Detect and Rid a Virus?
A few weeks ago I noticed anomalous behaviors on my Mac. I reïnstalled OS X. That did not help.
I used Sophos to scan for viruses. It found some and quarantined them. However I think the virus is back and now Sophos will not complete a scan.
Can someone look at my EtreCheck scan for viruses? If found, what is the procedure to delete them? (I know sometimes that can be dangerous.)
I assume if I reformatted the system volume, installed OS X, and then recovered from an OS X backup, that might restore viruses. True?
I could revert to a system image from before these problems started (same OS level) and then copy my current user data from a clone (user account, email, …).
If and when I delete the virus or revert to an earlier image, I will first turn off Wi-Fi, recreate the administrative account with a new account name and password, and change my user account password.
Hardware Information:
MacBook Air (13-inch, Late 2010)
MacBook Air - model: MacBookAir3,2
1 2.13 GHz Intel Core 2 Duo CPU: 2 cores
4 GB RAM
Video Information:
NVIDIA GeForce 320M - VRAM: 256 MB
Audio Plug-ins:
BluetoothAudioPlugIn: Version: 4.3.4 - SDK 10.10
AirPlay: Version: 2.0 - SDK 10.10
AppleAVBAudio: Version: 303.1 - SDK 10.10
iSightAudio: Version: 7.7.3 - SDK 10.10
System Software:
OS X 10.10.3 (14D136) - Uptime: 0 days 0:43:7
Disk Information:
APPLE SSD TS256C disk0 : (251 GB)
EFI (disk0s1) <not mounted>: 209.7 MB
Gracie (disk0s2) /: 250.14 GB (37.1 GB free)
Recovery HD (disk0s3) <not mounted>: 650 MB
USB Information:
Canon MX870 series
Chicony Saitek Eclipse Keyboard
Logitech USB-PS/2 Optical Mouse
Apple Inc. FaceTime Camera (Built-in)
Apple Internal Memory Card Reader
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM2070 Hub
Apple Inc. Bluetooth USB Host Controller
FireWire Information:
Thunderbolt Information:
Kernel Extensions:
com.squirrels.driver.AirParrotSpeakers (1.8 - SDK 10.8)
com.squirrels.airparrot.framebuffer (3 - SDK 10.8)
com.sophos.nke.swi (9.2.50 - SDK 10.8)
com.sophos.kext.sav (9.2.50 - SDK 10.8)
Problem System Launch Daemons:
Problem System Launch Agents:
Launch Daemons:
[loaded] com.adobe.fpsaud.plist
[failed] com.apple.spirecorder.plist
[loaded] com.barebones.authd.plist
[loaded] com.bombich.ccchelper.plist
[loaded] com.equinux.VPNTracker6.agent.plist
[loaded] com.logmein.join.me.update-helper.plist
[loaded] com.micromat.TechToolProDaemon.plist
[loaded] com.microsoft.office.licensing.helper.plist
[loaded] com.oracle.java.Helper-Tool.plist
[loaded] com.oracle.java.JavaUpdateHelper.plist
[loaded] com.skype.skypeinstaller.plist
[loaded] com.sophos.common.servicemanager.plist
[loaded] jp.co.canon.MasterInstaller.plist
Launch Agents:
[not loaded] com.adobe.AAM.Updater-1.0.plist
[loaded] com.divx.dms.agent.plist
[loaded] com.divx.update.agent.plist
[loaded] com.micromat.TechToolProAgent.plist
[loaded] com.oracle.java.Java-Updater.plist
[loaded] com.sophos.uiserver.plist
User Launch Agents:
[loaded] com.adobe.AAM.Updater-1.0.plist
[loaded] com.adobe.ARM.[...].plist
[loaded] com.google.keystone.agent.plist
[failed] com.jdibackup.ZipCloud.autostart.plist
[loaded] com.jdibackup.ZipCloud.backupstart.plist
[failed] com.jdibackup.ZipCloud.notify.plist
[loaded] com.spigot.SearchProtection.plist
[loaded] com.valvesoftware.steamclean.plist
User Login Items:
AdobeResourceSynchronizer
CCC User Agent
Canon IJ Network Scanner Selector EX
3rd Party Preference Panes:
Flash Player
Flip4Mac WMV
Java
TechTool Protection
Internet Plug-ins::
OVSHelper: Version: 1.1
Default Browser: Version: 600 - SDK 10.10
Flip4Mac WMV Plugin: Version: 3.0.0.126 - SDK 10.8
AdobeAAMDetect: Version: AdobeAAMDetect 1.0.0.0 - SDK 10.6
FlashPlayer-10.6: Version: 17.0.0.188 - SDK 10.6
DivX Web Player: Version: 3.2.4.1250 - SDK 10.6
Silverlight: Version: 5.1.30514.0 - SDK 10.6
Flash Player: Version: 17.0.0.188 - SDK 10.6
QuickTime Plugin: Version: 7.7.3
iPhotoPhotocast: Version: 7.0 - SDK 10.8
SharePointBrowserPlugin: Version: 14.3.9 - SDK 10.6
EPPEX Plugin: Version: 10.0
JavaAppletPlugin: Version: Java 8 Update 31 Outdated! Update
User Internet Plug-ins::
WebEx64: Version: 1.0 - SDK 10.6
Bad Fonts:
None
Old applications:
Adobe AIR Application Installer: Version: 3.6 - SDK 10.6
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Adobe AIR Application Installer.app
Adobe AIR Application Installer: Version: 3.6 - SDK 10.6
/Applications/Utilities/Adobe AIR Application Installer.app
Adobe AIR Uninstaller: Version: 3.6 - SDK 10.6
/Applications/Utilities/Adobe AIR Uninstaller.app
Adobe AIR Updater: Version: 3.6 - SDK 10.6
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Adobe AIR Updater.app
Adobe Flash Player Install Manager: Version: 17.0.0.188 - SDK 10.6
/Applications/Utilities/Adobe Flash Player Install Manager.app
Amazing Slow Downer: Version: 3.4.4 - SDK 10.6
/Applications/Amazing Slow Downer/Amazing Slow Downer.app
Brother Scanner: Version: 2.3.1 - SDK 10.6
/Library/Image Capture/Devices/Brother Scanner.app
Brother Status Monitor: Version: 3.9.1 - SDK 10.6
/Library/Printers/Brother/Utilities/BrStatusMonitor.app
Canon IJ Network Scanner Selector EX: Version: 5.4.0 - SDK 10.6
/Applications/Canon Utilities/IJ Network Scanner Selector EX/Canon IJ Network Scanner Selector EX.app
Canon IJ Scan Utility: Version: 1.1.1 - SDK 10.6
/Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility.app
Canon IJ Scan Utility Opener: Version: 1.1.1 - SDK 10.6
/Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility Opener.app
Canon MX450 series: Version: 19.1.0 - SDK 10.6
/Library/Image Capture/TWAIN Data Sources/Canon MX450 series.ds
Canon MX450 series Network: Version: 19.1.0 - SDK 10.6
/Library/Image Capture/TWAIN Data Sources/Canon MX450 series Network.ds
CiGDownLoadAPP: Version: 1.0 - SDK 10.6
/Applications/Canon Utilities/My Image Garden/AddOn/CIG/CiGDownLoadAPP.app
Cisco WebEx Meeting Center: Version: 1406.17.2907.1 - SDK 10.6
/Users/koeningerk/Library/Application Support/WebEx Folder/1424/Meeting Center.app
Cisco WebEx Meeting Center: Version: 1207.26.2804.0 - SDK 10.5
/Users/koeningerk/Library/Application Support/WebEx Folder/1324/Meeting Center.app
DivX Converter: Version: 10.2.6 (Build 10.2.6.183) - SDK 10.6
/Applications/DivX Converter.app
DivX Player: Version: 10.2.6 (Build 11.3.4.80) - SDK 10.6
/Applications/DivX Player.app
DivX Preferences: Version: 1.0 - SDK 10.5
/Applications/DivX/DivX Preferences.app
DivXEngine: Version: 10.2.6 (Build 10.2.6.115) - SDK 10.6
/Library/Application Support/DivX/DivXEngine.app
DivXMediaServer: Version: 10.2.6 (Build 10.2.6.5) - SDK 10.6
/Library/Application Support/DivX/DivXMediaServer.app
DivXTransferWizard: Version: 10.2.0 (Build 10.2.2.262) - SDK 10.5
/Library/Application Support/DivX/DivXTransferWizard.app
DivXUpdate: Version: 1.0 - SDK 10.5
/Library/Application Support/DivX/DivXUpdate.app
EPIJAutoSetupTool2: Version: 9.11 - SDK 10.6
/Library/Printers/EPSON/InkjetPrinter2/AutoSetupTool/EPIJAutoSetupTool2.app
Epson Printer Utility 4: Version: 9.11 - SDK 10.5
/Library/Printers/EPSON/InkjetPrinter2/Utility/UT4/Epson Printer Utility 4.app
Epson Printer Utility Lite: Version: 9.11 - SDK 10.6
/Library/Printers/EPSON/InkjetPrinter2/Utility/UTL/Epson Printer Utility Lite.app
Gmail: Version: 41.0.2272.104 - SDK 10.6
/Users/koeningerk/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_pjkljhegncpnkpknbcohdijeoejaedia/Default pjkljhegncpnkpknbcohdijeoejaedia.app
Google Chrome: Version: 43.0.2357.65 - SDK 10.6
/Applications/Google Chrome.app
Google Search: Version: 41.0.2272.104 - SDK 10.6
/Users/koeningerk/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_coobgpohoikkiipiblmjeljniedjpjpf/Default coobgpohoikkiipiblmjeljniedjpjpf.app
Google Wallet: Version: 42.0.2311.152 - SDK 10.6
/Users/koeningerk/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_nmmhkkegccagdldgiimedpiccmgmieda/Default nmmhkkegccagdldgiimedpiccmgmieda.app
HPMessageCenterBridge: Version: 1.14.0 - SDK 10.6
/Library/Printers/hp/Utilities/HPPU Plugins/Message Center.task/Contents/Resources/HPMessageCenterBridge.app
Microsoft Alerts Daemon: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Alerts Daemon.app
Microsoft AutoUpdate: Version: 2.3.6 - SDK 10.4
/Library/Application Support/Microsoft/MAU2.0/Microsoft AutoUpdate.app
Microsoft Chart Converter: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Chart Converter.app
Microsoft Clip Gallery: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Clip Gallery.app
Microsoft Database Daemon: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Database Daemon.app
Microsoft Database Utility: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Database Utility.app
Microsoft Document Connection: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Microsoft Document Connection.app
Microsoft Error Reporting: Version: 2.2.9 - SDK 10.4
/Library/Application Support/Microsoft/MERP2.0/Microsoft Error Reporting.app
Microsoft Excel: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Microsoft Excel.app
Microsoft Graph: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Graph.app
Microsoft Language Register: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Additional Tools/Microsoft Language Register/Microsoft Language Register.app
Microsoft Office Reminders: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Office Reminders.app
Microsoft PowerPoint: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Microsoft PowerPoint.app
Microsoft Ship Asserts: Version: 1.1.4 - SDK 10.4
/Library/Application Support/Microsoft/MERP2.0/Microsoft Ship Asserts.app
Microsoft Upload Center: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Microsoft Upload Center.app
Microsoft Word: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Microsoft Word.app
My Day: Version: 14.3.4 - SDK 10.5
/Applications/Microsoft Office 2011/Office/My Day.app
My Image Garden: Version: 1.1.0 - SDK 10.6
/Applications/Canon Utilities/My Image Garden/My Image Garden.app
Office365Service: Version: 14.3.9 - SDK 10.6
/Applications/Microsoft Office 2011/Office/Office365Service.app
Open XML for Excel: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Open XML for Excel.app
Pages: Version: 4.3 - SDK 10.5
/Applications/iWork '09/Pages.app
SLLauncher: Version: 1.0 - SDK 10.5
/Library/Application Support/Microsoft/Silverlight/OutOfBrowser/SLLauncher.app
Skype 5.8.0: Version: 5.8.0.1027 - SDK 10.6
/Appsw/Skype 5.8.0.1027.app
Solver: Version: 1.0 - SDK 10.5
/Applications/Microsoft Office 2011/Office/Add-Ins/Solver.app
SyncServicesAgent: Version: 14.3.9 - SDK 10.5
/Applications/Microsoft Office 2011/Office/SyncServicesAgent.app
Taco HTML Edit: Version: 3.0.6 - SDK 10.6
/Applications/Taco HTML Edit/Taco HTML Edit.app
Template: Version: 3.6 - SDK 10.6
/Library/Frameworks/Adobe AIR.framework/Versions/1.0/Resources/Template.app
TuneUp: Version: 2.5.0.0 - SDK 10.6
/Applications/TuneUp.app
TuneUpHelper: Version: 2.4.0 - SDK 10.6
/Applications/TuneUp.app/Contents/Library/LoginItems/TuneUpHelper.app
VPN Tracker 6: Version: 6.4.6 - SDK 10.4
/Applications/VPN Tracker/VPN Tracker 6.app
Wondershare Helper Compact: Version: 2.3.3.1 - SDK 10.6
/Users/Shared/Helper/Wondershare Helper Compact.app
YouTube: Version: 40.0.2214.94 - SDK 10.6
/Users/koeningerk/Library/Application Support/Google/Chrome/Default/Web Applications/_crx_blpcfgokakmgnkcojhhkbfbldkacnbeo/Default blpcfgokakmgnkcojhhkbfbldkacnbeo.app
asannotation2: Version: 1308.22.2900.0 - SDK 10.6
/Users/koeningerk/Library/Application Support/WebEx Folder/1424/asannotation2.app
asannotation2: Version: 1206.25.2804.0 - SDK 10.5
/Users/koeningerk/Library/Application Support/WebEx Folder/1324/asannotation2.app
atmsupload: Version: 1309.03.2900.0 - SDK 10.6
/Users/koeningerk/Library/Application Support/WebEx Folder/1424/atmsupload.app
atmsupload: Version: 1206.21.2804.0 - SDK 10.5
/Users/koeningerk/Library/Application Support/WebEx Folder/1324/atmsupload.app
commandtoescp: Version: 9.11 - SDK 10.6
/Library/Printers/EPSON/InkjetPrinter2/Filter/commandtoescp.app
convertpdf: Version: 1.2 - SDK 10.6
/Users/koeningerk/Library/Application Support/WebEx Folder/1424/convertpdf.app
convertpdf: Version: 1.2 - SDK 10.5
/Users/koeningerk/Library/Application Support/WebEx Folder/1324/convertpdf.app
pdftopdf2: Version: 9.11 - SDK 10.6
/Library/Printers/EPSON/InkjetPrinter2/Filter/pdftopdf2.app
rastertoescpII: Version: 9.11 - SDK 10.6
/Library/Printers/EPSON/InkjetPrinter2/Filter/rastertoescpII.app
uFlysoft Data Recovery: Version: 1.0.7 - SDK 10.5
/Applications/Utilities/uFlysoft Data Recovery.app
Time Machine:
Skip System Files: NO
Mobile backups: ON
Auto backup: YES
Volumes being backed up:
Destinations:
TM 7 [Local]
Total size: 465.23 GB
Total number of backups: 86
Oldest backup: 2013-10-21 13:05:53 +0000
Last backup: 2015-05-14 02:32:59 +0000
Size of backup disk: Excellent
Backup size 465.23 GB > (Disk size 0 B X 3)
TM 1 [Local]
Total size: 279.05 GB
Total number of backups: 28
Oldest backup: 2014-07-04 03:47:58 +0000
Last backup: 2015-05-19 04:25:00 +0000
Size of backup disk: Excellent
Backup size 279.05 GB > (Disk size 0 B X 3)
TM 5 [Local]
Total size: 698.24 GB
Total number of backups: 60
Oldest backup: 2013-11-17 21:35:56 +0000
Last backup: 2015-04-24 18:29:59 +0000
Size of backup disk: Excellent
Backup size 698.24 GB > (Disk size 0 B X 3)
TM 10 [Local] (Last used)
Total size: 2
Total number of backups: 18
Oldest backup: 2015-05-19 08:33:07 +0000
Last backup: 2015-05-22 21:03:48 +0000
Size of backup disk: Excellent
Backup size 2 > (Disk size 0 B X 3)
Time Machine details may not be accurate.
All volumes being backed up may not be listed.
Top Processes by CPU:
6% WindowServer
4% EtreCheck
2% Microsoft Word
0% InterCheck
0% SophosUIServer
Top Processes by Memory:
180 MB Microsoft Word
180 MB InterCheck
176 MB SophosScanD
119 MB Finder
94 MB WindowServer
Virtual Memory Statistics:
230 MB Free RAM
1.39 GB Active RAM
1.30 GB Inactive RAM
816 MB Wired RAM
2.44 GB Page-ins
992 KB Page-outs
MacBook Pro (13-inch Late 2011), OS X Yosemite (10.10.3)
