Suddenly, my MacBookPro has slowed to an exasperating level, with the blue death spiral spinning endlessly. I re-boot, several times, cleared out the cache folder (which appears to only contain Apple files), cleared browsing history and a large number of cookies every day for the last three days. How can eliminate this problem?
MacBook Pro, IOS 10.11.6
Here is the report:
EtreCheck version: 4.3 (4D007)
Report generated: 2018-05-21 13:29:03
Download EtreCheck from https://etrecheck.com
Runtime: 4:48
Performance: Good
Problem: Beachballing
Description:
Suddenly, my MacBookPro has slowed to an exasperating level, with the “beachball” death spiral spinning endlessly. I re-boot, several times, cleared out the cache folder (which appears to only contain Apple files), cleared browsing history and a large number of cookies every day for the last three days.
Major Issues:
Anything that appears on this list needs immediate attention.
Time Machine backup out-of-date - The last Time Machine backup is over 10 days old.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Upgradeable hard drive - This machine’s hard drive could be replaced with an SSD. This would dramatically improve your machine’s performance.
High battery cycle count - Your battery may be losing capacity.
Unsigned files - There is unsigned software installed. They appear to be legitimate but should be reviewed.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Abnormal shutdown - Your machine shut down abnormally.
Hardware Information:
MacBook Pro (13-inch, Early 2011)
MacBook Pro Model: MacBookPro8,1
1 2.3 GHz Intel Core i5 (i5-2415M) CPU: 2-core
4 GB RAM - Upgradeable
BANK 0/DIMM0 - 2 GB DDR3 1333 ok
BANK 1/DIMM0 - 2 GB DDR3 1333 ok
Battery: Health = Normal - Cycle count = 1108
Video Information:
Intel HD Graphics 3000 - VRAM: 384 MB
Color LCD 1280 x 800
Drives:
disk0 - Hitachi HTS545032B9A302 320.07 GB (Mechanical)
Internal SATA 3 Gigabit Serial ATA
disk0s1 - EFI [EFI] 210 MB
disk0s2 - Macintosh HD (Journaled HFS+) 319.21 GB
disk0s3 - Recovery HD [Recovery] 650 MB
Mounted Volumes:
disk0s2 - Macintosh HD 319.21 GB (267.26 GB free)
Journaled HFS+
Mount point: /
Network:
Interface en0: Ethernet
Interface fw0: FireWire
Interface en1: Wi-Fi
802.11 a/b/g/n
One IPv4 address
Interface en3: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
System Software:
OS X El Capitan 10.11.6 (15G20015)
Time since boot: About 2 hours
System Load: 1.53 (1 min ago) 1.46 (5 min ago) 1.96 (15 min ago)
Security:
| System | Status |
|---|---|
| Gatekeeper | Mac App Store and identified developers |
| System Integrity Protection | Enabled |
Unsigned Files:
Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.wdc.drivemanagerservice.plist
Executable: /Library/Application Support/WesternDigital/WDDriveManager/WDDriveManagerService
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.SearchMaster.plist
Executable: /Users/***/Library/Application Support/com.SearchMaster/SearchMaster r
Details: Domain name invalid - possibly adware
32-bit Applications:
26 32-bit apps
Kernel Extensions:
/Library/Extensions
[Loaded] com.malwarebytes.mbam.rtprotection.kext (Malwarebytes Corporation, 3.1 - SDK 10.12)
System Launch Agents:
| [Not Loaded] | 7 Apple tasks |
| [Loaded] | 164 Apple tasks |
| [Running] | 69 Apple tasks |
System Launch Daemons:
| [Not Loaded] | 43 Apple tasks |
| [Loaded] | 164 Apple tasks |
| [Running] | 85 Apple tasks |
| [Other] | One Apple task |
Launch Daemons:
| [Running] | com.wdc.drivemanagerservice.plist (? 6255a596 - installed 2017-03-22) |
| [Running] | com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-10-24) |
| [Loaded] | com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2017-04-11) |
| [Running] | com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2017-10-24) |
| [Loaded] | com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-04-28) |
| [Loaded] | com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2011-03-10) |
User Launch Agents:
| [Loaded] | com.google.keystone.agent.plist (Google, Inc. - installed 2018-04-13) |
| [Loaded] | com.SearchMaster.plist (? 0 - installed 2018-05-16) |
User Login Items:
iTunesHelper Application (Apple - installed 2018-04-09)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Internet Plug-ins:
GarminGpsControl: 4.2.0.0 (installed 2014-03-31)
FlashPlayer-10.6: 29.0.0.171 (installed 2018-05-08)
QuickTime Plugin: 7.7.3 (installed 2018-04-09)
Flash Player: 29.0.0.171 (installed 2018-05-08)
SharePointBrowserPlugin: 14.7.2 (installed 2017-04-03)
Default Browser: 601 (installed 2016-07-08)
Safari Extensions:
| Player for YouTube™ (Flash version).safariextz - James Fray - http://add0n.com/youtube-tools.html?from=flash(installed 2018-05-20) |
| AdGuard AdBlocker.safariextz - adguard - http://adguard.com (installed 2018-05-20) |
3rd Party Preference Panes:
Flash Player (installed 2018-04-28)
Time Machine:
Skip System Files:
Mobile backups:
Auto backup: Yes
Volumes being backed up:
Macintosh HD: Disk size: 319.21 GB - Disk used: 51.95 GB
Destinations:
M****k [Local] (Last used)
Total size: 999.86 GB
Total number of backups: 1
Oldest backup: 2018-04-22 15:53:05
Last backup: 2018-04-22 15:53:05
M*********t [Local]
Total size: 399.74 GB
Total number of backups: 5
Oldest backup: 2017-11-05 12:30:54
Last backup: 2018-01-31 11:17:55
Top Processes by CPU:
| Process (count) | Source | % of CPU |
| WindowServer | Apple | 20 |
| com.apple.WebKit.WebContent (3) | Apple | 5 |
| Safari | Apple | 5 |
| kernel_task | Apple | 3 |
| hidd | Apple | 3 |
Top Processes by Memory:
| Process (count) | Source | RAM usage |
| com.apple.WebKit.WebContent (3) | Apple | 785 MB |
| kernel_task | Apple | 398 MB |
| mdworker (11) | Apple | 126 MB |
| Safari | Apple | 118 MB |
| softwareupdated | Apple | 71 MB |
Top Processes by Energy Use:
| Process (count) | Source | Energy usage (0-100) |
| WindowServer | Apple | 4 |
| opendirectoryd | Apple | 0 |
| RTProtectionDaemon | Malwarebytes Corporation | 0 |
| com.apple.WebKit.WebContent (3) | Apple | 0 |
| mds | Apple | 0 |
Virtual Memory Information:
| Available RAM | 1.12 GB |
| Free RAM | 18 MB |
| Used RAM | 2.88 GB |
| Cached files | 1.10 GB |
| Swap Used | 52 MB |
Diagnostics Information (past 7 days):
2018-05-21 11:18:46 Last Shutdown Cause: 3 - Hard shutdown
2018-05-20 18:41:39 RTProtectionDaemon.app Crash (3 times)
/Library/Application Support/Malwarebytes/*/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app
End of report
Absolutely remove the WD drivers. The OS does not need help handling its own file system. These crap third party drivers only cause problems.
Other than that, your Mac is starved for RAM, as evidenced by the 52 MB of swapped data. 4 GB isn't enough for High Sierra. You need at least 8 for decent performance.
Ignore the Whitelabel error message. That's been a problem on these forums the past couple of weeks.
There is adware installed on your Mac..
Run EtreCheck again.
Scroll up the sidebar.
Click “Security” button.
Look for and remove these entries under Adware and Unsigned files.
Launchd: ~/Library/LaunchAgents/com.SearchMaster.plist
Executable: /Users/***/Library/Application Support/com.SearchMaster/SearchMaster r
Details: Domain name invalid - possibly adware
Click the “Remove” button.
SearchMaster is still listed, as is a daemon for the Western Digital driver.
| [Other] | com.wdc.drivemanagerservice.plist (? 6255a596 - installed 2017-03-22) |
Unsigned Files:
Launchd: ~/Library/LaunchAgents/com.SearchMaster.plist
Executable: /Users/***/Library/Application Support/com.SearchMaster/SearchMaster r
A note on SearchMaster. There are two entirely different apps by this name.
Legitimate - a court reporting database
Junk - a redirecting piece of malware
If court reporting data isn't your thing, then it's likely the latter and you would definitely want to remove it.
Beachballs are gone and performance is much faster...thank you.
OK, thanks. I got this message after clicking the Apple Support Community hyperlink...
Whitelabel Error Page
This application has no explicit mapping for /error, so you are seeing this as a fallback.
Mon May 21 20:29:51 GMT 2018
There was an unexpected error (type=Internal Server Error, status=500).
javax.servlet.ServletException: Unable to process request with identifier=a3c3819665b8d3d95ee1995a7c1789a9
Thank you Kurt.
I've removed the WD files. I did not upgrade to High Sierra and have remained with El Capitan 10.11.6 , but I understand what you are saying. I'll reboot and verify these changes.
Thanks again.
Thanks for the quick reply. My security preferences only accept apps from Mac App Store. Why can't this program be found there?
Control-click the application and choose Open.
(160737)
Excellent. 🙂
Ah. I thought that was a run of EtreCheck after removing the items.
Please run EtreCheck and post the report here. This is a diagnostic test.
Click “Free Download” button, open Downloads folder, click on it to open, and then select ”Open”.
Click on the bouncing EtreCheck icon in the Dock.
“Choose a problem” from the popup menu box, and then “Start EtreCheck” in the dialog.
Click “Share Report” button in the toolbar, select “Copy to Clipboard” .
Paste it into the reply.
domino23, EntrCheck is re-run. See report below.
com.SearchMaster.plist was removed
com.malwarebytes.mbam.settings.daemon.plist was also removed.
I will have my MacBook Pro checked out by Apple on my next trip to Las Vegas.
Thanks for the follow up.
Mac713
EtreCheck version: 4.3 (4D007)
Report generated: 2018-05-22 09:27:14
Download EtreCheck from https://etrecheck.com
Runtime: 4:22
Performance: Good
Problem: No problem - just checking
Major Issues:
Anything that appears on this list needs immediate attention.
Time Machine backup out-of-date- The last Time Machine backup is over 10 days old.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Upgradeable hard drive- This machine’s hard drive could be replaced with an SSD. This would dramatically improve your machine’s performance.
High battery cycle count- Your battery may be losing capacity.
Apps with heavy CPU usage- There have been numerous cases of apps with heavy CPU usage.
Clean up- There are orphan files that could be removed.
Unsigned files- There is unsigned software installed. They appear to be legitimate but should be reviewed.
32-bit Apps- This machine has 32-bits apps that may have problems in the future.
Hardware Information:
MacBook Pro (13-inch, Early 2011)
MacBook Pro Model: MacBookPro8,1
1 2.3 GHz Intel Core i5 (i5-2415M) CPU: 2-core
4 GB RAM - Upgradeable
BANK 0/DIMM0 - 2 GB DDR3 1333 ok
BANK 1/DIMM0 - 2 GB DDR3 1333 ok
Battery: Health = Normal - Cycle count = 1108
Video Information:
Intel HD Graphics 3000 - VRAM: 384 MB
Color LCD 1280 x 800
Drives:
disk0 - Hitachi HTS545032B9A302 320.07 GB (Mechanical)
Internal SATA 3 Gigabit Serial ATA
disk0s1 - EFI [EFI] 210 MB
disk0s2 - Macintosh HD (Journaled HFS+) 319.21 GB
disk0s3 - Recovery HD [Recovery] 650 MB
Mounted Volumes:
disk0s2 - Macintosh HD 319.21 GB (267.78 GB free)
Journaled HFS+
Mount point: /
Network:
Interface en0: Ethernet
Interface fw0: FireWire
Interface en1: Wi-Fi
802.11 a/b/g/n
One IPv4 address
Interface en3: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
System Software:
OS X El Capitan 10.11.6 (15G20015)
Time since boot: About 2 hours
System Load: 1.59 (1 min ago) 1.38 (5 min ago) 1.24 (15 min ago)
Security:
| System | Status |
|---|---|
| Gatekeeper | Mac App Store and identified developers |
| System Integrity Protection | Enabled |
Unsigned Files:
Launchd: ~/Library/LaunchAgents/com.SearchMaster.plist
Executable: /Users/***/Library/Application Support/com.SearchMaster/SearchMaster r
Details: Domain name invalid - possibly adware
Launchd: /Library/LaunchDaemons/com.malwarebytes.mbam.settings.daemon.plist
Executable: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/SettingsDaemon.app/Con tents/MacOS/SettingsDaemon
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
Details: Exact match found in the whitelist - probably OK
32-bit Applications:
26 32-bit apps
System Launch Agents:
| [Not Loaded] | 7 Apple tasks |
| [Loaded] | 158 Apple tasks |
| [Running] | 75 Apple tasks |
System Launch Daemons:
| [Not Loaded] | 43 Apple tasks |
| [Loaded] | 159 Apple tasks |
| [Running] | 89 Apple tasks |
| [Other] | 2 Apple tasks |
Launch Daemons:
| [Other] | com.wdc.drivemanagerservice.plist (? 6255a596 - installed 2017-03-22) |
| [Loaded] | com.malwarebytes.mbam.settings.daemon.plist (? a40d558f - installed 2017-10-24) |
| [Running] | com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2017-04-11) |
| [Other] | com.malwarebytes.mbam.rtprotection.daemon.plist (? 31419c10 - installed 2017-10-24) |
| [Loaded] | com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-04-28) |
| [Loaded] | com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2011-03-10) |
User Launch Agents:
| [Loaded] | com.google.keystone.agent.plist (Google, Inc. - installed 2018-04-13) |
| [Loaded] | com.SearchMaster.plist (? 0 - installed 2018-05-22) |
User Login Items:
iTunesHelper Application (Apple - installed 2018-04-09)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
Internet Plug-ins:
GarminGpsControl: 4.2.0.0 (installed 2014-03-31)
FlashPlayer-10.6: 29.0.0.171 (installed 2018-05-08)
QuickTime Plugin: 7.7.3 (installed 2018-04-09)
Flash Player: 29.0.0.171 (installed 2018-05-08)
SharePointBrowserPlugin: 14.7.2 (installed 2017-04-03)
Default Browser: 601 (installed 2016-07-08)
Safari Extensions:
| AdGuard AdBlocker.safariextz - adguard - http://adguard.com(installed 2018-05-20) |
Time Machine:
Skip System Files:
Mobile backups:
Auto backup: Yes
Volumes being backed up:
Macintosh HD: Disk size: 319.21 GB - Disk used: 51.43 GB
Destinations:
M****k [Local] (Last used)
Total size: 999.86 GB
Total number of backups: 1
Oldest backup: 2018-04-22 15:53:05
Last backup: 2018-04-22 15:53:05
M*********t [Local]
Total size: 399.74 GB
Total number of backups: 5
Oldest backup: 2017-11-05 12:30:54
Last backup: 2018-01-31 11:17:55
Top Processes by CPU:
| Process (count) | Source | % of CPU |
| WindowServer | Apple | 6 |
| kernel_task | Apple | 2 |
| launchd | Apple | 0 |
| com.apple.WebKit.Networking | Apple | 0 |
| com.apple.WebKit.WebContent (7) | Apple | 0 |
Top Processes by Memory:
| Process (count) | Source | RAM usage |
| com.apple.WebKit.WebContent (7) | Apple | 1.15 GB |
| kernel_task | Apple | 407 MB |
| Safari | Apple | 177 MB |
| WindowServer | Apple | 48 MB |
| Finder | Apple | 46 MB |
Top Processes by Energy Use:
| Process (count) | Source | Energy usage (0-100) |
| WindowServer | Apple | 4 |
| accountsd | Apple | 1 |
| securityd_service | Apple | 0 |
| gamed | Apple | 0 |
| launchd | Apple | 0 |
Virtual Memory Information:
| Available RAM | 1.05 GB |
| Free RAM | 17 MB |
| Used RAM | 2.95 GB |
| Cached files | 1.03 GB |
| Swap Used | 0 B |
Clean up:
/Library/LaunchDaemons/com.wdc.drivemanagerservice.plist
/Library/Application Support/WesternDigital/WDDriveManager/WDDriveManagerService
Executable not found
/Library/LaunchDaemons/com.malwarebytes.mbam.rtprotection.daemon.plist
/Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app /Contents/MacOS/RTProtectionDaemon
Executable not found
Diagnostics Information (past 7 days):
2018-05-21 20:07:35 Microsoft Word.app CPU (8 times)
/Applications/Microsoft Office 2011/Microsoft Word.app
2018-05-20 18:41:39 RTProtectionDaemon.app Crash (3 times)
/Library/Application Support/Malwarebytes/*/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app
End of report
Thanks Kurt,
I first ran EtreCheck, then removed the com.SearchMaster.plist per its instructions, which shows when the file(s) are removed. But did not re-run EtreCheck a third time that would have shown the file removed. I did check using Finder and both files are gone. Many thanks for your follow up on this.
Mac713
How to detect virus/malware on MacBookPro
