Marsue
Level 1 (18 points)
Desktops

Q: Forgot to activate firewall

After updating Adobe Flash, I forgot to re-activate my firewall. I checked it after noticing that a number of websites i did not visit showed up in my web browser (Firefox). It was late, so I reactivated the firewall, turned OFF my iMac and went to bed. Next morning, I am sending this from my iPhone. How do I tell if there is any malware on my iMac?

 

oh! I also was alerted by one of my friends that she got an email from "me" that obviously wasn't

 

HElp!

 

marsue

iMac (27-inch Mid 2011), OS X Yosemite (10.10.5), 3.4 GHz Intel Cor i7

Posted on Aug 23, 2016 4:40 AM

Close
Marsue

Q: Forgot to activate firewall

  • All replies
  • Helpful answers

  • by Eric Root,Helpful

    Eric Root Eric Root Aug 24, 2016 6:51 PM in response to Marsue
    Level 9 (69,599 points)
    iTunes
    Aug 24, 2016 6:51 PM in response to Marsue

    Try running this program and then copy and paste the output in a reply. The program was created by Etresoft, a frequent contributor.  Please use copy and paste as screen shots can be hard to read. On the screen with Options, please open Options and check the bottom 2 boxes before running. Click “Share Report” button in the toolbar, select “Copy to Clipboard” and then paste into a reply. This will show what is running on your computer. No personal information is shown. You can also run Malwarebytes.
      

    Etrecheck – System Information


    Malwarebytes Anti-Malware for Mac      10.8 and later

     

    What should I do if Malwarebytes Anti-Malware for Mac didn't solve my problem?

  • by Marsue,

    Marsue Marsue Aug 23, 2016 11:49 AM in response to Eric Root
    Level 1 (18 points)
    Desktops
    Aug 23, 2016 11:49 AM in response to Eric Root

    EtreCheck version: 3.0.2 (306)

    Report generated 2016-08-23 13:46:34

    Download EtreCheck from https://etrecheck.com

    Runtime 5:40

    Performance: Below Average

     

    Click the [Support] links for help with non-Apple products.

    Click the [Details] links for more information about that line.

     

    Problem: Other problem

    Description:

    possible malware

     

    Hardware Information:

        iMac (27-inch, Mid 2011)

        [Technical Specifications] - [User Guide] - [Warranty & Service]

        iMac - model: iMac12,2

        1 3.4 GHz Intel Core i7 CPU: 4-core

        16 GB RAM Upgradeable - [Instructions]

            BANK 0/DIMM0

                4 GB DDR3 1333 MHz ok

            BANK 1/DIMM0

                4 GB DDR3 1333 MHz ok

            BANK 0/DIMM1

                4 GB DDR3 1333 MHz ok

            BANK 1/DIMM1

                4 GB DDR3 1333 MHz ok

        Bluetooth: Old - Handoff/Airdrop2 not supported

        Wireless:  en1: 802.11 a/b/g/n

     

    Video Information:

        AMD Radeon HD 6970M - VRAM: 2048 MB

            iMac 2560 x 1440

     

    System Software:

        OS X Yosemite 10.10.5 (14F1909) - Time since boot: less than an hour

     

    Disk Information:

        Hitachi HDS723020BLA642 disk0 : (2 TB) (Rotational)

            EFI (disk0s1) <not mounted> : 210 MB

            Macintosh HD (disk0s2) / : 2.00 TB (695.61 GB free)

            Recovery HD (disk0s3) <not mounted>  [Recovery]: 650 MB

     

        HL-DT-STDVDRW  GA32N   ()

     

    USB Information:

        Apple Internal Memory Card Reader

        Apple Computer, Inc. IR Receiver

        Apple Inc. FaceTime HD Camera (Built-in)

        EPSON USB2.0 Printer (Hi-speed)

        Apple Inc. BRCM2046 Hub

            Apple Inc. Bluetooth USB Host Controller

     

    Thunderbolt Information:

        Apple Inc. thunderbolt_bus

     

    Gatekeeper:

        Mac App Store and identified developers

     

    Kernel Extensions:

            /Library/Application Support/LogMeIn/drivers

        [loaded]    com.logmein.driver.LogMeInSoundDriver (4.1.6949 - 2016-08-12) [Support]

     

            /System/Library/Extensions

        [not loaded]    com.lytro.Firefly (4.1 - SDK 10.7 - 2016-08-22) [Support]

        [not loaded]    com.markspace.iokit.IOMissingSyncMassStorage (6.0.1 - 2016-08-22) [Support]

        [not loaded]    com.markspace.missingsync.palmos.classicseize (1.0.0 - 2016-08-22) [Support]

        [not loaded]    com.palm.ClassicNotSeizeDriver (3.2.1 - 2016-08-22) [Support]

        [not loaded]    com.wacom.kext.wacomtablet (Wacom Tablet 6.1.7-5 - 2016-08-22) [Support]

     

    Startup Items:

        HP IO: Path: /Library/StartupItems/HP IO

        MissingSyncMounting: Path: /Library/StartupItems/MissingSyncMounting

        MxBtDaemon: Path: /Library/StartupItems/MxBtDaemon

        ProTec6b: Path: /Library/StartupItems/ProTec6b

        RetroRun: Path: /Library/StartupItems/RetroRun

        Startup items are obsolete in OS X Yosemite

     

    System Launch Agents:

        [not loaded]    5 Apple tasks

        [loaded]    148 Apple tasks

        [running]    59 Apple tasks

     

    System Launch Daemons:

        [not loaded]    45 Apple tasks

        [loaded]    136 Apple tasks

        [running]    82 Apple tasks

     

    Launch Agents:

        [not loaded]    com.adobe.AAM.Updater-1.0.plist (2016-02-11) [Support]

        [running]    com.adobe.AdobeCreativeCloud.plist (2016-02-11) [Support]

        [loaded]    com.adobe.CS4ServiceManager.plist (2010-02-08) [Support]

        [running]    com.epson.Epson_Low_Ink_Reminder.launcher.plist (2012-05-13) [Support]

        [running]    com.epson.eventmanager.agent.plist (2012-05-08) [Support]

        [loaded]    com.google.keystone.agent.plist (2016-07-11) [Support]

        [failed]    com.logmein.LMILaunchAgentFixer.plist (2016-08-12) [Support]

        [running]    com.logmein.logmeingui.plist (2016-08-12) [Support]

        [running]    com.logmein.logmeinguiagent.plist (2016-08-12) [Support]

        [not loaded]    com.logmein.logmeinguiagentatlogin.plist (2016-08-12) [Support]

        [loaded]    com.oracle.java.Java-Updater.plist (2015-08-20) [Support]

        [running]    com.sony.WirelessAutoImportLauncher.agent.plist (2014-01-24) [Support]

        [running]    com.wacom.wacomtablet.plist (2011-09-15) [Support]

     

    Launch Daemons:

        [loaded]    com.adobe.SwitchBoard.plist (2013-01-21) [Support]

        [running]    com.adobe.adobeupdatedaemon.plist (2016-02-14) [Support]

        [running]    com.adobe.agsservice.plist (2016-08-12) [Support]

        [loaded]    com.adobe.fpsaud.plist (2016-06-28) [Support]

        [running]    com.fitbit.galileod.plist (2015-10-30) [Support]

        [loaded]    com.google.keystone.daemon.plist (2016-07-11) [Support]

        [running]    com.logmein.logmeinserver.plist (2016-08-12) [Support]

        [loaded]    com.logmein.raupdate.plist (2012-07-26) [Support]

        [loaded]    com.lytro.Lytro.InstallHelper.plist (2013-10-24) [Support]

        [loaded]    com.microsoft.office.licensing.helper.plist (2011-03-10) [Support]

        [loaded]    com.oracle.java.Helper-Tool.plist (2015-08-20) [Support]

     

    User Launch Agents:

        [loaded]    com.adobe.AAM.Updater-1.0.plist (2013-01-21) [Support]

        [loaded]    com.adobe.ARM.[...].plist (2012-01-13) [Support]

        [running]    com.akamai.single-user-client.plist (2015-09-23) [Support]

        [loaded]    com.apple.SafariBookmarksSyncer.plist (2008-12-30) [Support]

        [not loaded]    com.barebones.weathercal-agent.plist (2009-12-11) [Support]

     

    User Login Items:

        Dropbox    Application  (/Applications/Dropbox.app)

        AdobeResourceSynchronizer    Application Hidden (/Applications/Adobe Reader.app/Contents/Support/AdobeResourceSynchronizer.app)

        SpyderGallery Desktop    Application  (/Applications/Datacolor/SpyderGallery/SpyderGallery Desktop.app)

        SpyderUtility    Application  (/Applications/Datacolor/Spyder4Pro/Support/SpyderUtility.app)

        Fitbit Connect Menubar Helper    Application  (/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app)

        HP Scheduler    Application  (/Library/Application Support/Hewlett-Packard/Software Update/HP Scheduler.app)

        WD Quick View    Application  (/Library/Application Support/WDSmartware/WDQuickView.app)

        Photo Stream URL    SMLoginItem  (/Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app)

        LytroHelper    SMLoginItem  (/Applications/Lytro.app/Contents/Library/LoginItems/LytroHelper.app)

     

    Internet Plug-ins:

        AdobePDFViewerNPAPI: 11.0.17 - SDK 10.6 (2016-07-15) [Support]

        Flash Player: 22.0.0.209 - SDK 10.9 (2016-08-22) [Support]

        WacomNetscape: 1.1.1-1 (2011-12-29) [Support]

        AdobePDFViewer: 11.0.17 - SDK 10.6 (2016-07-15) [Support]

        LogMeInSafari32: 1.0.961 - SDK 10.7 (2013-10-25) [Support]

        PrintDialogExt: 3.5 (2006-03-10) [Support]

        googletalkbrowserplugin: 5.41.3.0 - SDK 10.8 (2015-12-11) [Support]

        AdobeExManDetect: AdobeExManDetect 1.1.0.0 - SDK 10.7 (2013-12-29) [Support]

        iPhotoPhotocast: 7.0 (2010-04-05)

        QuickTime Plugin: 7.7.3 (2016-08-13)

        FlashPlayer-10.6: 22.0.0.209 - SDK 10.9 (2016-08-22) [Support]

        AdobeAAMDetect: 3.0.0.0 - SDK 10.9 (2016-02-14) [Support]

        GarminGpsControl: 2.6.2.0 Release (2008-09-22) [Support]

        Silverlight: 4.0.60129.0 (2012-03-15) [Support]

        LogMeIn: 1.0.961 - SDK 10.7 (2013-10-25) [Support]

        Google Earth Web Plug-in: 7.1 (2015-06-08) [Support]

        LogitechHarmony: 1.0.0.1 (2011-03-21) [Support]

        Default Browser: 600 - SDK 10.10 (2015-07-16)

        Flip4Mac WMV Plugin: 2.3.4.1 (2010-06-15) [Support]

        o1dbrowserplugin: 5.41.3.0 - SDK 10.8 (2016-01-01) [Support]

        NPDjVu: Unknown (2006-03-10) [Support]

        SharePointBrowserPlugin: 14.6.5 - SDK 10.6 (2016-07-06) [Support]

        JavaAppletPlugin: Java 8 Update 91 build 14 (2016-06-16) Check version

        OfficeLiveBrowserPlugin: 12.3.6 (2013-08-30) [Support]

     

    User internet Plug-ins:

        CitrixOnlineWebDeploymentPlugin: 1.0.105 (2013-04-25) [Support]

        fbplugin_1_0_3: Unknown (2010-02-26) [Support]

        WebEx: 1.0 (2011-02-24) [Support]

     

    Safari Extensions:

        1Password - AgileBits - http://agilebits.com/onepassword (2015-05-31)

        Blur - Abine, the online privacy company. - http://www.abine.com (2015-09-12)

     

    3rd Party Preference Panes:

        Akamai NetSession Preferences (2015-09-23) [Support]

        Flash Player (2016-06-28) [Support]

        Flip4Mac WMV (2010-06-15) [Support]

        Iomega Active Delivery (2008-06-21) [Support]

        Java (2016-06-16) [Support]

        WDQuickView (2016-07-20) [Support]

        WeatherCal (2009-12-11) [Support]

     

    Time Machine:

        Skip System Files: NO

        Mobile backups: OFF

        Auto backup: YES

        Volumes being backed up:

            Macintosh HD: Disk size: 2.00 TB Disk used: 1.30 TB

        Destinations:

            TIME MACHINE BACKUPS [Local]

            Total size: 5.00 TB

            Total number of backups: 32

            Oldest backup: 8/14/16, 4:51 AM

            Last backup: 8/22/16, 7:42 PM

            Size of backup disk: Adequate

                Backup size 5.00 TB > (Disk used 1.30 TB X 3)

     

    Top Processes by CPU:

             3%    com.apple.iCloudHelper

             3%    WindowServer

             3%    recentsd

             3%    kernel_task

             2%    photolibraryd

     

    Top Processes by Memory:

        877 MB    kernel_task

        213 MB    Dropbox

        131 MB    mds_stores

        131 MB    Adobe CEF Helper(3)

        131 MB    mdworker(11)

     

    Virtual Memory Information:

        8.80 GB    Free RAM

        7.20 GB    Used RAM (5.03 GB Cached)

        0 B    Swap Used

     

    Diagnostics Information:

        Aug 23, 2016, 01:44:38 PM    ~/Library/Logs/DiagnosticReports/cloudphotosd_2016-08-23-134438_[redacted].cras h

            com.apple.cloudphotosd - /System/Library/CoreServices/cloudphotosd.app/Contents/MacOS/cloudphotosd

        Aug 23, 2016, 01:25:34 PM    Self test - passed

        Aug 22, 2016, 11:00:07 PM    /Library/Logs/DiagnosticReports/firefox_2016-08-22-230007_[redacted].hang

            /Applications/Firefox.app/Contents/MacOS/firefox

        Aug 21, 2016, 12:21:53 PM    /Library/Logs/DiagnosticReports/Adobe Lightroom_2016-08-21-122153_[redacted].cpu_resource.diag [Details]

            /Applications/Adobe Lightroom/Adobe Lightroom.app/Contents/MacOS/Adobe Lightroom

        Aug 20, 2016, 04:29:03 PM    /Library/Logs/DiagnosticReports/Adobe Lightroom_2016-08-20-162903_[redacted].cpu_resource.diag [Details]

  • by Marsue,

    Marsue Marsue Aug 23, 2016 2:34 PM in response to Marsue
    Level 1 (18 points)
    Desktops
    Aug 23, 2016 2:34 PM in response to Marsue

    I also have 3 external hard drives that I disconnected last night, in addition to the one that I use for backups. So the above report does not include them.

     

    Marsue

  • by Eric Root,

    Eric Root Eric Root Aug 24, 2016 1:56 PM in response to Marsue
    Level 9 (69,599 points)
    iTunes
    Aug 24, 2016 1:56 PM in response to Marsue

    Did you run Malwarebytes?

     

    Try uninstalling the Logmein Software using the developer's uninstall instructions.

  • by Marsue,

    Marsue Marsue Aug 24, 2016 6:50 PM in response to Marsue
    Level 1 (18 points)
    Desktops
    Aug 24, 2016 6:50 PM in response to Marsue

    I did uninstall Logmein.

    I ran Malwarebytes and it did not turn up any problems. The only thing that I have seen out of the ordinary is a number of sites popping up in my history (in Firefox) which I never visited (while I was on my Mac!).

     

    For now, I have deleted Firefox and am using Safari. I will re-attach my external drives and re-run the Etrecheck and the Malwarebytes after that. So for right now, I'm not going to worry, right? Just remain vigilant?

     

    Thanks so much for your help.

     

    Marsue

  • by Marsue,

    Marsue Marsue Aug 24, 2016 6:53 PM in response to Marsue
    Level 1 (18 points)
    Desktops
    Aug 24, 2016 6:53 PM in response to Marsue

    While we're talking: The Etrecheck shows that my system is slower than it should be. Does the printout show what the hangup is? Can I do something to speed my system?

     

    Marsue

  • by Eric Root,

    Eric Root Eric Root Aug 24, 2016 7:51 PM in response to Marsue
    Level 9 (69,599 points)
    iTunes
    Aug 24, 2016 7:51 PM in response to Marsue

    You are welcome.  If you have uninstalled Logmein and attached the hard drives, please run and post another Etrecheck report. Firefox was crashing, but you posted you deleted that application.

  • by leroydouglas,

    leroydouglas leroydouglas Aug 24, 2016 8:41 PM in response to Marsue
    Level 7 (22,778 points)
    Notebooks
    Aug 24, 2016 8:41 PM in response to Marsue

    If you are on your own Network, your router has it's own firewall.  There is no harm done.