Mac OS X Maverick Version 10.9.5
Browers taken over by "search.searchbenny.com" Firefox refreshed itself, deleted Chrome, but can't delete Safari to reinstall, because OS X "needs" it? How can I get Safari back?
iMac
I am not familiar with search.searchbenny.com but here are some suggestions regarding malware you may have loaded onto your Mac via one of your browsers
There are at least two schools of thought expressed by experienced users here in this Apple community regarding malware and popups.
One school primarily uses free application(s); the second school requires no additional software and just some simple steps on your part.
Read these (of many threads) discussions.
Yosemite OS X & MacKeeper I can't unistall
Got a malware on OS X Yosemite, how do I get rid of it?
Pop up problems in Safari on OS X Yosemite!
See these Apple notes:
Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support
Safari 8 (Yosemite): Security pane of Safari preferences
If necessary force quit Safari then restart Safari while holding the shift key.
There is no need to reinstall Safari or download anything to solve this problem.
You may have installed one or more of the common types of ad-injection malware. Follow the instructions on this Apple Support page to remove it. It's been reported that some variants of the "VSearch" malware block access to the page. If that happens, start in safe mode by holding down the shift key at the startup chime, then try again.
Back up all data before making any changes.
One of the steps in the article is to remove malicious Safari extensions. Do the equivalent in the Chrome and Firefox browsers, if you use either of those. If Safari crashes on launch, skip that step and come back to it after you've done everything else.
If you don't find any of the files or extensions listed, or if removing them doesn't stop the ad injection, ask for further instructions.
Make sure you don't repeat the mistake that led you to install the malware. It may have come from an Internet cesspit such as "Softonic" or "CNET Download." Never visit either of those sites again. You might also have downloaded it from an ad in a page on some other site. The ad would probably have included a large green button labeled "Download" or "Download Now" in white letters. The button is designed to confuse people who intend to download something else on the same page. If you ever download a file that isn't obviously what you expected, delete it immediately.
Malware is also found on websites that traffic in pirated content such as video. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.
In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.
Still in System Preferences, open the App Store or Software Update pane and check the box marked
Install system data files and security updates (OS X 10.10 or later)
or
Download updates automatically (OS X 10.9 or earlier)
if it's not already checked.
Hi Linc
In my case it was downloading the latest VLC that did it (I’ve been using an older version for years with older operating systems with no problems whatsoever, so had no idea of its reputation now and didn’t foresee any trouble).
I too have the dreaded “searchbenny” tabs and reduced functionality, but none of the files you helpfully named (or any variants) have showed up - no “genieo” or anything, just two Adobe launch agents and an Adobe launch daemon, all traceable to my Creative Cloud membership.
I did find an extension in Safari called “Golden Boy” that I couldn't find a decent explanation for online so I got rid of that, but in Chrome the only visible extension is FlashControl, which I dowloaded at least two years ago and have run without problems.
I decided it might be a safer bet, since I only downloaded VLC last Friday, to restore my hard drive from Thursday and see if I could work around the problem that way. However, I ran into the completely different problem (I only recently upgraded from Snow Leopard from Yosemite, and this is the first time I’ve had to use TM with a post-Lion OS) that now almost any folder - whether Applications, my named user drive or whatever - turns out to be unrestorable as it "can't be modified or deleted because it's required by OS X”.
I realise that the “Time Machine Restore function can’t actually restore anything” issue deserves its own separate thread (indeed, it has them, though no-one seems to have any real answers so far), but if you have any hints or tips for getting this to work, in the absence of any identifiable malware files, I’d be incredibly grateful.
As a final crowning cherry on this sorry cake, in order to leave this comment I had to log in to the Apple Community (in the process of which I had to reset my password) so there’s a strong chance that whatever malware is burrowing away in my system that I can’t Time Machine my way out of now has those details too.
Thanks for any advice you might be able to give.
In my case it was downloading the latest VLC that did it (I’ve been using an older version for years with older operating systems with no problems whatsoever, so had no idea of its reputation now and didn’t foresee any trouble).
Going to the official site of VLC is the only place you should be downloading VLC Player from:
There is also some adware known as VLC Add-on that has nothing to do with VLC.
Please point me to an reputable source that says VLC (from Videolan) contains malware.
1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
The test works on OS X 10.7 ("Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.
You may have started up in "safe" mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(1271 ' 0.5 0.25 50 1000 15 5120 1000 25000 5 1 0 100 ' 51 25600 4 10 25 5120 102400 1000 25 1 400 40 500 300 85 25 20480 262144 20 2000 524288 604800 5 1024 );k=({Soft,Hard}ware Memory Diagnostics Power FireWire Thunderbolt USB Bluetooth SerialATA Extensions Applications Frameworks PrefPane Fonts Displays PCI UniversalAccess InstallHistory ConfigurationProfile AirPort 'com\.apple\.' -\\t N\\/A 'AES|atr|udit|msa|dnse|ax|ensh|fami|FileS|fing|ft[pw]|gedC|kdu|etS|is\.|alk|ODSA|otp|htt|pace|pcas|ps-lp|rexe|rlo|rsh|smb|snm|teln|upd-[aw]|uuc|vix|webf' OSBundle{Require,AllowUserLoa}d 'Mb/s:Mb/s:ms/s:KiB/s:%:total:MB:total:per sec' 'Net in:Net out:I/O wait time:I/O requests:CPU usage:Open files:Memory:Mach ports:File opens:Forks:Failed forks:System errors' 'tsA|[ST]M[HL]' PlistBuddy{,' 2>&1'}' -c Print' 'Info\.plist' CFBundleIdentifier );f=('\n%s'{': ','\n\n'}'%s\n' '\nRAM details\n%s\n' %s{' ','\n'{"${k[22]}",}}'%s\n' '%.1f GiB: %s\n' '\n ...and %s more line(s)\n' '\nContents of %s\n '"${k[22]}"'mod date: %s\n '"${k[22]}"'checksum: %s\n%s\n' );c=(879294308 4071182229 461455494 3627668074 1083382502 1274181950 1855907737 2758863019 1848501757 464843899 2636415542 3694147963 1233118628 2456546649 2806998573 2778718105 842973933 1383871077 2051385900 3301885676 891055588 998894468 695903914 1443423563 4136085286 3374894509 1051159591 892310726 1707497389 523110921 2883943871 3873345487 );s=(' s/[0-9A-Za-z._]+@[0-9A-Za-z.]+\.[0-9A-Za-z]{2,4}/EMAIL/g;/faceb/s/(at\.)[^.]+/\1NAME/g;/\/Shared/!s/(\/Users\/)[^ /]+/\1USER/g;s/[-0-9A-Fa-f]{22,}/UUID/g;' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[4]} ' s/:$//;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: (E[^m]|[^EO])|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[9]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;q;} ' ' BEGIN { FS="\f";if(system("A1 42 83 114")) d="^'"${k[21]}"'launch(d\.peruser\.[0-9]+|ctl\.(Aqua|Background|System))$";} { if($2~/[1-9]/) { $2="status: "$2;printf("'"${f[4]}"'",$1,$2);} else if(!d||$1!~d) print $1;} ' ' $1>1{$NF=$NF" x"$1} /\*/{if(!f)f="\n\t* Code injection"} {$1=""} 1;END{print f} ' ' NR==2&&$4<='${p[7]}'{print $4} ' ' BEGIN{FS=":"} ($1~"wir"&&$2>'${p[22]}') {printf("wired %.1f\n",$2/2^18)} ($1~/P.+ts/&&$2>'${p[19]}') {printf("paged %.1f\n",$2/2^18)} ' '/YLD/s/=/ /p' ' { q=$1;$1="";u=$NF;$NF="";gsub(/ +$/,"");print q"\f"$0"\f"u;} ' ' /^ {6}[^ ]/d;s/:$//;/([^ey]|[^n]e):/d;/e: Y/d;s/: Y.+//g;H;${ g;s/ \n (\n)/\1/g;s/\n +(M[^ ]+)[ -~]+/ (\1)/;s/\n$//;/( {8}[^ ].*){2,}/p;} ' 's:^:/:p;' ' !/, .+:/{print};END{if(NR<'{${p[12]},${p[13]}}')printf("^'"${k[21]}"'.+")} ' '|uniq' ' 1;END { print "/L.+/Scr.+/Templ.+\.app$";print "/L.+/Pri.+\.plugin$";if(NR<'{${p[14]},${p[21]}}') print "^/[Sp].+|'${k[21]}'";} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:.+//p;' '&&echo On' '/\.(bundle|component|framework|kext|mdimporter|plugin|qlgenerator|saver|wdgt)$/p' '/\.dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".","");print $0"$";} END { split("'"${c[*]}"'",c);for(i in c) print "\t"c[i]"$";} ' ' /^\/(Ap|Dev|Inc|Prev)/d;/((iTu|ok).+dle|\.(component|mailbundle|mdimporter|plugin|qlgenerator|saver|wdgt))$/p;' ' BEGIN{ FS="= "} $2 { gsub(/[()"]/,"",$2);print $2;} ' ' /^\//!d;s/^.{5}//;s/ [^/]+\//: \//p;' '>&-||echo No' '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[2]}'{$2=$2-1;print}' ' BEGIN { M1='${p[16]}';M2='${p[18]}';M3='${p[8]}';M4='${p[3]}';} !/^A/{next};/%/ { getline;if($5<M1) o["CPU"]="CPU: user "$2"%, system "$4"%";next;} $2~/^disk/&&$4>M2 { o[$2]=$2": "$3" ops/s, "$4" blocks/s";next;} $2~/^(en[0-9]|bridg)/ { if(o[$2]) { e=$3+$4+$5+$6;if(e) o[$2]=o[$2]"; errors "e"/s";next;};if($4>M3||$6>M4) o[$2]=$2": in "int($4/1024)", out "int($6/1024)" (KiB/s)";} END { for(i in o) print o[i];} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/) ' ' BEGIN{FS=": "} /^ {10}O/ {exit} /^ {0,12}[^ ]/ {next} $1~"Ne"&&$2!~/^In/{print} $1~"Si" { split($2,a," ");if(a[1]-a[4]<'${p[5]}') print;};$1~"T"&&$2<'${p[20]}'{print};$1~"Se"&&$2!~"2"{print};' ' BEGIN { FS="\f";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1;} ' ' BEGIN { split("'"${p[1]}"'",m);FS="\f";} $2<=m[$1]{next} $1<9 { o[$1]=o[$1]"\n "$3" (UID "$4"): "$2;} $1==9&&$5!~"^/dev" { o[$1]=o[$1]"\n "$3" (UID "$4") => "$5" (status "$6"): "$2;} $1==10&&$5 { p="ps -c -ocomm -p"$5"|sed 1d";p|getline n;close(p);if(n) $5=n;o[$1]=o[$1]"\n "$5" => "$3" (UID "$4"): "$2;} $1~/1[12]/ { o[$1]=o[$1]"\n "$3" (UID "$4", error "$5"): "$2;} END { n=split("'"${k[27]}"'",u,":");for(i=n+1;i<n+4;i++)u[i]=u[n];split("'"${k[28]}"'",l,":");for(i=1;i<13;i++) if(o[i])print "\n"l[i]" ("u[i]")\n"o[i];} ' ' /^ {8}[^ ]/{print} ' ' BEGIN { L='${p[17]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"cksum "F|getline C;split(C, A);C=A[1];"stat -f%Sm "F|getline D;"file -b "F|getline T;if(T~/^Apple b/) { f="";l=0;while("'"${k[30]}"' "F|getline g) { l++;if(l<=L) f=f"\n "g;};};if(T!~/^(AS.+ (En.+ )?text(, with v.+)?$|(Bo|PO).+ sh.+ text ex|XM)/) F=F"\n '"${k[22]}"'"T;printf("'"${f[8]}"'",F,D,C,f);if(l>L) printf("'"${f[7]}"'",l-L);} ' ' s/^ ?n...://p;s/^ ?p...:/-'$'\t''/p;' 's/0/Off/p' 's/^.{52}(.+) <.+/\1/p' ' /id: N|te: Y/{i++} END{print i} ' ' /kext:/ { split($0,a,":");p=a[1];k[S]='${k[25]}';k[U]='${k[26]}';v[S]="Safe";v[U]="true";for(i in k) { s=system("'"${k[30]}"'\\ :"k[i]" \""p"\"/*/I*|grep -qw "v[i]);if(!s) a[1]=a[1]" "i;};if(!a[2]) a[2]="'"${k[23]}"'";printf("'"${f[4]}"'",a[1],a[2]);next;} !/^ *$/ { p="'"${k[31]}"'\\ :'"${k[33]}"' \""$0"\"/*/'${k[32]}'";p|getline b;close(p);if(b~/, .+:/||b=="") b="'"${k[23]}"'";printf("'"${f[4]}"'",$0,b);} ' '/ en/!s/\.//p' ' NR>=13 { gsub(/[^0-9]/,"",$1);print;} ' ' $10~/\(L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9|"sort|uniq";} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?'${k[32]}'$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ / [VY]/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' '/^find: /!p;' ' /^p/{ s/.//g;x;s/\nu/'$'\f''/;s/(\n)c/\1'$'\f''/;s/\n\n//;p;};H;' ' BEGIN{FS="= "} /Path/{print $2} ' ' /^ *$/d;s/^ */ /;p;' ' s/^.+ |\(.+\)$//g;p;' '1;END{if(NR<'${p[15]}')printf("^/(S|usr/(X|li))")}' ' /2/{print "WARN"};/4/{print "CRITICAL"};' ' /EVHF|MACR|^s/d;s/^.+: //p;' ' $3~/^[1-9][0-9]{0,2}(\.[1-9][0-9]{0,2}){2}$/ { i++;n=n"\n"$1"\t"$3;} END{ if(i>1)print n} ' s/{'\.|jnl: ','P.+:'}'//;s/ +([0-9]+)(.+)/\2'$'\t\t''\1/p' ' /^ +iP.+:$/{ s/://;b0'$'\n'' };/es: ./{ /iOS/d;s/^.+://;b0'$'\n'' };/^ +C.+ted: +[NY]/H;/:$/b0'$'\n'' d;:0'$'\n'' x;/: +N/d;s/\n.+//p;' ' 1d;/:$/b0'$'\n'' $b0'$'\n'' /(D|^ *Loc.+): /{ s/^.+: //;H;};/(B2|[my]): /H;d;:0'$'\n'' x;/[my]: [AM]|m: I.+p$|^\/Vo/d;s/(^|\n) [ -~]+//g;s/(.+)\n(.+)/\2:\1/;s/\n//g;/[ -~]/p;' 's/$/'$'\f''(0|-(4[34])?)$/p' '|sort'{'|uniq'{,\ -c},\ -nr} ' s/^/'{5,6,7,8}$'\f''/;s/ *'$'\f'' */'$'\f''/g;p;' '/e:/{print $2}' ' /^[(]/{ s/....//;s/$/:/;N;/: [)]$/d;s/\n.+ ([^ ]+).$/\1/;H;};${ g;p;} ' 's/:.+$//p' '|wc -l' /{\\.{kext,xpc,'(appex|pluginkit)'}'\/(Contents\/)?'Info,'Launch[AD].+'}'\.plist$/p' 's/([-+.?])/\\\1/g;p' 's/, /\'$'\n/g;p' ' BEGIN{FS="\f"} { printf("'"${f[6]}"'",$1/2^30,$2);} ' ' /= D/&&$1!~/'{${k[24]},${k[29]}}'/ { getline d;if(d~"t") print $1;} ' ' BEGIN{FS="\t"} NR>1&&$NF!~/0x|\.([0-9]{3,}|[-0-9A-F]{36})$/ { print $NF"\f"a[split($(NF-1),a," ")];} ' '|tail -n'{${p[6]},${p[10]}} ' s/.+bus /Bus: /;s/,.+[(]/ /;s/,.+//p;' ' { $NF=$NF" Errors: "$1;$1="";} 1 ' ' 1s/^/\'$'\n''/;/^ +(([MNPRSV]|De|Li).+|Bus): .|d: Y/d;s/:$//;$d;p;' ' BEGIN { RS=",";FS=":";} $1~"name" { gsub("\"","",$2);print $2;} ' '|grep -q e:/' '/[^ .]/p' '{ print $1}' ' /^ +N.+: [1-9]/ { i++;} END { if(i) print "system: "i;} ' ' NF { print "'{admin,user}' "$NF;exit;} ' ' /se.+ =/,/[\}]/!d;/[=\}]/!p ' ' 3,4d;/^ +D|Of|Fu| [0B]/d;s/^ |:$//g;$!H;${ x;/:/p;} ' ' BEGIN { FS=": ";} NR==1 { sub(":","");h="\n"$1"\n";} /:$/ { l=$1;next;} $1~"S"&&$2!~3 { getline;next;} /^ {6}I/ { i++;L[i]=l" "$2;if(i=='${p[24]}') nextfile;} END { if(i) print h;for(j=0;j<i;j++) print L[i-j];} ' ' /./H;${ x;s/\n//;s/\n/, /g;/,/p;} ' ' {if(int($6)>'${p[25]}')printf("swap used %.1f\n",$6/1024)} ' ' BEGIN{FS="\""} $3~/ t/&&$2!~/'{${k[24]},${k[29]}}'/{print $2} ' ' int($1)>13 ' p ' BEGIN{FS="DB="} { sub(/\.db.*/,".db",$2);print $2;} ' );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps crontab kextfind top pkgutil "${k[30]}\\" echo cksum kextstat launchctl smcDiagnose sysctl\ -n defaults\ read stat lsbom 'mdfind -onlyin' env pluginkit scutil 'dtrace -q -x aggsortrev -n' security sed\ -En awk 'dscl . -read' networksetup mdutil lsof test osascript\ -e netstat mdls route cat uname );c2=(${k[21]}loginwindow\ LoginHook ' /L*/P*/loginw*' "'tell app \"System Events\" to get properties of login items'" 'L*/Ca*/'${k[21]}'Saf*/E* -d 2 -name '${k[32]} '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' -i '-nl -print' '-F \$Sender -k Level Nle 3 -k Facility Req "'${k[21]}'('{'bird|.*i?clou','lsu|sha'}')"' "-f'%N: %l' Desktop {/,}L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message CRne '0xdc008012|(allow|call)ing|Goog|(mplet|nabl)ed|ry HD|safe b|xpm' -k Message CReq 'bad |Can.t l|corru|dead|fail|GPU |hfs: Ru|inval|Limiti|v_c|NVDA[(]|pagin|Purg(ed|in)|error|Refus|TCON|tim(ed? ?|ing )o|trig|WARN' " '-du -n DEV -n EDEV 1 10' 'acrx -o%cpu,comm,ruid' "' syscall::recvfrom:return {@a[execname,uid]=sum(arg0)} syscall::sendto:return {@b[execname,uid]=sum(arg0)} syscall::open*:entry {@c[execname,uid,copyinstr(arg0),errno]=count()} syscall::execve:return, syscall::posix_spawn:return {@d[execname,uid,ppid]=count()} syscall::fork:return, syscall::vfork:return, syscall::posix_spawn:return /arg0<0/ {@e[execname,uid,arg0]=count()} syscall:::return /errno!=0/ {@f[execname,uid,errno]=count()} io:::wait-start {self->t=timestamp} io:::wait-done /self->t/ { this->T=timestamp - self->t;@g[execname,uid]=sum(this->T);self->t=0;} io:::start {@h[execname,uid]=sum(args[0]->b_bcount)} tick-10sec { normalize(@a,2560000);normalize(@b,2560000);normalize(@c,10);normalize(@d,10);normalize(@e,10);normalize(@f,10);normalize(@g,10000000);normalize(@h,10240);printa(\"1\f%@d\f%s\f%d\n\",@a);printa(\"2\f%@d\f%s\f%d\n\",@b);printa(\"9\f%@d\f%s\f%d\f%s\f%d\n\",@c);printa(\"10\f%@d\f%s\f%d\f%d\n\",@d);printa(\"11\f%@d\f%s\f%d\f%d\n\",@e);printa(\"12\f%@d\f%s\f%d\f%d\n\",@f);printa(\"3\f%@d\f%s\f%d\n\",@g);printa(\"4\f%@d\f%s\f%d\n\",@h);exit(0);} '" '-f -pfc /var/db/r*/'${k[21]}'*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cght] ! -name .?\* ! -name \*ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f'$'\f''%Sc'$'\f''%N -t%F {} \;' '/S*/*/Ca*/*xpc*' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' /\ kMDItemContentTypeTree=${k[21]}{bundle,mach-o-dylib} :Label "/p*/e*/{auto*,{cron,fs}tab,hosts,{[lp],sy}*.conf,mach_i*/*,pam.d/*,ssh{,d}_config,*.local} {/p*,/usr/local}/e*/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t {/S*/,/,}L*/Lau*/*t .launchd.conf" list '-F "" -k Sender hidd -k Level Nle 3' /Library/Preferences/${k[21]}alf\ globalstate --proxy '-n get default' vm.swapusage --dns -get{dnsservers,info} dump-trust-settings\ {-s,-d,} -n1 '-R -ce -l1 -n5 -o'{'prt -stats prt','mem -stats mem'}',command,uid' -kl -l -s\ / '--regexp --files '${k[21]}'pkg.*' '+c0 -i4TCP:0-1023' ${k[21]}dashboard\ layer-gadgets '-d /L*/Mana*/$USER' '-app Safari WebKitDNSPrefetchingEnabled' '-Fcu +c0 -l' -m 'L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.???????' kern.memorystatus_vm_pressure_level '3>&1 >&- 2>&3' '-F \$Message -k Sender kernel -k Message CReq "'{'n Cause: -','(a und|I/O |jnl_io.+)err','USBF:.+bus'}'"' -name\ kMDItem${k[33]} -T\ hfs '-n get default' -listnetworkserviceorder :${k[33]} :CFBundleDisplayName $EUID {'$TMPDIR../C ','/{S*/,}'}'L*/{,Co*/*/*/L*/}{Cache,Log}s -type f -size +'${p[11]}'G -exec stat -f%z'$'\f''%N {} \;' \ /v*/d*/*/*l*d{,.*.$UID}/* '-app Safari UserStyleSheetEnabled' 'L*/A*/Fi*/P*/*/a*.json' users/$USER\ HomeDirectory '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' ' -F "\$Time \$(Sender): \$Message" -k Sender Rne "launchd|nsurls" -k Level Nle 3 -k Facility R'{'ne "user|','eq "'}'console" -k Message CRne "[{}<>]|asser|commit - no t|deprec|done |fmfd|Goog|ksho|ndum|obso|realp|rned f|sandbox ex|/root" ' getenv '/ "kMDItemDateAdded>=\$time.now(-'${p[23]}')&&kMDItem'${k[33]}'=*"' -m\ / '' ' -F "\$Time \$(RefProc): \$Message" -k Sender Req launchd -k Level Nle 3 -k Message Rne "asse|bug|File ex|hij|Ig|Jet|key is|lid t|Plea|ship" ' print{,-disabled}\ {system,user/$UID} -r ' -F "\$Message" -k Sender nsurlstoraged -k Time ge -1h -k Level Nle 4 -k Message Req "^(ER|IN)" ' );N1=${#c2[@]};for j in {0..20};do c2[N1+j]=SP${k[j]}DataType;done;l=({Restricted\ ,Lock,Pro}files POST Battery {Safari,App,{Bad,Loaded}\ kernel,Firefox}\ extensions System\ load boot\ args FileVault\ {2,1} {Kernel,System,Console,launchd}\ log SMC Login\ hook 'I/O per process' 'High file counts' UID {Daemons,Agents}\ {load,disabl}ed {Admin,Root}\ access Stylesheet Library\ paths{,' ('{shell,launchd}\)} Font\ issues Firewall Proxies DNS TCP/IP Wi-Fi 'Elapsed time (sec)' {Root,User}\ crontab {Global,User}' login items' Spotlight Memory\ pressure Listeners Widgets Parental\ Controls Prefetching Nets Volumes {Continuity,I/O,iCloud,HID,HCI}\ errors {User,System}\ caches/logs XPC\ cache Startup\ items Shutdown\ codes Heat Diagnostic\ reports Bad\ {plist,cache}s 'VM (GiB)' Bundles{,' (new)'} Trust\ settings Activity Free\ space );N3=${#l[@]};for i in {0..8};do l[N3+i]=${k[5+i]};done;F() { local x="${s[$1]}";[[ "$x" =~ ^([\&\|\<\>]|$) ]]&&{ printf "$x";return;};:|${c1[30]} "$x" 2>&-;printf "%s \'%s\'" "|${c1[30+$?]}" "$x";};A0() { Q=6;v[2]=1;id -G|grep -qw 80;v[1]=$?;((v[1]))||{ Q=7;sudo -v;v[2]=$?;((v[2]))||Q=8;};v[3]=`date +%s`;date '+Start time: %T %D%n';printf '\n[Process started]\n\n'>&4;printf 'Revision: %s\n\n' ${p[0]};};A1() { local c="${c1[$1]} ${c2[$2]}";shift 2;c="$c ` while [[ "$1" ]];do F $1;shift;done`";((P2))&&{ c="sudo $c";P2=;};v=`eval "$c"`;[[ "$v" ]];};A2() { local c="${c1[$1]}";[[ "$c" =~ ^(awk|sed ) ]]&&c="$c '${s[$2]}'"||c="$c ${c2[$2]}";shift 2;local d=` while [[ "$1" ]];do F $1;shift;done`;((P2))&&{ c="sudo $c";P2=;};local a;v=` while read a;do eval "$c '$a' $d";done<<<"$v";`;[[ "$v" ]];};A3(){ v=$((`date +%s`-v[3]));};export -f A1 A2;B1() { v=No;! ((v[1]))&&{ v=;P1=1;};};eval "`type -a B1|sed '1d;s/1/2/'`";B3(){ v[$1]="$v";};B4() { local i=$1;local j=$2;shift 2;local c="cat` while [[ "$1" ]];do F $1;shift;done`";v[j]=`eval "{ $c;}"<<<"${v[i]}"`;};B5(){ v="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d$'\e' <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F$'\e' ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`egrep -v "${v[$1]}"<<<"$v"|sort`;};eval "`type -a B7|sed '1d;s/7/8/;s/-v //'`";C0() { [[ "$v" ]]&&sed -E "$s"<<<"$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v"|sed -E "$s";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { B4 0 0 63&&C1 1 $1;};C4() { echo $'\t'"Part $((++P)) of $Q done at $((`date +%s`-v[3])) sec">&4;};C5() { sudo -k;pbcopy<<<"$o";printf '\n\tThe test results are on the Clipboard.\n\n\tPlease close this window.\n';exit 2>&-;};for i in 1 2;do eval D$((i-1))'() { A'$i' $@;C0;};';for j in 2 3;do eval D$((i+2*j-3))'() { local x=$1;shift;A'$i' $@;C'$j' $x;};';done;done;trap C5 2;o=$({ A0;D0 0 N1+1 2;D0 0 $N1 1;B1;C2 27;B1&&! B2&&C2 28;D2 22 15 63;D0 0 N1+2 3;D0 0 N1+15 17;D4 3 0 N1+3 4;D4 4 0 N1+4 5;D4 N3+4 0 N1+9 59;D0 0 N1+16 99;for i in 0 1 2;do D4 N3+i 0 N1+5+i 6;done;D4 N3+3 0 N1+8 71;D4 62 1 10 7;D4 10 1 11 8;B2&&D4 18 19 53 67;D2 11 2 12 9;D2 12 3 13 10;D2 13 32 70 101 25;D2 71 6 76 13;D2 45 20 52 66;A1 7 77 14;B3 28;A1 20 31 111;B6 0 28 5;B4 0 0 110;C2 66;D4 70 8 15 38;D0 9 16 16 77 45;C4;B2&&D0 35 49 61 75 76 78 45;B2&&{ D0 28 17 45;C4;};D0 12 40 54 16 79 45;D0 12 39 54 16 80 45;D4 31 25 77 15&&{ B4 0 8 103;B4 8 0;A2 18 74;B6 8 0 3;C3 32;};B2&&D4 19 21 0;B2&&D4 40 10 42;D2 2 0 N1+19 46 84;D2 44 34 43 53;D2 59 22 20 32;D2 33 0 N1+14 51;for i in {0..2};do A1 29 35+i 104+i;B3 25+i;done;B6 25 27 5;B6 0 26 5;B4 0 0 110;C2 69;D2 34 21 28 35;D4 35 27 29 36;A1 40 59 81;B3 18;A1 33 60 82;B8 18;B4 0 19 83;A1 27 32 39&&{ B3 20;B4 19 0;A2 33 33 40;B3 21;B6 20 21 3;};C2 36;D4 50 38 5 68;B4 19 0;D5 37 33 34 42;B2&&D4 46 35 45 55;D4 38 0 N1+20 43;B2&&D4 58 4 65 76 91;D4 63 4 19 44 75 95 12;B1&&{ D4 53 5 55 75 69&&D4 51 6 58 31;D4 56 5 56 97 75 98&&D0 0 N1+7 99;D2 55 5 27 84;D4 61 5 54 75 70;D4 14 5 14 96;D4 15 5 72 96;D4 17 5 78 96;C4;};D4 16 5 73 96;A1 13 44 74 18;C4;B3 4;B4 4 0 85;A2 14 61 89;B4 0 5 19 102;A1 17 41 50;B7 5;C3 8;B4 4 0 88;A2 14 24 89;C4;B4 0 6 19 102;B4 4 0 86;A2 14 61 89;B4 0 7 19 102;B5 6 7;B4 0 11 73 102;A1 42 83 114;j=$?;for i in 0 1;do ((! j))||((i))||B2&&A1 18 $((79+i-(i+53)*j)) 107+8*j 94 74;B7 11;B4 0 0 11;C3 23+2*i;D4 24+2*i 14 66+i 92+i;done;D4 60 4 21 24;D4 42 14 1 62;D4 43 37 2 90 48;D4 41 10 42;D2 48 36 47 25;A1 4 3 60&&{ B3 9;A2 14 61;B4 0 10 21;B4 9 0;A2 14 62;B4 0 0 21;B6 0 10 4;C3 5;};D4 9 41 69 100;D2 29 21 68 35;D2 49 21 48 49;B4 4 22 57 102;A1 21 46 56 74;B7 22;B4 0 0 58;C3 47;D4 54 5 7 75 76 69;D4 52 5 8 75 76 69;D4 57 4 64 76 91;D2 0 4 4 84;D2 1 4 51 84;D4 21 22 9 37;D0 0 N1+17 108;A1 23 18 28 89;B4 0 16 22 102;A1 16 25 33;B7 16;B4 0 0 34;D1 31 47;D4 64 4 71 41;D4 65 5 84 116 74;C4;B4 4 12 26 89 23 102;for i in {0..3};do A1 0 N1+10+i 72 74;B7 12;B4 0 0 52;C3 N3+5+i;((i))||C4;done;A1 24 22 29;B7 12;B3 14;A2 39 57 30;B3 15;B6 14 15 4;C3 67;A1 24 75 74;B3 23;A2 39 57 30;B3 24;B6 23 24 4;C3 68;B4 4 13 27 89 65;A1 24 23;B7 13;C3 30;B4 4 0 87;A2 14 61 89 20;B4 0 17;A1 26 50 64;B7 17;C3 6;D0 0 N1+18 109;D4 7 11 6;A3;C2 39;C4;} 4>&2 2>/dev/null;);C5
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad and start typing the name.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:
[Process started]
Part 1 of 8 done at … sec
…
Part 8 of 8 done at … sec
The test results are on the Clipboard.
Please close this window.
[Process completed]
The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.
Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it and go to the next step. You'll have incomplete results, but still something.
12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I may not agree with them.
______________________________________________________________
Copyright © 2014, 2015 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.
these are my results what should my next step be?
I have no clue what all of this means, but i cant get rid of this search benny malware.
Thank you for your help!!
KM
Start time: 10:15:49 03/02/15
Revision: 1271
Model Identifier: iMac11,3
System Version: OS X 10.10.1 (14B25)
Kernel Version: Darwin 14.0.0
Time since boot: 1 day22 minutes
UID: 501
SerialATA
ST31000528AS
USB
Slim Mac BK (Seagate LLC)
CTL-470 (WACOM Co., Ltd.)
Bluetooth
Apple Wireless Keyboard
Apple Magic Mouse
Apple Wireless Trackpad
Memory pressure: WARN
I/O wait time (ms/s)
kernel_task (UID 0): 931
Google Chrome (UID 502): 140
Google Chrome (UID 501): 135
I/O requests (KiB/s)
systemstatsd (UID 0): 24370
kernel_task (UID 0): 2581
Font issues: 113
DNS: 209.18.47.61
System caches/logs
2.7 GiB: /System/Library/Caches/com.apple.coresymbolicationd/data
Diagnostic reports
2015-02-02 AdobeCrashDaemon crash
2015-02-03 AdobeCrashDaemon crash
2015-02-06 AdobeCrashDaemon crash
2015-02-06 PenTabletDriver crash
2015-02-09 Dreamweaver hang
2015-02-12 AdobeCrashDaemon crash
2015-02-16 AdobeCrashDaemon crash
2015-02-19 AdobeCrashDaemon crash
2015-02-21 AdobeCrashDaemon crash
2015-02-21 Google Chrome hang
2015-02-24 AdobeCrashDaemon crash
2015-02-25 AdobeCrashDaemon crash
2015-02-26 Adobe Flash CS5 crash
2015-02-26 AdobeCrashDaemon crash
2015-02-27 Adobe InDesign C hang
2015-02-27 AdobeCrashDaemon crash x2
2015-02-28 AdobeCrashDaemon crash x2
I/O errors
disk3: do_jnl_io: strategy err 0x6 1
Volumes
disk0s2: /
disk1s2: /Volumes/Back Me Up Dawg
HID errors: 54
Kernel log
Feb 28 19:55:45 CoreStorageFamily::unlockVEKs(UUID) VEK unwrap failed. this is normal, except for the root volume.
Feb 28 19:55:54 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Feb 28 19:56:29 IOHIDSystem: Seize of AppleEmbeddedKeyboard failed.
Feb 28 20:27:50 PM notification timeout (pid 293, Creative Cloud)
Feb 28 20:27:50 PM notification timeout (pid 375, Adobe CEF Helper)
Feb 28 20:27:50 PM notification timeout (pid 374, Adobe CEF Helper)
Feb 28 20:28:22 Failed to get hibernate image filename
Mar 1 09:54:00 CoreStorageFamily::unlockVEKs(UUID) VEK unwrap failed. this is normal, except for the root volume.
Mar 1 09:54:02 ** GPU Hardware VM is disabled (multispace: disabled, page table updates with DMA: disabled)
Mar 1 10:59:11 PM notification timeout (pid 569, Creative Cloud)
Mar 1 10:59:11 PM notification timeout (pid 631, Adobe CEF Helper)
Mar 1 10:59:11 PM notification timeout (pid 632, Adobe CEF Helper)
Mar 1 10:59:44 Failed to get hibernate image filename
Mar 1 11:01:04 4021.625192: setPOWERSAVE ****SYNC SCAN CANCEL FAILED
Mar 1 16:22:07 PM notification timeout (pid 569, Creative Cloud)
Mar 1 16:22:07 PM notification timeout (pid 631, Adobe CEF Helper)
Mar 1 16:22:07 PM notification timeout (pid 632, Adobe CEF Helper)
Mar 1 17:51:58 PM notification timeout (pid 569, Creative Cloud)
Mar 1 17:51:58 PM notification timeout (pid 631, Adobe CEF Helper)
Mar 1 17:51:58 PM notification timeout (pid 632, Adobe CEF Helper)
Mar 1 17:52:31 Failed to get hibernate image filename
Mar 1 19:41:22 26182.734469: setPOWERSAVE ****SYNC SCAN CANCEL FAILED
Mar 1 21:30:14 26240.279178: setPOWERSAVE ****SYNC SCAN CANCEL FAILED
Mar 2 06:47:01 jnl: disk3: write_journal_header: error writing the journal header!
Mar 2 09:33:05 IOAudioStream[0xffffff801d5c9e00]::clipIfNecessary() - Error: counted 1 clip more than one buffer ahead errors.
System log
Mar 2 09:45:11 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 2 09:51:13 apsd: Failed entitlement check 'com.apple.private.aps-connection-initiate' for ManagedClientAgent[2119]
Mar 2 09:53:14 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:53:14 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:55:32 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.
Mar 2 09:57:02 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:57:02 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:57:09 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:57:09 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:58:25 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:58:25 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:58:26 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:58:26 Google Chrome Helper: CoreText CopyFontsForRequest received mig IPC error (FFFFFFFFFFFFFECC) from font server
Mar 2 09:59:13 apsd: Failed entitlement check 'com.apple.private.aps-connection-initiate' for ManagedClientAgent[2156]
Mar 2 09:59:48 EvernoteHelper: AppleEvents: Send port for process has no send right, port=( port:28587/0x6fab rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread
Mar 2 09:59:52 EvernoteHelper: AppleEvents: Send port for process has no send right, port=( port:28587/0x6fab rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread
Mar 2 09:59:52 EvernoteHelper: AppleEvents: Send port for process has no send right, port=( port:28587/0x6fab rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread
Mar 2 10:00:53 com.apple.WebKit.WebContent: CGBitmapContextCreate: unsupported parameter combination: 8 integer bits/component; 8 bits/pixel; 0-component color space; kCGImageAlphaNoneSkipFirst; 1216 bytes/row.
Mar 2 10:00:53 com.apple.WebKit.WebContent: CGBitmapContextCreate: unsupported parameter combination: 8 integer bits/component; 8 bits/pixel; 0-component color space; kCGImageAlphaNoneSkipFirst; 2048 bytes/row.
Mar 2 10:00:53 com.apple.WebKit.WebContent: CGBitmapContextCreate: unsupported parameter combination: 8 integer bits/component; 8 bits/pixel; 0-component color space; kCGImageAlphaNoneSkipFirst; 2048 bytes/row.
Mar 2 10:00:53 com.apple.WebKit.WebContent: CGBitmapContextCreate: unsupported parameter combination: 8 integer bits/component; 8 bits/pixel; 0-component color space; kCGImageAlphaNoneSkipFirst; 1216 bytes/row.
Mar 2 10:00:53 com.apple.WebKit.WebContent: CGBitmapContextCreate: unsupported parameter combination: 8 integer bits/component; 8 bits/pixel; 0-component color space; kCGImageAlphaNoneSkipFirst; 2048 bytes/row.
Mar 2 10:00:53 com.apple.WebKit.WebContent: CGBitmapContextCreate: unsupported parameter combination: 8 integer bits/component; 8 bits/pixel; 0-component color space; kCGImageAlphaNoneSkipFirst; 2048 bytes/row.
Mar 2 10:12:54 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Finder" for over 1.00 seconds. Server has re-enabled them.
Mar 2 10:16:40 WindowServer: disable_update_timeout: UI updates were forcibly disabled by application "Terminal" for over 1.00 seconds. Server has re-enabled them.
launchd log
Feb 28 10:55:27 com.apple.xpc.launchd.domain.user.loginwindow.501.4294967295: Could not import service from caller: caller = PenTabletDriver.509, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Feb 28 10:55:28 com.apple.xpc.launchd.domain.user.loginwindow.501.4294967295: Could not import service from caller: caller = PenTabletDriver.509, service = com.wacom.TabletDriver.21048, error = 134: Service cannot load in requested session
Feb 28 16:23:16 com.apple.xpc.launchd.domain.user.loginwindow.1061.4294967295: Could not import service from caller: caller = PenTabletDriver.1075, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Feb 28 16:23:19 com.apple.xpc.launchd.domain.user.loginwindow.1061.4294967295: Could not import service from caller: caller = PenTabletDriver.1075, service = com.wacom.TabletDriver.21048, error = 134: Service cannot load in requested session
Feb 28 16:24:02 com.apple.xpc.launchd.user.501.100039.Aqua: Could not import service from caller: caller = otherbsd.1102, service = com.evernote.EvernoteHelper, error = 119: Service is disabled
Feb 28 16:24:02 com.apple.xpc.launchd.user.501.100039.Aqua: Could not import service from caller: caller = otherbsd.1102, service = com.apple.photostream-agent, error = 119: Service is disabled
Feb 28 16:31:29 com.apple.xpc.launchd.domain.user.loginwindow.1292.4294967295: Could not import service from caller: caller = PenTabletDriver.1307, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Feb 28 16:31:30 com.apple.xpc.launchd.domain.user.loginwindow.1292.4294967295: Could not import service from caller: caller = PenTabletDriver.1307, service = com.wacom.TabletDriver.21048, error = 134: Service cannot load in requested session
Feb 28 19:08:35 com.apple.xpc.launchd.domain.user.loginwindow.1501.4294967295: Could not import service from caller: caller = PenTabletDriver.1529, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Feb 28 19:08:36 com.apple.xpc.launchd.domain.user.loginwindow.1501.4294967295: Could not import service from caller: caller = PenTabletDriver.1529, service = com.wacom.TabletDriver.21048, error = 134: Service cannot load in requested session
Feb 28 19:10:17 com.apple.xpc.launchd.user.501.100057.Aqua: Could not import service from caller: caller = otherbsd.1608, service = com.evernote.EvernoteHelper, error = 119: Service is disabled
Feb 28 19:10:17 com.apple.xpc.launchd.user.501.100057.Aqua: Could not import service from caller: caller = otherbsd.1608, service = com.apple.photostream-agent, error = 119: Service is disabled
Feb 28 19:56:31 com.apple.xpc.launchd.domain.user.loginwindow.67.4294967295: Could not import service from caller: caller = PenTabletDriver.194, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Feb 28 19:56:33 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.214, service = com.evernote.EvernoteHelper, error = 119: Service is disabled
Feb 28 19:56:33 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.214, service = com.apple.photostream-agent, error = 119: Service is disabled
Mar 1 09:54:25 com.apple.xpc.launchd.domain.user.loginwindow.67.4294967295: Could not import service from caller: caller = PenTabletDriver.191, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Mar 1 09:54:26 com.apple.xpc.launchd.domain.user.loginwindow.67.4294967295: Could not import service from caller: caller = PenTabletDriver.191, service = com.wacom.TabletDriver.21048, error = 134: Service cannot load in requested session
Mar 1 09:54:27 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.212, service = com.evernote.EvernoteHelper, error = 119: Service is disabled
Mar 1 09:54:27 com.apple.xpc.launchd.user.501.100006.Aqua: Could not import service from caller: caller = otherbsd.212, service = com.apple.photostream-agent, error = 119: Service is disabled
Mar 1 09:55:50 com.apple.xpc.launchd.domain.user.loginwindow.413.4294967295: Could not import service from caller: caller = PenTabletDriver.418, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Mar 1 09:55:51 com.apple.xpc.launchd.domain.user.loginwindow.413.4294967295: Could not import service from caller: caller = PenTabletDriver.418, service = com.wacom.TabletDriver.21048, error = 134: Service cannot load in requested session
Mar 2 09:20:45 com.apple.xpc.launchd.domain.user.loginwindow.1560.4294967295: Could not import service from caller: caller = PenTabletDriver.1570, service = com.wacom.Consumer_TouchDriver.20480, error = 134: Service cannot load in requested session
Mar 2 09:20:49 com.apple.xpc.launchd.domain.user.loginwindow.1560.4294967295: Could not import service from caller: caller = PenTabletDriver.1570, service = com.wacom.TabletDriver.21048, error = 134: Service cannot load in requested session
Mar 2 09:21:36 com.apple.xpc.launchd.user.501.100047.Aqua: Could not import service from caller: caller = otherbsd.1636, service = com.evernote.EvernoteHelper, error = 119: Service is disabled
Mar 2 09:21:36 com.apple.xpc.launchd.user.501.100047.Aqua: Could not import service from caller: caller = otherbsd.1636, service = com.apple.photostream-agent, error = 119: Service is disabled
Loaded kernel extensions
com.jft.driver.PdaNetDrv (1.0.64)
Daemons loaded
com.adobe.SwitchBoard
com.adobe.adobeupdatedaemon
com.adobe.fpsaud
com.apple.AccountPolicyHelper
com.apple.CodeSigningHelper
com.apple.GSSCred
com.apple.MobileFileIntegrity
com.apple.awdd
com.apple.backupd-auto
com.apple.cache_delete
com.apple.cfprefsd.xpc.daemon
com.apple.coreduetd
com.apple.coresymbolicationd
com.apple.ctkd
com.apple.diagnosticd
com.apple.dpd
- status: 75
com.apple.icloud.findmydeviced
com.apple.iconservices.iconservicesagent
com.apple.iconservices.iconservicesd
com.apple.ifdreader
com.apple.installd
com.apple.nehelper
com.apple.networkd_privileged
com.apple.nsurlsessiond_privileged
com.apple.nsurlstoraged
com.apple.periodic-daily
com.apple.sandboxd
com.apple.secinitd
com.apple.softwareupdate_download_service
com.apple.softwareupdated
com.apple.spindump
com.apple.sysmond
com.apple.systemstatsd
com.apple.tccd.system
com.apple.watchdogd
com.apple.wdhelper
com.google.keystone.daemon
com.jft.PdaNetMac
- status: 78
com.leapfrog.connect.shell
com.oracle.java.Helper-Tool
com.oracle.java.JavaUpdateHelper
Agents loaded
com.apple.DataDetectorsDynamicData
com.apple.InputMethodKit.UserDictionary
com.apple.cfprefsd.xpc.agent
com.apple.distnoted.xpc.agent
com.apple.imdpersistence.IMDPersistenceAgent
com.apple.pluginkit.pkd
com.apple.secd
com.apple.secinitd
com.apple.security.cloudkeychainproxy3
com.apple.tccd
Agents disabled
com.macpaw.CleanMyMac.trashSizeWatcher
com.macpaw.CleanMyMac.volumeWatcher
User login items
EvernoteHelper
- /Applications/Evernote.app/Contents/Library/LoginItems/EvernoteHelper.app
Firefox extensions
Mozilla Firefox hotfix
Widgets
Address Book
iCal
timeEdition
iCloud errors
bird 284
cloudd 17
CallHistorySyncHelper 6
comapple.InputMethodKit.UserDictionary 4
Restricted files: 293
Lockfiles: 27
Accessibility
Keyboard Zoom: On
Scroll Zoom: On
Contents of /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
- mod date: Dec 31 17:11:11 2014
- checksum: 2088097766
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.oracle.java.Java-Updater</string>
<key>ProgramArguments</key>
<array>
<string>/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater</string>
<string>-bgcheck</string>
</array>
<key>StandardErrorPath</key>
<string>/dev/null</string>
<key>StandardOutPath</key>
<string>/dev/null</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>20</integer>
<key>Minute</key>
<integer>0</integer>
<key>Weekday</key>
<integer>3</integer>
</dict>
</dict>
...and 1 more line(s)
Contents of /Library/LaunchAgents/com.wacom.pentablet.plist
- mod date: Jun 24 15:03:11 2011
- checksum: 3556858023
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>EnvironmentVariables</key>
<dict>
<key>RUN_WITH_LAUNCHD</key>
<string>1</string>
</dict>
<key>KeepAlive</key>
<dict>
<key>SuccessfulExit</key>
<true/>
</dict>
<key>Label</key>
<string>com.wacom.pentablet</string>
<key>LimitLoadToSessionType</key>
<array>
<string>Aqua</string>
<string>LoginWindow</string>
</array>
<key>Program</key>
<string>/Library/Application Support/Tablet/PenTabletSpringboard</string>
<key>RunAtLoad</key>
<true/>
...and 4 more line(s)
Contents of /Library/LaunchDaemons/com.adobe.adobeupdatedaemon.plist
- mod date: Feb 1 11:07:41 2015
- checksum: 216630318
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<true/>
<key>Label</key>
<string>com.adobe.adobeupdatedaemon</string>
<key>LaunchOnlyOnce</key>
<true/>
<key>Program</key>
<string>/Applications/Utilities/Adobe Creative Cloud/ElevationManager/AdobeUpdateDaemon</string>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of /Library/LaunchDaemons/com.leapfrog.connect.shell.plist
- mod date: Dec 26 13:23:36 2011
- checksum: 2059882050
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<true/>
<key>Label</key>
<string>com.leapfrog.connect.shell</string>
<key>OnDemand</key>
<true/>
<key>ProgramArguments</key>
<array>
<string>/Library/PrivilegedHelperTools/com.leapfrog.connect.shell</string>
</array>
<key>ServiceIPC</key>
<true/>
<key>Sockets</key>
<dict>
<key>MasterSocket</key>
<dict>
<key>SockFamily</key>
<string>Unix</string>
<key>SockPathMode</key>
<integer>438</integer>
<key>SockPathName</key>
...and 7 more line(s)
Contents of /System/Library/LaunchDaemons/com.jft.PdaNetMac.plist
- mod date: Dec 12 19:46:23 2009
- checksum: 2178332282
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>OnDemand</key>
<false/>
<key>KeepAlive</key>
<true/>
<key>RunAtLoad</key>
<true/>
<key>Label</key>
<string>com.jft.PdaNetMac</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/PdaNetMac.app/Contents/MacOS/PdaNetMac</string>
<string>darwin</string>
</array>
</dict>
</plist>
Contents of /private/etc/launchd.conf
- mod date: Oct 24 14:02:25 2013
- checksum: 2838013957
setenv DYLD_INSERT_LIBRARIES /usr/lib/libimckit.dylib
Contents of Library/LaunchAgents/com.Installer.completer.download.plist
- mod date: Feb 27 18:50:18 2015
- checksum: 3317977387
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17498</string>
<string>-firstAppId</string>
<string>734540002</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
<string>false</string>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.Installer.completer.ltvbit.plist
- mod date: Feb 27 18:50:19 2015
- checksum: 2588251257
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17498</string>
<string>-firstAppId</string>
<string>734540002</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
<integer>34</integer>
</dict>
...and 2 more line(s)
Contents of Library/LaunchAgents/com.Installer.completer.update.plist
- mod date: Feb 27 18:50:18 2015
- checksum: 2706567834
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17498</string>
<string>-firstAppId</string>
<string>734540002</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>18</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist
- mod date: Jan 31 21:59:44 2011
- checksum: 3089358298
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.adobe.ARM.UUID</string>
<key>ProgramArguments</key>
<array>
<string>/Applications/Adobe InDesign CS5/Adobe Acrobat 9 Pro/Adobe Acrobat Pro.app/Contents/MacOS/Updater/Adobe Acrobat Updater Helper.app/Contents/MacOS/Adobe Acrobat Updater Helper</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>12600</integer>
</dict>
</plist>
Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-EMAIL-SharedServices.Agent.pl ist
- mod date: Jan 17 13:22:32 2011
- checksum: 3573559807
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.apple.CSConfigDotMacCert-EMAIL-SharedServices</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>LowPriorityIO</key>
<true/>
<key>Nice</key>
<integer>10</integer>
<key>ProgramArguments</key>
<array>
<string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>
<string>-l</string>
<string>/Users/USER/Library/Logs/CSConfigDotMacCert.log</string>
<string>-u</string>
<string>EMAIL</string>
<string>-t</string>
<string>SharedServices</string>
<string>-s</string>
</array>
...and 4 more line(s)
Contents of Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist
- mod date: Feb 28 19:39:52 2015
- checksum: 799560669
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Disabled</key>
<false/>
<key>EnvironmentVariables</key>
<dict>
<key>ZBTimeStamp</key>
<string>20150114095147</string>
</dict>
<key>Label</key>
<string>com.zeobit.MacKeeper.Helper</string>
<key>LimitLoadToSessionType</key>
<string>Aqua</string>
<key>OnDemand</key>
<false/>
<key>Program</key>
<string>/Applications/MacKeeper.app/Contents/Resources/MacKeeper Helper.app/Contents/MacOS/MacKeeper Helper</string>
</dict>
</plist>
Extensions
/System/Library/Extensions/BJUSBMP.kext
- jp.co.canon.bj.kext.BJUSBMP
/System/Library/Extensions/EPSONUSBPrintClass.kext
- com.epson.print.kext.USBPrintClass
/System/Library/Extensions/JMicronATA.kext
- com.jmicron.JMicronATA
/System/Library/Extensions/LfConnectDriver.kext
- com.leapfrog.driver.LfConnectDriver
/System/Library/Extensions/PdaNetDrv.kext
- com.jft.driver.PdaNetDrv
/System/Library/Extensions/Pen Tablet.kext
- com.wacom.kext.pentablet
/System/Library/Extensions/hp_Deskjet_io_enabler.kext
- com.hp.print.hpio.Deskjet.kext
/System/Library/Extensions/hp_Inkjet1_io_enabler.kext
- com.hp.print.hpio.Inkjet1.kext
/System/Library/Extensions/hp_Inkjet3_io_enabler.kext
- com.hp.print.hpio.Inkjet3.kext
/System/Library/Extensions/hp_Inkjet4_io_enabler.kext
- com.hp.print.hpio.Inkjet4.kext
/System/Library/Extensions/hp_Inkjet7_io_enabler.kext
- com.hp.print.hpio.inkjet7.kext
/System/Library/Extensions/hp_Inkjet8_io_enabler.kext
- com.hp.print.hpio.inkjet8.kext
/System/Library/Extensions/hp_Inkjet_io_enabler.kext
- com.hp.print.hpio.Inkjet.kext
/System/Library/Extensions/hp_Officejet_io_enabler.kext
- com.hp.print.hpio.Officejet.kext
/System/Library/Extensions/hp_Photosmart_io_enabler.kext
- com.hp.print.hpio.Photosmart.kext
/System/Library/Extensions/hp_psa640_io_enabler.kext
- com.hp.hpio.hp_psa640_io_enabler
/System/Library/Extensions/hp_qc_io_enabler.kext
- com.hp.hpio.hp_psa530_630_io_enabler
Applications
/Applications/Adobe Flash CS5/AIK2.0/lib/nai/lib/naib.app
- APP_ID
/Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Resources/Template.app
- com.adobe.air.NativeTemplate
/Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/Template.app
- com.adobe.air.NativeTemplate
/Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/Current/Resources/Template.app
- com.adobe.air.NativeTemplate
/Applications/Adobe Illustrator CS5/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/Template.app
- com.adobe.air.NativeTemplate
/Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Analyze Documents.localized/Analyze Documents.app
- N/A
/Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Calendar.localized/Make Calendar.app
- N/A
/Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Contact Sheet Demo.localized/Contact Sheets.app
- N/A
/Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Export Flash Animation.localized/Export Flash Animation.app
- N/A
/Applications/Adobe Illustrator CS5/Scripting.localized/Sample Scripts.localized/AppleScript.localized/Web Gallery.localized/Web Gallery.app
- N/A
/Applications/Adobe InDesign CS5/Adobe Acrobat 9 Pro/Acrobat Distiller.app
- com.adobe.distiller
/Applications/Adobe InDesign CS5/Adobe Acrobat 9 Pro/Acrobat Uninstaller.app
- com.adobe.Acrobat.Uninstaller
/Applications/Adobe InDesign CS5/Adobe Acrobat 9 Pro/Adobe Acrobat Pro.app
- com.adobe.Acrobat.Pro
/Applications/Adobe Lightroom 3.app
- com.adobe.Lightroom3
/Applications/Adobe Media Player.app
- com.adobe.amp.UUID.1
/Applications/Adobe/Adobe Help.app
- chc.UUID.1
/Applications/Adobe/AdobePatchFiles/{UUID}/UUID
- N/A
/Applications/Autodesk/SketchBookExpress2011/SketchBookExpress.app
- com.autodesk.SketchBookExpress
/Applications/Bamboo Dock/Apps/Tutorial/Tutorial.app
- com.wacom.tutorial
/Applications/Bamboo Dock/Bamboo Dock.app
- wacomid-desktop-launcher.UUID.1
/Applications/Canon Utilities/Easy-WebPrint EX/Easy-WebPrint EX.app
- jp.co.canon.ij.easy-webprint-ex
/Applications/Canon Utilities/MP Navigator EX 1.0 Opener.app
- jp.co.canon.bj.printer.app.MPNEXOP
/Applications/Canon Utilities/MP Navigator EX 1.0.app
- jp.co.canon.bj.printer.app.MPNEX105
/Applications/Fetch.app
- com.fetchsoftworks.Fetch
/Applications/FontForge.app
- net.sourceforge.fontforge
/Applications/HandBrake.app
- fr.handbrake.HandBrake
/Applications/Linotype FontExplorer X.app
- com.linotype.FontExplorerX
/Applications/Microsoft Office 2008/Additional Tools/Microsoft Language Register/Microsoft Language Register.app
- com.microsoft.language_register
/Applications/Microsoft Office 2008/Additional Tools/Remove Office/Remove Office.app
- com.microsoft.removeoffice
/Applications/Microsoft Office 2008/Microsoft Document Connection.app
- com.microsoft.DocumentConnection
/Applications/Microsoft Office 2008/Microsoft Entourage.app
- com.microsoft.Entourage
/Applications/Microsoft Office 2008/Microsoft Excel.app
- com.microsoft.Excel
/Applications/Microsoft Office 2008/Microsoft Messenger.app
- Microsoft/com.microsoft.Messenger
/Applications/Microsoft Office 2008/Microsoft PowerPoint.app
- com.microsoft.Powerpoint
/Applications/Microsoft Office 2008/Microsoft Word.app
- com.microsoft.Word
/Applications/Microsoft Office 2008/Office/Alerts Daemon.app
- Microsoft/com.microsoft.AlertsDaemon
/Applications/Microsoft Office 2008/Office/Equation Editor.app
- com.microsoft.EquationEditor
/Applications/Microsoft Office 2008/Office/Microsoft Cert Manager.app
- com.microsoft.MicrosoftCertManager
/Applications/Microsoft Office 2008/Office/Microsoft Chart Converter.app
- com.microsoft.openxml.chart.app
/Applications/Microsoft Office 2008/Office/Microsoft Clip Gallery.app
- com.microsoft.ClipGallery
/Applications/Microsoft Office 2008/Office/Microsoft Database Daemon.app
- com.microsoft.entourage.database_daemon
/Applications/Microsoft Office 2008/Office/Microsoft Database Utility.app
- com.microsoft.entourage.database_utility
/Applications/Microsoft Office 2008/Office/Microsoft Graph.app
- com.microsoft.Graph
/Applications/Microsoft Office 2008/Office/Microsoft Office Reminders.app
- com.microsoft.entourage.office_reminders
/Applications/Microsoft Office 2008/Office/Microsoft Office Setup Assistant.app
- com.microsoft.setupassistant
/Applications/Microsoft Office 2008/Office/Microsoft Project Gallery.app
- com.microsoft.office_pg
/Applications/Microsoft Office 2008/Office/Microsoft Query
- N/A
/Applications/Microsoft Office 2008/Office/Microsoft Sync Services.app
- com.microsoft.entourage.syncservices12
/Applications/Microsoft Office 2008/Office/My Day.app
- com.microsoft.myday
/Applications/Microsoft Office 2008/Office/Organization Chart.app
- com.microsoft.OrgChart
/Applications/Pen Tablet.localized/Pen Tablet Utility.app
- com.wacom.RemovePenTablet
/Applications/Soundslides Plus 1183/Soundslides Plus.app
- com.screentime.mProjector.mPlayer-915308420
/Applications/Utilities/Adobe AIR Application Installer.app
- com.adobe.air.ApplicationInstaller
/Applications/Utilities/Adobe Utilities.localized/Adobe Updater6/Adobe Updater.app
- "com.Adobe.ESD.AdobeUpdaterApplication"
/Applications/ZipCloud.app
- com.jdibackup.ZipCloud
/Library/Application Support/Adobe/CS5ServiceManager/CS5ServiceManager.app
- com.adobe.csi.CS5ServiceManager
/Library/Application Support/Adobe/Installers/AdobeInDesign7AppBase/ExtraFiles/INSTALLDIR_EXE/Adobe InDesign CS5.app
- N/A
/Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app
- com.adobe.switchboard-2.0
/Library/Application Support/Microsoft/Silverlight/OutOfBrowser/SLLauncher.app
- com.microsoft.silverlight.sllauncher
/Library/Application Support/Tablet/PenTabletDriver.app
- com.wacom.Pen_TabletDriver
/Library/Application Support/Wacom/BambooCore.app
- com.wacom.BambooCore
/Library/Documentation/User Guides And Information.localized/Apple Hardware Test Read Me.app
- com.apple.AppleHardwareTestReadMe
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR Application Installer.app
- com.adobe.air.ApplicationInstaller
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app
- com.adobe.air.Template
/Library/Image Capture/TWAIN Data Sources/Canon MX300 series.ds
- com.twainds.mx300.scangear1360.canon
/Library/PDF Services/Save as Adobe PDF.app
- com.apple.automator.SaveasAdobePDF
/Users/USER/Documents/GD3/public_html/poem/FlashFever.app
- com.macromedia.Flash Player.app
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Default apdfllckaahabafndbhieahigkjlhalf.app
- com.google.Chrome.app.Default-apdfllckaahabafndbhieahigkjlhalf-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_bepbmhgboaologfdajaanbcjmnhjmhfn/Default bepbmhgboaologfdajaanbcjmnhjmhfn.app
- com.google.Chrome.app.Default-bepbmhgboaologfdajaanbcjmnhjmhfn-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Default blpcfgokakmgnkcojhhkbfbldkacnbeo.app
- com.google.Chrome.app.Default-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_ejjicmeblgpmajnghnpcppodonldlgfn/Default ejjicmeblgpmajnghnpcppodonldlgfn.app
- com.google.Chrome.app.Default-ejjicmeblgpmajnghnpcppodonldlgfn-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_gkojfkhlekighikafcpjkiklfbnlmeio/Default gkojfkhlekighikafcpjkiklfbnlmeio.app
- com.google.Chrome.app.Default-gkojfkhlekighikafcpjkiklfbnlmeio-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_hdokiejnpimakedhajhdlcegeplioahd/Default hdokiejnpimakedhajhdlcegeplioahd.app
- com.google.Chrome.app.Default-hdokiejnpimakedhajhdlcegeplioahd-internal
/Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_noojglkidnpfjbincgijbaiedldjfbhh/Default noojglkidnpfjbincgijbaiedldjfbhh.app
- com.google.Chrome.app.Default-noojglkidnpfjbincgijbaiedldjfbhh-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 1/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Profile 1 apdfllckaahabafndbhieahigkjlhalf.app
- com.google.Chrome.app.Profile-1-apdfllckaahabafndbhieahigkjlhalf-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 1/Web Applications/_crx_bepbmhgboaologfdajaanbcjmnhjmhfn/Profile 1 bepbmhgboaologfdajaanbcjmnhjmhfn.app
- com.google.Chrome.app.Profile-1-bepbmhgboaologfdajaanbcjmnhjmhfn-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 1/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Profile 1 blpcfgokakmgnkcojhhkbfbldkacnbeo.app
- com.google.Chrome.app.Profile-1-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 1/Web Applications/_crx_gkojfkhlekighikafcpjkiklfbnlmeio/Profile 1 gkojfkhlekighikafcpjkiklfbnlmeio.app
- com.google.Chrome.app.Profile-1-gkojfkhlekighikafcpjkiklfbnlmeio-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_aohghmighlieiainnegkcijnfilokake/Profile 2 aohghmighlieiainnegkcijnfilokake.app
- com.google.Chrome.app.Profile-2-aohghmighlieiainnegkcijnfilokake-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Profile 2 apdfllckaahabafndbhieahigkjlhalf.app
- com.google.Chrome.app.Profile-2-apdfllckaahabafndbhieahigkjlhalf-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Profile 2 blpcfgokakmgnkcojhhkbfbldkacnbeo.app
- com.google.Chrome.app.Profile-2-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal
/Users/USER/Library/Application Support/Google/Chrome/Profile 2/Web Applications/_crx_coobgpohoikkiipiblmjeljniedjpjpf/Profile 2 coobgpohoikkiipiblmjeljniedjpjpf.app
- com.google.Chrome.app.Profile-2-coobgpohoikkiipiblmjeljniedjpjpf-internal
/Users/USER/Library/Application Support/Linotype/FontExplorer X/FontExplorerXAutoload.app
- com.linotype.FontExplorerX.Autoload
Frameworks
/Library/Frameworks/Adobe AIR.framework
- com.adobe.AIR
/Library/Frameworks/WacomMultiTouch.framework
- com.wacom.WacomMultiTouch
PrefPane
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/deploy/JavaControlPanel.pref Pane
- com.oracle.java.JavaControlPanel
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/Library/PreferencePanes/Growl.prefPane
- com.growl.prefpanel
Bundles
/Library/Application Support/Adobe/APE/3.1/adbeapecore.framework/Versions/A/Resources/Flash Player.plugin
- com.macromedia.FlashPlayer-10.4-10.5.plugin
/Library/Application Support/Adobe/APE/3.4/adbeapecore.framework/Versions/A/Libraries/Flash Player.plugin
- com.macromedia.FlashPlayer-10.4-10.5.plugin
/Library/Application Support/Adobe/Flash Player/Flash Player.plugin
- com.macromedia.Flash Player.plugin
/Library/Application Support/Adobe/Plug-Ins/CC/File Formats/Camera Raw.plugin
- com.adobe.CameraRaw
/Library/Application Support/Adobe/Plug-Ins/CS5/File Formats/Camera Raw.plugin
- com.adobe.CameraRaw
/Library/Application Support/Canon/ScanGear/Plugins/CNCL2007.plugin
- jp.co.Canon.bj.scan.2007
/Library/Application Support/Canon/ScanGear/Plugins/IJFSHLIB.plugin
- jp.co.canon.scangear.ijfshlib
/Library/Application Support/Canon/ScanGear/Plugins/MPScannerUSB5.plugin
- jp.co.Canon.mp.scanner.usb5
/Library/Application Support/Canon/ScanGear/Plugins/acrop.plugin
- jp.co.canon.scangear.acrop
/Library/Application Support/Canon/ScanGear/Plugins/ausm_07.plugin
- jp.co.canon.scangear.ausm07
/Library/Application Support/Canon/ScanGear/Plugins/balco.plugin
- jp.co.canon.scangear.balco
/Library/Application Support/Canon/ScanGear/Plugins/cubs_07.plugin
- jp.co.canon.scangear.cubs213
/Library/Application Support/Canon/ScanGear/Plugins/filter.plugin
- jp.co.canon.scangear.filter
/Library/Application Support/Canon/ScanGear/Plugins/gercg.plugin
- jp.co.canon.scangear.gercg
/Library/Application Support/Canon/ScanGear/Plugins/hsl.plugin
- jp.co.canon.scangear.hsl
/Library/Application Support/Canon/ScanGear/Plugins/mc_07.plugin
- jp.co.canon.scangear.mc04
/Library/Application Support/Canon/ScanGear/Plugins/mld1300.plugin
- jp.co.canon.scangear.mld1300
/Library/Application Support/Canon/ScanGear/Plugins/moire500.plugin
- jp.co.canon.scangear.moire500
/Library/Application Support/Canon/ScanGear/Plugins/os102.plugin
- jp.co.canon.scangear.os102
/Library/Application Support/Canon/ScanGear/Plugins/os103.plugin
- jp.co.canon.scangear.os103
/Library/Application Support/Canon/ScanGear/Plugins/os104.plugin
- jp.co.canon.scangear.os104
/Library/Application Support/Canon/ScanGear/Plugins/os105.plugin
- jp.co.canon.scangear.os105
/Library/Application Support/Canon/ScanGear/Plugins/qare.plugin
- jp.co.canon.scangear.qare
/Library/Application Support/Canon/ScanGear/Plugins/rotate.plugin
- jp.co.canon.scangear.rotate
/Library/Application Support/Canon/ScanGear/Plugins/rstcol230.plugin
- jp.co.canon.scangear.rstcol230
/Library/Application Support/Canon/ScanGear/Plugins/smac.plugin
- jp.co.canon.scangear.smac
/Library/Application Support/Canon/ScanGear/Plugins/stad_07.plugin
- jp.co.canon.scangear.stad07
/Library/Application Support/Canon/ScanGear/Plugins/zoom.plugin
- jp.co.canon.scangear.zoom
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/AdobeCP15.plugin
- com.adobe.adobecp
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Flash Player.plugin
- com.macromedia.FlashPlayer-10.6.plugin
/Library/Internet Plug-Ins/AdobeAAMDetect.plugin
- com.AdobeAAMDetectLib.AdobeAAMDetect
/Library/Internet Plug-Ins/AdobePDFViewer.plugin
- com.adobe.acrobat.pdfviewer
/Library/Internet Plug-Ins/CouponPrinter-FireFox_v2.plugin
- com.coupons.plugin.mozilla-plugin
/Library/Internet Plug-Ins/Easy-WebPrint EX.plugin
- jp.co.canon.ij.easy-webprint-ex-plugin
/Library/Internet Plug-Ins/Flash Player.plugin
- com.macromedia.Flash Player.plugin
/Library/Internet Plug-Ins/JavaAppletPlugin.plugin
- com.oracle.java.JavaAppletPlugin
/Library/Internet Plug-Ins/Silverlight.plugin
- com.microsoft.SilverlightPlugin
/Library/Internet Plug-Ins/WacomNetscape.plugin
- com.wacom.tabletplugin
/Library/Internet Plug-Ins/WacomSafari.plugin
- com.wacom.safaritabletplugin
/Library/Internet Plug-Ins/googletalkbrowserplugin.plugin
- com.google.googletalkbrowserplugin
/Library/Internet Plug-Ins/iPhotoPhotocast.plugin
- com.apple.plugin.iPhotoPhotocast
/Library/Internet Plug-Ins/o1dbrowserplugin.plugin
- com.google.o1dbrowserplugin
/Library/QuickLook/GBQLGenerator.qlgenerator
- com.apple.garageband.quicklookgenerator
/Library/Spotlight/GBSpotlightImporter.mdimporter
- com.apple.garageband.spotlightimporter
/Library/Spotlight/LogicPro.mdimporter
- null
/Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle
- com.skype.skypeabdialer
/Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle
- com.skype.skypeabsms
/Users/USER/Library/Application Support/Google/Chrome/PepperFlash/14.0.0.145/PepperFlashPlayer.plugin
- com.macromedia.PepperFlashPlayer.pepper
/Users/USER/Library/Application Support/MacKeeper Helper/NoticeEngine.plugin
- com.zeobit.MacKeeper.plugin.NoticeEngine
/Users/USER/Library/Internet Plug-Ins/Picasa.plugin
- com.google.PicasaPlugin
/Users/USER/Library/Spotlight/FontMDI.mdimporter
- com.linotype.fontMetaDataImporter
/Users/USER/Library/Widgets/timeEdition.wdgt
- com.living-e.widget.timeEdition
Bundles (new)
/Applications/Google Chrome.app
- com.google.Chrome
/Applications/MacKeeper.app
- com.zeobit.MacKeeper
/Applications/RAR Extractor Free.app
- com.ABabe.rarextractorfree
/Applications/ZipCloud.app
- com.jdibackup.ZipCloud
/Users/USER/Library/Application Support/IM.Installer/Completer.app
- com.tabatoo.InstallerT
/Users/USER/Library/Application Support/MacKeeper Helper/NoticeEngine.plugin
- com.zeobit.MacKeeper.plugin.NoticeEngine
Library paths
/Applications/Adobe Dreamweaver CS5/Configuration/browsers/webkit/WebKit.dylib
/Applications/Adobe Dreamweaver CS5/libCocoa.dylib
/Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Resources/WebKit.dylib
/Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib
/Applications/Adobe Flash CS5/AIK2.0/runtimes/air/mac/Adobe AIR.framework/Versions/Current/Resources/WebKit.dylib
/Applications/Adobe Flash CS5/PFI/lib/aot/stub/libSystem.B.dylib
/Applications/Adobe Flash CS5/PFI/lib/aot/stub/libgcc_s.1.dylib
/Applications/Adobe Flash CS5/PFI/lib/aot/stub/libobjc.dylib
/Applications/Adobe Flash CS5/PFI/lib/aot/stub/libstdc++.6.dylib
/Applications/Adobe Flash CS5/PFI/lib/aot/stub/libz.dylib
/Applications/Adobe Flash Catalyst CS5/plugins/com.adobe.flexide.nativelibs_1.0.0.273393/Frameworks/MFILoaderLibra ry_v3.dylib
/Applications/Adobe Flash Catalyst CS5/sdks/4.0.0/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib
/Applications/Adobe Illustrator CS5/Adobe Fireworks CS5/Configuration/Mac/Shared/AdobeAIR/SDK/runtimes/air/mac/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib
/Applications/Adobe Photoshop CS5/MATLAB/Required/psmatlab.dylib
/Applications/Utilities/Adobe Application Manager/D6/D6Native.dylib
/Applications/Utilities/Adobe Application Manager/DECore/ARKSelector.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE5/Setup.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKCmdCaps.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKCmdFS.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKEngine.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/AdobePIM.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE6/Setup.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKCmdCaps.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKCmdFS.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKEngine.dylib
/Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/AdobePIM.dylib
/Applications/Utilities/Adobe Application Manager/DWA/DWANative.dylib
/Applications/Utilities/Adobe Application Manager/LWA/PWANative.dylib
/Applications/Utilities/Adobe Application Manager/LWA/adobe_caps.dylib
/Applications/Utilities/Adobe Application Manager/LWA/adobe_oobelib.dylib
/Applications/Utilities/Adobe Application Manager/LWA/adobe_upgrade.dylib
/Applications/Utilities/Adobe Application Manager/P6/IMSLib.dylib
/Applications/Utilities/Adobe Application Manager/P6/P6Native.dylib
/Applications/Utilities/Adobe Application Manager/P6/VulcanBridge.dylib
/Applications/Utilities/Adobe Application Manager/P6/VulcanMessage.dylib
/Applications/Utilities/Adobe Application Manager/P6/adobe_oobelib.dylib
/Applications/Utilities/Adobe Application Manager/P6/adobe_upgrade.dylib
/Applications/Utilities/Adobe Application Manager/P6/axlib.dylib
/Applications/Utilities/Adobe Application Manager/P7/IMSLib.dylib
/Applications/Utilities/Adobe Application Manager/P7/P7Native.dylib
/Applications/Utilities/Adobe Application Manager/P7/VulcanBridge.dylib
/Applications/Utilities/Adobe Application Manager/P7/VulcanMessage4.dylib
/Applications/Utilities/Adobe Application Manager/P7/VulcanMessage5.dylib
/Applications/Utilities/Adobe Application Manager/P7/adobe_oobelib.dylib
/Applications/Utilities/Adobe Application Manager/P7/adobe_upgrade.dylib
/Applications/Utilities/Adobe Application Manager/P7/axlibv7.dylib
/Applications/Utilities/Adobe Application Manager/UWA/UWANative.dylib
/Applications/Utilities/Adobe Application Manager/core/AdobePIM.dylib
/Applications/Utilities/Adobe Application Manager/core/switcher/CCM_UI.dylib
/Applications/Utilities/Adobe Application Manager/core/switcher/DWA_UI.dylib
/Applications/Utilities/Adobe Application Manager/core/switcher/LWA_UI.dylib
/Applications/Utilities/Adobe Creative Cloud/ACC/C3ContainerBL.dylib
/Applications/Utilities/Adobe Creative Cloud/AppsPanel/AppsPanelIL.dylib
/Applications/Utilities/Adobe Creative Cloud/AssetsPanel/AssetsPanelBL.dylib
/Applications/Utilities/Adobe Creative Cloud/BehancePanel/BehancePanelBL.dylib
/Applications/Utilities/Adobe Creative Cloud/CEF/Chromium Embedded Framework.framework/Libraries/libcef.dylib
/Applications/Utilities/Adobe Creative Cloud/CEF/libplugin_carbon_interpose.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/ANSClient.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/Analytics.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/C3Prefs.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/CmdCntr.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/LocManager.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/NotificationManager.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/VulcanMessage5.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreExt/VulcanWrapper.dylib
/Applications/Utilities/Adobe Creative Cloud/CoreSyncPlugins/ExchangePlugin/ExManCoreLib/Contents/Frameworks/libExManC oreLibCoreSync64.dylib
/Applications/Utilities/Adobe Creative Cloud/ElevationManager/ElevationManager.dylib
/Applications/Utilities/Adobe Creative Cloud/HEX/HEX.dylib
/Applications/Utilities/Adobe Creative Cloud/HomePanel/HomePanelBL.dylib
/Applications/Utilities/Adobe Creative Cloud/MarketPanel/MarketPanelBL.dylib
/Applications/Utilities/Adobe Creative Cloud/NEX/NEX.dylib
/Applications/Utilities/Adobe Creative Cloud/NEX/NEXUILibrary.dylib
/Applications/Utilities/Adobe Creative Cloud/core/NXGCore.dylib
/Applications/Utilities/Adobe Creative Cloud/utils/AdobePIM.dylib
/Library/Application Support/Adobe/APE/3.1/adbeapecore.framework/Versions/A/Resources/WebKit.dylib
/Library/Application Support/Adobe/APE/3.4/adbeapecore.framework/Versions/A/Libraries/WebKit.dylib
/Library/Application Support/Adobe/CS5ServiceManager/lib/CSXS-Installer-Hook.dylib
/Library/Application Support/Adobe/CS5ServiceManager/lib/ServiceManager-Launcher.dylib
/Library/Application Support/Adobe/SING/Mark II/TINthread.dylib
/Library/Application Support/LeapFrog/LeapFrog Connect/Devices/MyPals.lfcDevice/Contents/Hook/libScoutPlushDeviceHook.dylib
/Library/Application Support/LeapFrog/LeapFrog Connect/Devices/MyPals.lfcDevice/Contents/Style/libStylePlugin_ScoutPlush_Engli shUS.dylib
/Library/Application Support/LeapFrog/LeapFrog Connect/Devices/MyPals.lfcDevice/Contents/Suite/libScoutPlushDevice.dylib
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib
/Library/Frameworks/iLifeFaceRecognition.framework/Versions/A/Resources/eOkaoCo m.dylib
/Library/Frameworks/iLifeFaceRecognition.framework/Versions/A/Resources/eOkaoDt .dylib
/Library/Frameworks/iLifeFaceRecognition.framework/Versions/A/Resources/eOkaoFr .dylib
/Library/Frameworks/iLifeFaceRecognition.framework/Versions/A/Resources/eOkaoPt .dylib
/Library/Printers/hp/Frameworks/HPDeviceModel.framework/Versions/3.0/Frameworks /Core.framework/Versions/3.0/Libraries/libHPIOnetsnmp.5.dylib
/Library/Printers/hp/Frameworks/HPSmartX.framework/Versions/B/Resources/lib/SxC FReader.dylib
/Library/Printers/hp/Frameworks/HPSmartX.framework/Versions/C/Resources/lib/SxC FReader.dylib
/Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.6.758/_platform_specific/mac_x64/libwidev inecdm.dylib
/usr/lib/libgenkit.dylib
/usr/lib/libgutenprint.2.0.3.dylib
/usr/lib/libimckit.dylib
/usr/lib/libimckitsa.dylib
Installations
Canon IJScanner1: 1/31/11, 2:42 PM
Canon ScanGear: 1/31/11, 2:41 PM
Canon ScanGear: 1/31/11, 2:07 PM
Microsoft® Silverlight™ Browser Plug-In: 1/27/11, 3:59 PM
Growl: 1/18/11, 6:25 PM
Bad kernel extensions
/System/Library/Extensions/BJUSBMP.kext
Elapsed time (sec): 551
A
Malware is always changing to get around the defenses against it. You have a variant of the "InstallMac" trojan that isn't fully covered by the Apple Support article on removing adware. In addition to the files listed in that article, you must also removing the following in the same way:
~/Library/LaunchAgents/com.Installer.completer.download.plist
~/Library/LaunchAgents/com.Installer.completer.ltvbit.plist
~/Library/LaunchAgents/com.Installer.completer.update.plist
~/Library/Application Support/IM.Installer/Completer.app
B
"MacKeeper" is a scam with only one useful feature: it deletes itself.
First, back up all data.
Note: These instructions apply to the version of the product that I downloaded and tested in early 2012. I can't be sure that they apply to other versions.
If you have incompletely removed MacKeeper—for example, by dragging the application to the Trash and immediately emptying—then you'll have to reinstall it and start over.
IMPORTANT: "MacKeeper" has what the developer calls an “encryption” feature. In my tests, I didn't try to verify what this feature really does. If you used it to “encrypt” any of your files, “decrypt” them before you uninstall, or (preferably) restore the files from backups made before they were “encrypted.” As the developer is not trustworthy, you should assume that the "decrypted" files are corrupt unless proven otherwise.
In the Finder, select
Go ▹ Applications
from the menu bar, or press the key combination shift-command-A. The "MacKeeper" application is in the folder that opens. Quit it if it's running, then drag it to the Trash. You'll be prompted for your login password. Click the Uninstall MacKeeper button in the dialog that appears. All the other functional components of the software will be deleted. Restart the computer and empty the Trash.
☞ Quit MacKeeper before dragging it to the Trash.
☞ Let MacKeeper delete its other components before you empty the Trash.
☞ Don't try to drag MacKeeper from the Dock to the Trash. You must open the Applications folder as above.
☞ Don't try to remove MacKeeper while running in safe mode.
C
"ZipCloud" is some sort of cloud-storage service with a doubtful reputation. The OS X client is sometimes distributed along with malware. Although ZipCloud may not be malicious itself, it should be deemed suspect by virtue of the company it keeps.
To remove ZipCloud, start by backing up all data (not with ZipCloud itself, of course.)
Quit the application, if it's running, and drag it from the Applications folder to the Trash.
Triple-click anywhere in the line below on this page to select it:
~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
Right-click or control-click the highlighted line and select
Services ▹ Reveal in Finder (or just Reveal)
from the contextual menu.* A folder should open with a file selected. Move the selected file to the Trash.
In the same folder, there may also be a file named
com.jdibackup.ZipCloud.notify.plist
Move that to the Trash as well.
Log out or restart the computer and empty the Trash.
*If you don't see the contextual menu item, copy the selected text to the Clipboard by pressing the key combination command-C. In the Finder, select
Go ▹ Go to Folder...
from the menu bar and paste into the box that opens by pressing command-V. You won't see what you pasted because a line break is included. Press return.
D
Some of your user files (not system files) have incorrect permissions or are locked. This procedure will unlock those files and reset their ownership, permissions, and access controls to the default. If you've intentionally set special values for those attributes, they will be reverted. In that case, either stop here, or be prepared to recreate the settings if necessary. Do so only after verifying that those settings didn't cause the problem. If none of this is meaningful to you, you don't need to worry about it, but you do need to follow the instructions below.
Back up all data before proceeding.
Step 1
If you have more than one user, and the one in question is not an administrator, then go to Step 2.
Enter the following command in the Terminal window in the same way as before (triple-click, copy, and paste):
sudo find ~ $TMPDIR.. -exec chflags -h nouchg,nouappnd,noschg,nosappnd {} + -exec chown -h $UID {} + -exec chmod +rw {} + -exec chmod -h -N {} + -type d -exec chmod -h +x {} + 2>&-
You'll be prompted for your login password, which won't be displayed when you type it. Type carefully and then press return. You may get a one-time warning to be careful. If you don’t have a login password, you’ll need to set one before you can run the command. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.
The command may take several minutes to run, depending on how many files you have. Wait for a new line ending in a dollar sign ($) to appear, then quit Terminal.
Step 2 (optional)
Take this step only if you have trouble with Step 1, if you prefer not to take it, or if it doesn't solve the problem.
Start up in Recovery mode. When the OS X Utilities screen appears, select
Utilities ▹ Terminal
from the menu bar. A Terminal window will open. In that window, type this:
resetp
Press the tab key. The partial command you typed will automatically be completed to this:
resetpassword
Press return. A Reset Password window will open. You’re not going to reset a password.
Select your startup volume ("Macintosh HD," unless you gave it a different name) if not already selected.
Select your username from the menu labeled Select the user account if not already selected.
Under Reset Home Directory Permissions and ACLs, click the Reset button.
Select
▹ Restart
from the menu bar.
E
Back up all data.
Run the following command in the same way as before. It moves to the Trash "semaphore" files that have not been cleaned up by the system and may be interfering with normal operation. The files are empty; they contain no data. There will be no output this time.
find L*/{Con*/*/Data/L*/,}Pref* -type f -size 0c -name *.plist.??????? -exec mv {} .Trash/ \; 2>&-
Log out or restart the computer and empty the Trash.
F
Back up all data before proceeding.
Launch the Font Book application and validate all fonts. You must select the fonts in order to validate them. See the built-in help and this support article for instructions. If Font Book finds any issues, resolve them.
Start up in safe mode to rebuild the font caches. Restart as usual and test.
Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t start in safe mode. In that case, ask for instructions.
If you still have problems, then from the Font Book menu bar, select
File ▹ Restore Standard Fonts...
You'll be prompted to confirm, and then to enter your administrator login password.
Also note that if you deactivate or remove any built-in fonts, for instance by using a third-party font manager, the system may become unstable.
G
The symbol cache file is very large. It stores data used in logs and crash reports, and it may have grown because there have been a lot of crashes. The file is created automatically, and if deleted, it should be recreated when you restart the computer. Initially, at least, it will be a lot smaller.
I've seen one unverified report that a system became unbootable when the cache was deleted. That would have been due to a corrupt installation of OS X, but you should be prepared to reinstall if necessary. There is no reason to panic as long as you have good backups, which you should already have if you got this far.
Enter the following command in the same way as before:
sudo mv /S*/*/Caches/com.apple.coresymbolicationd /tmp/
Restart the computer.
Thank you so much for all of your time and effort that you have put into this. I feel that I went through everything that you said to do in all of your steps, but still am having the search engine pop up!!! I am so frustrated! Do suggest anything else?
KM
Did you remove the four files in Step A, and did you restart after removing them?
I wonder how the original poster ever made out?
Linc,
I'm having the same problem with searchbenny. I was downloading VLC and have also collected this malware.
I have followed your instructions using Terminal and above is what was in the clipboard.
Can you tell me what I need to do next please.
Thanks.
Start time: 19:32:48 03/05/15
Revision: 1271
Model Identifier: Macmini7,1
System Version: OS X 10.10.2 (14C109)
Kernel Version: Darwin 14.1.0
Time since boot: 26 minutes
UID: 501
Bluetooth
Apple Wireless Keyboard
Apple Magic Mouse
SMC
ReadKey for key zKLG failed with SMC error code 0x89.
ReadKey for key zKLI failed with SMC error code 0x89.
ReadKey for key zLDG failed with SMC error code 0x89.
DNS: 89.101.160.4
Diagnostic reports
2015-02-27 dmgr crash x3
2015-03-03 com.apple.WebKit.WebContent hang
HID errors: 4
Kernel log
Feb 27 14:22:15 Refusing new kext com.apple.kpi.mach, v14.1: already have loaded v14.0.
Feb 27 14:22:15 Refusing new kext com.apple.kpi.unsupported, v14.1: already have loaded v14.0.
Feb 27 14:22:15 Refusing new kext com.apple.kpi.iokit, v14.1: already have loaded v14.0.
Feb 27 14:22:15 Refusing new kext com.apple.kpi.private, v14.1: already have loaded v14.0.
Feb 27 14:22:15 Refusing new kext com.apple.iokit.IOPCIFamily, v2.9: a loaded copy with a different executable UUID is already present.
Feb 28 14:37:23 IOAccelDisplayPipe performTransaction error e00002c7IOAccelDisplayPipe performTransaction error e00002c7PM response took 2252 ms (26, powerd)
Feb 28 17:38:34 [AppleBluetoothHIDKeyboard][waitForHandshake][e4-8b-7f-2d-01-19] Timeout waiting for handshake
Feb 28 20:19:14 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Feb 28 21:05:53 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Feb 28 22:26:16 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 1 01:53:13 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 1 12:09:12 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 1 15:08:57 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 00:48:04 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 02:31:18 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 08:39:31 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 14:04:58 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 14:46:40 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 15:15:27 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 15:21:25 AppleBCM5701Ethernet [en0]: 0 0 timeoutOccurred: recovering from dropping link-up change interrupt
Mar 2 22:40:26 [AppleBluetoothHIDKeyboard][waitForData][e4-8b-7f-2d-01-19] Timeout waiting for data
Mar 2 22:40:26 [AppleBluetoothHIDKeyboard][getExtendedReport] getReport returned error e00002d6
Mar 5 17:53:44 [SendHCIRequestFormatted] ### ERROR: request could not be found!
Mar 5 17:53:44 ### ERROR: opCode = 0x0406 (Disconnect) -- send request failed (err=0xE00002F0 (kIOReturnNotFound))
Mar 5 19:19:25 Limiting closed port RST response from 443 to 250 packets per second
System log
Mar 5 19:08:40 askpermissiond: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:41 com.apple.iCloudHelper: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:41 askpermissiond: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:11 com.apple.iCloudHelper: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:12 askpermissiond: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:12 com.apple.iCloudHelper: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:13 askpermissiond: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:14 com.apple.iCloudHelper: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:14 askpermissiond: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:15 imagent: ApplePushService: Timed out making blocking call, failed to perform call via XPC connection to 'com.apple.apsd'
Mar 5 19:08:21 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:08:21 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:08:29 Service: AppleEvents: Send port for process has no send right, port=( port:31507/0x7b13 rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread
Mar 5 19:08:32 Service: AppleEvents: Send port for process has no send right, port=( port:31507/0x7b13 rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread
Mar 5 19:13:24 Service: AppleEvents: Send port for process has no send right, port=( port:31507/0x7b13 rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread
Mar 5 19:13:24 Service: AppleEvents: Send port for process has no send right, port=( port:31507/0x7b13 rcv:1,send:0,d:0 limit:5) (findOrCreate()/AEMachUtils.cp #526) com.apple.main-thread
Mar 5 19:21:33 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:21:37 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:21:38 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:21:50 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:22:01 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:22:11 apsd: MessageTracer: load_domain_prefix_whitelist:120: Missing default whitelist file: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Resources/Subm itDiagInfo.default.domains
Mar 5 19:28:50 WindowServer: WSGetSurfaceInWindow : Invalid surface 434046156 for window 54
Mar 5 19:28:50 WindowServer: WSGetSurfaceInWindow : Invalid surface 434046156 for window 54
Mar 5 19:28:50 WindowServer: WSGetSurfaceInWindow : Invalid surface 434046156 for window 54
launchd log
Feb 27 13:28:03 com.apple.iCloudHelper: GUI session does not exist for service to join. It will be spawned without access to the GUI.
Feb 27 13:28:11 com.apple.iCloudHelper: GUI session does not exist for service to join. It will be spawned without access to the GUI.
Feb 27 13:28:11 com.apple.internetaccounts: GUI session does not exist for service to join. It will be spawned without access to the GUI.
Feb 27 13:30:00 com.apple.iCloudHelper: GUI session does not exist for service to join. It will be spawned without access to the GUI.
Feb 27 13:30:00 com.apple.iCloudHelper: GUI session does not exist for service to join. It will be spawned without access to the GUI.
Feb 27 13:30:05 com.apple.xpc.launchd.user.501.100005.Aqua: Could not import service from caller: caller = otherbsd.338, service = com.apple.photostream-agent, error = 119: Service is disabled
Feb 27 13:51:43 com.apple.xpc.launchd.user.501.100005.Aqua: Could not read path: path = /var/empty/Library/LaunchAgents/com.extensions.updater69337.agent.plist, error = 2: No such file or directory
Feb 27 13:55:15 com.apple.xpc.launchd.user.501.100005.Aqua: Could not read path: path = /Users/USER/Library/LaunchAgents/com.Installer.completer.download.plist, error = 2: No such file or directory
Feb 27 13:55:15 com.apple.xpc.launchd.user.501.100005.Aqua: Could not read path: path = /Users/USER/Library/LaunchAgents/com.Installer.completer.update.plist, error = 2: No such file or directory
Feb 27 13:55:15 com.apple.xpc.launchd.user.501.100005.Aqua: Could not read path: path = /Users/USER/Library/LaunchAgents/com.Installer.completer.ltvbit.plist, error = 2: No such file or directory
Feb 27 14:00:05 com.apple.xpc.launchd.user.501.100005.Aqua: Could not read path: path = //com.apple.ManagedClientAgent.enrollagent, error = 2: No such file or directory
Feb 27 14:22:15 com.apple.xpc.launchd.domain.system: Could not read path: path = //System/Library/LaunchAgents/com.apple.MDCrashReportd.plist, error = 2: No such file or directory
Feb 27 14:22:15 com.apple.xpc.launchd.domain.system: Caller not allowed to perform action: launchctl.2551, action = start service, code = 1: Operation not permitted, uid = 200, euid = 200, gid = 200, egid = 200, asid = 100000
Feb 27 14:28:07 com.apple.xpc.launchd.user.501.100005.Aqua: Could not import service from caller: caller = otherbsd.182, service = com.apple.photostream-agent, error = 119: Service is disabled
Feb 28 09:21:19 com.apple.xpc.launchd.user.501.100005.Aqua: Could not import service from caller: caller = otherbsd.197, service = com.apple.photostream-agent, error = 119: Service is disabled
Mar 2 20:11:05 com.apple.xpc.launchd.domain.pid.Install Adobe Flash Player.13204: Could not resolve origin of domain. XPC services in this domain's bundle will not be bootstrapped: error = 109: Invalid property list, taint = (null)
Mar 5 19:08:37 com.apple.xpc.launchd.user.501.100005.Aqua: Could not import service from caller: caller = otherbsd.180, service = com.apple.photostream-agent, error = 119: Service is disabled
Console log
Feb 27 13:30:07 fontd: Failed to open read-only database, regenerating DB
Feb 27 14:27:35 mbloginhelper: Property list invalid for format: 200 (property lists cannot contain NULL)
Daemons loaded
com.adobe.fpsaud
com.apple.watchdogd
Safari extensions
GoldenBoy
- com.gold.safari
iCloud errors
storedownloadd 6
cloudd 6
bird 2
mbpluginhost 1
comapple.InputMethodKit.UserDictionary 1
Continuity errors
sharingd 4
lsuseractivityd 4
Restricted files: 27
Contents of Library/LaunchAgents/com.Installer.completer.download.plist
- mod date: Feb 27 13:55:16 2015
- checksum: 204446988
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.download</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>download</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17498</string>
<string>-firstAppId</string>
<string>524330033</string>
</array>
<key>WatchPaths</key>
<array>
<string>/Users/USER/Downloads</string>
</array>
<key>isAllowToSuggest</key>
<string>false</string>
</dict>
...and 1 more line(s)
Contents of Library/LaunchAgents/com.Installer.completer.ltvbit.plist
- mod date: Feb 27 13:55:16 2015
- checksum: 3602574840
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.ltvbit</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>ltvbit</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17498</string>
<string>-firstAppId</string>
<string>524330033</string>
</array>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>4</integer>
<key>Minute</key>
<integer>40</integer>
</dict>
...and 2 more line(s)
Contents of Library/LaunchAgents/com.Installer.completer.update.plist
- mod date: Feb 27 13:55:16 2015
- checksum: 4121995072
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.Installer.completer.update</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/Application Support/IM.Installer/Completer.app/Contents/MacOS/InstallerT</string>
<string>-trigger</string>
<string>update</string>
<string>-isDev</string>
<string>0</string>
<string>-installVersion</string>
<string>17498</string>
<string>-firstAppId</string>
<string>524330033</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>13</integer>
<key>Minute</key>
...and 4 more line(s)
Contents of Library/LaunchAgents/com.cinemapro1-2.agent.plist
- mod date: Feb 27 13:53:26 2015
- checksum: 2399319786
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>KeepAlive</key>
<false/>
<key>Label</key>
<string>com.cinemapro1-2.agent</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/cinemapro1-2/Service.app/Contents/MacOS/Service</st ring>
<string>--service</string>
<string>--unique_id=UUID</string>
<string>--unique_data=UUID</string>
</array>
<key>RunAtLoad</key>
<true/>
</dict>
</plist>
Contents of Library/LaunchAgents/com.extensions.updater69337.agent.plist
- mod date: Feb 27 13:53:28 2015
- checksum: 561728244
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.extensions.updater69337.agent.plist</string>
<key>ProgramArguments</key>
<array>
<string>/Users/USER/Library/LaunchAgents/UpdateDownloader</string>
<string>cmpId=2676</string>
<string>ibic=UUID</string>
<string>verifier=UUID</string>
<string>extId=69337</string>
<string>updatejsondomain=http://update.ourdatagenserv.com</string>
<string>statsdomain=http://stats.ourdatagenserv.com</string>
<string>eventsdomain=http://logs.ourdatagenserv.com</string>
<string>errorsdomain=http://errors.ourdatagenserv.com</string>
<string>installerversion=01-27</string>
</array>
<key>RunAtLoad</key>
<true/>
<key>StartInterval</key>
<integer>86400</integer>
</dict>
</plist>
PrefPane
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
Bundles
/Library/Internet Plug-Ins/Flash Player.plugin
- com.macromedia.Flash Player.plugin
Bundles (new)
/Applications/Keynote.app
- com.apple.iWork.Keynote
/Applications/Numbers.app
- com.apple.iWork.Numbers
/Applications/Pages.app
- com.apple.iWork.Pages
/Applications/Utilities/Adobe Flash Player Install Manager.app
- com.adobe.flashplayer.installmanager
/Applications/VLC.app
- org.videolan.vlc
/Library/Application Support/Apple/BezelServices/AppleTopCaseHIDEventDriver.plugin
- com.apple.BezelServices.AppleTopCaseHIDEventDriver
/Library/Internet Plug-Ins/Flash Player.plugin
- com.macromedia.Flash Player.plugin
/Library/PreferencePanes/Flash Player.prefPane
- com.adobe.flashplayerpreferences
/System/Library/Accounts/Notification/CloudPhotoServicesNotificationPlugin.bund le
- com.apple.photos.CloudPhotoServicesNotificationPlugin
/System/Library/PrivateFrameworks/BatteryUIKit.framework
- com.apple.batteryuikit.BatteryUIKit
/System/Library/PrivateFrameworks/CloudDocsDaemon.framework/Versions/A/Resource s/iCloud Drive.app
- com.apple.bird
/System/Library/PrivateFrameworks/ParsecUI.framework
- com.apple.ParsecUI
/System/Library/PrivateFrameworks/ParsecUI.framework/Versions/A/Support/Spotlig htNetHelper.app
- com.apple.metadata.SpotlightNetHelper
/Users/USER/Applications/cinemapro1-2.app
- com.cinemapro1-2.AppHelper
/Users/USER/Library/Application Support/IM.Installer/Completer.app
- com.tabatoo.InstallerT
/Users/USER/Library/cinemapro1-2/Service.app
- com.cinemapro1-2.Service
/usr/share/mecabra/updates/com.apple.inputmethod.SCIM.bundle
- com.apple.inputmethod.SCIM
/usr/share/mecabra/updates/com.apple.inputmethod.TCIM.bundle
- com.apple.inputmethod.TCIM
Installations
Adobe Flash Player: 02/03/2015 20:12
Elapsed time (sec): 295
You installed both the "Genieo" and "CinemaPro" trojans, but they're not functioning for some reason. Instructions to remove Genieo have already been posted in this thread, and instructions to remove CinemaPro can be found by searching. Presumably, the "GoldenBoy" Safari extension is causing the problem. You can remove it in the Extensions pane of the Safari preferences window.
Linc,
Thanks for your help.
I got rid of goldenly extension. However I cannot find any genie or cinema pro files to dump and I'm still getting the unwanted ads.
Any more suggestions?
Thanks
Try AdwareMedic http://www.adwaremedic.com/index.php it's written by one of the respected members of these communities. Very fast and easy. Will find and delete the files for you.
Browers taken over by "search.searchbenny.com" Firefox refreshed itself, deleted Chrome, but can't delete Safari to reinstall, because OSx "needs" it? How can I get Safari back?
