Jump to content

Avast is reporting blocking: Mac OS:Spigot-X [Adw]


Recommended Posts

Hi,

thanks lots for Malwarebytes, it did find a Spigot component one time [great] but now is finding nothing,

unfortunately, despite that, I see this dialog box appearing

google chrome Version 56.0.2924.87 (64-bit) on Mac OSX, Avast is reporting (every few minutes):

"Infection Blocked:

Avast Web shield has blocked a threat
Infection: Mac OS:Spigot-X [Adw]
URL: htxp://update2.mybrowserbar.com/update/wt/gc/errorassistant/ErrorAssistant_1.7_0.crx
File: background.js
Process: /Applications/Google Chroms.app/Contents/MacOS/Google Chrome"
"

On advice from the Avast forum, I have deleted any adware / amazon / ebay extensions from Chrome

also I removed all search engines other than google

the google chrome cleanup tool is Win only unfortunately

 

can anyone help please?

thanks so much

neilb

Link to post
Share on other sites

  • Staff

There's probably still something in Chrome's settings somewhere that is still trying to load Spigot content.

First, make sure that you have fixed Chrome's home page and search engine settings:

https://support.malwarebytes.com/customer/portal/articles/2045716-?b_id=9511

If that doesn't fix the problem, try resetting Chrome's settings. Open Chrome's preferences, then scroll down and click the "Show advanced settings" link. Then scroll down again and click the "Reset settings" button.

Link to post
Share on other sites

Hi treed,

thanks for helping,

I followed all the steps you outlined,

then quit chrome

as soon as google chrome was reopened I got 6 malware notices from Avast, all the same:-

Avast Web shield has blocked a threat
Infection: Mac OS:Spigot-X [Adw]
URL: htxp://update2.mybrowserbar.com/update/wt/gc/errorassistant/ErrorAssistant_1.7_0.crx
File: background.js
Process: /Applications/Google Chroms.app/Contents/MacOS/G

next I looked in extensions and saw that an Amazon Spigot extension had been installed, so I deleted it

I just have "save to pocket" and "1password" chrome extensions activated now.

now i go to look at search engines and i see that some have been reinstalled (by restarting chrome i guess)

yahoo, bing, ask jeeves, google is still the default

in "other search engines" groupon has appeared also

now I open malwarebytes and run a search - I get did not find any threats

 

I would love to know why Avast is giving me those errors, also how the amazon spigot extension got reinstalled, maybe restering chrome does that!

I imagine this is irrelevant but in the spirit of full disclosure - I've been having other issues with chrome too, it's asking me if I'd like to save passwords but not saving them or showing any in its list - even though synced. On other hardware and online at google there are lots of saved passwords - all are synced between devices, phone ipad etc I believe. Because of this and advice from the google forum i installed chrome canary. I've tried it occasionally but as it's not improved the passowrd situation, I've not been using it. However it was about that time that the damned Avast spigot warnings started.

how frustrating

Link to post
Share on other sites

  • Staff

Can you send a system snapshot taken with Malwarebytes Anti-Malware for Mac? To do so, open Malwarebytes Anti-Malware for Mac and choose Take System Snapshot from the Scanner menu. Then, in the window that opens, select all the text (Edit → Select All), copy it and paste into a reply to this message.

Alternately, if you'd prefer not to post that information publicly, send it to me in a direct message, by clicking my name at left and clicking the Message button in my profile.

Link to post
Share on other sites

Hi treed, thanks for this,

I ran a scan just before doing this report.

I also attached a screenshot of the Avast warning I keep seeing

my reading of that is something in Chrome is trying to install the Spigot ADW extension but, hey, I don't know much

 

Malwarebytes Anti-Malware 1.2.6.730 system report - 15 March 2017 14:46:27 GMT

Mac OS X version Version 10.10.5 (Build 14F2315)

System uptime: 8d 01:21:46

Helper tool version: 1.2.6.730

Signatures version: 172

 

Safari extensions

-----------------------

neil

    neil

        Name: 1Password

        Path: /Users/neil/Library/Safari/Extensions/1Password.safariextz

        Modified: 2017-02-15 10:02:10 +0000

 

        Name: Clip to DEVONthink

        Path: /Users/neil/Library/Safari/Extensions/Clip to DEVONthink.safariextz

        Modified: 2015-07-29 16:28:22 +0000

 

        Name: Save to Pocket

        Path: /Users/neil/Library/Safari/Extensions/Save to Pocket.safariextz

        Modified: 2015-11-09 15:52:47 +0000

 

        Name: Avast Online Security

        Path: /Users/neil/Library/Safari/Extensions/wrc.safariextz

        Modified: 2015-04-05 18:27:39 +0000

 

 

Chrome extensions

-----------------------

neil

    Default

        Name: Google Slides

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek

        Modified: 2017-03-10 17:50:46 +0000

 

        Name: BIODIGITAL HUMAN

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/agoenciogemlojlhccbcpcfflicgnaak

        Modified: 2017-03-10 17:52:55 +0000

 

        Name: Google Docs

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: 1Password: Password Manager and Secure Wallet

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aomjjhallfgjeglblehebfpbcfeobpgk

        Modified: 2017-03-10 17:52:54 +0000

 

        Name: Google Drive

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: YouTube

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: http://goo.gl/7Kjxu

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/cflbkoephoheejkaalghgahfjmjolhgh

        Modified: 2017-03-10 17:52:47 +0000

 

        Name: Gmail Offline

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk

        Modified: 2017-03-10 17:52:55 +0000

 

        Name: Google Sheets

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap

        Modified: 2017-03-10 17:50:44 +0000

 

        Name: Office Editing for Docs, Sheets & Slides

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gbkeegbaiigmenfmjfclcdgdpimamgkj

        Modified: 2017-03-10 17:52:53 +0000

 

        Name: Google Docs Offline

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi

        Modified: 2017-03-10 17:50:44 +0000

 

        Name: Avast Online Security

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gomekmidlodglbbmalcneegieacbdmki

        Modified: 2017-03-10 17:50:48 +0000

 

        Name: Ghostery

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/mlomiejdfkolichcflejclcbmpeaniij

        Modified: 2017-03-10 17:52:54 +0000

 

        Name: Save to Pocket

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj

        Modified: 2017-03-14 23:02:07 +0000

 

        Name: RSS Subscription Extension (by Google)

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nlbjncdgjeocebhnmkbbbdekmmmcbfjd

        Modified: 2017-03-10 17:52:57 +0000

 

        Name: Chrome Web Store Payments

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda

        Modified: 2017-03-10 17:50:43 +0000

 

        Name: Gmail

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: Clip to DEVONthink

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjoafdokmbmkpolhcnmnkgaicbajigcc

        Modified: 2017-03-10 17:52:53 +0000

 

        Name: Chrome Media Router

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm

        Modified: 2017-03-10 17:50:45 +0000

 

        Name: 

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/Temp

        Modified: 2017-03-14 23:02:08 +0000

 

    Chrome

        Name: [unknown Chrome extension format]

        Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/external_extensions.json

        Modified: 2013-03-19 12:22:27 +0000

 

        Name: [unknown Chrome extension format]

        Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/gomekmidlodglbbmalcneegieacbdmki.json

        Modified: 2015-12-18 16:37:13 +0000

 

 

Firefox extensions

-----------------------

neil

    75n4zhh6.default

        Name: 1Password

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/onepassword4@agilebits.com.xpi

        Modified: 2017-02-10 20:03:24 +0000

 

        Name: Avast Online Security

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/wrc@avast.com.xpi

        Modified: 2015-12-18 16:37:14 +0000

 

        Name: EPUBReader

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{5384767E-00D9-40E9-B72F-9CC39D655D6F}

        Modified: 2017-02-12 19:09:15 +0000

 

        Name: Video DownloadHelper

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

        Modified: 2017-02-10 20:03:26 +0000

 

 

User Login Items

-----------------------

User: neil

  Name: Flux

  Path: /Applications/Flux.app

 

  Name: ChronoSync Scheduler

  Path: /Applications/ChronoSync.app/Contents/Library/LoginItems/ChronoSync Scheduler.app

 

  Name: Macs Fan Control

  Path: /Applications/Macs Fan Control.app

 

  Name: iTunesHelper

  Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

 

  Name: AdobeResourceSynchronizer

  Path: /Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app

 

  Name: ChronoSync

  Path: /Applications/ChronoSync.app

 

  Name: SMARTReporter

  Path: /Applications/SMARTReporter/SMARTReporter.app

 

  Name: Typinator

  Path: /Applications/Typinator.app

 

  Name: KeyCue

  Path: /Applications/KeyCue.app

 

  Name: PopChar

  Path: /Applications/PopChar.app

 

  Name: Dropbox

  Path: /Applications/Dropbox.app

 

  Name: Default Folder X

  Path: /Applications/Default Folder X.app

 

  Name: i1ProfilerTray

  Path: /Applications/i1Profiler/i1ProfilerTray.app

 

  Name: StretchWare Controller

  Path: /Library/Application Support/Stretchware Controller.app

 

  Name: DEVONthink Sorter

  Path: /Applications/DEVONthink Pro298.app/Contents/PlugIns/SorterPlugin.bundle/Contents/MacOS/DEVONthink Sorter.app

 

 

System startup items

-----------------------

/Library/StartupItems/CSPServer

/Library/StartupItems/CSPStartService

/Library/StartupItems/ProTec6b

 

User launch agents

-----------------------

/Users/neil/Library/LaunchAgents/.DS_Store

/Users/neil/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.2fb951a3e452587cd5063eae0b2acfc945704ab94bfa753dc717073c.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.340705c52d34eece5246c291634d82a64671f6760541ccdaa681f58f.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.65c5828f42d209bbea6e1a2b1653374a5579cd7545b886457d2d094f.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.9a2b6c451f02d418f088afa4a0d2da0bc52175383a2bc11189215ec6.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.ad895013aeb33ea6e968d9fdc06c0eb42c7c2a5229d98d64ad002716.plist

/Users/neil/Library/LaunchAgents/com.amazon.music.plist

/Users/neil/Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist

/Users/neil/Library/LaunchAgents/com.avast.home.userinit.plist

/Users/neil/Library/LaunchAgents/com.avast.secureline.home.userinit.plist

/Users/neil/Library/LaunchAgents/com.backblaze.bzbmenu.plist

/Users/neil/Library/LaunchAgents/com.barebones.weathercal-agent.plist

/Users/neil/Library/LaunchAgents/com.c-command.SpamSieve.LaunchAgent.plist

/Users/neil/Library/LaunchAgents/com.citrixonline.GoToMeeting.G2MUpdate.plist

/Users/neil/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist

/Users/neil/Library/LaunchAgents/com.google.Chrome.framework.plist

/Users/neil/Library/LaunchAgents/ws.agile.1PasswordAgent.plist

 

System launch agents

-----------------------

/Library/LaunchAgents/at.obdev.LittleSnitchUIAgent.plist

/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

/Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist

/Library/LaunchAgents/com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist

/Library/LaunchAgents/com.avast.secureline.update-agent.plist

/Library/LaunchAgents/com.avast.secureline.userinit.plist

/Library/LaunchAgents/com.avast.update-agent.plist

/Library/LaunchAgents/com.avast.userinit.plist

/Library/LaunchAgents/com.epson.epw.agent.plist

/Library/LaunchAgents/com.google.keystone.agent.plist

/Library/LaunchAgents/com.hp.StatusMonitor.plist

/Library/LaunchAgents/com.oracle.java.Java-Updater.plist

/Library/LaunchAgents/com.softraid.SoftRAIDMonitor.plist

/Library/LaunchAgents/com.teamviewer.teamviewer.plist

/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist

/Library/LaunchAgents/com.trusteer.rapport.rapportd.plist

/Library/LaunchAgents/com.wacom.wacomtablet.plist

/Library/LaunchAgents/com.xrite.device.softwareupdate.plist

/Library/LaunchAgents/net.culater.SIMBL.Agent.plist

 

System launch daemons

-----------------------

/Library/LaunchDaemons/at.obdev.littlesnitchd.plist

/Library/LaunchDaemons/com.adobe.adobeupdatedaemon.plist

/Library/LaunchDaemons/com.adobe.agsservice.plist

/Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist

/Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist

/Library/LaunchDaemons/com.adobe.fpsaud.plist

/Library/LaunchDaemons/com.adobe.SwitchBoard.plist

/Library/LaunchDaemons/com.adobe.versioncueCS3.plist

/Library/LaunchDaemons/com.aladdin.aksusbd.plist

/Library/LaunchDaemons/com.aladdin.hasplmd.plist

/Library/LaunchDaemons/com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist

/Library/LaunchDaemons/com.avast.init.plist

/Library/LaunchDaemons/com.avast.secureline.init.plist

/Library/LaunchDaemons/com.avast.secureline.uninstall.plist

/Library/LaunchDaemons/com.avast.secureline.update.plist

/Library/LaunchDaemons/com.avast.uninstall.plist

/Library/LaunchDaemons/com.avast.update.plist

/Library/LaunchDaemons/com.backblaze.bzserv.plist

/Library/LaunchDaemons/com.barebones.bbedit.plist

/Library/LaunchDaemons/com.colorburstrip.ColorBurst-Overdrive.plist

/Library/LaunchDaemons/com.colorburstrip.lpd.plist

/Library/LaunchDaemons/com.dymo.pnpd.plist

/Library/LaunchDaemons/com.econtechnologies.ChronoAgentRemote.plist

/Library/LaunchDaemons/com.google.keystone.daemon.plist

/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist

/Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist

/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

/Library/LaunchDaemons/com.rogueamoeba.instanton-agent.plist

/Library/LaunchDaemons/com.softraid.softraidd.plist

/Library/LaunchDaemons/com.stclairsoft.AppTamerAgent.plist

/Library/LaunchDaemons/com.teamviewer.Helper.plist

/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist

/Library/LaunchDaemons/com.trusteer.rooks.rooksd.plist

/Library/LaunchDaemons/com.xrite.device.xrdd.plist

 

Kernel extensions

-----------------------

/System/Library/Extensions/basICColorDISCUS.kext

/System/Library/Extensions/DymoUsbPrinterClassDriver.kext

/System/Library/Extensions/hp_designjet_series.kext

/System/Library/Extensions/JMicronATA.kext

/System/Library/Extensions/KeyspanUSAdriver.kext

/System/Library/Extensions/SiLabsUSBDriver.kext

/System/Library/Extensions/SiLabsUSBDriver64.kext

/System/Library/Extensions/UsbEthernetGadget.kext

/System/Library/Extensions/Wacom Tablet.kext

/Library/Extensions/ACS6x.kext

/Library/Extensions/AmbrosiaAudioSupport.kext

/Library/Extensions/ArcMSR.kext

/Library/Extensions/ATTOCelerityFC8.kext

/Library/Extensions/ATTOExpressSASHBA2.kext

/Library/Extensions/ATTOExpressSASRAID2.kext

/Library/Extensions/basICColorDISCUS.kext

/Library/Extensions/BJUSBLoad.kext

/Library/Extensions/CalDigitHDProDrv.kext

/Library/Extensions/CIJUSBLoad.kext

/Library/Extensions/EPSONUSBPrintClass.kext

/Library/Extensions/FTDIKext.kext

/Library/Extensions/HighPointIOP.kext

/Library/Extensions/HighPointRR.kext

/Library/Extensions/hp_designjet_series.kext

/Library/Extensions/hp_io_enabler_compound.kext

/Library/Extensions/iCColor.kext

/Library/Extensions/LittleSnitch.kext

/Library/Extensions/PromiseSTEX.kext

/Library/Extensions/SoftRAID.kext

 

launchd.conf contents

-----------------------

 

 

Hosts file

-----------------------

##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting.  Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1             localhost 

 

 

Scan log

-----------------------

2017-03-07 12:54:22 :  

2017-03-07 12:54:22 : ----- Scan Started -----

2017-03-07 12:54:22 : Scanning with signatures version 171 (2017-2-23)

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hjalolmjgklbjgaomjjofphdjnajmnim.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/icdlfehblmklkikfigmjhbmmpmkmpooj.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/mhkaekfpcppmmioggniknbnbdbcigpkk.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/pfndaklgolladniicklehhancnlgocpp.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saamazon@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saebay@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/savingsslider@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/searchme@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot

2017-03-07 12:58:49 : *** Scan time: 0d 00:04:26 ***

2017-03-07 12:58:49 : ------ Scan Ended ------

2017-03-07 13:02:29 : Removing detected threats...

2017-03-07 13:02:29 :  Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :  Removing Item: /Users/neil/Library/Application Support/Spigot

2017-03-07 13:02:31 : ---- Threat Removal Complete ----

2017-03-08 14:37:20 :  

2017-03-08 14:37:20 : ----- Scan Started -----

2017-03-08 14:37:21 : Scanning with signatures version 171 (2017-2-23)

2017-03-08 14:37:21 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp

2017-03-08 14:41:19 : *** Scan time: 0d 00:03:58 ***

2017-03-08 14:41:19 : ------ Scan Ended ------

2017-03-08 14:43:45 : Removing detected threats...

2017-03-08 14:43:45 :  Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp

2017-03-08 14:43:45 : ---- Threat Removal Complete ----

2017-03-08 14:44:24 :  

2017-03-08 14:44:26 : ----- Scan Started -----

2017-03-08 14:44:26 : Scanning with signatures version 171 (2017-2-23)

2017-03-08 14:49:42 : *** Scan time: 0d 00:05:16 ***

2017-03-08 14:49:42 : ------ Scan Ended ------

2017-03-10 11:16:16 :  

2017-03-10 11:16:17 : ----- Scan Started -----

2017-03-10 11:16:17 : Scanning with signatures version 172 (2017-3-9)

2017-03-10 11:20:21 : *** Scan time: 0d 00:04:04 ***

2017-03-10 11:20:21 : ------ Scan Ended ------

2017-03-10 14:44:36 :  

2017-03-10 14:44:37 : ----- Scan Started -----

2017-03-10 14:44:37 : Scanning with signatures version 172 (2017-3-9)

2017-03-10 14:48:28 : *** Scan time: 0d 00:03:51 ***

2017-03-10 14:48:28 : ------ Scan Ended ------

2017-03-10 15:40:32 :  

2017-03-10 15:40:32 : ----- Scan Started -----

2017-03-10 15:40:32 : Scanning with signatures version 172 (2017-3-9)

2017-03-10 15:44:25 : *** Scan time: 0d 00:03:53 ***

2017-03-10 15:44:25 : ------ Scan Ended ------

2017-03-15 14:41:25 :  

2017-03-15 14:41:25 : ----- Scan Started -----

2017-03-15 14:41:25 : Scanning with signatures version 172 (2017-3-9)

2017-03-15 14:46:15 : *** Scan time: 0d 00:04:49 ***

2017-03-15 14:46:15 : ------ Scan Ended ------

 

Malwarebytes Anti-Malware 1.2.6.730 system report - 15 March 2017 14:46:27 GMT

Mac OS X version Version 10.10.5 (Build 14F2315)

System uptime: 8d 01:21:46

Helper tool version: 1.2.6.730

Signatures version: 172

 

Safari extensions

-----------------------

neil

    neil

        Name: 1Password

        Path: /Users/neil/Library/Safari/Extensions/1Password.safariextz

        Modified: 2017-02-15 10:02:10 +0000

 

        Name: Clip to DEVONthink

        Path: /Users/neil/Library/Safari/Extensions/Clip to DEVONthink.safariextz

        Modified: 2015-07-29 16:28:22 +0000

 

        Name: Save to Pocket

        Path: /Users/neil/Library/Safari/Extensions/Save to Pocket.safariextz

        Modified: 2015-11-09 15:52:47 +0000

 

        Name: Avast Online Security

        Path: /Users/neil/Library/Safari/Extensions/wrc.safariextz

        Modified: 2015-04-05 18:27:39 +0000

 

 

Chrome extensions

-----------------------

neil

    Default

        Name: Google Slides

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aapocclcgogkmnckokdopfmhonfmgoek

        Modified: 2017-03-10 17:50:46 +0000

 

        Name: BIODIGITAL HUMAN

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/agoenciogemlojlhccbcpcfflicgnaak

        Modified: 2017-03-10 17:52:55 +0000

 

        Name: Google Docs

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aohghmighlieiainnegkcijnfilokake

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: 1Password: Password Manager and Secure Wallet

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/aomjjhallfgjeglblehebfpbcfeobpgk

        Modified: 2017-03-10 17:52:54 +0000

 

        Name: Google Drive

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/apdfllckaahabafndbhieahigkjlhalf

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: YouTube

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/blpcfgokakmgnkcojhhkbfbldkacnbeo

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: http://goo.gl/7Kjxu

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/cflbkoephoheejkaalghgahfjmjolhgh

        Modified: 2017-03-10 17:52:47 +0000

 

        Name: Gmail Offline

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ejidjjhkpiempkbhmpbfngldlkglhimk

        Modified: 2017-03-10 17:52:55 +0000

 

        Name: Google Sheets

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/felcaaldnbdncclmgdcncolpebgiejap

        Modified: 2017-03-10 17:50:44 +0000

 

        Name: Office Editing for Docs, Sheets & Slides

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gbkeegbaiigmenfmjfclcdgdpimamgkj

        Modified: 2017-03-10 17:52:53 +0000

 

        Name: Google Docs Offline

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/ghbmnnjooekpmoecnnnilnnbdlolhkhi

        Modified: 2017-03-10 17:50:44 +0000

 

        Name: Avast Online Security

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/gomekmidlodglbbmalcneegieacbdmki

        Modified: 2017-03-10 17:50:48 +0000

 

        Name: Ghostery

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/mlomiejdfkolichcflejclcbmpeaniij

        Modified: 2017-03-10 17:52:54 +0000

 

        Name: Save to Pocket

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/niloccemoadcdkdjlinkgdfekeahmflj

        Modified: 2017-03-14 23:02:07 +0000

 

        Name: RSS Subscription Extension (by Google)

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nlbjncdgjeocebhnmkbbbdekmmmcbfjd

        Modified: 2017-03-10 17:52:57 +0000

 

        Name: Chrome Web Store Payments

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/nmmhkkegccagdldgiimedpiccmgmieda

        Modified: 2017-03-10 17:50:43 +0000

 

        Name: Gmail

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjkljhegncpnkpknbcohdijeoejaedia

        Modified: 2017-03-10 17:51:08 +0000

 

        Name: Clip to DEVONthink

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pjoafdokmbmkpolhcnmnkgaicbajigcc

        Modified: 2017-03-10 17:52:53 +0000

 

        Name: Chrome Media Router

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pkedcjkdefgpdelpbcmbmeomcjbeemfm

        Modified: 2017-03-10 17:50:45 +0000

 

        Name: 

        Path: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/Temp

        Modified: 2017-03-14 23:02:08 +0000

 

    Chrome

        Name: [unknown Chrome extension format]

        Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/external_extensions.json

        Modified: 2013-03-19 12:22:27 +0000

 

        Name: [unknown Chrome extension format]

        Path: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/gomekmidlodglbbmalcneegieacbdmki.json

        Modified: 2015-12-18 16:37:13 +0000

 

 

Firefox extensions

-----------------------

neil

    75n4zhh6.default

        Name: 1Password

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/onepassword4@agilebits.com.xpi

        Modified: 2017-02-10 20:03:24 +0000

 

        Name: Avast Online Security

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/wrc@avast.com.xpi

        Modified: 2015-12-18 16:37:14 +0000

 

        Name: EPUBReader

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{5384767E-00D9-40E9-B72F-9CC39D655D6F}

        Modified: 2017-02-12 19:09:15 +0000

 

        Name: Video DownloadHelper

        Path: /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi

        Modified: 2017-02-10 20:03:26 +0000

 

 

User Login Items

-----------------------

User: neil

  Name: Flux

  Path: /Applications/Flux.app

 

  Name: ChronoSync Scheduler

  Path: /Applications/ChronoSync.app/Contents/Library/LoginItems/ChronoSync Scheduler.app

 

  Name: Macs Fan Control

  Path: /Applications/Macs Fan Control.app

 

  Name: iTunesHelper

  Path: /Applications/iTunes.app/Contents/MacOS/iTunesHelper.app

 

  Name: AdobeResourceSynchronizer

  Path: /Applications/Adobe Acrobat 8 Professional/Adobe Acrobat Professional.app/Contents/Support/AdobeResourceSynchronizer.app

 

  Name: ChronoSync

  Path: /Applications/ChronoSync.app

 

  Name: SMARTReporter

  Path: /Applications/SMARTReporter/SMARTReporter.app

 

  Name: Typinator

  Path: /Applications/Typinator.app

 

  Name: KeyCue

  Path: /Applications/KeyCue.app

 

  Name: PopChar

  Path: /Applications/PopChar.app

 

  Name: Dropbox

  Path: /Applications/Dropbox.app

 

  Name: Default Folder X

  Path: /Applications/Default Folder X.app

 

  Name: i1ProfilerTray

  Path: /Applications/i1Profiler/i1ProfilerTray.app

 

  Name: StretchWare Controller

  Path: /Library/Application Support/Stretchware Controller.app

 

  Name: DEVONthink Sorter

  Path: /Applications/DEVONthink Pro298.app/Contents/PlugIns/SorterPlugin.bundle/Contents/MacOS/DEVONthink Sorter.app

 

 

System startup items

-----------------------

/Library/StartupItems/CSPServer

/Library/StartupItems/CSPStartService

/Library/StartupItems/ProTec6b

 

User launch agents

-----------------------

/Users/neil/Library/LaunchAgents/.DS_Store

/Users/neil/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.2fb951a3e452587cd5063eae0b2acfc945704ab94bfa753dc717073c.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.340705c52d34eece5246c291634d82a64671f6760541ccdaa681f58f.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.65c5828f42d209bbea6e1a2b1653374a5579cd7545b886457d2d094f.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.9a2b6c451f02d418f088afa4a0d2da0bc52175383a2bc11189215ec6.plist

/Users/neil/Library/LaunchAgents/com.adobe.ARM.ad895013aeb33ea6e968d9fdc06c0eb42c7c2a5229d98d64ad002716.plist

/Users/neil/Library/LaunchAgents/com.amazon.music.plist

/Users/neil/Library/LaunchAgents/com.apple.SafariBookmarksSyncer.plist

/Users/neil/Library/LaunchAgents/com.avast.home.userinit.plist

/Users/neil/Library/LaunchAgents/com.avast.secureline.home.userinit.plist

/Users/neil/Library/LaunchAgents/com.backblaze.bzbmenu.plist

/Users/neil/Library/LaunchAgents/com.barebones.weathercal-agent.plist

/Users/neil/Library/LaunchAgents/com.c-command.SpamSieve.LaunchAgent.plist

/Users/neil/Library/LaunchAgents/com.citrixonline.GoToMeeting.G2MUpdate.plist

/Users/neil/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist

/Users/neil/Library/LaunchAgents/com.google.Chrome.framework.plist

/Users/neil/Library/LaunchAgents/ws.agile.1PasswordAgent.plist

 

System launch agents

-----------------------

/Library/LaunchAgents/at.obdev.LittleSnitchUIAgent.plist

/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

/Library/LaunchAgents/com.adobe.AdobeCreativeCloud.plist

/Library/LaunchAgents/com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist

/Library/LaunchAgents/com.avast.secureline.update-agent.plist

/Library/LaunchAgents/com.avast.secureline.userinit.plist

/Library/LaunchAgents/com.avast.update-agent.plist

/Library/LaunchAgents/com.avast.userinit.plist

/Library/LaunchAgents/com.epson.epw.agent.plist

/Library/LaunchAgents/com.google.keystone.agent.plist

/Library/LaunchAgents/com.hp.StatusMonitor.plist

/Library/LaunchAgents/com.oracle.java.Java-Updater.plist

/Library/LaunchAgents/com.softraid.SoftRAIDMonitor.plist

/Library/LaunchAgents/com.teamviewer.teamviewer.plist

/Library/LaunchAgents/com.teamviewer.teamviewer_desktop.plist

/Library/LaunchAgents/com.trusteer.rapport.rapportd.plist

/Library/LaunchAgents/com.wacom.wacomtablet.plist

/Library/LaunchAgents/com.xrite.device.softwareupdate.plist

/Library/LaunchAgents/net.culater.SIMBL.Agent.plist

 

System launch daemons

-----------------------

/Library/LaunchDaemons/at.obdev.littlesnitchd.plist

/Library/LaunchDaemons/com.adobe.adobeupdatedaemon.plist

/Library/LaunchDaemons/com.adobe.agsservice.plist

/Library/LaunchDaemons/com.adobe.ARMDC.Communicator.plist

/Library/LaunchDaemons/com.adobe.ARMDC.SMJobBlessHelper.plist

/Library/LaunchDaemons/com.adobe.fpsaud.plist

/Library/LaunchDaemons/com.adobe.SwitchBoard.plist

/Library/LaunchDaemons/com.adobe.versioncueCS3.plist

/Library/LaunchDaemons/com.aladdin.aksusbd.plist

/Library/LaunchDaemons/com.aladdin.hasplmd.plist

/Library/LaunchDaemons/com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist

/Library/LaunchDaemons/com.avast.init.plist

/Library/LaunchDaemons/com.avast.secureline.init.plist

/Library/LaunchDaemons/com.avast.secureline.uninstall.plist

/Library/LaunchDaemons/com.avast.secureline.update.plist

/Library/LaunchDaemons/com.avast.uninstall.plist

/Library/LaunchDaemons/com.avast.update.plist

/Library/LaunchDaemons/com.backblaze.bzserv.plist

/Library/LaunchDaemons/com.barebones.bbedit.plist

/Library/LaunchDaemons/com.colorburstrip.ColorBurst-Overdrive.plist

/Library/LaunchDaemons/com.colorburstrip.lpd.plist

/Library/LaunchDaemons/com.dymo.pnpd.plist

/Library/LaunchDaemons/com.econtechnologies.ChronoAgentRemote.plist

/Library/LaunchDaemons/com.google.keystone.daemon.plist

/Library/LaunchDaemons/com.malwarebytes.HelperTool.plist

/Library/LaunchDaemons/com.microsoft.autoupdate.helper.plist

/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

/Library/LaunchDaemons/com.rogueamoeba.instanton-agent.plist

/Library/LaunchDaemons/com.softraid.softraidd.plist

/Library/LaunchDaemons/com.stclairsoft.AppTamerAgent.plist

/Library/LaunchDaemons/com.teamviewer.Helper.plist

/Library/LaunchDaemons/com.teamviewer.teamviewer_service.plist

/Library/LaunchDaemons/com.trusteer.rooks.rooksd.plist

/Library/LaunchDaemons/com.xrite.device.xrdd.plist

 

Kernel extensions

-----------------------

/System/Library/Extensions/basICColorDISCUS.kext

/System/Library/Extensions/DymoUsbPrinterClassDriver.kext

/System/Library/Extensions/hp_designjet_series.kext

/System/Library/Extensions/JMicronATA.kext

/System/Library/Extensions/KeyspanUSAdriver.kext

/System/Library/Extensions/SiLabsUSBDriver.kext

/System/Library/Extensions/SiLabsUSBDriver64.kext

/System/Library/Extensions/UsbEthernetGadget.kext

/System/Library/Extensions/Wacom Tablet.kext

/Library/Extensions/ACS6x.kext

/Library/Extensions/AmbrosiaAudioSupport.kext

/Library/Extensions/ArcMSR.kext

/Library/Extensions/ATTOCelerityFC8.kext

/Library/Extensions/ATTOExpressSASHBA2.kext

/Library/Extensions/ATTOExpressSASRAID2.kext

/Library/Extensions/basICColorDISCUS.kext

/Library/Extensions/BJUSBLoad.kext

/Library/Extensions/CalDigitHDProDrv.kext

/Library/Extensions/CIJUSBLoad.kext

/Library/Extensions/EPSONUSBPrintClass.kext

/Library/Extensions/FTDIKext.kext

/Library/Extensions/HighPointIOP.kext

/Library/Extensions/HighPointRR.kext

/Library/Extensions/hp_designjet_series.kext

/Library/Extensions/hp_io_enabler_compound.kext

/Library/Extensions/iCColor.kext

/Library/Extensions/LittleSnitch.kext

/Library/Extensions/PromiseSTEX.kext

/Library/Extensions/SoftRAID.kext

 

launchd.conf contents

-----------------------

 

 

Hosts file

-----------------------

##

# Host Database

#

# localhost is used to configure the loopback interface

# when the system is booting.  Do not change this entry.

##

127.0.0.1 localhost

255.255.255.255 broadcasthost

::1             localhost 

 

 

Scan log

-----------------------

2017-03-07 12:54:22 :  

2017-03-07 12:54:22 : ----- Scan Started -----

2017-03-07 12:54:22 : Scanning with signatures version 171 (2017-2-23)

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hjalolmjgklbjgaomjjofphdjnajmnim.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/icdlfehblmklkikfigmjhbmmpmkmpooj.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/mhkaekfpcppmmioggniknbnbdbcigpkk.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/External Extensions/pfndaklgolladniicklehhancnlgocpp.json

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saamazon@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/saebay@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/savingsslider@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Firefox/Profiles/75n4zhh6.default/extensions/searchme@mybrowserbar.com.xpi

2017-03-07 12:54:23 : Adware.Spigot : /Users/neil/Library/Application Support/Spigot

2017-03-07 12:58:49 : *** Scan time: 0d 00:04:26 ***

2017-03-07 12:58:49 : ------ Scan Ended ------

2017-03-07 13:02:29 : Removing detected threats...

2017-03-07 13:02:29 :  Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/External Extensions/hbcennhacfaagdopikcegfcobcadeocj.json

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:29 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:30 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saebay.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/Searchme.chromeextension.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/ErrorAssistant.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/coupons.crx

2017-03-07 13:02:31 :   Removing extension external item: /Users/neil/Library/Application Support/Spigot/saamazon.crx

2017-03-07 13:02:31 :  Removing Item: /Users/neil/Library/Application Support/Spigot

2017-03-07 13:02:31 : ---- Threat Removal Complete ----

2017-03-08 14:37:20 :  

2017-03-08 14:37:20 : ----- Scan Started -----

2017-03-08 14:37:21 : Scanning with signatures version 171 (2017-2-23)

2017-03-08 14:37:21 : Adware.Spigot : /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp

2017-03-08 14:41:19 : *** Scan time: 0d 00:03:58 ***

2017-03-08 14:41:19 : ------ Scan Ended ------

2017-03-08 14:43:45 : Removing detected threats...

2017-03-08 14:43:45 :  Removing Extension Item: /Users/neil/Library/Application Support/Google/Chrome/Default/Extensions/pfndaklgolladniicklehhancnlgocpp

2017-03-08 14:43:45 : ---- Threat Removal Complete ----

2017-03-08 14:44:24 :  

2017-03-08 14:44:26 : ----- Scan Started -----

2017-03-08 14:44:26 : Scanning with signatures version 171 (2017-2-23)

2017-03-08 14:49:42 : *** Scan time: 0d 00:05:16 ***

2017-03-08 14:49:42 : ------ Scan Ended ------

2017-03-10 11:16:16 :  

2017-03-10 11:16:17 : ----- Scan Started -----

2017-03-10 11:16:17 : Scanning with signatures version 172 (2017-3-9)

2017-03-10 11:20:21 : *** Scan time: 0d 00:04:04 ***

2017-03-10 11:20:21 : ------ Scan Ended ------

2017-03-10 14:44:36 :  

2017-03-10 14:44:37 : ----- Scan Started -----

2017-03-10 14:44:37 : Scanning with signatures version 172 (2017-3-9)

2017-03-10 14:48:28 : *** Scan time: 0d 00:03:51 ***

2017-03-10 14:48:28 : ------ Scan Ended ------

2017-03-10 15:40:32 :  

2017-03-10 15:40:32 : ----- Scan Started -----

2017-03-10 15:40:32 : Scanning with signatures version 172 (2017-3-9)

2017-03-10 15:44:25 : *** Scan time: 0d 00:03:53 ***

2017-03-10 15:44:25 : ------ Scan Ended ------

2017-03-15 14:41:25 :  

2017-03-15 14:41:25 : ----- Scan Started -----

2017-03-15 14:41:25 : Scanning with signatures version 172 (2017-3-9)

2017-03-15 14:46:15 : *** Scan time: 0d 00:04:49 ***

2017-03-15 14:46:15 : ------ Scan Ended ------

 

 

Screen Shot 2017-03-15 at 14.48.39.jpg

Link to post
Share on other sites

  • Staff

You've got a lot of Chrome extensions installed, and it's possible one of them might be the culprit. Follow the instructions here to troubleshoot them:

https://support.malwarebytes.com/customer/portal/articles/2045724-?b_id=9511

Beyond that, though, your system has an enormous amount of third-party software installed that is running in the background at all times. I'd honestly be surprised if the system is running decently at all! To be frank, if I were in charge of that machine and had to fix it, I'd probably just wipe its hard drive and reinstall the system and needed apps from scratch. That would be far easier than trying to figure out what needs to get removed and how to remove it properly.

Link to post
Share on other sites

  • 2 months later...

neilbar

I would follow the advice that treed provided to you earlier with two critical additions.

1. If you are not using it then don't install it.

2. Ensure it gets scanned and is safe before you install it.

There are many third party applications that contain adware and malware. 

Also, allot of the software that is "shared" online is infected with malware which is why it is so important to thoroughly check everything out before you push it to your system.

Link to post
Share on other sites

  • 1 year later...

Hi All, this is an interesting thread.  May I add my own scenario.

I am running a Macbook Pro, Retina Mid 2012, i7, 8Gb, NVidia GeForce, and with OS X 10.8.2 (because I am using IBM Notes it has been easier not to upgrade - I only mainly use the machine for IBM Notes hence the long overdue upgrade).

Out of the blue - this morning Avast started giving me the same error messages as above while (only) using Chrome.  I have few extensions, and followed the above reset procedures with no change.  There is no "spigot" on my system.  

I don't go in for downloading programmes, I have liked my machine as is - and the only website visited this morning before Avast started its warnings was www.nationmultimedia.com, a respected news publication, and on which there was an Ad popped up (despite my settings).

The Avast messages almost all refer to update2.mybrowserbar.com.  Tried malwarebytes and other software but I am supposedly adware free.  Any thoughts?

 

Avast 5.jpg

Link to post
Share on other sites

  • Staff

The only versions of Malwarebytes software capable of running on 10.8 are quite old and not capable of detecting all current threats. Further, 10.8 is quite old and contains known vulnerabilities that have never been patched. Keeping your computer secure requires keeping the system and all your software up-to-date. Sometimes this means abandoning old software and making the painful transition to something new.

If you can update to at least 10.9, you'll be able to run a slightly more recent - and more capable - version of Malwarebytes Anti-Malware. However, note that 10.9 cannot really be considered secure either.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.