Rebooted from Time machine after virus, but it didn't help

Question

Level 1

0 points

Rebooted from Time machine after virus, but it didn't help

Hi,

I have late 2011 mac book pro, OS X Lion.

It's because of my stupidity that I downloaded something (a player to play cartoons for my baby) and entered my password to allow it in my computer.

after that I got adware and at some point my computer went crazy, the windows started shaking and switching between themselves and the mouse (cursor) stopped working. I shut down the computer and reloaded the last version from time machine.

I turned it on, but the crazy thing stays there. The cursor can be moved very slowly with many short movements on the touch pad. The windows and applications seem to turn on by themselves. Computer can perform automatic clicks on the place where the cursor currently is. Right now I'm downloading Yosemite it's going to take 4 hours and parallel do downloading opens dashboard, windows inside dasboard are activating and deactivating, or apple website is reloading by itself.

I would love to just shut down the computer and erase everything to ****. But I have some pictures that I want to keep, and they exist in Lion Time Machine update only and currently on my mac.

What you suggest doing?

MacBook Pro, Mac OS X (10.7.5), late 2011

Posted on Sep 2, 2015 1:19 PM

Reply

Answer 1

Best reply

Linc Davis

Level 10

209,541 points

Sep 2, 2015 11:00 PM in response to Natalya_

Please read this whole message before doing anything.

This procedure is a diagnostic test. It’s unlikely to solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.

The purpose of the test is to determine whether the problem is caused by third-party software that loads automatically at startup or login, by a peripheral device, by a font conflict, or by corruption of the file system or of certain system caches.

Disconnect all wired peripherals except those needed for the test, and remove all aftermarket expansion cards, if applicable. Start up in safe mode and log in to the account with the problem.

Note: If FileVault is enabled in OS X 10.9 or earlier, or if a firmware password is set, or if the startup volume is a software RAID, you can’t do this. Ask for further instructions.

Safe mode is much slower to start up and run than normal, with limited graphics performance, and some things won’t work at all, including sound output and Wi-Fi on certain models. The next normal startup may also be somewhat slow.

The login screen appears even if you usually login automatically. You must know your login password in order to log in. If you’ve forgotten the password, you will need to reset it before you begin.

Test while in safe mode. Same problem?

After testing, restart as usual (not in safe mode) and verify that you still have the problem. Post the results of the test.

Reply

Answer 2

Natalya_ Author

Level 1

0 points

Sep 2, 2015 11:00 PM in response to Linc Davis

First of all, thanks for taking your time to answer.

Here is what happened.

Before I saw your reply, I found a way to copy all valuable files to an external hard drive. Moving mouse was the most tricky part, in order to click in desirable spot I had to struggle with sticky cursor and spontaneous opening of everything that gets under the cursor. But I did it and upgraded to Yosemite. I thought it's similar like reinstalling OS on Windows, everything will be erased, good or bad. But it's totally different, all the files stayed intact, but the problem also stayed there.

Then I saw your answer. Entered the safe mode, experienced some strobing and picture tearing, but I read it's normal in safe mode. The cursor was doing OK. No uncontrollable window or applications opening. Short term strobing when opening folders in finder, picture tearing when opening internet pages, making them impossible to scroll and use.

I restarted in normal mode, and for half an hour everything was OK. Then the cursor problem appeared again, somewhere around when I started to open websites. It may be a coincidence, so if you think it's important, I can do the whole thing again and check if the problem returns in connection with internet browsing. Or if anything particular has to be done in safe mode, I can do it. Perhaps it makes sense to use safe more for prolonged time, but It would be hard if internet browsing is impossible.

The sticky cursor problem seems to go away at times, giving me some minutes of normal use, but then it returns.

I deleted the original "fake player" adware disk image, I don't know if it may have given some metastases or just triggered the problem my computer had before. I had glitches with the screen before. When I opened the computer with a website displayed the picture sometimes would have a glitch of consisting of colorful squares. I had to refresh the page or switch to another window for a moment to remove the glitch.

Reply

Answer 3

GhonaZ

Level 3

572 points

Sep 3, 2015 12:26 AM in response to Natalya_

If you have all your important data backed-up then you can easily wipe your harddrive via the recovery and do a clean install now right? If you glitch and other problems were caused by the Adware that you accidentally installed then should be gone. If they stay after a clean re-install of your operating system then perhaps it would be wise to visit an apple store.

Reply

Answer 4

Linc Davis

Level 10

209,541 points

Sep 3, 2015 6:30 AM in response to Natalya_

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

The test works on OS X 10.7 ("Lion") and later. I don't recommend running it on older versions of OS X. It will do no harm, but it won't do much good either.

Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.

2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can act on it yourself without disclosing the contents to me or anyone else.

You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.

In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.

You may not be able to understand the script yourself. But variations of it have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message. See, for example, this discussion.

Another indication that the test is safe can be found in this thread, and this one, for example, where the comment in which I suggested it was recommended by one of the Apple Community Specialists, as explained here.

Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.

4. Here's a general summary of what you need to do, if you choose to proceed:

☞ Copy a particular line of text to the Clipboard.

☞ Paste into the window of another application.

☞ Wait for the test to run. It usually takes a few minutes.

☞ Paste the results, which will have been copied automatically, back into a reply on this page.

These are not specific instructions; just an overview. The details are in parts 7 and 8 of this comment. The sequence is: copy, paste, wait, paste again. You don't need to copy a second time.

5. Try to test under conditions that reproduce the problem, as far as possible. For example, if the computer is sometimes, but not always, slow, run the test during a slowdown.

You may have started up in safe mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

7. Load this linked web page (on the website "Pastebin.") The title of the page is "Diagnostic Test." Below the title is a text box headed by three small icons. The one on the right represents a clipboard. Click that icon to select the text, then copy it to the Clipboard on your computer by pressing the key combination command-C.

If the text doesn't highlight when you click the icon, select it by triple-clicking anywhere inside the box. Don't select the whole page, just the text in the box.

8. Launch the built-in Terminal application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad and start typing the name.

Click anywhere in the Terminal window to activate it. Paste from the Clipboard into the window by pressing command-V, then press return. The text you pasted should vanish immediately.

9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter

exec bash

and press return. Then paste the script again.

10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. If you don't know the password, or if you prefer not to enter it, just press return three times at the password prompt. Again, the script will still run.

If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, a series of lines will appear in the Terminal window like this:

[Process started]

Part 1 of 8 done at … sec
…
Part 8 of 8 done at … sec

The test results are on the Clipboard.

Please close this window.

[Process completed]

The intervals between parts won't be exactly equal, but they give a rough indication of progress. The total number of parts may be different from what's shown here.

Wait for the final message "Process completed" to appear. If you don't see it within about ten minutes, the test probably won't complete in a reasonable time. In that case, press the key combination control-C or command-period to stop it and go to the next step. You'll have incomplete results, but still something.

12. When the test is complete, or if you stopped it because it was taking too long, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.

If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "The message contains invalid characters." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.

14. This is a public forum, and others may give you advice based on the results of the test. They speak for themselves, not for me. The test itself is harmless, but whatever else you're told to do may not be. For others who choose to run it, I don't recommend that you post the test results on this website unless I asked you to.

______________________________________________________________

Copyright © 2014, 2015 by Linc Davis. As the sole author of this work (including the referenced "Diagnostic Test"), I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Reply

Answer 5

Natalya_ Author

Level 1

0 points

Sep 16, 2015 10:14 PM in response to Linc Davis

Sorry, it took me some time to do it. The problem magically disappeared and I was not able to test under conditions that reproduce the problem. However, I'll post the report. May be you see something I have to pay attention to.

Thanks.

1 Start time: 00:37:28 09/17/15

2

3 Revision: 1347

4

5 Model Identifier: MacBookPro8,2

6 System Version: OS X 10.10.5 (14F27)

7 Kernel Version: Darwin 14.5.0

8 Time since boot: 3 days 1:37

9

10 USB

11

12 External USB 3.0 (Toshiba America Info. Systems, Inc.)

13

14 Energy (lifetime)

15

16 kernel_task (UID 0): 11.06

17

18 Energy (sampled)

19

20 kernel_task (UID 0): 7.44

21

22 DNS: 209.18.47.61

23

24 Listeners

25

26 cupsd: ipp

27

28 Diagnostic reports

29

30 2015-09-03 Maps hang

31 2015-09-03 fontd crash x2

32 2015-09-16 mdworker crash

33

34 I/O errors

35

36 disk2s1: I/O error 1

37

38 Volumes

39

40 disk1: /

41 disk2s1: /Volumes/MAC

42 disk2s3: /Volumes/TimeMachine_backup

43

44 HID errors: 18

45

46 Kernel log

47

48 Sep 15 15:38:43 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

49 Sep 15 15:38:43 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

50 Sep 15 15:38:43 Limiting icmp unreach response from 439 to 250 packets per second

51 Sep 16 02:10:03 Limiting closed port RST response from 410 to 250 packets per second

52 Sep 16 14:35:43 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

53 Sep 16 14:35:43 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

54 Sep 16 14:35:43 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

55 Sep 16 14:35:43 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

56 Sep 16 14:36:53 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

57 Sep 16 14:36:53 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

58 Sep 16 14:36:53 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

59 Sep 16 14:36:53 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

60 Sep 16 14:37:06 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

61 Sep 16 14:37:06 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

62 Sep 16 14:37:06 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

63 Sep 16 14:37:06 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

64 Sep 16 14:37:13 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

65 Sep 16 14:37:13 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

66 Sep 16 14:38:18 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

67 Sep 16 14:38:18 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

68 Sep 16 14:38:18 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

69 Sep 16 14:38:18 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

70 Sep 16 15:00:18 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

71 Sep 16 15:00:18 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

72 Sep 16 15:00:18 /SourceCache/AppleFSCompression_kexts/AppleFSCompression-68.30.1/Common/ChunkCo mpression.cpp:186: /Applications/Duplicate Cleaner For iPhoto.app/Contents/MacOS/Duplicate Cleaner For iPhoto: VNOP_GETXATTR: errno 93

73

74 System log

75

76 Sep 17 00:12:07 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

77 Sep 17 00:14:30 fseventsd: check_vol_last_mod_time:XXX failed to get mount time (25; &mount_time == 0x1060ff498)

78 Sep 17 00:14:30 fseventsd: log dir: /Volumes/NO NAME/.fseventsd getting new uuid: UUID

79 Sep 17 00:14:37 QuickLookUIHelper: HWJPEG not avaialble on this platform

80 Sep 17 00:15:39 Preview: HWJPEG not avaialble on this platform

81 Sep 17 00:15:40 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

82 Sep 17 00:15:40 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

83 Sep 17 00:15:40 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

84 Sep 17 00:15:40 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

85 Sep 17 00:15:40 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

86 Sep 17 00:16:33 QuickLookUIHelper: HWJPEG not avaialble on this platform

87 Sep 17 00:17:41 QuickLookUIHelper: HWJPEG not avaialble on this platform

88 Sep 17 00:21:22 WindowServer: WSGetSurfaceInWindow : Invalid surface 472932417 for window 2157

89 Sep 17 00:21:22 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

90 Sep 17 00:21:22 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

91 Sep 17 00:21:22 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

92 Sep 17 00:21:22 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

93 Sep 17 00:21:22 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

94 Sep 17 00:21:22 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

95 Sep 17 00:21:22 coreservicesd: SFLEntryBase::ListHasChanged mach_msg returned 10000004d

96 Sep 17 00:24:56 Google Chrome Helper: CGAffineTransformInvert: singular matrix.

97 Sep 17 00:25:04 Google Chrome Helper: CGAffineTransformInvert: singular matrix.

98 Sep 17 00:27:06 fseventsd: Failed to load UUID. Removing all old log files in /Volumes/SHARE FAT32/.fseventsd

99 Sep 17 00:27:06 fseventsd: log dir: /Volumes/SHARE FAT32/.fseventsd getting new uuid: UUID

100 Sep 17 00:31:40 fseventsd: Logging disabled completely for device:1: /Volumes/Recovery HD

101

102 launchd log

103

104 Sep 12 18:56:32 com.apple.xpc.launchd.user.501.100005.Aqua: Could not import service from caller: caller = otherbsd.198, service = com.tencent.LaunchSnipHelper, error = 119: Service is disabled

105 Sep 13 23:01:09 com.apple.xpc.launchd.user.501.100005.Aqua: Could not import service from caller: caller = otherbsd.199, service = com.tencent.LaunchSnipHelper, error = 119: Service is disabled

106 Sep 16 14:38:16 com.apple.xpc.launchd.domain.system: Caller not allowed to perform action: open.6936, action = service submission, code = 1: Operation not permitted, uid = 501, euid = 501, gid = 20, egid = 20, asid = 100000

107 Sep 16 14:38:17 com.apple.xpc.launchd.domain.system: Could not read path: path = //System/Library/LaunchAgents/com.apple.MDCrashReportd.plist, error = 2: No such file or directory

108 Sep 16 14:38:17 com.apple.xpc.launchd.domain.system: Caller not allowed to perform action: launchctl.6976, action = start service, code = 1: Operation not permitted, uid = 501, euid = 501, gid = 20, egid = 20, asid = 100000

109

110 System services loaded

111

112 com.adobe.ARM.SMJobBlessHelper

113 com.adobe.fpsaud

114 com.apple.watchdogd

115

116 System services disabled

117

118 com.apple.mtmd

119 com.apple.mtmfs

120

121 Login services loaded

122

123 com.adobe.ARM.UUID

124 com.adobe.ARM.UUID

125 com.apple.CSConfigDotMacCert-EMAIL-SharedServices

126 - status: 78

127 com.apple.helpd

128 - status: -15

129 com.google.keystone.user.agent

130

131 Login services disabled

132

133 com.vsearch.helper

134 com.vsearch.daemon

135 com.vsearch.agent

136

137 User services disabled

138

139 com.vsearch.helper

140 com.vsearch.daemon

141 com.vsearch.agent

142

143 Startup items

144

145 /Library/StartupItems/TuxeraNTFSUnmountHelper/StartupParameters.plist

146 /Library/StartupItems/TuxeraNTFSUnmountHelper/TuxeraNTFSUnmountHelper

147

148 Global login items

149

150 /Library/Printers/Samsung/Daemon/DaemonManager/DaemonManager.app

151

152 User login items

153

154 iTunesHelper

155 - /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

156 AdobeResourceSynchronizer

157 - /Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app

158 Wondershare Helper Compact

159 - /Users/USER/Library/Application Support/Helper/Wondershare Helper Compact.app

160 Google Chrome

161 - /Applications/Google Chrome.app

162 DaemonManager

163 - /Library/Printers/Samsung/Daemon/DaemonManager/DaemonManager.app

164

165 iCloud errors

166

167 cloudd 2

168

169 Restricted files: 222

170

171 Lockfiles: 2

172

173 Global prefs (user)

174

175 NSQuitAlwaysKeepsWindows = 1

176

177 Accessibility

178

179 Keyboard Zoom: On

180

181 Contents of /Library/LaunchDaemons/com.adobe.ARM.SMJobBlessHelper.plist

182 - mod date: Sep 15 15:37:38 2015

183 - size (B): 683

184 - checksum: 2331732828

185

186 <?xml version="1.0" encoding="UTF-8"?>

187 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

188 <plist version="1.0">

189 <dict>

190 <key>Label</key>

191 <string>com.adobe.ARM.SMJobBlessHelper</string>

192 <key>LaunchOnlyOnce</key>

193 <true/>

194 <key>MachServices</key>

195 <dict>

196 <key>com.adobe.ARM.SMJobBlessHelper.mach</key>

197 <true/>

198 </dict>

199 <key>OnDemand</key>

200 <false/>

201 <key>Program</key>

202 <string>/Library/PrivilegedHelperTools/com.adobe.ARM.SMJobBlessHelper</string>

203 <key>ProgramArguments</key>

204 <array>

205 <string>/Library/PrivilegedHelperTools/com.adobe.ARM.SMJobBlessHelper</string>

206 </array>

207 <key>RunAtLoad</key>

208 <true/>

209 </dict>

210 </plist>

211

212 Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist

213 - mod date: Jun 25 01:14:04 2014

214 - size (B): 603

215 - checksum: 394026997

216

217 <?xml version="1.0" encoding="UTF-8"?>

218 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

219 <plist version="1.0">

220 <dict>

221 <key>Label</key>

222 <string>com.adobe.ARM.UUID</string>

223 <key>ProgramArguments</key>

224 <array>

225 <string>/Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper</string>

226 <string>semi-auto</string>

227 </array>

228 <key>RunAtLoad</key>

229 <true/>

230 <key>StartInterval</key>

231 <integer>12600</integer>

232 </dict>

233 </plist>

234

235 Contents of Library/LaunchAgents/com.adobe.ARM.UUID.plist

236 - mod date: Nov 12 02:37:01 2014

237 - size (B): 631

238 - checksum: 4116814193

239

240 <?xml version="1.0" encoding="UTF-8"?>

241 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

242 <plist version="1.0">

243 <dict>

244 <key>Label</key>

245 <string>com.adobe.ARM.UUID</string>

246 <key>ProgramArguments</key>

247 <array>

248 <string>/Applications/Adobe Acrobat XI Pro/Adobe Acrobat Pro.app/Contents/MacOS/Updater/Adobe Acrobat Updater Helper.app/Contents/MacOS/Adobe Acrobat Updater Helper</string>

249 <string>semi-auto</string>

250 </array>

251 <key>RunAtLoad</key>

252 <true/>

253 <key>StartInterval</key>

254 <integer>12600</integer>

255 </dict>

256 </plist>

257

258 Contents of Library/LaunchAgents/com.apple.CSConfigDotMacCert-EMAIL-SharedServices.Agent.pl ist

259 - mod date: Feb 28 06:08:23 2014

260 - size (B): 902

261 - checksum: 3225230507

262

263 <?xml version="1.0" encoding="UTF-8"?>

264 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

265 <plist version="1.0">

266 <dict>

267 <key>KeepAlive</key>

268 <false/>

269 <key>Label</key>

270 <string>com.apple.CSConfigDotMacCert-EMAIL-SharedServices</string>

271 <key>LimitLoadToSessionType</key>

272 <string>Aqua</string>

273 <key>LowPriorityIO</key>

274 <true/>

275 <key>Nice</key>

276 <integer>10</integer>

277 <key>ProgramArguments</key>

278 <array>

279 <string>/System/Library/Frameworks/CoreServices.framework/Frameworks/OSServices .framework/Versions/A/Support/CSConfigDotMacCert</string>

280 <string>-l</string>

281 <string>/Users/USER/Library/Logs/CSConfigDotMacCert.log</string>

282 <string>-u</string>

283 <string>EMAIL</string>

284 <string>-t</string>

285 <string>SharedServices</string>

286 <string>-s</string>

287 </array>

288

289 ...and 4 more line(s)

290

291 Contents of Library/LaunchAgents/com.google.keystone.agent.plist

292 - mod date: Aug 4 22:06:58 2015

293 - size (B): 804

294 - checksum: 4224937824

295

296 <?xml version="1.0" encoding="UTF-8"?>

297 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

298 <plist version="1.0">

299 <dict>

300 <key>Label</key>

301 <string>com.google.keystone.user.agent</string>

302 <key>LimitLoadToSessionType</key>

303 <string>Aqua</string>

304 <key>ProgramArguments</key>

305 <array>

306 <string>/Users/USER/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bu ndle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftw areUpdateAgent</string>

307 <string>-runMode</string>

308 <string>ifneeded</string>

309 </array>

310 <key>RunAtLoad</key>

311 <true/>

312 <key>StartInterval</key>

313 <integer>3523</integer>

314 <key>StandardErrorPath</key>

315 <string>/dev/null</string>

316 <key>StandardOutPath</key>

317 <string>/dev/null</string>

318 </dict>

319 </plist>

320

321 Bad plists

322

323 Library/Preferences/com.apple.Safari.plist.plist

324 Library/Preferences/com.solidstatenetworks.awkhost.plist

325 Library/Preferences/com.solidstatenetworks.host.plist

326

327 Extensions

328

329 /System/Library/Extensions/EPSONUSBPrintClass.kext

330 - com.epson.print.kext.USBPrintClass

331 /System/Library/Extensions/JMicronATA.kext

332 - com.jmicron.JMicronATA

333

334 Applications

335

336 /Applications/Duplicate Cleaner For iPhoto.app

337 - com.tuneupmymac.iPhotoDuplicateCleaner

338 /Applications/NTFS for Mac OS X/Register NTFS for Mac OS X.app

339 - com.paragon-software.filesystems.ntfs.Register

340 /Applications/Wondershare Video Converter Ultimate.app

341 - com.Wondershare.Video-Converter-Ultimate

342 /Library/Application Support/Microsoft/Silverlight/OutOfBrowser/SLLauncher.app

343 - com.microsoft.silverlight.sllauncher

344 /Library/Application Support/NTFS for Mac OS X/NTFS for Mac OS X.app

345 - com.paragon-software.TrialExpiredNotification

346 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app

347 - com.adobe.air.Template

348 /Library/PDF Services/Save as Adobe PDF.app

349 - com.apple.automator.SaveasAdobePDF

350 /Library/Printers/Samsung/Daemon/DaemonManager/AppLoginItem.app

351 - com.Samsung.AppLoginItem

352 /Library/Printers/Samsung/Daemon/DaemonManager/AppNotification.app

353 - com.Samsung.DaemonManager

354 /Library/Printers/Samsung/Daemon/DaemonManager/DaemonManager.app

355 - com.Samsung.DaemonManager

356 /Library/Printers/Samsung/Daemon/ScreenPrint/ScreenPrint.app

357 - com.Samsung.ScreenPrint

358 /Library/Printers/Samsung/Daemon/ScreenPrint/ScreenPrnMon.app

359 - com.Samsung.ScreenPrnMon

360 /Library/Printers/Samsung/Utilities/SM/PSU/Printer Settings Utility.app

361 - com.Samsung.iPSU

362 /Library/Printers/Samsung/Utilities/SM/PSU/Wireless Setting.app

363 - com.Samsung.WirelessSetting

364 /Library/Printers/Samsung/Utilities/SM/SPanel.app

365 - com.Samsung.SPanel

366 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_aapocclcgogkmnckokdopfmhonfmgoek/Default aapocclcgogkmnckokdopfmhonfmgoek.app

367 - com.google.Chrome.app.Default-aapocclcgogkmnckokdopfmhonfmgoek-internal

368 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_aohghmighlieiainnegkcijnfilokake/Default aohghmighlieiainnegkcijnfilokake.app

369 - com.google.Chrome.app.Default-aohghmighlieiainnegkcijnfilokake-internal

370 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_apdfllckaahabafndbhieahigkjlhalf/Default apdfllckaahabafndbhieahigkjlhalf.app

371 - com.google.Chrome.app.Default-apdfllckaahabafndbhieahigkjlhalf-internal

372 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Default blpcfgokakmgnkcojhhkbfbldkacnbeo.app

373 - com.google.Chrome.app.Default-blpcfgokakmgnkcojhhkbfbldkacnbeo-internal

374 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_coobgpohoikkiipiblmjeljniedjpjpf/Default coobgpohoikkiipiblmjeljniedjpjpf.app

375 - com.google.Chrome.app.Default-coobgpohoikkiipiblmjeljniedjpjpf-internal

376 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_felcaaldnbdncclmgdcncolpebgiejap/Default felcaaldnbdncclmgdcncolpebgiejap.app

377 - com.google.Chrome.app.Default-felcaaldnbdncclmgdcncolpebgiejap-internal

378 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_nmmhkkegccagdldgiimedpiccmgmieda/Default nmmhkkegccagdldgiimedpiccmgmieda.app

379 - com.google.Chrome.app.Default-nmmhkkegccagdldgiimedpiccmgmieda-internal

380 /Users/USER/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_pjkljhegncpnkpknbcohdijeoejaedia/Default pjkljhegncpnkpknbcohdijeoejaedia.app

381 - com.google.Chrome.app.Default-pjkljhegncpnkpknbcohdijeoejaedia-internal

382 /Users/USER/Library/Application Support/Wondershare/Video_Converter_Ultimate/IU/58014/Apps/ADManager.app

383 - com.analyst.downloader

384 /Users/USER/Library/Application Support/Wondershare/Video_Converter_Ultimate/IU/58014/onlineUpdateMain.app

385 - Wondershare.onlineUpdateMain

386 /Users/USER/Library/Application Support/Wondershare/Video_Converter_Ultimate/IU/__MACOSX/58014/Apps/ADManager.a pp

387 - N/A

388 /Users/USER/Library/Application Support/Wondershare/Video_Converter_Ultimate/IU/__MACOSX/58014/onlineUpdateMain .app

389 - N/A

(removed lines concerning external volume)

...

393 Frameworks

394

395 /Library/Frameworks/Adobe AIR.framework

396 - com.adobe.AIR

397 /Library/Frameworks/MacFUSE.framework

398 - com.google.MacFUSE

399 /Library/Frameworks/OSXFUSE.framework

400 - com.github.osxfuse.framework

401

402 PrefPane

403

404 /Library/PreferencePanes/Flash Player.prefPane

405 - com.adobe.flashplayerpreferences

406 /Library/PreferencePanes/MacFUSE.prefPane

407 - com.google.MacFUSE

408 /Library/PreferencePanes/NTFS-3G.prefPane

409 - org.catacombae.macntfs-3g.prefpane

410 /Library/PreferencePanes/NTFSforMacOSX.prefPane

411 - com.paragon-software.filesystems.ntfs.prefpanel

412 /Library/PreferencePanes/OSXFUSE.prefPane

413 - com.github.osxfuse.OSXFUSEPrefPane

414 /Library/PreferencePanes/Tuxera NTFS.prefPane

415 - com.tuxera.ntfs.mac.prefpane

416 /Users/USER/Library/PreferencePanes/Perian.prefPane

417 - org.perian.PerianPane

418

419 Bundles

420

421 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/AdobeCP15.plugin

422 - com.adobe.adobecp

423 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Flash Player.plugin

424 - com.macromedia.FlashPlayer-10.6.plugin

425 /Library/Internet Plug-Ins/AdobeAAMDetect.plugin

426 - com.AdobeAAMDetectLib.AdobeAAMDetect

427 /Library/Internet Plug-Ins/AdobePDFViewer.plugin

428 - com.adobe.acrobat.pdfviewer

429 /Library/Internet Plug-Ins/AdobePDFViewerNPAPI.plugin

430 - com.adobe.acrobat.pdfviewerNPAPI

431 /Library/Internet Plug-Ins/Flash Player.plugin

432 - com.macromedia.Flash Player.plugin

433 /Library/Internet Plug-Ins/Silverlight.plugin

434 - com.microsoft.SilverlightPlugin

435 /Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle

436 - com.skype.skypeabdialer

437 /Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle

438 - com.skype.skypeabsms

439 /Users/USER/Library/Application Support/Google/Chrome/PepperFlash/18.0.0.209/PepperFlashPlayer.plugin

440 - com.macromedia.PepperFlashPlayer.pepper

441

442 Bundles (new)

443

444 /Applications/Skype.app

445 - com.skype.skype

446 /Applications/Total Video Converter Lite - Totally Free to Convert Any Format.app

447 - com.etinysoft.Total-Video-Converter-Lite

448 /Users/USER/Library/Address Book Plug-Ins/SkypeABDialer.bundle

449 - com.skype.skypeabdialer

450 /Users/USER/Library/Address Book Plug-Ins/SkypeABSMS.bundle

451 - com.skype.skypeabsms

452

453 Library paths

454

455 /Applications/Utilities/Adobe Application Manager/CCM/CCMNative.dylib

456 /Applications/Utilities/Adobe Application Manager/D6/D6Native.dylib

457 /Applications/Utilities/Adobe Application Manager/DECore/ARKSelector.dylib

458 /Applications/Utilities/Adobe Application Manager/DECore/DE5/Setup.dylib

459 /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKCmdCaps.dylib

460 /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKCmdFS.dylib

461 /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/ARKEngine.dylib

462 /Applications/Utilities/Adobe Application Manager/DECore/DE5/resources/libraries/AdobePIM.dylib

463 /Applications/Utilities/Adobe Application Manager/DECore/DE6/Setup.dylib

464 /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKCmdCaps.dylib

465 /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKCmdFS.dylib

466 /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/ARKEngine.dylib

467 /Applications/Utilities/Adobe Application Manager/DECore/DE6/resources/libraries/AdobePIM.dylib

468 /Applications/Utilities/Adobe Application Manager/DWA/DWANative.dylib

469 /Applications/Utilities/Adobe Application Manager/LWA/PWANative.dylib

470 /Applications/Utilities/Adobe Application Manager/LWA/adobe_caps.dylib

471 /Applications/Utilities/Adobe Application Manager/LWA/adobe_oobelib.dylib

472 /Applications/Utilities/Adobe Application Manager/LWA/adobe_upgrade.dylib

473 /Applications/Utilities/Adobe Application Manager/P6/IMSLib.dylib

474 /Applications/Utilities/Adobe Application Manager/P6/P6Native.dylib

475 /Applications/Utilities/Adobe Application Manager/P6/VulcanBridge.dylib

476 /Applications/Utilities/Adobe Application Manager/P6/VulcanMessage.dylib

477 /Applications/Utilities/Adobe Application Manager/P6/adobe_oobelib.dylib

478 /Applications/Utilities/Adobe Application Manager/P6/adobe_upgrade.dylib

479 /Applications/Utilities/Adobe Application Manager/P6/axlib.dylib

480 /Applications/Utilities/Adobe Application Manager/P7/IMSLib.dylib

481 /Applications/Utilities/Adobe Application Manager/P7/P7Native.dylib

482 /Applications/Utilities/Adobe Application Manager/P7/VulcanBridge.dylib

483 /Applications/Utilities/Adobe Application Manager/P7/VulcanMessage4.dylib

484 /Applications/Utilities/Adobe Application Manager/P7/VulcanMessage5.dylib

485 /Applications/Utilities/Adobe Application Manager/P7/adobe_oobelib.dylib

486 /Applications/Utilities/Adobe Application Manager/P7/adobe_upgrade.dylib

487 /Applications/Utilities/Adobe Application Manager/P7/axlibv7.dylib

488 /Applications/Utilities/Adobe Application Manager/UWA/UWANative.dylib

489 /Applications/Utilities/Adobe Application Manager/core/AdobePIM.dylib

490 /Applications/Utilities/Adobe Application Manager/core/switcher/CCM_UI.dylib

491 /Applications/Utilities/Adobe Application Manager/core/switcher/DWA_UI.dylib

492 /Applications/Utilities/Adobe Application Manager/core/switcher/LWA_UI.dylib

493 /Library/Application Support/Adobe/Acrobat 11 Helper Frameworks/adobe_oobelib/adobe_caps.dylib

494 /Library/Application Support/Adobe/Acrobat 11 Helper Frameworks/adobe_oobelib/adobe_oobelib.dylib

495 /Library/Application Support/Adobe/Acrobat 11 Helper Frameworks/adobe_oobelib/adobe_upgrade.dylib

496 /Library/Application Support/Adobe/Acrobat 11 Helper Frameworks/adobe_oobelib/axlib.dylib

497 /Library/Application Support/Mozilla/Extensions/{UUID}/EMAILedotcom/components/WCFirefox_x86Extn.dyl ib

498 /Library/Application Support/Mozilla/Extensions/{UUID}/EMAILedotcom/components/WCFirefox_x86_64Extn. dylib

499 /Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/WebKit.dylib

500 /Library/Frameworks/OSXFUSE.framework/Versions/A/Resources/Debug/libmacfuse_i32 .2.dylib.dSYM/Contents/Resources/DWARF/libmacfuse_i32.2.dylib

501 /Library/Frameworks/OSXFUSE.framework/Versions/A/Resources/Debug/libmacfuse_i64 .2.dylib.dSYM/Contents/Resources/DWARF/libmacfuse_i64.2.dylib

502 /Library/Frameworks/OSXFUSE.framework/Versions/A/Resources/Debug/libosxfuse_i32 .dylib.dSYM/Contents/Resources/DWARF/libosxfuse_i32.dylib

503 /Library/Frameworks/OSXFUSE.framework/Versions/A/Resources/Debug/libosxfuse_i64 .dylib.dSYM/Contents/Resources/DWARF/libosxfuse_i64.dylib

504 /Library/Printers/Samsung/ML-1865W/SCMS/libscmssc.dylib

505 /Users/USER/Library/Application Support/Firefox/Profiles/csdckd10.default/gmp-gmpopenh264/1.4/libgmpopenh264.dy lib

506 /Users/USER/Library/Application Support/Google/Chrome/WidevineCDM/1.4.8.824/_platform_specific/mac_x64/libwidev inecdm.dylib

507 /usr/lib/libUFSD.dylib

508 /usr/local/lib/libmacfuse_i32.2.dylib

509 /usr/local/lib/libmacfuse_i64.2.dylib

510 /usr/local/lib/libntfs-3g.71.dylib

511 /usr/local/lib/libntfs.9.0.0.dylib

512 /usr/local/lib/libosxfuse_i32.2.dylib

513 /usr/local/lib/libosxfuse_i64.2.dylib

514 /usr/local/lib/libublio.1.dylib

515

516 App extensions

517

518 com.crowdedroad.ifaxpromac.widget

519

520 Installations

521

522 Total Video Converter Lite - Totally Free to Convert Any Format: 9/16/15, 2:36 PM

523 Adobe Reader XI (11.0.12): 9/15/15, 3:38 PM

524 iFax: 9/3/15, 9:41 PM

525 DjVu Reader: 9/3/15, 9:38 PM

526 SmartConverter: 9/3/15, 9:37 PM

527

528 Elapsed time (sec): 263

Reply