Scanning Macbook for spyware and speeding it up...
Hi,
my MacBook has been crashing of late, and is running extremely slowly - could this be spyware and how do i get rid of it.
Thanks!
Hi,
my MacBook has been crashing of late, and is running extremely slowly - could this be spyware and how do i get rid of it.
Thanks!
Thanks so much Oceanis! This is the report from EtreCheck - I dont understand what it means!
EtreCheck version: 3.1.5 (343)
Report generated 2017-03-18 13:28:00
Download EtreCheck from https://etrecheck.com
Runtime 1:58
Performance: Excellent
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Remove] links to remove adware.
Click the [Check files] link for help with unknown files.
Problem: No problem - just checking
Hardware Information:ⓘ
MacBook Pro (Retina, 15-inch, Late 2013)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro11,3
1 2.3 GHz Intel Core i7 (i7-4850HQ) CPU: 4-core
16 GB RAM Not upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 430
Video Information:ⓘ
Intel Iris Pro
Color LCD 2880 x 1800
NVIDIA GeForce GT 750M - VRAM: 2048 MB
System Software:ⓘ
macOS Sierra 10.12.2 (16C67) - Time since boot: about 10 days
Disk Information:ⓘ
APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / [Startup]: 499.06 GB (392.67 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 499.42 GB Online
USB Information:ⓘ
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Microsoft Microsoft® 2.4GHz Transceiver v8.0
Thunderbolt Information:ⓘ
Apple Inc. thunderbolt_bus
Gatekeeper:ⓘ
Mac App Store and identified developers
Adware:ⓘ
/Library/LaunchDaemons/com.chinanta.net-preferences.plist
/Library/LaunchDaemons/com.electroengrave.net-preferences.plist
/Library/LaunchDaemons/com.pleasingUpd.plist
/Library/LaunchDaemons/com.uschiwarkin.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist
6 adware files found. [Remove]
Unknown Files:ⓘ
/Library/LaunchAgents/com.lost.smoke.plist
/Library/.smoke/Refog.app/Contents/Resources/smoke.app/Contents/MacOS/smoke
/Library/LaunchDaemons/com.Dicaeidae.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.Malabar.plist
/Library/LaunchDaemons/com.Terfezia.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.actiniohematin.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.anammonid.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.anteroexternal.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.apple.panur.plist
/Library/LaunchDaemons/com.apple.rothl.plist
/Library/rothl
/Library/LaunchDaemons/com.azogreen.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.bunchy.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.cardionecrosis.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.catoptrically.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.ceder.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.chaffingly.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.coctoantigen.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.copulate.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.dexiotropism.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.gradus.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.hamperman.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.lost.installer.plist
/Library/PrivilegedHelperTools/com.lost.installer
/Library/LaunchDaemons/com.makroskelic.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.montjoy.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.munity.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.noduled.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.overconsciousness.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.palaver.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.semimystic.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.spathic.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.supertoleration.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.thermistor.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.total.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.transection.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.turbanette.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.unbenetted.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.unciform.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.unflawed.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.unilluminating.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.unpreened.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.unvariableness.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.vhpiqhgqrlbk.plist
/Library/LaunchDaemons/com.welder.service.plist
/etc/run_app.sh
/Library/LaunchDaemons/com.zibetone.service.plist
/etc/run_app.sh
~/Library/Safari/Extensions/Search Engine.safariextz
44 unknown files found. [Check files]
Kernel Extensions:ⓘ
/Library/Extensions
[loaded] com.sophos.kext.oas (9.6.51 - SDK 10.11 - 2017-03-18) [Support]
[loaded] com.sophos.nke.swi (9.6.51 - SDK 10.11 - 2017-03-18) [Support]
Startup Items:ⓘ
MobileBrServ: Path: /Library/StartupItems/MobileBrServ
Startup items no longer function in OS X Yosemite or later
System Launch Agents:ⓘ
[not loaded] 7 Apple tasks
[loaded] 175 Apple tasks
[running] 98 Apple tasks
System Launch Daemons:ⓘ
[not loaded] 42 Apple tasks
[loaded] 159 Apple tasks
[running] 110 Apple tasks
Launch Agents:ⓘ
[running] com.lost.smoke.plist (2017-02-02) [Support]
[running] com.sophos.uiserver.plist (2017-03-18) [Support]
Launch Daemons:ⓘ
[running] com.Dicaeidae.service.plist (2016-11-23) [Support]
[not loaded] com.Malabar.plist (2016-12-07) [Support]
[running] com.Terfezia.service.plist (2016-11-23) [Support]
[running] com.actiniohematin.service.plist (2016-11-23) [Support]
[loaded] com.adobe.fpsaud.plist (2017-03-01) [Support]
[running] com.anammonid.service.plist (2016-11-23) [Support]
[running] com.anteroexternal.service.plist (2016-11-23) [Support]
[not loaded] com.apple.panur.plist (2016-10-09) [Support]
[running] com.apple.rothl.plist (2016-11-25) [Support]
[running] com.azogreen.service.plist (2016-11-23) [Support]
[running] com.bunchy.service.plist (2016-11-23) [Support]
[running] com.cardionecrosis.service.plist (2016-11-23) [Support]
[running] com.catoptrically.service.plist (2016-11-23) [Support]
[running] com.ceder.service.plist (2016-11-23) [Support]
[running] com.chaffingly.service.plist (2016-11-23) [Support]
[loaded] com.chinanta.net-preferences.plist (2016-02-10) Adware! [Remove]
/etc/change_net_settings.sh
[running] com.coctoantigen.service.plist (2016-11-23) [Support]
[running] com.copulate.service.plist (2016-11-23) [Support]
[running] com.dexiotropism.service.plist (2016-11-23) [Support]
[loaded] com.electroengrave.net-preferences.plist (2016-02-10) Adware! [Remove]
/etc/change_net_settings.sh
[running] com.gradus.service.plist (2016-11-23) [Support]
[running] com.hamperman.service.plist (2016-11-23) [Support]
[loaded] com.lost.installer.plist (2017-02-02) [Support]
[running] com.makroskelic.service.plist (2016-11-23) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2015-01-16) [Support]
[running] com.montjoy.service.plist (2016-11-23) [Support]
[running] com.munity.service.plist (2016-11-23) [Support]
[running] com.noduled.service.plist (2016-11-23) [Support]
[running] com.overconsciousness.service.plist (2016-11-23) [Support]
[running] com.palaver.service.plist (2016-11-23) [Support]
[not loaded] com.pleasingUpd.plist (2015-11-01) Adware! [Remove]
/etc/run_upd.sh
[loaded] com.securemac.MacScanDaemon.plist (2016-12-28) [Support]
[running] com.semimystic.service.plist (2016-11-23) [Support]
[running] com.sophos.common.servicemanager.plist (2017-03-18) [Support]
[running] com.spathic.service.plist (2016-11-23) [Support]
[running] com.supertoleration.service.plist (2016-11-23) [Support]
[running] com.thermistor.service.plist (2016-11-23) [Support]
[running] com.total.service.plist (2016-11-23) [Support]
[running] com.transection.service.plist (2016-11-23) [Support]
[running] com.turbanette.service.plist (2016-11-23) [Support]
[running] com.unbenetted.service.plist (2016-11-23) [Support]
[running] com.unciform.service.plist (2016-11-23) [Support]
[running] com.unflawed.service.plist (2016-11-23) [Support]
[running] com.unilluminating.service.plist (2016-11-23) [Support]
[running] com.unpreened.service.plist (2016-11-23) [Support]
[running] com.unvariableness.service.plist (2016-11-23) [Support]
[not loaded] com.uschiwarkin.plist (2016-05-11) Adware! [Remove]
[not loaded] com.vhpiqhgqrlbk.plist (2016-11-25) [Support]
[running] com.welder.service.plist (2016-11-23) [Support]
[running] com.zibetone.service.plist (2016-11-23) [Support]
User Launch Agents:ⓘ
[loaded] com.google.keystone.agent.plist (2017-01-14) [Support]
[loaded] com.jdibackup.ZipCloud.autostart.plist (2017-03-18) Adware! [Remove]
/usr/bin/open
[loaded] com.jdibackup.ZipCloud.notify.plist (2017-03-18) Adware! [Remove]
/usr/bin/open
[running] com.spotify.webhelper.plist (2017-03-18) [Support]
User Login Items:ⓘ
iTunesHelper Application (2017-01-21)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Spotify Application Hidden
(/Applications/Spotify.app)
Flickr Uploadr Application
(/Applications/Flickr Uploadr.app)
Internet Plug-ins:ⓘ
FlashPlayer-10.6: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]
QuickTime Plugin: 7.7.3 (2017-01-21)
Flash Player: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]
SharePointBrowserPlugin: 14.6.0 - SDK 10.6 (2016-02-12) [Support]
Safari Extensions:ⓘ
Search Engine (2015-07-29)
3rd Party Preference Panes:ⓘ
Flash Player (2017-03-01) [Support]
Time Machine:ⓘ
Time Machine not configured!
Top Processes by CPU:ⓘ
22% SophosScanD
6% WindowServer
5% SophosScanAgent
5% launchservicesd
5% lsd(2)
Top Processes by Memory:ⓘ
2.26 GB com.apple.WebKit.WebContent(17)
1.51 GB kernel_task
442 MB SophosScanD
360 MB WindowServer
262 MB osascript(6)
Virtual Memory Information:ⓘ
7.07 GB Available RAM
56 MB Free RAM
8.93 GB Used RAM
7.01 GB Cached files
164 MB Swap Used
Diagnostics Information:ⓘ
Mar 18, 2017, 12:56:29 PM /Library/Logs/DiagnosticReports/WindowServer_2017-03-18-125629_[redacted].crash
/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/Windo wServer
Wow, there's a lot of junk there. Please use the "Remove" function within Etrecheck to get rid of the Adware you have installed on your computer. After removal, restart the computer, check for improved performance and run a new Etrecheck test.
/Library/LaunchDaemons/com.chinanta.net-preferences.plist
/Library/LaunchDaemons/com.electroengrave.net-preferences.plist
/Library/LaunchDaemons/com.pleasingUpd.plist
/Library/LaunchDaemons/com.uschiwarkin.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist
6 adware files found. [Remove]
I ran Etrecheck again - this is the result - hopefully its more favourable (apologies for my naivety - this stuff is all foreign to me!) Thanks for all the replies so far, so helpful! I so appreciate it!
EtreCheck version: 3.1.5 (343)
Report generated 2017-03-19 11:50:24
Download EtreCheck from https://etrecheck.com
Runtime 2:41
Performance: Excellent
Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Check files] link for help with unknown files.
Problem: No problem - just checking
Hardware Information:ⓘ
MacBook Pro (Retina, 15-inch, Late 2013)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro11,3
1 2.3 GHz Intel Core i7 (i7-4850HQ) CPU: 4-core
16 GB RAM Not upgradeable
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 430
Video Information:ⓘ
Intel Iris Pro
Color LCD 2880 x 1800
NVIDIA GeForce GT 750M - VRAM: 2048 MB
System Software:ⓘ
macOS Sierra 10.12.2 (16C67) - Time since boot: less than an hour
Disk Information:ⓘ
APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1) <not mounted> : 210 MB
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1) / [Startup]: 499.06 GB (394.00 GB free)
Encrypted AES-XTS Unlocked
Core Storage: disk0s2 499.42 GB Online
USB Information:ⓘ
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Microsoft Microsoft® 2.4GHz Transceiver v8.0
Thunderbolt Information:ⓘ
Apple Inc. thunderbolt_bus
Gatekeeper:ⓘ
Mac App Store and identified developers
Unknown Files:ⓘ
~/Library/Caches/com.apple.Safari/Extensions/Search Engine.safariextension
One unknown file found. [Check files]
Kernel Extensions:ⓘ
/Library/Extensions
[loaded] com.sophos.kext.oas (9.6.51 - SDK 10.11 - 2017-03-18) [Support]
[loaded] com.sophos.nke.swi (9.6.51 - SDK 10.11 - 2017-03-18) [Support]
Startup Items:ⓘ
MobileBrServ: Path: /Library/StartupItems/MobileBrServ
Startup items no longer function in OS X Yosemite or later
System Launch Agents:ⓘ
[not loaded] 7 Apple tasks
[loaded] 184 Apple tasks
[running] 89 Apple tasks
System Launch Daemons:ⓘ
[not loaded] 42 Apple tasks
[loaded] 168 Apple tasks
[running] 101 Apple tasks
Launch Agents:ⓘ
[running] com.sophos.uiserver.plist (2017-03-18) [Support]
Launch Daemons:ⓘ
[loaded] com.adobe.fpsaud.plist (2017-03-01) [Support]
[running] com.malwarebytes.HelperTool.plist (2017-03-19) [Support]
[loaded] com.microsoft.office.licensing.helper.plist (2015-01-16) [Support]
[loaded] com.securemac.MacScanDaemon.plist (2016-12-28) [Support]
[running] com.sophos.common.servicemanager.plist (2017-03-18) [Support]
User Launch Agents:ⓘ
[loaded] com.google.keystone.agent.plist (2017-01-14) [Support]
[running] com.spotify.webhelper.plist (2017-03-19) [Support]
User Login Items:ⓘ
iTunesHelper Application (2017-01-21)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Spotify Application Hidden
(/Applications/Spotify.app)
Flickr Uploadr Application
(/Applications/Flickr Uploadr.app)
Internet Plug-ins:ⓘ
FlashPlayer-10.6: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]
QuickTime Plugin: 7.7.3 (2017-01-21)
Flash Player: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]
SharePointBrowserPlugin: 14.6.0 - SDK 10.6 (2016-02-12) [Support]
Safari Extensions:ⓘ
None
3rd Party Preference Panes:ⓘ
Flash Player (2017-03-01) [Support]
Time Machine:ⓘ
Time Machine not configured!
Top Processes by CPU:ⓘ
10% kernel_task
9% WindowServer
4% com.apple.WebKit.WebContent(7)
2% fontd
0% nsurlstoraged(2)
Top Processes by Memory:ⓘ
1.17 GB com.apple.WebKit.WebContent(7)
1.04 GB kernel_task
492 MB SophosScanD
393 MB Finder
393 MB mdworker(15)
Virtual Memory Information:ⓘ
9.61 GB Available RAM
4.08 GB Free RAM
6.39 GB Used RAM
5.53 GB Cached files
0 B Swap Used
Diagnostics Information:ⓘ
Mar 19, 2017, 11:37:39 AM Self test - passed
Mar 18, 2017, 03:16:07 PM /Library/Logs/DiagnosticReports/launchservicesd_2017-03-18-151607_[redacted].cr ash
/System/Library/CoreServices/launchservicesd
Mar 18, 2017, 03:15:55 PM ~/Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2017-03-18-151555_ [redacted].crash
/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.We bKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent
Mar 18, 2017, 02:26:44 PM /Library/Logs/DiagnosticReports/SophosScanD_2017-03-18-142644_[redacted].crash
/Library/Sophos Anti-Virus/SophosScanD.app/Contents/MacOS/SophosScanD
Mar 18, 2017, 02:05:24 PM /Library/Logs/DiagnosticReports/SophosScanD_2017-03-18-140524_[redacted].cpu_re source.diag [Details]
Mar 18, 2017, 12:56:29 PM /Library/Logs/DiagnosticReports/WindowServer_2017-03-18-125629_[redacted].crash
/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/Windo wServer
Files deleted by EtreCheck:ⓘ
Mar 18, 2017, 01:48:57 PM - ~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist
Mar 18, 2017, 01:48:57 PM - ~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist
Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.chinanta.net-preferences.plist
Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.electroengrave.net-preferences.plist
Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.pleasingUpd.plist
Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.uschiwarkin.plist
You have a lot of apps running in the background.
Do you need all those?
Look at what's running.
Suggestion - again, this is only a suggestion as it's something I would do for my own MacBook.
There are times that I will back up my Macbook and do a clean install.
download and run EtreCheck and post your report https://etrecheck.com/#about
scan your macbook with Malwarebytes https://www.malwarebytes.com/
Im currently running Sophos - shall I run these in addition to?
I've used Sophos before, while it's a good anti virus program, the newer version slows down your macbook.
Uninstall it and use malwarebytes.
I dont know I have apps running!
Thanks Stedman!
You've got a very bad VSearch infection. Scan with Malwarebytes to remove it.
Note that this has happened despite having Sophos installed. 😐
Now uninstall Sophos.
Thanks!
Scanning Macbook for spyware and speeding it up...