You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
Hello everyone .. I would like to ask if the adwaremedic program is the safest way to remove adware from the mac. Lately I m having some pop up advertisements from a specific site called mac keeper. I have no idea how this ad came up since I am not downloading torrents nor visiting any suspicious site .
So is this the only way to permanently remove the adware? Is it safe , since this is a third party program? Thanks in advance everyone
Back up all data.
Unlock the Network preference pane, if necessary, by clicking the lock icon in the lower left corner and entering your password. Cllck Advanced, open the DNS tab, and change the server addresses to the following:
8.8.8.8
8.8.4.4
That's Google DNS. Click OK, then Apply.
In Safari, select
Safari ▹ Preferences... ▹ Privacy ▹ Remove All Website Data
and confirm. If you’re using another browser, empty the cache. Test. Any difference?
Notes:
1. If you lose Internet access after making the above change to your network settings, delete the Google servers in the Network preference pane, then select the TCP/IP tab and click Renew DHCP Lease. That should restore the original DNS settings; otherwise restore them yourself. Remember that you must click Apply in order for any changes to take effect.
2. I don't use Google DNS myself, though I have tested it, and I'm not recommending it or any other DNS provider; the server addresses are offered merely for testing purposes. There may be privacy and technical issues involved in using that service, which you should investigate personally before you decide whether to keep the settings. Other public DNS services exist.
Please we all trying to help each other as good as we can ! Linc had a solution , Thomas had his , i appreciate both because they helped me for free and immediately . There is no need trying to find who was more trustful ... They both having and sharing the same pation try to find a solution that in most cases will work!
Linc's advice is no more and no less trustworthy than any other stranger. The choice is not Linc's, it's yours.
This site is very noisy, and people who have nothing to contribute to solving your problem may make comments that have no point except to interfere. You just have to ignore them. Anyone who knows how to read also knows that I have not asked you to trust me, and that you don't have to trust me to follow my instructions without fear of the consequences.
Linc Davis wrote:
I have not asked you to trust me, and that you don't have to trust me to follow my instructions without fear of the consequences.
Has no need to trust you, but should trust your instructions?
Doublespeak is back?
I cleared the safari data....Now i m going to contact my internet provider to see the settings of the router and calibrate it if its needed. About DNS i changed the server addresses and i lost internet access. i had to restore it and now everything is smooth ..I will run the system for a day to see if this ad will show again.
Thanks again
i followed your procedure because i read several posts from you here in the community giving solutions .
Peculiar:
you hesitate about AdwareMedic, and just run without any thought the things that a anonymous poster proposes....
Lex
I just ran the diagnostics test and these were my results, any help?
Start time: 18:31:15 01/17/15
Model Identifier: iMac7,1
System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Time since boot: 4 days 5:52
Memory
BANK 0/DIMM0:
Size: 2 GB
Speed: 667 MHz
Status: OK
Manufacturer: 0xCE00000000000000
BANK 1/DIMM1:
Size: 2 GB
Speed: 667 MHz
Status: OK
Manufacturer: 0xCE00000000000000
SATA
Hitachi HDT721064SLA360
Diagnostic reports
2014-12-29 Adobe AIR Installer crash x15
2015-01-03 CoreServicesUIAgent crash
2015-01-03 MacKeeper hang
2015-01-06 CoreServicesUIAgent crash
2015-01-16 plugin-container crash
2015-01-17 Java Updater crash
Log
Jan 15 18:42:04 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 15 20:45:21 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 15 22:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 01:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 04:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 07:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 10:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 13:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 16:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 16:23:14 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 16 17:01:43 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 16 19:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 19:23:32 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 16 22:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 16 22:41:11 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 17 01:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 17 04:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 17 07:17:31 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 17 10:17:32 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 17 13:17:32 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 17 16:17:32 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 17 17:23:38 process appleeventsd[24] caught causing excessive wakeups. Observed wakeups rate (per sec): 207; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 99154
Jan 17 17:26:52 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 17 17:26:52 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 17 17:35:07 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Swap (MiB): 1233
Activity
CPU: user 29%, system 14%
Net: 324 in, 27 out (KiB/s)
CPU per process: com.apple.WebKit (UID 501) is using 80.7 %
Daemons
com.period.searchprotectd
com.v.helper
com.adobe.versioncueCS3
com.adobe.versioncueCS4
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
com.google.keystone.daemon
com.oracle.java.Helper-Tool
com.apple.aelwriter
com.logmein.hamachi
com.adobe.fpsaud
org.macosforge.xquartz.privileged_startx
Agents
com.adobe.CS4ServiceManager
com.genieo.completer.ltvbit
com.crossrider.wss002505.agent.plist
com.v.agent
com.adobe.ARM.UUID
com.flashmall.updater
com.google.keystone.system.agent
com.facebook.videochat.NAME.updater
com.webtools.update.agent
com.genieo.completer.download
org.macosforge.xquartz.startx
com.genieo.completer.update
com.jdibackup.ZipCloud.autostart
com.oracle.java.Java-Updater
com.hp.help.tocgenerator
com.webhelper
com.adobe.ARM.UUID
com.apple.Safari
com.jdibackup.ZipCloud.notify
Startup items
/Library/StartupItems/IntegoCommon/IntegoCommon
/Library/StartupItems/IntegoCommon/StartupParameters.plist
/Library/StartupItems/VirusBarrier/StartupParameters.plist
/Library/StartupItems/VirusBarrier/VirusBarrier
/Library/StartupItems/VirusBarrier/VirusBarrier.kext/Contents/Info.plist
/Library/StartupItems/VirusBarrier/VirusBarrier.kext/Contents/MacOS/VirusBarrie r
/Library/StartupItems/VirusBarrier/virusbarriers
/Library/StartupItems/VirusBarrier/VirusBarrierService.kext/Contents/Info.plist
/Library/StartupItems/VirusBarrier/VirusBarrierService.kext/Contents/MacOS/Viru sBarrierService
Bundles
/System/Library/Extensions/HerculesAudioDriver.kext
- com.Hercules.driver.HerculesAudioDriver
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/NIUSBAudio2DJ.kext
- com.caiaq.driver.NIUSBAudio2DJDriver
/System/Library/Extensions/NIUSBAudio4DJ.kext
- com.caiaq.driver.NIUSBAudio4DJDriver
/System/Library/Extensions/NIUSBAudioDriver.kext
- com.caiaq.driver.NIUSBHardwareDriver
/System/Library/Extensions/NIUSBDeviceHelper.kext
- com.native-instruments.driver.NIUSBDeviceHelper
/System/Library/Extensions/NIUSBTraktorAudio2.kext
- com.caiaq.driver.NIUSBTraktorAudio2Driver
/System/Library/Extensions/NIUSBTraktorKontrolS4.kext
- com.caiaq.driver.NIUSBTraktorKontrolS4Driver
/System/Library/Extensions/NIUSBTraktorKontrolX1.kext
- com.caiaq.driver.NIUSBTraktorKontrolX1Driver
/Library/Audio/MIDI Drivers/HerculesMIDIDriver.plugin
- com.Hercules.midi.driver.hercules
/Library/Audio/MIDI Drivers/NIUSBMIDIDriver.plugin
- N/A
/Library/Audio/MIDI Drivers/NIUSBTraktorKontrolS4MIDIDriver.plugin
- N/A
/Library/Audio/MIDI Drivers/NIUSBTraktorKontrolX1MIDIDriver.plugin
- N/A
/Library/Audio/Plug-Ins/Components/FreeAlpha.component
- com.linplug.au.FreeAlpha
/Library/Audio/Plug-Ins/VST/LinPlug/FreeAlpha.vst
- com.linplug.vst.FreeAlpha
/Library/Extensions/ham.kext
- com.logmein.hamachi
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/CANONiMAGEGATEWAYDL.plugin
- jp.Canon.cig.npdownload
/Library/Internet Plug-Ins/CANONiMAGEGATEWAYLI.plugin
- jp.Canon.cig.nplogin
/Library/Internet Plug-Ins/DivXBrowserPlugin.plugin
- com.divx.DivXBrowserPlugin
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
- net.telestream.wmv.plugin
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.webplugin
- net.telestream.wmv.webplugin
/Library/Internet Plug-Ins/GarminGpsControl.plugin
- com.garmin.GarminGpsControl
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/Loki.plugin
- com.skyhook.lokiplugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Flip4Mac WMV.prefPane
- net.telestream.wmv.prefpane
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/PreferencePanes/NetUpdate.prefPane
- com.intego.preference.netupdate
/Library/PreferencePanes/NIUSBAudio.prefPane
- com.caiaq.NIUSBAudioPreferencePane
/Library/PreferencePanes/VersionCueCS3.prefPane
- com.adobe.versioncueCS3.VCPrefPane
/Library/PreferencePanes/VersionCueCS4.prefPane
- com.adobe.versioncueCS4.VCPrefPane
/Library/QuickTime/FLV.component
- com.macromedia.FLVExporter
/Library/QuickTime/FLV.component/Contents/Resources
- com.macromedia.FLVExporter
/Library/QuickTime/SoundboothScoreCodec.component
- com.adobe.SoundboothScoreAudioCodec
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
/Library/Spotlight/Microsoft Entourage.mdimporter
- com.microsoft.entourageMDImporter
/Library/Widgets/Intego Status.wdgt
- com.intego.widget
/Library/Widgets/NetUpdate.wdgt
- com.intego.widget.netupdate
/Library/Widgets/VirusBarrier X4.wdgt
- com.intego.widget.virusbarrierx4
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Internet Plug-Ins/FacebookVideoCalling.bundle
- com.skype.FacebookVideoCalling
Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
Library/Widgets/HP Ink Widget.wdgt
- com.hp.widget.inkwidget
Apps
/Users/USER/Library/Application Support/com.genieoinnovation.Installer/Completer.app
/Applications/InstallMac/Reset Search.app
/Incompatible Software/GenieoExtra.framework/Contents/Resources/Payload.bundle
/Incompatible Software/GenieoExtra.framework/Contents/Frameworks/gen_ext_bundle.framework
/Incompatible Software/GenieoExtra.framework
Contents of /etc/ssh_config (checksum 2841432291)
Host *
SendEnv LANG LC_*
Host *
XAuthLocation /opt/X11/bin/xauth
Contents of /Library/LaunchAgents/com.hp.help.tocgenerator.plist (checksum 95484570)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RunAtLoad</key>
<true/>
<key>WatchPaths</key>
<array>
<string>/Library/Documentation/Help/Hewlett-Packard</string>
<string>/Library/Documentation/Help/Hewlett-Packard/</string>
</array>
<key>ProgramArguments</key>
<array>
<string>/Library/Documentation/Help/Hewlett-Packard/TOCGenerator.app/Contents/M acOS/TOCGenerator</string>
</array>
<key>Label</key>
<string>com.hp.help.tocgenerator</string>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist (checksum 2296908636)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>20</integer>
<key>Minute</key>
<integer>24</integer>
<key>Weekday</key>
<integer>5</integer>
</dict>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.saturn.agent.plist (checksum 3946252604)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.v.agent</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchAgents/org.macosforge.xquartz.startx.plist (checksum 2451978492)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.macosforge.xquartz.startx</string>
<key>ProgramArguments</key>
<array>
<string>/opt/X11/lib/X11/xinit/launchd_startx</string>
<string>/opt/X11/bin/startx</string>
<string>--</string>
<string>/opt/X11/bin/Xquartz</string>
</array>
<key>Sockets</key>
<dict>
<key>org.macosforge.xquartz:0</key>
<dict>
<key>SecureSocketWithKey</key>
<string>DISPLAY</string>
</dict>
</dict>
<key>ServiceIPC</key>
<true/>
<key>EnableTransactions</key>
<true/>
...and 2 more line(s)
Contents of /Library/LaunchDaemons/com.adobe.versioncueCS3.plist (checksum 714202969)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>Label</key>
<string>com.adobe.versioncueCS3</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/Adobe Version Cue CS3/Server/bin/VersionCueCS3d</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ServiceDescription</key>
<string>Adobe Version Cue CS3</string>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.adobe.versioncueCS4.plist (checksum 4003786817)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>Label</key>
<string>com.adobe.versioncueCS4</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/Adobe Version Cue CS4/Server/bin/VersionCueCS4d</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ServiceDescription</key>
<string>ServiceName</string>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.apple.qmaster.qmasterd.plist (checksum 681742547)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.qmaster.qmasterd</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/qmasterd</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.logmein.hamachi.plist (checksum 4265225024)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.logmein.hamachi</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/LogMeIn Hamachi/bin/hamachid</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Library/Logs/LogMeIn Hamachi/stderr.log</string>
<key>StandardOutPath</key>
<string>/Library/Logs/LogMeIn Hamachi/stdout.log</string>
<key>WorkingDirectory</key>
<string>/Library/Application Support/LogMeIn Hamachi/</string>
<key>Debug</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.saturn.helper.plist (checksum 396646342)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.v.helper</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/saturn/Agent/agent.app/Contents/MacOS/agent</string>
<string>-helper</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
</plist>
Contents of /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist (checksum 2883943871)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.macosforge.xquartz.privileged_startx</string>
<key>ProgramArguments</key>
<array>
<string>/opt/X11/lib/X11/xinit/privileged_startx</string>
<string>-d</string>
<string>/opt/X11/lib/X11/xinit/privileged_startx.d</string>
</array>
<key>MachServices</key>
<dict>
<key>org.macosforge.xquartz.privileged_startx</key>
<true/>
</dict>
<key>TimeOut</key>
<integer>120</integer>
<key>EnableTransactions</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist (checksum 394026997)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
<string>semi-auto</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist (checksum 2170691092)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist (checksum 150542840)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.Safari</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Safari.app/Contents/SafariSyncClient.app/Contents/MacOS/S afariSyncClient</string>
<string>--sync</string>
<string>com.apple.Safari</string>
<string>--entitynames</string>
<string>com.apple.bookmarks.Bookmark,com.apple.bookmarks.Folder</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ThrottleInterval</key>
<integer>60</integer>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Library/Safari/Bookmarks.plist</string>
</array>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.crossrider.wss002505.agent.plist (checksum 536811516)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.crossrider.wss002505.agent.plist</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/LaunchAgents/WebSocketServerApp</string>
<string>cmpId=2505</string>
<string>ibic=UUID</string>
<string>verifier=UUID</string>
<string>extId=67619</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.facebook.videochat.NAME.plist (checksum 552067689)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.facebook.videochat.NAME.updater</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/java</string>
<string>-cp</string>
<string>/Users/USER/Library/Application Support/Facebook/video/3.1.0.522/FacebookUpdate.jar</string>
<string>FacebookUpdate</string>
<string>com.facebook.peep</string>
<string>3.1.0.522</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>10800</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.genieo.completer.download.plist (checksum 1136178618)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.genieo.completer.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/com.genieoinnovation.Installer/Completer.app/Contents/MacOS/Installer</ string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17046</string>
<string>-firstAppId</string>
<string>126901037</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
</dict>
</plist>
Contents of Library/LaunchAgents/com.genieo.completer.ltvbit.plist (checksum 3007047868)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.genieo.completer.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/com.genieoinnovation.Installer/Completer.app/Contents/MacOS/Installer</ string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17046</string>
<string>-firstAppId</string>
<string>126901037</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
<integer>30</integer>
</dict>
...and 2 more line(s)
Contents of Library/LaunchAgents/com.genieo.completer.update.plist (checksum 3099326387)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.genieo.completer.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/com.genieoinnovation.Installer/Completer.app/Contents/MacOS/Installer</ string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17046</string>
<string>-firstAppId</string>
<string>126901037</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>15</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist (checksum 3926172640)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.jdibackup.ZipCloud.autostart</string>
<key>ProgramArguments</key>
<array>
<string>open</string>
<string>/Applications/ZipCloud.app/Contents/Resources/Utility.app</string>
<string>-n</string>
<string>--args</string>
<string>9</string>
<string>-l</string>
</array>
<key>StandardOutPath</key>
<string>/Users/USER/Library/Logs/ZipCloud/lagent_out.log</string>
<key>StandardErrorPath</key>
<string>/Users/USER/Library/Logs/ZipCloud/lagent_err.log</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist (checksum 1466627969)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.jdibackup.ZipCloud.notify</string>
<key>ProgramArguments</key>
<array>
<string>open</string>
<string>/Applications/ZipCloud.app/Contents/Resources/Utility.app</string>
<string>--args</string>
<string>7</string>
<string>1</string>
</array>
<key>StandardOutPath</key>
<string>/Users/USER/Library/Logs/ZipCloud/lagent_out.log</string>
<key>StandardErrorPath</key>
<string>/Users/USER/Library/Logs/ZipCloud/lagent_err.log</string>
<key>StartInterval</key>
<integer>1200</integer>
<key>RunAtLoad</key>
<false/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.webhelper.plist (checksum 1901315574)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.webhelper</string>
<key>EnableGlobbing</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/webHelperApp/launch</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>OnDemand</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>ThrottleInterval</key>
<integer>10</integer>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.webtools.update.agent.plist (checksum 3353881656)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableGlobbing</key>
<true/>
<key>Label</key>
<string>com.webtools.update.agent</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/WebTools/UpdateAgent/run_update.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/flashmall_updater.plist (Apple binary property list, checksum 333107266)
Font issues: 1
Bad plists
/Library/Preferences/com.gen.framework.plist
Library/Preferences/com.apple.iphotomosaic.plist
Listeners
kdc: kerberos
launchd: afpovertcp
launchd: printer
launchd: ssh
User login items
iTunesHelper
- missing value
uTorrent
- missing value
NIHardwareAgent
- missing value
HPEventHandler
- missing value
HP Product Research
- /Library/Application Support/Hewlett-Packard/Customer Participation/HP Product Research.app
Restricted files: 660
Lockfiles: 72
Elapsed time (s): 1389
A
If Safari crashes on launch and you don't have another web browser, you should be able to launch Safari by starting up in safe mode.
You installed the "Genieo" or "InstallMac" ad-injection malware. Follow the instructions on this Apple Support page to remove it.
Back up all data before making any changes.
Besides the files listed in the linked support article, you may also need to remove this file in the same way:
~/Library/LaunchAgents/com.genieo.completer.ltvbit.plist
If there are other items with a name that includes "Genieo" or "genieo" alongside any of those you find, remove them as well.
One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
After removing the malware, remember to reset your home page in all the web browsers affected, if it was changed.
If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, then you may have one of the other kinds of adware covered by the support article. Follow the rest of the instructions in the article.
Make sure you don't repeat the mistake that led you to install the malware. Chances are you got it from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
B
You installed a variant of the "VSearch" trojan. Remove it as follows.
This malware has many variants. Anyone else finding this comment should not expect it to be applicable.
Back up all data before proceeding.
Triple-click anywhere in the line below on this page to select it:
/Library/LaunchAgents/com.saturn.agent.plist
Right-click or control-click the line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with an item selected. Drag the selected item to the Trash. You may be prompted for your administrator login password.
Repeat with each of these lines:
/Library/LaunchDaemons/com.saturn.daemon.plist
/Library/LaunchDaemons/com.saturn.helper.plist
Restart the computer and empty the Trash. Then delete the following items in the same way:
/Library/Application Support/saturn
/System/Library/Frameworks/v.framework
The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.
This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
C
Not to be outdone, you also installed the "Crossrider" trojan. Take the steps below to disable it.
Malware is always changing to get around the defenses against it. These instructions are valid as of today, as far as I know. They won't necessarily be valid in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with any of the following names:
com.crossrider.wss*.agent.plist
com.webhelper.plist
com.webtools.update.agent.plist
flashmall_updater.plist
flashmall_updater.sh
WebSocketServerApp
Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with this name:
webHelperApp
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Finally, open this folder in the same way as above:
~/Library
Look for a subfolder with this name:
WebTools
and move it to the Trash, if present. Finally, empty the Trash.
D
You need to become much more cautious about installing software. Until you have more experience as a Mac user, I suggest you change a setting to allow only Apple updates and software from the App Store to be installed.
Open the Security & Privacy pane in System Preferences and select the General tab. Click the lock icon in the lower left corner and enter your password to unlock the settings. Select the button marked
Mac App Store
and close the preference pane. For information about the effects of this setting, see this support article. You may need to change the setting temporarily to install some third-party software, such as Flash Player. Be especially careful with that, as malware is often distributed in the form of a fake Flash update. Never follow a link to a Flash update on any web page. Instead use the built-in updater in the Flash Player preference pane.
The products in the App Store, while they aren't necessarily very good, can at least be considered safe enough to use.
Hi, thanks for the help, much appreciated! ! have followed all the steps above but I am still getting some pop ups. I have ran another diagnostics test and here are the results. Any idea what could be causing the remaining pop ups?
Thanks again for such a quick detailed response!
I am in the process of trying to educate my mum and family who use this mac so this problem will not occur again!
Start time: 19:40:37 01/18/15
Model Identifier: iMac7,1
System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Time since boot: 6 minutes
Memory
BANK 0/DIMM0:
Size: 2 GB
Speed: 667 MHz
Status: OK
Manufacturer: 0xCE00000000000000
BANK 1/DIMM1:
Size: 2 GB
Speed: 667 MHz
Status: OK
Manufacturer: 0xCE00000000000000
SATA
Hitachi HDT721064SLA360
Diagnostic reports
2014-12-29 Adobe AIR Installer crash x15
2015-01-03 CoreServicesUIAgent crash
2015-01-03 MacKeeper hang
2015-01-06 CoreServicesUIAgent crash
2015-01-16 plugin-container crash
2015-01-17 Java Updater crash
2015-01-18 com.apple.AmbientDisplayAgent crash
Log
Jan 18 17:54:48 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jan 18 17:54:49 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
Jan 18 17:54:58 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 18 17:54:58 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 18 17:56:43 com.apple.Kerberos.kdc: Service exited with abnormal code: 1
Jan 18 18:06:03 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 18 18:24:58 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 18 18:24:58 com.apple.WebKit.Plugin.64.UUID: Service exited with abnormal code: 1
Jan 18 18:24:58 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 18 18:24:58 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 18 18:25:56 com.apple.Kerberos.kdc: Service exited with abnormal code: 1
Jan 18 18:26:07 com.apple.locationd: Service exited with abnormal code: 1
Jan 18 18:27:26 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 18 18:40:44 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 18 18:41:41 com.apple.Kerberos.kdc: Service exited with abnormal code: 1
Jan 18 18:42:38 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 18 18:43:18 com.apple.spindump: Service exited with abnormal code: 75
Jan 18 18:51:16 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 18 18:51:16 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jan 18 19:19:29 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 18 19:20:32 com.apple.Kerberos.kdc: Service exited with abnormal code: 1
Jan 18 19:21:19 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Jan 18 19:34:06 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jan 18 19:35:05 com.apple.Kerberos.kdc: Service exited with abnormal code: 1
Jan 18 19:36:56 com.facebook.videochat.NAME.updater: Service exited with abnormal code: 1
Daemons
com.adobe.versioncueCS3
com.adobe.versioncueCS4
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
com.oracle.java.Helper-Tool
com.apple.aelwriter
com.logmein.hamachi
com.adobe.fpsaud
org.macosforge.xquartz.privileged_startx
Agents
com.adobe.CS4ServiceManager
com.adobe.ARM.UUID
com.facebook.videochat.NAME.updater
org.macosforge.xquartz.startx
com.oracle.java.Java-Updater
com.hp.help.tocgenerator
com.adobe.ARM.UUID
com.apple.Safari
Startup items
/Library/StartupItems/IntegoCommon/IntegoCommon
/Library/StartupItems/IntegoCommon/StartupParameters.plist
/Library/StartupItems/VirusBarrier/StartupParameters.plist
/Library/StartupItems/VirusBarrier/VirusBarrier
/Library/StartupItems/VirusBarrier/VirusBarrier.kext/Contents/Info.plist
/Library/StartupItems/VirusBarrier/VirusBarrier.kext/Contents/MacOS/VirusBarrie r
/Library/StartupItems/VirusBarrier/virusbarriers
/Library/StartupItems/VirusBarrier/VirusBarrierService.kext/Contents/Info.plist
/Library/StartupItems/VirusBarrier/VirusBarrierService.kext/Contents/MacOS/Viru sBarrierService
Bundles
/System/Library/Extensions/HerculesAudioDriver.kext
- com.Hercules.driver.HerculesAudioDriver
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/NIUSBAudio2DJ.kext
- com.caiaq.driver.NIUSBAudio2DJDriver
/System/Library/Extensions/NIUSBAudio4DJ.kext
- com.caiaq.driver.NIUSBAudio4DJDriver
/System/Library/Extensions/NIUSBAudioDriver.kext
- com.caiaq.driver.NIUSBHardwareDriver
/System/Library/Extensions/NIUSBDeviceHelper.kext
- com.native-instruments.driver.NIUSBDeviceHelper
/System/Library/Extensions/NIUSBTraktorAudio2.kext
- com.caiaq.driver.NIUSBTraktorAudio2Driver
/System/Library/Extensions/NIUSBTraktorKontrolS4.kext
- com.caiaq.driver.NIUSBTraktorKontrolS4Driver
/System/Library/Extensions/NIUSBTraktorKontrolX1.kext
- com.caiaq.driver.NIUSBTraktorKontrolX1Driver
/Library/Audio/MIDI Drivers/HerculesMIDIDriver.plugin
- com.Hercules.midi.driver.hercules
/Library/Audio/MIDI Drivers/NIUSBMIDIDriver.plugin
- N/A
/Library/Audio/MIDI Drivers/NIUSBTraktorKontrolS4MIDIDriver.plugin
- N/A
/Library/Audio/MIDI Drivers/NIUSBTraktorKontrolX1MIDIDriver.plugin
- N/A
/Library/Audio/Plug-Ins/Components/FreeAlpha.component
- com.linplug.au.FreeAlpha
/Library/Audio/Plug-Ins/VST/LinPlug/FreeAlpha.vst
- com.linplug.vst.FreeAlpha
/Library/Extensions/ham.kext
- com.logmein.hamachi
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/CANONiMAGEGATEWAYDL.plugin
- jp.Canon.cig.npdownload
/Library/Internet Plug-Ins/CANONiMAGEGATEWAYLI.plugin
- jp.Canon.cig.nplogin
/Library/Internet Plug-Ins/DivXBrowserPlugin.plugin
- com.divx.DivXBrowserPlugin
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
- net.telestream.wmv.plugin
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.webplugin
- net.telestream.wmv.webplugin
/Library/Internet Plug-Ins/GarminGpsControl.plugin
- com.garmin.GarminGpsControl
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/Loki.plugin
- com.skyhook.lokiplugin
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Flip4Mac WMV.prefPane
- net.telestream.wmv.prefpane
/Library/PreferencePanes/JavaControlPanel.prefPane
- com.oracle.java.JavaControlPanel
/Library/PreferencePanes/NetUpdate.prefPane
- com.intego.preference.netupdate
/Library/PreferencePanes/NIUSBAudio.prefPane
- com.caiaq.NIUSBAudioPreferencePane
/Library/PreferencePanes/VersionCueCS3.prefPane
- com.adobe.versioncueCS3.VCPrefPane
/Library/PreferencePanes/VersionCueCS4.prefPane
- com.adobe.versioncueCS4.VCPrefPane
/Library/QuickTime/FLV.component
- com.macromedia.FLVExporter
/Library/QuickTime/FLV.component/Contents/Resources
- com.macromedia.FLVExporter
/Library/QuickTime/SoundboothScoreCodec.component
- com.adobe.SoundboothScoreAudioCodec
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
/Library/Spotlight/Microsoft Entourage.mdimporter
- com.microsoft.entourageMDImporter
/Library/Widgets/Intego Status.wdgt
- com.intego.widget
/Library/Widgets/NetUpdate.wdgt
- com.intego.widget.netupdate
/Library/Widgets/VirusBarrier X4.wdgt
- com.intego.widget.virusbarrierx4
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Internet Plug-Ins/FacebookVideoCalling.bundle
- com.skype.FacebookVideoCalling
Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
Library/Widgets/HP Ink Widget.wdgt
- com.hp.widget.inkwidget
Apps
/Incompatible Software/GenieoExtra.framework/Contents/Resources/Payload.bundle
/Incompatible Software/GenieoExtra.framework/Contents/Frameworks/gen_ext_bundle.framework
/Incompatible Software/GenieoExtra.framework
Contents of /etc/ssh_config (checksum 2841432291)
Host *
SendEnv LANG LC_*
Host *
XAuthLocation /opt/X11/bin/xauth
Contents of /Library/LaunchAgents/com.hp.help.tocgenerator.plist (checksum 95484570)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>RunAtLoad</key>
<true/>
<key>WatchPaths</key>
<array>
<string>/Library/Documentation/Help/Hewlett-Packard</string>
<string>/Library/Documentation/Help/Hewlett-Packard/</string>
</array>
<key>ProgramArguments</key>
<array>
<string>/Library/Documentation/Help/Hewlett-Packard/TOCGenerator.app/Contents/M acOS/TOCGenerator</string>
</array>
<key>Label</key>
<string>com.hp.help.tocgenerator</string>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist (checksum 2296908636)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>20</integer>
<key>Minute</key>
<integer>24</integer>
<key>Weekday</key>
<integer>5</integer>
</dict>
</dict>
</plist>
Contents of /Library/LaunchAgents/org.macosforge.xquartz.startx.plist (checksum 2451978492)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.macosforge.xquartz.startx</string>
<key>ProgramArguments</key>
<array>
<string>/opt/X11/lib/X11/xinit/launchd_startx</string>
<string>/opt/X11/bin/startx</string>
<string>--</string>
<string>/opt/X11/bin/Xquartz</string>
</array>
<key>Sockets</key>
<dict>
<key>org.macosforge.xquartz:0</key>
<dict>
<key>SecureSocketWithKey</key>
<string>DISPLAY</string>
</dict>
</dict>
<key>ServiceIPC</key>
<true/>
<key>EnableTransactions</key>
<true/>
...and 2 more line(s)
Contents of /Library/LaunchDaemons/com.adobe.versioncueCS3.plist (checksum 714202969)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>Label</key>
<string>com.adobe.versioncueCS3</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/Adobe Version Cue CS3/Server/bin/VersionCueCS3d</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ServiceDescription</key>
<string>Adobe Version Cue CS3</string>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.adobe.versioncueCS4.plist (checksum 4003786817)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>Label</key>
<string>com.adobe.versioncueCS4</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/Adobe Version Cue CS4/Server/bin/VersionCueCS4d</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ServiceDescription</key>
<string>ServiceName</string>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.apple.qmaster.qmasterd.plist (checksum 681742547)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.qmaster.qmasterd</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/qmasterd</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.logmein.hamachi.plist (checksum 4265225024)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.logmein.hamachi</string>
<key>OnDemand</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/LogMeIn Hamachi/bin/hamachid</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/Library/Logs/LogMeIn Hamachi/stderr.log</string>
<key>StandardOutPath</key>
<string>/Library/Logs/LogMeIn Hamachi/stdout.log</string>
<key>WorkingDirectory</key>
<string>/Library/Application Support/LogMeIn Hamachi/</string>
<key>Debug</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist (checksum 2883943871)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.macosforge.xquartz.privileged_startx</string>
<key>ProgramArguments</key>
<array>
<string>/opt/X11/lib/X11/xinit/privileged_startx</string>
<string>-d</string>
<string>/opt/X11/lib/X11/xinit/privileged_startx.d</string>
</array>
<key>MachServices</key>
<dict>
<key>org.macosforge.xquartz.privileged_startx</key>
<true/>
</dict>
<key>TimeOut</key>
<integer>120</integer>
<key>EnableTransactions</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist (checksum 394026997)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
<string>semi-auto</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist (checksum 2170691092)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist (checksum 150542840)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.Safari</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Safari.app/Contents/SafariSyncClient.app/Contents/MacOS/S afariSyncClient</string>
<string>--sync</string>
<string>com.apple.Safari</string>
<string>--entitynames</string>
<string>com.apple.bookmarks.Bookmark,com.apple.bookmarks.Folder</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ThrottleInterval</key>
<integer>60</integer>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Library/Safari/Bookmarks.plist</string>
</array>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.facebook.videochat.NAME.plist (checksum 552067689)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.facebook.videochat.NAME.updater</string>
<key>ProgramArguments</key>
<array>
<string>/usr/bin/java</string>
<string>-cp</string>
<string>/Users/USER/Library/Application Support/Facebook/video/3.1.0.522/FacebookUpdate.jar</string>
<string>FacebookUpdate</string>
<string>com.facebook.peep</string>
<string>3.1.0.522</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>10800</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Font issues: 1
Bad plists
/Library/Preferences/com.gen.framework.plist
Library/Preferences/com.apple.iphotomosaic.plist
Listeners
cupsd: ipp
kdc: kerberos
launchd: afpovertcp
launchd: printer
launchd: ssh
User login items
iTunesHelper
- missing value
uTorrent
- missing value
NIHardwareAgent
- missing value
HPEventHandler
- missing value
HP Product Research
- /Library/Application Support/Hewlett-Packard/Customer Participation/HP Product Research.app
Restricted files: 660
Lockfiles: 72
Elapsed time (s): 1112
Please post a screenshot that shows what you mean. Be careful not to include any private information.
Start a reply to this message. Drag the image file into the editing window to upload it. You can also include text in the reply.
i will add anymore as they occur
getting this one fairly often and still some random hyperlinked text but not as much as before, example in this screenshot is 'DOWNLOADABLE'
First follow the instructions on this page. If there's a Firefox extension you can't get rid of, see below.
Back up all data before proceeding.
Triple-click anywhere in the line below on this page to select it:
~/Library/Application Support/Mozilla
Copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
A folder should open with an item named "Mozilla" selected. Quit Firefox if it's running. Move the selected item to the Trash. Relaunch the browser and test.
Adwaremedic is it safe ?
