Recently i've downloaded something and now I have all this adware on safari. Pop up ads and Certain words are highlited that when clicked go to ads for surveys and stuff etc. I've tried everything but i cant get rid of the highlighted text. Does anyone know how to fix this?
MacBook Pro
Another comment while after thinking about what you said.
ninadpradhan wrote:
why use that software and donate anything when a simple rm mentioned above can solve it!
I assume you are talking about Linc's advise that is marked as the solution from almost a year ago. The technical answer, as even Linc would tell you, is that advise given here will almost certainly become obsolete over time. That happens to already be the case here, since the VSearch adware has morphed and at least one new file is not mentioned in those instructions. Additionally, it's not possible to tell what adware Stixman55 had since he didn't mention it. There are now more than two dozen adware varieties by my count, and Linc only covered one. If you know you have been infected with VSearch, that's fine, but it isn't even the most common found any more.
And, of course, there is no need to donate if you don't feel it did nothing for you or wasn't worth the effort.
ninadpradhan wrote:
Lol! and why use that software and donate anything when a simple rm mentioned above can solve it!
First, no donation is necessary... the software is free. You can use it all you want and it works equally well whether you have donated or not.
Second, there is no need to resort to dangerous Terminal commands like 'rm' to remove adware. I'm not sure what advice to use a "simple rm" you are referring to (this topic is a year old and has had 10 pages worth of replies), but any advice to remove adware by executing 'rm' commands in the Terminal should be ignored.
If you wish to use manual removal instructions, those have been posted numerous times on this topic by myself, Linc and others. You do not need to use AdwareMedic if you do not wish to, but some people want to. Those people are who it's for.
do you work/getting paid by ADWAREMEDIC??
No. First, because AwareMedic is a program, and people don't work for a program. The company behind AdwareMedic is The Safe Mac, and I am the sole owner and developer of The Safe Mac. I do not do advertising, and I do not have any employees.
Before being rude to someone and throwing around unfounded accusations, I would suggest that you inform yourself on the details of the topic you are discussing.
Boot Mode: Normal
Model: MacBookAir6,2
USB
BUP Slim Mac SL (Seagate LLC)
System diagnostics
2015-02-21 WindowServer crash
2015-02-26 discoveryd crash
2015-02-28 discoveryd crash
2015-03-08 discoveryd crash
2015-03-10 discoveryd crash
User diagnostics
2015-02-17 com.apple.WebKit.Plugin.64 crash
2015-03-10 Safari crash
2015-03-10 Safari crash
2015-03-10 com.apple.WebKit.Plugin.64 crash
2015-03-10 com.apple.WebKit.Plugin.64 crash
2015-03-10 com.apple.WebKit.Plugin.64 crash
2015-03-10 com.apple.WebKit.WebContent crash
2015-03-17 LOGINserver crash
2015-03-17 Seagate Dashboard crash
Kernel messages
Mar 16 03:16:35 wl0: Roamed or switched channel, reason #8, bssid e6:03:02:05:26:ab, last RSSI -68
Mar 16 08:41:48 wl0: Roamed or switched channel, reason #8, bssid 46:03:02:06:84:32, last RSSI -55
Mar 16 12:55:15 wl0: Roamed or switched channel, reason #1, bssid e6:03:02:05:26:ab, last RSSI -66
Mar 16 16:11:54 wl0: Roamed or switched channel, reason #1, bssid 00:15:f9:1a:39:9d, last RSSI -60
Mar 16 20:29:05 wl0: Roamed or switched channel, reason #1, bssid e6:03:02:05:26:5f, last RSSI -57
Mar 16 20:31:35 BUG in process suhelperd[339]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 144 times ---
Mar 17 01:18:43 wl0: Roamed or switched channel, reason #8, bssid e6:03:02:05:26:ab, last RSSI -70
Mar 17 21:22:41 wl0: Roamed or switched channel, reason #1, bssid e6:03:02:05:26:5f, last RSSI -55
Mar 17 21:46:23 disk2s2: I/O error.
--- last message repeated 1 time ---
Mar 17 21:49:52 BUG in process suhelperd[193]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 133 times ---
Mar 17 21:50:16 wl0: Roamed or switched channel, reason #8, bssid e6:03:02:05:26:5f, last RSSI -69
Mar 17 21:51:39 BUG in process suhelperd[193]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Mar 17 21:52:04 disk2s2: I/O error.
--- last message repeated 1 time ---
Mar 17 21:53:46 disk2s1: I/O error.
Mar 17 21:55:28 disk2s2: I/O error.
--- last message repeated 1 time ---
Mar 17 21:58:40 wl0: Roamed or switched channel, reason #1, bssid e6:03:01:05:26:5f, last RSSI -65
Mar 17 21:58:55 wl0: Roamed or switched channel, reason #1, bssid e6:03:02:05:26:5f, last RSSI -55
Mar 17 21:59:20 process Seagate Dashboar[952] thread 9317 caught burning CPU! It used more than 50% CPU (Actual recent usage: 64%) over 180 seconds. thread lifetime cpu usage 90.015733 seconds, (56.608162 user, 33.407571 system) ledger info: balance: 90006488721 credit: 90006488721 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 139762174977
Mar 17 22:06:14 disk2s2: I/O error.
--- last message repeated 3 times ---
Loaded extrinsic kernel extensions
com.seagate.driver.PowSecDriverCore (5.2.6)
com.seagate.driver.PowSecLeafDriver_10_5 (5.2.6)
Extrinsic daemons
com.adobe.fpsaud
com.seagate.TBDecorator.plist
Extrinsic agents
com.brother.LOGINserver
com.seagate.dashboard
com.leadertech.PowerRegister.SEA1.UUID
com.webhelper
com.flashmall.agent
com.extensions.updater67619.agent.plist
com.google.keystone.user.agent
launchd items
/Library/LaunchAgents/com.brother.LOGINserver.plist
(com.brother.LOGINserver)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
Library/LaunchAgents/com.extensions.updater67619.agent.plist
(com.extensions.updater67619.agent.plist)
Library/LaunchAgents/com.flashmall.agent.plist
(com.flashmall.agent)
Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.user.agent)
Library/LaunchAgents/com.leadertech.PowerRegister.SEA1.UUID.plist
(com.leadertech.PowerRegister.SEA1.UUID)
Library/LaunchAgents/com.seagate.dashboard.plist
(com.seagate.dashboard)
Library/LaunchAgents/com.webhelper.plist
(com.webhelper)
Library/LaunchAgents/UpdateDownloader
(No job label)
Extrinsic loadable bundles
/System/Library/Extensions/JMicronATA.kext
(com.jmicron.JMicronATA)
/System/Library/Extensions/Seagate Storage Driver.kext
(com.seagate.driver.PowSecDriverCore)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/PreferencePanes/DashboardPreferences.prefPane
(com.seagate.dashboard.preferences)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
(com.conduit.ConduitNPAPIPlugin)
Library/ScriptingAdditions/BrowserHelper.osax
(com.flashmall.ScriptingAdditions)
DNS (from DHCP): 141.211.125.17
Netmask: 255.255.248.0
User login items
iTunesHelper
Safari extensions
defaultsearch
Restricted user files: 151
Elapsed time (s): 115
A
You installed the "Crossrider" trojan. Take the steps below to disable it.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with any of the following names:
com.crossrider.wss*.agent.plist
com.flashmall.agent.plist
com.webhelper.plist
com.webtools.uninstaller.plist
com.webtools.update.agent.plist
flashmall_updater.plist
flashmall_updater.sh
WebSocketServerApp
Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with this name:
webHelperApp
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Open this folder in the same way as above:
~/Library/ScriptingAdditions
and remove an item named
BrowserHelper.osax
if present.
5. Finally, open this folder:
~/Library
Look for a subfolder with this name:
WebTools
and move it to the Trash, if present. Finally, empty the Trash.
B
You also installed a variant the "CinemaPro" trojan. Take the steps below to disable it.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with any of the following names:
com.cinemapro1-2.agent.plist
com.extensions.updater*.agent.plist
UpdateDownloader
Here * stands for a variable five-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window.
If there are any other files in the LaunchAgents folder with a name beginning either in "com.cinemapro" or "com.extensions.updater", move them to the Trash as well.
Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library
A folder named "Library" will open. Inside it there may be a subfolder with this name:
cinemapro1-2
If so, move that subfolder—not the Library folder—to the Trash.
4. Finally, open this folder in the same way as above:
~/Applications
This is not the usual Applications folder, but a different one inside your home folder. Look for an application with this name:
cinemapro1-2
and move it to the Trash, if present. Finally, empty the Trash.
C
You have a component of yet another trojan:
~/Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin
D
The following Safari extension is malicious and should be removed in the Extensions pane of the Safari preferences window:
defaultsearch
Do the equivalent in the Chrome and Firefox browsers, if you use those. Never install any extension with the words "Spigot," "Conduit," "Genieo," or "Trovi" in the description.
E
You need to become much more cautious about installing software. Until you have more experience as a Mac user, I suggest you change a setting to allow only Apple updates and software from the App Store to be installed.
Open the Security & Privacy pane in System Preferences and select the General tab. Click the lock icon in the lower left corner and enter your password to unlock the settings. Select the button marked
Mac App Store
and close the preference pane. For information about the effects of this setting, see this support article. You may need to change the setting temporarily to install some third-party software, such as Flash Player. Be especially careful with that, as malware is often distributed in the form of a fake Flash update. Never follow a link to a Flash update on any web page. Instead use the built-in updater in the Flash Player preference pane.
The products in the App Store, while they aren't always very good, can at least be considered safe enough to use.
F
The external hard drive is malfunctioning.
Boot Mode: Normal
Model: iMac10,1
RAM details
BANK 0/DIMM0:
Size: Empty
Speed: Empty
Status: Empty
Manufacturer: Empty
BANK 1/DIMM0:
Size: Empty
Speed: Empty
Status: Empty
Manufacturer: Empty
BANK 0/DIMM1:
Size: 2 GB
Speed: 1067 MHz
Status: OK
Manufacturer: 0x802C
BANK 1/DIMM1:
Size: 2 GB
Speed: 1067 MHz
Status: OK
Manufacturer: 0x802C
USB
USB Flash Disk (Silicon Motion, Inc. - Taiwan)
Microsoft® Nano Transceiver v2.0 (Microsoft Corporation)
Kernel messages
--- last message repeated 124 times ---
Mar 20 16:20:28 BUG in process suhelperd[251]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Mar 20 19:20:12 BUG in process suhelperd[251]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 139 times ---
Mar 20 19:20:39 BUG in process suhelperd[251]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 2 times ---
Mar 21 19:03:03 Over-release of kernel-internal importance assertions for pid 230 (CallHistorySyncH), dropping 1 assertion(s) but task only has 0 remaining (0 external).
Mar 21 20:26:24 BUG in process suhelperd[251]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 147 times ---
Mar 21 20:27:10 BUG in process suhelperd[251]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 138 times ---
Mar 21 20:28:25 BUG in process suhelperd[251]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 4 times ---
Mar 21 20:28:26 BUG in process suhelperd[251]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 1 time ---
Mar 22 09:29:19 BUG in process suhelperd[166]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 124 times ---
Mar 22 09:29:39 BUG in process suhelperd[166]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Mar 22 13:42:47 BUG in process suhelperd[216]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 125 times ---
Mar 22 13:43:11 BUG in process suhelperd[216]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Mar 22 14:12:18 BUG in process suhelperd[290]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 124 times ---
Mar 22 14:12:20 BUG in process suhelperd[290]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Mar 22 14:14:06 BUG in process suhelperd[290]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Extrinsic daemons
com.v.helper
com.adobe.fpsaud
com.qdea.syncproxhelper
Extrinsic agents
com.codecm.uploader
com.v.agent
com.spotify.webhelper
launchd items
/Library/LaunchAgents/com.c4dc2fe700574a8c.agent.plist
(com.v.agent)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.c4dc2fe700574a8c.daemon.plist
(com.v.daemon)
/Library/LaunchDaemons/com.c4dc2fe700574a8c.helper.plist
(com.v.helper)
/Library/LaunchDaemons/com.qdea.syncproxhelper.plist
(com.qdea.syncproxhelper)
Library/LaunchAgents/com.codecm.uploader.plist
(com.codecm.uploader)
Library/LaunchAgents/com.spotify.webhelper.plist
(com.spotify.webhelper)
Library/LaunchAgents/jp.co.canon.Inkjet_Extended_Survey_Agent.plist
(jp.co.canon.Inkjet_Extended_Survey_Agent)
Extrinsic loadable bundles
/System/Library/Extensions/BJUSBMP.kext
(jp.co.canon.bj.kext.BJUSBMP)
/System/Library/Extensions/EPSONUSBPrintClass.kext
(com.epson.print.kext.USBPrintClass)
/System/Library/Extensions/hp_Deskjet_io_enabler.kext
(com.hp.print.hpio.Deskjet.kext)
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
(com.hp.print.hpio.Inkjet1.kext)
/System/Library/Extensions/hp_Inkjet3_io_enabler.kext
(com.hp.print.hpio.Inkjet3.kext)
/System/Library/Extensions/hp_Inkjet4_io_enabler.kext
(com.hp.print.hpio.Inkjet4.kext)
/System/Library/Extensions/hp_Inkjet5_io_enabler.kext
(com.hp.print.hpio.Inkjet5.kext)
/System/Library/Extensions/hp_Inkjet8_io_enabler.kext
(com.hp.print.hpio.inkjet8.kext)
/System/Library/Extensions/hp_Inkjet_io_enabler.kext
(com.hp.print.hpio.Inkjet.kext)
/System/Library/Extensions/hp_Laserjet_io_enabler.kext
(com.hp.print.hpio.Laserjet.kext)
/System/Library/Extensions/hp_Officejet_io_enabler.kext
(com.hp.print.hpio.Officejet.kext)
/System/Library/Extensions/hp_Photosmart_io_enabler.kext
(com.hp.print.hpio.Photosmart.kext)
/System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext
(com.hp.print.hpio.PhotosmartPro.kext)
/System/Library/Extensions/hp_qc_io_enabler.kext
(com.hp.hpio.hp_psa530_630_io_enabler)
/System/Library/Extensions/JMicronATA.kext
(com.jmicron.JMicronATA)
/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin
(info.emagic.driver.unitor)
/Library/Internet Plug-Ins/DivXBrowserPlugin.plugin
(com.divx.DivXBrowserPlugin)
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
(com.apple.plugin.iPhotoPhotocast)
/Library/Internet Plug-Ins/Silverlight.plugin
(com.microsoft.SilverlightPlugin)
/Library/PreferencePanes/DivX.prefPane
(com.divx.divxprefs)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
/Library/Spotlight/GBSpotlightImporter.mdimporter
(com.apple.garageband.spotlightimporter)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
Library/iTunes/iTunes Plug-ins/TuneUp/TuneUp Visualizer.bundle
(com.TuneUp.app.iTuneUp Visualizer)
Extrinsic shared libraries
/usr/lib/libgutenprint.2.0.3.dylib
sysctl.conf
kern.maxfiles=50000
kern.maxfilesperproc=50000
User login items
iTunesHelper
PvP.net
Steam
Safari extensions
AdBlock
Restricted user files: 299
Font problems: 4
Bad plists
Library/Preferences/com.apple.iphotomosaic.plist
Elapsed time (s): 188
Boot Mode: Normal
Model: MacBookPro8,1
Battery cycles: 301
User diagnostics
2015-03-05 sharingd crash
2015-03-10 Terrapin Logo crash
2015-03-13 FaceTime crash
2015-03-17 com.apple.security.pboxd crash
2015-03-17 com.apple.security.pboxd crash
2015-03-17 com.apple.security.pboxd crash
2015-03-17 com.apple.security.pboxd crash
2015-03-22 Terrapin Logo crash
2015-03-25 cloudd crash
2015-03-26 Terrapin Logo crash
Kernel messages
Mar 28 00:38:43 BUG in process suhelperd[1018]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Mar 28 00:38:50 wl0: Roamed or switched channel, reason #8, bssid e0:46:9a:3c:29:c6
Mar 28 00:43:34 BUG in process suhelperd[1018]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 128 times ---
Mar 28 01:58:11 Over-release of kernel-internal importance assertions for pid 995 (recentsd), dropping 1 assertion(s) but task only has 0 remaining (0 external).
Mar 28 09:39:47 Previous shutdown cause: -60
Mar 28 09:40:31 BUG in process suhelperd[1018]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Mar 28 09:40:32 wl0: Roamed or switched channel, reason #8, bssid e0:46:9a:3c:29:c6
Mar 28 09:41:27 Sound assertion in AppleHDAFunctionGroup at line 1053
Mar 28 09:42:17 wl0: Roamed or switched channel, reason #8, bssid e0:46:9a:3c:29:c6
Mar 28 09:42:49 BUG in process suhelperd[1018]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 149 times ---
Mar 28 09:43:14 BUG in process suhelperd[1018]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
--- last message repeated 1 time ---
Mar 28 10:47:46 wl0: Roamed or switched channel, reason #8, bssid e0:46:9a:3c:29:c6
--- last message repeated 4 times ---
Mar 28 12:43:30 BUG in process suhelperd[1018]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 3 times ---
Mar 28 13:03:10 wl0: Roamed or switched channel, reason #8, bssid e0:46:9a:3c:29:c6
--- last message repeated 1 time ---
Mar 28 15:00:23 Previous shutdown cause: -60
Mar 28 15:00:39 BUG in process suhelperd[164]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 129 times ---
Mar 28 15:00:57 wl0: Roamed or switched channel, reason #8, bssid e0:46:9a:3c:29:c6
Mar 28 15:01:29 BUG in process suhelperd[164]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Extrinsic daemons
com.v.helper
com.adobe.fpsaud
Extrinsic agents
com.v.agent
com.bittorrent.uTorrent
com.adobe.ARM.UUID
com.wondershare.AnjoyTunesHelper
com.google.keystone.user.agent
launchd items
/Library/LaunchAgents/com.45f0ea5f082d2e6c.agent.plist
(com.v.agent)
/Library/LaunchDaemons/com.45f0ea5f082d2e6c.daemon.plist
(com.v.daemon)
/Library/LaunchDaemons/com.45f0ea5f082d2e6c.helper.plist
(com.v.helper)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
Library/LaunchAgents/com.adobe.ARM.UUID.plist
(com.adobe.ARM.UUID)
Library/LaunchAgents/com.bittorrent.uTorrent.plist
(com.bittorrent.uTorrent)
Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.user.agent)
Library/LaunchAgents/com.wondershare.AnjoyTunesHelper.plist
(com.wondershare.AnjoyTunesHelper)
Extrinsic loadable bundles
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
(com.adobe.acrobat.pdfviewer)
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
(com.adobe.acrobat.pdfviewerNPAPI)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
User login items
iTunesHelper
Wondershare TunesGo Helper
uTorrent
Restricted user files: 95
Elapsed time (s): 134
No root access
Boot Mode: Normal
Model: MacBookPro8,2
Battery cycles: 358
System diagnostics
2015-03-05 SecurityAgent crash
2015-03-15 Kernel panic
2015-03-22 Kernel panic
User diagnostics
2015-03-07 PluginProcess crash
2015-03-09 PluginProcess crash
2015-03-11 Safari crash
2015-04-02 MacKeeper Helper crash
Kernel messages
Apr 3 00:00:28 Sound assertion in IOHDACodecDevice at line 161
Apr 3 00:00:28 Sound assertion in AppleHDAWidget at line 1059
Apr 3 00:00:28 Sound assertion in AppleHDAWidget_10134206 at line 779
Apr 3 00:00:28 Sound assertion in AppleHDAPathControl at line 355
Apr 3 00:00:28 Sound assertion in AppleHDAEngine at line 4067
Apr 3 00:00:28 Sound assertion in AppleHDAEngine at line 3932
Apr 3 00:03:38 wl0: Roamed or switched channel, reason #8, bssid 20:aa:4b:ca:49:1c
--- last message repeated 2 times ---
Apr 3 03:19:02 Sound assertion - Command/Response TIMED OUT and ( kRequestStateMatch == fCodecRequest->state = 2 ), fCodecRequest->command->codec: -549558592768, fCodecRequest->command->verb: 0x63603D, fPoweredDown: 1
Apr 3 03:19:02 Sound assertion in AppleHDAController at line 5076
Apr 3 03:19:02 Sound assertion in AppleHDAController at line 5078
Apr 3 03:19:02 Sound assertion in IOHDACodecDevice at line 161
Apr 3 03:19:02 Sound assertion in AppleHDAWidget at line 1051
Apr 3 03:19:02 Sound assertion in AppleHDAWidget_10134206 at line 779
Apr 3 03:19:02 Sound assertion in AppleHDAPathControl at line 355
Apr 3 03:19:02 Sound assertion in AppleHDAEngine at line 4067
Apr 3 03:19:02 Sound assertion in AppleHDAEngine at line 3932
Apr 3 03:19:12 Sound assertion - Command/Response TIMED OUT and ( kRequestStateMatch == fCodecRequest->state = 2 ), fCodecRequest->command->codec: -549558592768, fCodecRequest->command->verb: 0x63503D, fPoweredDown: 1
Apr 3 08:14:47 Sound assertion in AppleHDAController at line 5078
Apr 3 08:14:47 Sound assertion in IOHDACodecDevice at line 161
Apr 3 08:14:47 Sound assertion in AppleHDAWidget at line 1059
Apr 3 08:14:47 Sound assertion in AppleHDAWidget_10134206 at line 779
Apr 3 08:14:47 Sound assertion in AppleHDAPathControl at line 355
Apr 3 08:14:47 Sound assertion in AppleHDAEngine at line 4067
Apr 3 08:14:47 Sound assertion in AppleHDAEngine at line 3932
Extrinsic agents
com.google.keystone.system.agent
com.v.agent
com.spotify.webhelper
com.adobe.ARM.UUID
launchd items
/Library/LaunchAgents/com.c888d57fb295a06e.agent.plist
(com.v.agent)
/Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.system.agent)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.apple.remotepairtool.plist
(com.apple.RemotePairTool)
/Library/LaunchDaemons/com.c888d57fb295a06e.daemon.plist
(com.v.daemon)
/Library/LaunchDaemons/com.c888d57fb295a06e.helper.plist
(com.v.helper)
/Library/LaunchDaemons/com.google.keystone.daemon.plist
(com.google.keystone.daemon)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
Library/LaunchAgents/com.adobe.ARM.UUID.plist
(com.adobe.ARM.UUID)
Library/LaunchAgents/com.apple.FolderActions.enabled.plist
(com.apple.FolderActions.enabled)
Library/LaunchAgents/com.apple.FolderActions.folders.plist
(com.apple.FolderActions.folders)
Library/LaunchAgents/com.spotify.webhelper.plist
(com.spotify.webhelper)
Startup items
/Library/StartupItems/ProTec6b/DemoOver
/Library/StartupItems/ProTec6b/Nalpeirond6b
/Library/StartupItems/ProTec6b/ProTec6b
/Library/StartupItems/ProTec6b/StartupParameters.plist
Extrinsic loadable bundles
/System/Library/EventHandlers/com.apple.certificate.expired.3rdParty.bundle
(com.apple.com-apple-certificate-expired-3rdParty)
/System/Library/EventHandlers/com.apple.certificate.expired.CASigned.bundle
(com.apple.com-apple-certificate-expired-CASigned)
/System/Library/EventHandlers/com.apple.certificate.expired.self_signed.bundle
(com.apple.com-apple-certificate-expired-self-signed)
/System/Library/EventHandlers/com.apple.certificate.expiringSoon.3rdParty.bundl e
(com.apple.com-apple-certificate-expiringSoon-3rdParty)
/System/Library/EventHandlers/com.apple.certificate.expiringSoon.CA_signed.bund le
(com.apple.com-apple-certificate-expiringSoon-CA-signed)
/System/Library/EventHandlers/com.apple.certificate.expiringSoon.self_signed.** ndle
(com.apple.com-apple-certificate-expiringSoon-self-signed)
/System/Library/Extensions/AppleIntelFramebufferCapri.kext
(com.apple.driver.AppleIntelFramebufferCapri)
/System/Library/Extensions/AppleIntelHD3000Graphics.kext
(com.apple.driver.AppleIntelHD3000Graphics)
/System/Library/Extensions/AppleIntelHD3000GraphicsGA.plugin
(com.apple.driver.AppleIntelHD3000GraphicsGA)
/System/Library/Extensions/AppleIntelHD3000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD3000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD3000GraphicsVADriver.bundle
(com.apple.AppleIntelHD3000GraphicsVADriver)
/System/Library/Extensions/AppleIntelHD4000Graphics.kext
(com.apple.driver.AppleIntelHD4000Graphics)
/System/Library/Extensions/AppleIntelHD4000GraphicsGA.plugin
(com.apple.driver.AppleIntelHD4000GraphicsGA)
/System/Library/Extensions/AppleIntelHD4000GraphicsGLDriver.bundle
(com.apple.driver.AppleIntelHD4000GraphicsGLDriver)
/System/Library/Extensions/AppleIntelHD4000GraphicsVADriver.bundle
(com.apple.AppleIntelHD4000GraphicsVADriver)
/System/Library/Extensions/AppleIntelIVBVA.bundle
(com.apple.AppleIntelIVBFBVA)
/System/Library/Extensions/IOUSBAttachedSCSI.kext
(com.apple.iokit.IOUSBAttachedSCSI)
/System/Library/Extensions/NVDAGK100Hal.kext
(com.apple.nvidia.nvGK100hal)
/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin
(info.emagic.driver.unitor)
/Library/Audio/Plug-Ins/HAL/iSightAudio.driver
(com.apple.iSightAudio)
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
(com.adobe.acrobat.pdfviewer)
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
(com.adobe.acrobat.pdfviewerNPAPI)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
(com.google.googletalkbrowserplugin)
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
(com.apple.java.JavaAppletPlugin)
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
(com.google.o1dbrowserplugin)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
/Library/ScriptingAdditions/Adobe Unit Types.osax
(No bundle ID)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
Library/Internet Plug-Ins/LWAPlugin15.8.bundle
(com.microsoft.LWAPlugin15.8)
Library/Internet Plug-Ins/WebEx64.plugin
(com.cisco_webex.plugin.gpc)
Extrinsic shared libraries
/usr/lib/libgmalloc.B.dylib
/usr/lib/libOpenScriptingUtil.dylib
/usr/lib/libxar-nossl.dylib
/usr/lib/system/libsystem_notify.dylib
Netmask: 255.255.248.0
Restricted user files: 2442
Font problems: 40
Bad plists
Library/Preferences/com.apple.Safari.plist.plist
Library/Preferences/com.solidstatenetworks.awkhost.plist
Library/Preferences/com.solidstatenetworks.host.plist
Elapsed time (s): 204
It worked! Thank you so Much!!! Those companies installing this adware are definitely engaging in criminal activity. They should be caught. However, the companies whose ads are being displayed should be penalized for paying the ad injecting criminals.
I was on the web and I guess I hit a link in a forum post ---I know, that was dumb --- and the next thing I knew Safari was completely blocked and the only way to close Safari was to force quit. Also, it was opening on its own upon restart and I did not have it set to do so. Anyway, the front of Safari was an alert with a number to call. Gee, how did this third party know my browser was compromised so quickly? Duh, I wonder.
Just out of curiouslity I called and it was an outfit called WinPro Technologies and the dude wanted me to turn my screen over to him so they could fix the problem. Yeah, like I'm gonna do that when I'm suspecting they planted the bug/hack/adware in the first place!
I said thanks but no thanks and hung up. I then went through Apple support and followed all their protocols best I could figure and also ran Adware Medic. This thing was tough , and upon restarts it still showed up so I had no choice but to call Apple. The rep said I had done well but these are hard to get to, though she did say Apple does recommend Adware Medic, so that's good to know.
We had to go through and run secure empty trash of a number of files but I wouldn't begin to tell you all that had to be done. Call Apple if this happens to you!
One quick thing: while safari looks totally useless you can actually get past the hack by holding down the Shift key and clicking open.
hi i have this same problem
Boot Mode: Normal
Model: MacBookPro8,1
System diagnostics
2015-01-07 WindowServer crash
2015-03-19 WindowServer crash
2015-03-20 WindowServer crash
2015-03-20 WindowServer crash
User diagnostics
2015-03-19 com.apple.WebKit.Plugin.64 crash
2015-03-24 com.apple.WebKit.Plugin.64 crash
2015-04-14 com.apple.WebKit.Plugin.64 crash
2015-04-14 com.apple.WebKit.Plugin.64 crash
Kernel messages
Apr 13 23:40:42 wl0: Roamed or switched channel, reason #8, bssid 32:91:8f:69:b5:0d
Apr 14 01:00:48 Over-release of kernel-internal importance assertions for pid 17 (syslogd), dropping 1 assertion(s) but task only has 1 remaining (1 external).
Apr 14 01:01:09 wl0: Roamed or switched channel, reason #8, bssid 32:91:8f:69:b5:0d
Apr 14 02:27:47 wl0: Roamed or switched channel, reason #2, bssid 32:91:8f:69:b5:0d
Apr 14 02:40:26 BUG in process suhelperd[160]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 7 times ---
Apr 14 03:10:01 wl0: Roamed or switched channel, reason #2, bssid 32:91:8f:69:b5:0d
--- last message repeated 3 times ---
Apr 14 05:38:22 process com.apple.WebKit[1156] thread 141795 caught burning CPU!; EXC_RESOURCE supressed due to audio playback
Apr 14 08:40:27 BUG in process suhelperd[160]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 157 times ---
Apr 14 09:12:14 BUG in process suhelperd[158]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 130 times ---
Apr 14 09:12:32 wl0: Roamed or switched channel, reason #8, bssid 32:91:8f:69:b5:0d
Apr 14 09:12:53 BUG in process suhelperd[158]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Apr 14 09:56:00 wl0: Roamed or switched channel, reason #2, bssid 32:91:8f:69:b5:0d
--- last message repeated 2 times ---
Apr 14 13:30:49 BUG in process suhelperd[181]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
--- last message repeated 130 times ---
Apr 14 13:31:08 wl0: Roamed or switched channel, reason #8, bssid 32:91:8f:69:b5:0d
Apr 14 13:31:15 BUG in process suhelperd[181]: over-released legacy external boost assertions (0 total, 0 external, 0 legacy-external)
Apr 14 16:01:12 wl0: Roamed or switched channel, reason #4, bssid 32:91:8f:69:b5:0d
Apr 14 16:01:37 wl0: Roamed or switched channel, reason #8, bssid 32:91:8f:69:b5:0d
Apr 14 16:43:10 wl0: Roamed or switched channel, reason #2, bssid 32:91:8f:69:b5:0d
--- last message repeated 5 times ---
Extrinsic daemons
com.microsoft.office.licensing.helper
com.adobe.fpsaud
com.seagate.TBDecorator.plist
Extrinsic agents
com.bittorrent.uTorrent
com.divx.agent.postinstall
com.sierrawireless.SwitchTool
com.google.keystone.user.agent
launchd items
/Library/LaunchAgents/com.sierrawireless.SwitchTool.plist
(com.sierrawireless.SwitchTool)
/Library/LaunchDaemons/com.adobe.fpsaud.plist
(com.adobe.fpsaud)
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
(com.microsoft.office.licensing.helper)
Library/LaunchAgents/com.bittorrent.uTorrent.plist
(com.bittorrent.uTorrent)
Library/LaunchAgents/com.divx.agent.postinstall.plist
(com.divx.agent.postinstall)
Library/LaunchAgents/com.google.keystone.agent.plist
(com.google.keystone.user.agent)
Extrinsic loadable bundles
/System/Library/Extensions/cdc_ecm_qmi_LTE.kext
(com.zte.LTEdriver.cdc_ecm_qmi)
/System/Library/Extensions/cdc_LTE.kext
(com.zte.LTEdriver.cdc_usb_bus)
/System/Library/Extensions/EPSONUSBPrintClass.kext
(com.epson.print.kext.USBPrintClass)
/System/Library/Extensions/hp_Deskjet_io_enabler.kext
(com.hp.print.hpio.Deskjet.kext)
/System/Library/Extensions/hp_fax_io.kext
(com.hp.kext.hp-fax-io)
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
(com.hp.print.hpio.Inkjet1.kext)
/System/Library/Extensions/hp_Inkjet2_io_enabler.kext
(com.hp.print.hpio.Inkjet2.kext)
/System/Library/Extensions/hp_Inkjet3_io_enabler.kext
(com.hp.print.hpio.Inkjet3.kext)
/System/Library/Extensions/hp_Inkjet4_io_enabler.kext
(com.hp.print.hpio.Inkjet4.kext)
/System/Library/Extensions/hp_Inkjet5_io_enabler.kext
(com.hp.print.hpio.Inkjet5.kext)
/System/Library/Extensions/hp_Inkjet7_io_enabler.kext
(com.hp.print.hpio.inkjet7.kext)
/System/Library/Extensions/hp_Inkjet8_io_enabler.kext
(com.hp.print.hpio.inkjet8.kext)
/System/Library/Extensions/hp_Inkjet9_io_enabler.kext
(com.hp.print.hpio.Inkjet9.kext)
/System/Library/Extensions/hp_Inkjet_io_enabler.kext
(com.hp.print.hpio.Inkjet.kext)
/System/Library/Extensions/hp_Laserjet_io_enabler.kext
(com.hp.print.hpio.Laserjet.kext)
/System/Library/Extensions/hp_Officejet_io_enabler.kext
(com.hp.print.hpio.Officejet.kext)
/System/Library/Extensions/hp_Photosmart_io_enabler.kext
(com.hp.print.hpio.Photosmart.kext)
/System/Library/Extensions/hp_PhotosmartPro_io_enabler.kext
(com.hp.print.hpio.PhotosmartPro.kext)
/System/Library/Extensions/hp_psa640_io_enabler.kext
(com.hp.hpio.hp_psa640_io_enabler)
/System/Library/Extensions/hp_qc_io_enabler.kext
(com.hp.hpio.hp_psa530_630_io_enabler)
/System/Library/Extensions/HuaweiDataCardDriver.kext
(com.huawei.driver.HuaweiDataCardDriver)
/System/Library/Extensions/JMicronATA.kext
(com.jmicron.JMicronATA)
/System/Library/Extensions/Seagate Storage Driver.kext
(com.seagate.driver.PowSecDriverCore)
/System/Library/Extensions/SierraDIPSupport.kext
(com.sierrawireless.driver.SierraDIPSupport)
/System/Library/Extensions/SierraFSRSupport.kext
(com.sierrawireless.driver.SierraFSRSupport)
/System/Library/Extensions/SierraHSRSupport.kext
(com.sierrawireless.driver.SierraHSRSupport)
/System/Library/Extensions/SierraIPDirect.kext
(com.sierrawireless.driver.SierraIPDirect)
/System/Library/Extensions/USBExpressCardCantWake_Huawei.kext
(com.apple.dts.driver.USBExpressCardCantWake)
/System/Library/Extensions/ZTELTEUSBCDCACMData.kext
(com.ZTE.driver.ZTELTEUSBCDCACMData)
/System/Library/Extensions/ZTELTEUSBMassStorageFilter.kext
(com.ZTE.driver.ZTELTEUSBMassStorageFilter)
/System/Library/Extensions/ZTEUSBCDCACMData.kext
(com.ZTE.driver.ZTEUSBCDCACMData)
/System/Library/Extensions/ZTEUSBMassStorageFilter.kext
(com.ZTE.driver.ZTEUSBMassStorageFilter)
/Library/Internet Plug-Ins/DivXBrowserPlugin.plugin
(com.divx.DivXBrowserPlugin)
/Library/Internet Plug-Ins/Flash Player.plugin
(com.macromedia.Flash Player.plugin)
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
(com.apple.plugin.iPhotoPhotocast)
/Library/Internet Plug-Ins/OVSHelper.plugin
(com.divx.OVSHelper)
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
(com.microsoft.sharepoint.browserplugin)
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
(com.microsoft.sharepoint.webkitplugin)
/Library/PreferencePanes/DivX.prefPane
(com.divx.divxprefs)
/Library/PreferencePanes/Flash Player.prefPane
(com.adobe.flashplayerpreferences)
/Library/PreferencePanes/NTFSforMacOSX.prefPane
(com.paragon-software.filesystems.ntfs.prefpanel)
Library/Address Book Plug-Ins/SkypeABDialer.bundle
(com.skype.skypeabdialer)
Library/Address Book Plug-Ins/SkypeABSMS.bundle
(com.skype.skypeabsms)
Library/iTunes/iTunes Plug-ins/TuneUp/TuneUp Visualizer.bundle
(com.tuneupmedia.iTuneUpVisualizer)
Extrinsic shared libraries
/usr/lib/libgutenprint.2.0.3.dylib
/usr/lib/libUFSDNTFS.dylib
User login items
Garmin Express Service
iTunesHelper
Mobile Broadband Manager
Safari extensions
searchExt
Restricted user files: 232
Font problems: 4
Bad plists
Library/Preferences/com.apple.WebFoundation.plist
Elapsed time (s): 159
You have adware installed. See my Adware Removal Guide for help getting rid of it.
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Turn all extensions OFF and test. If the problem is resolved, turn extensions back ON and then disable them one or a few at a time until you find the culprit.
hey linc i have no extensions it the extension menu and now after installing and running adware medic and deleting all the extensions that it flagged when in safari and i click a link on a page a new window is opening and the only way to get rid of it is to force quit safari
hi thomas i tried to follow your adware removal process but i couldn't identify what was bad from the above information can you identify what shouldn't be there.
Since you say in your previous post that you have already used AdwareMedic, you have already removed everything that I'm familiar with. If AdwareMedic didn't solve the problem, the problem either isn't being caused by adware, or it is being caused by adware I've never seen before.
Either way, for the next steps to take, see:
http://www.adwaremedic.com/kb/unsolved.php
From what you told Linc, I suspect that the first item on that list may be your solution.
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
How to remove Adware?
