I'm getting annoying pop-ups on Safari; MacKeeper, Free Cam Secrets, Chrome User Survey.

Question

Level 1

0 points

I'm getting annoying pop-ups on Safari; MacKeeper, Free Cam Secrets, Chrome User Survey.

I've followed (I believe correctly) the directions in The Safe Mac to check the launch files and it always says nothing is found. I've also checked Safari's Extensions. The only thing I've done recently is install Photoshop Elements 10. Other than that, nothing's changed. I don't know what more to do and I've got a tremendous headache! Please help. (If I've not posted correctly here, I apologize; this is my first time doing this.) BTW, I'm running Windows 7 through Parallels but that hasn't presented any problem. The pop-ups started in just the last few days.

Here's the EtreCheck

Hardware Information:

iMac (20-inch, Mid 2007)

iMac - model: iMac7,1

1 2 GHz Intel Core 2 Duo CPU: 2 cores

4 GB RAM

Video Information:

ATI,RadeonHD2400 - VRAM: 128 MB

System Software:

OS X 10.9.2 (13C1021) - Uptime: 0 days 3:35:29

Disk Information:

ST3250820AS Q disk0 : (250.06 GB)

EFI (disk0s1) <not mounted>: 209.7 MB

Macintosh HD (disk0s2) / [Startup]: 249.2 GB (166.44 GB free)

Recovery HD (disk0s3) <not mounted>: 650 MB

USB Information:

Apple Inc. Built-in iSight

Apple, Inc. Keyboard Hub

Primax Electronics Apple Optical USB Mouse

Apple, Inc Apple Keyboard

Apple Computer, Inc. IR Receiver

HP Deskjet 3740

Apple Inc. Bluetooth USB Host Controller

Thunderbolt Information:

Gatekeeper:

Mac App Store and identified developers

Kernel Extensions:

[kext loaded] com.logmein.driver.LogMeInSoundDriver (1.0.2 - SDK 10.5) Support

[not loaded] com.seagate.driver.PowSecDriverCore (5.2.4 - SDK 10.4) Support

[not loaded] com.seagate.driver.PowSecLeafDriver_10_4 (5.2.4 - SDK 10.4) Support

[not loaded] com.seagate.driver.PowSecLeafDriver_10_5 (5.2.4 - SDK 10.5) Support

[not loaded] com.seagate.driver.SeagateDriveIcons (5.2.4 - SDK 10.4) Support

Launch Daemons:

[loaded] com.adobe.fpsaud.plist Support

[not loaded] com.logmein.logmeinblanker.plist Support

[not loaded] com.logmein.logmeinserver.plist Support

[running] com.sophos.autoupdate.plist Support

[running] com.sophos.intercheck.plist Support

[running] com.sophos.notification.plist Support

Launch Agents:

[not loaded] com.adobe.AAM.Updater-1.0.plist Support

[not loaded] com.logmein.logmeingui.plist Support

[not loaded] com.logmein.logmeinguiagent.plist Support

[not loaded] com.logmein.logmeinguiagentatlogin.plist Support

[running] com.sophos.uiserver.plist Support

User Launch Agents:

[loaded] com.adobe.AAM.Updater-1.0.plist Support

[loaded] com.adobe.ARM.[...].plist Support

User Login Items:

AirPort Base Station Agent

iTunesHelper

AdobeResourceSynchronizer

Internet Plug-ins:

Default Browser: Version: 537 - SDK 10.9

Flip4Mac WMV Plugin: Version: 3.2.0.16 - SDK 10.8 Support

CouponPrinter-FireFox: Version: Version 1.1.5

AdobePDFViewerNPAPI: Version: 11.0.06 - SDK 10.6 Support

FlashPlayer-10.6: Version: 13.0.0.206 - SDK 10.6 Support

LogMeIn: Version: 1.0.935 - SDK 10.7 Support

Silverlight: Version: 5.1.30214.0 - SDK 10.6 Support

Flash Player: Version: 13.0.0.206 - SDK 10.6 Support

LogMeInSafari32: Version: 1.0.935 - SDK 10.7 Support

QuickTime Plugin: Version: 7.7.3

iPhotoPhotocast: Version: 7.0

AdobePDFViewer: Version: 11.0.06 - SDK 10.6 Support

Photo Center Plugin: Version: Photo Center Plugin 1.1.2.2 Support

Safari Extensions:

Open in Internet Explorer: Version: 1.0

Audio Plug-ins:

BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9

AirPlay: Version: 2.0 - SDK 10.9

AppleAVBAudio: Version: 203.2 - SDK 10.9

iSightAudio: Version: 7.7.3 - SDK 10.9

iTunes Plug-ins:

Quartz Composer Visualizer: Version: 1.4 - SDK 10.9

User Internet Plug-ins:

CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 Support

Move_Media_Player: Version: npmnqmp 071505000006 Support

WebEx: Version: 1.0 Support

3rd Party Preference Panes:

Flash Player Support

Flip4Mac WMV Support

Paragon NTFS for Mac ® OS X Support

Time Machine:

Skip System Files: NO

Mobile backups: OFF

Auto backup: NO - Auto backup turned off

Volumes being backed up:

Macintosh HD: Disk size: 232.09 GB Disk used: 77.08 GB

Destinations:

IMAC [Local] (Last used)

Total size: 931.19 GB

Total number of backups: 1

Oldest backup: 2014-04-08 18:32:13 +0000

Last backup: 2014-04-08 18:32:13 +0000

Size of backup disk: Excellent

Backup size 931.19 GB > (Disk size 232.09 GB X 3)

Time Machine details may not be accurate.

All volumes being backed up may not be listed.

Top Processes by CPU:

2% WindowServer

2% com.apple.WebKit.WebContent

1% prl_vm_app

0% prl_disp_service

0% SystemUIServer

Top Processes by Memory:

999 MB prl_vm_app

217 MB prl_client_app

172 MB com.apple.WebKit.WebContent

119 MB InterCheck

115 MB com.apple.IconServicesAgent

Virtual Memory Information:

30 MB Free RAM

1.08 GB Active RAM

1.06 GB Inactive RAM

1.78 GB Wired RAM

2.53 GB Page-ins

21 MB Page-outs

I appreciate any help I can get.

iMac, OS X Mavericks (10.9.2)

Posted on May 3, 2014 7:55 PM

Reply

Answer 1

May 3, 2014 8:43 PM in response to pkcinky

Hi..

You posted everything perfectly!

First thing that comes to mind is the Internet Explorer extension you have installed.

From your Safari menu bar click Safari > Preferences then select the Extensions tab.

Uninstall the IE extension.

Restart your Mac then try Safari.

FYI ... the logmein software has caused numerous issueds for Mac users as noted from an Apple Support Communities search here.

FAQ: How do I uninstall LogMeIn? - LogMeIn Help

Reply

Answer 2

Linc Davis

Level 10

209,739 points

May 3, 2014 11:29 PM in response to pkcinky

From the menu bar, select

 ▹ System Preferences... ▹ Network ▹ Advanced... ▹ DNS

Under DNS Servers you should have one or more numerical addresses, such as “192.168.1.1” or “10.0.0.1”. What are those addresses?

Reply

Answer 3

pkcinky Author

Level 1

0 points

May 4, 2014 1:20 PM in response to Carolyn Samit

Thank you for your reply, Carolyn. I've uninstalled the IE extension and restarted. So far, I've only seen one pop-up, the Chrome Survey.

As for LogMeIn, the linked directions point to Finder>Go>Applications, I don't find LogMeIn:

When I use the Finder and search for LogMeIn:

and follow the path to Library>Internet Plug-Ins:

I still don't find LogMein. So, I'm lost.

Reply

Answer 4

pkcinky Author

Level 1

0 points

May 4, 2014 1:22 PM in response to Linc Davis

I connect wirelessly through a Netgear Wireless Range Extender and get an excellent signal. Thanks, Linc.

Reply

Answer 5

May 4, 2014 1:24 PM in response to pkcinky

Check: /Library/LaunchDaemons

and /Library/LaunchAgents

If you aren't sure how to get there..

Open the Finder. From the Finder menu bar click Go > Go to Folder

Type or copy paste the following:

/Library/LaunchDaemons

You should see logmein files in the LaunchDaemons folder

Same for /Library/LaunchAgents

Reply

Answer 6

pkcinky Author

Level 1

0 points

May 4, 2014 1:28 PM in response to Carolyn Samit

Well, I just got the Mackeeper pop-up.

Reply

Answer 7

andyBall_uk

Level 7

20,516 points

May 4, 2014 1:28 PM in response to pkcinky

Your router may well have been hacked : the DNS # that Linc asked you to include are rogue.

Reply

Answer 8

pkcinky Author

Level 1

0 points

May 4, 2014 1:32 PM in response to Carolyn Samit

So, delete the two "LogMeIn"s in LaunchDaemons and the three in LaunchAgents?

Reply

Answer 9

Linc Davis

Level 10

209,739 points

May 4, 2014 1:34 PM in response to pkcinky

The router has been hacked to direct DNS queries to a malicious server.

Follow the manufacturer's instructions to reset it to the default state. Usually that involves inserting the end of a straightened paper clip or a similar tool into a pinhole somewhere in the back of the device, and pressing a switch inside for about 15 seconds. The pinhole may be marked "RESET."

Repeat the initial setup process. Make sure the router does not allow remote setup from the Internet (WAN port), if it has that feature—most do. The DNS servers should be set automatically by your ISP.

If you have a wireless network, it must be secured with WPA 2 encryption. The passwords for the network and the router must each be a string of at least 10 random upper- and lower-case letters and digits, and they should be different. Any password that you can remember is weak.

You are wasting your time deleting files on the computer. Those files are not related to the problem in any way.

Reply

Answer 10

pkcinky Author

Level 1

0 points

May 4, 2014 1:34 PM in response to andyBall_uk

Hmmmmm. So now? (I'm pretty good at following directions but need some guidance, please!)

Reply

Answer 11

pkcinky Author

Level 1

0 points

May 4, 2014 1:38 PM in response to Linc Davis

Thank you Linc and andyBall_uk. Linc, I'll try to follow your directions and see what happens. What should I be looking for when I'm done? Like, the correct DNS numbers,...

This is scary! I'm liable to end up without an internet connection and then what will I do? 😮 I won't be able to get help here! (Well, I guess I could on my phone...)

Reply

Answer 12

Linc Davis

Level 10

209,739 points

May 4, 2014 1:44 PM in response to pkcinky

What should I be looking for when I'm done? Like, the correct DNS numbers,...

Anything but the first two of those.

Reply

Answer 13

pkcinky Author

Level 1

0 points

May 4, 2014 1:52 PM in response to Linc Davis

Which of these three choices should I select to get the instructions I need? (I'm sorry to be such a pest!)

Reply

Answer 14

Linc Davis

Level 10

209,739 points

May 4, 2014 2:14 PM in response to pkcinky

The last one, I guess. Configuring a third-party router is beyond the scope of this site. You'll have to rely on the manufacturer for that information.

Reply

Answer 15

pkcinky Author

Level 1

0 points

May 4, 2014 2:18 PM in response to Linc Davis

I'll give it a try and hopefully, I'll be back on with good news. Thanks to everyone who's helped.

Reply