I'm worried I have a form of adware or malware on my MacBook Pro. It seems specific to Tumblr only. I'll be on my dash and it will reroute me to an ad or tell me to update my flash from a shady site. And now it won't let me sign in at all. Anyone else having this issue? Tumblr help desk is no help at all.
MacBook Pro with Retina display, OS X El Capitan (10.11.6)
I have the same problem, please have a look and advise:
For a few weeks I have been getting new tabs opening in my web browsers (safari and chrome) that mainly deal with MacKeeper and Adobe, but have recently changed to other random ad ware type items. I have attempted to follow a few of the procedures to remove them but have not been success full. I have just run a scan using EtreCheck, results posted below. Your assistance would be very helpful thank you.
EtreCheck version: 3.4 (420)
Report generated 2017-07-16 14:06:08
Download EtreCheck from https://etrecheck.com
Runtime: 3:16
Performance: Good
Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.
Problem: Other problem
Hardware Information:ⓘ
iMac (27-inch, Late 2013)
[Technical Specifications] - [User Guide] - [Warranty & Service]
iMac - model: iMac14,2
1 3.4 GHz Intel Core i5 (i5-4670) CPU: 4-core
32 GB RAM Upgradeable - [Instructions]
BANK 0/DIMM0
8 GB DDR3 1600 MHz ok
BANK 1/DIMM0
8 GB DDR3 1600 MHz ok
BANK 0/DIMM1
8 GB DDR3 1600 MHz ok
BANK 1/DIMM1
8 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en1: 802.11 a/b/g/n/ac
Video Information:ⓘ
NVIDIA GeForce GTX 775M - VRAM: 2048 MB
iMac 2560 x 1440
DELL P2714H 1920 x 1080 @ 60 Hz
Disk Information:ⓘ
APPLE HDD WD10EZES-40UFAA0 disk0: (1 TB) (Rotational)
[Show SMART report]
(disk0s1) <not mounted> [EFI]: 210 MB
Macintosh HD (disk0s2 - Journaled HFS+) / [Startup]: 874.00 GB (302.99 GB free)
(disk0s3) <not mounted> [Recovery]: 650 MB
BOOTCAMP (disk0s4 - NTFS) /Volumes/BOOTCAMP : 125.34 GB (27.44 GB free)
USB Information:ⓘ
USB30Bus 3 TB
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller
Apple Inc. FaceTime HD Camera (Built-in)
GenesysLogic USB2.0 Hub 3 TB
SanDisk Cruzer Edge 15.6 GB
SanDisk Cruzer Edge 15.6 GB
Seagate Backup+ Desk 3 TB
C-Media Electronics Inc. USB Audio Device
Razer Razer BlackWidow Ultimate 2016
Razer Razer Taipan
Thunderbolt Information:ⓘ
Apple Inc. thunderbolt_bus
Virtual disks:ⓘ
TEMP DRIVE (disk1s1 - MS-DOS FAT32) /Volumes/TEMP DRIVE : 15.59 GB (15.57 GB free)
Physical disk: Cruzer Edge 15.59 GB (15.57 GB free)
WININSTALL (disk2s1 - MS-DOS FAT32) /Volumes/WININSTALL : 15.58 GB (8.38 GB free)
Physical disk: Cruzer Edge 15.58 GB (8.38 GB free)
Thurston1 (disk3s2 - Journaled HFS+) /Volumes/Thurston1 : 3.00 TB (797.31 GB free)
Physical disk: Backup+ Desk 3.00 TB (797.31 GB free)
System Software:ⓘ
OS X El Capitan 10.11.6 (15G1510) - Time since boot: less than an hour
Gatekeeper:ⓘ
Mac App Store and identified developers
Possible adware:ⓘ
Unknown file: /Library/LaunchAgents/com.substrate.plist
Unknown file: /Library/LaunchDaemons/com.lOHXveTf.plist
Unknown file: ~/Library/LaunchAgents/com.aperiodic.plist
/Library/aperiodic/aperiodic
3 possible adware files found. [Remove/Report]
Kernel Extensions:ⓘ
/Library/Extensions
[loaded] com.Cycling74.driver.Soundflower (2.0b2 - SDK 10.10) [Lookup]
[not loaded] com.FTDI.driver.D2XXHelper (1.0 - SDK 10.12) [Lookup]
[loaded] com.razer.common.razerhid (19.64 - SDK 10.9) [Lookup]
[not loaded] com.wacom.kext.wacomtablet (Wacom Tablet 6.3.22-1 - SDK 10.12) [Lookup]
/System/Library/Extensions
[not loaded] com.fitbit.galileo.FitbitUSBCable (1.0 - SDK 10.11) [Lookup]
System Launch Agents:ⓘ
[not loaded] 6 Apple tasks
[loaded] 152 Apple tasks
[running] 81 Apple tasks
System Launch Daemons:ⓘ
[not loaded] 45 Apple tasks
[loaded] 156 Apple tasks
[running] 90 Apple tasks
Launch Agents:ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2017-06-15) [Lookup]
[running] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2017-06-15) [Lookup]
[loaded] com.oracle.java.Java-Updater.plist (? 36cf6a36 be93c7fb - installed 2017-06-06) [Lookup]
[running] com.razer.rzupdater.plist (? 2bbe2bd1 5a20ea81 - installed 2017-07-15) [Lookup]
[running] com.razerzone.rzdeviceengine.plist (? 516e794c f5b6c269 - installed 2017-07-15) [Lookup]
[not loaded] com.substrate.plist (? 0 ? - installed 2017-06-19) [Lookup]
[running] com.wacom.wacomtablet.plist (Wacom Technology Corp. - installed 2017-06-15) [Lookup]
[loaded] org.macosforge.xquartz.startx.plist (Apple Inc. - XQuartz - installed 2014-08-11) [Lookup]
Launch Daemons:ⓘ
[running] com.adobe.adobeupdatedaemon.plist (Adobe Systems, Inc. - installed 2017-06-15) [Lookup]
[running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2017-06-15) [Lookup]
[loaded] com.adobe.fpsaud.plist (? 2afb3af7 18a4fa69 - installed 2017-06-23) [Lookup]
[loaded] com.ea.origin.ESHelper.plist (Electronic Arts Inc. - installed 2015-06-05) [Lookup]
[running] com.fitbit.galileod.plist (Fitbit, Inc. - installed 2017-03-23) [Lookup]
[not loaded] com.lOHXveTf.plist (? 0 ? - installed 2017-06-15) [Lookup]
[loaded] com.oracle.java.Helper-Tool.plist (Shell Script e3fefdd2 - installed 2017-03-15) [Lookup]
[loaded] com.skype.skypeinstaller.plist (Skype - installed 2014-07-04) [Lookup]
[running] com.wacom.TabletHelper.plist (Wacom Technology Corp. - installed 2017-06-15) [Lookup]
[loaded] com.wacom.displayhelper.plist (Apple, Inc. - installed 2017-05-12)
[loaded] org.macosforge.xquartz.privileged_startx.plist (Apple Inc. - XQuartz - installed 2014-08-11) [Lookup]
User Launch Agents:ⓘ
[running] com.aperiodic.plist (? 877ec988 b342a111 - installed 2017-06-20) [Lookup]
[running] com.charter.vgconnect.plist (Shell Script df48564b - installed 2016-01-13)
[loaded] com.charter.vgconnect.uninstall.plist (Shell Script 95c8213c - installed 2016-01-13)
[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-07-13) [Lookup]
[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-03-28) [Lookup]
[loaded] com.skype.skype.shareagent.plist (Skype Communications S.a.r.l - installed 2017-07-16) [Lookup]
User Login Items:ⓘ
iTunesHelper Application - Hidden (Apple, Inc. - installed 2017-06-06)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Dropbox Application - Hidden
(/Applications/Dropbox.app)
Canon IJ Network Scanner Selector EX Application - Hidden
(/Applications/Canon Utilities/IJ Network Scanner Selector EX/Canon IJ Network Scanner Selector EX.app)
CrossOver CD Helper Application
(/Applications/CrossOver.app/Contents/Resources/CrossOver CD Helper.app)
Fitbit Connect Menubar Helper Application (? 0 - installed 2017-06-06)
(/Applications/Fitbit Connect.app/Contents/MacOS/Fitbit Connect Menubar Helper.app)
1Password Helper URL SMLoginItem - Hidden (Apple, Inc. - installed 2017-06-06)
(/Applications/1Password.app/Contents/Library/LoginItems/2BUA8C4S2C.com.agilebi ts.onepassword-osx-helper.app)
Internet Plug-ins:ⓘ
AdobeAAMDetect: 3.0.0.0 (installed 2017-06-15) [Lookup]
FlashPlayer-10.6: 26.0.0.137 (installed 2017-07-12) [Lookup]
QuickTime Plugin: 7.7.3 (installed 2017-07-16)
Flash Player: 26.0.0.137 (installed 2017-07-12) [Lookup]
Default Browser: 601 (installed 2017-06-06)
OnLiveGameClientDetector: OnLiveGameClientDetector 1.0.0 (installed 2014-12-16) [Lookup]
Silverlight: 5.1.30317.0 (installed 2017-06-06) [Lookup]
WacomTabletPlugin: WacomTabletPlugin 2.1.0.6 (installed 2017-05-12) [Lookup]
JavaAppletPlugin: Java 8 Update 131 build 11 (installed 2017-06-06) Check version
Safari Extensions:ⓘ
[enabled] Adblock Plus - Eyeo GmbH - https://adblockplus.org/ (installed 2016-12-22)
[enabled] AnyList Recipe Import - AnyList - https://www.anylistapp.com (installed 2015-01-27)
[not loaded] 1Password Safari Extension Companion - Mac App Store (installed 2017-04-28)
[enabled] 1Password - AgileBits - https://agilebits.com/onepassword (installed 2017-06-08)
3rd Party Preference Panes:ⓘ
Flash Player (installed 2017-06-23) [Lookup]
Java (installed 2017-06-06) [Lookup]
WacomTablet (installed 2017-06-15) [Lookup]
Time Machine:ⓘ
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 874.00 GB Disk used: 571.01 GB
Destinations:
Thurston1 [Local]
Total size: 3.00 TB
Total number of backups: 136
Oldest backup: 3/29/15, 13:16
Last backup: 6/10/17, 23:41
Size of backup disk: Excellent
Backup size 3.00 TB > (Disk size 874.00 GB X 3)
Top Processes by CPU:ⓘ
6% WindowServer
5% Safari
4% com.apple.WebKit.WebContent
4% kernel_task
3% mdworker
Top Processes by Memory:ⓘ
1.52 GB kernel_task
769 MB firefox
525 MB Safari
383 MB mds_stores
383 MB com.apple.WebKit.WebContent
Top Processes by Energy Use:ⓘ
8.04 WindowServer
4.54 Safari
2.70 mdworker
2.40 backupd
Virtual Memory Information:ⓘ
25.60 GB Available RAM
21.62 GB Free RAM
6.40 GB Used RAM
3.99 GB Cached files
0 B Swap Used
Software installs:ⓘ
OldDeviceUninstaller: (installed 2017-07-15)
RzUpdater: (installed 2017-07-15)
1499836310rzrmodRazerHid: (installed 2017-07-15)
RzDeviceEngine: (installed 2017-07-15)
Install information may not be complete.
Diagnostics Information:ⓘ
2017-07-15 16:56:26 System Preferences.app Crash [Open]
Cause: Show all view
objc[352]: GC: forcing GC OFF because OBJC_DISABLE_GC is set
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[NSProxyPreferencePane removeFromSuperviewWithoutNeedingDisplay]: unrecognized selector sent to instance 0x7f9c02f88510'
abort() called
terminating with uncaught exception of type NSException
Hello maricu18,
I wrote a little diagnostic program to help show what adware is installed. Download EtreCheck from https://www.etrecheck.com, run it, and paste the results here. EtreCheck is perfectly safe to run, does not ask for your password to install, and is signed with my Apple Developer ID.
If adware is installed, EtreCheck will help you remove it, although you may have to supply a password. If you aren’t comfortable with that, just post the EtreCheck report here and other helpers can tell you exactly what files need to be deleted and how to do so.
Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.
Hello again Runswcissors,
Didn't I just respond to your own thread? Did you try removing you adware?
Possible Adware/Malware?
