Q: Adwaremedic is it safe ?
-
May 25, 2015 11:09 AMby Jcurran01,ADWARE MEDIC IS SAFE. It's excellent and it removed MacKeeper and Top Deals, everything. It's QUICK too. No foofy garbage.
User Thomas_R. is legitimate.
I'm a digital advertising executive and actually was in the adware / spyware removal field for a while about a decade ago. Google me if you like to ensure I'm real too (Google = "James Curran STAQ")
My Mac got infected after my son downloaded a Minecraft Mod, and I used Adware Medic to remove everything, then donated. Please donate to it because the Adware Spyware removal business is a "Cat and Mouse Game". It never ends.
Thomas, I recommend you get some more endorsements so that people know you're legit. Like Ben Edelman (BenEdelman.org) and others.
Thank you Thomas and Adware Medic!
-
May 26, 2015 9:24 AMby ChitlinsCC,Howdy Thomas
You are indeed a breath of fresh air in these days of shameless profiteering. I add my endorsement - without credentials - and a link to your Donation Explanation page > http://www.thesafemac.com/donation/ - and quote the last paragraph
If you donate, I would like to express my thanks in advance! It is the support of my readers that keeps me going, even if I can’t always respond personally to each and every one of you. If you can’t donate, no worries.
BTW - to the readers -
Thomas needs your help in other ways... reporting new variants of these nefarious boogers that AdWareMedic doesn't yet include is mission critical! If it doesn't cure what ails you = REPORT!
buenos tardes, amigo
ÇÇÇ
-
May 28, 2015 11:26 AMby Charles Mcdaniel2,Thank you so much for offering to help. I did the Terminal App that you recommended and found the following. I see a number of things that I thought I had been able to delete (like Intego), or things I've never heard of (back burner). My computer is often slow. Any recommendations would be appreciated. Thank you.
Macbook Terminal Scan
Start time: 08:17:10 05/28/15
Model Identifier: MacBookPro11,1
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 5 days 19:08
Root access: No
FileVault: On
Diagnostic reports
2015-04-29 backburnerManager crash
2015-05-13 backburnerManager crash x2
2015-05-13 com.apple.AmbientDisplayAgent crash
2015-05-14 backburnerManager crash
2015-05-22 backburnerManager crash x2
2015-05-22 com.apple.AmbientDisplayAgent crash
Log
May 26 21:08:46 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:08:46 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:09:43 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 21:25:49 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:25:49 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:30:45 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:30:45 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:30:45 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 26 21:34:59 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:34:59 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:58:00 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 26 21:58:00 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 27 06:47:53 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 27 13:47:08 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 27 13:55:13 ARPT: 34361.087779: MacAuthEvent en0 Auth result for: 1c:1d:86:fc:12:50 Auth request tx failed
May 27 14:04:14 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 27 14:04:14 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 27 14:18:04 PM notification timeout (pid 296, Creative Cloud)
May 27 15:34:08 ARPT: 35578.363147: directed SSID scan fail
May 27 15:34:09 ARPT: 35578.664127: MacAuthEvent en0 Auth result for: 1c:1d:86:fc:10:bf Auth request tx failed
May 27 16:01:04 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 27 16:01:04 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 28 07:02:55 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 28 07:02:56 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 28 08:10:10 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Swap (MiB): 9814
kexts
com.sophos.nke.swi (9.2.50)
com.paceap.kext.pacesupport.snowleopard (5.9)
com.sophos.kext.sav (9.2.50)
Agents
com.adobe.AdobeCreativeCloud
com.citrix.ServiceRecords
com.sophos.uiserver
com.cisco.anyconnect.gui
com.intego.backupassistant.agent
com.citrix.ReceiverHelper
com.citrix.AuthManager_Mac
com.adobe.ARM.UUID
com.intego.VirusBarrier.alert
com.apple.Safari
com.google.keystone.user.agent
Startup items
/Library/StartupItems/Intego Backup Assistant/BackupAssistantAgent.app/Contents/Info.plist
/Library/StartupItems/Intego Backup Assistant/BackupAssistantAgent.app/Contents/MacOS/BackupAssistantAgent
/Library/StartupItems/Intego Backup Assistant/BackupAssistantDaemon
/Library/StartupItems/Intego Backup Assistant/BackupAssistantEngine
/Library/StartupItems/Intego Backup Assistant/PowerManagerTool
/Library/StartupItems/Intego Backup Assistant/uninstall.sh
/Library/StartupItems/TomTomNetworkReporter/StartupParameters.plist
/Library/StartupItems/TomTomNetworkReporter/TomTomNetworkReporter
/Library/StartupItems/TomTomNetworkReporter/TTNetworkReporter
Bundles
/System/Library/Extensions/CiscoVPN.kext
- com.cisco.nke.ipsec
/System/Library/Extensions/PACESupportFamily.kext
- com.paceap.kext.pacesupport.master
/System/Library/Extensions/UsbEthernetGadget.kext
- com.tomtom.driver.UsbEthernetGadget
/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin
- info.emagic.driver.unitor
/Library/Audio/Plug-Ins/HAL/DVCPROHDAudio.plugin
- com.apple.DVCPROHDAudio
/Library/Extensions/SophosNetworkInterceptor.kext
- com.sophos.nke.swi
/Library/Extensions/SophosOnAccessInterceptor.kext
- com.sophos.kext.sav
/Library/InputManagers/ChatBarrierX4/ChatBarrierX4.bundle
- com.intego.ChatBarrierX4
/Library/Internet Plug-Ins/AdobeAAMDetect.plugin
- com.AdobeAAMDetectLib.AdobeAAMDetect
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/CitrixICAClientPlugIn.plugin
- com.citrix.citrixicaclientplugIn
/Library/Internet Plug-Ins/F5 SSL VPN Plugin.plugin
- com.f5.sslvpnplugin
/Library/Internet Plug-Ins/f5_sslvpn.bundle
- com.f5.sslvpnbundle
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.plugin
- net.telestream.wmv.plugin
/Library/Internet Plug-Ins/Flip4Mac WMV Plugin.webplugin
- net.telestream.wmv.webplugin
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
- com.apple.plugin.iPhotoPhotocast
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.apple.java.JavaAppletPlugin
/Library/Internet Plug-Ins/npViewpoint.plugin
- com.apple.carbonbundletemplate
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Flip4Mac WMV.prefPane
- net.telestream.wmv.prefpane
/Library/PreferencePanes/VersionCueCS3.prefPane
- com.adobe.versioncueCS3.VCPrefPane
/Library/QuickTime/AppleProRes422.component
- com.apple.AppleProRes422
/Library/QuickTime/DesktopVideoOut.component
- com.apple.DesktopVideoOut
/Library/QuickTime/DVCPROHDCodec.component
- com.apple.DVCPROHDCodec
/Library/QuickTime/DVCPROHDMuxer.component
- com.apple.DVCPROHDMuxer
/Library/QuickTime/DVCPROHDVideoDigitizer.component
- com.apple.DVCPROHDVideoDigitizer
/Library/QuickTime/DVCPROHDVideoOutput.component
- com.apple.DVCPROHDVideoOutput
/Library/QuickTime/DVCPROHDVideoOutputClock.component
- com.apple.DVCPROHDVideoOutputClock
/Library/QuickTime/DVCPROHDVideoOutputCodec.component
- com.apple.DVCPROHDVideoOutputCodec
/Library/QuickTime/IMXCodec.component
- com.apple.IMXCodec
/Library/QuickTime/LiveType.component
- com.apple.LiveType.component
/Library/QuickTime/MayaIFF.component
- com.yourcompany.MayaIFF
/Library/QuickTime/Motion.component
- com.apple.motion.component
/Library/QuickTime/XviD_Codec 1.0 alpha.component
- com.yourcompany.XviD_Codec
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
/Library/Services/VirusBarrier X5 Service.service
- com.intego.VirusBarrier_X5_Service
/Library/Spotlight/GBSpotlightImporter.mdimporter
- com.apple.garageband.spotlightimporter
/Library/Spotlight/iWeb.mdimporter
- com.apple.MDImporter.iWeb
/Library/Widgets/Intego Backup Assistant Widget.wdgt
- com.intego.widget.backupassistant
/Library/Widgets/Personal Backup Widget.wdgt
- com.intego.widget.personalbackup
Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin
- com.citrixonline.mac.WebDeploymentPlugin
Library/Internet Plug-Ins/Google Earth Web Plug-in.plugin
- com.Google.GoogleEarthPlugin.plugin
App extensions
com.getdropbox.dropbox.garcon
Apps
/Applications/Dropbox.app
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.cisco.anyconnect.gui.plist (checksum 1087717482)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathState</key>
<dict>
<key>/opt/cisco/anyconnect/gui_keepalive</key>
<true/>
</dict>
</dict>
<key>Label</key>
<string>com.cisco.anyconnect.gui</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>open</string>
<string>--wait-apps</string>
<string>/Applications/Cisco/Cisco AnyConnect Secure Mobility Client.app</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.AuthManager_Mac.plist (checksum 1591517921)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ServiceIPC</key>
<true/>
<key>MachServices</key>
<dict>
<key>com.citrix.AuthManager_Mac</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.AuthManager_Mac</string>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/AuthManager_Mac.app/Contents/MacOS/AuthManager_Mac</ string>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ReceiverHelper.plist (checksum 676087606)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.citrix.ReceiverHelper</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<false/>
</dict>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ReceiverHelper.app/Contents/MacOS/ReceiverHelper</st ring>
</array>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Disabled</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.citrix.ServiceRecords.plist (checksum 1445213025)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>ServiceIPC</key>
<true/>
<key>MachServices</key>
<dict>
<key>com.citrix.Beacons</key>
<true/>
<key>com.citrix.ServiceRecords</key>
<true/>
</dict>
<key>Label</key>
<string>com.citrix.ServiceRecords</string>
<key>RunAtLoad</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>WaitForDebugger</key>
<false/>
<key>ProgramArguments</key>
<array>
<string>/usr/local/libexec/ServiceRecords.app/Contents/MacOS/ServiceRecords</st ring>
</array>
...and 8 more line(s)
Contents of /Library/LaunchAgents/com.intego.VirusBarrier.alert.plist (checksum 1330229273)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>WatchPaths</key>
<array>
<string>/Library/Intego/virusbarrier.bundle/Contents/Resources/.startAlert</str ing>
</array>
<key>Label</key>
<string>com.intego.VirusBarrier.alert</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Intego/virusbarrier.bundle/Contents/Resources/VirusBarrier X5 Alert.app/Contents/MacOS/VirusBarrier X5 Alert</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.intego.backupassistant.agent.plist (checksum 2485335348)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.intego.backupassistant.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Library/StartupItems/Intego Backup Assistant/BackupAssistantAgent.app/Contents/MacOS/BackupAssistantAgent</string>
<string>--launchd</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Library/StartupItems/Intego Backup Assistant/BackupAssistantEngineSupport.framework/Resources/.startAgent</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchAgents/com.sophos.uiserver.plist (checksum 40276757)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.sophos.uiserver</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Sophos Anti-Virus/SophosUIServer.app/Contents/MacOS/SophosUIServer</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/PACESupport.plist (checksum 1658798800)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN"
"http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.paceap.pacesupport</string>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Extensions/PACESupportFamily.kext/Contents/Resources/pa ceload</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.adobe.versioncueCS3.plist (checksum 714202969)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>GroupName</key>
<string>wheel</string>
<key>Label</key>
<string>com.adobe.versioncueCS3</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/Application Support/Adobe/Adobe Version Cue CS3/Server/bin/VersionCueCS3d</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ServiceDescription</key>
<string>Adobe Version Cue CS3</string>
<key>UserName</key>
<string>root</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.autodesk.backburner_manager.plist (checksum 515189678)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathStates</key>
<dict>
<key>/usr/discreet/backburner/nrapi.conf</key>
<true/>
</dict>
</dict>
<key>Label</key>
<string>com.autodesk.backburner_manager</string>
<key>ProgramArguments</key>
<array>
<string>/usr/discreet/backburner/backburnerManager</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.autodesk.backburner_server.plist (checksum 3593102920)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathStates</key>
<dict>
<key>/usr/discreet/backburner/nrapi.conf</key>
<true/>
</dict>
</dict>
<key>Label</key>
<string>com.autodesk.backburner_server</string>
<key>ProgramArguments</key>
<array>
<string>/usr/discreet/backburner/backburner_server</string>
<string>run</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.autodesk.backburner_start.plist (checksum 936414931)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<dict>
<key>PathStates</key>
<dict>
<key>/usr/discreet/backburner/nrapi.conf</key>
<true/>
</dict>
</dict>
<key>RunAtLoad</key>
<true/>
<key>Label</key>
<string>com.autodesk.backburner_start</string>
<key>ProgramArguments</key>
<array>
<string>/usr/discreet/backburner/backburner</string>
<string>boot</string>
</array>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.cisco.anyconnect.vpnagentd.plist (checksum 2630047092)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN
http://www.apple.com/DTDs/PropertyList-1.0.dtd >
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.cisco.anyconnect.vpnagentd</string>
<key>ProgramArguments</key>
<array>
<string>/opt/cisco/anyconnect/bin/vpnagentd</string>
<string>-execv_instance</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>AbandonProcessGroup</key>
<true/>
<key>EnableTransactions</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.intego.BackupAssistant.daemon.plist (checksum 107931800)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC -//Apple Computer//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd >
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.intego.BackupAssistant.daemon</string>
<key>ProgramArguments</key>
<array>
<string>/Library/StartupItems/Intego Backup Assistant/BackupAssistantDaemon</string>
</array>
<key>OnDemand</key>
<false/>
<key>RunAtLoad</key>
<true/>
<key>ServiceDescription</key>
<string>Allow Intego Backup Assistant tasks to be launched.</string>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.sophos.common.servicemanager.plist (checksum 1792128556)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>Label</key>
<string>com.sophos.common.servicemanager</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Sophos Anti-Virus/SophosServiceManager.bundle/Contents/MacOS/SophosServiceManager</str ing>
</array>
<key>KeepAlive</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist (checksum 2170691092)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe Reader 9/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist (checksum 771676774)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.apple.Safari</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Safari.app/Contents/SafariSyncClient.app/Contents/MacOS/S afariSyncClient</string>
<string>--sync</string>
<string>com.apple.Safari</string>
<string>--entitynames</string>
<string>com.apple.bookmarks.Bookmark,com.apple.bookmarks.Folder</string>
</array>
<key>RunAtLoad</key>
<false/>
<key>ThrottleInterval</key>
<integer>60</integer>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Library/Safari/Bookmarks.plist</string>
</array>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 341751826)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Font issues: 288
Bad plists
/Library/Preferences/com.epson.Epson Scanner ICA Driver.UnInstallList.plist
DNS: 164.67.128.1 (static)
Wi-Fi
link auth: none
User login items
AdobeResourceSynchronizer
- /Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app
Dropbox
- /Applications/Dropbox.app
Restricted files: 245
Lockfiles: 5
Elapsed time (s): 251
-
May 31, 2015 6:13 AMby PeDahlin,Hi,
I been having this pop-ups saying i got a virus and need to download different apps (which i didn't do). But I tried your script Linc Davis.
See the result below.
Start time: 14:39:09 05/31/15
Model Identifier: MacBookAir6,2
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 14 days 1:02
Diagnostic reports
2015-05-06 discoveryd crash x3
2015-05-07 discoveryd crash x2
Log
May 27 19:15:34 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 27 19:32:33 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 27 19:32:33 com.apple.WebKit.Databases.UUID: Service exited with abnormal code: 1
May 27 20:51:02 process plugin-container[1752] caught causing excessive wakeups. Observed wakeups rate (per sec): 150; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 714673
May 30 17:23:53 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 30 18:44:14 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
May 30 18:44:18 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
May 31 14:22:49 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Swap (MiB): 13886
Daemons
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
com.adobe.fpsaud
Agents
com.apple.photostream-agent
com.spotify.webhelper
com.google.keystone.user.agent
com.apple.AirPortBaseStationAgent
Startup items
/Library/StartupItems/HWNetMgr/HWNetCfg
/Library/StartupItems/HWNetMgr/HWNetMgr
/Library/StartupItems/HWNetMgr/StartupParameters.plist
/Library/StartupItems/HWPortDetect/HWPortCfg
/Library/StartupItems/HWPortDetect/HWPortDetect
/Library/StartupItems/HWPortDetect/StartupParameters.plist
/Library/StartupItems/StartOuc/libQtCore.4.6.2.dylib
/Library/StartupItems/StartOuc/libQtCore.4.6.dylib
/Library/StartupItems/StartOuc/libQtCore.4.dylib
/Library/StartupItems/StartOuc/libQtCore.dylib
/Library/StartupItems/StartOuc/RunOuc
/Library/StartupItems/StartOuc/StartOuc
/Library/StartupItems/StartOuc/StartupParameters.plist
Bundles
/System/Library/Extensions/HuaweiDataCardDriver.kext
- com.huawei.driver.HuaweiDataCardDriver
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/USBExpressCardCantWake_Huawei.kext
- com.apple.dts.driver.USBExpressCardCantWake
/Library/Audio/MIDI Drivers/RDUSB0033Midi.plugin
- jp.co.roland.RDUSB0033Midi
/Library/Extensions/RDUSB0033Dev.kext
- jp.co.roland.RDUSB0033Dev
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/GarminGpsControl.plugin
- com.garmin.GarminGpsControl
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 388233422)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.spotify.webhelper.plist (checksum 240653687)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.spotify.webhelper</string>
<key>KeepAlive</key>
<dict>
<key>NetworkState</key>
<true/>
</dict>
<key>RunAtLoad</key>
<true/>
<key>Program</key>
<string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>
<key>SpotifyPath</key>
<string>/Applications/Spotify.app</string></dict>
</plist>
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Garmin Express Service
- /Applications/Garmin Express.app/Contents/Library/LoginItems/Garmin Express Service.app
Spotify
- /Applications/Spotify.app
Restricted files: 42
Lockfiles: 3
Elapsed time (s): 194
A really big thanks for helping out!!
-
Jun 12, 2015 11:27 AMby AllyfromJC,Start time: 14:17:31 06/12/15
Model Identifier: MacBookPro11,1
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 33 minutes
USB
USB Receiver (Logitech Inc.)
FileVault: On
Diagnostic reports
2015-05-16 com.apple.preference.network.remoteservice crash
2015-05-22 Messages hang
2015-06-05 com.apple.AmbientDisplayAgent crash
2015-06-12 com.apple.AmbientDisplayAgent crash
Log
Jun 8 21:49:04 ARPT: 98145.196572: MacAuthEvent en0 Auth result for: c8:a7:0a:8a:4a:6e Auth request tx failed
Jun 9 16:54:25 process Messages[212] caught causing excessive wakeups. Observed wakeups rate (per sec): 174; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 1441480
Jun 10 13:43:43 utun_start: ifnet_disable_output returned error 12
Jun 11 07:34:37 USBF: 155854. 42 IOUSBHIDDriver(AppleUSBMultitouchDriver)::RearmInterruptRead returning error 0xe00002ed (device is not responding), not issuing any reads to device
Jun 11 17:09:48 process Adobe Photoshop [9305] thread 2281494 caught burning CPU! It used more than 50% CPU (Actual recent usage: 59%) over 180 seconds. thread lifetime cpu usage 259.574841 seconds, (218.661897 user, 40.912944 system) ledger info: balance: 90006053821 credit: 257081361558 debit: 167075307737 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 150535960578
Jun 11 17:37:13 USBF: 183263.983 IOUSBHIDDriver(AppleUSBMultitouchDriver)::RearmInterruptRead returning error 0xe00002ed (device is not responding), not issuing any reads to device
Jun 12 10:16:18 process PremierOpinionD[11379] caught causing excessive wakeups. Observed wakeups rate (per sec): 1093; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45034
Jun 12 10:54:25 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 12 13:42:20 com.apple.iTunesHelper.23888: Service exited with abnormal code: 1
Jun 12 13:45:21 com.apple.spindump: Service exited with abnormal code: 75
Jun 12 13:45:31 com.apple.spindump: Service exited with abnormal code: 75
Jun 12 13:45:41 com.apple.spindump: Service exited with abnormal code: 75
Jun 12 13:45:51 com.apple.spindump: Service exited with abnormal code: 75
Jun 12 13:46:01 com.apple.spindump: Service exited with abnormal code: 75
Jun 12 14:04:19 com.jdibackup.ZipCloud.notify: Service exited with abnormal code: 1
Jun 12 14:07:58 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Daemons
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
com.adobe.SwitchBoard
com.adobe.fpsaud
Agents
com.adobe.ARM.UUID
com.jdibackup.ZipCloud.autostart
com.citrixonline.GoToMeeting.G2MUpdate
com.adobe.ARM.UUID
com.spotify.webhelper
com.jdibackup.ZipCloud.notify
com.google.keystone.user.agent
com.apple.AirPortBaseStationAgent
com.adobe.PDApp.AAMUpdatesNotifier.77564.UUID
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin
- com.adobe.acrobat.pdfviewerNPAPI
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.apple.java.JavaAppletPlugin
/Library/Internet Plug-Ins/MeetingJoinPlugin.plugin
- com.microsoft.communicator.meetingjoinplugin
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/ScriptingAdditions/Adobe Unit Types.osax
- N/A
Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
Library/Internet Plug-Ins/CitrixOnlineWebDeploymentPlugin.plugin
- com.citrixonline.mac.WebDeploymentPlugin
Library/Internet Plug-Ins/WebEx64.plugin
- com.cisco_webex.plugin.gpc64
Library/ScriptingAdditions/BrowserHelper.osax
- com.flashmall.ScriptingAdditions
Contents of /etc/hosts (checksum 342357820)
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
fe80::1%lo0 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
Contents of /System/Library/LaunchDaemons/org.apache.httpd.plist (checksum 3012644940)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>org.apache.httpd</string>
<key>EnvironmentVariables</key>
<dict>
<key>XPC_SERVICES_UNAVAILABLE</key>
<string>1</string>
</dict>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/httpd-wrapper</string>
<string>-D</string>
<string>FOREGROUND</string>
</array>
<key>OnDemand</key>
<false/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/org.eyebeam.SelfControl.plist (checksum 3564044639)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>org.eyebeam.SelfControl</string>
<key>Disabled</key>
<true/>
<key>StartInterval</key>
<integer>60</integer>
<key>StartCalendarInterval</key>
<array>
<dict>
<key>Minute</key>
<integer>7</integer>
</dict>
<dict>
<key>Minute</key>
<integer>8</integer>
</dict>
<dict>
<key>Minute</key>
<integer>9</integer>
</dict>
</array>
...and 8 more line(s)
Firewall: On
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
AdobeResourceSynchronizer
- /Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app
Spotify
- /Applications/Spotify.app
Restricted files: 60
Lockfiles: 7
Elapsed time (s): 236
-
Jun 12, 2015 2:15 PMby Linc Davis,If you've decided to resist "adwaremedic" on this site, well done. That attitude will protect you from the same, or worse, problems in the future.
A
You seem to have an incomplete installation of the "Flashmall" trojan. Take the steps below to disable it. Many of the items listed below will not be present in your case. I'm posting the full procedure because others, like you, will find this thread.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:
com.crossrider
com.extensions
com.flashmall
com.Installer.completer
com.webhelper
com.webtools
flashmall
UpdateDownloader
WebSocketServerApp
Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with either of these names:
webHelperApp
IM.Installer
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Open this folder in the same way as above:
~/Library/ScriptingAdditions
and remove an item named
BrowserHelper.osax
if present.
5. Open this folder:
~/Library
Look for subfolders with either of these names:
flashmall
WebTools
and move them to the Trash, if present.
6. Open the Applications folder. If it contains an item named "Flashmall" or "WebTools", move that to the Trash.
Important: You can't delete applications by trying to drag them from the Dock or the LaunchPad. Open the Applications folder in the Finder.
7. Open this folder in the same way as above:
~/Applications
This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:
flashmall
and move it to the Trash, if present.
Empty the Trash.
8. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
B
"ZipCloud" is some sort of cloud-storage service with a doubtful reputation. The OS X client is sometimes distributed along with malware. Although ZipCloud may not be malicious itself, it should be deemed suspect by virtue of the company it keeps.
To remove ZipCloud, start by backing up all data (not with ZipCloud itself, of course.)
Quit the application, if it's running, and drag it from the Applications folder to the Trash.
Triple-click anywhere in the line below on this page to select it:
~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
Right-click or control-click the highlighted line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with a file selected. Move the selected file to the Trash.
In the same folder, there may also be a file named
com.jdibackup.ZipCloud.notify.plist
Move that to the Trash as well.
Log out or restart the computer and empty the Trash.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
<Edited By Host>
-
Jun 13, 2015 7:12 AMby petermac87,Linc has a well documented dislike of AdwareMedic, which you can see in many, many posts here. Yet what you will find many more times by searching here is how it has solved issues for other users. For Adware removal, I will continue to recommend
The Easy, safe, effective method:
http://www.adwaremedic.com/index.php
If you are comfortable doing manual file removals use the somewhat more difficult method:
http://support.apple.com/en-us/HT203987
Also read the articles below to be more prepared for the next time there is an issue on your computer.
https://discussions.apple.com/docs/DOC-7471
https://discussions.apple.com/docs/DOC-8071
http://www.thesafemac.com/tech-support-scam-pop-ups/
Pete
<Edited By Host>
-
Jun 12, 2015 3:08 PMby Ronda Wilson,Linc Davis wrote:
The only defense against malware is to empower users to understand what has happened to them at the file level and what they have to do to reverse it.
But, Linc, blindly following a complicated set of instructions does not "empower users to understand what has happened to them…"
They're just blindly following a complicated set of instructions.
Why do this when AdWare Medic accomplishes the task with a GUI they can understand?
You seem to make the (wrong) assumption that people coming here for help are as wise in the ways of logs and Terminal as you are. Most aren't.
You often talk about not trusting advice from strangers; but you are a stranger to these posters, too.
If I ever need it (and I hope I'm careful enough in my browsing and downloads that I don't), I would not hesitate to use AdwareMedic.
-
Jun 15, 2015 5:51 AMby thomas_r.,Linc Davis wrote:
If you've decided to resist "adwaremedic" on this site, well done.
If Linc's comments here cause anyone to think that AdwareMedic is not trustworthy, I'd ask you to discuss the matter with a local Apple tech, such as an Apple Genius at a local Apple Store. There's no need to take my word, Linc's, or anyone else's here, on the matter. An Apple representative can clear up the matter for you.
-
Jun 20, 2015 10:14 AMby cam1028,Start time: 11:56:58 06/20/15
Model Identifier: MacBookPro7,1
System Version: OS X 10.10.3 (14D136)
Kernel Version: Darwin 14.3.0
Time since boot: 3:33
SATA
ST9250315ASG
Diagnostic reports
2015-06-10 com.apple.preference.security.remoteservice crash
2015-06-18 coreaudiod crash
2015-06-19 WindowServer crash
2015-06-19 com.apple.preferences.extensions.remoteservice crash
Log
Jun 18 19:22:32 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 18 19:47:37 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 19 08:15:00 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 19 08:15:37 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 19 09:04:23 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 19 09:15:44 jnl: b(1, 2): replay_journal: from: 7744000 to: 12556800 (joffset 0x743000)
Jun 19 09:15:44 jnl: b(1, 2): journal replay done.
Jun 19 09:19:49 process WindowServer[136] caught causing excessive wakeups. Observed wakeups rate (per sec): 184; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45161
Jun 19 09:44:32 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 19 10:03:33 process com.apple.WebKit[2055] caught causing excessive wakeups. Observed wakeups rate (per sec): 222; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 84026
Jun 19 10:38:30 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 19 11:23:17 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 19 11:23:17 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 19 11:46:16 process com.apple.WebKit[13405] thread 96771 caught burning CPU!; EXC_RESOURCE supressed due to audio playback
Jun 19 18:01:46 process com.apple.WebKit[15694] caught causing excessive wakeups. Observed wakeups rate (per sec): 152; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45084
Jun 20 08:22:44 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 20 08:24:21 jnl: b(1, 2): replay_journal: from: 2558464 to: 7878656 (joffset 0x743000)
Jun 20 08:24:21 jnl: b(1, 2): journal replay done.
Jun 20 08:40:45 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 20 09:25:41 process WindowServer[139] caught causing excessive wakeups. Observed wakeups rate (per sec): 341; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 132916
Jun 20 09:53:59 process com.apple.WebKit[6826] caught causing excessive wakeups. Observed wakeups rate (per sec): 317; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 193858
Jun 20 10:00:27 process com.apple.WebKit[6816] caught causing excessive wakeups. Observed wakeups rate (per sec): 151; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 110481
Jun 20 10:03:12 process com.apple.WebKit[6816] thread 44797 caught burning CPU! It used more than 50% CPU (Actual recent usage: 55%) over 180 seconds. thread lifetime cpu usage 274.491970 seconds, (255.551102 user, 18.940868 system) ledger info: balance: 90004187734 credit: 268746226789 debit: 178742039055 limit: 90000000000 (50%) period: 180000000000 time since last refill (ns): 163410230035
Jun 20 11:03:50 com.apple.WebKit.Networking.UUID: Service exited with abnormal code: 1
Jun 20 11:57:04 process smcDiagnose[17932] caught causing excessive wakeups. Observed wakeups rate (per sec): 49281; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 47232
Activity
CPU: user 8%, system 6%
Daemons
com.apple.installer.osmessagetracing
com.adobe.fpsaud
Agents
com.webtools.update.0.0.0.9.agent
com.webhelper
com.spotify.webhelper
com.apple.AirPortBaseStationAgent
com.webtools.uninstaller.app
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/Flash Player.plugin
- N/A
/Library/Internet Plug-Ins/OfficeLiveBrowserPlugin.plugin
- com.microsoft.officelive.browserplugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Contents of Library/LaunchAgents/com.spotify.webhelper.plist (checksum 2241827825)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.spotify.webhelper</string>
<key>KeepAlive</key>
<dict>
<key>NetworkState</key>
<true/>
</dict>
<key>RunAtLoad</key>
<true/>
<key>Program</key>
<string>/Users/USER/Library/Application Support/Spotify/SpotifyWebHelper</string>
<key>SpotifyPath</key>
<string>/Applications/Spotify.app</string></dict>
</plist>
Contents of Library/LaunchAgents/com.webhelper.plist (checksum 948416710)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.webhelper</string>
<key>EnableGlobbing</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/webHelperApp/launch</string>
<string>-guid</string>
<string>UUID</string>
<string>-source</string>
<string>pr-1520</string>
<string>-brand</string>
</array>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>OnDemand</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
...and 6 more line(s)
Contents of Library/LaunchAgents/com.webtools.uninstaller.plist (checksum 347991739)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.webtools.uninstaller.app</string>
<key>EnableGlobbing</key>
<true/>
<key>WatchPaths</key>
<array>
<string>/Applications/WebTools.app</string>
</array>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/webHelperApp/uninstall</string>
</array>
</dict>
</plist>
Contents of Library/LaunchAgents/com.webtools.update.agent.plist (checksum 873177358)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableGlobbing</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.webtools.update.0.0.0.9.agent</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/WebTools/UpdateAgent/run_update.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartInterval</key>
<integer>600</integer>
<key>ThrottleInterval</key>
...and 3 more line(s)
Firewall: On
Wi-Fi
link auth: wpa-psk
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Spotify
- /Applications/Spotify.app
Restricted files: 44
Elapsed time (s): 268
-
Jun 20, 2015 12:51 PMby Linc Davis,You installed the "Flashmall" trojan. Take the steps below to disable it.
Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.
Back up all data before continuing.
1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:
~/Library/LaunchAgents
In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.
2. Inside the folder you just opened, there may be files with a name beginning in any of the following ways:
com.crossrider
com.extensions
com.flashmall
com.Installer.completer
com.webhelper
com.webtools
flashmall
UpdateDownloader
WebSocketServerApp
Move any such files to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.
3. Do as in Step 1 with this line:
~/Library/Application Support
A folder named "Application Support" will open. Inside it there may be a subfolder with either of these names:
webHelperApp
IM.Installer
If so, move that subfolder—not the "Application Support" folder—to the Trash.
4. Open this folder in the same way as above:
~/Library/ScriptingAdditions
and remove an item named
BrowserHelper.osax
if present.
5. Open this folder:
~/Library
Look for subfolders with either of these names:
flashmall
WebTools
and move them to the Trash, if present.
6. Open the Applications folder. If it contains an item named "Flashmall" or "WebTools", move that to the Trash.
Important: You can't delete applications by trying to drag them from the Dock or the LaunchPad. Open the Applications folder in the Finder.
7. Open this folder in the same way as above:
~/Applications
This is not the usual Applications folder, but a different one inside your home folder. Look for an application with a name like this:
flashmall
and move it to the Trash, if present.
Empty the Trash.
8. From the Safari menu bar, select
Safari ▹ Preferences... ▹ Extensions
Uninstall all extensions you don't know you need, including one called "GoldenBoy," if it's present. If in doubt, remove all of them. None is required for normal operation. Do the equivalent in the Chrome and Firefox browsers, if you use either of those.
-
Jun 22, 2015 5:09 PMby hhuhjaicidqs,Start time: 18:58:36 06/22/15
Model Identifier: MacBookPro9,2
System Version: OS X 10.10.2 (14C109)
Kernel Version: Darwin 14.1.0
Time since boot: 50 days 23:57
Diagnostic reports
2015-05-29 discoveryd crash
2015-06-16 MacKeeper crash x3
2015-06-16 QuickLookSatellite crash
2015-06-16 mdworker crash x2
2015-06-16 softwareupdated crash
Log
Jun 16 12:05:45 Sound assertion in AppleHDAFunctionGroup at line 1058
Jun 16 12:39:46 com.apple.WebKit.WebContent.UUID: Service exited with abnormal code: 1
Jun 17 10:40:06 Sound assertion in AppleHDAFunctionGroup at line 1058
Jun 17 10:42:12 com.mackeeper.MacKeeper.Uninstaller.61660: Service exited with abnormal code: 1
Jun 22 18:53:56 Sound assertion in AppleHDAFunctionGroup at line 1058
Swap (MiB): 5884
Daemons
com.apple.installer.osmessagetracing
com.microsoft.office.licensing.helper
Agents
com.webtools.update.0.0.0.9.agent
com.mackeeper.MacKeeper.service.clean
com.mackeeper.MacKeeper.Helper
com.google.keystone.user.agent
com.apple.AirPortBaseStationAgent
Bundles
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
- com.microsoft.sharepoint.browserplugin
/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin
- com.microsoft.sharepoint.webkitplugin
Contents of Library/LaunchAgents/com.google.keystone.agent.plist (checksum 3591276108)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.google.keystone.user.agent</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>
<string>-runMode</string>
<string>ifneeded</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>3523</integer>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.mackeeper.MacKeeper.Helper.plist (checksum 2605203230)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>EnvironmentVariables</key>
<dict>
<key>ZBTimeStamp</key>
<string>20150512181220</string>
</dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.mackeeper.MacKeeper.Helper</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>Program</key>
<string>/Applications/MacKeeper.app/Contents/Services/MacKeeper Helper.app/Contents/MacOS/MacKeeper Helper</string>
</dict>
</plist>
Contents of Library/LaunchAgents/com.webtools.update.agent.plist (checksum 1944118573)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnableGlobbing</key>
<true/>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.webtools.update.0.0.0.9.agent</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/WebTools/UpdateAgent/run_update.sh</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartInterval</key>
<integer>600</integer>
<key>ThrottleInterval</key>
...and 3 more line(s)
DNS: 75.75.75.75 (static)
Listeners
cupsd: ipp
User login items
iTunesHelper
- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Google Chrome
- /Applications/Google Chrome.app
Restricted files: 80
Lockfiles: 6
Elapsed time (s): 253
