null site display
I am getting the attached screen in the notifications once in a while now a days. Any idea what is this about? See the attached screenshot.
MacBook Pro TouchBar and Touch ID, macOS High Sierra (10.13.3)
EtreCheck version: 4.1.3 (4A188)
Report generated: 2018-03-18 16:42:18
Download EtreCheck from https://etrecheck.com
Runtime: 3:48
Performance: Good
Problem: Other problem
Description:
A null site display of a counter like window
Major Issues:
Anything that appears on this list needs immediate attention.
No Time Machine backup - Time Machine backup not found.
Adware - Adware detected.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
MacBook Pro (13-inch, 2016, Four Thunderbolt 3 Ports)
MacBook Pro Model: MacBookPro13,2
1 2.9 GHz Intel Core i5 (i5-6267U) CPU: 2-core
8 GB RAM Not upgradeable
BANK 0/DIMM0
4 GB LPDDR3 2133 ok
BANK 1/DIMM0
4 GB LPDDR3 2133 ok
Battery: Health = Normal - Cycle count = 46
Video Information:
Intel Iris Graphics 550 - VRAM: 1536 MB
Color LCD 2880 x 1800
Drives:
disk0 - APPLE SSD AP0512J 500.28 GB (Solid State - TRIM: Yes)
Internal PCI-Express 8.0 GT/s x4 NVM Express
disk0s1 - EFI [EFI] 315 MB
disk0s2 499.96 GB
disk1s1 - Macintosh HD (APFS) 499.96 GB 130.58 GB
disk1s2 - Preboot (APFS) [APFS Preboot] 499.96 GB 22 MB
disk1s3 - Recovery (APFS) [Recovery] 499.96 GB 510 MB
disk1s4 - VM (APFS) [APFS VM] 499.96 GB 3.22 GB
Mounted Volumes:
disk1s1 - Macintosh HD 499.96 GB (365.44 GB free)
APFS
Mount point: /
Encrypted
disk1s4 - VM [APFS VM] 499.96 GB (365.44 GB free)
APFS
Mount point: /private/var/vm
disk3s1 - A**************r 4 MB (3 MB free)
HFS+
Mount point: /Volumes/A**************r
disk4s2 - Flash Player 20 MB
HFS+
Mount point: /Volumes/Flash Player
disk5s1 - A****************r 24 MB (5 MB free)
HFS+
Mount point: /Volumes/A****************r
Network:
Interface lpss-serial1: LPSS Serial Adapter (1)
Interface lpss-serial2: LPSS Serial Adapter (2)
Interface en7: USB 10/100/1000 LAN
Interface en8: iPhone
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
One IPv4 address
Interface en6: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
iCloud Quota: 1.95 TB available
System Software:
macOS High Sierra 10.13.3 (17D102)
Time since boot: About 14 days
System Load: 2.18 (1 min ago) 5.65 (5 min ago) 4.60 (15 min ago)
Security:
System | Status |
---|---|
Gatekeeper | Mac App Store and identified developers |
System Integrity Protection | Enabled |
Adware:
Launchd: ~/Library/LaunchAgents/com.pcv.hlpramcn.plist
Reason: Adware name match
Executable: ~/Library/Application Support/amc/helperamc.app/Contents/MacOS/helperamc
Unsigned Files:
Launchd: ~/Library/LaunchAgents/com.UltraSearchApp.plist
Executable: ~/Library/Application Support/com.UltraSearchApp/UltraSearchApp r
Details: Domain name invalid - possibly adware
32-bit Applications:
Name | Version |
Wine Stable | 2.0.3 |
CitrixOnlineLauncher | 1.0.449 |
asannotation2 | 1612.21.3110.0 |
convertpdf | 1.2 |
Cisco WebEx Meeting Center | 1701.17.3111.0 |
quicklookd32 | 5.0 |
DVD Player | 5.8 |
Audacity | 2.1.3.0 |
InkServer | 10.9 |
atmsupload | 1602.25.3106.0 |
System Launch Agents:
[Not Loaded] | 7 Apple tasks |
[Loaded] | 146 Apple tasks |
[Running] | 137 Apple tasks |
System Launch Daemons:
[Not Loaded] | 37 Apple tasks |
[Loaded] | 159 Apple tasks |
[Running] | 135 Apple tasks |
Launch Agents:
[Loaded] | com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-01-25) |
[Not Loaded] | com.teamviewer.teamviewer_desktop.plist (TeamViewer GmbH - installed 2017-12-14) |
[Not Loaded] | com.teamviewer.teamviewer.plist (TeamViewer GmbH - installed 2017-12-14) |
[Loaded] | org.macosforge.xquartz.startx.plist (Apple Inc. - XQuartz - installed 2016-10-26) |
[Other] | com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist (Adobe Systems, Inc. - installed 2018-02-14) |
Launch Daemons:
[Loaded] | com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-02-14) |
[Loaded] | com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-01-25) |
[Not Loaded] | com.teamviewer.teamviewer_service.plist (TeamViewer GmbH - installed 2017-12-14) |
[Loaded] | com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2017-12-14) |
[Loaded] | com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-02-24) |
[Loaded] | org.macosforge.xquartz.privileged_startx.plist (Apple Inc. - XQuartz - installed 2016-10-26) |
[Loaded] | com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-02-14) |
[Loaded] | com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2017-04-09) |
User Launch Agents:
[Loaded] | com.google.keystone.agent.plist (Google, Inc. - installed 2018-02-04) |
[Loaded] | com.citrixonline.GoToMeeting.G2MUpdate.plist (Citrix Online LLC - installed 2017-03-18) |
[Loaded] | com.UltraSearchApp.plist (? 0 - installed 2018-03-17) |
[Running] | com.pcv.hlpramcn.plist (Techyutils Software Private Limited - installed 2018-02-23) |
User Login Items:
Cisco Spark Application
(/Applications/Cisco Spark.app)
iTunesHelper Application (Apple, Inc. - installed 2018-01-25)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Google Chrome Application (Google, Inc.
(/Applications/Google Chrome.app)
Advanced Mac Cleaner Application (Techyutils Software Private Limited
(/Applications/Advanced Mac Cleaner.app)
SnagitLaunchAtLogin SMLoginItem (TechSmith Corporation - installed 2017-11-07)
(/Applications/Snagit.app/Contents/Library/LoginItems/SnagitLaunchAtLogin.app)
Internet Plug-ins:
AdobePDFViewerNPAPI: 17.012.20098 (installed 2018-03-03)
FlashPlayer-10.6: 29.0.0.113 (installed 2018-03-17)
QuickTime Plugin: 7.7.3 (installed 2018-02-06)
AdobePDFViewer: 18.011.20038 (installed 2018-03-03)
Flash Player: 29.0.0.113 (installed 2018-03-17)
User Internet Plug-ins:
CitrixOnlineWebDeploymentPlugin: 1.0.105 (installed 2013-04-26)
WebEx64: 1.1.0 (installed 2017-07-13)
Safari Extensions:
Browse Feed.safariextz - - (installed 2018-03-09) |
3rd Party Preference Panes:
Flash Player (installed 2018-02-24)
Time Machine:
Time Machine Not Configured!
Top Processes by CPU:
Process (count) | Source | % of CPU |
RdrCEF | Adobe Systems, Inc. | 2 |
kernel_task | Apple | 2 |
WindowServer | Apple | 2 |
SnagitHelper | TechSmith Corporation | 1 |
com.apple.WebKit.WebContent (5) | Apple | 1 |
Top Processes by Memory:
Process (count) | Source | RAM usage |
com.apple.WebKit.WebContent (5) | Apple | 1.64 GB |
kernel_task | Apple | 959 MB |
Safari | Apple | 323 MB |
mdworker (15) | Apple | 192 MB |
Dock | Apple | 127 MB |
Top Processes by Network Use:
Process | Source | Input | Output |
mDNSResponder | Apple | 40 MB | 23 MB |
biometrickitd | Apple | 910 KB | 330 KB |
com.apple.WebKit.Networking | Apple | 346 KB | 246 KB |
netbiosd | Apple | 351 KB | 113 KB |
CalendarAgent | Apple | 32 KB | 20 KB |
Top Processes by Energy Use:
Process (count) | Source | Energy usage (0-100) |
CalendarAgent | Apple | 4 |
WindowServer | Apple | 2 |
Safari | Apple | 2 |
suggestd | Apple | 2 |
com.apple.WebKit.WebContent (5) | Apple | 2 |
Virtual Memory Information:
Available RAM | 1.64 GB |
Free RAM | 64 MB |
Used RAM | 6.36 GB |
Cached files | 1.58 GB |
Swap Used | 1.08 GB |
Diagnostics Information (past 7 days):
2018-03-11 21:06:54 fud Crash (once)
objc_msgSend() selector name: disableStreamEventsForStateMachine: |
End of report
It does appear to be an "Advanced Mac Cleaner" / pcvark variant. To uninstall it please refer to this Discussion: Re: Advanced MacCleaner popup virus
It looks like it's supposed to be a timer of some sort. Most likely from some app you installed.
Please install EtreCheck and post the report.
You have adware installed. Uninstall Advanced Mac Cleaner. See: https://blog.malwarebytes.com/threat-analysis/2016/08/pcvark-plays-dirty/
Take the Advanced Mac Cleaner from the startup Items,
restart,
then uninstall the Advanced Mac Cleaner, as per instructions by my collegues.
null site display