Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

How to clean a browser hijack from my iMac?

My iMac has picked up some kind of malware that affects all browsers. If I click a select a bookmark, it takes me to the page, but when I click on a link on the site, it prepends "http://dca14d4e.megaline.co/url/" to the actual link, and connects me to an advertisement page for Linkbucks. If I manually remove the added text, I can still browse to the intended site.


I have found advice on how to remove this from a Windows PC, but nothing on removing it from a Mac. Any assistance is appreciated.

iMac, OS X Mavericks (10.9.1)

Posted on Dec 28, 2013 11:23 AM

Reply
26 replies

Apr 8, 2017 6:32 AM in response to Linc Davis

Loaded extrinsic daemons:



com.sophos.webd

com.sophos.scan

com.malwarebytes.HelperTool

com.sophos.common.servicemanager

Adobe_Genuine_Software_Integrity_Service

com.sophos.mcs

com.sophos.autoupdate

com.sophos.sxld

com.sophos.notification

com.wacom.displayhelper

com.adobe.fpsaud

com.sophos.configuration

com.wacom.TabletHelper

com.sophos.cleand

Apr 8, 2017 4:05 PM in response to keire

Linc no longer participates in this forum and if anybody else is still monitoring it after over three years, they have no idea how to interpret what you have posted.


If you are having an issue you need to start your own new discussion, describing the problem in as much detail as you can so that other troubleshooters can give you a hand.


That's just the way this forum works best.

Dec 28, 2013 3:36 PM in response to pandu7

add another to this list...


Only started today - seems specific to BBC website... at least thats the only site I have been visiting that gives the issue. Browser seems irrelevant (Happens also on Firefox and Safari - using Chrome though).. My ISP like mordonez is Movistar (Peru)

I'm guessing there are hidden files installed someplace in /var/ folder as I have found nothing in User/Application Support/ (trying to mirror the Windows fix...)

Dec 29, 2013 8:36 AM in response to Fred_flinstone

OpenDNS. It is patched against DNS redirects, and will generally be as fast if not much faster than any other DNS servers you might use.


You don't need to go to the OpenDNS site to use OpenDNS. Simply open Network>Advanced>DNS in Sys Prefs and enter the following numbers for the interface you use, e.g. Airport or Ethernet,


208.67.222.222


208.67.220.220


Hit OK and then Apply. Make sure those numbers are entered above any others you may have there.


To check to see if it's working


http://www.opendns.com/welcome/


If anyone now posts about the privacy implications of OpenDNS, OpenDNS is no worse, and probably better than most. Certainly light years better than using Google DNS, or those used by your ISP, whatever that may be. The only legitimate concern with OpenDNS is that it will hijack URL typos from Google to its own search page. That doesn't bother me too much.

Dec 29, 2013 9:03 AM in response to Fred_flinstone

This is a comment on OpenDNS and other public domain-name system (DNS) services, such as Google DNS. You should use such a service if it solves a problem for you, and not if it creates problems you don't already have. To summarize:

1. Using public DNS will probably not make your network faster, and may make it slower.

2. It will probably not stop your browser from being redirected when you try to connect to a valid web address.

3. It will not make you safer from malware attacks.

4. It could cause confidential information to be compromised.

5. It has other privacy implications that you should take into account.

A DNS server resolves the human-readable "domain name" of an Internet host, such as www.apple.com, to the numerical address by which that host can be reached. The process is analogous to looking up a phone number by name. There is no chance that changing the DNS server you use will have any effect on a network problem not related to name resolution.

There are two valid reasons why you might want to use a public DNS service:

  • The DNS servers provided by your ISP are misconfigured (perhaps deliberately) or don't perform well.
  • You have a use for the filtering controls provided by OpenDNS and others.
Although some DNS services are touted as responding faster than others, there will be no noticeable difference if your ISP is delivering what you pay for. Most likely, the difference in response time among the DNS servers available to you is on the order of a hundredth of a second or less. But under some conditions, public DNS will significantly slow down network performance. Here is a case in point.

A content-distribution network (CDN), such as the one used by Apple to deliver software updates and iTunes content, relies on the location of the DNS server to optimize performance. If your query goes to a distant server, you may get slow downloads of Apple content, among other things. From the report of a test carried out by a networking consultant:
We listed 9 CDNs that would benefit from supporting/using edns-client-subnet, and only two actually support edns-client-subnet: CDN77 and ChinaCache. Others, including Akamai, Internap and CDNetworks, do not currently. This really is too bad, because from the performance data we collected, it is clear these CDNs deliver (much) worse performance currently in many countries to Google DNS and OpenDNS users.
Another reason often given for using public DNS is to avoid "redirection," that is, false results from a query for a valid domain name. Ethical ISP's do not intentionally redirect valid DNS queries, though it might happen unintentionally because of a misconfiguration; for example, because the address of a network host has recently changed, or because of a " poisoning" attack on the DNS server. Recently, some low-quality commercial ISP's such as CenturyLink have taken to redirecting DNS queries for search engines such as Google. Do not tolerate this practice. If your ISP is doing it, then you should demand that the redirection be stopped, or else switch to another ISP. Note that many ISP's may, and OpenDNS certainly will, redirect invalid queries to ad sites, in violation of published standards for DNS.

Some ISP's have been said to re-route all DNS queries to their own name servers, regardless of where the queries were directed. This is another intolerable practice. I don't know of any commercial ISP that is currently doing this, but if yours is, you won't be able to use a public DNS service, even if you change the network settings on your computer or router.


If your Internet access is provided by an employer or institution, rather than a commercial ISP, then you have to take what is dished out.

The claims on the OpenDNS website that it blocks malware attacks such as Flashback are false advertising. A DNS service does not and cannot block anything. All it can do is to selectively refuse to answer queries. It's trivial for a malware attacker to evade such controls. It's just as easy to evade the parental controls offered by OpenDNS. Nevertheless, you may find those control features useful, despite their limitations. Here is an example of an ASC user who had undesirable results from OpenDNS content filtering.

There is one exception to the rule that OpenDNS and Google DNS don't improve performance. The "prefetching" performed by modern web browsers, including Safari, may confuse some DNS servers, with the effects described in this Apple Support article. The article suggests testing OpenDNS, Google DNS, or another third-party DNS service as a possible way to overcome the problem.

If you need to switch DNS providers because of a misconfiguration of your ISP's servers, the change will most likely only need to be temporary. The problem may be resolved automatically within a matter of hours.

If you intend to use public DNS, such as OpenDNS, on a long-term basis, you should be aware of the privacy implications. As a user of the free service, you are not an OpenDNS customer, and the service provider — a for-profit corporation — doesn't have a contract with you. The marketers to whom OpenDNS sells access and information are its customers.

OpenDNS will know, and store, the address of every Internet server you use from now on. This is from its privacy policy:
When you use our Services, OpenDNS stores certain DNS, IP address and related information about you to improve the quality of our Service, to provide you with Services and for internal business and analysis purposes.

Concerning personal information, the policy states:

...[I]t is disclosed to entities that perform marketing services on our behalf or to other entities with whom we have joint marketing agreements...

You can't opt out of those disclosures. Read the privacy policy carefully and draw your own conclusions. The privacy policy of Google DNS seems to be somewhat more benign, but again, you should judge for yourself.

That's not the worst of it, though. The practice of hijacking nonexistent domains followed by most public DNS services could result in leaking confidential information to a hacker:

For example, consider the "same origin trust model" used for Web cookies. If you're holding a cookie for GOOGLE.COM and you can be fooled into following a link to KJHSDFKJHSKJHMJHER.GOOGLE.COM, and the resulting NXDOMAIN response is remapped into a positive answer to some advertising server, then you're going to send your cookie to that advertising server when you send your HTTP GET request there. Not such a bad thing for a GOOGLE.COM cookie, but a real problem for a BANKOFAMERICA.COM cookie.

To emphasize, NXDOMAIN remapping is not something that only happens when you randomly mistype a domain name.It can be exploited deliberately by malicious links placed on any web page. In the case of OpenDNS, the result would be that a cookie intended for another server would be sent to the OpenDNS web server instead. A rogue OpenDNS employee, or anyone who managed to break into the web server, might then be able to impersonate you on another website. If this scenario seems far-fetched, it's the stuff that network exploits are made of.


See also a brief. somewhat outdated, critique of OpenDNS on a Harvard Law School blog, with a response from the company's founder.

Dec 30, 2013 9:32 AM in response to Fred_flinstone

Interesting coincidence that I'm also on Movistar Peru. However, I have multiple computers (and multiple routers/wifi nets in the house) and only one computer is being affected.


I've tried setting all the DNS settings to OpenDNS and refreshing the DHCP on all machines...no change. Interestingly, however, is that Safari is no longer exhibiting the problem, only firefox. Also, when I switched to a new user profile on the affected machine, Firefox was fine for several clicks, then reverted to the same behavior.


After uninstalling Firefox and reinstalling it, the same redirect continued to happen. I suspect that Firefox leaves certain config files on the computer even after uninstall, and the bug must be buried in there somewhere.


I can safely discount the likelihood of this being a DNS-related issue. If it was, all my computers would be affected equally. Also, one wifi net is a VPN to the US.


Another curious occurrence recently is that all my computers have been defaulting to German versions of the site, like google.de. All location settings on the computers are set to English US.


Thanks for all the posts, but still hoping for something that will fix the problem.

Dec 30, 2013 9:59 AM in response to pandu7

If you don't already have a current backup, back up all data before doing anything else. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve your problem. The backup is necessary on general principle, not because of anything suggested in this comment. There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The procedure will help identify which such modifications you've installed, as well as some other aspects of the configuration that may be related to the problem.

Don’t be alarmed by the seeming complexity of these instructions — they’re easy to carry out. Here's a brief summary: In each of two steps, you copy a line of text from this web page into a window in another application. You wait about a minute. Then you paste some other text, which will have been copied automatically, back into a reply on this page. The sequence is copy; paste; paste again. That's all there is to it. Details follow.

You may have started the computer in "safe" mode. Preferably, these steps should be taken while booted in “normal” mode. If the system is now running in safe mode and is bootable in normal mode, reboot as usual. If it only boots in safe mode, use that.

Below are instructions to enter UNIX shell commands. They do nothing but produce human-readable output. However, you need to think carefully before running any program at the behest of a stranger on a public message board. If you question the safety of the procedure suggested here — which you should — search this site for other discussions in which it’s been followed without any report of ill effects. If you can't satisfy yourself that these instructions are safe, don't follow them.

The commands will line-wrap or scroll in your browser, but each one is really just a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then copy it.

If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. Step 1 should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.

Launch the Terminal application in any of the following ways:


☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.


When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.


Step 1


Triple-click anywhere in the line of text below on this page to select it:

PB=/usr/libexec/PlistBuddy; PR () { [[ "$o" ]] && printf '\n%s:\n\n%s\n' "$1" "$o"; }; PC () { o=$(grep [^[:blank:]] "$2"); PR "$1"; }; PF () { o=$($PB -c Print "$2" | awk -F'= ' \/$3'/{print $2}'); PR "$1"; }; PN () { [[ $o -eq 0 ]] || printf "\n%s: %s\n" "$1" $o; }; { system_profiler SPSoftwareDataType | sed '8!d;s/^ *//'; o=$(system_profiler SPDiagnosticsDataType | sed '5,6!d'); fgrep -q P <<< "$o" && o=; PR "POST"; o=$(($(vm_stat | awk '/Pageo/{sub("\\.",""); print $2}')/256)); o=$((o>=1024?o:0)); PN "Pageouts (MiB)"; s=( $(sar -u 1 10 | sed '$!d') ); [[ ${s[4]} -lt 90 ]] && o=$( printf 'User %s%%\t\tSystem %s%%' ${s[1]} ${s[3]} ) || o=; PR "Total CPU usage"; [[ "$o" ]] && o=$(ps acrx -o comm,ruid,%cpu | sed '2!d'); PR "Max %CPU by process (name, UID, %)"; o=$(kextstat -kl | grep -v com\\.apple | cut -c53- | cut -d\< -f1); PR "Loaded extrinsic kernel extensions"; o=$(launchctl list | sed 1d | awk '!/0x|com\.apple|org\.(x|openbsd)|\.[0-9]+$/{print $3}'); PR "Loaded extrinsic user agents"; o=$(launchctl getenv DYLD_INSERT_LIBRARIES); PR "Inserted libraries"; PC "cron configuration" /e*/cron*; o=$(crontab -l | grep [^[:blank:]]); PR "User cron tasks"; PC "Global launchd configuration" /e*/lau*; PC "Per-user launchd configuration" ~/.lau*; PF "Global login items" /L*/P*/loginw* Path; PF "Per-user login items" L*/P*/*loginit* Name; PF "Safari extensions" L*/Saf*/*/E*.plist Bundle | sed 's/\..*$//;s/-[1-9]$//'; o=$(find ~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \) | wc -l); PN "Restricted user files"; cd; o=$(find -L /S*/L*/E* {,/}L*/{A*d,Compon,Ex,In,Keyb,Mail/Bu,P*P,Qu,Scripti,Servi,Spo}* -type d -name Contents -prune | while read d; do ID=$($PB -c 'Print :CFBundleIdentifier' "$d/Info.plist") || ID=; ID=${ID:-No bundle ID}; egrep -qv "^com\.apple\.[^x]|Accusys|ArcMSR|ATTO|HDPro|HighPoint|driver\.stex|hp-fax|JMicron|microsoft\.MDI|print|SoftRAID" <<< $ID && printf '%s\n\t(%s)\n' "${d%/Contents}" "$ID"; done); PR "Extrinsic loadable bundles"; o=$(find /u*/{,*/}lib -type f -exec sh -c 'file -b "$1" | grep -qw shared && ! codesign -v "$1"' {} {} \; -print); PR "Unsigned shared libraries"; o=$(system_profiler SPFontsDataType | egrep "Valid: N|Duplicate: Y" | wc -l); PN "Font problems"; for d in {,/}L*/{La,Priv,Sta}*; do o=$(ls -A "$d"); PR "$d"; done; } 2> /dev/null | pbcopy; echo $'\nStep 1 done'


Copy the selected text to the Clipboard by pressing the key combination command-C. Then click anywhere in the Terminal window and paste ( command-V). I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.

The command may take up to a few minutes to run, depending on how many files you have and the speed of the computer. Wait for the line "Step 1 done" to appear below what you entered. The output of the command will be automatically copied to the Clipboard. All you have to do is paste into a reply to this message by pressing command-Vagain. Please don't copy anything from the Terminal window. No typing is involved in this step.

Step 2


Remember that you must be logged in as an administrator for this step. Do as in Step 1 with this line:

PR () { [[ "$o" ]] && printf '\n%s:\n\n%s\n' "$1" "$o"; }; { o=$(sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|calendarse|cups|dove|isc|ntp|post[fg]|x)/{print $3}'); PR "Loaded extrinsic daemons"; o=$(sudo defaults read com.apple.loginwindow LoginHook); PR "Login hook"; o=$(sudo crontab -l | grep [^[:blank:]]); PR "Root cron tasks"; o=$(syslog -k Sender kernel -k Message CReq 'GPU |hfs: Ru|I/O e|find tok|n Cause: -|NVDA\(|pagin|timed? ?o' | tail -n25 | awk '/:/{$4=""; print}'); PR "Log check"; } 2>&- | pbcopy; echo $'\nStep 2 done'

This time you'll be prompted for your login password, which you do have to type. Nothing will be displayed when you type it. Type it carefully and then press return. You may get a one-time warning to be careful. Heed that warning, but don't post it. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.

You can then quit Terminal. Please note:

☞ Steps 1 and 2 are all copy-and-paste — type only your login password when prompted.

When you type your password, you won't see what you're typing.

☞ If you don’t have a password, set one before taking Step 2. If that’s not possible, skip the step.

☞ Step 2 might not produce any output, in which case the Clipboard will be empty. Step 1 will always produce something.

☞ The commands don't change anything, and merely running them will do neither good nor harm.

☞ Remember to post the output of both steps (unless you had to skip Step 2.) It's already in the Clipboard after you complete each step. You don't have to copy it. Just paste into a reply

☞ If any personal information, such as your name or email address, appears in the output of either command, anonymize it before posting. Usually that won't be necessary.

Don't post what you see in the Terminal window. The output is copied automatically to the Clipboard.

Don't paste the output of Step 1 into the Terminal window. Paste it into a reply.

Jan 1, 2014 7:20 AM in response to Stephen Spark

Thanks for all the ideas, it seems to have cleared up, and the steps that got it there were focused on my routers rather than my iMac and MBP.

My network had an Airport Extreme bridging a private network and DHCP from my Movistar Peru router, with a Time Capsule and an Airport Express extending the network throughout the house. In addition, another router setup to NAT and VPN was connected to the Movistar router, but providing its own DHCP and private network.


I took two steps that together worked. First, I reset the Movistar PE router to factory settings, reconfigured the network, and most importantly changed all the admin passwords I could find. I left its default DNS settings alone, pointing to the defaults it received from its own DHCP/PPPOE connection from the ISP. On the Airport Extreme, I changed it from bridging mode to DHCP & NAT, creating an isolated network, and I set the DNS to OpenDNS for that network. Then both the TC and AExp were reconfigured to extend the private network from the AExt.


After clearing the cache on the iMac, I revisited all sites that had previously been getting redirected, and they all loaded cleanly.


My conclusion is that it had to have been a hijack of the Movistar router, rather than something on the computers themselves. It still seems kind of strange, since earlier indications were otherwise. Hope this helps, as it seems this problem is somewhat widespread in Peru. Thanks to all who answered, and I'll run the diagnostics recommended by Lync and post the results in a separate response, in case they help someone else.


Good start to 2014!

Jan 1, 2014 7:26 AM in response to Linc Davis

Results from the diagnostics recommended by Linc Davis:

Step 1 output:

Boot Mode: Normal


Loaded extrinsic kernel extensions:


com.symantec.kext.internetSecurity (5.2f2)

com.symantec.kext.ndcengine (1.0f2)

com.symantec.kext.ips (3.5f2)

com.symantec.kext.SymAPComm (12.2f2)


Loaded extrinsic user agents:


com.symantec.uiagent.application

com.oracle.java.Java-Updater

com.google.keystone.user.agent


Restricted user files: 33


Extrinsic loadable bundles:


/System/Library/Extensions/com_cy_driver_USB_Device.kext

(com.cy.iokit.Morpheus)

/System/Library/Extensions/HotSync Classic Seize.kext

(com.palm.ClassicNotSeizeDriver)

/System/Library/Extensions/IOFireWireMxBt.kext

(com.maxtor.iokit.IOFireWireMxBt)

/System/Library/Extensions/MaxtorPowSecDriver.kext

(com.Maxtor.driver.PowSecDriver)

/System/Library/Extensions/ndcengine.kext

(com.symantec.kext.ndcengine)

/System/Library/Extensions/SymInternetSecurity.kext

(com.symantec.kext.internetSecurity)

/System/Library/Extensions/SymIPS.kext

(com.symantec.kext.ips)

Library/Address Book Plug-Ins/SkypeABDialer.bundle

(com.skype.skypeabdialer)

Library/Address Book Plug-Ins/SkypeABSMS.bundle

(com.skype.skypeabsms)

/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin

(info.emagic.driver.unitor)

/Library/Extensions/ndcengine.kext

(com.symantec.kext.ndcengine)

/Library/Extensions/SymInternetSecurity.kext

(com.symantec.kext.internetSecurity)

/Library/Extensions/SymIPS.kext

(com.symantec.kext.ips)

/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin

(com.citrix.citrixicaclientplugIn)

/Library/Internet Plug-Ins/EPPEX Plugin.plugin

(jp.co.canon.EPPEX Plugin)

/Library/Internet Plug-Ins/Flash Player.plugin

(com.macromedia.Flash Player.plugin)

/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin

(net.telestream.wmv.plugin)

/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.webplugin

(net.telestream.wmv.webplugin)

/Library/Internet Plug-Ins/GarminGPSControl.plugin

(com.garmin.GarminGpsControl)

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

(com.oracle.java.JavaAppletPlugin)

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

(com.microsoft.sharepoint.browserplugin)

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

(com.microsoft.sharepoint.webkitplugin)

/Library/Internet Plug-Ins/Silverlight.plugin

(com.microsoft.SilverlightPlugin)

/Library/PreferencePanes/Citrix Online Plug-in.prefPane

(com.citrix.StandAlone)

/Library/PreferencePanes/Flash Player.prefPane

(com.adobe.flashplayerpreferences)

/Library/PreferencePanes/Flip4Mac WMV.prefPane

(net.telestream.wmv.prefpane)

/Library/PreferencePanes/JavaControlPanel.prefPane

(com.oracle.java.JavaControlPanel)

/Library/PreferencePanes/ScrewDrivers v4.prefPane

(com.tricerat.screwdriversv4.preferencepance)

/Library/PreferencePanes/SymantecQuickMenu.prefPane

(com.symantec.quickmenu.prefpane)

/Library/QuickTime/CanonMJPEGAVI.component

(jp.co.canon.MJPEGAVIExporter)

/Library/QuickTime/CanonText.component

(jp.co.canon.Text)

/Library/Spotlight/Microsoft Entourage.mdimporter

(com.microsoft.entourageMDImporter)


Unsigned shared libraries:


/usr/local/lib/libecomlodr.dylib


Font problems: 60


Library/LaunchAgents:


com.apple.CSConfigDotMacCert-greg@me.com-SharedServices.Agent.plist

com.google.keystone.agent.plist


/Library/LaunchAgents:


com.oracle.java.Java-Updater.plist

com.symantec.uiagent.application.plist


/Library/LaunchDaemons:


com.adobe.fpsaud.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.symantec.liveupdate.daemon.ondemand.plist

com.symantec.liveupdate.daemon.plist

com.symantec.sep.migratesettings.plist

com.symantec.sharedsettings.plist

com.symantec.symdaemon.plist


/Library/PrivateFrameworks:


SymAVScan.framework

SymAppKitAdditions.framework

SymBase.framework

SymDaemon.framework

SymFirewall.framework

SymIPS.framework

SymLicensing.framework

SymPersonalFirewall.framework

SymSEP.framework

SymSharedSettings.framework

SymSubmission.framework

SymUIAgent.framework


/Library/PrivilegedHelperTools:


com.microsoft.office.licensing.helper


/Library/StartupItems:


MxBtDaemon

------------------------

Step 2 output:


Loaded extrinsic daemons:


com.symantec.symdaemon

com.symantec.sharedsettings

com.symantec.liveupdate.daemon

com.symantec.liveupdate.daemon.ondemand

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.adobe.fpsaud


Root cron tasks:


#SqzS VERSION = 1.0.0

#SYMANTEC SCHEDULER CRON ENTRIES. THESE ENTRIES ARE AUTOMATICALLY GENERATED

#PLEASE DO NOT EDIT.

#SqzS END SYMANTEC CRON ENTRIES


Log check:


Dec 26 00:08:10 kernel[0] <Debug>: PM notification timeout (pid 224, Canon IJ Network)

Dec 27 10:44:55 kernel[0] <Debug>: AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/TC Storage

Dec 27 18:51:05 kernel[0] <Debug>: PM notification timeout (pid 224, Canon IJ Network)

Dec 28 11:44:06 kernel[0] <Debug>: [AppleBluetoothHIDKeyboard][waitForData][28-37-37-35-72-f2] Timeout waiting for data

Dec 28 13:11:19 kernel[0] <Debug>: AirPort: Link Down on en1. Reason 16 (Group Key Handshake timeout).

Dec 30 21:52:10 kernel[0] <Debug>: AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/TC Storage

Dec 30 21:58:00 kernel[0] <Debug>: AirPort: Link Down on en1. Reason 16 (Group Key Handshake timeout).

Dec 31 00:13:35 kernel[0] <Debug>: PM notification timeout (pid 222, Canon IJ Network)

Dec 31 01:15:13 kernel[0] <Debug>: PM notification timeout (pid 65, SymDaemon)

Dec 31 01:15:13 kernel[0] <Debug>: PM notification timeout (pid 222, Canon IJ Network)

Dec 31 01:15:43 kernel[0] <Debug>: PM notification timeout (pid 65, SymDaemon)

Dec 31 09:23:17 kernel[0] <Debug>: PM notification timeout (pid 222, Canon IJ Network)

Jan 1, 2014 9:18 AM in response to pandu7

None of that is related to your problem, which as I indicated in my first comment was caused by an intrusion into your router. I mistakenly replied to someone else. However, you should uninstall the worthless Symantec/Norton product according to the developer's instructions, and also run the Font Book application to resolve font issues. Back up all data before making any changes.

How to clean a browser hijack from my iMac?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.