You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Hello everyone .. I would like to ask if the adwaremedic program is the safest way to remove adware from the mac. Lately I m having some pop up advertisements from a specific site called mac keeper. I have no idea how this ad came up since I am not downloading torrents nor visiting any suspicious site .
So is this the only way to permanently remove the adware? Is it safe , since this is a third party program? Thanks in advance everyone
Start time: 19:58:12 06/25/15
Model Identifier: MacBookPro8,2
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 10 minutes
SATA
Hitachi HTS545050B9A302
Diagnostic reports
2015-05-27 com.apple.WebKit.Plugin.64 crash
2015-06-13 Safari crash
2015-06-16 Any Video Converter Pro hang
Log
Jun 24 19:41:44 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 24 19:43:14 process com.apple.WebKit[595] thread 30207 caught burning CPU! It used more than 50% CPU (Actual recent usage: 66%) over 180 seconds. thread lifetime cpu usage 90.298691 seconds, (87.783835 user, 2.514856 system) ledger info: balance: 90001090795 credit: 90104993429 debit: 103902634 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 135051707965
Jun 24 19:47:11 process smcDiagnose[790] caught causing excessive wakeups. Observed wakeups rate (per sec): 49475; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45563
Jun 24 19:57:04 process com.apple.WebKit[595] caught causing excessive wakeups. Observed wakeups rate (per sec): 1927; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 47795
Jun 24 20:05:27 process com.apple.WebKit[5011] thread 48610 caught burning CPU! It used more than 50% CPU (Actual recent usage: 72%) over 180 seconds. thread lifetime cpu usage 90.197529 seconds, (87.065068 user, 3.132461 system) ledger info: balance: 90002594635 credit: 90006256465 debit: 3661830 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 124028213936
Jun 24 20:34:38 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 24 20:34:39 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 24 20:34:39 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 24 20:34:39 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jun 24 20:36:12 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 24 20:36:55 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 24 20:36:57 com.apple.iTunesHelper.24456: Service exited with abnormal code: 1
Jun 24 20:38:30 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Jun 24 20:39:39 com.apple.spindump: Service exited with abnormal code: 75
Jun 24 20:46:21 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 25 06:14:32 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jun 25 06:14:32 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 25 06:27:10 MacAuthEvent en1 Auth result for: 18:ef:63:9b:1d:4b Auth request tx failed
Jun 25 06:45:41 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 25 06:46:15 com.apple.iTunesHelper.24456: Service exited with abnormal code: 1
Jun 25 06:47:10 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Jun 25 06:49:33 com.apple.iTunesHelper.24456: Service exited with abnormal code: 1
Jun 25 19:48:52 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Jun 25 19:54:18 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 25 19:58:16 process smcDiagnose[619] caught causing excessive wakeups. Observed wakeups rate (per sec): 29577; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45948
Daemons
com.microsoft.office.licensing.helper
com.google.keystone.daemon
jp.co.canon.MasterInstaller
com.adobe.fpsaud
Agents
com.google.keystone.system.agent
com.apple.photostream-agent
com.apple.PTPCamera.76144.UUID
com.apple.AirPortBaseStationAgent
Bundles
/Library/Audio/MIDI Drivers/TASCAM US1xx MIDI Driver.plugin
- com.tascam.usb2audio.midi
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.driver
- com.tascam.usb2.coreaudio
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.plugin
- com.tascam.usb2audio.hal
/Library/Extensions/TASCAM_US1xx.kext
- com.tascam.usb2audio.driver
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist (checksum 4111951265)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>jp.co.canon.MasterInstaller</string>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>MasterSocket</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/jp.co.canon.MasterInstaller.socket</string>
<key>SockType</key>
...and 5 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Listeners
cupsd: ipp
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
VMware Fusion Start Menu
- /Applications/VMware Fusion.app/Contents/Library/VMware Fusion Start Menu.app
Dropbox
- /Applications/Dropbox.app
OpenDNS Updater
- /Applications/OpenDNS Updater.app
CFAgent
- /Applications/Clickfree/CFAgent.app
Restricted files: 162
Lockfiles: 9
Elapsed time (s): 319
Hi Linc
I think I've got it this time. my computer was running so poorly last night that I wasn't sure if I'd run the test correctly which is why you may be seeing it again. The thing is, after I ran the test it seemed to be running better but I needed sleep. When I got up this morning it was as bad as ever. I did notice the macfest extension after the fact and have deleted it. If you do get the second one, let me know if you see anything in it.
Thank You SO much for posting this info.
soundmill
What I don't see is a description of the problem.
soundmill wrote:
I did notice the macfest extension after the fact and have deleted it. If you do get the second one, let me know if you see anything in it.
I don't see anything likely to be adware in your most recent output from Linc's script. If you're still having a problem with ads or redirects on sites where they shouldn't be present, it's probably not due to adware. See:
http://www.adwaremedic.com/kb/unsolved.php
(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)
Start time: 18:39:12 06/26/15
Model Identifier: MacBookPro8,2
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 8 minutes
SATA
Hitachi HTS545050B9A302
Diagnostic reports
2015-06-13 Safari crash
2015-06-16 Any Video Converter Pro hang
Log
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::startBulkWrite: Write pipe failed, result - e000404f
Jun 26 18:36:46 AppleUSBEthernetHost::outputPacket: Bulk write failed, result - 00000001
Jun 26 18:36:46 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0
Jun 26 18:39:16 process smcDiagnose[619] caught causing excessive wakeups. Observed wakeups rate (per sec): 29356; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 49472
Daemons
com.microsoft.office.licensing.helper
com.google.keystone.daemon
jp.co.canon.MasterInstaller
com.adobe.fpsaud
Agents
com.google.keystone.system.agent
com.apple.photostream-agent
com.apple.PTPCamera.76144.UUID
com.apple.AirPortBaseStationAgent
Bundles
/Library/Audio/MIDI Drivers/TASCAM US1xx MIDI Driver.plugin
- com.tascam.usb2audio.midi
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.driver
- com.tascam.usb2.coreaudio
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.plugin
- com.tascam.usb2audio.hal
/Library/Extensions/TASCAM_US1xx.kext
- com.tascam.usb2audio.driver
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist (checksum 4111951265)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>jp.co.canon.MasterInstaller</string>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>MasterSocket</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/jp.co.canon.MasterInstaller.socket</string>
<key>SockType</key>
...and 5 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Listeners
cupsd: ipp
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
VMware Fusion Start Menu
- /Applications/VMware Fusion.app/Contents/Library/VMware Fusion Start Menu.app
Dropbox
- /Applications/Dropbox.app
OpenDNS Updater
- /Applications/OpenDNS Updater.app
CFAgent
- /Applications/Clickfree/CFAgent.app
Restricted files: 162
Lockfiles: 9
Elapsed time (s): 404
Start time: 20:12:21 06/26/15
Model Identifier: MacBookPro8,2
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 29 minutes
SATA
Hitachi HTS545050B9A302
Diagnostic reports
2015-06-13 Safari crash
2015-06-16 Any Video Converter Pro hang
Log
Jun 26 18:36:46 AppleUSBEthernetHost::disable: failed to set alt interface 0, e00002c0
Jun 26 18:39:16 process smcDiagnose[619] caught causing excessive wakeups. Observed wakeups rate (per sec): 29356; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 49472
Jun 26 18:49:32 process SubmitDiagInfo[319] thread 15959 caught burning CPU! It used more than 50% CPU (Actual recent usage: 86%) over 180 seconds. thread lifetime cpu usage 156.607049 seconds, (143.142117 user, 13.464932 system) ledger info: balance: 90003616097 credit: 156517041989 debit: 66513425892 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 104307718800
Jun 26 18:54:52 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 26 18:55:12 com.apple.iTunesHelper.24456: Service exited with abnormal code: 1
Jun 26 18:56:19 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Jun 26 18:56:59 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:09 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:19 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:29 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:39 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 19:19:16 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Plugin.32.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.iTunesHelper.24456: Service exited with abnormal code: 1
Jun 26 19:44:01 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Jun 26 19:44:06 MacAuthEvent en1 Auth result for: 18:ef:63:9b:15:a4 Auth timed out
Jun 26 19:44:06 MacAuthEvent en1 Auth result for: 18:ef:63:fc:77:02 Auth request tx failed
Jun 26 19:44:09 MacAuthEvent en1 Auth result for: 18:ef:63:9b:1d:44 Auth timed out
Jun 26 19:45:27 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 20:12:28 process smcDiagnose[577] caught causing excessive wakeups. Observed wakeups rate (per sec): 29422; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 49145
Daemons
com.microsoft.office.licensing.helper
com.google.keystone.daemon
jp.co.canon.MasterInstaller
com.adobe.fpsaud
Agents
com.google.keystone.system.agent
com.apple.photostream-agent
com.apple.AirPortBaseStationAgent
Bundles
/Library/Audio/MIDI Drivers/TASCAM US1xx MIDI Driver.plugin
- com.tascam.usb2audio.midi
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.driver
- com.tascam.usb2.coreaudio
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.plugin
- com.tascam.usb2audio.hal
/Library/Extensions/TASCAM_US1xx.kext
- com.tascam.usb2audio.driver
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist (checksum 4111951265)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>jp.co.canon.MasterInstaller</string>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>MasterSocket</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/jp.co.canon.MasterInstaller.socket</string>
<key>SockType</key>
...and 5 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Listeners
cupsd: ipp
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
VMware Fusion Start Menu
- /Applications/VMware Fusion.app/Contents/Library/VMware Fusion Start Menu.app
Dropbox
- /Applications/Dropbox.app
OpenDNS Updater
- /Applications/OpenDNS Updater.app
CFAgent
- /Applications/Clickfree/CFAgent.app
Restricted files: 162
Lockfiles: 9
Elapsed time (s): 326
Hi I'm using this yet again as it seems to be the only way I can get back online. I'm currently in a university residence and connecting to they're wifi. At first there was no problem but now after shutting down or putting my comp to sleep, I cannot connect to the university wifi. It is a system that automatically opens a login window. Enter the correct credentials and you're online. It seems to work immediately after sending this (tethered to iPhone) but a short time later after a restart or sleep mode, Something will attempt to re-direct away from the login. This is one of the addresses used. I have more. Starts with the usual http etc and then it's .captive.apple.com/8SRYlzwz/L8SpxutF/LbeQrGy2 dot com
Any advise will be welcomed.
Any advise will be welcomed.
This message thread, as far as I'm concerned, is dedicated to the original poster's problem, which seems to be unrelated to the one you have.
To get help with a problem of your own, first search the site for answered questions similar to yours. If you don't find a solution that way, start your own thread with a full description of the symptoms, the context, and what you've already done. That thread will be all yours. You'll have the same chance as anyone else of getting a useful response.
I don't recommend posting test results that nobody asked for, especially the results of an old version of a test that I no longer use.
Start time: 05:53:57 06/27/15
Model Identifier: MacBookPro8,2
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 10:10
SATA
Hitachi HTS545050B9A302
Diagnostic reports
2015-06-13 Safari crash
2015-06-16 Any Video Converter Pro hang
Log
Jun 26 18:49:32 process SubmitDiagInfo[319] thread 15959 caught burning CPU! It used more than 50% CPU (Actual recent usage: 86%) over 180 seconds. thread lifetime cpu usage 156.607049 seconds, (143.142117 user, 13.464932 system) ledger info: balance: 90003616097 credit: 156517041989 debit: 66513425892 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 104307718800
Jun 26 18:54:52 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 26 18:55:12 com.apple.iTunesHelper.24456: Service exited with abnormal code: 1
Jun 26 18:56:19 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Jun 26 18:56:59 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:09 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:19 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:29 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 18:57:39 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 19:19:16 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Plugin.32.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jun 26 19:19:16 com.apple.iTunesHelper.24456: Service exited with abnormal code: 1
Jun 26 19:44:01 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Jun 26 19:44:06 MacAuthEvent en1 Auth result for: 18:ef:63:9b:15:a4 Auth timed out
Jun 26 19:44:06 MacAuthEvent en1 Auth result for: 18:ef:63:fc:77:02 Auth request tx failed
Jun 26 19:44:09 MacAuthEvent en1 Auth result for: 18:ef:63:9b:1d:44 Auth timed out
Jun 26 19:45:27 com.apple.spindump: Service exited with abnormal code: 75
Jun 26 20:12:28 process smcDiagnose[577] caught causing excessive wakeups. Observed wakeups rate (per sec): 29422; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 49145
Jun 26 20:19:34 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 26 23:48:03 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Daemons
com.microsoft.office.licensing.helper
com.google.keystone.daemon
jp.co.canon.MasterInstaller
com.adobe.fpsaud
Agents
com.google.keystone.system.agent
com.apple.photostream-agent
com.apple.AirPortBaseStationAgent
Bundles
/Library/Audio/MIDI Drivers/TASCAM US1xx MIDI Driver.plugin
- com.tascam.usb2audio.midi
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.driver
- com.tascam.usb2.coreaudio
/Library/Audio/Plug-Ins/HAL/TASCAM_US1xx.plugin
- com.tascam.usb2audio.hal
/Library/Extensions/TASCAM_US1xx.kext
- com.tascam.usb2audio.driver
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist (checksum 4111951265)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>jp.co.canon.MasterInstaller</string>
<key>Program</key>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>MasterSocket</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
<string>/var/run/jp.co.canon.MasterInstaller.socket</string>
<key>SockType</key>
...and 5 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Listeners
cupsd: ipp
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
VMware Fusion Start Menu
- /Applications/VMware Fusion.app/Contents/Library/VMware Fusion Start Menu.app
Dropbox
- /Applications/Dropbox.app
OpenDNS Updater
- /Applications/OpenDNS Updater.app
CFAgent
- /Applications/Clickfree/CFAgent.app
Restricted files: 166
Lockfiles: 10
Elapsed time (s): 324
You're hard drive is going to crash
Pete
Hi Linc,
I used some of your advice on a different page to remove some malware on my computer. Thank you for posting such detailed responses to help everyone out here. I'm wondering now if it's all gone and it's now safe to resume normal activities, like banking and other security-sensitive tasks. I just followed your instructions above to diagnose my computer, and I'd appreciate your help in letting me know if things look good now. Here's what I got from the terminal test...
Start time: 14:16:25 07/10/15
Model Identifier: iMac14,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 3:34
Diagnostic reports
2015-06-11 cloudd crash
2015-06-15 iTunes hang
2015-06-17 pluginkit crash
2015-06-18 pluginkit crash x8
2015-06-19 pluginkit crash x10
2015-07-02 iTunes hang
2015-07-09 AppAS crash x2
2015-07-09 PTPCamera crash
Log
Jul 9 21:14:52 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 9 21:14:52 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jul 9 21:14:52 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:24:00 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:24:00 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:31:52 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:31:52 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:49:04 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:56:16 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:08:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:09:38 ARPT: 23.550918: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 9 22:10:21 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:30:48 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 9 22:30:59 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 10 10:42:46 ARPT: 25.075445: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 10 10:42:51 com.apple.dpd: Service exited with abnormal code: 75
Jul 10 14:01:44 com.google.GoogleTalkPluginD.95172.UUID: Service exited with abnormal code: 1
Daemons
com.oracle.java.JavaUpdateHelper
com.apple.installer.osmessagetracing
com.oracle.java.Helper-Tool
com.adobe.fpsaud
Agents
Listchack.update
com.flipvideo.FlipShareAutoRun
com.citrix.ServiceRecords
Leperdvil.update
com.apple.javadisabler
com.apple.photostream-agent
Listchack.download
com.apple.CSConfigDotMacCert-@me.com-SharedServices
com.citrix.ReceiverHelper
Listchack.ltvbit
com.citrix.AuthManager_Mac
com.amazon.cloud-player
com.apple.AirPortBaseStationAgent
Leperdvil.download
Leperdvil.ltvbit
Bundles
/System/Library/Extensions/BJUSBMP.kext
- jp.co.canon.bj.kext.BJUSBMP
/System/Library/Extensions/MacOSXCameraDriver.kext
- com.flipvideo.IOUSBCameraMassStorage
/System/Library/Extensions/PdaNetDrv.kext
- com.jft.driver.PdaNetDrv
/Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
/Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin
- com.citrix.citrixicaclientplugIn
/Library/Internet Plug-Ins/DirectorShockwave.plugin
- com.adobe.director.shockwave.pluginshim
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
- com.apple.plugin.iPhotoPhotocast
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/Mozillaplug.plugin
- com.apple.verifieddownloadplugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/SlingPlayer.plugin
- com.slingmedia.slingplayer.plugin.nspapi
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/Internet Plug-Ins/VeetleBroadcast-0.9.16
- com.netscape.vlc
/Library/Internet Plug-Ins/VeetleTVCore-0.9.16
- com.veetle.plugin
/Library/Internet Plug-Ins/VeetleTVPlayer-0.9.16
- com.netscape.vlc
/Library/PreferencePanes/3ivxPrefPane.prefPane
- com.3ivx.prefpane
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/QuickTime/QTMpeg4Codec.component
- com.apple.QTMpeg4Codec
Library/Caches/com.apple.Safari/Extensions/Add To Amazon Wish List-2.safariextension
- com.amazon.safari.wishlist
Library/Caches/com.apple.Safari/Extensions/Pin It Button-2.safariextension
- com.pinterest.extension
Library/Internet Plug-Ins/BrowserPlus_2.9.8.plugin
- com.yahoo.browserplus
Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
Library/PreferencePanes/BrowserPlusPrefs.prefPane
- com.yahoo.browserplus.prefpane
Library/PreferencePanes/Growl.prefPane
- com.growl.prefpanel
Library/Widgets/BoredomButton.wdgt
- com.boredombutton.dashboard
Library/Widgets/Calculatrice Eclipse Solaire.wdgt
- com.xjubier.widget.solareclipsecalc
Library/Widgets/Countdown Calendar.wdgt
- com.maletic.dashboard.countdown
Library/Widgets/countdown.wdgt
- com.pietjonas.hector.AHectorCountdown
Library/Widgets/Sudoku.v1.0.0.wdgt
- com.orange.widgets.Sudoku
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /System/Library/LaunchAgents/com.apple.javadisabler.plist (checksum 4039215888)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Label</key>
<string>com.apple.javadisabler</string>
<key>Program</key>
<string>/System/Library/CoreServices/JavaDisabler.app/Contents/MacOS/JavaDisabl er</string>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.AuthManager_Mac.plist (checksum 1501830148)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.AuthManager_Mac</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.AuthManager_Mac</string>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/AuthManager_Mac.app/Contents/MacOS/AuthManager_Mac</ string>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ReceiverHelper.plist (checksum 676087606)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.citrix.ReceiverHelper</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ReceiverHelper.app/Contents/MacOS/ReceiverHelper</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ServiceRecords.plist (checksum 827728504)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.Beacons</key>
<true/>
<key>com.citrix.ServiceRecords</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.ServiceRecords</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ServiceRecords.app/Contents/MacOS/ServiceRecords</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
...and 4 more line(s)
Contents of /Library/LaunchAgents/com.flipvideo.FlipShare.AutoRun.plist (checksum 824467701)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.flipvideo.FlipShareAutoRun</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Library/Application Support/Flip Video/FlipShareAutoRun.app/Contents/MacOS/FlipShareAutoRun</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/Leperdvil.download.plist (checksum 875449712)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Leperdvil.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Leperdvil</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Leperdvil.ltvbit.plist (checksum 2066058212)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Leperdvil.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Leperdvil</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Leperdvil.update.plist (checksum 1743478277)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Leperdvil.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Leperdvil/Leperdvil.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Leperdvil</string>
<string>-sig</string>
<string>ASSAF_SIGNATURE</string>
<string>-agentUpdate</string>
<string>0</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/Listchack.download.plist (checksum 3943411104)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
...and 3 more line(s)
Contents of Library/LaunchAgents/Listchack.ltvbit.plist (checksum 1946168578)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/Listchack.update.plist (checksum 1348697178)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Listchack.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Listchack/Listchack.app/Contents/MacOS/AppAS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18324</string>
<string>-firstAppId</string>
<string>791900002</string>
<string>-identity</string>
<string>Listchack</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
...and 6 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Contents of Library/LaunchAgents/com.amazon.cloud-player.plist (checksum 2707474481)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.amazon.cloud-player</string>
<key>Program</key>
<string>/Applications/Amazon Cloud Player.app/Contents/MacOS/Amazon Music Helper</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-@me.com-SharedServices.Agent.plist (checksum 3298495348)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.apple.CSConfigDotMacCert-@me.com-SharedServices</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>10</integer>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>
<string>-l</string>
<string>/Users/USER/Library/Logs/CSConfigDotMacCert-@me.com-SharedServices.log</string>
<string>-u</string>
<string>@me.com</string>
<string>-t</string>
<string>SharedServices</string>
<string>-s</string>
</array>
...and 4 more line(s)
Root crontab
* */5 * * * "/Library/Internet Plug-Ins/AdobeFlash" vx 1>/dev/null 2>&1
Bad plists
Library/Preferences/com.apple.iphotomosaic.plist
Library/Preferences/com.apple.WebFoundation.plist
Firewall: On
DNS: 208.67.222.222 (static)
Wi-Fi
link auth: none
User login items
GrowlHelperApp
- /Users/USER/Library/PreferencePanes/Growl.prefPane/Contents/Resources/GrowlHelp erApp.app
PdaNetMac
- /Applications/PdaNetMac.app
Dropbox
- /Applications/Dropbox.app
ElementsAutoAnalyzer
- /Applications/Adobe Elements 12 Organizer.app/Contents/ElementsAutoAnalyzer.app
SMARTBoardService
- missing value
Safari extensions
Add To Amazon Wish List
Pin It Button
Widgets
Countdown Calendar
Restricted files: 75
Lockfiles: 4
Elapsed time (s): 310
You installed a variant of the "InstallMac" trojan. Take the steps below to disable it.
The criminal behind this attack tries to make the malware hard to remove by varying the names of the files it installs. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may files with a name of the form
something.download.plist
something.ltvbit.plist
something.update.plist
where something is usually a meaningless string, such as any of the following:
InKeepr
InstallMac
Leperdvil
Listchack
Oliverto
Texiday
These are examples, not a complete list. The string could be anything. The point is that the same string will appear in the name of three files.
You could have more than one copy of the malware, with different values of something. In your case, something is both "Leperdvil" and "Listchack".
Move all such items to the Trash. There may not be any other files in the LaunchAgents folder; in that case, you can delete the folder, but otherwise don't delete it. Other files in the folder are not necessarily malicious (though they could be, if you also installed some other kind of malware.)
Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Open this folder in the same way as above:
~/Library/Application Support
and move to the Trash any subfolders named with the same something you found in Step 2.
Don't move the Application Support folder or anything else inside it.
4. Open the Applications folder. If there is an item with the same name as in Step 3, or any of the other names listed in Step 2, drag it to the Trash.
If in doubt, press the key combination option-command-4 to arrange the apps by date added. Look at the apps that have been added since you first noticed the problem. If there is one you don't recognize, drag it to the Trash.
Empty the Trash.
If you get an alert that the application is in use, force it to quit.
5. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
6. Reset the home page in each of your browsers, if it was changed. In Safari, first load the home page you want, then select
Safari ▹ Preferences... ▹ General
and click
Set to Current Page
Thank you. All better now?
Start time: 10:08:07 07/11/15
Model Identifier: iMac14,2
System Version: OS X 10.10.4 (14E46)
Kernel Version: Darwin 14.4.0
Time since boot: 10 minutes
Diagnostic reports
2015-06-11 cloudd crash
2015-06-15 iTunes hang
2015-06-17 pluginkit crash
2015-06-18 pluginkit crash x8
2015-06-19 pluginkit crash x10
2015-07-02 iTunes hang
2015-07-09 AppAS crash
2015-07-09 PTPCamera crash
2015-07-10 AppAS crash
Log
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 21:49:08 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 9 21:56:16 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:08:55 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 9 22:09:38 ARPT: 23.550918: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 9 22:10:21 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:30 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:40 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:10:50 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:00 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:11:10 com.apple.spindump: Service exited with abnormal code: 75
Jul 9 22:30:48 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 9 22:30:59 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 10 10:42:46 ARPT: 25.075445: Failed to set AWDL Sync Enabled state (0), error code -25
Jul 10 10:42:51 com.apple.dpd: Service exited with abnormal code: 75
Jul 10 14:01:44 com.google.GoogleTalkPluginD.95172.UUID: Service exited with abnormal code: 1
Jul 10 14:38:42 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 10 14:38:42 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jul 10 14:38:42 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jul 11 09:57:46 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jul 11 09:58:46 com.apple.dpd: Service exited with abnormal code: 75
Jul 11 09:59:48 com.apple.spindump: Service exited with abnormal code: 75
Jul 11 09:59:58 com.apple.spindump: Service exited with abnormal code: 75
Jul 11 10:00:08 com.apple.spindump: Service exited with abnormal code: 75
Daemons
com.oracle.java.JavaUpdateHelper
com.apple.installer.osmessagetracing
com.oracle.java.Helper-Tool
com.adobe.fpsaud
Agents
com.flipvideo.FlipShareAutoRun
com.citrix.ServiceRecords
com.apple.javadisabler
com.apple.photostream-agent
com.apple.CSConfigDotMacCert-@me.com-SharedServices
com.google.GoogleTalkPluginD.95172.UUID
Javeview.update
com.citrix.ReceiverHelper
com.citrix.AuthManager_Mac
com.amazon.cloud-player
com.apple.AirPortBaseStationAgent
Bundles
/System/Library/Extensions/BJUSBMP.kext
- jp.co.canon.bj.kext.BJUSBMP
/System/Library/Extensions/MacOSXCameraDriver.kext
- com.flipvideo.IOUSBCameraMassStorage
/System/Library/Extensions/PdaNetDrv.kext
- com.jft.driver.PdaNetDrv
/Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
/Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin
- com.citrix.citrixicaclientplugIn
/Library/Internet Plug-Ins/DirectorShockwave.plugin
- com.adobe.director.shockwave.pluginshim
/Library/Internet Plug-Ins/EPPEX Plugin.plugin
- N/A
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
- com.apple.plugin.iPhotoPhotocast
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/Mozillaplug.plugin
- com.apple.verifieddownloadplugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/SlingPlayer.plugin
- com.slingmedia.slingplayer.plugin.nspapi
/Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
/Library/Internet Plug-Ins/VeetleBroadcast-0.9.16
- com.netscape.vlc
/Library/Internet Plug-Ins/VeetleTVCore-0.9.16
- com.veetle.plugin
/Library/Internet Plug-Ins/VeetleTVPlayer-0.9.16
- com.netscape.vlc
/Library/PreferencePanes/3ivxPrefPane.prefPane
- com.3ivx.prefpane
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/QuickTime/QTMpeg4Codec.component
- com.apple.QTMpeg4Codec
Library/Caches/com.apple.Safari/Extensions/Add To Amazon Wish List-2.safariextension
- com.amazon.safari.wishlist
Library/Caches/com.apple.Safari/Extensions/Pin It Button-2.safariextension
- com.pinterest.extension
Library/Internet Plug-Ins/BrowserPlus_2.9.8.plugin
- com.yahoo.browserplus
Library/Internet Plug-Ins/Unity Web Player.plugin
- com.unity.UnityWebPlayer
Library/PreferencePanes/BrowserPlusPrefs.prefPane
- com.yahoo.browserplus.prefpane
Library/PreferencePanes/Growl.prefPane
- com.growl.prefpanel
Library/Widgets/BoredomButton.wdgt
- com.boredombutton.dashboard
Library/Widgets/Calculatrice Eclipse Solaire.wdgt
- com.xjubier.widget.solareclipsecalc
Library/Widgets/Countdown Calendar.wdgt
- com.maletic.dashboard.countdown
Library/Widgets/countdown.wdgt
- com.pietjonas.hector.AHectorCountdown
Library/Widgets/Sudoku.v1.0.0.wdgt
- com.orange.widgets.Sudoku
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
/Applications/Google Drive.app
Contents of /System/Library/LaunchAgents/com.apple.javadisabler.plist (checksum 4039215888)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RunAtLoad</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Label</key>
<string>com.apple.javadisabler</string>
<key>Program</key>
<string>/System/Library/CoreServices/JavaDisabler.app/Contents/MacOS/JavaDisabl er</string>
</dict>
</plist>
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.AuthManager_Mac.plist (checksum 1501830148)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.AuthManager_Mac</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.AuthManager_Mac</string>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/AuthManager_Mac.app/Contents/MacOS/AuthManager_Mac</ string>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ReceiverHelper.plist (checksum 676087606)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.citrix.ReceiverHelper</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ReceiverHelper.app/Contents/MacOS/ReceiverHelper</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ServiceRecords.plist (checksum 827728504)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>MachServices</key>
<dict>
<key>com.citrix.Beacons</key>
<true/>
<key>com.citrix.ServiceRecords</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.ServiceRecords</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ServiceRecords.app/Contents/MacOS/ServiceRecords</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
...and 4 more line(s)
Contents of /Library/LaunchAgents/com.flipvideo.FlipShare.AutoRun.plist (checksum 824467701)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.flipvideo.FlipShareAutoRun</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Library/Application Support/Flip Video/FlipShareAutoRun.app/Contents/MacOS/FlipShareAutoRun</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/Javeview.update.plist (checksum 3299095357)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>Javeview.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/Javeview/Javeview.app/Contents/MacOS/AppNOS</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>18595</string>
<string>-firstAppId</string>
<string>1434976216979282</string>
<string>-identity</string>
<string>Javeview</string>
<string>-sig</string>
<string>NOSIGNATURE_SIGNATURE</string>
<string>-agentUpdate</string>
<string>2</string>
</array>
<key>RunAtLoad</key>
...and 10 more line(s)
Contents of Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist (checksum 4071182229)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.AAM.Scheduler-1.0</string>
<key>Program</key>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility</string>
<string>-mode=scheduled</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Minute</key>
<integer>0</integer>
<key>Hour</key>
<integer>2</integer>
</dict>
</dict>
</plist>
Contents of Library/LaunchAgents/com.amazon.cloud-player.plist (checksum 2707474481)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableTransactions</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.amazon.cloud-player</string>
<key>Program</key>
<string>/Applications/Amazon Cloud Player.app/Contents/MacOS/Amazon Music Helper</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-@me.com-SharedServices.Agent.plist (checksum 3298495348)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.apple.CSConfigDotMacCert-@me.com-SharedServices</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>10</integer>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>
<string>-l</string>
<string>/Users/USER/Library/Logs/CSConfigDotMacCert-@me.com-SharedServices.log</string>
<string>-u</string>
<string>@me.com</string>
<string>-t</string>
<string>SharedServices</string>
<string>-s</string>
</array>
...and 4 more line(s)
Root crontab
* */5 * * * "/Library/Internet Plug-Ins/AdobeFlash" vx 1>/dev/null 2>&1
Bad plists
Library/Preferences/com.apple.iphotomosaic.plist
Library/Preferences/com.apple.WebFoundation.plist
Firewall: On
DNS: 208.67.222.222 (static)
Wi-Fi
link auth: none
User login items
GrowlHelperApp
- /Users/USER/Library/PreferencePanes/Growl.prefPane/Contents/Resources/GrowlHelp erApp.app
PdaNetMac
- /Applications/PdaNetMac.app
Dropbox
- /Applications/Dropbox.app
ElementsAutoAnalyzer
- /Applications/Adobe Elements 12 Organizer.app/Contents/ElementsAutoAnalyzer.app
SMARTBoardService
- missing value
Safari extensions
Add To Amazon Wish List
Pin It Button
Widgets
Countdown Calendar
Restricted files: 75
Lockfiles: 4
Elapsed time (s): 325
In addition to Genieo, your Mac was infected with the RSPlug (aka DNSChanger) malware at some point in the past. That malware has been dead for many years now, so you must have been carrying remnants of it along through OS upgrades for a very long time. It cannot affect you any longer, but if your system has bits of such old malware installed, who knows what else is going on. If this were my system, I'd erase it and start over from scratch.
You installed the "MacAccess" malware, a remote-access rootkit that gives full control to an Internet criminal. It could have compromised all data.
MacAccess circulated in 2008 and 2009, and is reported to be no longer active. Whatever damage it was going to do was done long ago, if the reports are accurate. Instructions for removing it were posted here. Not having a sample of the malware, I can't test those instructions. From what I've seen, I'm reasonably sure they would work. On the other hand, the folllowing procedure is very time-consuming and probably unnecessary, but it will ensure that the machine is safe to use. The choice is yours.
Erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.
When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.
Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.
Reinstall third-party software from original media or fresh downloads—not from a backup, which may be contaminated.
That being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.
Thanks, Thomas. I have everything backed up on a time machine, but if I use that once I restart, won't I just be putting the bad stuff back on? If the malware you mentioned is dead, shouldn't I be safe? You said "who knows what else is going on," but can't you tell from looking at the diagnostic I posted above? Thanks again.
Adwaremedic is it safe ?
