How do I remove "FlashMall" from my computer? It appears overtime I open up a web page. Its located at the top and bottom. I have no idea how it got there.

You may have installed the "Crossrider" trojan. Take the steps below to disable it.

Malware is always changing to get around the defenses against it. This procedure works as of now, as far as I know. It may not work in the future. Anyone finding this comment a few days or more after it was posted should look for a more recent discussion, or start a new one.

Back up all data before continuing.

1. Triple-click the line below on this page to select it, then copy the text to the Clipboard by pressing the key combination command-C:

~/Library/LaunchAgents

In the Finder, select

Go ▹ Go to Folder...

from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return. A folder named "LaunchAgents" will open.

2. Inside the folder you just opened, there may be files with any of the following names:

com.crossrider.wss*.agent.plist

com.webhelper.plist

com.webtools.update.agent.plist

flashmall_updater.plist

flashmall_updater.sh

WebSocketServerApp

Here * stands for a variable six-digit number. Some of these files may be absent. Move any that you have to the Trash and close the Finder window. Log out or restart the computer. The trojan will now be inactive, but there are a few more components of it that should be cleaned up.

3. Do as in Step 1 with this line:

~/Library/Application Support

A folder named "Application Support" will open. Inside it there may be a subfolder with this name:

webHelperApp

If so, move that subfolder—not the "Application Support" folder—to the Trash.

4. Finally, open this folder in the same way as above:

~/Library

Look for a subfolder with this name:

WebTools

and move it to the Trash, if present. Finally, empty the Trash.

It worked thank you!!!

I went through and did all of the things that you suggested, but I am unable to remove the files from the trash as they are "in use." I tried closing both browsers and Emptying the Trash, but still didn't work.

Thanks for your help

Kit

Ignore my request, as I was able to empty the trash after a restart.

Linc,

I made the effort to create a login/user account just to say "thank you" for solving my "FlashMall" nightmare.

You Rock!

Thank you Linc!

Thank you so much for your detailed post. This worked for me, and I avoided an expensive trip to the shop and being without my Mac for an estimated four days. Really appreciate your taking the time to help others in the Community.

So this worked for about a month and now its back, it also highlights specific words, so when you cross over them, it pull up some other suggestions for you. I went through this process again today, and its not going anywhere, even though the files you mention are not found in the library. Any suggestions? Thank you very much.

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

The test works on OS X 10.7 ("Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.

Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.

2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.

You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.

In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.

You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.

Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.

4. Here's a general summary of what you need to do, if you choose to proceed:

☞ Copy a particular line of text to the Clipboard.

☞ Paste into the window of another application.

☞ Wait for the test to run. It usually takes a few minutes.

☞ Paste the results, which will have been copied automatically, back into a reply on this page.

These are not specific instructions; just an overview. The details are in parts 7 and 8 of this comment. The sequence is: copy, paste, wait, paste again. You don't need to copy a second time.

5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.

You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

7. Load this linked web page (on the website "Pastebin.") The title of the page is "Diagnostic Test." Below the title is a text box headed by three small icons. The one on the right represents a clipboard. Click that icon to select the text, then copy it to the Clipboard on your computer by pressing the key combination command-C.

If the text doesn't highlight when you click the icon, select it by triple-clicking anywhere inside the box. Don't select the whole page, just the text in the box.

8. Launch the built-in Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

Click anywhere in the Terminal window to activate it. Paste from the Clipboard into the window by pressing command-V, then press return. The text you pasted should vanish immediately.

9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter

exec bash

and press return. Then paste the script again.

10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.

If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:

[Process started]

Part 1 of 8 done at … sec
…
Part 8 of 8 done at … sec

The test results are on the Clipboard.

Please close this window.

[Process completed]

The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.

Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it and go to the next step. You'll have incomplete results, but still something.

12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.

If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "The message contains invalid characters." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.

14. This is a public forum, and others may give you advice based on the results of the test. They speak for themselves, not for me. The test itself is harmless, but whatever else you're told to do may not be. For others who choose to run it, I don't recommend that you post the test results on this website unless I asked you to.

______________________________________________________________

Copyright © 2014, 2015 by Linc Davis. As the sole author of this work (including the referenced "Diagnostic Test"), I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

.

Start time: 16:44:33 04/25/15

Revision: 1312

Model Identifier: iMac13,2

System Version: OS X 10.9.5 (13F1077)

Kernel Version: Darwin 13.4.0

Time since boot: 6:26

UID: 501

Bluetooth

Apple Wireless Keyboard

Apple Wireless Trackpad

File opens (per sec)

osascript (UID 501) => /Applications/Safari.app/Contents/Resources (status 0): 6

osascript (UID 501) => /.vol/16777218/2483355/osascript/..namedfork/rsrc (status 0): 6

DNS: 75.75.75.75

Listeners

cupsd: ipp

Wi-Fi

Security: WPA Personal

System caches/logs

1.8 GiB: /System/Library/Caches/com.apple.coresymbolicationd/data

Diagnostic reports

2015-04-25 helpd crash

HCI errors

Bus: 0x1d Addr: 6 Errors: 1

USB

USB 3.0 SuperSpeed Bus

Host Controller Location: Built-in USB

Host Controller Driver: AppleUSBXHCI

Bus Number: 0x0a

USB 3.0 Hi-Speed Bus

Host Controller Location: Built-in USB

Host Controller Driver: AppleUSBXHCI

Bus Number: 0x0a

USB Hi-Speed Bus

Host Controller Location: Built-in USB

Host Controller Driver: AppleUSBEHCI

Bus Number: 0x1a

Hub

Location ID: 0x1a100000 / 2

Current Available (mA): 500

Current Required (mA): 0

FaceTime HD Camera (Built-in)

Location ID: 0x1a110000 / 3

Current Available (mA): 500

Current Required (mA): 500

USB Hi-Speed Bus

Host Controller Location: Built-in USB

Host Controller Driver: AppleUSBEHCI

Bus Number: 0x1d

Hub

Location ID: 0x1d100000 / 2

Current Available (mA): 500

Current Required (mA): 0

Hub

Location ID: 0x1d180000 / 3

Current Available (mA): 500

Current Required (mA): 2

BRCM20702 Hub

Location ID: 0x1d181000 / 4

Current Available (mA): 500

Current Required (mA): 94

Bluetooth USB Host Controller

Location ID: 0x1d181300 / 7

Current Available (mA): 500

Current Required (mA): 0

Kernel log

Apr 25 10:17:48 Refusing new kext com.apple.kpi.mach, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.bsd, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.unsupported, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.iokit, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.private, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.private, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.unsupported, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.iokit, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.mach, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.libkern, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.mach, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.private, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.unsupported, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.iokit, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.libkern, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:17:48 Refusing new kext com.apple.kpi.bsd, v13.4: a loaded copy with a different executable UUID is already present.

Apr 25 10:18:55 pci pause: SDXC

Apr 25 10:18:56 SMC::smcReadKeyAction ERROR: smcReadData8 failed for key LsNM (kSMCKeyNotFound)

Apr 25 10:18:56 SMC::smcReadKeyAction ERROR LsNM kSMCKeyNotFound(0x84) fKeyHashTable=0x0

Apr 25 10:18:56 SMC::smcGetLightshowVers ERROR: smcReadKey LsNM failed (kSMCKeyNotFound)

Apr 25 10:18:56 SMC::smcPublishLightshowVersion ERROR: smcGetLightshowVers failed (kSMCKeyNotFound)

Apr 25 10:18:56 SMC::smcInitHelper ERROR: smcPublishLightshowVersion failed (kSMCKeyNotFound)

Apr 25 11:11:58 pci pause: SDXC

Apr 25 11:35:42 pci pause: SDXC

Apr 25 16:44:39 SMC::smcReadKeyAction ERROR MACR kSMCKeyNotReadable(0x85) fKeyHashTable=0x0xffffff8022bae000

System log

4 KB Plugin 0x000000010877d865 KB Plugin + 6245

5 KB Plugin 0x000000010877e08b KB Plugin + 8331

6 Foundation 0x00007fff8f323e1d __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke + 48

7 Foundation 0x00007fff8f323d4d -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 244

8 Foundation 0x00007fff8f323c3c -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] + 69

9 CFNetwork 0x00007fff96112184 ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointer FvvE_block_invoke + 104

10 CFNetwork 0x00007fff96196d40 ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16 _CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 + 84

11 CFNetwork 0x00007fff960f51dc ___ZNK17CoreSchedulingSet13_performAsyncEPKcU13block_pointerFvvE_block_invoke + 25

12 CoreFoundation 0x00007fff8f78ea94 CFArrayApplyFunction + 68

13 CFNetwork 0x00007fff960f50bb _ZN19RunloopBlockContext7performEv + 115

14 CFNetwork 0x00007fff960f4f63 _ZN17MultiplexerSource7performEv + 269

15 CFNetwork 0x00007fff960f4d92 _ZN17MultiplexerSource8_performEPv + 72

16 CoreFoundation 0x00007fff8f7c35b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17

17 CoreFoundation 0x00007fff8f7b4c62 __CFRunLoopDoSources0 + 242

18 CoreFoundation 0x00007fff8f7b43ef __CFRunLoopRun + 831

19 CoreFoundation 0x00007fff8f7b3e75 CFRunLoopRunSpecific + 309

20 Foundation 0x00007fff8f2d50fc -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 253

21 Foundation 0x00007fff8f3bdaca -[NSRunLoop(NSRunLoop) run] + 74

22 helpd 0x00000001066a522c helpd + 45612

23 Foundation 0x00007fff8f2d2d8b __NSThread__main__ + 1318

24 libsystem_pthread.dylib 0x00007fff93dee899 _pthread_body + 138

25 libsystem_pthread.dylib 0x00007fff93dee72a _pthread_struct_init + 0

26 libsystem_pthread.dylib 0x00007fff93df2fc9 thread_start + 13

)

Apr 25 15:55:20 com.apple.WebKit.Networking: ERROR: ForceShrinkPersistentStore_NoLock -delete- We do not have a BLOB or TEXT column type. Instead, we have 5.

launchd log

Apr 25 10:24:26 com.apple.qtkitserver: Could not terminate job: 3: No such process

Apr 25 11:43:05 com.apple.WebKit.WebContent.UUID: Could not terminate job: 3: No such process

Apr 25 11:43:05 com.apple.WebKit.Databases.UUID: Exited with code: 1

Apr 25 11:43:05 com.apple.WebKit.Networking.UUID: Exited with code: 1

Apr 25 15:22:25 com.apple.qtkitserver: Could not terminate job: 3: No such process

System services loaded

com.GeneralPlus.Usbweb

com.VTech.ConsoleServer

com.adobe.fpsaud

com.genieoinnovation.macextension.client

com.leapfrog.connect.authdaemon

com.mackeeper.MacKeeper.plugin.AntiTheft.daemon

Agent services loaded

com.Installer.completer.download

com.Installer.completer.ltvbit

com.Installer.completer.update

com.VTech.AgentMonitor

com.adobe.ARM.UUID

com.evernote.EvernoteHelper

com.extensions.updater67619.agent.plist

com.flashmall.agent

com.genieoinnovation.macextension

com.leapfrog.connect.monitor

com.mackeeper.MacKeeper.Helper

com.mackeeper.MacKeeper.service.clean

com.webhelper

com.webtools.uninstaller.app

com.webtools.update.0.0.0.9.agent

User login items

iTunesHelper

- /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

Dropbox

- /Users/USER/Desktop/Dropbox.app

Genieo

- /Applications/Genieo.app

Genieo

- /Applications/Genieo.app

Genieo

- /Applications/Genieo.app

Safari extensions

GoldenBoy

- com.gold.safari

Omnibar

- com.genieo.safari

User caches/logs

2.3 GiB: /var/folders/wh/pdf8hdt51y90xzlng95qx9qc0000gn/T/../C/com.apple.appstore/915041 082/nlu8009645675502688554.pkg

Restricted files: 475

Lockfiles: 4

Contents of /Library/LaunchAgents/com.genieoinnovation.macextension.plist

- mod date: Mar 4 16:49:14 2014

- size (B): 573

- checksum: 1626655917

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.genieoinnovation.macextension</string>

<key>ProgramArguments</key>

<array>

<string>/Library/Frameworks/GenieoExtra.framework/Contents/MacOS/Application</s tring>

</array>

<key>KeepAlive</key>

<true/>

<key>UseLMILaunchAgentFixer</key>

<true/>

<key>WorkingDirectory</key>

<string>/Library/Frameworks/GenieoExtra.framework/Contents/MacOS</string>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.GP.SocketService.plist

- mod date: Mar 19 19:38:29 2015

- size (B): 556

- checksum: 3388567950

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>KeepAlive</key>

<true/>

<key>Label</key>

<string>com.GeneralPlus.Usbweb</string>

<key>ProgramArguments</key>

<array>

<string>/Applications/VTech/DownloadManager/DownloadManager.app/Contents/Applic ations/AppAccessory/12051/GPSocketUSBService/GPSocketUSBService</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>SerVersion</key>

<integer>4</integer>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.VTechLLNService.plist

- mod date: Mar 19 19:38:20 2015

- size (B): 502

- checksum: 1347397703

<?xml version=\"1.0\" encoding=\"UTF-8\"?>

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.VTech.ConsoleServer</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/Preferences/VTech/DA/LLNServices/System/VTechLLNService.app/Co ntents/MacOS/VTechLLNService</string>

</array>

<key>RunAtLoad</key>

<true/>

<key>KeepAlive</key>

<true/>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.genieoinnovation.macextension.client.plist

- mod date: Mar 4 16:49:14 2014

- size (B): 586

- checksum: 2355274718

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.genieoinnovation.macextension.client</string>

<key>MachServices</key>

<dict>

<key>com.genieoinnovation.macextension.client.mach</key>

<true/>

<key>com.genieoinnovation.macextension.client.runnow</key>

<true/>

</dict>

<key>ProgramArguments</key>

<array>

<string>/Library/PrivilegedHelperTools/com.genieoinnovation.macextension.client </string>

</array>

</dict>

</plist>

Contents of /Library/LaunchDaemons/com.leapfrog.connect.authdaemon.plist

- mod date: Dec 22 18:57:05 2013

- size (B): 778

- checksum: 886752062

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.leapfrog.connect.authdaemon</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Library/PrivilegedHelperTools/com.leapfrog.connect.authdaemon</string>

</array>

<key>ServiceIPC</key>

<true/>

<key>Sockets</key>

<dict>

<key>MasterSocket</key>

<dict>

<key>SockFamily</key>

<string>Unix</string>

<key>SockPathMode</key>

<integer>438</integer>

<key>SockPathName</key>

<string>/var/run/com.leapfrog.connect.authdaemon.socket</string>

<key>SockType</key>

...and 5 more line(s)

Contents of /Library/LaunchDaemons/com.mackeeper.MacKeeper.plugin.AntiTheft.daemon.plist

- mod date: Apr 25 10:05:33 2015

- size (B): 446

- checksum: 3009493641

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>Disabled</key>

<false/>

<key>Label</key>

<string>com.mackeeper.MacKeeper.plugin.AntiTheft.daemon</string>

<key>Program</key>

<string>/Library/Application Support/MacKeeper/MacKeeperATd</string>

<key>KeepAlive</key>

<true/>

</dict>

</plist>

Contents of /System/Library/LaunchAgents/com.VTech.AgentMonitor.plist

- mod date: Mar 19 19:38:10 2015

- size (B): 474

- checksum: 4285841043

<?xml version="1.0" encoding="UTF-8"?>

<plist version="1.0">

<dict>

<key>Label</key>

<string>com.VTech.AgentMonitor</string>

<key>OnDemand</key>

<true/>

<key>ProgramArguments</key>

<array>

<string>/Applications/VTech/DownloadManager/DownloadManager.app/Contents/System /bin/AgentMonitor.app/Contents/MacOS/AgentMonitor</string>

</array>

<key>RunAtLoad</key>

<true/>

</dict>

</plist>

Contents of /private/etc/launchd.conf

- mod date: Mar 4 16:49:50 2014

- size (B): 54

- checksum: 1998244177

setenv DYLD_INSERT_LIBRARIES /usr/lib/libgenkit.dylib

Contents of Library/LaunchAgents/UpdateDownloader

- Mach-O 64-bit executable x86_64

- mod date: Mar 30 04:10:29 2015

- size (B): 132232

- checksum: 3984709371

Bad plists

/Library/Preferences/com.gen.framework.plist

Extensions

/System/Library/Extensions/LfConnectDriver.kext

- com.leapfrog.driver.LfConnectDriver

/System/Library/Extensions/LfEtherConfig.kext

- com.leapfrog.codeless.kext

Applications

/Applications/Genieo.app

- com.genieoinnovation.Genieo

/Applications/Uninstall Genieo.app

- com.yourcompany.Uninstall-Genieo

/Applications/Utilities/Adobe AIR Application Installer.app

- com.adobe.air.ApplicationInstaller

/Applications/VTech/DownloadManager/DownloadManager.app

- com.VTech.DLMgr

/Applications/WebTools.app

- N/A

/Applications/mediaDownloader.app

- com.yourcompany.mediaDownloader

/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR Application Installer.app

- com.adobe.air.ApplicationInstaller

/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app

- com.adobe.air.Template

Frameworks

/Library/Frameworks/Adobe AIR.framework

- com.adobe.AIR

/Library/Frameworks/GenieoExtra.framework

- com.genieoinnovation.macextension

PrefPane

/Library/PreferencePanes/Flash Player.prefPane

- com.adobe.flashplayerpreferences

Bundles

/Library/Application Support/LeapFrog/LeapFrog Connect/Plug-Ins/Flash Player.plugin

- com.macromedia.Flash Player.plugin

/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/AdobeCP15.plugin

- com.adobe.adobecp

/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Flash Player.plugin

- com.macromedia.FlashPlayer-10.6.plugin

/Library/Internet Plug-Ins/AdobePDFViewer.plugin

- com.adobe.acrobat.pdfviewer

/Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

- com.adobe.acrobat.pdfviewerNPAPI

/Library/Internet Plug-Ins/Flash Player.plugin

- com.macromedia.Flash Player.plugin

/Users/USER/Library/Application Support/MacKeeper Helper/NoticeEngine.plugin

- com.mackeeper.MacKeeper.plugin.NoticeEngine

Bundles (new)

/Applications/InstallMac/Reset Search.app

- com.tabatoo.InstallerT

/Applications/MacKeeper.app

- com.mackeeper.MacKeeper

/Applications/WebTools.app

-

/Applications/mediaDownloader.app

- N/A

/Users/USER/Applications/flashmall.app

- com.yourcompany.mediaDownloader

/Users/USER/Library/Application Support/IM.Installer/Completer.app

- com.flashmall.AppHelper

/Users/USER/Library/Application Support/MacKeeper Helper/NoticeEngine.plugin

- com.tabatoo.InstallerT

/Users/USER/Library/flashmall/Service.app

- com.mackeeper.MacKeeper.plugin.NoticeEngine

- com.flashmall.Service

Library paths

/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

/Users/USER/Library/VirtualDJ/Plugins/libmp3lame.dylib

/usr/lib/libgenkit.dylib

/usr/lib/libgenkitsa.dylib

Installations

MacKeeper: 4/21/15, 6:16 AM

MacKeeper: 4/21/15, 6:16 AM

Adobe Flash Player: 4/16/15, 4:08 PM

Adobe Flash Player: 3/19/15, 7:20 PM

Adobe Flash Player: 2/5/15, 2:17 PM

Elapsed time (sec): 258

Uninstall MacKeeper.

MacKeeper – Do Not Install

MacKeeper – Do Not Install (2) See SDW2001’s post

Thanks so much, so hate this stupid maleware programs, and spyware and all that crap, how about the govt takes about 1/4th of its defense spending and go after these companies and or people making these programs and somehow track them down, give them like 5000 hours community service ( fixing peoples computers for free!!) you now they would be hacking peoples computers though while doing it. Anyways this helped me and i was able to get rid f it. I was so much better years ago figuring out which running programs were malware these days i have no clue. all these fix quick programs never seem to work, I've paid top dollar for anti virus and malware and spyware, they never seem to really work.

Fantastic! Worked great. Thanks!

I went to the Apple Store near me and the associate at the Genius Bar showed me an application that is free on the web, AdwareMedic. He downloaded it and we ran it on my computer and it found all the files. There were a lot of files that I would not have been able to find on my own and it took literally 1 minute. So far it looks like all those little green embedded arrows are all gone. Woo hoo!