Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Scanning Macbook for spyware and speeding it up...

Hi,

my MacBook has been crashing of late, and is running extremely slowly - could this be spyware and how do i get rid of it.


Thanks!

Posted on Mar 17, 2017 5:05 PM

Reply
12 replies

Mar 17, 2017 5:31 PM in response to Oceanis34

Thanks so much Oceanis! This is the report from EtreCheck - I dont understand what it means!

EtreCheck version: 3.1.5 (343)

Report generated 2017-03-18 13:28:00

Download EtreCheck from https://etrecheck.com

Runtime 1:58

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Remove] links to remove adware.

Click the [Check files] link for help with unknown files.


Problem: No problem - just checking


Hardware Information:

MacBook Pro (Retina, 15-inch, Late 2013)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro11,3

1 2.3 GHz Intel Core i7 (i7-4850HQ) CPU: 4-core

16 GB RAM Not upgradeable

BANK 0/DIMM0

8 GB DDR3 1600 MHz ok

BANK 1/DIMM0

8 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 430


Video Information:

Intel Iris Pro

Color LCD 2880 x 1800

NVIDIA GeForce GT 750M - VRAM: 2048 MB


System Software:

macOS Sierra 10.12.2 (16C67) - Time since boot: about 10 days


Disk Information:

APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)

[Show SMART report]

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / [Startup]: 499.06 GB (392.67 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 499.42 GB Online


USB Information:

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller

Microsoft Microsoft® 2.4GHz Transceiver v8.0


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Adware:

/Library/LaunchDaemons/com.chinanta.net-preferences.plist

/Library/LaunchDaemons/com.electroengrave.net-preferences.plist

/Library/LaunchDaemons/com.pleasingUpd.plist

/Library/LaunchDaemons/com.uschiwarkin.plist

~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

6 adware files found. [Remove]


Unknown Files:

/Library/LaunchAgents/com.lost.smoke.plist

/Library/.smoke/Refog.app/Contents/Resources/smoke.app/Contents/MacOS/smoke

/Library/LaunchDaemons/com.Dicaeidae.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.Malabar.plist

/Library/LaunchDaemons/com.Terfezia.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.actiniohematin.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.anammonid.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.anteroexternal.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.apple.panur.plist

/Library/LaunchDaemons/com.apple.rothl.plist

/Library/rothl

/Library/LaunchDaemons/com.azogreen.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.bunchy.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.cardionecrosis.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.catoptrically.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.ceder.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.chaffingly.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.coctoantigen.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.copulate.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.dexiotropism.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.gradus.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.hamperman.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.lost.installer.plist

/Library/PrivilegedHelperTools/com.lost.installer

/Library/LaunchDaemons/com.makroskelic.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.montjoy.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.munity.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.noduled.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.overconsciousness.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.palaver.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.semimystic.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.spathic.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.supertoleration.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.thermistor.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.total.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.transection.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.turbanette.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.unbenetted.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.unciform.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.unflawed.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.unilluminating.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.unpreened.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.unvariableness.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.vhpiqhgqrlbk.plist

/Library/LaunchDaemons/com.welder.service.plist

/etc/run_app.sh

/Library/LaunchDaemons/com.zibetone.service.plist

/etc/run_app.sh

~/Library/Safari/Extensions/Search Engine.safariextz

44 unknown files found. [Check files]


Kernel Extensions:

/Library/Extensions

[loaded] com.sophos.kext.oas (9.6.51 - SDK 10.11 - 2017-03-18) [Support]

[loaded] com.sophos.nke.swi (9.6.51 - SDK 10.11 - 2017-03-18) [Support]


Startup Items:

MobileBrServ: Path: /Library/StartupItems/MobileBrServ

Startup items no longer function in OS X Yosemite or later


System Launch Agents:

[not loaded] 7 Apple tasks

[loaded] 175 Apple tasks

[running] 98 Apple tasks


System Launch Daemons:

[not loaded] 42 Apple tasks

[loaded] 159 Apple tasks

[running] 110 Apple tasks


Launch Agents:

[running] com.lost.smoke.plist (2017-02-02) [Support]

[running] com.sophos.uiserver.plist (2017-03-18) [Support]


Launch Daemons:

[running] com.Dicaeidae.service.plist (2016-11-23) [Support]

[not loaded] com.Malabar.plist (2016-12-07) [Support]

[running] com.Terfezia.service.plist (2016-11-23) [Support]

[running] com.actiniohematin.service.plist (2016-11-23) [Support]

[loaded] com.adobe.fpsaud.plist (2017-03-01) [Support]

[running] com.anammonid.service.plist (2016-11-23) [Support]

[running] com.anteroexternal.service.plist (2016-11-23) [Support]

[not loaded] com.apple.panur.plist (2016-10-09) [Support]

[running] com.apple.rothl.plist (2016-11-25) [Support]

[running] com.azogreen.service.plist (2016-11-23) [Support]

[running] com.bunchy.service.plist (2016-11-23) [Support]

[running] com.cardionecrosis.service.plist (2016-11-23) [Support]

[running] com.catoptrically.service.plist (2016-11-23) [Support]

[running] com.ceder.service.plist (2016-11-23) [Support]

[running] com.chaffingly.service.plist (2016-11-23) [Support]

[loaded] com.chinanta.net-preferences.plist (2016-02-10) Adware! [Remove]

/etc/change_net_settings.sh

[running] com.coctoantigen.service.plist (2016-11-23) [Support]

[running] com.copulate.service.plist (2016-11-23) [Support]

[running] com.dexiotropism.service.plist (2016-11-23) [Support]

[loaded] com.electroengrave.net-preferences.plist (2016-02-10) Adware! [Remove]

/etc/change_net_settings.sh

[running] com.gradus.service.plist (2016-11-23) [Support]

[running] com.hamperman.service.plist (2016-11-23) [Support]

[loaded] com.lost.installer.plist (2017-02-02) [Support]

[running] com.makroskelic.service.plist (2016-11-23) [Support]

[loaded] com.microsoft.office.licensing.helper.plist (2015-01-16) [Support]

[running] com.montjoy.service.plist (2016-11-23) [Support]

[running] com.munity.service.plist (2016-11-23) [Support]

[running] com.noduled.service.plist (2016-11-23) [Support]

[running] com.overconsciousness.service.plist (2016-11-23) [Support]

[running] com.palaver.service.plist (2016-11-23) [Support]

[not loaded] com.pleasingUpd.plist (2015-11-01) Adware! [Remove]

/etc/run_upd.sh

[loaded] com.securemac.MacScanDaemon.plist (2016-12-28) [Support]

[running] com.semimystic.service.plist (2016-11-23) [Support]

[running] com.sophos.common.servicemanager.plist (2017-03-18) [Support]

[running] com.spathic.service.plist (2016-11-23) [Support]

[running] com.supertoleration.service.plist (2016-11-23) [Support]

[running] com.thermistor.service.plist (2016-11-23) [Support]

[running] com.total.service.plist (2016-11-23) [Support]

[running] com.transection.service.plist (2016-11-23) [Support]

[running] com.turbanette.service.plist (2016-11-23) [Support]

[running] com.unbenetted.service.plist (2016-11-23) [Support]

[running] com.unciform.service.plist (2016-11-23) [Support]

[running] com.unflawed.service.plist (2016-11-23) [Support]

[running] com.unilluminating.service.plist (2016-11-23) [Support]

[running] com.unpreened.service.plist (2016-11-23) [Support]

[running] com.unvariableness.service.plist (2016-11-23) [Support]

[not loaded] com.uschiwarkin.plist (2016-05-11) Adware! [Remove]

[not loaded] com.vhpiqhgqrlbk.plist (2016-11-25) [Support]

[running] com.welder.service.plist (2016-11-23) [Support]

[running] com.zibetone.service.plist (2016-11-23) [Support]


User Launch Agents:

[loaded] com.google.keystone.agent.plist (2017-01-14) [Support]

[loaded] com.jdibackup.ZipCloud.autostart.plist (2017-03-18) Adware! [Remove]

/usr/bin/open

[loaded] com.jdibackup.ZipCloud.notify.plist (2017-03-18) Adware! [Remove]

/usr/bin/open

[running] com.spotify.webhelper.plist (2017-03-18) [Support]


User Login Items:

iTunesHelper Application (2017-01-21)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Spotify Application Hidden

(/Applications/Spotify.app)

Flickr Uploadr Application

(/Applications/Flickr Uploadr.app)


Internet Plug-ins:

FlashPlayer-10.6: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]

QuickTime Plugin: 7.7.3 (2017-01-21)

Flash Player: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]

SharePointBrowserPlugin: 14.6.0 - SDK 10.6 (2016-02-12) [Support]


Safari Extensions:

Search Engine (2015-07-29)


3rd Party Preference Panes:

Flash Player (2017-03-01) [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

22% SophosScanD

6% WindowServer

5% SophosScanAgent

5% launchservicesd

5% lsd(2)


Top Processes by Memory:

2.26 GB com.apple.WebKit.WebContent(17)

1.51 GB kernel_task

442 MB SophosScanD

360 MB WindowServer

262 MB osascript(6)


Virtual Memory Information:

7.07 GB Available RAM

56 MB Free RAM

8.93 GB Used RAM

7.01 GB Cached files

164 MB Swap Used


Diagnostics Information:

Mar 18, 2017, 12:56:29 PM /Library/Logs/DiagnosticReports/WindowServer_2017-03-18-125629_[redacted].crash

/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/Windo wServer

Mar 17, 2017 5:41 PM in response to aatknsn

Wow, there's a lot of junk there. Please use the "Remove" function within Etrecheck to get rid of the Adware you have installed on your computer. After removal, restart the computer, check for improved performance and run a new Etrecheck test.



Adware:

/Library/LaunchDaemons/com.chinanta.net-preferences.plist

/Library/LaunchDaemons/com.electroengrave.net-preferences.plist

/Library/LaunchDaemons/com.pleasingUpd.plist

/Library/LaunchDaemons/com.uschiwarkin.plist

~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

6 adware files found. [Remove]

Mar 18, 2017 3:53 PM in response to aatknsn

I ran Etrecheck again - this is the result - hopefully its more favourable (apologies for my naivety - this stuff is all foreign to me!) Thanks for all the replies so far, so helpful! I so appreciate it!

EtreCheck version: 3.1.5 (343)

Report generated 2017-03-19 11:50:24

Download EtreCheck from https://etrecheck.com

Runtime 2:41

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.

Click the [Check files] link for help with unknown files.


Problem: No problem - just checking


Hardware Information:

MacBook Pro (Retina, 15-inch, Late 2013)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro11,3

1 2.3 GHz Intel Core i7 (i7-4850HQ) CPU: 4-core

16 GB RAM Not upgradeable

BANK 0/DIMM0

8 GB DDR3 1600 MHz ok

BANK 1/DIMM0

8 GB DDR3 1600 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 430


Video Information:

Intel Iris Pro

Color LCD 2880 x 1800

NVIDIA GeForce GT 750M - VRAM: 2048 MB


System Software:

macOS Sierra 10.12.2 (16C67) - Time since boot: less than an hour


Disk Information:

APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)

[Show SMART report]

EFI (disk0s1) <not mounted> : 210 MB

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB

Macintosh HD (disk1) / [Startup]: 499.06 GB (394.00 GB free)

Encrypted AES-XTS Unlocked

Core Storage: disk0s2 499.42 GB Online


USB Information:

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller

Microsoft Microsoft® 2.4GHz Transceiver v8.0


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Unknown Files:

~/Library/Caches/com.apple.Safari/Extensions/Search Engine.safariextension

One unknown file found. [Check files]


Kernel Extensions:

/Library/Extensions

[loaded] com.sophos.kext.oas (9.6.51 - SDK 10.11 - 2017-03-18) [Support]

[loaded] com.sophos.nke.swi (9.6.51 - SDK 10.11 - 2017-03-18) [Support]


Startup Items:

MobileBrServ: Path: /Library/StartupItems/MobileBrServ

Startup items no longer function in OS X Yosemite or later


System Launch Agents:

[not loaded] 7 Apple tasks

[loaded] 184 Apple tasks

[running] 89 Apple tasks


System Launch Daemons:

[not loaded] 42 Apple tasks

[loaded] 168 Apple tasks

[running] 101 Apple tasks


Launch Agents:

[running] com.sophos.uiserver.plist (2017-03-18) [Support]


Launch Daemons:

[loaded] com.adobe.fpsaud.plist (2017-03-01) [Support]

[running] com.malwarebytes.HelperTool.plist (2017-03-19) [Support]

[loaded] com.microsoft.office.licensing.helper.plist (2015-01-16) [Support]

[loaded] com.securemac.MacScanDaemon.plist (2016-12-28) [Support]

[running] com.sophos.common.servicemanager.plist (2017-03-18) [Support]


User Launch Agents:

[loaded] com.google.keystone.agent.plist (2017-01-14) [Support]

[running] com.spotify.webhelper.plist (2017-03-19) [Support]


User Login Items:

iTunesHelper Application (2017-01-21)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)

Spotify Application Hidden

(/Applications/Spotify.app)

Flickr Uploadr Application

(/Applications/Flickr Uploadr.app)


Internet Plug-ins:

FlashPlayer-10.6: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]

QuickTime Plugin: 7.7.3 (2017-01-21)

Flash Player: 25.0.0.127 - SDK 10.9 (2017-03-15) [Support]

SharePointBrowserPlugin: 14.6.0 - SDK 10.6 (2016-02-12) [Support]


Safari Extensions:

None


3rd Party Preference Panes:

Flash Player (2017-03-01) [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

10% kernel_task

9% WindowServer

4% com.apple.WebKit.WebContent(7)

2% fontd

0% nsurlstoraged(2)


Top Processes by Memory:

1.17 GB com.apple.WebKit.WebContent(7)

1.04 GB kernel_task

492 MB SophosScanD

393 MB Finder

393 MB mdworker(15)


Virtual Memory Information:

9.61 GB Available RAM

4.08 GB Free RAM

6.39 GB Used RAM

5.53 GB Cached files

0 B Swap Used


Diagnostics Information:

Mar 19, 2017, 11:37:39 AM Self test - passed

Mar 18, 2017, 03:16:07 PM /Library/Logs/DiagnosticReports/launchservicesd_2017-03-18-151607_[redacted].cr ash

/System/Library/CoreServices/launchservicesd

Mar 18, 2017, 03:15:55 PM ~/Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2017-03-18-151555_ [redacted].crash

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.We bKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

Mar 18, 2017, 02:26:44 PM /Library/Logs/DiagnosticReports/SophosScanD_2017-03-18-142644_[redacted].crash

/Library/Sophos Anti-Virus/SophosScanD.app/Contents/MacOS/SophosScanD

Mar 18, 2017, 02:05:24 PM /Library/Logs/DiagnosticReports/SophosScanD_2017-03-18-140524_[redacted].cpu_re source.diag [Details]

Mar 18, 2017, 12:56:29 PM /Library/Logs/DiagnosticReports/WindowServer_2017-03-18-125629_[redacted].crash

/System/Library/PrivateFrameworks/SkyLight.framework/Versions/A/Resources/Windo wServer


Files deleted by EtreCheck:

Mar 18, 2017, 01:48:57 PM - ~/Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

Mar 18, 2017, 01:48:57 PM - ~/Library/LaunchAgents/com.jdibackup.ZipCloud.notify.plist

Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.chinanta.net-preferences.plist

Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.electroengrave.net-preferences.plist

Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.pleasingUpd.plist

Mar 18, 2017, 01:49:11 PM - /Library/LaunchDaemons/com.uschiwarkin.plist

Scanning Macbook for spyware and speeding it up...

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.