Scribd
Upload
218 views7 pages

Etrecheck Version: 3.3 (383) Report Generated 2017-05-16 12:22:16 Download Etrecheck From Runtime: 2:09 Performance: Excellent

The document summarizes the results of a scan of a Mac computer that is experiencing unwanted website redirects. The scan found 10 potential adware files and lists them. It also found browser extensions, login items, and other software that could be related to the problem. Removing the identified adware files may help stop the unwanted website redirects.

Uploaded by

moginh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
218 views7 pages

Etrecheck Version: 3.3 (383) Report Generated 2017-05-16 12:22:16 Download Etrecheck From Runtime: 2:09 Performance: Excellent

The document summarizes the results of a scan of a Mac computer that is experiencing unwanted website redirects. The scan found 10 potential adware files and lists them. It also found browser extensions, login items, and other software that could be related to the problem. Removing the identified adware files may help stop the unwanted website redirects.

Uploaded by

moginh
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 7

EtreCheck version: 3.

3 (383)
Report generated 2017-05-16 12:22:16
Download EtreCheck from https://etrecheck.com
Runtime: 2:09
Performance: Excellent

Click the [Lookup] links for more information from Apple Support Communities.
Click the [Details] links for more information about that line.
Click the [Remove/Report] links to remove adware or update the whitelist of legitimate software.

Problem: Other problem


Description:
Hi

Turned on the Mac tonight and when I try and open a website, a new tab also opens with random d
sites. Here's just 3 of the sites so far:

http://homeburu.xyz/?cid=13712&pub=100562&sid1=IYD&sid2=1494367758073_1494367756
593_142_194878_40608818_1&lp=3009

http://securefastmac.space/landings/197/?affid=mzb_476.8794241.1494367909.30.mzb
&utm_source=affxe&utm_medium=cpi&utm_campaign=mk_affxe_cpi_t1_197&utm_term=&utm_
content=&userDefiner=mzb_2974&alert=44&trt=29_3139511156&tid_ext=102295;1025e7fb
febbfd30b4142dc9b735ba&redirect=loadblue

http://gen.mactechright.com/jo/bl?m=329F257E-F578-5C5E-A4A9-A6BC23CA891F&ua=Mozi lla/
5.0%20(Macintosh;%20Intel%20Mac%20OS%20X%2010_10_5)%20AppleWebKit/602.4.8%20 (K
%20like%20Gecko)%20Version/10.0.3%20Safari/602.4.8&err=Different%20end-us
er%20between%20bidding%20and%20impression#s0d4

Seems every time I open anything. I'm assuming its Malware - how do I stop this / get rid of it. My
is up to date. I'm using Safari, but it happens in Google Chrome too.

Thanks

Hardware Information:
MacBook Pro (Retina, 13-inch, Late 2013)
[Technical Specifications] - [User Guide] - [Warranty & Service]
MacBook Pro - model: MacBookPro11,1
1 2.6 GHz Intel Core i5 (i5-4288U) CPU: 2-core
8 GB RAM Not upgradeable
BANK 0/DIMM0
4 GB DDR3 1600 MHz ok
BANK 1/DIMM0
4 GB DDR3 1600 MHz ok
Bluetooth: Good - Handoff/Airdrop2 supported
Wireless: en0: 802.11 a/b/g/n/ac
Battery: Health = Normal - Cycle count = 1386

Video Information:
Intel Iris - VRAM: 1536 MB
Color LCD 2560 x 1600

System Software:
macOS Sierra 10.12.4 (16E195) - Time since boot: about one hour

Disk Information:
APPLE SSD SM0512F disk0 : (500.28 GB) (Solid State - TRIM: Yes)
[Show SMART report]
EFI (disk0s1 - MS-DOS FAT32) <not mounted> : 210 MB
Recovery HD (disk0s3 - Journaled HFS+) <not mounted> [Recovery]: 650 MB
Macintosh HD (disk1 - Journaled HFS+) / [Startup]: 499.05 GB (115.03 GB free)
Core Storage: disk0s2 499.42 GB Online

USB Information:
Apple Inc. Apple Internal Keyboard / Trackpad
Apple Inc. BRCM20702 Hub
Apple Inc. Bluetooth USB Host Controller

Thunderbolt Information:
Apple Inc. thunderbolt_bus

Configuration files:
/etc/hosts - Count: 1

Gatekeeper:
Mac App Store and identified developers

Possible adware:
Unknown file: /Library/LaunchAgents/com.September.plist
Adware: /Library/LaunchDaemons/com.apple.cheechran.plist
Adware: /Library/LaunchDaemons/com.apple.therkkin.plist
Unknown file: /Library/LaunchDaemons/com.egprxseprbol.plist
Unknown file: /Library/LaunchDaemons/com.iuaextiwciys.plist
Unknown file: /Library/LaunchDaemons/com.xMFQZAFu.plist
Adware: ~/Library/LaunchAgents/com.bittorrent.BitTorrent.plist
Adware: ~/Library/LaunchAgents/com.bittorrent.uTorrent.plist
Unknown file: ~/Library/LaunchAgents/com.reshipper.plist
/Library/reshipper/reshipper
Adware: ~/Library/LaunchAgents/com.spigot.ApplicationManager.plist
10 possible adware files found. [Remove/Report]

Kernel Extensions:
/Applications/MATLAB_R2016b.app
[not loaded] com.mathworks.sldrtkrn (5.3.0 - OS X 10.8) [Lookup]

/Applications/Parallels Desktop.app
[not loaded] com.parallels.kext.hypervisor (12.0.2 41353 - SDK 10.9) [Lookup]
[not loaded] com.parallels.kext.netbridge (12.0.2 41353 - SDK 10.9) [Lookup]
[not loaded] com.parallels.kext.usbconnect (12.0.2 41353 - SDK 10.9) [Lookup]
[not loaded] com.parallels.kext.vnic (12.0.2 41353 - SDK 10.9) [Lookup]

/Applications/VMware Fusion.app
[not loaded] com.vmware.kext.vmci (7.0.1) [Lookup]
[not loaded] com.vmware.kext.vmioplug.14.1.3 (7.0.1) [Lookup]
[not loaded] com.vmware.kext.vmnet (7.0.1) [Lookup]
[not loaded] com.vmware.kext.vmx86 (7.0.1) [Lookup]
[not loaded] com.vmware.kext.vsockets (7.0.1) [Lookup]

/Library/Application Support/VirtualBox
[loaded] org.virtualbox.kext.VBoxDrv (5.1.14) [Lookup]
[loaded] org.virtualbox.kext.VBoxNetAdp (5.1.14) [Lookup]
[loaded] org.virtualbox.kext.VBoxNetFlt (5.1.14) [Lookup]
[loaded] org.virtualbox.kext.VBoxUSB (5.1.14) [Lookup]

/Library/Extensions
[loaded] com.intel.kext.intelhaxm (6.0.3 - SDK 10.9) [Lookup]

Startup Items:
TuxeraNTFSUnmountHelper: Path: /Library/StartupItems/TuxeraNTFSUnmountHelper
Startup items no longer function in OS X Yosemite or later

System Launch Agents:


[not loaded] 6 Apple tasks
[loaded] 176 Apple tasks
[running] 100 Apple tasks

System Launch Daemons:


[not loaded] 38 Apple tasks
[loaded] 173 Apple tasks
[running] 108 Apple tasks

Launch Agents:
[running] SwapperUFi.plist (Unknown - installed 2017-02-11) [Lookup]
[not loaded] com.September.plist (Unknown - installed 2017-04-26) [Lookup]
[not loaded] com.adobe.AAM.Updater-1.0.plist (Adobe Systems, Inc. - installed 2017-03-07)
[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-03-29) [Lookup]
[loaded] com.oracle.java.Java-Updater.plist (Unknown - installed 2017-03-17) [Lookup]
[loaded] org.chromium.chromoting.plist (Shell script - installed 2017-03-20) [Lookup]
[loaded] org.gpgtools.Libmacgpg.xpc.plist (Lukas Pitschl - installed 2016-10-14) [Lookup]
[loaded] org.gpgtools.macgpg2.fix.plist (Shell script - installed 2016-10-14) [Lookup]
[running] org.gpgtools.macgpg2.shutdown-gpg-agent.plist (Shell script - installed 2016-10-14
[loaded] org.gpgtools.updater.plist (Lukas Pitschl - installed 2017-03-21) [Lookup]
[loaded] org.macosforge.xquartz.startx.plist (Apple Inc. - XQuartz - installed 2016-10-26) [Loo

Launch Daemons:
[running] PPPMonitord.plist (Unknown - installed 2017-02-11) [Lookup]
[loaded] com.BlueStacks.AppPlayer.bstservice_helper.plist (BlueStack Systems, Inc. - installe
2015-08-19) [Lookup]
[loaded] com.adobe.SwitchBoard.plist (Unknown - installed 2017-03-07) [Lookup]
[loaded] com.adobe.fpsaud.plist (Unknown - installed 2017-04-27) [Lookup]
[running] com.apple.cheechran.plist (Unknown - installed 2017-04-23) Adware! [Remove/R
/Library/cheechran
[running] com.apple.therkkin.plist (Unknown - installed 2017-04-24) Adware! [Remove/Rep
/Library/therkkin
[not loaded] com.egprxseprbol.plist (Unknown - installed 2017-04-24) [Lookup]
[loaded] com.google.keystone.daemon.plist (Google, Inc. - installed 2017-04-19) [Lookup]
[not loaded] com.intel.haxm.plist (Unknown - installed 2016-06-12) [Lookup]
[not loaded] com.iuaextiwciys.plist (Unknown - installed 2017-04-23) [Lookup]
[loaded] com.microsoft.office.licensing.helper.plist (Unknown - installed 2010-08-25) [Lookup
[loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2017-0
[Lookup]
[running] com.ni.ServiceLocator.plist (National Instruments - installed 2017-02-14) [Lookup]
[loaded] com.oracle.java.Helper-Tool.plist (Shell script - installed 2016-12-13) [Lookup]
[failed] com.oracle.oss.mysql.mysqld.plist (Oracle America, Inc. - installed 2016-09-29) [Look
[not loaded] com.xMFQZAFu.plist (Unknown - installed 2017-04-23) [Lookup]
[loaded] org.macosforge.xquartz.privileged_startx.plist (Apple Inc. - XQuartz - installed 2016-
[Lookup]
[not loaded] org.macports.postgresql84-server.plist (Unknown - installed 2017-03-01) [Looku
[not loaded] org.virtualbox.startup.plist (Shell script - installed 2017-02-05) [Lookup]

User Launch Agents:


[loaded] com.bittorrent.BitTorrent.plist ((null) - installed 2017-03-23) Adware! [Remove/Rep
/usr/bin/open
[loaded] com.bittorrent.uTorrent.plist ((null) - installed 2017-03-23) Adware! [Remove/Repo
/usr/bin/open
[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-05-03) [
[running] com.reshipper.plist (Unknown - installed 2017-05-16) [Lookup]
[running] com.spigot.ApplicationManager.plist (Unknown - installed 2016-12-29) Adware! [R
Report]
~/Library/Application Support/Spigot/ApplicationManager
[not loaded] org.virtualbox.vboxwebsrv.plist (Oracle America, Inc. - installed 2017-02-05) [Lo

User Login Items:


iTunesHelper Application (installed 2017-03-30)
(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)
VMware Fusion Start Menu Application
(/Applications/VMware Fusion.app/Contents/Library/VMware Fusion Start Menu.app)
Dropbox Application
(/Applications/Dropbox.app)
Google Drive Application
(/Applications/Google Drive.app)
Android File Transfer Agent Application
(~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)
Google Chrome Application - Hidden
(/Applications/Google Chrome.app)
ConceptDraw STORE Application (installed 2017-05-16)
(/Applications/ConceptDraw STORE.app/Contents/MacOS/CDSBAutostart.app)
com.adobe.SwitchBoard.monitor.plist MachInit - Hidden
(/etc/mach_init_per_user.d/com.adobe.SwitchBoard.monitor.plist)
Mach Init items are deprecated

Internet Plug-ins:
FlashPlayer-10.6: 25.0.0.171 (installed 2017-05-15) [Lookup]
QuickTime Plugin: 7.7.3 (installed 2017-04-23)
Flash Player: 25.0.0.171 (installed 2017-05-15) [Lookup]
LV150HelperLauncher: 15.0.1 (installed 2017-02-22) [Lookup]
SharePointBrowserPlugin: 14.0.0 (installed 2010-08-25) [Lookup]
PepperFlashPlayer: 25.0.0.171 (installed 2017-05-15) [Lookup]
LV160HelperLauncher: 16.0.0 (installed 2017-02-14) [Lookup]
JavaAppletPlugin: Java 8 Update 121 build 13 (installed 2017-03-17) Check version

User internet Plug-ins:


Picasa: 1.0 (installed 2015-10-13) [Lookup]

Safari Extensions:
[enabled] Open in Internet Explorer - Parallels - http://www.parallels.com (installed 2016-11

3rd Party Preference Panes:


remoting_host_prefpane (installed 2017-04-06) [Lookup]
Flash Player (installed 2017-04-27) [Lookup]
FUSE for OS X (OSXFUSE) (installed 2015-02-07) [Lookup]
GPGPreferences (installed 2016-10-14) [Lookup]
Java (installed 2017-03-17) [Lookup]
MacFUSE (installed 2008-12-20) [Lookup]
MySQL (installed 2016-09-29) [Lookup]
NTFS-3G (installed 2010-10-11) [Lookup]
Tuxera NTFS (installed 2016-01-29) [Lookup]

Time Machine:
Skip System Files: NO
Mobile backups: ON
Auto backup: YES
Volumes being backed up:
Macintosh HD: Disk size: 499.05 GB Disk used: 384.01 GB
Destinations:
BACKUP [Local]
Total size: 639.79 GB
Total number of backups: 2
Oldest backup: 16/2/15, 4:38 AM
Last backup: 16/2/15, 7:05 AM
Size of backup disk: Too small
Backup size 639.79 GB < (Disk used 384.01 GB X 3)

Top Processes by CPU:


23% (osascript)
13% com.apple.WebKit.WebContent(4)
13% mdworker(9)
8% WindowServer
6% launchservicesd

Top Processes by Memory:


1.30 GB Google Chrome Helper(12)
753 MB kernel_task
418 MB com.apple.WebKit.WebContent(4)
295 MB Google Chrome
254 MB firefox

Top Processes by Network Use:


Input Output Process name
3 MB 76 KB firefox
125 KB 271 KB Dropbox
99 KB 26 KB mDNSResponder
18 KB 31 KB apsd
29 KB 18 KB Telegram
Top Processes by Energy Use:
5.68 WindowServer
5.58 launchservicesd
3.08 Safari
2.94 com.apple.WebKit
2.82 loginwindow

Virtual Memory Information:


2.47 GB Available RAM
146 MB Free RAM
5.53 GB Used RAM
2.33 GB Cached files
10 MB Swap Used

Diagnostics Information:
2017-05-16 11:16:38 Self test - passed

You might also like