Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: GJG61
GJG61 Author
User level: Level 1
8 points

Browser hijack malware issue

My Mac Book Pro got infected with a browser after I clicked on a fake Flash update. (Fooled. Really stupid of me).


The symptom was that Bing suddenly became my browser.


Used a trial of Bitdefender that found the malware and removed it. It listed the name of the malware, but I didn't write it down. It was geno-something.

I also used Malwarebytes anti malware trial and it found some code and fixed it.


I checked in the thermal using commands suggested in the community here for the Flashback malware and it shows that it is clean.
I changed all of my passwords. I updated Java.


All checks show that it is now removed.


What damage could it have done I wonder? Do I need to worry?

Posted on Feb 5, 2016 11:17 AM

Reply
Question marked as Best reply
User profile for user: KimUserName
KimUserName
User level: Level 4
1,900 points

Posted on Feb 6, 2016 3:00 PM

Hi Gjg61:


Try downloading and installing EtreCheck and post the results. http://etrecheck.com/

This will allow us to see if all the adware had been removed.

You will also probably want to remove the BitDefender Antivirus. It will make you computer run very slow.

See the following link about stoping adware. Stop pop-up ads and adware in Safari - Apple Support

View in context
14 replies
Question marked as Best reply
User profile for user: KimUserName
KimUserName
User level: Level 4
1,900 points

Feb 6, 2016 3:00 PM in response to GJG61

Hi Gjg61:


Try downloading and installing EtreCheck and post the results. http://etrecheck.com/

This will allow us to see if all the adware had been removed.

You will also probably want to remove the BitDefender Antivirus. It will make you computer run very slow.

See the following link about stoping adware. Stop pop-up ads and adware in Safari - Apple Support

Reply
User profile for user: GJG61
GJG61 Author
User level: Level 1
8 points

Feb 5, 2016 1:47 PM in response to KimUserName

OK, I uninstalled BitDefender.

EtreCheck version: 2.9.3 (253)

Report generated 2016-02-05 13:38:11

Download EtreCheck from http://etrecheck.com

Runtime 1:44

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Check files] link for help with unknown files.


Problem: Other problem

Description:

What Malware was removed? Is it removed?


Hardware Information:

MacBook Pro (Retina, 13-inch, Late 2012)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro10,2

1 2.5 GHz Intel Core i5 CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1600 MHz ok

BANK 1/DIMM0

4 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 557 - SN = C01320100AGF956AU


Video Information:

Intel HD Graphics 4000

Color LCD 2560 x 1600


System Software:

OS X El Capitan 10.11.3 (15D21) - Time since boot: about 2 hours


Disk Information:

APPLE SSD SD128E disk0 : (121.33 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / : 120.12 GB (68.90 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 120.47 GB Online


USB Information:

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Unknown Files:

/Library/LaunchDaemons/com.macpaw.CleanMyMac2.Agent.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.scheduledScan.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.plist

4 unknown files found. [Check files]


System Launch Agents:

[loaded] 158 Apple tasks

[running] 79 Apple tasks


System Launch Daemons:

[failed] com.apple.mrt.plist [Details]

[loaded] 203 Apple tasks

[running] 85 Apple tasks


Launch Agents:

[running] com.bitdefender.antivirusformac.plist [Support]

[running] com.epson.eventmanager.agent.plist [Support]

[loaded] com.google.keystone.agent.plist [Support]

[loaded] com.oracle.java.Java-Updater.plist [Support]


Launch Daemons:

[loaded] com.adobe.fpsaud.plist [Support]

[loaded] com.bitdefender.AuthHelperTool.plist [Support]

[running] com.bitdefender.agent.plist [Support]

[loaded] com.bitdefender.upgrade.plist [Support]

[loaded] com.google.keystone.daemon.plist [Support]

[loaded] com.macpaw.CleanMyMac2.Agent.plist [Support]

[loaded] com.malwarebytes.MBAMHelperTool.plist [Support]

[loaded] com.microsoft.office.licensing.helper.plist [Support]

[loaded] com.oracle.java.Helper-Tool.plist [Support]


User Launch Agents:

[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.scheduledScan.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.trashWatcher.plist [Support]


User Login Items:

PhotoSync Application (/Applications/PhotoSync.app)

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

SpeechSynthesisServer Application (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks /SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app)

Copy Application (/Applications/Copy.app)

Dropbox Application (/Applications/Dropbox.app)

Google Drive Application (/Applications/Google Drive.app)

Notes Application (/Applications/Notes.app)

Mac Clean Plus UNKNOWN (missing value)


Other Apps:

[running] com.apple.xpc.launchd.oneshot.0x10000001.Google Chrome

[running] com.apple.xpc.launchd.oneshot.0x10000004.Microsoft Word

[running] com.apple.xpc.launchd.oneshot.0x10000005.firefox

[running] com.apple.xpc.launchd.oneshot.0x10000006.PhotoSync

[running] com.apple.xpc.launchd.oneshot.0x10000009.Microsoft Excel

[running] com.apple.xpc.launchd.oneshot.0x10000014.EtreCheck

[running] com.apple.xpc.launchd.oneshot.0x10000015.BitdefenderforMacUninstaller

[running] com.bitdefender.CoreIssues

[running] com.bitdefender.Daemon

[running] com.bitdefender.UpdDaemon

[running] com.copy.agent.87392

[running] com.getdropbox.dropbox.47072

[running] com.google.GoogleDrive.48032

[failed] com.intego.commonservices.uninstaller

[running] com.microsoft.autoupdate.fba.85792

[loaded] com.touchbyte.mac.PhotoSync.64032


Internet Plug-ins:

FlashPlayer-10.6: Version: 20.0.0.286 - SDK 10.6 [Support]

QuickTime Plugin: Version: 7.7.3

Flash Player: Version: 20.0.0.286 - SDK 10.6 [Support]

Default Browser: Version: 601 - SDK 10.11

o1dbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

SharePointBrowserPlugin: Version: 14.6.0 - SDK 10.6 [Support]

googletalkbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

Silverlight: Version: 5.1.41212.0 - SDK 10.6 [Support]

JavaAppletPlugin: Version: Java 8 Update 71 build 15 Check version


User internet Plug-ins:

CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Support]

Picasa: Version: 1.0 - SDK 10.6 [Support]

Google Earth Web Plug-in: Version: 7.1 [Support]


Safari Extensions:

TrafficLight

Ka-Block!

Reload Button

Ghostery

Pins Extension

Terms of Service

Pin It Button

DuckDuckGo

Facebook Cleaner

1-ClickWeather

AdBlock

Adblock Plus

Wipr

WOT

YoutubeWide

QCLean

ClickToFlash

Incognito


3rd Party Preference Panes:

Flash Player [Support]

Java [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

55% mds

30% mdworker(8)

14% kernel_task

2% WindowServer

2% fontd


Top Processes by Memory:

1.28 GB Google Chrome Helper(7)

794 MB kernel_task

680 MB Safari

516 MB com.apple.WebKit.WebContent(2)

262 MB BDLDaemon


Virtual Memory Information:

179 MB Free RAM

7.82 GB Used RAM (1.47 GB Cached)

28 MB Swap Used


Diagnostics Information:

Feb 5, 2016, 11:21:56 AM Self test - passed

Feb 4, 2016, 10:23:40 PM /Library/Logs/DiagnosticReports/firefox_2016-02-04-222340_[redacted].cpu_resour ce.diag [Details]

/Applications/Firefox.app/Contents/MacOS/firefox

Feb 4, 2016, 09:59:07 PM ~/Library/Logs/DiagnosticReports/Safari_2016-02-04-215907_[redacted].crash

com.apple.Safari - /Applications/Safari.app/Contents/MacOS/Safari

Feb 4, 2016, 09:53:53 PM ~/Library/Logs/DiagnosticReports/Safari_2016-02-04-215353_[redacted].crash

Feb 4, 2016, 10:01:25 AM /Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-02-04-100125_[ redacted].cpu_resource.diag [Details]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.We bKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

Feb 4, 2016, 09:23:23 AM ~/Library/Logs/DiagnosticReports/suggestd_2016-02-04-092323_[redacted].crash

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/ suggestd

Feb 3, 2016, 08:07:09 PM ~/Library/Logs/DiagnosticReports/FinderSyncAPIExtension_2016-02-03-200709_[reda cted].crash

com.google.GoogleDrive.FinderSyncAPIExtension - /Applications/Google Drive.app/Contents/PlugIns/FinderSyncAPIExtension.appex/Contents/MacOS/FinderSy ncAPIExtension

Feb 2, 2016, 10:16:33 PM ~/Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-02-02-221633_ [redacted].crash

Feb 2, 2016, 10:11:52 PM /Library/Logs/DiagnosticReports/BDLDaemon_2016-02-02-221152_[redacted].cpu_reso urce.diag [Details]

/Library/Bitdefender/*/antivirus.bundle/BDLDaemon

Feb 2, 2016, 06:50:21 PM /Library/Logs/DiagnosticReports/Safari_2016-02-02-185021_[redacted].cpu_resourc e.diag [Details]

Reply
User profile for user: GJG61
GJG61 Author
User level: Level 1
8 points

Feb 5, 2016 1:50 PM in response to GJG61

EtreCheck version: 2.9.3 (253)

Report generated 2016-02-05 13:38:11

Download EtreCheck from http://etrecheck.com

Runtime 1:44

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Check files] link for help with unknown files.


Problem: Other problem

Description:

What Malware was removed? Is it removed?


Hardware Information:

MacBook Pro (Retina, 13-inch, Late 2012)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro10,2

1 2.5 GHz Intel Core i5 CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1600 MHz ok

BANK 1/DIMM0

4 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 557 - SN = C01320100AGF956AU


Video Information:

Intel HD Graphics 4000

Color LCD 2560 x 1600


System Software:

OS X El Capitan 10.11.3 (15D21) - Time since boot: about 2 hours


Disk Information:

APPLE SSD SD128E disk0 : (121.33 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / : 120.12 GB (68.90 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 120.47 GB Online


USB Information:

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Unknown Files:

/Library/LaunchDaemons/com.macpaw.CleanMyMac2.Agent.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.scheduledScan.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.plist

4 unknown files found. [Check files]


System Launch Agents:

[loaded] 158 Apple tasks

[running] 79 Apple tasks


System Launch Daemons:

[failed] com.apple.mrt.plist [Details]

[loaded] 203 Apple tasks

[running] 85 Apple tasks


Launch Agents:

[running] com.bitdefender.antivirusformac.plist [Support]

[running] com.epson.eventmanager.agent.plist [Support]

[loaded] com.google.keystone.agent.plist [Support]

[loaded] com.oracle.java.Java-Updater.plist [Support]


Launch Daemons:

[loaded] com.adobe.fpsaud.plist [Support]

[loaded] com.bitdefender.AuthHelperTool.plist [Support]

[running] com.bitdefender.agent.plist [Support]

[loaded] com.bitdefender.upgrade.plist [Support]

[loaded] com.google.keystone.daemon.plist [Support]

[loaded] com.macpaw.CleanMyMac2.Agent.plist [Support]

[loaded] com.malwarebytes.MBAMHelperTool.plist [Support]

[loaded] com.microsoft.office.licensing.helper.plist [Support]

[loaded] com.oracle.java.Helper-Tool.plist [Support]


User Launch Agents:

[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.scheduledScan.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.trashWatcher.plist [Support]


User Login Items:

PhotoSync Application (/Applications/PhotoSync.app)

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

SpeechSynthesisServer Application (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks /SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app)

Copy Application (/Applications/Copy.app)

Dropbox Application (/Applications/Dropbox.app)

Google Drive Application (/Applications/Google Drive.app)

Notes Application (/Applications/Notes.app)

Mac Clean Plus UNKNOWN (missing value)


Other Apps:

[running] com.apple.xpc.launchd.oneshot.0x10000001.Google Chrome

[running] com.apple.xpc.launchd.oneshot.0x10000004.Microsoft Word

[running] com.apple.xpc.launchd.oneshot.0x10000005.firefox

[running] com.apple.xpc.launchd.oneshot.0x10000006.PhotoSync

[running] com.apple.xpc.launchd.oneshot.0x10000009.Microsoft Excel

[running] com.apple.xpc.launchd.oneshot.0x10000014.EtreCheck

[running] com.apple.xpc.launchd.oneshot.0x10000015.BitdefenderforMacUninstaller

[running] com.bitdefender.CoreIssues

[running] com.bitdefender.Daemon

[running] com.bitdefender.UpdDaemon

[running] com.copy.agent.87392

[running] com.getdropbox.dropbox.47072

[running] com.google.GoogleDrive.48032

[failed] com.intego.commonservices.uninstaller

[running] com.microsoft.autoupdate.fba.85792

[loaded] com.touchbyte.mac.PhotoSync.64032


Internet Plug-ins:

FlashPlayer-10.6: Version: 20.0.0.286 - SDK 10.6 [Support]

QuickTime Plugin: Version: 7.7.3

Flash Player: Version: 20.0.0.286 - SDK 10.6 [Support]

Default Browser: Version: 601 - SDK 10.11

o1dbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

SharePointBrowserPlugin: Version: 14.6.0 - SDK 10.6 [Support]

googletalkbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

Silverlight: Version: 5.1.41212.0 - SDK 10.6 [Support]

JavaAppletPlugin: Version: Java 8 Update 71 build 15 Check version


User internet Plug-ins:

CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Support]

Picasa: Version: 1.0 - SDK 10.6 [Support]

Google Earth Web Plug-in: Version: 7.1 [Support]


Safari Extensions:

TrafficLight

Ka-Block!

Reload Button

Ghostery

Pins Extension

Terms of Service

Pin It Button

DuckDuckGo

Facebook Cleaner

1-ClickWeather

AdBlock

Adblock Plus

Wipr

WOT

YoutubeWide

QCLean

ClickToFlash

Incognito


3rd Party Preference Panes:

Flash Player [Support]

Java [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

55% mds

30% mdworker(8)

14% kernel_task

2% WindowServer

2% fontd


Top Processes by Memory:

1.28 GB Google Chrome Helper(7)

794 MB kernel_task

680 MB Safari

516 MB com.apple.WebKit.WebContent(2)

262 MB BDLDaemon


Virtual Memory Information:

179 MB Free RAM

7.82 GB Used RAM (1.47 GB Cached)

28 MB Swap Used


Diagnostics Information:

Feb 5, 2016, 11:21:56 AM Self test - passed

Feb 4, 2016, 10:23:40 PM /Library/Logs/DiagnosticReports/firefox_2016-02-04-222340_[redacted].cpu_resour ce.diag [Details]

/Applications/Firefox.app/Contents/MacOS/firefox

Feb 4, 2016, 09:59:07 PM ~/Library/Logs/DiagnosticReports/Safari_2016-02-04-215907_[redacted].crash

com.apple.Safari - /Applications/Safari.app/Contents/MacOS/Safari

Feb 4, 2016, 09:53:53 PM ~/Library/Logs/DiagnosticReports/Safari_2016-02-04-215353_[redacted].crash

Feb 4, 2016, 10:01:25 AM /Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-02-04-100125_[ redacted].cpu_resource.diag [Details]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.We bKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

Feb 4, 2016, 09:23:23 AM ~/Library/Logs/DiagnosticReports/suggestd_2016-02-04-092323_[redacted].crash

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/ suggestd

Feb 3, 2016, 08:07:09 PM ~/Library/Logs/DiagnosticReports/FinderSyncAPIExtension_2016-02-03-200709_[reda cted].crash

com.google.GoogleDrive.FinderSyncAPIExtension - /Applications/Google Drive.app/Contents/PlugIns/FinderSyncAPIExtension.appex/Contents/MacOS/FinderSy ncAPIExtension

Feb 2, 2016, 10:16:33 PM ~/Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-02-02-221633_ [redacted].crash

Feb 2, 2016, 10:11:52 PM /Library/Logs/DiagnosticReports/BDLDaemon_2016-02-02-221152_[redacted].cpu_reso urce.diag [Details]

/Library/Bitdefender/*/antivirus.bundle/BDLDaemon

Feb 2, 2016, 06:50:21 PM /Library/Logs/DiagnosticReports/Safari_2016-02-02-185021_[redacted].cpu_resourc e.diag [Details]

Reply
User profile for user: GJG61
GJG61 Author
User level: Level 1
8 points

Feb 5, 2016 1:59 PM in response to GJG61

EtreCheck version: 2.9.3 (253)

Report generated 2016-02-05 13:38:11

Download EtreCheck from http://etrecheck.com

Runtime 1:44

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Check files] link for help with unknown files.


Problem: Other problem

Description:

What Malware was removed? Is it removed?


Hardware Information:

MacBook Pro (Retina, 13-inch, Late 2012)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro10,2

1 2.5 GHz Intel Core i5 CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1600 MHz ok

BANK 1/DIMM0

4 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 557 - SN = C01320100AGF956AU


Video Information:

Intel HD Graphics 4000

Color LCD 2560 x 1600


System Software:

OS X El Capitan 10.11.3 (15D21) - Time since boot: about 2 hours


Disk Information:

APPLE SSD SD128E disk0 : (121.33 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / : 120.12 GB (68.90 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 120.47 GB Online


USB Information:

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Unknown Files:

/Library/LaunchDaemons/com.macpaw.CleanMyMac2.Agent.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.scheduledScan.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.plist

4 unknown files found. [Check files]


System Launch Agents:

[loaded] 158 Apple tasks

[running] 79 Apple tasks


System Launch Daemons:

[failed] com.apple.mrt.plist [Details]

[loaded] 203 Apple tasks

[running] 85 Apple tasks


Launch Agents:

[running] com.bitdefender.antivirusformac.plist [Support]

[running] com.epson.eventmanager.agent.plist [Support]

[loaded] com.google.keystone.agent.plist [Support]

[loaded] com.oracle.java.Java-Updater.plist [Support]


Launch Daemons:

[loaded] com.adobe.fpsaud.plist [Support]

[loaded] com.bitdefender.AuthHelperTool.plist [Support]

[running] com.bitdefender.agent.plist [Support]

[loaded] com.bitdefender.upgrade.plist [Support]

[loaded] com.google.keystone.daemon.plist [Support]

[loaded] com.macpaw.CleanMyMac2.Agent.plist [Support]

[loaded] com.malwarebytes.MBAMHelperTool.plist [Support]

[loaded] com.microsoft.office.licensing.helper.plist [Support]

[loaded] com.oracle.java.Helper-Tool.plist [Support]


User Launch Agents:

[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.scheduledScan.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.trashWatcher.plist [Support]


User Login Items:

PhotoSync Application (/Applications/PhotoSync.app)

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

SpeechSynthesisServer Application (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks /SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app)

Copy Application (/Applications/Copy.app)

Dropbox Application (/Applications/Dropbox.app)

Google Drive Application (/Applications/Google Drive.app)

Notes Application (/Applications/Notes.app)

Mac Clean Plus UNKNOWN (missing value)


Other Apps:

[running] com.apple.xpc.launchd.oneshot.0x10000001.Google Chrome

[running] com.apple.xpc.launchd.oneshot.0x10000004.Microsoft Word

[running] com.apple.xpc.launchd.oneshot.0x10000005.firefox

[running] com.apple.xpc.launchd.oneshot.0x10000006.PhotoSync

[running] com.apple.xpc.launchd.oneshot.0x10000009.Microsoft Excel

[running] com.apple.xpc.launchd.oneshot.0x10000014.EtreCheck

[running] com.apple.xpc.launchd.oneshot.0x10000015.BitdefenderforMacUninstaller

[running] com.bitdefender.CoreIssues

[running] com.bitdefender.Daemon

[running] com.bitdefender.UpdDaemon

[running] com.copy.agent.87392

[running] com.getdropbox.dropbox.47072

[running] com.google.GoogleDrive.48032

[failed] com.intego.commonservices.uninstaller

[running] com.microsoft.autoupdate.fba.85792

[loaded] com.touchbyte.mac.PhotoSync.64032


Internet Plug-ins:

FlashPlayer-10.6: Version: 20.0.0.286 - SDK 10.6 [Support]

QuickTime Plugin: Version: 7.7.3

Flash Player: Version: 20.0.0.286 - SDK 10.6 [Support]

Default Browser: Version: 601 - SDK 10.11

o1dbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

SharePointBrowserPlugin: Version: 14.6.0 - SDK 10.6 [Support]

googletalkbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

Silverlight: Version: 5.1.41212.0 - SDK 10.6 [Support]

JavaAppletPlugin: Version: Java 8 Update 71 build 15 Check version


User internet Plug-ins:

CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Support]

Picasa: Version: 1.0 - SDK 10.6 [Support]

Google Earth Web Plug-in: Version: 7.1 [Support]


Safari Extensions:

TrafficLight

Ka-Block!

Reload Button

Ghostery

Pins Extension

Terms of Service

Pin It Button

DuckDuckGo

Facebook Cleaner

1-ClickWeather

AdBlock

Adblock Plus

Wipr

WOT

YoutubeWide

QCLean

ClickToFlash

Incognito


3rd Party Preference Panes:

Flash Player [Support]

Java [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

55% mds

30% mdworker(8)

14% kernel_task

2% WindowServer

2% fontd


Top Processes by Memory:

1.28 GB Google Chrome Helper(7)

794 MB kernel_task

680 MB Safari

516 MB com.apple.WebKit.WebContent(2)

262 MB BDLDaemon


Virtual Memory Information:

179 MB Free RAM

7.82 GB Used RAM (1.47 GB Cached)

28 MB Swap Used


Diagnostics Information:

Feb 5, 2016, 11:21:56 AM Self test - passed

Feb 4, 2016, 10:23:40 PM /Library/Logs/DiagnosticReports/firefox_2016-02-04-222340_[redacted].cpu_resour ce.diag [Details]

/Applications/Firefox.app/Contents/MacOS/firefox

Feb 4, 2016, 09:59:07 PM ~/Library/Logs/DiagnosticReports/Safari_2016-02-04-215907_[redacted].crash

com.apple.Safari - /Applications/Safari.app/Contents/MacOS/Safari

Feb 4, 2016, 09:53:53 PM ~/Library/Logs/DiagnosticReports/Safari_2016-02-04-215353_[redacted].crash

Feb 4, 2016, 10:01:25 AM /Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-02-04-100125_[ redacted].cpu_resource.diag [Details]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.We bKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

Feb 4, 2016, 09:23:23 AM ~/Library/Logs/DiagnosticReports/suggestd_2016-02-04-092323_[redacted].crash

/System/Library/PrivateFrameworks/CoreSuggestions.framework/Versions/A/Support/ suggestd

Feb 3, 2016, 08:07:09 PM ~/Library/Logs/DiagnosticReports/FinderSyncAPIExtension_2016-02-03-200709_[reda cted].crash

com.google.GoogleDrive.FinderSyncAPIExtension - /Applications/Google Drive.app/Contents/PlugIns/FinderSyncAPIExtension.appex/Contents/MacOS/FinderSy ncAPIExtension

Feb 2, 2016, 10:16:33 PM ~/Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2016-02-02-221633_ [redacted].crash

Feb 2, 2016, 10:11:52 PM /Library/Logs/DiagnosticReports/BDLDaemon_2016-02-02-221152_[redacted].cpu_reso urce.diag [Details]

/Library/Bitdefender/*/antivirus.bundle/BDLDaemon

Feb 2, 2016, 06:50:21 PM /Library/Logs/DiagnosticReports/Safari_2016-02-02-185021_[redacted].cpu_resourc e.diag [Details]

Reply
User profile for user: Allan Eckert
Allan Eckert
User level: Level 9
79,512 points

Feb 5, 2016 2:05 PM in response to GJG61

Posting three copies of the report is rather silly.


Uninstall MacKeeper. It is a known cause of system problems to have MacKeeper installed on a Mac.


Uninstall CleanMyMac2. It is as bad as MacKeeper about corrupting Mac disk drive.


Once you get all of the garbage off of your Mac, run EtreCheck again. This time only post a single cope of the report.

Reply
User profile for user: GJG61
GJG61 Author
User level: Level 1
8 points

Feb 5, 2016 2:13 PM in response to KimUserName

Sorry, I posted this three times by mistake.


Do you see a problem?


1. I searched for CleanMyMac2 in applications but couldn't find it. I clicked on the EtreCheck for these files and checked them as adware and submitted it.


2. I never installed Go to Meetings I don't think.


3. In my Terminal it shows BitDefender is still there, but I uninstalled it.


4. Also, in Terminal it shows "MRTA agent is not responding"


5. I installed another anti Malware program called Intego, but just uninstalled it.

Reply
User profile for user: Allan Eckert
Allan Eckert
User level: Level 9
79,512 points

Feb 5, 2016 6:48 PM in response to GJG61

None of that software is any good for you Mac.


Since the ErteCheck report show that bit and pieces of that software are still on you Mac, you are either not uninstalling them correctly or the disk drive in you Mac is so corrupt that the uninstall procedures are unable to find everything.


It is very likely that the only way you can clean up this mess is to reformat the disk drive and reinstall everything except for MacKeeper, CleanMyMac2, BitDefender.


The first thing you will need to do before starting that is to back everything up.

Reply
User profile for user: Allan Eckert
Allan Eckert
User level: Level 9
79,512 points

Feb 5, 2016 2:33 PM in response to GJG61

Yes, that is correct. You need an external disk drive for backup. Make sure the new disk is formatted as HFS+ and partition mapping go GUID.


You can make the backup to the external disk drive either by enabling Time Machine to do it or by using either CCC or SuperDuper to create a clone. In your case I would us Time Machine since it allies your disk is corrupt now with all the questionable third party software you have been using on it.

Reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,547 points

Feb 5, 2016 3:08 PM in response to GJG61

The reason why you have this kind of problem is that you are downloading any software that anyone tells you to, without researching it first and without regard to whether you need it or not. Please stop doing that, or there will be worse trouble to come.You don't need any software to remove adware, nor do you need any software to tell you whether you have adware.If you don't see ads, you don't have adware.

Reply
User profile for user: GJG61
GJG61 Author
User level: Level 1
8 points

Feb 6, 2016 3:13 PM in response to Allan Eckert

Thanks everyone. I backed up my drive, erased the old one and reinstalled.

But, the problem code is still there from my saved data.


Is there a way to delete it manually?


Here is the new EtreCheck.

EtreCheck version: 2.9.3 (253)

Report generated 2016-02-06 15:07:56

Download EtreCheck from http://etrecheck.com

Runtime 1:46

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Check files] link for help with unknown files.


Problem: No problem - just checking


Hardware Information:

MacBook Pro (Retina, 13-inch, Late 2012)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro10,2

1 2.5 GHz Intel Core i5 CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1600 MHz ok

BANK 1/DIMM0

4 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 558 - SN = C01320100AGF956AU


Video Information:

Intel HD Graphics 4000

Color LCD 2560 x 1600


System Software:

OS X El Capitan 10.11.3 (15D21) - Time since boot: about one hour


Disk Information:

APPLE SSD SD128E disk0 : (121.33 GB) (Solid State - TRIM: Yes)

EFI (disk0s1) <not mounted> : 210 MB

Macintosh HD (disk0s2) / : 120.47 GB (79.38 GB free)

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB


USB Information:

Apple Inc. FaceTime HD Camera (Built-in)

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller

Seagate BUP Slim Mac SL 1 TB

EFI (disk1s1) <not mounted> : 210 MB

Seagate Backup Plus Drive (disk1s2) /Volumes/Seagate Backup Plus Drive : 499.93 GB (460.32 GB free)

Macintosh HD (disk1s3) /Volumes/Macintosh HD 1 : 499.80 GB (499.28 GB free)


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Unknown Files:

/Library/LaunchDaemons/com.macpaw.CleanMyMac2.Agent.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.scheduledScan.plist

~/Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.plist

4 unknown files found. [Check files]


System Launch Agents:

[loaded] 162 Apple tasks

[running] 75 Apple tasks


System Launch Daemons:

[failed] com.apple.mrt.plist [Details]

[loaded] 195 Apple tasks

[running] 93 Apple tasks


Launch Agents:

[running] com.epson.eventmanager.agent.plist [Support]

[loaded] com.google.keystone.agent.plist [Support]

[loaded] com.oracle.java.Java-Updater.plist [Support]


Launch Daemons:

[loaded] com.adobe.fpsaud.plist [Support]

[running] com.bitdefender.agent.plist [Support]

[loaded] com.google.keystone.daemon.plist [Support]

[loaded] com.macpaw.CleanMyMac2.Agent.plist [Support]

[loaded] com.malwarebytes.MBAMHelperTool.plist [Support]

[loaded] com.microsoft.office.licensing.helper.plist [Support]

[loaded] com.oracle.java.Helper-Tool.plist [Support]


User Launch Agents:

[loaded] com.citrixonline.GoToMeeting.G2MUpdate.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.scheduledScan.plist [Support]

[loaded] com.macpaw.CleanMyMac2Helper.trashWatcher.plist [Support]


User Login Items:

PhotoSync Application (/Applications/PhotoSync.app)

iTunesHelper Application (/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

SpeechSynthesisServer Application (/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks /SpeechSynthesis.framework/Versions/A/SpeechSynthesisServer.app)

Copy Application (/Applications/Copy.app)

Dropbox Application (/Applications/Dropbox.app)

Google Drive Application (/Applications/Google Drive.app)

Notes Application (/Applications/Notes.app)

Mac Clean Plus UNKNOWN (missing value)


Other Apps:

[running] com.apple.xpc.launchd.oneshot.0x10000002.Microsoft Word

[running] com.apple.xpc.launchd.oneshot.0x10000003.Google Chrome

[running] com.apple.xpc.launchd.oneshot.0x10000007.EtreCheck

[running] com.apple.xpc.launchd.oneshot.0x1000000b.PhotoSync

[running] com.apple.xpc.launchd.oneshot.0x1000000c.Microsoft Excel

[running] com.copy.agent.87392

[running] com.google.GoogleDrive.48032

[running] com.microsoft.autoupdate.fba.85792

[loaded] com.touchbyte.mac.PhotoSync.64032


Internet Plug-ins:

FlashPlayer-10.6: Version: 20.0.0.286 - SDK 10.6 [Support]

QuickTime Plugin: Version: 7.7.3

Flash Player: Version: 20.0.0.286 - SDK 10.6 [Support]

Default Browser: Version: 601 - SDK 10.11

o1dbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

SharePointBrowserPlugin: Version: 14.6.0 - SDK 10.6 [Support]

googletalkbrowserplugin: Version: 5.41.3.0 - SDK 10.8 [Support]

Silverlight: Version: 5.1.41212.0 - SDK 10.6 [Support]

JavaAppletPlugin: Version: Java 8 Update 71 build 15 Check version


User internet Plug-ins:

CitrixOnlineWebDeploymentPlugin: Version: 1.0.105 [Support]

Picasa: Version: 1.0 - SDK 10.6 [Support]

Google Earth Web Plug-in: Version: 7.1 [Support]


Safari Extensions:

TrafficLight

Ka-Block!

Reload Button

Ghostery

Pins Extension

Terms of Service

Pin It Button

DuckDuckGo

Facebook Cleaner

1-ClickWeather

AdBlock

Adblock Plus

Wipr

WOT

YoutubeWide

QCLean

ClickToFlash

Incognito


3rd Party Preference Panes:

Flash Player [Support]

Java [Support]


Time Machine:

Auto backup: YES

Volumes being backed up:

Macintosh HD: Disk size: 120.47 GB Disk used: 41.10 GB

Destinations:

Seagate Backup Plus Drive [Local]

Total size: 499.93 GB

Total number of backups: 4

Oldest backup: 2/5/16, 9:23 PM

Last backup: 2/6/16, 3:05 PM

Size of backup disk: Excellent

Backup size 499.93 GB > (Disk size 120.47 GB X 3)


Top Processes by CPU:

6% WindowServer

2% kernel_task

2% fontd

1% MRT

0% Dock


Top Processes by Memory:

866 MB kernel_task

680 MB com.apple.WebKit.WebContent(3)

418 MB Safari

238 MB Google Chrome Helper(4)

139 MB mds_stores


Virtual Memory Information:

650 MB Free RAM

7.36 GB Used RAM (1.62 GB Cached)

190 MB Swap Used


Diagnostics Information:

Feb 6, 2016, 02:59:29 PM /Library/Logs/DiagnosticReports/backupd_2016-02-06-145929_[redacted].cpu_resour ce.diag [Details]

/System/Library/CoreServices/backupd.bundle/Contents/Resources/backupd

Feb 6, 2016, 01:31:49 PM Self test - passed

Reply
User profile for user: GJG61
GJG61 Author
User level: Level 1
8 points

Feb 6, 2016 3:19 PM in response to GJG61

Looks like my computer is exactly the same as before the restore.


I backed up data on an external hard drive. I erased the computer, then reinstalled OX. Then restored my data from the back up disk.


What did I do wrong?


In terminal the MRTA Agent is still hanging.


The problematic "CLeanMyMac" code is still there. I deleted the program as soon as I saw that it was automatically installed by the fake "flash update". But, the code is still there.


Suggestion?

Reply

Browser hijack malware issue

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up