Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Unwanted ads and pop-ups in Safari

When I go use Safari I get pop up ads (specifically MacSmart ads) and it takes me to different sites (even with pop blocker on).



It's getting to be very frustrating because these ads are covering content of the page I'm trying to work on. I tried to go on various sites ranging from a blog that I check to Apple's own site and it happens no matter where I go. I'm not I'm sure that it's a problem with my computer not being cleaned out or something. I have installed all the current updates. and I don't have many 3rd party apps



This is the first time that this has happened to me owning a mac so I was if you could help me "clean out" the computer.



Thanks


Specs:

13 inch retina MacBook Pro

OSX Mavericks 10.9.4

Safari 7.0.5

Posted on Jul 7, 2014 2:08 PM

Reply
22 replies

Jul 7, 2014 3:46 PM in response to Austin Nichols

You may have installed the "DownLite" trojan, perhaps under a different name. Remove it as follows.

Malware is constantly changing to get around the defenses against it. The instructions in this comment are valid as of now, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for more recent discussions or start a new one.

Back up all data.

Triple-click anywhere in the line below on this page to select it:

/Library/LaunchAgents/com.vsearch.agent.plist

Right-click or control-click the line and select

Services Reveal in Finder (or just Reveal)

from the contextual menu.* A folder should open with an item named "VSearch" selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.

Repeat with each of these lines:

/Library/LaunchDaemons/com.vsearch.daemon.plist
/Library/LaunchDaemons/com.vsearch.helper.plist
/Library/LaunchDaemons/Jack.plist

Restart the computer and empty the Trash. Then delete the following items in the same way:

/Library/Application Support/VSearch
/Library/PrivilegedHelperTools/Jack
/System/Library/Frameworks/VSearch.framework

Some of these items may be absent, in which case you'll get a message that the file can't be found. Skip that item and go on to the next one.

From the Safari menu bar, select

Safari Preferences... Extensions

Uninstall any extensions you don't know you need, including any that have the word "Spigot" in the description. If in doubt, uninstall all extensions. Do the equivalent for the Firefox and Chrome browsers, if you use either of those.

This trojan is distributed on illegal websites that traffic in pirated movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect much worse to happen in the future.

You may be wondering why you didn't get a warning from Gatekeeper about installing software from an unknown developer, as you should have. The reason is that the DownLite developer has a codesigning certificate issued by Apple, which causes Gatekeeper to give the installer a pass. Apple could revoke the certificate, but as of this writing, has not done so, even though it's aware of the problem. This failure of oversight is inexcusable and has compromised both Gatekeeper and the Developer ID program. You can't rely on Gatekeeper alone to protect you from harmful software.

*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select

Go Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

Jul 7, 2014 4:36 PM in response to Austin Nichols

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

Don't be put off merely by the seeming complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.

2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) at the behest of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.

Here's a summary of what you need to do, if you choose to proceed:

☞ Copy a line of text in this window to the Clipboard.

☞ Paste into the window of another application.

☞ Wait for the test to run. It usually takes a few minutes.

☞ Paste the results, which will have been copied automatically, back into a reply on this page.

The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.

Triple-click anywhere in the line of text below on this page to select it:

PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' \*AutoCad \*dropbox \*GoogleDr\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 ` route -n get default|awk '/e:/{print $2}' ` 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;5p;6p;8p;12p;' ' {sub(/^ +/,"")};NR==6;NR==13&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/root/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1000) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/ { next;} /(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/ { next;} /%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]" "$1;b=b$1;} END { if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|POSIX sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' /^ +[NP].+ =/h;/^( +D.+[{]|[}])/{ g;s/.+= //p;};' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /APPLE [HS]/d;s/.+: //;H;};/s: /{ /V/d;s/^ */- /;H;};${ g;p;};' ' /^find: /d;p;' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' '" L*/P*/*loginit*' 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' -i4TCP:0-1023 com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;A2 0 $((N1+1)) 2;C0;A1 0 $N1 1;C0;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 14 2 48 43;D13 4 5 32 1;D22 4 4 50 0;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-

Copy the selected text to the Clipboard by pressing the key combination command-C.

7. Launch the built-in Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.

8. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter

exec bash

and press return. Then paste the script again.

9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.

If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line

[Process completed]

to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.

11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

At the top of the results, there will be a line that begins with the words "Start Time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.

If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.

Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.

________________________________

Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Jul 11, 2014 3:21 PM in response to Linc Davis

Here we go:


Start time: 00:09:48 07/12/14



Model Identifier: MacBookAir6,2

System Version: OS X 10.9.3 (13D65)

Kernel Version: Darwin 13.2.0

Boot Mode: Normal

Time since boot: 2:19



Diagnostic reports



2014-06-26 plugin-container crash

2014-07-08 plugin-container crash

2014-07-11 com.apple.WebKit.WebContent crash



Log



Jul 11 09:04:46 IOPPF: Sent gpu-internal-single-slice-plimit-notification last value 11 (rounded time weighted average 12)

Jul 11 09:04:46 IOPPF: Sent gpu-internal-plimit-notification last value 9 (rounded time weighted average 9)

Jul 11 09:05:02 IOPPF: Sent cpu-plimit-notification last value 17 (rounded time weighted average 17)

Jul 11 09:05:02 IOPPF: Sent gpu-internal-single-slice-plimit-notification last value 11 (rounded time weighted average 11)

Jul 11 09:05:02 IOPPF: Sent gpu-internal-plimit-notification last value 9 (rounded time weighted average 9)

Jul 11 09:05:13 IOPPF: Sent gpu-internal-single-slice-plimit-notification last value 15 (rounded time weighted average 13)

Jul 11 09:05:13 IOPPF: Sent gpu-internal-plimit-notification last value 13 (rounded time weighted average 11)

Jul 11 10:18:06 wl0: Roamed or switched channel, reason #4, bssid b0

Jul 11 11:18:03 wl0: Roamed or switched channel, reason #2, bssid b0

Jul 11 12:18:03 wl0: Roamed or switched channel, reason #2, bssid b0

Jul 11 13:18:03 wl0: Roamed or switched channel, reason #2, bssid b0

Jul 11 14:18:03 wl0: Roamed or switched channel, reason #2, bssid b0

Jul 11 15:18:03 wl0: Roamed or switched channel, reason #2, bssid b0

Jul 11 16:18:07 wl0: Roamed or switched channel, reason #4, bssid b0

Jul 11 17:18:03 wl0: Roamed or switched channel, reason #2, bssid b0

Jul 11 18:18:03 wl0: Roamed or switched channel, reason #2, bssid b0

Jul 11 18:58:40 process PluginProcess[1069] caught causing excessive wakeups. Observed wakeups rate (per sec): 152; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 2195293

Jul 11 19:03:18 process PluginProcess[1069] caught causing excessive wakeups. Observed wakeups rate (per sec): 453; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 2285363

Jul 11 21:50:41 SATA WARNING: IDENTIFY DEVICE checksum not implemented.

Jul 11 22:20:25 process PluginProcess[320] caught causing excessive wakeups. EXC_RESOURCE supressed due to audio playback

Jul 11 22:49:35 process PluginProcess[320] caught causing excessive wakeups. Observed wakeups rate (per sec): 279; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 871874

Jul 11 22:54:37 process PluginProcess[320] caught causing excessive wakeups. Observed wakeups rate (per sec): 375; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 989212

Jul 11 23:31:25 process PluginProcess[320] caught causing excessive wakeups. Observed wakeups rate (per sec): 483; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 1680626

Jul 12 00:00:21 process PluginProcess[320] caught causing excessive wakeups. Observed wakeups rate (per sec): 512; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 2438131

Jul 12 00:08:47 process PluginProcess[320] caught causing excessive wakeups. Observed wakeups rate (per sec): 504; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 2704069



kexts



com.Cycling74.driver.Soundflower (1.6.6)



Daemons



PPPMonitord.plist

com.oracle.java.Helper-Tool

com.adobe.fpsaud



Agents



SwapperUFi.plist

com.oracle.java.Java-Updater

com.spotify.webhelper

com.google.keystone.user.agent

com.adobe.ARM.UUID



launchd



/Library/LaunchAgents/com.oracle.java.Java-Updater.plist

- com.oracle.java.Java-Updater

/Library/LaunchAgents/SwapperUFi.plist

- SwapperUFi.plist

/Library/LaunchDaemons/com.adobe.fpsaud.plist

- com.adobe.fpsaud

/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

- com.oracle.java.Helper-Tool

/Library/LaunchDaemons/PPPMonitord.plist

- PPPMonitord.plist

Library/LaunchAgents/com.adobe.ARM.UUID.plist

- com.adobe.ARM.UUID

Library/LaunchAgents/com.google.keystone.agent.plist

- com.google.keystone.user.agent

Library/LaunchAgents/com.spotify.webhelper.plist

- com.spotify.webhelper



Bundles



/System/Library/Extensions/cdc.kext

- com.zte.driver.cdc_usb_bus

/System/Library/Extensions/cdc_ecm_qmi.kext

- com.zte.driver.cdc_ecm_qmi

/System/Library/Extensions/Soundflower.kext

- com.Cycling74.driver.Soundflower

/System/Library/Extensions/ZTEUSBCDCACMData.kext

- com.ZTE.driver.ZTEUSBCDCACMData

/System/Library/Extensions/ZTEUSBMassStorageFilter.kext

- com.ZTE.driver.ZTEUSBMassStorageFilter

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

- com.adobe.acrobat.pdfviewer

/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

- com.adobe.acrobat.pdfviewerNPAPI

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

- com.oracle.java.JavaAppletPlugin

/Library/Internet Plug-Ins/net.juniper.DSSafariExtensions.plugin

- net.juniper.DSSafariExtensions.plugin

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

/Library/PreferencePanes/JavaControlPanel.prefPane

- com.oracle.java.JavaControlPanel

/Library/Widgets/Network Connect.wdgt

- net.juniper.widget.NetworkConnect

Library/Address Book Plug-Ins/SkypeABDialer.bundle

- com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

- com.skype.skypeabsms

Library/Caches/com.apple.Safari/Extensions/AdBlock.safariextension

- com.betafish.adblockforsafari

Library/Caches/com.apple.Safari/Extensions/extension.safariextz

- com.clark.macsmart

Library/Caches/com.apple.Safari/Extensions/Facebook Improved.safariextension

- com.lexfriedman.abetterfacebook

Library/Widgets/Gigometer.wdgt

- uk.co.spotlightkid.widget.gigometer



Apps



/Applications/Dropbox.app



Restricted files: 51



Safari extensions



AdBlock

Facebook Improved

MacSmart



Widgets



Gigometer



Elapsed time (s): 158

Jul 11, 2014 3:52 PM in response to Scenius

It's not "DownLite." It's a simpler trojan that I refer to as "Vidx."


From the Safari menu bar, select

Safari Preferences... Extensions

Remove the "MacSmart" extension. Do the equivalent in Firefox and Chrome, if you use either of those browsers.


In the Applications folder you may (or may not) have an item with the name "Vidx," or "MacSmart," or perhaps some other name that I can't guess. If so, you should delete it, but first I would like some information about it, if you care to cooperate. If in doubt, remove any application that you don't recognize and know you need.


If you know, or think you know, where you downloaded the trojan, please post the link. I'd like to download it myself. I will ask the moderators to remove the link after I've seen it.

Jul 16, 2014 11:34 AM in response to Linc Davis

Start time: 14:15:21 07/16/14



Model Identifier: iMac12,2

System Version: OS X 10.9.4 (13E28)

Kernel Version: Darwin 13.3.0

Boot Mode: Normal

Time since boot: 9:19



SATA



ST31000528AS

HL-DT-STDVDRW GA32N



USB



Composite Device (Brother International Corporation)



Diagnostic reports



2014-06-24 iPhoto hang

2014-07-01 Google Chrome crash

2014-07-03 Google Chrome crash

2014-07-11 WDSecurityHelper crash



Log



Jul 15 18:51:58 PM notification timeout (pid 624, Spotify Helper)

Jul 15 18:51:58 PM notification timeout (pid 625, Spotify Helper E)

Jul 15 18:51:58 PM notification timeout (pid 682, Spotify Helper)

Jul 15 21:48:59 PM notification timeout (pid 587, Spotify)

Jul 15 21:48:59 PM notification timeout (pid 594, Spotify Helper)

Jul 15 21:48:59 PM notification timeout (pid 595, Spotify Helper)

Jul 15 21:48:59 PM notification timeout (pid 596, Spotify Helper)

Jul 15 21:48:59 PM notification timeout (pid 601, Spotify Helper)

Jul 15 21:48:59 PM notification timeout (pid 624, Spotify Helper)

Jul 15 21:48:59 PM notification timeout (pid 625, Spotify Helper E)

Jul 15 21:48:59 PM notification timeout (pid 682, Spotify Helper)

Jul 15 22:08:40 process Installer[1574] thread 157899 caught burning CPU! It used more than 50% CPU (Actual recent usage: 72%) over 180 seconds. thread lifetime cpu usage 90.241717 seconds, (44.746901 user, 45.494816 system) ledger info: balance: 90002993891 credit: 90002993891 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 124742532076

Jul 15 22:29:45 process Installer[1622] thread 164040 caught burning CPU! It used more than 50% CPU (Actual recent usage: 92%) over 180 seconds. thread lifetime cpu usage 90.349869 seconds, (44.723662 user, 45.626207 system) ledger info: balance: 90006129959 credit: 90006129959 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 97475905836

Jul 16 04:56:37 USBF: 21.205 AppleUSBEHCI::Found a transaction which hasn't moved in 60 milliseconds on bus 0xfa, timing out! (Addr: 5, EP: 0)

Jul 16 04:56:39 USBF: 23.206 AppleUSBEHCI::Found a transaction which hasn't moved in 60 milliseconds on bus 0xfa, timing out! (Addr: 5, EP: 0)

Jul 16 04:57:08 USBF: 52.230 AppleUSBEHCI::Found a transaction which hasn't moved in 60 milliseconds on bus 0xfa, timing out! (Addr: 5, EP: 0)

Jul 16 04:57:10 USBF: 54.230 AppleUSBEHCI::Found a transaction which hasn't moved in 60 milliseconds on bus 0xfa, timing out! (Addr: 5, EP: 0)

Jul 16 05:34:42 process Installer[407] thread 12697 caught burning CPU! It used more than 50% CPU (Actual recent usage: 69%) over 180 seconds. thread lifetime cpu usage 98.840327 seconds, (49.279041 user, 49.561286 system) ledger info: balance: 90001367633 credit: 90001367633 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 130060668970

Jul 16 06:43:46 process Installer[542] thread 30229 caught burning CPU! It used more than 50% CPU (Actual recent usage: 88%) over 180 seconds. thread lifetime cpu usage 91.118346 seconds, (45.273568 user, 45.844778 system) ledger info: balance: 90001990103 credit: 90001990103 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 101195221085

Jul 16 07:33:15 process Installer[713] thread 43269 caught burning CPU! It used more than 50% CPU (Actual recent usage: 92%) over 180 seconds. thread lifetime cpu usage 90.435562 seconds, (44.917082 user, 45.518480 system) ledger info: balance: 90007872126 credit: 90007872126 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 97672411560

Jul 16 08:47:35 process Installer[805] thread 50785 caught burning CPU! It used more than 50% CPU (Actual recent usage: 78%) over 180 seconds. thread lifetime cpu usage 90.229467 seconds, (44.351465 user, 45.878002 system) ledger info: balance: 90005957646 credit: 90005957646 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 114186099003

Jul 16 08:54:15 process Installer[834] thread 53245 caught burning CPU! It used more than 50% CPU (Actual recent usage: 95%) over 180 seconds. thread lifetime cpu usage 90.206660 seconds, (44.667898 user, 45.538762 system) ledger info: balance: 90008141319 credit: 90008141319 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 94271990618

Jul 16 09:10:42 process Installer[878] thread 56930 caught burning CPU! It used more than 50% CPU (Actual recent usage: 90%) over 180 seconds. thread lifetime cpu usage 93.217060 seconds, (45.912083 user, 47.304977 system) ledger info: balance: 90005751676 credit: 90005751676 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 99405417610

Jul 16 11:26:22 process Installer[1194] thread 104734 caught burning CPU! It used more than 50% CPU (Actual recent usage: 90%) over 180 seconds. thread lifetime cpu usage 90.645422 seconds, (44.640751 user, 46.004671 system) ledger info: balance: 90009562021 credit: 90009562021 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 99434084839

Jul 16 11:38:05 process Installer[1269] thread 109694 caught burning CPU! It used more than 50% CPU (Actual recent usage: 91%) over 180 seconds. thread lifetime cpu usage 92.199440 seconds, (45.436402 user, 46.763038 system) ledger info: balance: 90003073319 credit: 90003073319 debit: 0 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 97925769925



Swap (MiB): 15211



Daemons



com.vsearch.helper

com.microsoft.office.licensing.helper

com.adobe.fpsaud



Agents



com.evernote.EvernoteHelper

com.vsearch.agent

com.spotify.webhelper

com.google.keystone.user.agent

com.genieo.completer.update

com.genieo.completer.download



launchd



/Library/LaunchAgents/com.vsearch.agent.plist

- com.vsearch.agent

/Library/LaunchDaemons/com.adobe.fpsaud.plist

- com.adobe.fpsaud

/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

- com.microsoft.office.licensing.helper

/Library/LaunchDaemons/com.vsearch.daemon.plist

- com.vsearch.daemon

/Library/LaunchDaemons/com.vsearch.helper.plist

- com.vsearch.helper

Library/LaunchAgents/com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID. plist

- com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID

Library/LaunchAgents/com.apple.FolderActions.enabled.plist

- com.apple.FolderActions.enabled

Library/LaunchAgents/com.apple.FolderActions.folders.plist

- com.apple.FolderActions.folders

Library/LaunchAgents/com.genieo.completer.download.plist

- com.genieo.completer.download

Library/LaunchAgents/com.genieo.completer.update.plist

- com.genieo.completer.update

Library/LaunchAgents/com.google.keystone.agent.plist

- com.google.keystone.user.agent

Library/LaunchAgents/com.spotify.webhelper.plist

- com.spotify.webhelper



Bundles



/System/Library/Extensions/EPSONUSBPrintClass.kext

- com.epson.print.kext.USBPrintClass

/System/Library/Extensions/WD1394_64HPDriver.kext

- com.wdc.driver.1394_64HP

/System/Library/Extensions/WD1394HPDriver.kext

- com.wdc.driver.1394HP

/System/Library/Extensions/WDUSB_64HPDriver.kext

- com.wdc.driver.USB_64HP

/System/Library/Extensions/WDUSBHPDriver.kext

- com.wdc.driver.USBHP

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

- com.adobe.acrobat.pdfviewer

/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

- com.adobe.acrobat.pdfviewerNPAPI

/Library/Internet Plug-Ins/CouponPrinter-FireFox_v2.plugin

- com.coupons.plugin.mozilla-plugin

/Library/Internet Plug-Ins/CouponPrinter-Safari.webplugin

- com.coupons.plugin.safari-plugin

/Library/Internet Plug-Ins/DirectorShockwave.plugin

- com.adobe.shockwave.pluginshim

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

- com.apple.java.JavaAppletPlugin

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

- com.microsoft.sharepoint.browserplugin

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

- com.microsoft.sharepoint.webkitplugin

/Library/Internet Plug-Ins/SiteAdvisor.plugin

- com.mcafee.siteadvisor

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

Library/Address Book Plug-Ins/SkypeABDialer.bundle

- com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

- com.skype.skypeabsms

Library/Caches/com.apple.Safari/Extensions/searchExt-1.safariextension

- com.conduit.safari

Library/Caches/com.apple.Safari/Extensions/SiteAdvisor.safariextension

- com.mcafee.siteadvisor

Library/Caches/com.apple.Safari/Extensions/Translate.safariextension

- com.sidetree.Translate

Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin

- com.conduit.ConduitNPAPIPlugin



Apps



/Applications/Dropbox.app

/Applications/Google Drive.app



Contents of /etc/periodic/daily/555.siteadvisor (Bourne-Again shell script text executable)



/usr/local/McAfee/SiteAdvisor/saupkeep -su



Font issues: 45



Bad plists



/Library/Preferences/com.epson.EPSON Scan.UnInstallList.plist



DNS: 24.178.162.3 (static)



Restricted files: 37



Safari extensions



Conduit Search for Safari

SiteAdvisor

Translate



Widgets



iCal



Elapsed time (s): 287

Jul 22, 2014 4:58 PM in response to Linc Davis

Start time: 16:13:48 07/22/14



Model Identifier: MacBookPro9,2

System Version: OS X 10.9.4 (13E28)

Kernel Version: Darwin 13.3.0

Boot Mode: Normal

Time since boot: 12 days 23:02



SATA



HL-DT-ST DVDRW GS31N



USB



G Mouse (YSTEK)



Diagnostic reports



2014-06-26 Last.fm Scrobbler crash

2014-06-27 Last.fm Scrobbler crash

2014-06-29 Finder crash *

2014-06-29 Last.fm Scrobbler crash

2014-06-30 AcroExt crash

2014-07-01 Google Chrome crash

2014-07-03 Last.fm Scrobbler crash

2014-07-04 Last.fm Scrobbler crash

2014-07-07 EPSON Scanner crash

2014-07-14 Last.fm Scrobbler crash

2014-07-15 Last.fm Scrobbler crash

2014-07-16 iTunes hang

2014-07-19 Finder hang

2014-07-19 iTunes hang

2014-07-22 Last.fm Scrobbler crash

* Code injection



Log



Jul 22 10:49:43 en1: Error configuring transmit antenna (index = -1).

Jul 22 10:50:35 PM notification timeout (pid 45521, Office365Service)

Jul 22 10:50:44 WARNING: hibernate_page_list_setall skipped 12034405 xpmapped pages

Jul 22 11:19:47 WARNING: hibernate_page_list_setall skipped 12087212 xpmapped pages

Jul 22 11:19:47 en1: Error configuring antenna diversity (index = -1).

Jul 22 11:19:47 en1: Error configuring transmit antenna (index = -1).

Jul 22 11:22:14 PM notification timeout (pid 45521, Office365Service)

Jul 22 11:22:14 PM notification timeout (pid 48682, Messages)

Jul 22 11:22:21 WARNING: hibernate_page_list_setall skipped 12087212 xpmapped pages

Jul 22 11:23:05 WARNING: hibernate_page_list_setall skipped 12142264 xpmapped pages

Jul 22 11:24:35 en1: Error configuring antenna diversity (index = -1).

Jul 22 11:24:35 en1: Error configuring transmit antenna (index = -1).

Jul 22 11:25:03 wl0: Roamed or switched channel, reason #8, bssid 18

Jul 22 11:33:42 PM notification timeout (pid 45521, Office365Service)

Jul 22 11:33:42 PM notification timeout (pid 48682, Messages)

Jul 22 11:33:55 WARNING: hibernate_page_list_setall skipped 12142264 xpmapped pages

Jul 22 11:34:39 WARNING: hibernate_page_list_setall skipped 12199466 xpmapped pages

Jul 22 14:11:29 WARNING: hibernate_page_list_setall skipped 12199466 xpmapped pages

Jul 22 14:12:12 WARNING: hibernate_page_list_setall skipped 12256749 xpmapped pages

Jul 22 14:57:50 WARNING: hibernate_page_list_setall skipped 12256749 xpmapped pages

Jul 22 14:58:34 WARNING: hibernate_page_list_setall skipped 12315638 xpmapped pages

Jul 22 15:06:53 IO80211ScanManager::startScan: Scan request failed (82)!

Jul 22 15:07:13 IO80211ScanManager::startScan: Scan request failed (82)!

Jul 22 15:10:52 en1: Error configuring antenna diversity (index = -1).

Jul 22 15:10:52 en1: Error configuring transmit antenna (index = -1).



Activity



CPU: user 30%, system 1%



CPU per process: Google Chrome He (UID 501) is using 99.9 %



kexts



com.makemkv.kext.daspi (1)

com.kaspersky.kext.klif (3.0.2d39)

com.kaspersky.nke (1.6.2d112)

com.kaspersky.kext.kimul.44 (44)



Daemons



com.microsoft.office.licensing.helper

com.kaspersky.kav

com.google.keystone.daemon

com.adobe.fpsaud



Agents



com.valvesoftware.steamclean

com.kaspersky.kav.gui

com.google.keystone.system.agent

com.epson.eventmanager.agent

com.epson.esua.launcher

com.epson.ecrp.launcher.plist

com.divx.update.agent

com.divx.dms.agent

com.citrix.ServiceRecords

com.citrix.ReceiverHelper

com.citrix.AuthManager_Mac

com.amazon.cloud-player

com.adobe.ARM.UUID

com.valvesoftware.steam.ipctool



launchd



/Library/LaunchAgents/com.citrix.AuthManager_Mac.plist

- com.citrix.AuthManager_Mac

/Library/LaunchAgents/com.citrix.ReceiverHelper.plist

- com.citrix.ReceiverHelper

/Library/LaunchAgents/com.citrix.ServiceRecords.plist

- com.citrix.ServiceRecords

/Library/LaunchAgents/com.divx.dms.agent.plist

- com.divx.dms.agent

/Library/LaunchAgents/com.divx.update.agent.plist

- com.divx.update.agent

/Library/LaunchAgents/com.epson.ecrp.launcher.plist

- com.epson.ecrp.launcher.plist

/Library/LaunchAgents/com.epson.esua.launcher.plist

- com.epson.esua.launcher

/Library/LaunchAgents/com.epson.eventmanager.agent.plist

- com.epson.eventmanager.agent

/Library/LaunchAgents/com.google.keystone.agent.plist

- com.google.keystone.system.agent

/Library/LaunchAgents/com.kaspersky.kav.gui.plist

- com.kaspersky.kav.gui

/Library/LaunchDaemons/com.adobe.fpsaud.plist

- com.adobe.fpsaud

/Library/LaunchDaemons/com.google.keystone.daemon.plist

- com.google.keystone.daemon

/Library/LaunchDaemons/com.kaspersky.kav.plist

- com.kaspersky.kav

/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

- com.microsoft.office.licensing.helper

Library/LaunchAgents/com.adobe.ARM.UUID.plist

- com.adobe.ARM.UUID

Library/LaunchAgents/com.amazon.cloud-player.plist

- com.amazon.cloud-player

Library/LaunchAgents/com.apple.FolderActions.enabled.plist

- com.apple.FolderActions.enabled

Library/LaunchAgents/com.apple.FolderActions.folders.plist

- com.apple.FolderActions.folders

Library/LaunchAgents/com.valvesoftware.steamclean.plist

- com.valvesoftware.steamclean



Bundles



/System/Library/Extensions/daspi.kext

- com.makemkv.kext.daspi

/System/Library/Extensions/EPSONUSBPrintClass.kext

- com.epson.print.kext.USBPrintClass

/System/Library/Extensions/klnke.kext

- com.kaspersky.nke

/Library/Audio/Plug-Ins/Components/Flip4Mac WMA Import.component

- net.telestream.wmv.import

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

- com.adobe.acrobat.pdfviewer

/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

- com.adobe.acrobat.pdfviewerNPAPI

/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin

- com.citrix.citrixicaclientplugIn

/Library/Internet Plug-Ins/DirectorShockwave.plugin

- com.adobe.director_12_0.shockwave.pluginshim

/Library/Internet Plug-Ins/DivX Web Player.plugin

- com.divx.DivXPlusWebPlayer

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin

- net.telestream.wmv.plugin

/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin

- com.google.googletalkbrowserplugin

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

- com.apple.java.JavaAppletPlugin

/Library/Internet Plug-Ins/o1dbrowserplugin.plugin

- com.google.o1dbrowserplugin

/Library/Internet Plug-Ins/OVSHelper.plugin

- com.divx.OVSHelper

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

- com.microsoft.sharepoint.browserplugin

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

- com.microsoft.sharepoint.webkitplugin

/Library/Internet Plug-Ins/Silverlight.plugin

- com.microsoft.SilverlightPlugin

/Library/Internet Plug-Ins/WidevineMediaOptimizer.plugin

- N/A

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

/Library/PreferencePanes/Flip4Mac WMV.prefPane

- net.telestream.wmv.prefpane

/Library/QuickTime/DivX Decoder.component

- com.DivXInc.DivXDecoder

/Library/QuickTime/DivX Decoder.component/Contents/Resources

- com.DivXInc.DivXDecoder

/Library/QuickTime/DivX Encoder.component

- com.DivXInc.DivXCodec

/Library/QuickTime/Flip4Mac WMV Advanced.component

- net.telestream.wmv.advanced

/Library/QuickTime/Flip4Mac WMV Export.component

- net.telestream.wmv.export

/Library/QuickTime/Flip4Mac WMV Import.component

- net.telestream.wmv.import

Library/Address Book Plug-Ins/SkypeABDialer.bundle

- com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

- com.skype.skypeabsms

Library/Caches/com.apple.Safari/Extensions/URLAdvisor.safariextension

- com.kaspersky.urladvisor

Library/Caches/com.apple.Safari/Extensions/VirtualKeyboard.safariextension

- com.kaspersky.virtualkeyboard

Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin

- com.citrixonline.mac.WebDeploymentPlugin

Library/iTunes/iTunes Plug-ins/AudioScrobbler.bundle

- N/A

Library/iTunes/iTunes Plug-ins/Fountain Music.bundle

- com.binaryminded.FountainMusic

Library/Widgets/FLVPlayer.wdgt

- com.apple.widget.flvplayer

Library/Widgets/Starry Night Widget.wdgt

- com.starrynight.widget

Library/Widgets/Tea Timer 2.wdgt

- org.sofa-rockers.widget.TeaTimer

Library/Widgets/Tick Timer.wdgt

- com.tickspot.widget.Tick

Library/Widgets/tTimer1_1.wdgt

- com.teboil.widget.timer



Apps



/Applications/Dropbox.app

/Applications/Google Drive.app



Font issues: 38



Bad plists



/Library/Preferences/com.epson.Epson Connect Printer Setup.UnInstallList.plist

/Library/Preferences/com.epson.Epson Customer Research Participation.UnInstallList.plist

/Library/Preferences/com.epson.Epson Event Manager.UnInstallList.plist

/Library/Preferences/com.epson.Epson Scanner ICA Driver.UnInstallList.plist

/Library/Preferences/com.epson.EPSON Software Updater.UnInstallList.plist

/Library/Preferences/com.epson.Inkjet Printer Driver.UnInstallList.plist

/Library/Preferences/com.epson.PC-FAX Driver.UnInstallList.plist



Listeners



launchd: afpovertcp

launchd: microsoft-ds

kdc: kerberos

cupsd: ipp



Wi-Fi



link auth: none



Restricted files: 3216



Safari extensions



URL Advisor

Virtual Keyboard



Widgets



Starry Night Widget



Elapsed time (s): 428

Jul 25, 2014 8:32 PM in response to Linc Davis

Start time: 22:26:12 07/25/14



Model Identifier: iMac14,1

System Version: OS X 10.9.4 (13E28)

Kernel Version: Darwin 13.3.0

Boot Mode: Normal

Time since boot: 2 days 12:07



USB



USB2.0 Hub (Genesys Logic, Inc.)



Diagnostic reports



2014-07-09 PluginProcess crash

2014-07-09 PluginProcess crash

2014-07-09 PluginProcess crash

2014-07-09 PluginProcess crash

2014-07-09 PluginProcess crash

2014-07-09 PluginProcess crash

2014-07-09 prl_client_app hang

2014-07-12 Finder crash *

2014-07-12 Finder crash *

2014-07-12 Finder crash

2014-07-12 Winclone Pro crash

2014-07-12 Winclone Pro crash

2014-07-12 Winclone Pro crash

2014-07-17 AdobeAcrobat hang

2014-07-17 PluginProcess crash

2014-07-17 com.apple.WebKit.Networking crash

2014-07-17 iTunes hang

2014-07-18 TextEdit hang

2014-07-21 Kernel panic

2014-07-22 Finder hang

2014-07-23 Toast Titanium crash

2014-07-23 Toast Titanium crash

2014-07-24 Toast Titanium crash

2014-07-24 plugin-container crash

2014-07-25 PluginProcess crash

* Code injection



Log



Jul 25 09:13:41 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/My Passport for Mac-1

Jul 25 11:15:16 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/My Passport for Mac-1

Jul 25 11:52:28 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/My Passport for Mac-1

Jul 25 13:41:20 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/My Passport for Mac-1

Jul 25 14:42:12 process firefox[576] caught causing excessive wakeups. Observed wakeups rate (per sec): 345; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 7811614

Jul 25 14:43:43 process firefox[576] thread 36560 caught burning CPU!; EXC_RESOURCE supressed due to audio playback

Jul 25 14:46:04 process plugin-container[8911] caught causing excessive wakeups. Observed wakeups rate (per sec): 510; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 1482725

Jul 25 15:21:23 process plugin-container[8911] caught causing excessive wakeups. Observed wakeups rate (per sec): 1455; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 2629313

Jul 25 21:33:26 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/My Passport for Mac-1

Jul 25 22:15:43 AFP_VFS afpfs_DoReconnect: Max reconnect time: 30 secs, Connect timeout: 15 secs for /Volumes/My Passport for Mac-1

Jul 25 22:15:43 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:15:45 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:15:46 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:15:48 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:15:52 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:00 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:10 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:20 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:20 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:30 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:40 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:50 AFP_VFS afpfs_DoReconnect: connect on /Volumes/My Passport for Mac-1 failed 61.

Jul 25 22:16:50 AFP_VFS afpfs_dead: called on vfsid 2

Jul 25 22:16:50 ASP_TCP CancelPendingReqsWithID : Adding the invalid vfsid 2 and counter is 0 to the list

Jul 25 22:16:50 ASP_TCP CancelOneRequest: cancelling slot 17 error 89 reqID 35498 flags 0x29 afpCmd 0x22 so 0xffffff801bde6178



CPU per process: firefox (UID 501) is using 74.5 %



Memory: firefox (UID 501) is using 1985 MB



kexts



com.logmein.driver.LogMeInSoundDriver (1.0.3)

com.hzsystems.terminus.driver (4)



Daemons



xxx.qnation.PeerGuardian.locum

org.glimmerblocker.proxy

com.vsearch.helper

com.teamviewer.Helper

com.rogueamoeba.instanton-agent

com.oracle.java.JavaUpdateHelper

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.mice.360Daemon

com.logmein.raupdate

com.logmein.logmeinserver

com.bombich.ccc

com.adobe.fpsaud



Agents



org.glimmerblocker.updater

com.vsearch.agent

com.thursby.pkard.tokendagent

com.paragon.updater

com.oracle.java.Java-Updater

com.logmein.logmeinguiagent

com.logmein.logmeingui

com.coupons.coupond

com.spotify.webhelper

com.google.keystone.user.agent

com.adobe.ARM.UUID



launchd



/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

- com.adobe.AAM.Startup-1.0

/Library/LaunchAgents/com.coupons.coupond.plist

- com.coupons.coupond

/Library/LaunchAgents/com.logmein.logmeingui.plist

- com.logmein.logmeingui

/Library/LaunchAgents/com.logmein.logmeinguiagent.plist

- com.logmein.logmeinguiagent

/Library/LaunchAgents/com.logmein.logmeinguiagentatlogin.plist

- com.logmein.logmeinguiagentatlogin

/Library/LaunchAgents/com.oracle.java.Java-Updater.plist

- com.oracle.java.Java-Updater

/Library/LaunchAgents/com.paragon.updater.plist

- com.paragon.updater

/Library/LaunchAgents/com.teamviewer.teamviewer.plist

- com.teamviewer.teamviewer

/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist

- com.teamviewer.desktop

/Library/LaunchAgents/com.thursby.pkard.tokendagent.plist

- com.thursby.pkard.tokendagent

/Library/LaunchAgents/com.vsearch.agent.plist

- com.vsearch.agent

/Library/LaunchAgents/org.glimmerblocker.updater.plist

- org.glimmerblocker.updater

/Library/LaunchDaemons/com.adobe.fpsaud.plist

- com.adobe.fpsaud

/Library/LaunchDaemons/com.bombich.ccc.plist

- com.bombich.ccc

/Library/LaunchDaemons/com.logmein.logmeinblanker.plist

- com.logmein.logmeinblanker

/Library/LaunchDaemons/com.logmein.logmeinserver.plist

- com.logmein.logmeinserver

/Library/LaunchDaemons/com.logmein.raupdate.plist

- com.logmein.raupdate

/Library/LaunchDaemons/com.mice.360Daemon.plist

- com.mice.360Daemon

/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

- com.microsoft.office.licensing.helper

/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

- com.oracle.java.Helper-Tool

/Library/LaunchDaemons/com.oracle.java.JavaUpdateHelper.plist

- com.oracle.java.JavaUpdateHelper

/Library/LaunchDaemons/com.rogueamoeba.instanton-agent.plist

- com.rogueamoeba.instanton-agent

/Library/LaunchDaemons/com.teamviewer.Helper.plist

- com.teamviewer.Helper

/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist

- com.teamviewer.service

/Library/LaunchDaemons/com.vsearch.daemon.plist

- com.vsearch.daemon

/Library/LaunchDaemons/com.vsearch.helper.plist

- com.vsearch.helper

/Library/LaunchDaemons/org.glimmerblocker.proxy.plist

- org.glimmerblocker.proxy

/Library/LaunchDaemons/xxx.qnation.PeerGuardian.locum.plist

- xxx.qnation.PeerGuardian.locum

Library/LaunchAgents/com.adobe.ARM.UUID.plist

- com.adobe.ARM.UUID

Library/LaunchAgents/com.google.keystone.agent.plist

- com.google.keystone.user.agent

Library/LaunchAgents/com.spotify.webhelper.plist

- com.spotify.webhelper



Startup items



/Library/StartupItems/PKard/PKard

/Library/StartupItems/PKard/StartupParameters.plist

/Library/StartupItems/TuxeraNTFSUnmountHelper/StartupParameters.plist

/Library/StartupItems/TuxeraNTFSUnmountHelper/TuxeraNTFSUnmountHelper



Bundles



/System/Library/Extensions/360Controller.kext

- com.mice.driver.Xbox360Controller

/System/Library/Extensions/LogMeInSoundDriver.kext

- com.logmein.driver.LogMeInSoundDriver

/System/Library/Extensions/RoxioBluRaySupport.kext

- com.roxio.BluRaySupport

/System/Library/Extensions/Terminus.kext

- com.hzsystems.terminus.driver

/System/Library/Extensions/Wireless360Controller.kext

- com.mice.driver.Wireless360Controller

/System/Library/Extensions/WirelessGamingReceiver.kext

- com.mice.driver.WirelessGamingReceiver

/Library/Audio/Plug-Ins/Components/A52Codec.component

- com.shepmater.A52Codec

/Library/Audio/Plug-Ins/HAL/InstantOn.driver

- com.rogueamoeba.InstantOn.driver

/Library/Internet Plug-Ins/AdobeAAMDetect.plugin

- com.AdobeAAMDetectLib.AdobeAAMDetect

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

- com.adobe.acrobat.pdfviewer

/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

- com.adobe.acrobat.pdfviewerNPAPI

/Library/Internet Plug-Ins/CouponPrinter-FireFox_v2.plugin

- com.coupons.plugin.mozilla-plugin

/Library/Internet Plug-Ins/CouponPrinterPluginMac1.0.0.7.plugin

- com.CouponPrinterPluginMacLib.CouponPrinterPluginMac

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

/Library/Internet Plug-Ins/GarminGpsControl.plugin

- com.garmin.GarminGpsControl

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

- com.oracle.java.JavaAppletPlugin

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

- com.microsoft.sharepoint.browserplugin

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

- com.microsoft.sharepoint.webkitplugin

/Library/Internet Plug-Ins/Silverlight.plugin

- com.microsoft.SilverlightPlugin

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

/Library/PreferencePanes/GlimmerBlocker.prefPane

- org.glimmerblocker.prefsPane

/Library/PreferencePanes/JavaControlPanel.prefPane

- com.oracle.java.JavaControlPanel

/Library/PreferencePanes/Perian.prefPane

- org.perian.PerianPane

/Library/PreferencePanes/Pref360Control.prefPane

- com.mice.driver.360Controller.Prefs

/Library/PreferencePanes/Tuxera NTFS.prefPane

- com.tuxera.ntfs.mac.prefpane

/Library/QuickTime/AC3MovieImport.component

- com.cod3r.ac3movieimport

/Library/QuickTime/Perian.component

- org.perian.Perian

/Library/Security/PKard/10.6/PKard.tokend

- com.thursby.tokend.pkard

/Library/Security/tokend/PKard.tokend

- com.thursby.tokend.pkard

Library/Address Book Plug-Ins/SkypeABDialer.bundle

- com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

- com.skype.skypeabsms

Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin

- com.Google.GoogleEarthPlugin.plugin

Library/Internet Plug-Ins/npBcsMcTcIO.plugin

- org.mozilla.basicPlugin



Apps



/Applications/Dropbox.app



Contents of /etc/hosts



127.0.0.1 localhost

255.255.255.255 broadcasthost

::1 localhost

fe80::1%lo0 localhost

127.0.0.1 registration.parallels.com

127.0.0.1 webservices.pdfm9.parallels.com

127.0.0.1 account.parallels.com

127.0.0.1 pdfm.blist.parallels.com

127.0.0.1 pdfm.vl.parallels.com

127.0.0.1 update.parallels.com

127.0.0.1 cepreport.pdfm9.parallels.com

127.0.0.1 report.parallels.com

127.0.0.1 blist.parallels.com

127.0.0.1 blist.pdfm9.parallels.com

127.0.0.1 lmlicenses.wip4.adobe.com

127.0.0.1 lm.licenses.adobe.com



Font issues: 21



Proxies



HTTPProxy : 127.0.0.1



Listeners



launchd: afpovertcp

launchd: microsoft-ds

kdc: kerberos



Restricted files: 311



Elapsed time (s): 214

Unwanted ads and pop-ups in Safari

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.