neilbar
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by neilbar
-
-
Hi
thanks
there in "update" mine shows 3.9.27
thanks
neil
-
Hi
Just replying to check "notify me of replies"
-
Hi
I am using the marvellous Malarebytes 3.9.27 on a mac (High Sierra 10.13.6) and am seeing "Updates are not current" on the Malarebytes dashboard the last 2 days.
When I rollover then click on "check for updates" the button, it goes black then "feels the click' by flickering, but nothing happens, [screenshot]
I'l mention that I do use little Snitch, but I have checked that to see if I accidentally blocked Malwarebytes from calling out and I see nothing under Malwarebytes in my list of rules.
BTW: If I go to Malwarebytes in the menu at top of screen near the apple I can select check for updates and it sohws my version as curent.
-
thanks
done
-
Alvarnell
thanks
I am frustrated I can't find the article that said update macs to OSX 10.14, but if there is no iMessage OSX vulnerability that's cool
good to know
again, much appreciated
Neil
-
-
AHA, that makes sense thanks
that was on my Mac (v 3.1.1.505),
on my MacBook (v3.9.27) it doesn’t pop up item names as it scans. hence my concern, it seemed unusual
looks like one of those app's needs an update perhaps?
N
-
Alvarnell thanks
I swear I saw an article about updating Macs to the latest OSX to get around there iMessage bug, but hey, I can't find it now.
again, I appreciate your kind attention
N
-
Hi guys
when I run Malwarebytes I see 'Trojan.StreamStealer.GSGO' pop up for a few seconds, that doesn’t seem good?
there are a few 'adware' listings too, it all shoots past real quick so I can't note them and I can't work out where I might see. list of these potentially suspicious items.
Anyhoo nothing ends up in quarantine and Malwarebytes reports " - - - you are clean"
no threats were listed at the end of the scan - I would expect "Trojan.StreamStealer.GSGO" is a threat??
thanks lot
great to know you are out there
neil
-
Treed,
thanks for the reassurance
I thought it looked OK, I am amazed that Fedex could not loom at their own link and confirm they'd sent it.
Anyhoo this whole thing has got me thinning more seriously about my online security so something good came out of it.
thanks man
-
Hi Alvarnell
thanks for your help, I am very grateful
I have searched again and the only BBC post I can find now is here: https://www.bbc.co.uk/news/technology-49165946
my Mac OSX is up to date within High Sierra 10.12x, of course Apple are beyond OSX 10.13 now - so I can't instal the latest version of OSX.
I could get nothing from Fedex about this message, in the end I received another from the same number that did include a tracking number and later a parcel, so they seem like a bunch of idiots given their support could not recognise the ref number accessed via the original message.
thanks lots
-
HI
I am learning why it is vital to have Malwarebytes on a mac - but I have a question please
some background:
The UK BBC has reported an iMessage hack and suggests user update macs to the latest OSX 10.13, I am not in a position to do that, using 10.13.6.
I received this iMessage supposedly from Fedex,
Your FedEx package is due for delivery by 02/09. To reschedule, go to [link removed] before 23:59. To opt out, reply STOP
it took me to a very convincing looking 'Fedex' website website where I had to add my postcode to "log in", then that shows a package ID number, which Fedex do not recognise.
Their interest in this issue seems rather minimal. Perhaps mistakenly I presumed that an address starting with "https://www.fedex.com" was guaranteed to be OK, but maybe not? Fedex don't seem interested in confirming one way or the other. Going to that shortened link for sure looks like Fedex (and almost the same as the one above just with some info pre filed in on the form) , but who knows.
First Fedex replied:
"Dear Mr. Barstow,
Regrettably, your email did not provide the FedEx tracking number used for the shipment
Despite our efforts to locate it we have been unsuccessful. We would like to review this further for you, but in order to do so, we would need the FedEx tracking number used, the date the package was tendered to FedEx, and the shipper's and recipient's name and full address.
It would be helpful if you could also confirm if the package has been sent from an International location or shipped within the UK.
Should you require any further assistance please do not hesitate to contact me or our Customer Relations Team. "
I replied:
"Hithis really is Catch 22, I seem to be in an inescapable corner!I didn't know someone was sending me something via Fedex, either UK or international?[however I do have a parcel coming from the USA on USPS, but they don't use FedEx for international - do they?]What started this all off was that I received an SMS text message, so there MUST be a shipment!the message:Your FedEx package is due for delivery by 02/09. To reschedule, go to [link removed] before 23:59. To opt out, reply STOPI don't know where the shipment is coming from, that’s what I was trying to find out by using the "unique shipment code" produced in your web interface [by clicking that link], surely that must link to the shipment in your system because i am offered the opportunity toWhy your programmers didn't use the standard tracking number there escapes mecan you help please?"then, later:" Thank you for your email and bringing this to my attention.
I can assure you that this email has not been generated by FedEx or any of our subsidiaries.I would suggest you do not open any attachment, delete the email and run an anti-virus scan. Our security department is currently working with various agencies to combat any fraudulent activity that implicates FedEx and its logo. If you receive any further emails of this nature please forward them to abuse@fedex.com.
Once again, thank you for taking the time to alert us to this matter."
as it wasn’t an email and nothing about the web address being OK or not I am still concerned.]
I ran malwarebytes, it came up with "clean", that's a relief - theres nothing in the Library/Application Support/Malwarebytes/MBAM/quarantine folder, so I guess nothing was found?
so my question (at last)
Am I safe?
Would Malwarebytes relaibly find the mac 'iMessages' malware? How fast do you guys keep up with these threats?
thanks so much, what a fab app you made
-
Hi,
I am using Malwarebytes v 3.1.1.505 (check for updates tells me that’s latest) on Mac OSX 10.12.6.
I am seeing a request to buy/subscribe or be downgraded to "free" and lose "real time protection"
I also see the "Updates are Not Current" warning - is not subscribing yet my problem? no more updates 'til I buy the application?
when I click on "check for updates" the control panel flashes and then the warning re-appears.
I've read these posts and a previous thread but nothing is shining a light on my issue -
- The suggested "MB clean" appears to be an exe, so I guess that’s windows only process
- I reset the Macs clock, well to be accurate I switched off "set date and time automatically", changed the time manually and then reactivated "set date and time automatically". The time seems to be correct.
I'd really appreciate any tips please.
thanks
-
Hi
I have been ruining Malwarebytes a while on my mac, thanks for l making it available. Definitely provides an air of security.
Today I saw this error message from "Little Snitch" about the RTProtectionDaemon and an issue with the process code signature [screenshot attached]:
I could not find any info about this here, but google did provide some info on other forums. Nothing definitive though.
Do you need a system snapshot? this seems like an error outside my mac? I read this text on your site about system snapshots,
but when I look at the malwarebytes item in the menubar there is no option to "Take System Snapshot" [see second screenshot]
So, I opened malwarebytes - but there seems to be no option to take a system snapshot there either:
Include a system snapshot taken with Malwarebytes Anti-Malware for Mac on the affected system
- Choose Take System Snapshot from the Scanner menu, in the menu bar at the top of the screen
- When the snapshot window opens, choose Select All from the Edit menu, copy the selected text
- Paste the copied snapshot into your post here
I hope this is sufficient info. Now that Little Snitch has blocked the RTProtectionDaemon I guess malwarebytes cant work properly?
Little Snitch tells me "On 15 Feb 2018, RTProtectionDaemon tried to establish a connection to sirius.mwbsys.com. The request was denied via connection alert."
thanks for your help
With my regards
-
treed,
thanks
looks like I have some work to do
n
-
Hi treed, thanks for this,
I ran a scan just before doing this report.
I also attached a screenshot of the Avast warning I keep seeing
my reading of that is something in Chrome is trying to install the Spigot ADW extension but, hey, I don't know much
Malwarebytes Anti-Malware 1.2.6.730 system report - 15 March 2017 14:46:27 GMT
Mac OS X version Version 10.10.5 (Build 14F2315)
System uptime: 8d 01:21:46
Helper tool version: 1.2.6.730
Signatures version: 172
Safari extensions
-----------------------
neil
neil
Name: 1Password
Path: /Users/neil/Library/Safari/Extensions/1Password.safariextz
Modified: 2017-02-15 10:02:10 +0000
Name: Clip to DEVONthink
Path: /Users/neil/Library/Safari/Extensions/Clip to DEVONthink.safariextz
Modified: 2015-07-29 16:28:22 +0000
Name: Save to Pocket
Path: /Users/neil/Library/Safari/Extensions/Save to Pocket.safariextz
Modified: 2015-11-09 15:52:47 +0000
Name: Avast Online Security
Path: /Users/neil/Library/Safari/Extensions/wrc.safariextz
Modified: 2015-04-05 18:27:39 +0000
Chrome extensions
-----------------------
neil
Default
Name: Google Slides
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek
Modified: 2017-03-10 17:50:46 +0000
Name: BIODIGITAL HUMAN
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/agoenciogemlojlhccbcpcfflicgnaak
Modified: 2017-03-10 17:52:55 +0000
Name: Google Docs
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake
Modified: 2017-03-10 17:51:08 +0000
Name: 1Password: Password Manager and Secure Wallet
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aomjjhallfgjeglblehebfpbcfeobpgk
Modified: 2017-03-10 17:52:54 +0000
Name: Google Drive
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf
Modified: 2017-03-10 17:51:08 +0000
Name: YouTube
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo
Modified: 2017-03-10 17:51:08 +0000
Name: http://goo.gl/7Kjxu
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/cflbkoephoheejkaalghgahfjmjolhgh
Modified: 2017-03-10 17:52:47 +0000
Name: Gmail Offline
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk
Modified: 2017-03-10 17:52:55 +0000
Name: Google Sheets
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap
Modified: 2017-03-10 17:50:44 +0000
Name: Office Editing for Docs, Sheets & Slides
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gbkeegbaiigmenfmjfclcdgdpimamgkj
Modified: 2017-03-10 17:52:53 +0000
Name: Google Docs Offline
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi
Modified: 2017-03-10 17:50:44 +0000
Name: Avast Online Security
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gomekmidlodglbbmalcneegieacbdmki
Modified: 2017-03-10 17:50:48 +0000
Name: Ghostery
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/mlomiejdfkolichcflejclcbmpeaniij
Modified: 2017-03-10 17:52:54 +0000
Name: Save to Pocket
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj
Modified: 2017-03-14 23:02:07 +0000
Name: RSS Subscription Extension (by Google)
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nlbjncdgjeocebhnmkbbbdekmmmcbfjd
Modified: 2017-03-10 17:52:57 +0000
Name: Chrome Web Store Payments
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda
Modified: 2017-03-10 17:50:43 +0000
Name: Gmail
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia
Modified: 2017-03-10 17:51:08 +0000
Name: Clip to DEVONthink
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjoafdokmbmkpolhcnmnkgaicbajigcc
Modified: 2017-03-10 17:52:53 +0000
Name: Chrome Media Router
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm
Modified: 2017-03-10 17:50:45 +0000
Name:
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/Temp
Modified: 2017-03-14 23:02:08 +0000
Chrome
Name: [unknown Chrome extension format]
Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/external_extensions.json
Modified: 2013-03-19 12:22:27 +0000
Name: [unknown Chrome extension format]
Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/gomekmidlodglbbmalcneegieacbdmki.json
Modified: 2015-12-18 16:37:13 +0000
Firefox extensions
-----------------------
neil
75n4zhh6.default
Name: 1Password
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/onepassword4@agilebits.com.xpi
Modified: 2017-02-10 20:03:24 +0000
Name: Avast Online Security
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/wrc@avast.com.xpi
Modified: 2015-12-18 16:37:14 +0000
Name: EPUBReader
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{5384767E-00D9-40E9-B72F-9CC39D655D6F}
Modified: 2017-02-12 19:09:15 +0000
Name: Video DownloadHelper
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Modified: 2017-02-10 20:03:26 +0000
User Login Items
-----------------------
User: neil
Name: Flux
Path: /Applications/Flux.app
Name: ChronoSync Scheduler
Path: /Applications/ChronoSync.app/Contents/Library/LoginItems/ChronoSync Scheduler.app
Name: Macs Fan Control
Path: /Applications/Macs Fan Control.app
Name: iTunesHelper
Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Name: AdobeResourceSynchronizer
Path: /Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app
Name: ChronoSync
Path: /Applications/ChronoSync.app
Name: SMARTReporter
Path: /Applications/SMARTReporter/SMARTReporter.app
Name: Typinator
Path: /Applications/Typinator.app
Name: KeyCue
Path: /Applications/KeyCue.app
Name: PopChar
Path: /Applications/PopChar.app
Name: Dropbox
Path: /Applications/Dropbox.app
Name: Default Folder X
Path: /Applications/Default Folder X.app
Name: i1ProfilerTray
Path: /Applications/i1Profiler/i1ProfilerTray.app
Name: StretchWare Controller
Path: /Library/Application Support/Stretchware Controller.app
Name: DEVONthink Sorter
Path: /Applications/DEVONthink Pro298.app/Contents/PlugIns/SorterPlugin.bundle/Contents/MacOS/DEVONthink Sorter.app
System startup items
-----------------------
/Library/StartupItems/CSPServer
/Library/StartupItems/CSPStartService
/Library/StartupItems/ProTec6b
User launch agents
-----------------------
/Users/neil/Library/LaunchAgents/.DS_Store
/Users/neil/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.2fb951a3e452587cd5063eae0b2acfc945704ab94bfa753dc717073c.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.340705c52d34eece5246c291634d82a64671f6760541ccdaa681f58f.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.65c5828f42d209bbea6e1a2b1653374a5579cd7545b886457d2d094f.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.9a2b6c451f02d418f088afa4a0d2da0bc52175383a2bc11189215ec6.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.ad895013aeb33ea6e968d9fdc06c0eb42c7c2a5229d98d64ad002716.plist
/Users/neil/Library/LaunchAgents/com.amazon.music.plist
/Users/neil/Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist
/Users/neil/Library/LaunchAgents/com.avast.home.userinit.plist
/Users/neil/Library/LaunchAgents/com.avast.secureline.home.userinit.plist
/Users/neil/Library/LaunchAgents/com.backblaze.bzbmenu.plist
/Users/neil/Library/LaunchAgents/com.barebones.weathercal-agent.plist
/Users/neil/Library/LaunchAgents/com.c-command.SpamSieve.LaunchAgent.plist
/Users/neil/Library/LaunchAgents/com.citrixonline.GoToMeeting.G2MUpdate.plist
/Users/neil/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist
/Users/neil/Library/LaunchAgents/com.google.Chrome.framework.plist
/Users/neil/Library/LaunchAgents/ws.agile.1PasswordAgent.plist
System launch agents
-----------------------
/Library/LaunchAgents/at.obdev.LittleSnitchUIAgent.plist
/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
/Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist
/Library/LaunchAgents/com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist
/Library/LaunchAgents/com.avast.secureline.update-agent.plist
/Library/LaunchAgents/com.avast.secureline.userinit.plist
/Library/LaunchAgents/com.avast.update-agent.plist
/Library/LaunchAgents/com.avast.userinit.plist
/Library/LaunchAgents/com.epson.epw.agent.plist
/Library/LaunchAgents/com.google.keystone.agent.plist
/Library/LaunchAgents/com.hp.StatusMonitor.plist
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
/Library/LaunchAgents/com.softraid.SoftRAIDMonitor.plist
/Library/LaunchAgents/com.teamviewer.teamviewer.plist
/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist
/Library/LaunchAgents/com.trusteer.rapport.rapportd.plist
/Library/LaunchAgents/com.wacom.wacomtablet.plist
/Library/LaunchAgents/com.xrite.device.softwareupdate.plist
/Library/LaunchAgents/net.culater.SIMBL.Agent.plist
System launch daemons
-----------------------
/Library/LaunchDaemons/at.obdev.littlesnitchd.plist
/Library/LaunchDaemons/com.adobe.adobeupdatedaemon.plist
/Library/LaunchDaemons/com.adobe.agsservice.plist
/Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist
/Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist
/Library/LaunchDaemons/com.adobe.fpsaud.plist
/Library/LaunchDaemons/com.adobe.SwitchBoard.plist
/Library/LaunchDaemons/com.adobe.versioncueCS3.plist
/Library/LaunchDaemons/com.aladdin.aksusbd.plist
/Library/LaunchDaemons/com.aladdin.hasplmd.plist
/Library/LaunchDaemons/com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist
/Library/LaunchDaemons/com.avast.init.plist
/Library/LaunchDaemons/com.avast.secureline.init.plist
/Library/LaunchDaemons/com.avast.secureline.uninstall.plist
/Library/LaunchDaemons/com.avast.secureline.update.plist
/Library/LaunchDaemons/com.avast.uninstall.plist
/Library/LaunchDaemons/com.avast.update.plist
/Library/LaunchDaemons/com.backblaze.bzserv.plist
/Library/LaunchDaemons/com.barebones.bbedit.plist
/Library/LaunchDaemons/com.colorburstrip.ColorBurst-Overdrive.plist
/Library/LaunchDaemons/com.colorburstrip.lpd.plist
/Library/LaunchDaemons/com.dymo.pnpd.plist
/Library/LaunchDaemons/com.econtechnologies.ChronoAgentRemote.plist
/Library/LaunchDaemons/com.google.keystone.daemon.plist
/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist
/Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
/Library/LaunchDaemons/com.rogueamoeba.instanton-agent.plist
/Library/LaunchDaemons/com.softraid.softraidd.plist
/Library/LaunchDaemons/com.stclairsoft.AppTamerAgent.plist
/Library/LaunchDaemons/com.teamviewer.Helper.plist
/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist
/Library/LaunchDaemons/com.trusteer.rooks.rooksd.plist
/Library/LaunchDaemons/com.xrite.device.xrdd.plist
Kernel extensions
-----------------------
/System/Library/Extensions/basICColorDISCUS.kext
/System/Library/Extensions/DymoUsbPrinterClassDriver.kext
/System/Library/Extensions/hp_designjet_series.kext
/System/Library/Extensions/JMicronATA.kext
/System/Library/Extensions/KeyspanUSAdriver.kext
/System/Library/Extensions/SiLabsUSBDriver.kext
/System/Library/Extensions/SiLabsUSBDriver64.kext
/System/Library/Extensions/UsbEthernetGadget.kext
/System/Library/Extensions/Wacom Tablet.kext
/Library/Extensions/ACS6x.kext
/Library/Extensions/AmbrosiaAudioSupport.kext
/Library/Extensions/ArcMSR.kext
/Library/Extensions/ATTOCelerityFC8.kext
/Library/Extensions/ATTOExpressSASHBA2.kext
/Library/Extensions/ATTOExpressSASRAID2.kext
/Library/Extensions/basICColorDISCUS.kext
/Library/Extensions/BJUSBLoad.kext
/Library/Extensions/CalDigitHDProDrv.kext
/Library/Extensions/CIJUSBLoad.kext
/Library/Extensions/EPSONUSBPrintClass.kext
/Library/Extensions/FTDIKext.kext
/Library/Extensions/HighPointIOP.kext
/Library/Extensions/HighPointRR.kext
/Library/Extensions/hp_designjet_series.kext
/Library/Extensions/hp_io_enabler_compound.kext
/Library/Extensions/iCColor.kext
/Library/Extensions/LittleSnitch.kext
/Library/Extensions/PromiseSTEX.kext
/Library/Extensions/SoftRAID.kext
launchd.conf contents
-----------------------
Hosts file
-----------------------
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Scan log
-----------------------
2017-03-07 12:54:22 :
2017-03-07 12:54:22 : ----- Scan Started -----
2017-03-07 12:54:22 : Scanning with signatures version 171 (2017-2-23)
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hjalolmjgklbjgaomjjofphdjnajmnim.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/icdlfehblmklkikfigmjhbmmpmkmpooj.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/mhkaekfpcppmmioggniknbnbdbcigpkk.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/pfndaklgolladniicklehhancnlgocpp.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saamazon@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saebay@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/savingsslider@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/searchme@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot
2017-03-07 12:58:49 : *** Scan time: 0d 00:04:26 ***
2017-03-07 12:58:49 : ------ Scan Ended ------
2017-03-07 13:02:29 : Removing detected threats...
2017-03-07 13:02:29 : Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing Item: /Users/neil/Library/Application Support/Spigot
2017-03-07 13:02:31 : ---- Threat Removal Complete ----
2017-03-08 14:37:20 :
2017-03-08 14:37:20 : ----- Scan Started -----
2017-03-08 14:37:21 : Scanning with signatures version 171 (2017-2-23)
2017-03-08 14:37:21 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp
2017-03-08 14:41:19 : *** Scan time: 0d 00:03:58 ***
2017-03-08 14:41:19 : ------ Scan Ended ------
2017-03-08 14:43:45 : Removing detected threats...
2017-03-08 14:43:45 : Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp
2017-03-08 14:43:45 : ---- Threat Removal Complete ----
2017-03-08 14:44:24 :
2017-03-08 14:44:26 : ----- Scan Started -----
2017-03-08 14:44:26 : Scanning with signatures version 171 (2017-2-23)
2017-03-08 14:49:42 : *** Scan time: 0d 00:05:16 ***
2017-03-08 14:49:42 : ------ Scan Ended ------
2017-03-10 11:16:16 :
2017-03-10 11:16:17 : ----- Scan Started -----
2017-03-10 11:16:17 : Scanning with signatures version 172 (2017-3-9)
2017-03-10 11:20:21 : *** Scan time: 0d 00:04:04 ***
2017-03-10 11:20:21 : ------ Scan Ended ------
2017-03-10 14:44:36 :
2017-03-10 14:44:37 : ----- Scan Started -----
2017-03-10 14:44:37 : Scanning with signatures version 172 (2017-3-9)
2017-03-10 14:48:28 : *** Scan time: 0d 00:03:51 ***
2017-03-10 14:48:28 : ------ Scan Ended ------
2017-03-10 15:40:32 :
2017-03-10 15:40:32 : ----- Scan Started -----
2017-03-10 15:40:32 : Scanning with signatures version 172 (2017-3-9)
2017-03-10 15:44:25 : *** Scan time: 0d 00:03:53 ***
2017-03-10 15:44:25 : ------ Scan Ended ------
2017-03-15 14:41:25 :
2017-03-15 14:41:25 : ----- Scan Started -----
2017-03-15 14:41:25 : Scanning with signatures version 172 (2017-3-9)
2017-03-15 14:46:15 : *** Scan time: 0d 00:04:49 ***
2017-03-15 14:46:15 : ------ Scan Ended ------
Malwarebytes Anti-Malware 1.2.6.730 system report - 15 March 2017 14:46:27 GMT
Mac OS X version Version 10.10.5 (Build 14F2315)
System uptime: 8d 01:21:46
Helper tool version: 1.2.6.730
Signatures version: 172
Safari extensions
-----------------------
neil
neil
Name: 1Password
Path: /Users/neil/Library/Safari/Extensions/1Password.safariextz
Modified: 2017-02-15 10:02:10 +0000
Name: Clip to DEVONthink
Path: /Users/neil/Library/Safari/Extensions/Clip to DEVONthink.safariextz
Modified: 2015-07-29 16:28:22 +0000
Name: Save to Pocket
Path: /Users/neil/Library/Safari/Extensions/Save to Pocket.safariextz
Modified: 2015-11-09 15:52:47 +0000
Name: Avast Online Security
Path: /Users/neil/Library/Safari/Extensions/wrc.safariextz
Modified: 2015-04-05 18:27:39 +0000
Chrome extensions
-----------------------
neil
Default
Name: Google Slides
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek
Modified: 2017-03-10 17:50:46 +0000
Name: BIODIGITAL HUMAN
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/agoenciogemlojlhccbcpcfflicgnaak
Modified: 2017-03-10 17:52:55 +0000
Name: Google Docs
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake
Modified: 2017-03-10 17:51:08 +0000
Name: 1Password: Password Manager and Secure Wallet
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aomjjhallfgjeglblehebfpbcfeobpgk
Modified: 2017-03-10 17:52:54 +0000
Name: Google Drive
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf
Modified: 2017-03-10 17:51:08 +0000
Name: YouTube
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo
Modified: 2017-03-10 17:51:08 +0000
Name: http://goo.gl/7Kjxu
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/cflbkoephoheejkaalghgahfjmjolhgh
Modified: 2017-03-10 17:52:47 +0000
Name: Gmail Offline
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk
Modified: 2017-03-10 17:52:55 +0000
Name: Google Sheets
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap
Modified: 2017-03-10 17:50:44 +0000
Name: Office Editing for Docs, Sheets & Slides
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gbkeegbaiigmenfmjfclcdgdpimamgkj
Modified: 2017-03-10 17:52:53 +0000
Name: Google Docs Offline
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi
Modified: 2017-03-10 17:50:44 +0000
Name: Avast Online Security
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gomekmidlodglbbmalcneegieacbdmki
Modified: 2017-03-10 17:50:48 +0000
Name: Ghostery
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/mlomiejdfkolichcflejclcbmpeaniij
Modified: 2017-03-10 17:52:54 +0000
Name: Save to Pocket
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj
Modified: 2017-03-14 23:02:07 +0000
Name: RSS Subscription Extension (by Google)
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nlbjncdgjeocebhnmkbbbdekmmmcbfjd
Modified: 2017-03-10 17:52:57 +0000
Name: Chrome Web Store Payments
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda
Modified: 2017-03-10 17:50:43 +0000
Name: Gmail
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia
Modified: 2017-03-10 17:51:08 +0000
Name: Clip to DEVONthink
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjoafdokmbmkpolhcnmnkgaicbajigcc
Modified: 2017-03-10 17:52:53 +0000
Name: Chrome Media Router
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm
Modified: 2017-03-10 17:50:45 +0000
Name:
Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/Temp
Modified: 2017-03-14 23:02:08 +0000
Chrome
Name: [unknown Chrome extension format]
Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/external_extensions.json
Modified: 2013-03-19 12:22:27 +0000
Name: [unknown Chrome extension format]
Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/gomekmidlodglbbmalcneegieacbdmki.json
Modified: 2015-12-18 16:37:13 +0000
Firefox extensions
-----------------------
neil
75n4zhh6.default
Name: 1Password
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/onepassword4@agilebits.com.xpi
Modified: 2017-02-10 20:03:24 +0000
Name: Avast Online Security
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/wrc@avast.com.xpi
Modified: 2015-12-18 16:37:14 +0000
Name: EPUBReader
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{5384767E-00D9-40E9-B72F-9CC39D655D6F}
Modified: 2017-02-12 19:09:15 +0000
Name: Video DownloadHelper
Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
Modified: 2017-02-10 20:03:26 +0000
User Login Items
-----------------------
User: neil
Name: Flux
Path: /Applications/Flux.app
Name: ChronoSync Scheduler
Path: /Applications/ChronoSync.app/Contents/Library/LoginItems/ChronoSync Scheduler.app
Name: Macs Fan Control
Path: /Applications/Macs Fan Control.app
Name: iTunesHelper
Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app
Name: AdobeResourceSynchronizer
Path: /Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app
Name: ChronoSync
Path: /Applications/ChronoSync.app
Name: SMARTReporter
Path: /Applications/SMARTReporter/SMARTReporter.app
Name: Typinator
Path: /Applications/Typinator.app
Name: KeyCue
Path: /Applications/KeyCue.app
Name: PopChar
Path: /Applications/PopChar.app
Name: Dropbox
Path: /Applications/Dropbox.app
Name: Default Folder X
Path: /Applications/Default Folder X.app
Name: i1ProfilerTray
Path: /Applications/i1Profiler/i1ProfilerTray.app
Name: StretchWare Controller
Path: /Library/Application Support/Stretchware Controller.app
Name: DEVONthink Sorter
Path: /Applications/DEVONthink Pro298.app/Contents/PlugIns/SorterPlugin.bundle/Contents/MacOS/DEVONthink Sorter.app
System startup items
-----------------------
/Library/StartupItems/CSPServer
/Library/StartupItems/CSPStartService
/Library/StartupItems/ProTec6b
User launch agents
-----------------------
/Users/neil/Library/LaunchAgents/.DS_Store
/Users/neil/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.2fb951a3e452587cd5063eae0b2acfc945704ab94bfa753dc717073c.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.340705c52d34eece5246c291634d82a64671f6760541ccdaa681f58f.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.65c5828f42d209bbea6e1a2b1653374a5579cd7545b886457d2d094f.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.9a2b6c451f02d418f088afa4a0d2da0bc52175383a2bc11189215ec6.plist
/Users/neil/Library/LaunchAgents/com.adobe.ARM.ad895013aeb33ea6e968d9fdc06c0eb42c7c2a5229d98d64ad002716.plist
/Users/neil/Library/LaunchAgents/com.amazon.music.plist
/Users/neil/Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist
/Users/neil/Library/LaunchAgents/com.avast.home.userinit.plist
/Users/neil/Library/LaunchAgents/com.avast.secureline.home.userinit.plist
/Users/neil/Library/LaunchAgents/com.backblaze.bzbmenu.plist
/Users/neil/Library/LaunchAgents/com.barebones.weathercal-agent.plist
/Users/neil/Library/LaunchAgents/com.c-command.SpamSieve.LaunchAgent.plist
/Users/neil/Library/LaunchAgents/com.citrixonline.GoToMeeting.G2MUpdate.plist
/Users/neil/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist
/Users/neil/Library/LaunchAgents/com.google.Chrome.framework.plist
/Users/neil/Library/LaunchAgents/ws.agile.1PasswordAgent.plist
System launch agents
-----------------------
/Library/LaunchAgents/at.obdev.LittleSnitchUIAgent.plist
/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist
/Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist
/Library/LaunchAgents/com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist
/Library/LaunchAgents/com.avast.secureline.update-agent.plist
/Library/LaunchAgents/com.avast.secureline.userinit.plist
/Library/LaunchAgents/com.avast.update-agent.plist
/Library/LaunchAgents/com.avast.userinit.plist
/Library/LaunchAgents/com.epson.epw.agent.plist
/Library/LaunchAgents/com.google.keystone.agent.plist
/Library/LaunchAgents/com.hp.StatusMonitor.plist
/Library/LaunchAgents/com.oracle.java.Java-Updater.plist
/Library/LaunchAgents/com.softraid.SoftRAIDMonitor.plist
/Library/LaunchAgents/com.teamviewer.teamviewer.plist
/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist
/Library/LaunchAgents/com.trusteer.rapport.rapportd.plist
/Library/LaunchAgents/com.wacom.wacomtablet.plist
/Library/LaunchAgents/com.xrite.device.softwareupdate.plist
/Library/LaunchAgents/net.culater.SIMBL.Agent.plist
System launch daemons
-----------------------
/Library/LaunchDaemons/at.obdev.littlesnitchd.plist
/Library/LaunchDaemons/com.adobe.adobeupdatedaemon.plist
/Library/LaunchDaemons/com.adobe.agsservice.plist
/Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist
/Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist
/Library/LaunchDaemons/com.adobe.fpsaud.plist
/Library/LaunchDaemons/com.adobe.SwitchBoard.plist
/Library/LaunchDaemons/com.adobe.versioncueCS3.plist
/Library/LaunchDaemons/com.aladdin.aksusbd.plist
/Library/LaunchDaemons/com.aladdin.hasplmd.plist
/Library/LaunchDaemons/com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist
/Library/LaunchDaemons/com.avast.init.plist
/Library/LaunchDaemons/com.avast.secureline.init.plist
/Library/LaunchDaemons/com.avast.secureline.uninstall.plist
/Library/LaunchDaemons/com.avast.secureline.update.plist
/Library/LaunchDaemons/com.avast.uninstall.plist
/Library/LaunchDaemons/com.avast.update.plist
/Library/LaunchDaemons/com.backblaze.bzserv.plist
/Library/LaunchDaemons/com.barebones.bbedit.plist
/Library/LaunchDaemons/com.colorburstrip.ColorBurst-Overdrive.plist
/Library/LaunchDaemons/com.colorburstrip.lpd.plist
/Library/LaunchDaemons/com.dymo.pnpd.plist
/Library/LaunchDaemons/com.econtechnologies.ChronoAgentRemote.plist
/Library/LaunchDaemons/com.google.keystone.daemon.plist
/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist
/Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist
/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
/Library/LaunchDaemons/com.rogueamoeba.instanton-agent.plist
/Library/LaunchDaemons/com.softraid.softraidd.plist
/Library/LaunchDaemons/com.stclairsoft.AppTamerAgent.plist
/Library/LaunchDaemons/com.teamviewer.Helper.plist
/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist
/Library/LaunchDaemons/com.trusteer.rooks.rooksd.plist
/Library/LaunchDaemons/com.xrite.device.xrdd.plist
Kernel extensions
-----------------------
/System/Library/Extensions/basICColorDISCUS.kext
/System/Library/Extensions/DymoUsbPrinterClassDriver.kext
/System/Library/Extensions/hp_designjet_series.kext
/System/Library/Extensions/JMicronATA.kext
/System/Library/Extensions/KeyspanUSAdriver.kext
/System/Library/Extensions/SiLabsUSBDriver.kext
/System/Library/Extensions/SiLabsUSBDriver64.kext
/System/Library/Extensions/UsbEthernetGadget.kext
/System/Library/Extensions/Wacom Tablet.kext
/Library/Extensions/ACS6x.kext
/Library/Extensions/AmbrosiaAudioSupport.kext
/Library/Extensions/ArcMSR.kext
/Library/Extensions/ATTOCelerityFC8.kext
/Library/Extensions/ATTOExpressSASHBA2.kext
/Library/Extensions/ATTOExpressSASRAID2.kext
/Library/Extensions/basICColorDISCUS.kext
/Library/Extensions/BJUSBLoad.kext
/Library/Extensions/CalDigitHDProDrv.kext
/Library/Extensions/CIJUSBLoad.kext
/Library/Extensions/EPSONUSBPrintClass.kext
/Library/Extensions/FTDIKext.kext
/Library/Extensions/HighPointIOP.kext
/Library/Extensions/HighPointRR.kext
/Library/Extensions/hp_designjet_series.kext
/Library/Extensions/hp_io_enabler_compound.kext
/Library/Extensions/iCColor.kext
/Library/Extensions/LittleSnitch.kext
/Library/Extensions/PromiseSTEX.kext
/Library/Extensions/SoftRAID.kext
launchd.conf contents
-----------------------
Hosts file
-----------------------
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
Scan log
-----------------------
2017-03-07 12:54:22 :
2017-03-07 12:54:22 : ----- Scan Started -----
2017-03-07 12:54:22 : Scanning with signatures version 171 (2017-2-23)
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hjalolmjgklbjgaomjjofphdjnajmnim.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/icdlfehblmklkikfigmjhbmmpmkmpooj.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/mhkaekfpcppmmioggniknbnbdbcigpkk.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/pfndaklgolladniicklehhancnlgocpp.json
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saamazon@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saebay@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/savingsslider@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/searchme@mybrowserbar.com.xpi
2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot
2017-03-07 12:58:49 : *** Scan time: 0d 00:04:26 ***
2017-03-07 12:58:49 : ------ Scan Ended ------
2017-03-07 13:02:29 : Removing detected threats...
2017-03-07 13:02:29 : Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:29 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:30 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx
2017-03-07 13:02:31 : Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx
2017-03-07 13:02:31 : Removing Item: /Users/neil/Library/Application Support/Spigot
2017-03-07 13:02:31 : ---- Threat Removal Complete ----
2017-03-08 14:37:20 :
2017-03-08 14:37:20 : ----- Scan Started -----
2017-03-08 14:37:21 : Scanning with signatures version 171 (2017-2-23)
2017-03-08 14:37:21 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp
2017-03-08 14:41:19 : *** Scan time: 0d 00:03:58 ***
2017-03-08 14:41:19 : ------ Scan Ended ------
2017-03-08 14:43:45 : Removing detected threats...
2017-03-08 14:43:45 : Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp
2017-03-08 14:43:45 : ---- Threat Removal Complete ----
2017-03-08 14:44:24 :
2017-03-08 14:44:26 : ----- Scan Started -----
2017-03-08 14:44:26 : Scanning with signatures version 171 (2017-2-23)
2017-03-08 14:49:42 : *** Scan time: 0d 00:05:16 ***
2017-03-08 14:49:42 : ------ Scan Ended ------
2017-03-10 11:16:16 :
2017-03-10 11:16:17 : ----- Scan Started -----
2017-03-10 11:16:17 : Scanning with signatures version 172 (2017-3-9)
2017-03-10 11:20:21 : *** Scan time: 0d 00:04:04 ***
2017-03-10 11:20:21 : ------ Scan Ended ------
2017-03-10 14:44:36 :
2017-03-10 14:44:37 : ----- Scan Started -----
2017-03-10 14:44:37 : Scanning with signatures version 172 (2017-3-9)
2017-03-10 14:48:28 : *** Scan time: 0d 00:03:51 ***
2017-03-10 14:48:28 : ------ Scan Ended ------
2017-03-10 15:40:32 :
2017-03-10 15:40:32 : ----- Scan Started -----
2017-03-10 15:40:32 : Scanning with signatures version 172 (2017-3-9)
2017-03-10 15:44:25 : *** Scan time: 0d 00:03:53 ***
2017-03-10 15:44:25 : ------ Scan Ended ------
2017-03-15 14:41:25 :
2017-03-15 14:41:25 : ----- Scan Started -----
2017-03-15 14:41:25 : Scanning with signatures version 172 (2017-3-9)
2017-03-15 14:46:15 : *** Scan time: 0d 00:04:49 ***
2017-03-15 14:46:15 : ------ Scan Ended ------
-
Hey Treed,
thanks, I tired that earlier but it didn't help.
good of you to suggest it tho
neil
-
Hi treed,
thanks for helping,
I followed all the steps you outlined,
then quit chrome
as soon as google chrome was reopened I got 6 malware notices from Avast, all the same:-
Avast Web shield has blocked a threat
Infection: Mac OS:Spigot-X [Adw]
URL: htxp://update2.mybrowserbar.com/update/wt/gc/errorassistant/ErrorAssistant_1.7_0.crx
File: background.js
Process: /Applications/Google Chroms.app/Contents/MacOS/Gnext I looked in extensions and saw that an Amazon Spigot extension had been installed, so I deleted it
I just have "save to pocket" and "1password" chrome extensions activated now.
now i go to look at search engines and i see that some have been reinstalled (by restarting chrome i guess)
yahoo, bing, ask jeeves, google is still the default
in "other search engines" groupon has appeared also
now I open malwarebytes and run a search - I get did not find any threats
I would love to know why Avast is giving me those errors, also how the amazon spigot extension got reinstalled, maybe restering chrome does that!
I imagine this is irrelevant but in the spirit of full disclosure - I've been having other issues with chrome too, it's asking me if I'd like to save passwords but not saving them or showing any in its list - even though synced. On other hardware and online at google there are lots of saved passwords - all are synced between devices, phone ipad etc I believe. Because of this and advice from the google forum i installed chrome canary. I've tried it occasionally but as it's not improved the passowrd situation, I've not been using it. However it was about that time that the damned Avast spigot warnings started.
how frustrating
-
Hi,
thanks lots for Malwarebytes, it did find a Spigot component one time [great] but now is finding nothing,
unfortunately, despite that, I see this dialog box appearing
google chrome Version 56.0.2924.87 (64-bit) on Mac OSX, Avast is reporting (every few minutes):
"Infection Blocked:
Avast Web shield has blocked a threat
Infection: Mac OS:Spigot-X [Adw]
URL: htxp://update2.mybrowserbar.com/update/wt/gc/errorassistant/ErrorAssistant_1.7_0.crx
File: background.js
Process: /Applications/Google Chroms.app/Contents/MacOS/Google Chrome""On advice from the Avast forum, I have deleted any adware / amazon / ebay extensions from Chrome
also I removed all search engines other than google
the google chrome cleanup tool is Win only unfortunately
can anyone help please?
thanks so much
neilb
Updates are not current
in Mac Malware Removal Help & Support
Posted
Hi adas, Hi alvarnell,
thanks so much
adas: that connections list a was super useful
I found a rule in Little Snitch (from 2018) which was disallowing connections to: RTProtectiondaemon
strange that it had not previously prevented updates!
my "reports" tab looks good - it now states: updates: protection updated to 4.0.424
lovely, such great support from you guys
neilB