My system is a OSX 10.9.4. I noticed one response that recommended turning off extensions but my extensions were never turned on. Is the a malware or adware?
Thanks
Mac Pro
Default browser Safari or Firefox?
Sorry, I'm new to this. Safari browser.
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*genieo\* \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^\([0-9]+\) /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\\([0-9]+\\)\\(.+\\)/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" ' BEGIN{FS="= "} /Path/{print $2} ' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test osascript\ -e );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'|tr , \\\n" 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,Inter,iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" '/S*/*/Ca*/*xpc* >&- ||echo No' );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors XPC\ cache );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D23 14 1 62 42;D12 34 43 53 44;D12 22 50 32 52;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D13 37 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
______________________________________________________________
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.
I am also having a problem with this "securepath" bug
Hi Linc,
Thanks for the tutorial, I have followed the instructions. Below are my results. Can you help?
regards
Peter
Start time: 10:35:29 01/22/15
Model Identifier: MacBookAir6,2
System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Time since boot: 5 days 2:43
USB
USB3.0 Hub (VIA Labs, Inc.)
USB3.0 Hub (VIA Labs, Inc.)
USB2.0 Hub (VIA Labs, Inc.)
External HD (Iomega Corporation)
USB2.0 Hub (VIA Labs, Inc.)
Mad Catz R.A.T.5 Mouse (Mad Catz, Inc.)
FileVault: FileVault master keychain appears to be installed
Diagnostic reports
2015-01-06 hiutil crash x12
2015-01-06 iTunes crash
2015-01-10 cloudd crash
2015-01-12 com.apple.WebKit.Plugin.64 crash x3
2015-01-15 hiutil crash
2015-01-16 hiutil crash
2015-01-19 hiutil crash
2015-01-20 DocumentPopoverViewService crash
2015-01-21 WebKitPluginHost crash x2
2015-01-21 hiutil crash x2
Log
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 17:21:05 BUG in process suhelperd[934]: over-released legacy external boost assertions (1 total, 1 external, 0 legacy-external)
Jan 21 22:38:21 process Diablo III[7060] thread 5426474 caught burning CPU! It used more than 50% CPU (Actual recent usage: 59%) over 180 seconds. thread lifetime cpu usage 91.259346 seconds, (84.182540 user, 7.076806 system) ledger info: balance: 90001922207 credit: 90007637715 debit: 5715508 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 152163576859
Jan 22 07:30:28 [[0xffffff80152fb000] OpCode 0x0C01 (Set Event Mask) from: kernel_task (0) Synchronous status: 0x00 (kIOReturnSuccess) state: 2 (BUSY) timeout: 5000] Bluetooth warning: An HCI Req timeout occurred.
Jan 22 08:14:14 [[0xffffff801490c000] OpCode 0x0C01 (Set Event Mask) from: kernel_task (0) Synchronous status: 0x00 (kIOReturnSuccess) state: 2 (BUSY) timeout: 5000] Bluetooth warning: An HCI Req timeout occurred.
Jan 22 08:14:31 USBF: 120783.297 AppleUSBHubPort::FatalError - Port 1 of Hub at 0x15200000 reported error 0xe00002c0 while doing setting port power
Jan 22 08:14:31 USBF: 120783.497 AppleUSBHubPort::FatalError - Port 2 of Hub at 0x15200000 reported error 0xe00002c0 while doing setting port power
Jan 22 08:14:31 USBF: 120783.698 AppleUSBHubPort::FatalError - Port 3 of Hub at 0x15200000 reported error 0xe00002c0 while doing setting port power
Jan 22 08:14:31 USBF: 120783.899 AppleUSBHubPort::FatalError - Port 4 of Hub at 0x15200000 reported error 0xe00002c0 while doing setting port power
Swap (MiB): 13559
Memory: kernel_task (UID 0) is using 1184 MB
kexts
com.parallels.virtualsound (1.0.27 27)
com.avast.PacketForwarder (2.0)
com.avast.AvastFileShield (2.1.0)
com.madcatz.driver.CyborgRAT (1.69)
Daemons
com.parallels.mobile.kextloader.launchdaemon
com.avast.uninstall
com.avast.daemon
com.parallels.mobile.dispatcher.launchdaemon
com.avast.update
com.avast.proxy
com.microsoft.office.licensing.helper
com.avast.service
com.avast.fileshield
com.avast.account
com.adobe.fpsaud
com.avast.crashreport
com.avast.init
Agents
com.avast.home.userinit
com.avast.userinit
com.avast.helper
com.MadCatz.SmartTechnology
com.parallels.mobile.prl_deskctl_agent.launchagent
com.google.keystone.user.agent
launchd
/System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist
- com.apple.installer.osmessagetracing
/Library/LaunchAgents/com.avast.userinit.plist
- com.avast.userinit
/Library/LaunchAgents/com.MadCatz.MadCatzSmartTechnology.plist
- com.MadCatz.SmartTechnology
/Library/LaunchAgents/com.parallels.mobile.prl_deskctl_agent.launchagent.plist
- com.parallels.mobile.prl_deskctl_agent.launchagent
/Library/LaunchDaemons/com.adobe.fpsaud.plist
- com.adobe.fpsaud
/Library/LaunchDaemons/com.avast.init.plist
- com.avast.init
/Library/LaunchDaemons/com.avast.uninstall.plist
- com.avast.uninstall
/Library/LaunchDaemons/com.avast.update.plist
- com.avast.update
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
- com.microsoft.office.licensing.helper
/Library/LaunchDaemons/com.parallels.mobile.dispatcher.launchdaemon.plist
- com.parallels.mobile.dispatcher.launchdaemon
/Library/LaunchDaemons/com.parallels.mobile.kextloader.launchdaemon.plist
- com.parallels.mobile.kextloader.launchdaemon
Library/LaunchAgents/com.avast.home.userinit.plist
- com.avast.home.userinit
Library/LaunchAgents/com.google.keystone.agent.plist
- com.google.keystone.user.agent
Library/LaunchAgents/com.parallels.mobile.startgui.launchagent.plist
- com.parallels.mobile.startgui.launchagent
Bundles
/System/Library/Extensions/CyborgRAT.kext
- com.madcatz.driver.CyborgRAT
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/PeninsulaUPSPlugIn.plugin
- com.peninsula-group.peninsulaupsplugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/MadCatzRAT.prefPane
- com.madcatz.prefPane.MadCatz
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Widgets/Currency Converter.wdgt
- net.palple.widget.currencyconverter
Contents of /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.installer.osmessagetracing</string>
<key>LaunchOnlyOnce</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMes sageTracer</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>WatchPaths</key>
<array>
<string>/var/db/.AppleDiagnosticsSetupDone</string>
</array>
</dict>
</plist>
Firewall: On
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
LivedriveCore
- /Applications/Livedrive.app/Contents/Resources/LivedriveCore.app
Widgets
Currency Converter
Restricted files: 390
Elapsed time (s): 216
I'm also a victim of the securepaths malware/virus. I've followed your instructions and posted my results. Please let me know what I should do.
Start time: 19:00:04 01/23/15
Model Identifier: iMac14,2
System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Time since boot: 3:11
SATA
ST1000LM024 HN-M101MBB
Thunderbolt
Thunderbolt 2 Express Dock HD (Belkin International, Inc.)
Rugged mini (LaCie)
USB
USB audio CODEC (Texas Instruments Japan)
FreeAgent Go (Seagate LLC)
USB Receiver (Logitech Inc.)
Portable Super Multi Drive (HLDS Hitachi-LG Data Storage, Inc.)
Diagnostic reports
2014-12-25 DashboardClient crash
2014-12-27 Plex New Transcoder crash x2
2014-12-30 Plex New Transcoder crash
2015-01-08 Plex New Transcoder crash x2
2015-01-11 ShareMessages crash
2015-01-13 Plex New Transcoder crash x2
2015-01-13 remote_assistance_host crash
2015-01-14 garcon crash x2
2015-01-15 Plex New Transcoder crash
2015-01-17 Plex New Transcoder crash
2015-01-20 Plex New Transcoder crash
2015-01-22 ShareMessages crash
2015-01-23 Evernote crash
2015-01-23 WebKitPluginHost crash
2015-01-23 filezilla crash
Log
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:47 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:48 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:48 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:41:48 com.avast.fileshield Warning: cache_cell_from_vnode: vnode_getattr() failed [2]
Jan 23 18:47:55 ALF: ifnet_get_address_list_family error 12
Jan 23 18:51:45 ALF: ifnet_get_address_list_family error 12
Jan 23 18:54:28 process com.avast.daemon[157] thread 757457 caught burning CPU!; EXC_RESOURCE supressed due to audio playback
Activity
CPU: user 22%, system 7%
I/O: 612 ops/s, 23305 blocks/s
Net: 1026 in, 82 out (KiB/s)
CPU per process: Dropbox (UID 501) is using 89.1 %
I/O per process: com.avast.daemo (UID 0) is using 3 MB/s
Current downstream data: filezilla (UID 501) is using 1051.5 KiB/s
Memory: kernel_task (UID 0) is using 1292 MB
kexts
com.squirrels.driver.AirParrotSpeakers (1.8)
com.squirrels.airparrot.framebuffer (5)
com.logmein.driver.LogMeInSoundDriver (4.1.46f67)
com.avast.PacketForwarder (2.0)
com.avast.AvastFileShield (2.1.0)
Daemons
com.avast.uninstall
com.logmein.logmeinserver
com.avast.daemon
com.oracle.java.JavaUpdateHelper
com.avast.update
com.apple.installer.osmessagetracing
com.avast.proxy
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.avast.gui.privilegedHelper
com.oracle.java.Helper-Tool
com.avast.service
com.avast.fileshield
com.avast.account
com.plex.plexconnect.bash
com.logmein.raupdate
com.adobe.fpsaud
com.avast.crashreport
com.avast.init
Agents
com.shazam.mac.ShazamHelper
com.avast.home.userinit
com.avast.userinit
com.avast.helper
com.nike.nikeplusconnect
com.dayoneapp.dayone-agent
com.adobe.AdobeCreativeCloud
com.google.keystone.system.agent
com.apple.photostream-agent
com.valvesoftware.steamclean
2BUA8C4S2C.com.agilebits.onepassword-osx-helper
com.oracle.java.Java-Updater
org.chromium.chromoting
com.spotify.webhelper
com.mint.quickview-launcher
me.raffael.myphotostream.myphotostreamagent
com.logmein.logmeingui
com.logmein.logmeinguiagent
launchd
/System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist
- com.apple.installer.osmessagetracing
/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
- com.adobe.AAM.Startup-1.0
/Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist
- com.adobe.AdobeCreativeCloud
/Library/LaunchAgents/com.avast.userinit.plist
- com.avast.userinit
/Library/LaunchAgents/com.google.keystone.agent.plist
- com.google.keystone.system.agent
/Library/LaunchAgents/com.logmein.logmeingui.plist
- com.logmein.logmeingui
/Library/LaunchAgents/com.logmein.logmeinguiagent.plist
- com.logmein.logmeinguiagent
/Library/LaunchAgents/com.logmein.logmeinguiagentatlogin.plist
- com.logmein.logmeinguiagentatlogin
/Library/LaunchAgents/com.nike.nikeplusconnect.plist
- com.nike.nikeplusconnect
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- com.oracle.java.Java-Updater
/Library/LaunchAgents/org.chromium.chromoting.plist
- org.chromium.chromoting
/Library/LaunchDaemons/com.adobe.fpsaud.plist
- com.adobe.fpsaud
/Library/LaunchDaemons/com.avast.init.plist
- com.avast.init
/Library/LaunchDaemons/com.avast.uninstall.plist
- com.avast.uninstall
/Library/LaunchDaemons/com.avast.update.plist
- com.avast.update
/Library/LaunchDaemons/com.google.keystone.daemon.plist
- com.google.keystone.daemon
/Library/LaunchDaemons/com.logmein.logmeinserver.plist
- com.logmein.logmeinserver
/Library/LaunchDaemons/com.logmein.raupdate.plist
- com.logmein.raupdate
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
- com.microsoft.office.licensing.helper
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
- com.oracle.java.Helper-Tool
/Library/LaunchDaemons/com.oracle.java.JavaUpdateHelper.plist
- com.oracle.java.JavaUpdateHelper
/Library/LaunchDaemons/com.plex.plexconnect.bash.plist
- com.plex.plexconnect.bash
Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
- com.adobe.AAM.Scheduler-1.0
Library/LaunchAgents/com.avast.home.userinit.plist
- com.avast.home.userinit
Library/LaunchAgents/com.spotify.webhelper.plist
- com.spotify.webhelper
Library/LaunchAgents/com.valvesoftware.steamclean.plist
- com.valvesoftware.steamclean
Library/LaunchAgents/me.raffael.myphotostream.myphotostreamagent.plist
- me.raffael.myphotostream.myphotostreamagent
Bundles
/System/Library/Extensions/AirParrotDriver.kext
- com.squirrels.driver.AirParrotSpeakers
/System/Library/Extensions/APExtFramebuffer.kext
- com.squirrels.airparrot.framebuffer
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/LogMeInSoundDriver.kext
- com.logmein.driver.LogMeInSoundDriver
/System/Library/Extensions/NikeSportWatch.kext
- com.nike.sportwatch
/Library/Extensions/AirParrotDriver.kext
- com.squirrels.driver.AirParrotSpeakers
/Library/Extensions/APExtFramebuffer.kext
- com.squirrels.airparrot.framebuffer
/Library/Internet Plug-Ins/AdobeAAMDetect.plugin
- com.AdobeAAMDetectLib.AdobeAAMDetect
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/LogMeIn.plugin
- com.logmein.remctrlplugin
/Library/Internet Plug-Ins/LogMeIn.plugin/LogMeInPluginHost.app
- com.logmein.logmeinpluginhost
/Library/Internet Plug-Ins/LogMeInSafari32.plugin
- com.logmein.remctrlplugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/ChromeRemoteDesktop.prefPane
- com.google.chromeremotedesktop.preferences
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
Library/Caches/com.apple.Safari/Extensions/1Password-2.safariextension
- com.agilebits.onepassword4-safari
Library/Caches/com.apple.Safari/Extensions/AdBlock-2.safariextension
- com.betafish.adblockforsafari
Library/Caches/com.apple.Safari/Extensions/Add To Amazon Wish List.safariextension
- com.amazon.safari.wishlist
Library/Caches/com.apple.Safari/Extensions/AllMyTube.safariextension
- com.wondershare.safari.allmytube
Library/Caches/com.apple.Safari/Extensions/Amazon Shopping Assistant.safariextension
- com.spigot.safari.amazonshopassist
Library/Caches/com.apple.Safari/Extensions/ClickToFlash.safariextension
- com.hoyois.safari.clicktoflash
Library/Caches/com.apple.Safari/Extensions/Evernote Web Clipper.safariextension
- com.evernote.safari.clipper
Library/Caches/com.apple.Safari/Extensions/HD quality for YouTube™.safariextension
- com.add0n.youtube-hd
Library/Caches/com.apple.Safari/Extensions/Media Center.safariextension
- com.hoyois.safari.mediacenter
Library/Caches/com.apple.Safari/Extensions/OpenIE.safariextension
- com.parallels.openinie
Library/Caches/com.apple.Safari/Extensions/Upromise RewardU Toolbar.safariextension
- com.rlo.safari100987
Library/Caches/com.apple.Safari/Extensions/YouTube5.safariextension
- com.verticalforest.youtube5
Library/Services/AppDelete.workflow
- N/A
Apps
/Applications/Google Drive.app
~/Library/Application Support/Dropbox/Dropbox.app
/Applications/Dropbox.app
Contents of /etc/pam.d/chrome-remote-desktop
auth required pam_deny.so
account required pam_permit.so
password required pam_deny.so
session required pam_deny.so
Contents of /System/Library/LaunchDaemons/com.apple.installer.osmessagetracing.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.installer.osmessagetracing</string>
<key>LaunchOnlyOnce</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMes sageTracer</string>
</array>
<key>UserName</key>
<string>root</string>
<key>GroupName</key>
<string>wheel</string>
<key>WatchPaths</key>
<array>
<string>/var/db/.AppleDiagnosticsSetupDone</string>
</array>
</dict>
</plist>
Listeners
launchd: afpovertcp
launchd: afpovertcp
launchd: microsoft-ds
launchd: microsoft-ds
launchd: ssh
launchd: ssh
kdc: kerberos
Python: http
Python: https
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Dropbox
- /Applications/Dropbox.app
Divvy
- /Applications/Divvy.app
Google Drive
- /Applications/Google Drive.app
AirServer
- /Applications/AirServer.app
Plex Media Server
- /Applications/Plex Media Server.app
Entertainment Library
- /Volumes/PorterCapsule/Entertainment Library
Knock
- /Applications/Knock.app
Google Chrome
- /Applications/Google Chrome.app
Calendar
- /Applications/Calendar.app
- /Applications/Mail.app
Safari
- /Applications/Safari.app
iTunes
- /Applications/iTunes.app
Safari extensions
1Password
AdBlock
Add To Amazon Wish List
AllMyTube
Amazon Shopping Assistant
ClickToFlash
Evernote Web Clipper
HD quality for YouTube™
Media Center
Open in Internet Explorer
Upromise RewardU Toolbar
YouTube5
Restricted files: 3218
Elapsed time (s): 336
"Avast" is the worst of the whole wretched lot of commercial "security" products for the Mac. Not only does it fail to protect you from any real danger, it may send personal data (such as web browsing history and the contents of email messages) back to the developer without your knowledge, give false warnings, destabilize and slow down the computer, and corrupt the network settings and the permissions of files in your home folder. Removing it may not repair all the damage.
Some versions of the product also inject advertising into web pages. In short, apart from the fine print in the license agreement, Avast is indistinguishable from malware, and is arguably worse than any known malware now in circulation.
Back up all data, then remove Avast according to the developer's instructions. Restart.
If you tried to remove Avast by dragging an application to the Trash, you'll have to reinstall it and then follow the instructions linked above.
Thus far, I've seen nobody on this topic actually describe the problem they are having. There is no such thing as a "securepaths virus" on the Mac, so a description of the symptoms is key for diagnosing the problem.
As a first guess, I would say that folks are probably talking about some kind of adware, but I see nothing in a quick scan of all of the information posted to indicate that anyone has any adware installed. Thus, a better possibility is that there is some kind of network compromise causing whatever problem this is. See:
http://www.adwaremedic.com/kb/hackedrouter.php
That's also a pure guess, though, relying on a very rough idea of what the problem might be.
If you are having a problem, and the link above does not help with the problem, it would be best if everyone would start their own topic and clearly describe the symptoms that you're seeing. You can include the results of Linc's script in that post, but they may not be necessary depending on the description you provide. Certainly can't hurt to include them, though, as long as the description is there.
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com, in the form of buttons allowing for donations. Donations are not required to use my site or software.)
Symptoms (for me). I'll be happily using Safari on a trusted side, and a new tab repeatedly randomly opens up to the aforementioned address. Sometimes once per session, sometimes 8 times, sometimes never. Usually I am on FB, but that could be a coincidence. This MAY be related to dashboard widgets mistakenly calling up web pages, per another thread. I'm eliminating a few widgets now, to test, but my error is not predictably repeatable, so it may take a long time to prove/disprove.
Scott Bernard wrote:
Symptoms (for me). I'll be happily using Safari on a trusted side, and a new tab repeatedly randomly opens up to the aforementioned address. Sometimes once per session, sometimes 8 times, sometimes never. Usually I am on FB, but that could be a coincidence.
Can you also run Linc's script and post the results, so we can compare with the others?
This is exactly what happens to my system. All the suggestions seem overwhelming to me. Should I just take this to a Mac store?
What I am trying:
Go to your dashboard. Hold down the option key. Hover over, and click the "close" X on each widget until they are all closed. See if the problem is gone over days/weeks (depends how often you had the problem). If it goes away, turn the dashboard widgets back on, 1 at a time, and test over the same time length until you find the guilty widget. If I am wrong, do the more complicated things above.
The secure paths (no space) virus is unlike anything I've experienced. I can't locate it on my computer--except for the pages popping up in multiples even as I write iand stopping things like a recording. I'm printing out linc's instructions and will do my best to follow them (he's rescued me in the past). But this thing seems to pose a pestilence, a plague, an alien invasion to Apple users who previously have felt secure with the Apple / Safari ecology.
And after not finding it on my computer, an internet search is just as baffling. Some Secure Paths dot com sites look legit; others clearly are not, producing blank screens with the exception of the word "forbidden."
I hope Apple comes up with an answer to this nemesis.
Here are my results - Now what? Help.
Start time: 14:34:33 02/04/15
Model Identifier: iMac9,1
System Version: OS X 10.8.5 (12F45)
Kernel Version: Darwin 12.5.0
Time since boot: 22 minutes
SATA
WDC WD6400AAKS-40H2B0
USB
My Book (Western Digital Technologies, Inc.)
Diagnostic reports
2015-01-27 WDDriveManagerStatusMenu crash x4
2015-01-28 WDDriveManagerStatusMenu crash
2015-01-29 WDDriveManagerStatusMenu crash
2015-01-30 WDDriveManagerStatusMenu crash x2
2015-01-31 WDDriveManagerStatusMenu crash x3
2015-01-31 Wunderlist crash
2015-02-01 DashboardClient crash
2015-02-01 helpd crash
2015-02-02 WDDriveManagerStatusMenu crash x5
2015-02-03 WDDriveManagerStatusMenu crash x2
2015-02-04 WDDriveManagerStatusMenu crash x3
2015-02-04 iBank crash
Log
Jan 27 18:17:30 USBF: 7271.678 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 3, EP: 0)
Jan 28 10:58:15 wl0: Roamed or switched channel, reason #8, bssid 62
Jan 28 11:05:13 wl0: Roamed or switched channel, reason #2, bssid 62
Jan 29 12:27:28 wl0: Beacon Loss Event
Jan 29 12:28:23 wl0: Roamed or switched channel, reason #4, bssid 62
Jan 29 12:28:34 wl0: Beacon Loss Event
Jan 29 12:28:48 wl0: Roamed or switched channel, reason #4, bssid 62
Jan 29 17:27:31 USBF: 25268.420 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 3, EP: 0)
Jan 30 16:39:55 BootCache: could not terminate cache, timed out with 2 callers in BC_strategy
Jan 31 12:00:34 USBF: 1970.191 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 2, EP: 0)
Jan 31 12:13:18 USBF: 2734.592 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 2, EP: 0)
Jan 31 13:24:52 wl0: Roamed or switched channel, reason #8, bssid 62
Jan 31 16:41:07 MacAuthEvent en1 Auth result for: c6 Auth timed out
Jan 31 16:41:10 MacAuthEvent en1 Auth result for: c6 Auth timed out
Jan 31 18:22:58 USBF: 6145.485 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 3, EP: 0)
Feb 1 07:12:10 USBF: 9099.679 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 3, EP: 0)
Feb 1 13:54:39 IOHIDSystem: Seize of IOHIDEventDriver failed.
Feb 1 13:54:39 IOHIDSystem: Seize of IOHIDPointing failed.
Feb 2 14:40:40 USBF: 3663.322 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 3, EP: 0)
Feb 2 16:48:46 USBF: 11349.255 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 3, EP: 0)
Feb 2 17:40:53 USBF: 14477. 30 AppleUSBEHCI::Found a transaction which hasn't moved in 5000 milliseconds on bus 0x26, timing out! (Addr: 3, EP: 0)
Feb 4 09:11:56 IOHIDSystem: Seize of IOHIDEventDriver failed.
Feb 4 09:11:56 IOHIDSystem: Seize of IOHIDPointing failed.
Feb 4 14:13:05 IOHIDSystem: Seize of IOHIDEventDriver failed.
Feb 4 14:13:05 IOHIDSystem: Seize of IOHIDPointing failed.
I/O per process: socketfilterfw (UID 0) is using 4 MB/s
kexts
com.apple.iokit.IOBluetoothHostControllerUSBTransport (4.1.7f2)
com.apple.iokit.BroadcomBluetoothHostControllerUSBTransport (4.1.7f4)
Daemons
com.zeobit.MacKeeper.plugin.AntiTheft.daemon
com.zeobit.MacKeeper.AntiVirus
com.wdc.drivemanagerservice
com.oracle.java.JavaUpdateHelper
com.oracle.java.Helper-Tool
com.motorola-mobility.mmcfgd
com.microsoft.office.licensing.helper
com.adobe.fpsaud
Agents
QA2G25RMZ4.com.wunderkinder.wunderlist-helper
com.oracle.java.Java-Updater
com.motorola.motohelperUpdater
com.motorola.motohelper
com.motorola.MDMUpdaterPlist
com.zeobit.MacKeeper.Helper
com.adobe.ARM.UUID
launchd
/System/Library/LaunchAgents/com.apple.cfnetwork.cfnetworkagent.plist
- com.apple.cfnetwork.cfnetworkagent
/System/Library/LaunchAgents/com.apple.ContainerRepairAgent.plist
- com.apple.ContainerRepairAgent
/System/Library/LaunchAgents/com.apple.java.InstallOnDemand.plist
- com.apple.java.InstallOnDemandAgent
/System/Library/LaunchAgents/com.apple.java.updateSharing.plist
- com.apple.java.updateSharing
/System/Library/LaunchAgents/com.apple.SafariNotificationAgent.plist
- com.apple.SafariNotificationAgent
/System/Library/LaunchAgents/com.apple.screensharing.MessagesAgent.plist
- com.apple.screensharing.MessagesAgent
/System/Library/LaunchAgents/com.apple.SubmitDiagInfo.xpc.plist
- com.apple.SubmitDiagInfo.xpc
/System/Library/LaunchDaemons/com.apple.AirPlayXPCHelper.plist
- com.apple.AirPlayXPCHelper
/System/Library/LaunchDaemons/com.apple.cmio.AppleCameraAssistant.plist
- com.apple.cmio.AppleCameraAssistant
/System/Library/LaunchDaemons/com.apple.gkreport.plist
- com.apple.gkreport
/System/Library/LaunchDaemons/com.apple.IOAccelMemoryInfoCollector.plist
- com.apple.IOAccelMemoryInfoCollector
/System/Library/LaunchDaemons/com.apple.store_helper.recovery.plist
- com.apple.store_helper
/System/Library/LaunchDaemons/com.apple.storeagent.recovery.plist
- com.apple.storeagent
/System/Library/LaunchDaemons/com.apple.wdhelper.plist
- com.apple.wdhelper
/System/Library/LaunchDaemons/com.apple.xprotectupdaterinit.plist
- com.apple.xprotectupdater-init
/Library/LaunchAgents/com.motorola.MDMUpdater.plist
- com.motorola.MDMUpdaterPlist
/Library/LaunchAgents/com.motorola.motohelper.plist
- com.motorola.motohelper
/Library/LaunchAgents/com.motorola.motohelperUpdater.plist
- com.motorola.motohelperUpdater
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- com.oracle.java.Java-Updater
/Library/LaunchDaemons/com.adobe.fpsaud.plist
- com.adobe.fpsaud
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
- com.microsoft.office.licensing.helper
/Library/LaunchDaemons/com.motorola-mobility.mmcfgd.plist
- com.motorola-mobility.mmcfgd
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
- com.oracle.java.Helper-Tool
/Library/LaunchDaemons/com.oracle.java.JavaUpdateHelper.plist
- com.oracle.java.JavaUpdateHelper
/Library/LaunchDaemons/com.wdc.drivemanagerservice.plist
- com.wdc.drivemanagerservice
/Library/LaunchDaemons/com.zeobit.MacKeeper.AntiVirus.plist
- com.zeobit.MacKeeper.AntiVirus
/Library/LaunchDaemons/com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist
- com.zeobit.MacKeeper.plugin.AntiTheft.daemon
Library/LaunchAgents/com.adobe.ARM.UUID.plist
- com.adobe.ARM.UUID
Library/LaunchAgents/com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID. plist
- com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.UUID
Library/LaunchAgents/com.apple.MobileMeSyncClientAgent.plist
- com.apple.MobileMeSyncClientAgent
Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist
- com.apple.Safari
Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist
- com.zeobit.MacKeeper.Helper
Bundles
/System/Library/Extensions/AMDRadeonX4000GLDriver.bundle
- com.apple.AMDRadeonX4000GLDriver
/System/Library/Extensions/AppleCameraInterface.kext
- com.apple.driver.AppleCameraInterface
/System/Library/Extensions/AppleHSSPIHIDDriver.kext
- com.apple.driver.AppleHSSPIHIDDriver
/System/Library/Extensions/AppleHSSPISupport.kext
- com.apple.driver.AppleHSSPISupport
/System/Library/Extensions/AppleIntelFramebufferAzul.kext
- com.apple.driver.AppleIntelFramebufferAzul
/System/Library/Extensions/AppleIntelHD5000Graphics.kext
- com.apple.driver.AppleIntelHD5000Graphics
/System/Library/Extensions/AppleIntelHD5000GraphicsGLDriver.bundle
- com.apple.driver.AppleIntelHD5000GraphicsGLDriver
/System/Library/Extensions/AppleIntelHD5000GraphicsVADriver.bundle
- com.apple.AppleIntelHD5000GraphicsVADriver
/System/Library/Extensions/AppleIntelHSWVA.bundle
- com.apple.AppleIntelHSWFBVA
/System/Library/Extensions/AppleIntelLpssDmac.kext
- com.apple.driver.AppleIntelLpssDmac
/System/Library/Extensions/AppleIntelLpssGspi.kext
- com.apple.driver.AppleIntelLpssGspi
/System/Library/Extensions/AppleIntelLpssSpiController.kext
- com.apple.driver.AppleIntelLpssSpiController
/System/Library/Extensions/AppleTopCase.kext
- com.apple.driver.AppleTopCase
/System/Library/Extensions/ATI7000Controller.kext
- com.apple.kext.AMD7000Controller
/System/Library/Extensions/IOAcceleratorFamily2.kext
- com.apple.iokit.IOAcceleratorFamily2
/System/Library/Extensions/LexmarkUSBMerge.kext
- com.lexmark.print.usbmerge
/System/Library/Extensions/MotMobileUSB.kext
- com.motorola-mobility.driver.MotMobileUSB
/System/Library/Extensions/NVDAStartup.kext
- com.apple.nvidia.NVDAStartup
/System/Library/Extensions/vecLib.kext
- com.apple.vecLib.kext
/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin
- info.emagic.driver.unitor
/Library/Audio/Plug-Ins/Components/Flip4Mac WMA Import.component
- net.telestream.wmv.import
/Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin
- com.apple.cmio.DAL.AppleCamera
/Library/CoreMediaIO/Plug-Ins/FCP-DAL/AppleCamera.plugin
- com.apple.cmio.DAL.AppleCamera
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin
- com.citrix.citrixicaclientplugIn
/Library/Internet Plug-Ins/CouponPrinter-FireFox_v2.plugin
- com.coupons.plugin.mozilla-plugin
/Library/Internet Plug-Ins/CouponPrinter-Safari.webplugin
- com.coupons.plugin.safari-plugin
/Library/Internet Plug-Ins/DirectorShockwave.plugin
- com.adobe.shockwave.pluginshim
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
- net.telestream.wmv.plugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins (Disabled)/Flash Player.plugin
- N/A
/Library/PreferencePanes/Citrix Online Plug-in.prefPane
- com.citrix.StandAlone
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Flip4Mac WMV.prefPane
- net.telestream.wmv.prefpane
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/QuickTime/Flip4Mac WMV Advanced.component
- net.telestream.wmv.advanced
/Library/QuickTime/Flip4Mac WMV Export.component
- net.telestream.wmv.export
/Library/QuickTime/Flip4Mac WMV Import.component
- net.telestream.wmv.import
/Library/Spotlight/iWeb.mdimporter
- com.apple.MDImporter.iWeb
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Caches/com.apple.Safari/Extensions/AdBlock.safariextension
- com.betafish.adblockforsafari
Library/Internet Plug-Ins/Box Edit.plugin
- N/A
Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin
- com.citrixonline.mac.WebDeploymentPlugin
Library/Widgets/FishTank.wdgt
- com.TheDashboard.widget.FishTank
Apps
/Applications/Dropbox.app
Contents of /System/Library/LaunchAgents/com.apple.SafariNotificationAgent.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.SafariNotificationAgent</string>
<key>LaunchEvents</key>
<dict>
<key>com.apple.usernotificationcenter.matching</key>
<dict>
<key>com.apple.SafariNotificationAgent</key>
<dict>
<key>events</key>
<array>
<string>didDeliverNotification</string>
<string>didActivateNotification</string>
</array>
<key>webcenter</key>
<true/>
</dict>
</dict>
</dict>
<key>KeepAlive</key>
<false/>
<key>MachServices</key>
...and 8 more line(s)
Contents of /System/Library/LaunchDaemons/com.apple.usbmuxd.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>Label</key>
<string>com.apple.usbmuxd</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/Res ources/usbmuxd</string>
<string>-launchd</string>
</array>
<key>UserName</key>
<string>_usbmuxd</string>
<key>GroupName</key>
<string>_usbmuxd</string>
<key>Sockets</key>
<dict>
<key>Listeners</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
...and 12 more line(s)
Contents of /System/Library/LaunchDaemons/com.apple.xprotectupdater.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.xprotectupdater</string>
<key>ProgramArguments</key>
<array>
<string>/usr/libexec/XProtectUpdater</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>9</integer>
<key>Minute</key>
<integer>29</integer>
</dict>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (XML document text)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
<key>SHAuthorizationRight</key>
<string>system.preferences</string>
</dict>
</plist>
Global login items
/Library/Application Support/WesternDigital/WDDriveManager/WDDriveManagerStatusMenu.app
/Applications/Epson Software/Event Manager.app/Contents/Resources/Assistants/Event Manager/EEventManager.app
/Library/Application Support/ArcSoft/Connect Service/ConnectService.app
Font issues: 40
Bad plists
Library/Preferences/ByHost/.GlobalPreferences.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.airport.agent.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.airport.diskagent.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.Classic.001124dffabe.plist
Library/Preferences/ByHost/com.apple.Classic.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.DotMacNotifications.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.HIToolbox.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.idisk.001124dffabe.plist
Library/Preferences/ByHost/com.apple.idisk.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.ImageCapture2.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.ImageCaptureExtension2.001124dffabe.plist
Library/Preferences/ByHost/com.apple.ImageCaptureExtension2.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.iTunes.001124dffabe.plist
Library/Preferences/ByHost/com.apple.iTunes.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.iWeb.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.MIDI.001124dffabe.plist
Library/Preferences/ByHost/com.apple.MIDI.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.networkConnect.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.preference.displays.001124dffabe.plist
Library/Preferences/ByHost/com.apple.preference.displays.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.PrefPane.Network.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.print.Cache.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.screensaver.001124dffabe.plist
Library/Preferences/ByHost/com.apple.screensaver.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.screensaver.Beach.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.screensaver.Nature Patterns.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.screensaver.slideshow.000a95676ccc.plist
Library/Preferences/ByHost/com.apple.screensaver.slideshow.001124dffabe.plist
Library/Preferences/ByHost/com.apple.screensaver.slideshow.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.SoftwareUpdate.001124dffabe.plist
Library/Preferences/ByHost/com.apple.SoftwareUpdate.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.systempreferences.001124dffabe.plist
Library/Preferences/ByHost/com.apple.systempreferences.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.systemuiserver.002500a74dd4.plist
Library/Preferences/ByHost/com.apple.windowserver.001124dffabe.plist
Library/Preferences/ByHost/com.apple.windowserver.002500a74dd4.plist
Library/Preferences/ByHost/com.citrixonline.gotomeeting.002500a74dd4.plist
Library/Preferences/com.apple.iphotomosaic.plist
Firewall: On
Listeners
launchd: afpovertcp
launchd: printer
kdc: kerberos
cupsd: ipp
User login items
AirPort Base Station Agent
- missing value
EEventManager
- /Applications/Epson Software/Event Manager.app/Contents/Resources/Assistants/Event Manager/EEventManager.app
DING!
- missing value
TomTomHOMERunner
- ~/Library/Application Support/TomTom HOME/TomTomHOMERunner.app
SanDiskSecureAccess_Manager
- missing value
Dropbox
- /Applications/Dropbox.app
AdobeResourceSynchronizer
- /Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app
Box Sync
- /Applications/Box Sync.app
Box Edit
- ~/Library/Application Support/Box/Box Edit/Box Edit.app
WDDriveManagerStatusMenu
- /Library/Application Support/WesternDigital/WDDriveManager/WDDriveManagerStatusMenu.app
EEventManager
- /Applications/Epson Software/Event Manager.app/Contents/Resources/Assistants/Event Manager/EEventManager.app
ConnectService
- /Library/Application Support/ArcSoft/Connect Service/ConnectService.app
Safari extensions
AdBlock
Restricted files: 15528
Elapsed time (s): 535
"MacKeeper" is a scam with only one useful feature: it deletes itself.
First, back up all data.
Note: These instructions apply to the version of the product that I downloaded and tested in early 2012. I can't be sure that they apply to other versions.
If you have incompletely removed MacKeeper—for example, by dragging the application to the Trash and immediately emptying—then you'll have to reinstall it and start over.
IMPORTANT: "MacKeeper" has what the developer calls an “encryption” feature. In my tests, I didn't try to verify what this feature really does. If you used it to “encrypt” any of your files, “decrypt” them before you uninstall, or (preferably) restore the files from backups made before they were “encrypted.” As the developer is not trustworthy, you should assume that the "decrypted" files are corrupt unless proven otherwise.
In the Finder, select
Go ▹ Applications
from the menu bar, or press the key combination shift-command-A. The "MacKeeper" application is in the folder that opens. Quit it if it's running, then drag it to the Trash. You'll be prompted for your login password. Click the Uninstall MacKeeper button in the dialog that appears. All the other functional components of the software will be deleted. Restart the computer and empty the Trash.
☞ Quit MacKeeper before dragging it to the Trash.
☞ Let MacKeeper delete its other components before you empty the Trash.
☞ Don't try to drag MacKeeper from the Dock to the Trash. You must open the Applications folder as above.
☞ Don't try to remove MacKeeper while running in safe mode.
how do you rid your system of secure paths.com/pixel.cgi?
