EtreCheckPro version: 6.8.4 (68040) Report generated: 2024-04-24 02:12:18 Download EtreCheckPro from https://etrecheck.com Runtime: 2:06 Performance: Excellent Problem: Other problem Description: Search engine redirect malware is taking me to Yahoo. My Safari defaul t browser is Google. I tried other browsers and the malware still redi rects to Yahoo. Major Issues: Anything that appears on this list needs immediate attention. Unsigned files - There are unsigned software files installed that could be malicious and should be reviewed. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. Apps with heavy CPU usage - There have been numerous cases of apps with heavy CPU usage. Clean up - There are orphan files that could be removed. Kernel extensions present - This computer has kernel extensions that may not work in the future. Hardware Information: MacBook Air (M1, 2020) Status: Supported MacBook Air Model: MacBookAir10,1 2.40 GHz Apple M1 (m1) CPU: 8-core 8 GB RAM - Not upgradeable Battery: Health = Normal - Cycle count = 141 Video Information: Apple M1 Color LCD (built-in) 2880 x 1800 Drives: disk0 - APPLE SSD AP0512Q 500.28 GB (Solid State - TRIM: Yes) Internal Apple Fabric NVM Express disk0s1 [APFS Container] 524 MB disk1 [APFS Virtual drive] 524 MB (Shared by 4 volumes) disk1s1 - iSCPreboot (APFS) [APFS Preboot] (6 MB used) disk1s2 - xART (APFS) (6 MB used) disk1s3 - Hardware (APFS) (418 KB used) disk1s4 - Recovery (APFS) [Recovery] (20 KB used) disk0s2 [APFS Container] 494.38 GB disk3 [APFS Virtual drive] 494.38 GB (Shared by 6 volumes) disk3s1 (APFS) [APFS Container] (10.25 GB used) disk3s1s1 - Macintosh HD (APFS) [APFS Snapshot] (10.25 GB used) disk3s2 - Preboot (APFS) [APFS Preboot] (6.14 GB used) disk3s3 - Recovery (APFS) [Recovery] (932 MB used) disk3s4 - Update (APFS) (47 MB used) disk3s5 - Data (APFS) [APFS Virtual drive] (196.03 GB used) disk3s6 - VM (APFS) [APFS VM] (20 KB used) disk0s3 [APFS Container] 5.37 GB disk2 [APFS Virtual drive] 5.37 GB (Shared by 2 volumes) disk2s1 - Recovery (APFS) [Recovery] (1.78 GB used) disk2s2 - Update (APFS) (3 MB used) Mounted Volumes: disk1s1 - iSCPreboot [APFS Preboot] Filesystem: APFS Mount point: /System/Volumes/iSCPreboot Used: 6 MB Shared values Size: 524 MB Free: 506 MB disk1s2 - xART Filesystem: APFS Mount point: /System/Volumes/xarts Used: 6 MB Shared values Size: 524 MB Free: 506 MB disk1s3 - Hardware Filesystem: APFS Mount point: /System/Volumes/Hardware Used: 418 KB Shared values Size: 524 MB Free: 506 MB disk3s1s1 - Macintosh HD [APFS Snapshot] Filesystem: APFS Mount point: / Read-only: Yes Used: 10.25 GB Shared values Size: 494.38 GB Free: 281.06 GB Available: 308.40 GB disk3s2 - Preboot [APFS Preboot] Filesystem: APFS Mount point: /System/Volumes/Preboot Used: 6.14 GB Shared values Size: 494.38 GB Free: 281.06 GB Available: 308.40 GB disk3s4 - Update Filesystem: APFS Mount point: /System/Volumes/Update Used: 47 MB Shared values Size: 494.38 GB Free: 281.06 GB Available: 308.40 GB disk3s5 - Data [APFS Virtual drive] Filesystem: APFS Mount point: /System/Volumes/Data Encrypted Used: 196.03 GB Shared values Size: 494.38 GB Free: 281.06 GB Available: 308.40 GB disk3s6 - VM [APFS VM] Filesystem: APFS Mount point: /System/Volumes/VM Used: 20 KB Shared values Size: 494.38 GB Free: 281.06 GB Available: 308.40 GB disk4s2 - G***********e Filesystem: Mac OS Extended Disk Image Mount point: /Volumes/G***********e Owners enabled: No Read-only: Yes Used: 584 MB Size: 584 MB Network: Interface en3: Ethernet Adapter (en3) Interface en4: Ethernet Adapter (en4) Interface en0: Wi-Fi 802.11 a/b/g/n/ac/ax Interface bridge0: Thunderbolt Bridge System Software: macOS Sonoma 14.4.1 (23E224) Time since boot: About 2 days Configuration Files: /etc/hosts - Count: 2 Notifications: Creative Cloud.app 2 notifications Security: Gatekeeper: App Store and identified developers System Integrity Protection: Enabled Secure Boot: Full Security Antivirus software: Apple Unsigned Files: Launchd: /Library/LaunchDaemons/com.fitbit.galileod.plist Executable: /usr/local/bin/galileod Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.adobe.SwitchBoard.plist Executable: /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app/Contents/MacOS/launch.switchboard Details: Exact match found in the legitimate list - probably OK Launchd: ~/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist Command: /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility -mode=scheduled Details: Exact match found in the legitimate list - probably OK Launchd: ~/Library/LaunchAgents/com.epson.epsvcp.plist Executable: /Library/Caches/Epson/Service Plan/epsvcp.app/Contents/MacOS/epsvcp Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist Command: /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility -mode=logon Details: Exact match found in the legitimate list - probably OK Apps: 12 System Extensions: [Not Loaded] Malwarebytes Engine - version 5.1.3 (Malwarebytes Corporation - 2024-04-15) Application: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/Malwarebytes.app - version 5.1.3 (Malwarebytes Corporation - 2024-04-15) Description: The Malwarebytes Engine extension manages your connection to the Malwarebytes VPN service. Kernel Extensions: /Library/Extensions [Not Loaded] EPSONUSBPrintClass.kext - com.epson.print.kext.USBPrintClass (3.4.1) [Not Loaded] hp_qc_io_enabler.kext - com.hp.hpio.hp_psa530_630_io_enabler (1.0.1) [Not Loaded] hp_fax_io.kext - com.hp.kext.hp-fax-io (5.11.0 - SDK 10.8) [Not Loaded] hp_io_enabler_compound.kext - com.hp.kext.io.enabler.compound (3.4.0) [Not Loaded] hp_designjet_series.kext - com.hp.print.hpio.Designjet.kext (2.2) [Not Loaded] hp_Deskjet_io_enabler.kext - com.hp.print.hpio.Deskjet.kext (3.0.3) [Not Loaded] hp_Inkjet_io_enabler.kext - com.hp.print.hpio.Inkjet.kext (3.0.3) [Not Loaded] hp_Inkjet1_io_enabler.kext - com.hp.print.hpio.Inkjet1.kext (2.1.4) [Not Loaded] hp_Inkjet2_io_enabler.kext - com.hp.print.hpio.Inkjet2.kext (3.0.2) [Not Loaded] hp_Inkjet3_io_enabler.kext - com.hp.print.hpio.Inkjet3.kext (2.0.1) [Not Loaded] hp_Inkjet4_io_enabler.kext - com.hp.print.hpio.Inkjet4.kext (2.2.1) [Not Loaded] hp_Inkjet5_io_enabler.kext - com.hp.print.hpio.Inkjet5.kext (2.1.2) [Not Loaded] hp_Laserjet_io_enabler.kext - com.hp.print.hpio.Laserjet.kext (1.0.1) [Not Loaded] hp_Officejet_io_enabler.kext - com.hp.print.hpio.Officejet.kext (3.0.3) [Not Loaded] hp_Photosmart_io_enabler.kext - com.hp.print.hpio.Photosmart.kext (4.0.2) [Not Loaded] hp_PhotosmartPro_io_enabler.kext - com.hp.print.hpio.PhotosmartPro.kext (3.0.1) [Not Loaded] hp_Inkjet7_io_enabler.kext - com.hp.print.hpio.inkjet7.kext (1.0.2) [Not Loaded] hp_Inkjet8_io_enabler.kext - com.hp.print.hpio.inkjet8.kext (4.2.4 - SDK 10.8) [Not Loaded] JMicronATA.kext - com.jmicron.JMicronATA (1.1.6) [Not Loaded] LexmarkUSBMerge.kext - com.lexmark.print.usbmerge (1.16.11) [Not Loaded] BJUSBLoad.kext - jp.co.canon.bj.print.BJUSBLoad (2.0.10) System Launch Daemons: [Not Loaded] 43 Apple tasks [Loaded] 220 Apple tasks [Running] 139 Apple tasks [Other] One Apple task System Launch Agents: [Not Loaded] 20 Apple tasks [Loaded] 229 Apple tasks [Running] 175 Apple tasks Launch Daemons: [Other] app.fab.fabHelper.plist (Not signed - installed 2022-07-18) Executable: /Library/PrivilegedHelperTools/app.fab.fabHelper [Loaded] com.adobe.SwitchBoard.plist (Not signed - installed 2011-12-18) Executable: /Library/Application Support/Adobe/SwitchBoard/SwitchBoard.app/Contents/MacOS/launch.switchboard [Running] com.adobe.acc.installer.v2.plist (Adobe Inc. - installed 2023-12-08) Executable: /Library/PrivilegedHelperTools/com.adobe.acc.installer.v2 [Loaded] com.adobe.agsservice.plist (Adobe Inc. - installed 2024-01-04) Executable: /Library/Application Support/Adobe/AdobeGCClient/AGSService [Loaded] com.apple.installer.osmessagetracing.plist (Apple - installed 2019-10-05) Executable: /System/Library/PrivateFrameworks/OSInstaller.framework/Resources/OSMessageTracer [Loaded] com.epson.RemotePrintIODaemon.plist (Seiko Epson Corporation - installed 2023-10-03) Executable: /Library/Printers/EPSON/InkjetPrinter2/Backend/RemotePrintIODaemon.app/Contents/MacOS/RemotePrintIODaemon [Running] com.fitbit.galileod.plist (Not signed - installed 2022-03-29) Executable: /usr/local/bin/galileod [Running] com.hidglobal.ia.guisvc.plist (HID Global Corporation - installed 2015-10-27) Executable: /Library/Frameworks/ac.ac4mac.smmw.framework/Versions/Current/Libraries/com.hidglobal.ia.guisvc [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2022-03-29) Executable: /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper [Loaded] com.microsoft.office.licensing.helper.plist (Not signed - installed 2022-03-29) Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper Launch Agents: [Not Loaded] com.adobe.AAM.Updater-1.0.plist (Not signed - installed 2022-03-29) Command: /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility -mode=logon [Running] com.adobe.AdobeCreativeCloud.plist (Adobe Inc. - installed 2023-12-08) Command: /Applications/Utilities/Adobe Creative Cloud/ACC/Creative Cloud.app/Contents/MacOS/Creative Cloud --showwindow=false --onOSstartup=true [Other] com.adobe.ElementsAutoCreator-19.0.plist (Not signed - installed 2020-10-10) Executable: /Applications/Adobe Elements 2021 Organizer.app/Contents/Elements Auto Creations 2021.app/Contents/MacOS/Elements Auto Creations 2021 [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2024-01-04) Command: /Library/Application Support/Adobe/AdobeGCClient/agcinvokerutility -mode=logon [Loaded] com.adobe.ccxprocess.plist (Adobe Inc. - installed 2024-03-26) Command: /Applications/Utilities/Adobe Creative Cloud Experience/CCXProcess/CCXProcess.app/Contents/MacOS/CCXProcess --openAtBoot [Loaded] com.epson.RemotePrintIOHelper.plist (Seiko Epson Corporation - installed 2023-10-03) Executable: /Library/Printers/EPSON/InkjetPrinter2/Backend/RemotePrintIOHelper.app/Contents/MacOS/RemotePrintIOHelper [Running] com.epson.edca.launcher.plist (Seiko Epson Corporation - installed 2023-10-29) Command: /Applications/Epson Software/Epson Utilities/Epson Data Collection Agent.app/Contents/MacOS/Edca edca [Loaded] com.epson.esua.launcher.plist (Seiko Epson Corporation - installed 2023-08-09) Executable: /Applications/Epson Software/EPSON Software Updater.app/Contents/EPSON Software Updater Agent.app/Contents/MacOS/EPSON Software Updater Agent [Running] com.epson.eventmanager.agent.plist (Seiko Epson Corporation - installed 2020-08-26) Executable: /Applications/Epson Software/Event Manager.app/Contents/Resources/Assistants/Event Manager/EEventManager.app/Contents/MacOS/EEventManager [Running] com.epson.scannermonitor.plist (Seiko Epson Corporation - installed 2020-08-26) Executable: /Library/Application Support/EPSON/Scanner/ScannerMonitor/Epson Scanner Monitor.app/Contents/MacOS/Epson Scanner Monitor User Launch Agents: [Other] com.adobe.AAM.Updater-1.0.plist (Not signed - installed 2022-03-29) Command: /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility -mode=scheduled [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2024-01-04) Command: /Library/Application Support/Adobe/AdobeGCClient/agcinvokerutility -mode=scheduled [Loaded] com.epson.epsvcp.plist (Not signed - installed 2024-02-13) Executable: /Library/Caches/Epson/Service Plan/epsvcp.app/Contents/MacOS/epsvcp [Loaded] com.google.GoogleUpdater.wake.plist (Google LLC - installed 2024-04-22) Command: ~/Library/Application Support/Google/GoogleUpdater/Current/GoogleUpdater.app/Contents/MacOS/GoogleUpdater --wake-all --enable-logging --vmodule=*/components/update_client/*=2,*/chrome/updater/*=2 [Not Loaded] com.google.keystone.agent.plist (Not signed - installed 2023-12-07) [Not Loaded] com.google.keystone.xpcservice.plist (Not signed - installed 2023-12-07) [Running] org.Navionics.NavService.plist (Garmin Italy Technologies S.R.L. - installed 2024-02-13) Executable: /Applications/Chart Installer/NavService.app/Contents/MacOS/NavService User Login Items: [Not Loaded] Launcher Disabler (App Store - installed 2024-04-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/Launcher Disabler.app [Not Loaded] OneDrive Launcher (App Store - installed 2024-04-23) Modern Login Item /Applications/OneDrive.app/Contents/Library/LoginItems/OneDrive Launcher.app [Not Loaded] HP Device Monitor (HP Inc. - installed 2022-03-29) Modern Login Item /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app Applications: 665 apps 59 x86-only apps 9 unsigned apps App Extensions: Finder sync extensions: OneDrive Finder Integration - /Applications/OneDrive.app Adobe Content Synchronizer Finder Extension - /Applications/Utilities/Adobe Sync/CoreSync/Core Sync.app File providers: OneDrive File Provider - /Applications/OneDrive.app QuickLook Previews: EtreCheckQuickLook - ~/Downloads/EtreCheckPro.app com.etresoft.etrecheck4 *.etrecheck InDesign QuickLook Extension - /Applications/Adobe InDesign 2024/Adobe InDesign 2024.app com.adobe.indesign-document *.indd com.adobe.indesign-template *.indt Internet Plug-ins: iPhotoPhotocast: 7.0 (Apple - installed 2022-03-29) AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2022-03-29) NP_2020Player_WEB: 5.0.94.0 (? - installed 2022-03-29) AdobePDFViewer: 21.001.20149 (Adobe Systems, Inc. - installed 2022-03-29) SharePointBrowserPlugin: 14.7.2 (? - installed 2022-03-29) Silverlight: 4.0.60531.0 (? - installed 2022-03-29) JavaAppletPlugin: (?) Backup: Auto backup: Destinations: T*******t [Local] (Last used) Total size: 0 B Total number of backups: 6 local snapshots Oldest local snapshot: 2024-04-21 17:38:12 Last local snapshot: 2024-04-22 12:30:43 Performance: System Load: 2.63 (1 min ago) 2.12 (5 min ago) 2.13 (15 min ago) Nominal I/O usage: 1.26 MB/s File system: 7.80 seconds Write speed: 2952 MB/s Read speed: 2370 MB/s CPU Usage Snapshot: Type Overall System: 5 % User: 11 % Idle: 85 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) EtreCheckPro 22.86 % (Etresoft, Inc.) WindowServer 17.64 % (Apple) Messages 10.34 % (Apple) kernel_task 8.04 % (Apple) audioaccessoryd 8.00 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheckPro 794 MB (Etresoft, Inc.) kernel_task 253 MB (Apple) com.apple.WebKit.WebContent (10) 209 MB (Apple) Messages 182 MB (Apple) suggestd 79 MB (Apple) Top Processes Snapshot by Network Use: Process (count) Input / Output (Source - Location) mDNSResponder 13 MB / 9 MB (Apple) apsd 2 MB / 4 MB (Apple) rapportd 2 MB / 69 KB (Apple) com.apple.WebKit.Networking 48 KB / 71 KB (Apple) netbiosd 53 KB / 29 KB (Apple) Top Processes Snapshot by Energy Use: Process (count) Energy (0-100) (Source - Location) WindowServer 6 (Apple) Messages 1 (Apple) airportd 0 (Apple) cfprefsd (2) 0 (Apple) remindd 0 (Apple) Virtual Memory Information: Physical RAM: 8 GB Free RAM: 47 MB Used RAM: 6.25 GB Cached files: 1.71 GB Available RAM: 1.75 GB Swap Used: 0 B Software Installs (past 60 days): Install Date Name (Version) 2024-02-25 Adobe Acrobat Reader (23.008.20555) (23.008.20555) 2024-03-14 ARMDC Agent Installer (1.0.0) 2024-03-19 Adobe Acrobat Reader (24.001.20604) (24.001.20604) 2024-03-22 macOS 14.4 (14.4) 2024-03-23 Adobe Acrobat Reader (24.001.20615) (24.001.20615) 2024-03-23 MRTConfigData (1.93) 2024-03-23 GarageBand (10.4.11) 2024-03-23 iMovie (10.4) 2024-03-31 XProtectPlistConfigData (2191) 2024-03-31 Adobe Acrobat Reader (24.001.20631) (24.001.20631) 2024-04-02 XProtectPayloads (130) 2024-04-02 Keynote (14.0) 2024-04-02 Numbers (14.0) 2024-04-02 Pages (14.0) 2024-04-04 Adobe Acrobat Reader (24.001.20643) (24.001.20643) 2024-04-15 Adobe Acrobat Reader (24.002.20687) (24.002.20687) 2024-04-15 Malwarebytes for Mac (1.0) 2024-04-22 macOS 14.4.1 (14.4.1) 2024-04-22 RosettaUpdateAuto (1.0.0.0.1.1711007790) 2024-04-23 OneDrive (24.065.0331) Clean up: /Library/LaunchAgents/com.adobe.ElementsAutoCreator-19.0.plist /Applications/Adobe Elements 2021 Organizer.app/Contents/Elements Auto Creations 2021.app/Contents/MacOS/Elements Auto Creations 2021 Executable not found /Library/LaunchDaemons/app.fab.fabHelper.plist /Library/PrivilegedHelperTools/app.fab.fabHelper Executable not found Diagnostics Information (past 60 days): 2024-04-22 14:01:46 com.apple.WebKit.WebContent High CPU Use (4 times) First occurrence: 2024-04-22 14:03:51 Executable: /Volumes/VOLUME/*/W**************k/V******s/A/X*********s/c*****************************c/C******s/M***S/c*************************t 2024-04-22 11:09:07 spotlightknowledged High CPU Use (12 times) First occurrence: 2024-04-17 05:34:12 Executable: /System/Library/Frameworks/CoreSpotlight.framework/spotlightknowledged 2024-04-21 08:31:48 siriknowledged Crash Executable: /usr/libexec/siriknowledged End of report