ANNOYING MACKEEPER TABS AND POPUP ADS

h1r23 - I was a bit wary of downloading more software to get rid of unwanted software, but AdwareMedic worked perfectly for me, straight off. I was so impressed I joined this forum (and made a small donation to TheSafeMac.com. Linc sounds totally brilliant, but I think the enemy is following this thread and keeping a step ahead...

Linc Davis YOU ARE THE MAN - This has alleviated so much unneeded stress! Keep it up brotha!

You have been infected with adware, as was I, also by Mackeeper. After removing cookies, Intego scan, blocking pop-ups, etc. did not work, I downloaded Adware Medic (free), ran a scan, re-started, and the problem is gone. I hope that works for you as well.

Thanks, Linc for your instruction.

But I don't see any OS x 10.10 update. The most current one is 10.9.5.

Should I upgrade to Yosemite?

Mrbeandaddy wrote:

Should I upgrade to Yosemite?

Not unless you need the new features it contains. It won't help solve whatever problems you might be having.

Today, January 14, 1015, I followed the steps you outlined to remove the malware causing annoying MacKeeper messages and pages opening when I click on unrelated links on a webpage. It seems to have worked! Thank you for posting this information. I have been seeking a solution since this problem began to occur back in November!

Thanks Linc! I am so grateful for your help.

Thanks Linc. Finally, my MAC is free of those annoying popups.

Hi Linc,

Many thanks for your help. Please let me know how to proceed now:

Start time: 02:07:31 01/18/15

Model Identifier: MacBookPro11,2

System Version: OS X 10.9.3 (13D65)

Kernel Version: Darwin 13.2.0

Time since boot: 22 days 8:13

Diagnostic reports

2015-01-16 CalendarAgent crash

Shutdowns

Jan 14 23:45:23 Previous Shutdown Cause: -60

Jan 16 23:16:01 Previous Shutdown Cause: -60

Jan 18 00:45:08 Previous Shutdown Cause: -60

Log

Jan 12 20:07:30 com.apple.aslmanager: Throttling respawn: Will start in 9 seconds

Jan 12 20:10:59 IOPPF: Sent cpu-plimit-notification last value 2 (rounded time weighted average 2)

Jan 12 23:14:58 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 1)

Jan 13 18:14:36 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 1)

Jan 14 23:45:24 [IOBluetoothHostControllerUSBTransport][ModuleReset] -- exit; error = 0x0000 (kIOReturnSuccess)

Jan 14 23:45:25 com.apple.aslmanager: Throttling respawn: Will start in 9 seconds

Jan 14 23:45:36 com.apple.aslmanager: Throttling respawn: Will start in 8 seconds

Jan 15 13:47:52 com.apple.appleseed.seedusaged: Throttling respawn: Will start in 6 seconds

Jan 15 19:49:12 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 1)

Jan 16 00:47:16 IOPPF: Sent cpu-plimit-notification last value 10 (rounded time weighted average 10)

Jan 16 00:47:27 IOPPF: Sent cpu-plimit-notification last value 12 (rounded time weighted average 14)

Jan 16 00:47:28 IOPPF: Sent gpu-internal-single-slice-plimit-notification last value 1 (rounded time weighted average 3)

Jan 16 00:47:28 IOPPF: Sent gpu-internal-plimit-notification last value 1 (rounded time weighted average 3)

Jan 18 00:45:08 IOPPF: Sent cpu-plimit-notification last value 4 (rounded time weighted average 4)

Jan 18 00:45:18 com.apple.CalendarAgent: Throttling respawn: Will start in 7 seconds

Free space (MiB): 922

Swap (MiB): 21114

Activity

Net: 4 in, 37 out (KiB/s)

Current upstream data: uTorrent (UID 502) is using 26.3776 KiB/s

Daemons

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.v.helper

com.adobe.fpsaud

Agents

com.apple.photostream-agent

com.apple.AirPortBaseStationAgent

com.oracle.java.Java-Updater

com.v.agent

com.zeobit.MacKeeper.Helper

com.iSkysoft.TunesOverWatchDemo

com.google.keystone.user.agent

Bundles

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

- com.adobe.acrobat.pdfviewer

/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

- com.adobe.acrobat.pdfviewerNPAPI

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

- com.oracle.java.JavaAppletPlugin

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

- com.microsoft.sharepoint.browserplugin

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

- com.microsoft.sharepoint.webkitplugin

/Library/Internet Plug-Ins/Silverlight.plugin

- com.microsoft.SilverlightPlugin

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

/Library/PreferencePanes/JavaControlPanel.prefPane

- com.oracle.java.JavaControlPanel

Library/Address Book Plug-Ins/SkypeABDialer.bundle

- com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

- com.skype.skypeabsms

Library/Caches/com.apple.Safari/Extensions/OpenIE.safariextension

- com.parallels.openinie

Contents of /Library/LaunchAgents/com.laser.agent.plist (checksum 2993121334)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.agent</string>

<key>OnDemand</key>

<false/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/laser/Agent/agent.app/Contents/MacOS/agent</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>KeepAlive</key>

<true/>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist (checksum 3234468914)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.oracle.java.Java-Updater</string>

<key>ProgramArguments</key>

<array>

<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>

<string>-bgcheck</string>

</array>

<key>StartCalendarInterval</key>

<dict>

<key>Hour</key>

<integer>20</integer>

<key>Minute</key>

<integer>44</integer>

<key>Weekday</key>

<integer>1</integer>

</dict>

<key>StandardErrorPath</key>

<string>/dev/null</string>

<key>StandardOutPath</key>

<string>/dev/null</string>

</dict>

...and 1 more line(s)

Contents of /Library/LaunchDaemons/com.laser.daemon.plist (checksum 4067067808)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Disabled</key>

<true/>

<key>Label</key>

<string>com.v.daemon</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/laser/Agent/agent.app/Contents/MacOS/agent</string>

<string>-update</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.laser.helper.plist (checksum 3645791414)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.helper</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/laser/Agent/agent.app/Contents/MacOS/agent</string>

<string>-helper</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 285749351)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.google.keystone.user.agent</string>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>ProgramArguments</key>

<array>

<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>

<string>-runMode</string>

<string>ifneeded</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>StartInterval</key>

<integer>3523</integer>

<key>StandardErrorPath</key>

<string>/dev/null</string>

<key>StandardOutPath</key>

<string>/dev/null</string>

</dict>

</plist>

Contents of Library/LaunchAgents/com.iSkysoft.TunesOverWatchDemo.plist (checksum 3321790347)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>KeepAlive</key>

<true/>

<key>Label</key>

<string>com.iSkysoft.TunesOverWatchDemo</string>

<key>ProgramArguments</key>

<array>

<string>/Users/USER/Library/Application Support/iSkysoft TunesOver/iSkysoft_TunesOver_Watch.app</string>

</array>

</dict>

</plist>

Contents of Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist (checksum 538894142)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Disabled</key>

<false/>

<key>EnvironmentVariables</key>

<dict>

<key>ZBTimeStamp</key>

<string>20141211123146</string>

</dict>

<key>Label</key>

<string>com.zeobit.MacKeeper.Helper</string>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>OnDemand</key>

<false/>

<key>Program</key>

<string>/Applications/MacKeeper.app/Contents/Resources/MacKeeper Helper.app/Contents/MacOS/MacKeeper Helper</string>

</dict>

</plist>

Spotlight: Index is read-only

Font issues: 21

Bad plists

Library/Preferences/com.apple.WebFoundation.plist

User login items

iTunesHelper

- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

Safari extensions

Open in Internet Explorer

Restricted files: 3464

Elapsed time (s): 213

josefinam wrote:

Hi Linc,

Many thanks for your help. Please let me know how to proceed now:

I must have missed something as I didn't see anything to indicate Linc had agreed to help you. He doesn't usually respond to "me too's" and the last thing he posted here was "to start your own discussion if the suggestions in this one don't work for you."

You will always get more help faster that way instead of posting to an old, extended topic that only the few that are still monitoring it will ever see. That's just the way this forum works best. And be sure to fully explain exactly what problems you are experiencing along with screen-shots, when appropriate. And don't post the results of Linc's diagnostics yet. Wait for somebody to ask specifically since different troubleshooters need different info and diagnostics change over time.

Hi Linc,

I know that you suggest starting a new discussion, but I'm new to this forum. You've built up a tremendous debt of gratitude that has won you trust and respect, and quite frankly, I don't trust other advice on other forums--especially when it's suggesting that I download something else.

I imagine you are extremely busy, but when you get the chance, would you mind taking a look at the results of the diagnostic I ran?

I got the virus after closing out of a suggested video update when I was stupidly trying to watch the first episode of the second season of a BBC show with my fiancee--seriously. I'm so mad at myself. Anyway, this is what I see now when I Goolgle something on Chrome (in case screenshots are helpful...)

Here are the results of my diagnostic scrubbed of personal information. Your help is so incredicbaly appreicated...

Start time: 21:20:56 01/19/15

Model Identifier: MacBookAir5,2

System Version: OS X 10.9.5 (13F34)

Kernel Version: Darwin 13.4.0

Time since boot: 6 minutes

Battery

Condition: Service Battery

Diagnostic reports

2014-12-28 CrashPlan menu bar crash

2014-12-29 CrashPlan menu bar crash

2014-12-31 CalendarAgent crash

2014-12-31 CrashPlan menu bar crash

2014-12-31 SleepServicesD crash

2015-01-08 CrashPlan menu bar crash

Shutdowns

Jan 13 14:23:04 Cause: -60

Jan 15 08:47:46 Cause: -60

Jan 16 08:36:02 Cause: -60

Jan 16 16:24:35 Cause: -60

Jan 17 22:00:07 Cause: -60

Jan 18 12:31:32 Cause: -60

Jan 18 12:35:13 Cause: -60

Jan 18 21:48:14 Cause: -60

Jan 19 20:14:04 Cause: -60

Jan 19 20:22:19 Cause: -60

Jan 19 21:15:12 Cause: -60

Log

Jan 19 20:14:03 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 20:14:52 homebrew.mxcl.postgresql: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 20:14:52 homebrew.mxcl.postgresql: Job failed to exec(3) for weird reason: 2

Jan 19 20:14:52 com.seagate.dashboard: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 20:14:52 com.seagate.dashboard: Job failed to exec(3) for weird reason: 2

Jan 19 20:21:13 com.apple.PackageKit.InstallStatus: Throttling respawn: Will start in 9 seconds

Jan 19 20:22:18 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 20:22:18 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 20:22:43 homebrew.mxcl.postgresql: Throttling respawn: Will start in 10 seconds

Jan 19 20:22:53 homebrew.mxcl.postgresql: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 20:22:53 homebrew.mxcl.postgresql: Job failed to exec(3) for weird reason: 2

Jan 19 20:25:35 firefox (map: 0xffffff80386265a0) triggered DYLD shared region unnest for map: 0xffffff80386265a0, region 0x7fff8d800000->0x7fff8da00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

Jan 19 20:26:44 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 1)

Jan 19 20:26:55 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 4)

Jan 19 20:27:54 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 1)

Jan 19 20:28:05 IOPPF: Sent cpu-plimit-notification last value 4 (rounded time weighted average 3)

Jan 19 21:14:25 com.apple.PackageKit.InstallStatus: Throttling respawn: Will start in 9 seconds

Jan 19 21:15:11 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 21:15:11 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 21:15:16 MacAuthEvent en0 Auth result for: 00:7f:28:28:29:fa Auth request tx failed

Jan 19 21:15:19 directed SSID scan fail

Jan 19 21:16:14 homebrew.mxcl.postgresql: Throttling respawn: Will start in 10 seconds

Jan 19 21:16:24 homebrew.mxcl.postgresql: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 21:16:24 homebrew.mxcl.postgresql: Job failed to exec(3) for weird reason: 2

Jan 19 21:18:45 firefox (map: 0xffffff803fc455a0) triggered DYLD shared region unnest for map: 0xffffff803fc455a0, region 0x7fff90800000->0x7fff90a00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

Activity

CPU: user 28%, system 14%

Net: 5 in, 290 out (KiB/s)

CPU per process: Google Drive (UID 501) is using 129.7 %

Current downstream data: firefox (UID 501) is using 25.795 KiB/s

Daemons

com.seagate.TBDecorator.plist

org.macosforge.xquartz.privileged_startx

com.v.helper

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.crashplan.engine

com.adobe.fpsaud

Agents

com.apple.PTPCamera.49488.UUID

com.apple.photostream-agent

com.apple.AirPortBaseStationAgent

org.macosforge.xquartz.startx

com.v.agent

com.rosettastone.rosettastonedaemon

com.google.keystone.system.agent

homebrew.mxcl.postgresql

com.spotify.webhelper

com.seagate.dashboard

com.citrixonline.GoToMeeting.G2MUpdate

com.akamai.single-user-client

Startup items

/Library/StartupItems/HWNetMgr/HWNetCfg

/Library/StartupItems/HWNetMgr/HWNetMgr

/Library/StartupItems/HWNetMgr/StartupParameters.plist

/Library/StartupItems/HWPortDetect/HWPortCfg

/Library/StartupItems/HWPortDetect/HWPortDetect

/Library/StartupItems/HWPortDetect/StartupParameters.plist

/Library/StartupItems/StartOuc/libQtCore.4.6.2.dylib

/Library/StartupItems/StartOuc/libQtCore.4.6.dylib

/Library/StartupItems/StartOuc/libQtCore.4.dylib

/Library/StartupItems/StartOuc/libQtCore.dylib

/Library/StartupItems/StartOuc/RunOuc

/Library/StartupItems/StartOuc/StartOuc

/Library/StartupItems/StartOuc/StartupParameters.plist

Bundles

/System/Library/Extensions/HuaweiDataCardDriver.kext

- com.huawei.driver.HuaweiDataCardDriver

/System/Library/Extensions/Seagate Storage Driver.kext

- com.seagate.driver.PowSecDriverCore

/System/Library/Extensions/USBExpressCardCantWake_Huawei.kext

- com.apple.dts.driver.USBExpressCardCantWake

/Library/Internet Plug-Ins/DirectorShockwave.plugin

- com.adobe.director.shockwave.pluginshim

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin

- com.google.googletalkbrowserplugin

/Library/Internet Plug-Ins/nplastpass.plugin

- com.lastpass.nplastpass

/Library/Internet Plug-Ins/o1dbrowserplugin.plugin

- com.google.o1dbrowserplugin

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

- com.microsoft.sharepoint.browserplugin

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

- com.microsoft.sharepoint.webkitplugin

/Library/Internet Plug-Ins/Silverlight.plugin

- com.microsoft.SilverlightPlugin

/Library/PreferencePanes/DashboardPreferences.prefPane

- com.seagate.dashboard.preferences

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

Library/Address Book Plug-Ins/SkypeABDialer.bundle

- com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

- com.skype.skypeabsms

Library/Caches/com.apple.Safari/Extensions/Dashlane.safariextension

- com.dashlane.dashlanesafari

Library/Caches/com.apple.Safari/Extensions/LastPass-2.safariextension

- com.lastpass.lpsafariextension

Library/Caches/com.apple.Safari/Extensions/Save to Pocket-2.safariextension

- com.ideashower.pocket.safari

Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin

- com.citrixonline.mac.WebDeploymentPlugin

Library/Internet Plug-Ins/Dashlane.plugin

- com.DashlaneLib.Dashlane

Library/Internet Plug-Ins/Picasa.plugin

- com.google.PicasaPlugin

Library/Internet Plug-Ins/Stamps.com.plugin

- com.stamps.omnibus

Library/Internet Plug-Ins/WebEx64.plugin

- com.cisco_webex.plugin.gpc64

Library/PreferencePanes/AkamaiNetSession.prefPane

- com.yourcompany.AkamaiNetSession

Library/PreferencePanes/AkamaiNetSession.prefPane/Contents/Resources

- com.yourcompany.${PRODUCT_NAME

Library/PreferencePanes/Growl.prefPane

- com.growl.prefpanel

Frameworks

/Applications/Microsoft Office 2011/Office/CalendarCore.framework

- com.microsoft.calendarcore.framework

/Applications/Microsoft Office 2011/Office/CocoaTooltipParser.framework

- com.microsoft.CocoaTooltipParser

/Applications/Microsoft Office 2011/Office/CocoaUI.framework

- com.microsoft.CocoaUI

/Applications/Microsoft Office 2011/Office/DocEx.framework

- com.microsoft.docex

/Applications/Microsoft Office 2011/Office/Gfx.framework

- com.microsoft.gfx

/Applications/Microsoft Office 2011/Office/IRM.framework

- com.microsoft.irm.framework

/Applications/Microsoft Office 2011/Office/MBURibbon.framework

- com.microsoft.ribbon

/Applications/Microsoft Office 2011/Office/MSXML.framework

- com.microsoft.msxml_library

/Applications/Microsoft Office 2011/Office/MViewLib.framework

- com.microsoft.mviewlib

/Applications/Microsoft Office 2011/Office/MetEx.framework

- com.microsoft.metex

/Applications/Microsoft Office 2011/Office/MicrosoftCSI.framework

- com.microsoft.csi_framework

/Applications/Microsoft Office 2011/Office/MicrosoftCertificate.framework

- com.microsoft.certificate.framework

/Applications/Microsoft Office 2011/Office/MicrosoftChartPlugin.framework

- com.microsoft.chart

/Applications/Microsoft Office 2011/Office/MicrosoftCloudServices.framework

- com.microsoft.mbuCloudServices_framework

/Applications/Microsoft Office 2011/Office/MicrosoftComponentPlugin.framework

- com.microsoft.mcp

/Applications/Microsoft Office 2011/Office/MicrosoftConversionLibrary.framework

- com.microsoft.converterlib

/Applications/Microsoft Office 2011/Office/MicrosoftCredui.framework

- com.microsoft.credui_framework

/Applications/Microsoft Office 2011/Office/MicrosoftDDCS.framework

- com.microsoft.ddcs_framework

/Applications/Microsoft Office 2011/Office/MicrosoftFBA.framework

- com.microsoft.fba_framework

/Applications/Microsoft Office 2011/Office/MicrosoftFS.framework

- com.microsoft.mbufs

/Applications/Microsoft Office 2011/Office/MicrosoftMathFont.framework

- com.microsoft.mathfont

/Applications/Microsoft Office 2011/Office/MicrosoftMenuLibrary.framework

- com.microsoft.menulib

/Applications/Microsoft Office 2011/Office/MicrosoftOLE.framework

- com.microsoft.ole

/Applications/Microsoft Office 2011/Office/MicrosoftOLEAutomation.framework

- com.microsoft.ole_automation

/Applications/Microsoft Office 2011/Office/MicrosoftOffice.framework

- com.microsoft.office_library

/Applications/Microsoft Office 2011/Office/MicrosoftOfficeDRM.framework

- com.microsoft.MicrosoftOfficeDRM

/Applications/Microsoft Office 2011/Office/MicrosoftOleo.framework

- com.microsoft.oleo

/Applications/Microsoft Office 2011/Office/MicrosoftPTLS.framework

- com.microsoft.msls3

/Applications/Microsoft Office 2011/Office/MicrosoftProofing.framework

- com.microsoft.proofing

/Applications/Microsoft Office 2011/Office/MicrosoftSetupUI.framework

- com.microsoft.setupui

/Applications/Microsoft Office 2011/Office/MicrosoftWebServices.framework

- com.microsoft.webservices_framework

/Applications/Microsoft Office 2011/Office/MicrosoftWizard.framework

- com.microsoft.wizard

/Applications/Microsoft Office 2011/Office/MicrosoftWlmFile.framework

- com.microsoft.wlmfile_framework

/Applications/Microsoft Office 2011/Office/MsgrLibClient.framework

- com.microsoft.msgrlibclient

/Applications/Microsoft Office 2011/Office/Netlib.framework

- com.microsoft.netlib

/Applications/Microsoft Office 2011/Office/OPF.framework

- com.microsoft.outlook.capi.framework

/Applications/Microsoft Office 2011/Office/ObjCOPF.framework

- com.microsoft.entourage.objcopf.framework

/Applications/Microsoft Office 2011/Office/OfficeAddressBook.framework

- com.microsoft.msoab

/Applications/Microsoft Office 2011/Office/OfficeArt.framework

- com.microsoft.officeart

/Applications/Microsoft Office 2011/Office/OfficeWindowLocalizer.framework

- com.microsoft.frameworks.officewindowlocalizer

/Applications/Microsoft Office 2011/Office/Oimg.framework

- com.microsoft.Oimg

/Applications/Microsoft Office 2011/Office/Open XML for Excel.framework

- com.microsoft.openxml.excel.lib

/Applications/Microsoft Office 2011/Office/OutlookCore.framework

- com.microsoft.outlook.core.framework

/Applications/Microsoft Office 2011/Office/OutlookLegacy.framework

- com.microsoft.outlook.legacy.framework

/Applications/Microsoft Office 2011/Office/OutlookPaletteItems.framework

- com.microsoft.frameworks.outlookpaletteitems

/Applications/Microsoft Office 2011/Office/OutlookRightsFramework.framework

- com.microsoft.outlookrightsframework

/Applications/Microsoft Office 2011/Office/PowerPlant.framework

- com.microsoft.powerplant

/Applications/Microsoft Office 2011/Office/PowerPlantCore.framework

- com.microsoft.powerplantcore

/Applications/Microsoft Office 2011/Office/SmartArt.framework

- com.microsoft.igx

/Applications/Microsoft Office 2011/Office/StdUrlMoniker.framework

- com.microsoft.urlmon

/Applications/Microsoft Office 2011/Office/ThreadPool.framework

- com.microsoft.threadpool

/Applications/Microsoft Office 2011/Office/Uniscribe.framework

- com.microsoft.uniscribe_library

/Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework

- com.microsoft.visual_basic

/Applications/Microsoft Office 2011/Office/WLMGraphicsDevice.framework

- com.microsoft.wlmgraphicsdevice

/Applications/Microsoft Office 2011/Office/WLMKernel.framework

- com.microsoft.wlmkernel

/Applications/Microsoft Office 2011/Office/WLMUser.framework

- com.microsoft.wlmuser

/Applications/Microsoft Office 2011/Office/WinAPIUI.framework

- com.microsoft.frameworks.winapiui

/Applications/Microsoft Office 2011/Office/WinCrypto.framework

- com.microsoft.frameworks.wincrypto

/Applications/Microsoft Office 2011/Office/WinHttp.framework

- com.microsoft.frameworks.winhttp

/Applications/Microsoft Office 2011/Office/XPG.framework

- com.microsoft.XPG

/Applications/Microsoft Office 2011/Office/mbuinstrument.framework

- com.microsoft.mbuinstrument_framework

/Applications/Microsoft Office 2011/Office/mbukernel.framework

- com.microsoft.mbukernel_framework

/Applications/Microsoft Office 2011/Office/mbulocale.framework

- com.microsoft.mbulocale

/Applications/Microsoft Office 2011/Office/mbunamedstrings.framework

- com.microsoft.mbunamedstrings

/Applications/Microsoft Office 2011/Office/mbustrings.framework

- com.microsoft.mbustrings

/Applications/Microsoft Office 2011/Office/merp.framework

- com.microsoft.merp

/Applications/Microsoft Office 2011/Office/wlmstrings.framework

- com.microsoft.wlmstrings

/Library/Frameworks/Adobe AIR.framework

- com.adobe.AIR

/Library/Printers/Canon/BJPrinter/Frameworks/BJPrinterUtility2.framework

- jp.co.canon.bj.print.BJPrinterUtility2

/System/Library/Frameworks/v.framework

- null

/Users/USER/Library/Application Support/WebEx Folder/1424/avcapture.framework

- com.cisco.avcapture

/Users/USER/Library/Application Support/WebEx Folder/1424/base64.framework

- com.cisco.base64

/Users/USER/Library/Application Support/WebEx Folder/1424/commonuiart.framework

- com.webex.commonui

/Users/USER/Library/Application Support/WebEx Folder/1424/inviteremind.framework

- com.webex.inviteremind

/Users/USER/Library/Application Support/WebEx Folder/1424/msess.framework

- com.webex.msess

/Users/USER/Library/Application Support/WebEx Folder/1424/pkcs11.framework

- com.cisco.pkcs11

/Users/USER/Library/Application Support/WebEx Folder/1424/uilib.framework

- com.cisco.uilib

/Users/USER/Library/Application Support/WebEx Folder/1424/wbxae.framework

- com.webex.wbxae

/Users/USER/Library/Application Support/WebEx Folder/1424/wbxaudiocodec.framework

- com.webex.wbxaudiocodec

/Users/USER/Library/Application Support/WebEx Folder/1424/wseclient.framework

- com.webex.wseclient

/Users/USER/Library/Application Support/WebEx Folder/1424/wsertp.framework

- com.webex.wsertp

/usr/local/Cellar/python/2.7.3/Frameworks/Python.framework

- org.python.python

Apps

/Applications/Dropbox.app

/Applications/Google Drive.app

Contents of /etc/ssh_config (checksum 2841432291)

Host *

SendEnv LANG LC_*

Host *

XAuthLocation /opt/X11/bin/xauth

Contents of /etc/sshd_config (checksum 2518667249)

SyslogFacility AUTHPRIV

AuthorizedKeysFile .ssh/authorized_keys

UsePrivilegeSeparation sandbox # Default for new installations.

AcceptEnv LANG LC_*

Subsystem sftp /usr/libexec/sftp-server

XAuthLocation /opt/X11/bin/xauth

Contents of /System/Library/LaunchDaemons/com.seagate.TBDecorator.plist (checksum 3070240373)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<!--

com.seagate.TBDecorator.plist

SeagateDiagnostics

Created by John Brisbin on 3/10/10.

Copyright 2010 Seagate Technologies LLC.. All rights reserved.

-->

<plist version="1.0">

<dict>

<key>KeepAlive</key>

<true/>

<key>Label</key>

<string>com.seagate.TBDecorator.plist</string>

<key>RunAtLoad</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/Seagate/TBLoopDriveParams</string>

</array>

</dict>

</plist>

Contents of /Library/LaunchAgents/com.rosettastone.rosettastonedaemon.plist (checksum 49023104)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.rosettastone.rosettastonedaemon</string>

<key>TimeOut</key>

<integer>5</integer>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/RosettaStoneDaemon/bin/RosettaStoneDaemon</string>

<string>--config</string>

<string>/Library/Application Support/RosettaStoneDaemon/bin/RosettaStoneDaemonConfiguration.txt</string>

</array>

</dict>

</plist>

Contents of /Library/LaunchAgents/com.saturn.agent.plist (checksum 3946252604)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.agent</string>

<key>OnDemand</key>

<false/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>KeepAlive</key>

<true/>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchAgents/org.macosforge.xquartz.startx.plist (checksum 2451978492)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>org.macosforge.xquartz.startx</string>

<key>ProgramArguments</key>

<array>

<string>/opt/X11/lib/X11/xinit/launchd_startx</string>

<string>/opt/X11/bin/startx</string>

<string>--</string>

<string>/opt/X11/bin/Xquartz</string>

</array>

<key>Sockets</key>

<dict>

<key>org.macosforge.xquartz:0</key>

<dict>

<key>SecureSocketWithKey</key>

<string>DISPLAY</string>

</dict>

</dict>

<key>ServiceIPC</key>

<true/>

<key>EnableTransactions</key>

<true/>

...and 2 more line(s)

Contents of /Library/LaunchDaemons/com.crashplan.engine.plist (checksum 757054163)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.crashplan.engine</string>

<key>UserName</key>

<string>root</string>

<key>GroupName</key>

<string>wheel</string>

<key>Nice</key>

<integer>20</integer>

<key>KeepAlive</key>

<true/>

<key>OnDemand</key>

<false/>

<key>RunAtLoad</key>

<true/>

<key>AbandonProcessGroup</key>

<true/>

<key>WorkingDirectory</key>

<string>/Applications/CrashPlan.app/Contents/Resources/Java</string>

<key>ProgramArguments</key>

<array>

<string>/Applications/CrashPlan.app/Contents/MacOS/CrashPlanService</string>

...and 26 more line(s)

Contents of /Library/LaunchDaemons/com.saturn.daemon.plist (checksum 4045507052)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Disabled</key>

<true/>

<key>Label</key>

<string>com.v.daemon</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>

<string>-update</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.saturn.helper.plist (checksum 396646342)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.helper</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>

<string>-helper</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of Library/LaunchAgents/com.akamai.single-user-client.plist (checksum 1042239076)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.akamai.single-user-client</string>

<key>Nice</key>

<integer>-18</integer>

<key>KeepAlive</key>

<dict>

<key>SuccessfulExit</key>

<false/>

</dict>

<key>ProgramArguments</key>

<array>

<string>/Users/USER/Applications/Akamai/netsession_mac</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>AbandonProcessGroup</key>

<true/>

</dict>

</plist>

Contents of Library/LaunchAgents/com.seagate.dashboard.plist (checksum 1981328959)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.seagate.dashboard</string>

<key>ProgramArguments</key>

<array>

<string>/Applications/Seagate Dashboard.app/Contents/MacOS/Seagate Dashboard</string>

<string>-runMode</string>

<string>autoLaunched</string>

</array>

<key>RunAtLoad</key>

<true/>

</dict>

</plist>

Contents of Library/LaunchAgents/com.spotify.webhelper.plist (checksum 164446764)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.spotify.webhelper</string>

<key>KeepAlive</key>

<dict>

<key>NetworkState</key>

<true/>

</dict>

<key>RunAtLoad</key>

<true/>

<key>Program</key>

<string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>

<key>SpotifyPath</key>

<string>/Applications/Spotify.app</string></dict>

</plist>

Contents of Library/LaunchAgents/homebrew.mxcl.postgresql.plist (checksum 2822538280)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>KeepAlive</key>

<true/>

<key>Label</key>

<string>homebrew.mxcl.postgresql</string>

<key>ProgramArguments</key>

<array>

<string>/usr/local/opt/postgresql/bin/postgres</string>

<string>-D</string>

<string>/usr/local/var/postgres</string>

<string>-r</string>

<string>/usr/local/var/postgres/server.log</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>UserName</key>

<string>NAME</string>

<key>WorkingDirectory</key>

<string>/usr/local</string>

<key>StandardErrorPath</key>

<string>/usr/local/var/postgres/server.log</string>

</dict>

...and 1 more line(s)

Font issues: 37

User login items

iTunesHelper

- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

Flux

- /Applications/Flux.app

Flux

- /Applications/Flux.app

Screenhero

- /Applications/Screenhero.app

Dropbox

- /Applications/Dropbox.app

Google Drive

- /Applications/Google Drive.app

ScanSnap Manager

- missing value

Music Manager

- missing value

Google Chrome

- /Applications/Google Chrome.app

VerizonUpdateCenter

- missing value

Google+ Auto Backup

- /Applications/Google+ Auto Backup.app

BitTorrent

- missing value

CrashPlan menu bar

- /Applications/CrashPlan.app/Contents/Helpers/CrashPlan menu bar.app

Safari extensions

Dashlane

LastPass

Save to Pocket

Restricted files: 176

Start time: 21:20:56 01/19/15

Model Identifier: MacBookAir5,2

System Version: OS X 10.9.5 (13F34)

Kernel Version: Darwin 13.4.0

Time since boot: 6 minutes

Battery

Condition: Service Battery

Diagnostic reports

2014-12-28 CrashPlan menu bar crash

2014-12-29 CrashPlan menu bar crash

2014-12-31 CalendarAgent crash

2014-12-31 CrashPlan menu bar crash

2014-12-31 SleepServicesD crash

2015-01-08 CrashPlan menu bar crash

Shutdowns

Jan 13 14:23:04 Cause: -60

Jan 15 08:47:46 Cause: -60

Jan 16 08:36:02 Cause: -60

Jan 16 16:24:35 Cause: -60

Jan 17 22:00:07 Cause: -60

Jan 18 12:31:32 Cause: -60

Jan 18 12:35:13 Cause: -60

Jan 18 21:48:14 Cause: -60

Jan 19 20:14:04 Cause: -60

Jan 19 20:22:19 Cause: -60

Jan 19 21:15:12 Cause: -60

Log

Jan 19 20:14:03 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 20:14:52 homebrew.mxcl.postgresql: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 20:14:52 homebrew.mxcl.postgresql: Job failed to exec(3) for weird reason: 2

Jan 19 20:14:52 com.seagate.dashboard: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 20:14:52 com.seagate.dashboard: Job failed to exec(3) for weird reason: 2

Jan 19 20:21:13 com.apple.PackageKit.InstallStatus: Throttling respawn: Will start in 9 seconds

Jan 19 20:22:18 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 20:22:18 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 20:22:43 homebrew.mxcl.postgresql: Throttling respawn: Will start in 10 seconds

Jan 19 20:22:53 homebrew.mxcl.postgresql: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 20:22:53 homebrew.mxcl.postgresql: Job failed to exec(3) for weird reason: 2

Jan 19 20:25:35 firefox (map: 0xffffff80386265a0) triggered DYLD shared region unnest for map: 0xffffff80386265a0, region 0x7fff8d800000->0x7fff8da00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

Jan 19 20:26:44 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 1)

Jan 19 20:26:55 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 4)

Jan 19 20:27:54 IOPPF: Sent cpu-plimit-notification last value 1 (rounded time weighted average 1)

Jan 19 20:28:05 IOPPF: Sent cpu-plimit-notification last value 4 (rounded time weighted average 3)

Jan 19 21:14:25 com.apple.PackageKit.InstallStatus: Throttling respawn: Will start in 9 seconds

Jan 19 21:15:11 com_seagate_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 21:15:11 com_maxtor_IOPowSec00_10_5: GetVendorAndModelIDInfo failed

Jan 19 21:15:16 MacAuthEvent en0 Auth result for: 00:7f:28:28:29:fa Auth request tx failed

Jan 19 21:15:19 directed SSID scan fail

Jan 19 21:16:14 homebrew.mxcl.postgresql: Throttling respawn: Will start in 10 seconds

Jan 19 21:16:24 homebrew.mxcl.postgresql: Job failed to exec(3). Setting up event to tell us when to try again: 2: No such file or directory

Jan 19 21:16:24 homebrew.mxcl.postgresql: Job failed to exec(3) for weird reason: 2

Jan 19 21:18:45 firefox (map: 0xffffff803fc455a0) triggered DYLD shared region unnest for map: 0xffffff803fc455a0, region 0x7fff90800000->0x7fff90a00000. While not abnormal for debuggers, this increases system memory footprint until the target exits.

Activity

CPU: user 28%, system 14%

Net: 5 in, 290 out (KiB/s)

CPU per process: Google Drive (UID 501) is using 129.7 %

Current downstream data: firefox (UID 501) is using 25.795 KiB/s

Daemons

com.seagate.TBDecorator.plist

org.macosforge.xquartz.privileged_startx

com.v.helper

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.crashplan.engine

com.adobe.fpsaud

Agents

com.apple.PTPCamera.49488.UUID

com.apple.photostream-agent

com.apple.AirPortBaseStationAgent

org.macosforge.xquartz.startx

com.v.agent

com.rosettastone.rosettastonedaemon

com.google.keystone.system.agent

homebrew.mxcl.postgresql

com.spotify.webhelper

com.seagate.dashboard

com.citrixonline.GoToMeeting.G2MUpdate

com.akamai.single-user-client

Startup items

/Library/StartupItems/HWNetMgr/HWNetCfg

/Library/StartupItems/HWNetMgr/HWNetMgr

/Library/StartupItems/HWNetMgr/StartupParameters.plist

/Library/StartupItems/HWPortDetect/HWPortCfg

/Library/StartupItems/HWPortDetect/HWPortDetect

/Library/StartupItems/HWPortDetect/StartupParameters.plist

/Library/StartupItems/StartOuc/libQtCore.4.6.2.dylib

/Library/StartupItems/StartOuc/libQtCore.4.6.dylib

/Library/StartupItems/StartOuc/libQtCore.4.dylib

/Library/StartupItems/StartOuc/libQtCore.dylib

/Library/StartupItems/StartOuc/RunOuc

/Library/StartupItems/StartOuc/StartOuc

/Library/StartupItems/StartOuc/StartupParameters.plist

Bundles

/System/Library/Extensions/HuaweiDataCardDriver.kext

- com.huawei.driver.HuaweiDataCardDriver

/System/Library/Extensions/Seagate Storage Driver.kext

- com.seagate.driver.PowSecDriverCore

/System/Library/Extensions/USBExpressCardCantWake_Huawei.kext

- com.apple.dts.driver.USBExpressCardCantWake

/Library/Internet Plug-Ins/DirectorShockwave.plugin

- com.adobe.director.shockwave.pluginshim

/Library/Internet Plug-Ins/Flash Player.plugin

- N/A

/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin

- com.google.googletalkbrowserplugin

/Library/Internet Plug-Ins/nplastpass.plugin

- com.lastpass.nplastpass

/Library/Internet Plug-Ins/o1dbrowserplugin.plugin

- com.google.o1dbrowserplugin

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

- com.microsoft.sharepoint.browserplugin

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

- com.microsoft.sharepoint.webkitplugin

/Library/Internet Plug-Ins/Silverlight.plugin

- com.microsoft.SilverlightPlugin

/Library/PreferencePanes/DashboardPreferences.prefPane

- com.seagate.dashboard.preferences

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

Library/Address Book Plug-Ins/SkypeABDialer.bundle

- com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

- com.skype.skypeabsms

Library/Caches/com.apple.Safari/Extensions/Dashlane.safariextension

- com.dashlane.dashlanesafari

Library/Caches/com.apple.Safari/Extensions/LastPass-2.safariextension

- com.lastpass.lpsafariextension

Library/Caches/com.apple.Safari/Extensions/Save to Pocket-2.safariextension

- com.ideashower.pocket.safari

Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin

- com.citrixonline.mac.WebDeploymentPlugin

Library/Internet Plug-Ins/Dashlane.plugin

- com.DashlaneLib.Dashlane

Library/Internet Plug-Ins/Picasa.plugin

- com.google.PicasaPlugin

Library/Internet Plug-Ins/Stamps.com.plugin

- com.stamps.omnibus

Library/Internet Plug-Ins/WebEx64.plugin

- com.cisco_webex.plugin.gpc64

Library/PreferencePanes/AkamaiNetSession.prefPane

- com.yourcompany.AkamaiNetSession

Library/PreferencePanes/AkamaiNetSession.prefPane/Contents/Resources

- com.yourcompany.${PRODUCT_NAME

Library/PreferencePanes/Growl.prefPane

- com.growl.prefpanel

Frameworks

/Applications/Microsoft Office 2011/Office/CalendarCore.framework

- com.microsoft.calendarcore.framework

/Applications/Microsoft Office 2011/Office/CocoaTooltipParser.framework

- com.microsoft.CocoaTooltipParser

/Applications/Microsoft Office 2011/Office/CocoaUI.framework

- com.microsoft.CocoaUI

/Applications/Microsoft Office 2011/Office/DocEx.framework

- com.microsoft.docex

/Applications/Microsoft Office 2011/Office/Gfx.framework

- com.microsoft.gfx

/Applications/Microsoft Office 2011/Office/IRM.framework

- com.microsoft.irm.framework

/Applications/Microsoft Office 2011/Office/MBURibbon.framework

- com.microsoft.ribbon

/Applications/Microsoft Office 2011/Office/MSXML.framework

- com.microsoft.msxml_library

/Applications/Microsoft Office 2011/Office/MViewLib.framework

- com.microsoft.mviewlib

/Applications/Microsoft Office 2011/Office/MetEx.framework

- com.microsoft.metex

/Applications/Microsoft Office 2011/Office/MicrosoftCSI.framework

- com.microsoft.csi_framework

/Applications/Microsoft Office 2011/Office/MicrosoftCertificate.framework

- com.microsoft.certificate.framework

/Applications/Microsoft Office 2011/Office/MicrosoftChartPlugin.framework

- com.microsoft.chart

/Applications/Microsoft Office 2011/Office/MicrosoftCloudServices.framework

- com.microsoft.mbuCloudServices_framework

/Applications/Microsoft Office 2011/Office/MicrosoftComponentPlugin.framework

- com.microsoft.mcp

/Applications/Microsoft Office 2011/Office/MicrosoftConversionLibrary.framework

- com.microsoft.converterlib

/Applications/Microsoft Office 2011/Office/MicrosoftCredui.framework

- com.microsoft.credui_framework

/Applications/Microsoft Office 2011/Office/MicrosoftDDCS.framework

- com.microsoft.ddcs_framework

/Applications/Microsoft Office 2011/Office/MicrosoftFBA.framework

- com.microsoft.fba_framework

/Applications/Microsoft Office 2011/Office/MicrosoftFS.framework

- com.microsoft.mbufs

/Applications/Microsoft Office 2011/Office/MicrosoftMathFont.framework

- com.microsoft.mathfont

/Applications/Microsoft Office 2011/Office/MicrosoftMenuLibrary.framework

- com.microsoft.menulib

/Applications/Microsoft Office 2011/Office/MicrosoftOLE.framework

- com.microsoft.ole

/Applications/Microsoft Office 2011/Office/MicrosoftOLEAutomation.framework

- com.microsoft.ole_automation

/Applications/Microsoft Office 2011/Office/MicrosoftOffice.framework

- com.microsoft.office_library

/Applications/Microsoft Office 2011/Office/MicrosoftOfficeDRM.framework

- com.microsoft.MicrosoftOfficeDRM

/Applications/Microsoft Office 2011/Office/MicrosoftOleo.framework

- com.microsoft.oleo

/Applications/Microsoft Office 2011/Office/MicrosoftPTLS.framework

- com.microsoft.msls3

/Applications/Microsoft Office 2011/Office/MicrosoftProofing.framework

- com.microsoft.proofing

/Applications/Microsoft Office 2011/Office/MicrosoftSetupUI.framework

- com.microsoft.setupui

/Applications/Microsoft Office 2011/Office/MicrosoftWebServices.framework

- com.microsoft.webservices_framework

/Applications/Microsoft Office 2011/Office/MicrosoftWizard.framework

- com.microsoft.wizard

/Applications/Microsoft Office 2011/Office/MicrosoftWlmFile.framework

- com.microsoft.wlmfile_framework

/Applications/Microsoft Office 2011/Office/MsgrLibClient.framework

- com.microsoft.msgrlibclient

/Applications/Microsoft Office 2011/Office/Netlib.framework

- com.microsoft.netlib

/Applications/Microsoft Office 2011/Office/OPF.framework

- com.microsoft.outlook.capi.framework

/Applications/Microsoft Office 2011/Office/ObjCOPF.framework

- com.microsoft.entourage.objcopf.framework

/Applications/Microsoft Office 2011/Office/OfficeAddressBook.framework

- com.microsoft.msoab

/Applications/Microsoft Office 2011/Office/OfficeArt.framework

- com.microsoft.officeart

/Applications/Microsoft Office 2011/Office/OfficeWindowLocalizer.framework

- com.microsoft.frameworks.officewindowlocalizer

/Applications/Microsoft Office 2011/Office/Oimg.framework

- com.microsoft.Oimg

/Applications/Microsoft Office 2011/Office/Open XML for Excel.framework

- com.microsoft.openxml.excel.lib

/Applications/Microsoft Office 2011/Office/OutlookCore.framework

- com.microsoft.outlook.core.framework

/Applications/Microsoft Office 2011/Office/OutlookLegacy.framework

- com.microsoft.outlook.legacy.framework

/Applications/Microsoft Office 2011/Office/OutlookPaletteItems.framework

- com.microsoft.frameworks.outlookpaletteitems

/Applications/Microsoft Office 2011/Office/OutlookRightsFramework.framework

- com.microsoft.outlookrightsframework

/Applications/Microsoft Office 2011/Office/PowerPlant.framework

- com.microsoft.powerplant

/Applications/Microsoft Office 2011/Office/PowerPlantCore.framework

- com.microsoft.powerplantcore

/Applications/Microsoft Office 2011/Office/SmartArt.framework

- com.microsoft.igx

/Applications/Microsoft Office 2011/Office/StdUrlMoniker.framework

- com.microsoft.urlmon

/Applications/Microsoft Office 2011/Office/ThreadPool.framework

- com.microsoft.threadpool

/Applications/Microsoft Office 2011/Office/Uniscribe.framework

- com.microsoft.uniscribe_library

/Applications/Microsoft Office 2011/Office/Visual Basic for Applications.framework

- com.microsoft.visual_basic

/Applications/Microsoft Office 2011/Office/WLMGraphicsDevice.framework

- com.microsoft.wlmgraphicsdevice

/Applications/Microsoft Office 2011/Office/WLMKernel.framework

- com.microsoft.wlmkernel

/Applications/Microsoft Office 2011/Office/WLMUser.framework

- com.microsoft.wlmuser

/Applications/Microsoft Office 2011/Office/WinAPIUI.framework

- com.microsoft.frameworks.winapiui

/Applications/Microsoft Office 2011/Office/WinCrypto.framework

- com.microsoft.frameworks.wincrypto

/Applications/Microsoft Office 2011/Office/WinHttp.framework

- com.microsoft.frameworks.winhttp

/Applications/Microsoft Office 2011/Office/XPG.framework

- com.microsoft.XPG

/Applications/Microsoft Office 2011/Office/mbuinstrument.framework

- com.microsoft.mbuinstrument_framework

/Applications/Microsoft Office 2011/Office/mbukernel.framework

- com.microsoft.mbukernel_framework

/Applications/Microsoft Office 2011/Office/mbulocale.framework

- com.microsoft.mbulocale

/Applications/Microsoft Office 2011/Office/mbunamedstrings.framework

- com.microsoft.mbunamedstrings

/Applications/Microsoft Office 2011/Office/mbustrings.framework

- com.microsoft.mbustrings

/Applications/Microsoft Office 2011/Office/merp.framework

- com.microsoft.merp

/Applications/Microsoft Office 2011/Office/wlmstrings.framework

- com.microsoft.wlmstrings

/Library/Frameworks/Adobe AIR.framework

- com.adobe.AIR

/Library/Printers/Canon/BJPrinter/Frameworks/BJPrinterUtility2.framework

- jp.co.canon.bj.print.BJPrinterUtility2

/System/Library/Frameworks/v.framework

- null

/Users/USER/Library/Application Support/WebEx Folder/1424/avcapture.framework

- com.cisco.avcapture

/Users/USER/Library/Application Support/WebEx Folder/1424/base64.framework

- com.cisco.base64

/Users/USER/Library/Application Support/WebEx Folder/1424/commonuiart.framework

- com.webex.commonui

/Users/USER/Library/Application Support/WebEx Folder/1424/inviteremind.framework

- com.webex.inviteremind

/Users/USER/Library/Application Support/WebEx Folder/1424/msess.framework

- com.webex.msess

/Users/USER/Library/Application Support/WebEx Folder/1424/pkcs11.framework

- com.cisco.pkcs11

/Users/USER/Library/Application Support/WebEx Folder/1424/uilib.framework

- com.cisco.uilib

/Users/USER/Library/Application Support/WebEx Folder/1424/wbxae.framework

- com.webex.wbxae

/Users/USER/Library/Application Support/WebEx Folder/1424/wbxaudiocodec.framework

- com.webex.wbxaudiocodec

/Users/USER/Library/Application Support/WebEx Folder/1424/wseclient.framework

- com.webex.wseclient

/Users/USER/Library/Application Support/WebEx Folder/1424/wsertp.framework

- com.webex.wsertp

/usr/local/Cellar/python/2.7.3/Frameworks/Python.framework

- org.python.python

Apps

/Applications/Dropbox.app

/Applications/Google Drive.app

Contents of /etc/ssh_config (checksum 2841432291)

Host *

SendEnv LANG LC_*

Host *

XAuthLocation /opt/X11/bin/xauth

Contents of /etc/sshd_config (checksum 2518667249)

SyslogFacility AUTHPRIV

AuthorizedKeysFile .ssh/authorized_keys

UsePrivilegeSeparation sandbox # Default for new installations.

AcceptEnv LANG LC_*

Subsystem sftp /usr/libexec/sftp-server

XAuthLocation /opt/X11/bin/xauth

Contents of /System/Library/LaunchDaemons/com.seagate.TBDecorator.plist (checksum 3070240373)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<!--

com.seagate.TBDecorator.plist

SeagateDiagnostics

Created by John Brisbin on 3/10/10.

Copyright 2010 Seagate Technologies LLC.. All rights reserved.

-->

<plist version="1.0">

<dict>

<key>KeepAlive</key>

<true/>

<key>Label</key>

<string>com.seagate.TBDecorator.plist</string>

<key>RunAtLoad</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/Seagate/TBLoopDriveParams</string>

</array>

</dict>

</plist>

Contents of /Library/LaunchAgents/com.rosettastone.rosettastonedaemon.plist (checksum 49023104)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.rosettastone.rosettastonedaemon</string>

<key>TimeOut</key>

<integer>5</integer>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/RosettaStoneDaemon/bin/RosettaStoneDaemon</string>

<string>--config</string>

<string>/Library/Application Support/RosettaStoneDaemon/bin/RosettaStoneDaemonConfiguration.txt</string>

</array>

</dict>

</plist>

Contents of /Library/LaunchAgents/com.saturn.agent.plist (checksum 3946252604)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.agent</string>

<key>OnDemand</key>

<false/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>KeepAlive</key>

<true/>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchAgents/org.macosforge.xquartz.startx.plist (checksum 2451978492)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>org.macosforge.xquartz.startx</string>

<key>ProgramArguments</key>

<array>

<string>/opt/X11/lib/X11/xinit/launchd_startx</string>

<string>/opt/X11/bin/startx</string>

<string>--</string>

<string>/opt/X11/bin/Xquartz</string>

</array>

<key>Sockets</key>

<dict>

<key>org.macosforge.xquartz:0</key>

<dict>

<key>SecureSocketWithKey</key>

<string>DISPLAY</string>

</dict>

</dict>

<key>ServiceIPC</key>

<true/>

<key>EnableTransactions</key>

<true/>

...and 2 more line(s)

Contents of /Library/LaunchDaemons/com.crashplan.engine.plist (checksum 757054163)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.crashplan.engine</string>

<key>UserName</key>

<string>root</string>

<key>GroupName</key>

<string>wheel</string>

<key>Nice</key>

<integer>20</integer>

<key>KeepAlive</key>

<true/>

<key>OnDemand</key>

<false/>

<key>RunAtLoad</key>

<true/>

<key>AbandonProcessGroup</key>

<true/>

<key>WorkingDirectory</key>

<string>/Applications/CrashPlan.app/Contents/Resources/Java</string>

<key>ProgramArguments</key>

<array>

<string>/Applications/CrashPlan.app/Contents/MacOS/CrashPlanService</string>

...and 26 more line(s)

Contents of /Library/LaunchDaemons/com.saturn.daemon.plist (checksum 4045507052)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Disabled</key>

<true/>

<key>Label</key>

<string>com.v.daemon</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>

<string>-update</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.saturn.helper.plist (checksum 396646342)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.helper</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>

<string>-helper</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of Library/LaunchAgents/com.akamai.single-user-client.plist (checksum 1042239076)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.akamai.single-user-client</string>

<key>Nice</key>

<integer>-18</integer>

<key>KeepAlive</key>

<dict>

<key>SuccessfulExit</key>

<false/>

</dict>

<key>ProgramArguments</key>

<array>

<string>/Users/USER/Applications/Akamai/netsession_mac</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>AbandonProcessGroup</key>

<true/>

</dict>

</plist>

Contents of Library/LaunchAgents/com.seagate.dashboard.plist (checksum 1981328959)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.seagate.dashboard</string>

<key>ProgramArguments</key>

<array>

<string>/Applications/Seagate Dashboard.app/Contents/MacOS/Seagate Dashboard</string>

<string>-runMode</string>

<string>autoLaunched</string>

</array>

<key>RunAtLoad</key>

<true/>

</dict>

</plist>

Contents of Library/LaunchAgents/com.spotify.webhelper.plist (checksum 164446764)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.spotify.webhelper</string>

<key>KeepAlive</key>

<dict>

<key>NetworkState</key>

<true/>

</dict>

<key>RunAtLoad</key>

<true/>

<key>Program</key>

<string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>

<key>SpotifyPath</key>

<string>/Applications/Spotify.app</string></dict>

</plist>

Contents of Library/LaunchAgents/homebrew.mxcl.postgresql.plist (checksum 2822538280)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>KeepAlive</key>

<true/>

<key>Label</key>

<string>homebrew.mxcl.postgresql</string>

<key>ProgramArguments</key>

<array>

<string>/usr/local/opt/postgresql/bin/postgres</string>

<string>-D</string>

<string>/usr/local/var/postgres</string>

<string>-r</string>

<string>/usr/local/var/postgres/server.log</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>UserName</key>

<string>NAME</string>

<key>WorkingDirectory</key>

<string>/usr/local</string>

<key>StandardErrorPath</key>

<string>/usr/local/var/postgres/server.log</string>

</dict>

...and 1 more line(s)

Font issues: 37

User login items

iTunesHelper

- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

Flux

- /Applications/Flux.app

Flux

- /Applications/Flux.app

Screenhero

- /Applications/Screenhero.app

Dropbox

- /Applications/Dropbox.app

Google Drive

- /Applications/Google Drive.app

ScanSnap Manager

- missing value

Music Manager

- missing value

Google Chrome

- /Applications/Google Chrome.app

VerizonUpdateCenter

- missing value

Google+ Auto Backup

- /Applications/Google+ Auto Backup.app

BitTorrent

- missing value

CrashPlan menu bar

- /Applications/CrashPlan.app/Contents/Helpers/CrashPlan menu bar.app

Safari extensions

Dashlane

LastPass

Save to Pocket

Restricted files: 176

Lockfiles: 3

Elapsed time (s): 452

Lockfiles: 3

Elapsed time (s): 452

Andrews81 wrote:

Hi Linc,

I know that you suggest starting a new discussion, but I'm new to this forum. You've built up a tremendous debt of gratitude that has won you trust and respect, and quite frankly, I don't trust other advice on other forums--especially when it's suggesting that I download something else.

I'm sure I'm wasting my time since you don't trust anybody else, but what you seem to be overlooking is that Linc does not appear to be monitoring this very old discussion any longer, which is why he suggests starting anew.

Since you are determined to fix things manually, I hope you trust this Apple document Remove unwanted adware that displays pop-up ads and graphics on your Mac which has been pointed out numerous times by Linc and others. The section you want is titled "Remove Downlite, also known as VSearch". There could be other adware on your computer which AdwareMedic could easily identify for you, but that's all the time I can spare.

I do not like these mega-threads and this will be my last comment in this one. Anyone who doesn't find an answer here should start a new thread. All this information will eventually be outdated.

First, you do not need to download any program to remove adware. Apple doesn't recommend doing that and neither do I. Never download any software, for any reason, without doing some research to determine whether it's safe. Don't take anyone's word for it. You alone are responsible for the security of your computer. If you are infected with adware, it's because you were too trusting of strangers on the Internet. Don't repeat that mistake, ever. If you search the web for programs to remove malware, there's a good chance you will get hits on yet more malware sites such as "CNET Download." Internet criminals know that people who search for that information are vulnerable, and they are poised to take advantage. Eventually the malware sites will predominate in searches, as they already do in searches for Windows malware removal.

There are several kinds of adware now in wide circulation. Some of them can be removed by following Apple's instructions:

Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support

Try those instructions first.

Of the adware that is not covered by Apple's instructions, the most common types are what I call "Crossrider" and the new variants of "VSearch." I've posted instructions for removing Crossrider in this thread at least once, and many times in other threads on this site. The comments can be found by searching for them. As of this writing, the instructions still work, as far as I know.

Below are instructions for removing VSearch variants not covered in the above-linked support article. If you see popups promoting the "MacKeeper" scam, you are probably infected with VSearch.

The VSearch malware tries to hide itself by varying the names of the files it installs. To remove it, you must first identify the naming pattern.

Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

/Library/LaunchDaemons

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.

A folder named "LaunchDaemons" may open. Look inside it for two files with names of the form

com.something.daemon.plist

and

com.something.helper.plist

Here something is a variable word, which can be different in each case. So far it has always been a string of letters without punctuation, such as "cloud," "dot," "highway," "submarine," or "trusteddownloads." Sometimes the word is "apple," and then you must be especially careful not to delete the wrong files, because many built-in OS X files have similar names.

If you find these files, leave the LaunchDaemons folder open, and open the following folder in the same way:

/Library/LaunchAgents

In this folder, there may be a file named

com.something.agent.plist

where the word something is the same as before.

If you feel confident that you've identified the above files, back up all data, then drag just those three files—nothing else—to the Trash. You may be prompted for your administrator login password. Close the Finder windows and restart the computer.

Don't delete the "LaunchAgents" or "LaunchDaemons" folder or anything else inside either one.

The malware is now permanently inactivated, as long as you never reinstall it. You can stop here if you like, or you can remove two remaining components for the sake of completeness.

Open this folder:

/Library/Application Support

If it has a subfolder named just

something

where something is the same word you saw before, drag that subfolder to the Trash and close the window.

Don't delete the "Application Support" folder or anything else inside it.

Finally, in this folder:

/System/Library/Frameworks

there may an item named exactly

v.framework

It's actually a folder, though it has a different icon than usual. This item always has the above name. Drag it to the Trash and close the window.

Don't delete the "Frameworks" folder or anything else inside it.

If you didn't find the files or you're not sure about the identification, post what you found in a new thread—not in this one.

If in doubt, or if you have no backups, change nothing at all.

The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.

This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.

In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

Then, still in System Preferences, open the App Store or Software Update pane and check the box marked

Install system data files and security updates (OS X 10.10 or later)

or

Download updates automatically (OS X 10.9 or earlier)

if it's not already checked.

Here is my report. Can anyone help me?

Start time: 19:45:15 01/22/15

Model Identifier: MacBookPro9,2

System Version: OS X 10.10 (14A389)

Kernel Version: Darwin 14.0.0

Time since boot: 4 days 18:08

USB

USB DISK 2.0 (Phison Electronics Corp.)

Diagnostic reports

2015-01-14 discoveryd crash

Log

Jan 22 19:41:05 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:41:15 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:41:26 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:41:36 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:41:47 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:41:57 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:42:08 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:42:18 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:42:29 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:42:39 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:42:50 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:43:00 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:43:11 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:43:21 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:43:31 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:43:41 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:43:52 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:44:02 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:44:13 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:44:23 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:44:34 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:44:44 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:44:55 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:45:05 com.kaspersky.kav: Service exited with abnormal code: 64

Jan 22 19:45:16 com.kaspersky.kav: Service exited with abnormal code: 64

kexts

com.kaspersky.kext.klif (3.0.2d39)

com.kaspersky.nke (1.6.2d112)

Daemons

com.v.helper

com.kaspersky.kav

com.apple.installer.osmessagetracing

com.microsoft.office.licensing.helper

com.adobe.fpsaud

Agents

com.v.agent

com.kaspersky.kav.gui

com.apple.photostream-agent

com.hp.productresearch

com.spotify.webhelper

com.google.keystone.user.agent

com.apple.AirPortBaseStationAgent

Bundles

/System/Library/Extensions/JMicronATA.kext

-com.jmicron.JMicronATA

/System/Library/Extensions/klif.kext

-com.kaspersky.kext.klif

/System/Library/Extensions/klnke.kext

-com.kaspersky.nke

/Library/Internet Plug-Ins/Flash Player.plugin

-N/A

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

-com.microsoft.sharepoint.browserplugin

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

-com.microsoft.sharepoint.webkitplugin

/Library/PreferencePanes/Flash Player.prefPane

-com.adobe.flashplayerpreferences

Library/Address Book Plug-Ins/SkypeABDialer.bundle

-com.skype.skypeabdialer

Library/Address Book Plug-Ins/SkypeABSMS.bundle

-com.skype.skypeabsms

Library/Caches/com.apple.Safari/Extensions/URLAdvisor.safariextension

-com.kaspersky.urladvisor

Library/Caches/com.apple.Safari/Extensions/VirtualKeyboard.safariextension

-com.kaspersky.virtualkeyboard

Contents of /Library/LaunchAgents/com.hp.productresearch.plist (checksum 1866638499)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Program</key>

<string>/Library/Application Support/Hewlett-Packard/Customer Participation/HP Product Research.app/Contents/MacOS/HP Product Research</string>

<key>Label</key>

<string>com.hp.productresearch</string>

<key>LaunchOnlyOnce</key>

<true/>

<key>RunAtLoad</key>

<true/>

</dict>

</plist>

Contents of /Library/LaunchAgents/com.kaspersky.kav.gui.plist (checksum 2831085550)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.kaspersky.kav.gui</string>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/Kaspersky Lab/KAV/Applications/Kaspersky Anti-Virus Agent.app/Contents/MacOS/kav_agent</string>

<string>-autolaunch</string>

<string>1</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>ServiceIPC</key>

<false/>

<key>WatchPaths</key>

<array>

<string>/Library/Application Support/Kaspersky Lab/KAV/kickstart_gui</string>

</array>

</dict>

</plist>

Contents of /Library/LaunchAgents/com.venus.agent.plist (checksum 3970513882)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.agent</string>

<key>OnDemand</key>

<false/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/venus/Agent/agent.app/Contents/MacOS/agent</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>KeepAlive</key>

<true/>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.kaspersky.kav.plist (checksum 359851999)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.kaspersky.kav</string>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/Kaspersky Lab/KAV/Binaries/kav</string>

<string>-r</string>

<string>-bl</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>ServiceIPC</key>

<false/>

<key>StandardErrorPath</key>

<string>/var/log/kav_daemon_stderr.log</string>

<key>StandardOutPath</key>

<string>/var/log/kav_daemon_stdout.log</string>

<key>WatchPaths</key>

<array>

<string>/Library/Application Support/Kaspersky Lab/KAV/kickstart</string>

</array>

</dict>

...and 1 more line(s)

Contents of /Library/LaunchDaemons/com.venus.daemon.plist (checksum 2652795848)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Disabled</key>

<true/>

<key>Label</key>

<string>com.v.daemon</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/venus/Agent/agent.app/Contents/MacOS/agent</string>

<string>-update</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.venus.helper.plist (checksum 3040520414)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.v.helper</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Application Support/venus/Agent/agent.app/Contents/MacOS/agent</string>

<string>-helper</string>

</array>

<key>KeepAlive</key>

<true/>

<key>RunAtLoad</key>

<true/>

<key>ThrottleInterval</key>

<integer>10</integer>

</dict>

</plist>

Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 3755735697)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.google.keystone.user.agent</string>

<key>LimitLoadToSessionType</key>

<string>Aqua</string>

<key>ProgramArguments</key>

<array>

<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>

<string>-runMode</string>

<string>ifneeded</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>StartInterval</key>

<integer>3523</integer>

<key>StandardErrorPath</key>

<string>/dev/null</string>

<key>StandardOutPath</key>

<string>/dev/null</string>

</dict>

</plist>

Contents of Library/LaunchAgents/com.spotify.webhelper.plist (checksum 4083703957)

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.spotify.webhelper</string>

<key>KeepAlive</key>

<dict>

<key>NetworkState</key>

<true/>

</dict>

<key>RunAtLoad</key>

<true/>

<key>Program</key>

<string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>

<key>SpotifyPath</key>

<string>/Applications/Spotify.app</string></dict>

</plist>

Firewall: On

DNS: 136.176.190.111 (static)

User login items

iTunesHelper

-/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

Spotify

-/Applications/Spotify.app

Safari extensions

URL Advisor

Virtual Keyboard

Restricted files: 257

Lockfiles: 83

Elapsed time (s): 291

Follow the instructions from this Apple document Remove unwanted adware that displays pop-up ads and graphics on your Mac which have been recommended multiple times here by several people.

Then remove Kaspersky which is not just unneeded, but causing issues ever ten seconds.