
(com.apple. AMDRadeonVADriver)
/System/Library/Extensions/AMDRadeonX3000.kext
(com.apple.AMDRadeonX3000)
/System/Library/Extensions/AMDRadeonX3000GLDriver.bundle
(com.apple.AMDRadeonX3000GLDriver)
/System/Library/Extensions/AMDRadeonX4000.kext
(com.apple.AMDRadeonX4000)
/System/Library/Extensions/AMDRadeonX4000GLDriver.bundle
(com.apple.AMDRadeonX4000GLDriver)
/System/Library/Extensions/AppleFSCompressionTypeLZVN.kext
(com.apple.AppleFSCompression.AppleFSCompressionTypeLZVN)
/System/Library/Extensions/AppleIntelHD3000Graphics.kext
(com.apple.driver.AppleIntelHD3000Graphics)
/System/Library/Extensions/AppleIntelHD3000GraphicsGA.plugin
(com.apple.driver.AppleIntelHD3000GraphicsGA)
/System/Library/Extensions/AppleIntelHD3000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD3000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD3000GraphicsVADriver.bundle
(com.apple.AppleIntelHD3000GraphicsVADriver)
/System/Library/Extensions/AppleIntelHD4000Graphics.kext
(com.apple.driver.AppleIntelHD4000Graphics)
/System/Library/Extensions/AppleIntelHD4000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD4000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD4000GraphicsVADriver.bundle
(com.apple.AppleIntelHD4000GraphicsVADriver)
/System/Library/Extensions/AppleIntelHD5000Graphics.kext
(com.apple.driver.AppleIntelHD5000Graphics)
/System/Library/Extensions/AppleIntelHD5000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD5000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle
(com.apple.AppleIntelHD5000GraphicsVADriver)
/System/Library/Extensions/AppleIntelHDGraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHDGraphicsGLDriver)
/System/Library/Extensions/AppleIntelHSWVA.bundle
(com.apple.AppleIntelHSWFBVA)
/System/Library/Extensions/AppleIntelIVBVA.bundle
(com.apple.AppleIntelIVBFBVA)
/System/Library/Extensions/ATIRadeonX2000.kext
(com.apple.ATIRadeonX2000)
/System/Library/Extensions/ATIRadeonX2000GA.plugin
(com.apple.ATIRadeonX2000GA)
/System/Library/Extensions/ATIRadeonX2000GLDriver.bundle
(com.apple.ATIRadeonX2000GLDriver)
/System/Library/Extensions/ATIRadeonX2000VADriver.bundle
(com.apple.ATIRadeonX2000VADriver)
/System/Library/Extensions/BJUSBMP.kext
(jp.co.canon.bj.kext.BJUSBMP)
/System/Library/Extensions/EPSONUSBPrintClass.kext
(com.epson.print.kext.USBPrintClass)
/System/Library/Extensions/GeForce.kext
(com.apple.GeForce)
/System/Library/Extensions/GeForceGA.plugin
(com.apple.GeForceGA)
/System/Library/Extensions/GeForceGLDriver.bundle
(com.apple.GeForceGLDriver)
/System/Library/Extensions/GeForceTesla.kext
(com.apple.GeForceTesla)
/System/Library/Extensions/GeForceTeslaGLDriver.bundle
(com.apple.GeForceTeslaGLDriver)
/System/Library/Extensions/GeForceTeslaVADriver.bundle
(com.apple.GeForceTeslaVADriver)
/System/Library/Extensions/GeForceVADriver.bundle
(com.apple.GeForceVADriver)
/System/Library/Extensions/hp_designjet_series.kext
(com.hp.print.hpio.Designjet.kext)
/System/Library/Extensions/hp_Deskjet_io_enabler.kext
(com.hp.print.hpio.Deskjet.kext)
/System/Library/Extensions/hp_fax_io.kext
(com.hp.kext.hp-fax-io)
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
(com.hp.print.hpio.Inkjet1.kext)
/System/Library/Extensions/hp_Inkjet2_io_enabler.kext
(com.hp.print.hpio.Inkjet2.kext)
/System/Library/Extensions/hp_Inkjet3_io_enabler.kext
(com.hp.print.hpio.Inkjet3.kext)
/System/Library/Extensions/hp_Inkjet4_io_enabler.kext
(com.hp.print.hpio.Inkjet4.kext)
/System/Library/Extensions/hp_Inkjet5_io_enabler.kext
(com.hp.print.hpio.Inkjet5.kext)
/System/Library/Extensions/hp_Inkjet7_io_enabler.kext
(com.hp.print.hpio.inkjet7.kext)
/System/Library/Extensions/hp_Inkjet8_io_enabler.kext
(com.hp.print.hpio.inkjet8.kext)
/System/Library/Extensions/hp_Inkjet_io_enabler.kext
(com.hp.print.hpio.Inkjet.kext)
/System/Library/Extensions/hp_io_printerclassdriver_enabler.kext
(com.hp.hpio.hp_io_printerclassdriver_enabler)
/System/Library/Extensions/hp_Laserjet_io_enabler.kext
(com.hp.print.hpio.Laserjet.kext)
/System/Library/Extensions/hp_Officejet_io_enabler.kext
(com.hp.print.hpio.Officejet.kext)
/System/Library/Extensions/hp_Photosmart_io_enabler.kext
(com.hp.print.hpio.Photosmart.kext)
/System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext
(com.hp.print.hpio.PhotosmartPro.kext)
/System/Library/Extensions/hp_psa640_io_enabler.kext
(com.hp.hpio.hp_psa640_io_enabler)
/System/Library/Extensions/hp_qc_io_enabler.kext
(com.hp.hpio.hp_psa530_630_io_enabler)
/System/Library/Extensions/LexmarkUSBMerge.kext
(com.lexmark.print.usbmerge)
/Library/Audio/Plug-Ins/HAL/AirPlay.driver
(com.apple.audio.AirTunesHALPlugin)
/Library/Audio/Plug-Ins/HAL/AppleAVBAudio.driver
(com.apple.audio.AppleAVBAudio)
/Library/Audio/Plug-Ins/HAL/BluetoothAudioPlugIn.driver
(com.apple.audio.BluetoothAudioPlugIn)
/Library/Audio/Plug-Ins/HAL/iSightAudio.driver
(com.apple.iSightAudio)
/Library/Extensions/hp_io_enabler_compound.kext
(com.hp.kext.io.enabler.compound)
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
(com.adobe.acrobat.pdfviewer)
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
(com.adobe.acrobat.pdfviewerNPAPI)
/Library/Internet Plug-Ins/Default Browser.plugin
(com.apple.DefaultBrowser.PlugIn)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
(net.telestream.wmv.plugin)
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
(com.google.googletalkbrowserplugin)
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
(com.apple.plugin.iPhotoPhotocast)
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
(com.oracle.java.JavaAppletPlugin)
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
(com.google.o1dbrowserplugin)
/Library/Internet Plug-Ins/Quartz Composer.webplugin
(com.apple.QuartzComposer.webplugin)
/Library/Internet Plug-Ins/QuickTime Plugin.plugin
(com.apple.QuickTime Plugin.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/iTunes/iTunes Plug-ins/Quartz Composer Visualizer.bundle
(com.apple.QuartzComposer.iTunesPlugIn)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
/Library/PreferencePanes/JavaControlPanel.prefPane
(com.oracle.java.JavaControlPanel)
/Library/QuickTime/AppleMPEG2Codec.component
(com.apple.AppleMPEG2Codec)
/Library/Spotlight/GBSpotlightImporter.mdimporter
(com.apple.garageband.spotlightimporter)
/Library/Spotlight/GraphPad Prism.mdimporter
(com.GraphPad.PrismMDImporter)
/Library/Spotlight/iBooksAuthor.mdimporter
(com.apple.MDImporter.iBooksAuthor)
/Library/Spotlight/iWork.mdimporter
(com.apple.MDImporter.iWork)
/Library/Spotlight/Microsoft Office.mdimporter
(com.microsoft.MDImporter.Office)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
Library/Internet Plug-Ins/WebEx64.plugin
(com.cisco_webex.plugin.gpc64)
Library/iTunes/iTunes Plug-ins/TuneUp/TuneUp Visualizer.bundle
(com.TuneUp.app.iTuneUp Visualizer)
Extrinsic shared libraries
/usr/lib/dtrace/libdtrace_dyld.dylib
/usr/lib/libgmalloc.B.dylib
/usr/lib/libruby.2.0.0.dylib
/usr/lib/libXplugin.1.dylib
Proxies
ProxyAutoConfigEnable : 1
ProxyAutoConfigURLString : http://wpad/wpad.dat
ProxyAutoDiscoveryEnable : 1
DNS (from DHCP): 75.75.75.75
Profiles: 1
User login items
iTunesHelper
Dropbox
AdobeResourceSynchronizer
SpeechSynthesisServer
Google Drive.app
TuneupMyMac
Restricted user files: 117
Font problems: 45
Elapsed time (s): 194
-
Jan 15, 2015 10:44 AM in response to life_doc13by Linc Davis,You installed the "Crossrider" trojan. Take the steps below to disable it.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go â–¹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with any of the following names:
com.crossrider.wss*.agent.plist
flashmall_updater.plist
flashmall_updater.sh
com.webhelper.plist
com.webtools.update.agent.plist
WebSocketServerApp
Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with this name:
webHelperApp
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Finally, open this folder in the same way as above:
~/Library
Look for a subfolder with this name:
WebTools
and move it to the Trash, if present. Finally, empty the Trash.
-
Jan 16, 2015 8:10 AM in response to Linc Davisby life_doc13,Thank you very much Linc Davis! Problem resolved. I really appreciate the help.
-
Jan 19, 2015 2:59 PM in response to Linc Davisby jwelsh802,System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Boot Mode: Normal
Model: MacBookPro9,2
System diagnostics
2015-01-19 com.apple.WebKit.WebContent hang
2015-01-19 com.apple.WebKit.WebContent hang
Kernel messages
Jan 14 19:12:41 WARNING: hibernate_page_list_setall skipped 4404 xpmapped pages
Jan 17 14:12:55 BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 136 times ---
Jan 17 14:14:29 BUG in process suhelperd[168]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 132 times ---
Jan 17 14:14:35 BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 4 times ---
Jan 17 14:14:39 BUG in process suhelperd[168]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 1 time ---
Jan 17 15:04:38 process Image Capture Ex[3340] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback
Jan 17 15:06:36 Sound assertion in AppleHDAFunctionGroup at line 1053
Jan 17 16:28:15 WARNING: hibernate_page_list_setall skipped 220 xpmapped pages
--- last message repeated 1 time ---
Jan 17 18:17:08 WARNING: hibernate_page_list_setall skipped 237 xpmapped pages
--- last message repeated 1 time ---
Jan 17 18:52:45 WARNING: hibernate_page_list_setall skipped 899 xpmapped pages
--- last message repeated 1 time ---
Jan 17 19:08:28 WARNING: hibernate_page_list_setall skipped 989 xpmapped pages
--- last message repeated 1 time ---
Jan 17 19:11:17 WARNING: hibernate_page_list_setall skipped 981 xpmapped pages
--- last message repeated 1 time ---
Jan 18 23:07:14 WARNING: hibernate_page_list_setall skipped 1178 xpmapped pages
--- last message repeated 1 time ---
Jan 19 17:41:56 BUG in process suhelperd[168]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 131 times ---
Extrinsic daemons
com.microsoft.office.licensing.helper
com.adobe.fpsaud
com.seagate.TBDecorator.plist
Extrinsic agents
com.genieo.completer.ltvbit
com.leadertech.PowerRegister.SEA1.UUID
com.genieo.completer.download
com.genieo.completer.update
launchd items
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
Library/LaunchAgents/com.genieo.completer.download.plist
(com.genieo.completer.download)
Library/LaunchAgents/com.genieo.completer.ltvbit.plist
(com.genieo.completer.ltvbit)
Library/LaunchAgents/com.genieo.completer.update.plist
(com.genieo.completer.update)
Library/LaunchAgents/com.leadertech.PowerRegister.SEA1.UUID.plist
(com.leadertech.PowerRegister.SEA1.UUID)
Extrinsic loadable bundles
/System/Library/Extensions/JMicronATA.kext
(com.jmicron.JMicronATA)
/System/Library/Extensions/Seagate Storage Driver.kext
(com.seagate.driver.PowSecDriverCore)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
DNS (from DHCP): 75.75.75.75
User login items
iTunesHelper
Safari extensions
Omnibar
Restricted user files: 133
Elapsed time (s): 316
-
Jan 19, 2015 6:09 PM in response to jwelsh802by Linc Davis,If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.
You installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.
Back up all data before making any changes.
Besides the files listed in the linked support article, you may also need to remove this file in the same way:
~/Library/LaunchAgents/com.genieo.completer.ltvbit.plist
If there are other items with a name that includes "Genieo" or "genieo" alongside any of those you find, remove them as well.
One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.
If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.
Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
-
Jan 19, 2015 8:11 PM in response to Linc Davisby jwelsh802,Thank you so very much Linc Davis! You are a life saver! I promise to be extremely selective with any downloads from this point on. Have a great night
-
-
Apr 6, 2015 10:52 AM in response to jazzdnnyby lllaass,Try Linc Davis recommended action on the first page of this discussion to remove it
-
Apr 6, 2015 10:55 AM in response to jazzdnnyby stevejobsfan0123,It is a quicker and less daunting task to run AdwareMedic, and have it search for and remove adware: http://adwaremedic.com/index.php.
-
Apr 6, 2015 11:00 AM in response to jazzdnnyby thomas_r.,This is new behavior on the part of the Genieo (aka InstallMac) adware. I'd be very curious to find out what you downloaded, and from where, around the time this problem started. I have not yet located a copy of Genieo that behaves this way, and don't know whether existing removal instructions will be adequate or whether they need revision. If you can help me find a copy of the installer for this thing, you would be helping yourself as well as countless others.
-
Apr 6, 2015 11:21 AM in response to jazzdnnyby Linc Davis,There is no need to download anything to solve this problem.
If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.
You may have installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.
Back up all data before proceeding.
Malware is always changing to get around the defenses against it. In addition to the files listed in the support article, you may also have to remove the following in the same way:
~/Library/LaunchAgents/com.Installer.completer.download.plist
~/Library/LaunchAgents/com.Installer.completer.ltvbit.plist
~/Library/LaunchAgents/com.Installer.completer.update.plist
~/Library/Application Support/IM.Installer/Completer.app
One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.
If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.
If you find Apple's instructions too hard to follow, ask for an alternative that doesn't require you to trust a black-box application without knowing what it does.
Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
