Q: just got my macbook pro a month ago. i don't know what security/antivirus system i have on here. and i just had a virus or malaware attack my computer. i think removed but not 100%

Here the report

EtreCheck version: 2.6.3 (223)

Report generated 05/11/15, 12:37 AM

Runtime 1:26

Download EtreCheck from http://etresoft.com/etrecheck

Click the [Click for support] links for help with non-Apple products.

Click the [Click for details] links for more information about that line.

Hardware Information: (What does this mean?)

    MacBook Pro (Retina, 15-inch, Mid 2014)

    [Click for Technical Specifications]

    [Click for User Guide]

    MacBook Pro - model: MacBookPro11,2

    1 2.5 GHz Intel Core i7 CPU: 4-core

    16 GB RAM Not upgradeable

            BANK 0/DIMM0

            8 GB DDR3 1600 MHz ok

        BANK 1/DIMM0

            8 GB DDR3 1600 MHz ok

    Bluetooth: Good - Handoff/Airdrop2 supported

    Wireless:  en0: 802.11 a/b/g/n/ac

    Battery: Health = Normal - Cycle count = 220 - SN = D864387Y00EF9CPAY

Video Information: (What does this mean?)

    Intel Iris Pro

        Color LCD 2880 x 1800

System Software: (What does this mean?)

    OS X El Capitan 10.11.1 (15B42) - Time since boot: about 6 hours

Disk Information: (What does this mean?)

    APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)

        EFI (disk0s1) <not mounted> : 210 MB

        Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

        Macintosh HD (disk1) / : 499.08 GB (169.47 GB free)

            Encrypted AES-XTS Unlocked

            Core Storage: disk0s2 499.42 GB Online

USB Information: (What does this mean?)

    Apple Inc. Apple Internal Keyboard / Trackpad

    Apple Inc. BRCM20702 Hub

        Apple Inc. Bluetooth USB Host Controller

Thunderbolt Information: (What does this mean?)

    Apple Inc. thunderbolt_bus

Gatekeeper: (What does this mean?)

    Mac App Store and identified developers

Kernel Extensions: (What does this mean?)

        /Applications/HMA! Pro VPN.app

    [not loaded]    com.Privax.AppFirewall (1 - SDK 10.10) [Click for support]

        /Library/Extensions

    [not loaded]    foo.tap (1.0) [Click for support]

    [not loaded]    foo.tun (1.0) [Click for support]

        /System/Library/Extensions

    [not loaded]    com.wdc.driver.1394.64.10.9 (1.0.1 - SDK 10.9) [Click for support]

    [not loaded]    com.wdc.driver.USB.64.10.9 (1.0.1 - SDK 10.9) [Click for support]

Startup Items: (What does this mean?)

    tap: Path: /Library/StartupItems/tap

    tun: Path: /Library/StartupItems/tun

    TuxeraNTFSUnmountHelper: Path: /Library/StartupItems/TuxeraNTFSUnmountHelper

    Startup items are obsolete in OS X Yosemite

Launch Agents: (What does this mean?)

    [loaded]    com.google.keystone.agent.plist [Click for support]

    [loaded]    com.teamviewer.teamviewer.plist [Click for support]

    [loaded]    com.teamviewer.teamviewer_desktop.plist [Click for support]

Launch Daemons: (What does this mean?)

    [loaded]    com.adobe.fpsaud.plist [Click for support]

    [loaded]    com.google.keystone.daemon.plist [Click for support]

    [loaded]    com.skype.skypeinstaller.plist [Click for support]

    [failed]    com.symantec.nis.uninstall.English.plist [Click for support]

    [loaded]    com.teamviewer.Helper.plist [Click for support]

    [loaded]    com.teamviewer.teamviewer_service.plist [Click for support]

User Launch Agents: (What does this mean?)

    [loaded]    com.adobe.ARM.[...].plist [Click for support]

    [loaded]    com.bittorrent.uTorrent.plist [Click for support]

User Login Items: (What does this mean?)

    iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

    Google Chrome    UNKNOWN  (missing value)

    WDDriveUtilityHelper    Application  (/Applications/WD Drive Utilities.app/Contents/WDDriveUtilityHelper.app)

    WDSecurityHelper    Application  (/Applications/WD Security.app/Contents/WDSecurityHelper.app)

    Dropbox    Application  (/Applications/Dropbox.app)

    Remote Mouse    Application  (/Applications/Remote Mouse.app)

    uTorrent    Application  (/Applications/uTorrent.app)

    CrossOver CD Helper    Application  (/Applications/CrossOver.app/Contents/Resources/CrossOver CD Helper.app)

    Skype    Application  (/Volumes/Skype/Skype.app)

    Viber    Application Hidden (/Applications/Viber.app)

    Skype    Application  (/Applications/Skype.app)

    LINE    Application  (/Applications/LINE.app)

Other Apps: (What does this mean?)

    [running]    com.apple.xpc.launchd.oneshot.0x10000002.Skype

    [running]    com.apple.xpc.launchd.oneshot.0x10000004.LINE

    [running]    com.apple.xpc.launchd.oneshot.0x10000005.Viber

    [running]    com.apple.xpc.launchd.oneshot.0x10000025.EtreCheck

    [running]    com.codeweavers.CrossOverCDHelper.73632

    [running]    com.getdropbox.dropbox.6432

    [running]    com.remotemouse.remotemouseserver.51872

    [loaded]    com.skype.skype.80032

    [loaded]    com.viber.osx.79072

    [running]    com.westerndigital.WDDriveUtilityHelper.72992

    [running]    com.westerndigital.WDSecurityHelper.73312

    [loaded]    jp.naver.line.mac.80352

Internet Plug-ins: (What does this mean?)

    FlashPlayer-10.6: Version: 19.0.0.226 - SDK 10.6 [Click for support]

    QuickTime Plugin: Version: 7.7.3

    AdobePDFViewerNPAPI: Version: 11.0.13 - SDK 10.6 [Click for support]

    AdobePDFViewer: Version: 11.0.13 - SDK 10.6 [Click for support]

    Flash Player: Version: 19.0.0.226 - SDK 10.6 [Click for support]

    Default Browser: Version: 601 - SDK 10.11

    o1dbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]

    googletalkbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]

3rd Party Preference Panes: (What does this mean?)

    Flash Player  [Click for support]

    Tuxera NTFS  [Click for support]

Time Machine: (What does this mean?)

    Time Machine not configured!

Top Processes by CPU: (What does this mean?)

         9%    Skype

         8%    com.apple.WebKit.Networking

         6%    WindowServer

         2%    fontd

         2%    hidd

Top Processes by Memory: (What does this mean?)

    1.03 GB    kernel_task

    852 MB    Skype

    459 MB    com.apple.WebKit.WebContent(3)

    311 MB    mdworker(15)

    295 MB    Viber

Virtual Memory Information: (What does this mean?)

    6.64 GB    Free RAM

    9.35 GB    Used RAM (2.78 GB Cached)

    0 B    Swap Used

Diagnostics Information: (What does this mean?)

    Nov 4, 2015, 06:52:50 PM    /Library/Logs/DiagnosticReports/Skype_2015-11-04-185250_[redacted].cpu_resource .diag [Click for details]

    Nov 4, 2015, 06:14:22 PM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-181422_[redacted].crash

    Nov 4, 2015, 06:14:05 PM    Self test - passed

    Nov 4, 2015, 02:45:23 PM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-144523_[redacted].crash

    Nov 4, 2015, 02:35:26 PM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-04-143526_[redacted].cpu_reso urce.diag [Click for details]

    Nov 4, 2015, 02:25:51 PM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-142551_[redacted].crash

    Nov 4, 2015, 02:23:44 PM    /Library/Logs/DiagnosticReports/Norton Management Installer_2015-11-04-142344_[redacted].hang

    Nov 4, 2015, 12:31:30 PM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-04-123130_[redacted].cpu_reso urce.diag [Click for details]

    Nov 4, 2015, 10:46:56 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-104656_[redacted].crash

    Nov 3, 2015, 03:08:49 PM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-03-150849_[redacted].cpu_reso urce.diag [Click for details]

    Nov 3, 2015, 10:35:42 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-03-103542_[redacted].crash

    Nov 3, 2015, 06:14:17 AM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-03-061417_[redacted].cpu_reso urce.diag [Click for details]

    Nov 2, 2015, 11:50:00 PM    ~/Library/Logs/DiagnosticReports/LookupViewService_2015-11-02-235000_[redacted] .crash

    Nov 2, 2015, 10:28:12 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-02-102812_[redacted].crash

    Oct 30, 2015, 06:02:06 AM    /Library/Logs/DiagnosticReports/Kernel_2015-10-30-060206_[redacted].panic [Click for details]

Norton is not yet properly removed

Tun and Tap are obsolete, remove them

Tuxera NTFS is also obsolete, remove it

Western Digital drive software is unsafe, remove it

Skype is crashing repeatedly, remove it and download a new version.

Removal should be done per the developers instructions, no other method is trustworthy

And you should seriously consider backing up, you can't predict when disaster will strike, but Time Machine will enable you to recover from it when it does.

    [loaded]    com.bittorrent.uTorrent.plist Click for support]

Has developed a reputation for delivering malware and subverting copyright law.  Proceed with caution.

then how to download torrent files?

EtreCheck version: 2.6.3 (223)

Report generated 05/11/15, 3:28 AM

Runtime 1:19

Download EtreCheck from http://etresoft.com/etrecheck

Click the [Click for support] links for help with non-Apple products.

Click the [Click for details] links for more information about that line.

Hardware Information: (What does this mean?)

    MacBook Pro (Retina, 15-inch, Mid 2014)

    [Click for Technical Specifications]

    [Click for User Guide]

    MacBook Pro - model: MacBookPro11,2

    1 2.5 GHz Intel Core i7 CPU: 4-core

    16 GB RAM Not upgradeable

            BANK 0/DIMM0

            8 GB DDR3 1600 MHz ok

        BANK 1/DIMM0

            8 GB DDR3 1600 MHz ok

    Bluetooth: Good - Handoff/Airdrop2 supported

    Wireless:  en0: 802.11 a/b/g/n/ac

    Battery: Health = Normal - Cycle count = 221 - SN = D864387Y00EF9CPAY

Video Information: (What does this mean?)

    Intel Iris Pro

        Color LCD 2880 x 1800

System Software: (What does this mean?)

    OS X El Capitan 10.11.1 (15B42) - Time since boot: less than an hour

Disk Information: (What does this mean?)

    APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)

        EFI (disk0s1) <not mounted> : 210 MB

        Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

        Macintosh HD (disk1) / : 499.08 GB (172.92 GB free)

            Encrypted AES-XTS Unlocked

            Core Storage: disk0s2 499.42 GB Online

USB Information: (What does this mean?)

    Western Digital My Passport 0820

    Apple Inc. Apple Internal Keyboard / Trackpad

    Apple Inc. BRCM20702 Hub

        Apple Inc. Bluetooth USB Host Controller

Thunderbolt Information: (What does this mean?)

    Apple Inc. thunderbolt_bus

Gatekeeper: (What does this mean?)

    Mac App Store and identified developers

Kernel Extensions: (What does this mean?)

        /Applications/HMA! Pro VPN.app

    [not loaded]    com.Privax.AppFirewall (1 - SDK 10.10) [Click for support]

        /Library/Extensions

    [not loaded]    foo.tap (1.0) [Click for support]

    [not loaded]    foo.tun (1.0) [Click for support]

        /System/Library/Extensions

    [not loaded]    com.wdc.driver.1394.64.10.9 (1.0.1 - SDK 10.9) [Click for support]

    [loaded]    com.wdc.driver.USB.64.10.9 (1.0.1 - SDK 10.9) [Click for support]

Launch Agents: (What does this mean?)

    [loaded]    com.google.keystone.agent.plist [Click for support]

    [loaded]    com.teamviewer.teamviewer.plist [Click for support]

    [loaded]    com.teamviewer.teamviewer_desktop.plist [Click for support]

Launch Daemons: (What does this mean?)

    [loaded]    com.adobe.fpsaud.plist [Click for support]

    [loaded]    com.google.keystone.daemon.plist [Click for support]

    [loaded]    com.skype.skypeinstaller.plist [Click for support]

    [loaded]    com.teamviewer.Helper.plist [Click for support]

    [loaded]    com.teamviewer.teamviewer_service.plist [Click for support]

User Launch Agents: (What does this mean?)

    [loaded]    com.adobe.ARM.[...].plist [Click for support]

    [loaded]    com.bittorrent.uTorrent.plist [Click for support]

User Login Items: (What does this mean?)

    iTunesHelper    Application  (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

    Google Chrome    UNKNOWN  (missing value)

    WDDriveUtilityHelper    Application  (/Applications/WD Drive Utilities.app/Contents/WDDriveUtilityHelper.app)

    WDSecurityHelper    Application  (/Applications/WD Security.app/Contents/WDSecurityHelper.app)

    Dropbox    Application  (/Applications/Dropbox.app)

    Remote Mouse    Application  (/Applications/Remote Mouse.app)

    CrossOver CD Helper    Application  (/Applications/CrossOver.app/Contents/Resources/CrossOver CD Helper.app)

    Skype    UNKNOWN  (missing value)

    Viber    Application Hidden (/Applications/Viber.app)

    Skype    Application  (/Applications/Skype.app)

    LINE    Application  (/Applications/LINE.app)

Other Apps: (What does this mean?)

    [running]    com.apple.xpc.launchd.oneshot.0x10000002.Viber

    [running]    com.apple.xpc.launchd.oneshot.0x10000003.LINE

    [running]    com.apple.xpc.launchd.oneshot.0x10000004.TextWrangler

    [running]    com.apple.xpc.launchd.oneshot.0x10000005.Skype

    [running]    com.codeweavers.CrossOverCDHelper.73632

    [running]    com.etresoft.EtreCheck.88992

    [running]    com.getdropbox.dropbox.6432

    [running]    com.remotemouse.remotemouseserver.51872

    [loaded]    com.skype.skype.112992

    [loaded]    com.viber.osx.79072

    [running]    com.westerndigital.WDDriveUtilityHelper.72992

    [running]    com.westerndigital.WDSecurityHelper.73312

    [loaded]    jp.naver.line.mac.80352

Internet Plug-ins: (What does this mean?)

    FlashPlayer-10.6: Version: 19.0.0.226 - SDK 10.6 [Click for support]

    QuickTime Plugin: Version: 7.7.3

    AdobePDFViewerNPAPI: Version: 11.0.13 - SDK 10.6 [Click for support]

    AdobePDFViewer: Version: 11.0.13 - SDK 10.6 [Click for support]

    Flash Player: Version: 19.0.0.226 - SDK 10.6 [Click for support]

    Default Browser: Version: 601 - SDK 10.11

    o1dbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]

    googletalkbrowserplugin: Version: 5.41.0.0 - SDK 10.8 [Click for support]

3rd Party Preference Panes: (What does this mean?)

    Flash Player  [Click for support]

    Tuxera NTFS  [Click for support]

Time Machine: (What does this mean?)

    Auto backup: YES

    Volumes being backed up:

        Macintosh HD: Disk size: 499.08 GB Disk used: 326.16 GB

    Destinations:

        SUNDAR [Local]

        Total size: 0 B

        Total number of backups: 0

        Oldest backup: -

        Last backup: -

        Size of backup disk: Too small

            Backup size 0 B < (Disk used 326.16 GB X 3)

Top Processes by CPU: (What does this mean?)

        24%    nsurlsessiond(2)

         4%    Skype

         4%    cloudd

         3%    fontd

         2%    WindowServer

Top Processes by Memory: (What does this mean?)

    931 MB    kernel_task

    508 MB    Skype

    328 MB    com.apple.WebKit.WebContent(2)

    279 MB    Viber

    229 MB    Safari

Virtual Memory Information: (What does this mean?)

    8.27 GB    Free RAM

    7.73 GB    Used RAM (3.10 GB Cached)

    0 B    Swap Used

Diagnostics Information: (What does this mean?)

    Nov 5, 2015, 03:17:32 AM    Self test - passed

    Nov 5, 2015, 03:00:02 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-030002_[redacted].crash

    Nov 5, 2015, 02:46:27 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-024627_[redacted].crash

    Nov 5, 2015, 02:03:34 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-020334_[redacted].crash

    Nov 5, 2015, 02:03:20 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-020320_[redacted].crash

    Nov 5, 2015, 01:54:36 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-015436_[redacted].crash

    Nov 5, 2015, 01:54:11 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-015411_[redacted].crash

    Nov 5, 2015, 01:48:58 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-014858_[redacted].crash

    Nov 5, 2015, 01:46:46 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-014646_[redacted].crash

    Nov 5, 2015, 01:13:29 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-05-011329_[redacted].crash

    Nov 4, 2015, 06:52:50 PM    /Library/Logs/DiagnosticReports/Skype_2015-11-04-185250_[redacted].cpu_resource .diag [Click for details]

    Nov 4, 2015, 06:14:22 PM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-181422_[redacted].crash

    Nov 4, 2015, 02:45:23 PM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-144523_[redacted].crash

    Nov 4, 2015, 02:35:26 PM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-04-143526_[redacted].cpu_reso urce.diag [Click for details]

    Nov 4, 2015, 02:25:51 PM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-142551_[redacted].crash

    Nov 4, 2015, 02:23:44 PM    /Library/Logs/DiagnosticReports/Norton Management Installer_2015-11-04-142344_[redacted].hang

    Nov 4, 2015, 12:31:30 PM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-04-123130_[redacted].cpu_reso urce.diag [Click for details]

    Nov 4, 2015, 10:46:56 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-04-104656_[redacted].crash

    Nov 3, 2015, 03:08:49 PM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-03-150849_[redacted].cpu_reso urce.diag [Click for details]

    Nov 3, 2015, 10:35:42 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-03-103542_[redacted].crash

    Nov 3, 2015, 06:14:17 AM    /Library/Logs/DiagnosticReports/SymDaemon_2015-11-03-061417_[redacted].cpu_reso urce.diag [Click for details]

    Nov 2, 2015, 11:50:00 PM    ~/Library/Logs/DiagnosticReports/LookupViewService_2015-11-02-235000_[redacted] .crash

    Nov 2, 2015, 10:28:12 AM    ~/Library/Logs/DiagnosticReports/Skype_2015-11-02-102812_[redacted].crash

    Oct 30, 2015, 06:02:06 AM    /Library/Logs/DiagnosticReports/Kernel_2015-10-30-060206_[redacted].panic [Click for details]

sundar83 wrote:

 

then how to download torrent files?

Don't.

Stick to the law, and stay safe.

Everything I said previously still applies, can I assume that you don't actually want to fix your problem?

What everybody else has said is true. It's the same real ClamXav that existed for ten years supported by donations. The Developer decided that he enjoyed his hobby more than his day job, but the product would not have been sustainable at contribution levels, so he formed a Company and is now engaged full time working on improving his now commercial product and timely one-on-one support of all sales and technical issues.  Older versions (including the App Store version) will continue to work as long as OS X allows but are no longer supported.  At some point they will no longer receive the custom OS X signatures that are currently provided. It's also possible that the Cisco/ClamAV folks responsible for the scan engine and primary signature database will disable updates, but they have not done that for several years now.

I realize I've posted this before, but I haven't seen any confirmation that you've seen it nor change in your posting on this, so I'll persist until I do.

Linc Davis wrote:

 

Note that with starting with OS X 10.11 there is a new MRT that seems to be totally unrelated to the previous version. It is installed with the OS in /System/Library/CoreServices/MRT.app and supported by a a new System LaunchDaemon com.apple.MRTd.plist to make sure it stays alive and a new LaunchAgent com.apple.MRTa.plist to report anything found. It appears to be completely different from the original MRT in that it does not destroy itself after one run, does not appear to be targeted against Flashback (probably Adware now) and runs periodically in the background. It is occasionally update by the Critical Updates process (the same one that updates databases such as XProtect and GateKeeper) for users that have not disabled "Install system data files and security updates".

I have yet to find any formal documentation with any additional information on this capability from Apple, but not surprising since it's Security related.