You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Why does my browser continue to get highjacked?

EtreCheckPro version: 6.5.6 (6F041) Report generated: 2022-04-09 10:23:30 Download EtreCheckPro from https://etrecheck.com Runtime: 5:31 Performance: Below Average Problem: Other problem Description: browser highjacked Major Issues: Anything that appears on this list needs immediate attention. Proxies - Network proxies detected. This could be evidence of malware. Adware - Adware detected. Unsigned files - There are unsigned software files installed that could be adware and should be reviewed. Obsolete hardware - This computer may be considered obsolete. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. SSD too slow - SSD is showing poor performance. No Time Machine backup - Time Machine backup not found. Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system. System modifications - There are a large number of system modifications running in the background. x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system. Limited drive access - More information may be available with Full Drive Access. Kernel extensions present - This computer has kernel extensions that may not work in the future. Hardware Information: MacBook Air (13-inch, Early 2014) - Obsolete! MacBook Air Model: MacBookAir6,2 1.4 GHz Dual-Core Intel Core i5 (i5-4260U) CPU: 2-core 4 GB RAM - Not upgradeable BANK 0/DIMM0 - 2 GB DDR3 1600 BANK 1/DIMM0 - 2 GB DDR3 1600 Battery: Health = Normal - Cycle count = 681 Video Information: Intel HD Graphics 5000 - VRAM: 1536 MB Color LCD 1440 x 900 Drives: disk0 - APPLE SSD SD0256F 251.00 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x2 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [APFS Container] 250.79 GB disk1 [APFS Virtual drive] 250.79 GB (Shared by 6 volumes) disk1s1 - Macintosh HD - Data (APFS) [APFS Virtual drive] (Shared - 191.32 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (Shared - 554 MB used) disk1s3 - Recovery (APFS) [Recovery] (Shared - 624 MB used) disk1s4 - VM (APFS) [APFS VM] (Shared - 3.22 GB used) disk1s5 (APFS) [APFS Container] (Shared - 15.33 GB used) disk1s5s1 - Macintosh HD (APFS) [APFS Snapshot] (Shared - 15.33 GB used) disk1s6 - Update (APFS) (Shared - 4 MB used) Mounted Volumes: disk1s1 - Macintosh HD - Data [APFS Virtual drive] 250.79 GB (Shared - 191.32 GB used, 41.91 GB available, 39.60 GB free) APFS Mount point: /System/Volumes/Data Encrypted disk1s2 - Preboot [APFS Preboot] 250.79 GB (Shared - 554 MB used, 39.60 GB free) APFS Mount point: /System/Volumes/Preboot disk1s4 - VM [APFS VM] 250.79 GB (Shared - 3.22 GB used, 39.60 GB free) APFS Mount point: /System/Volumes/VM disk1s5s1 - Macintosh HD [APFS Snapshot] 250.79 GB (Shared - 15.33 GB used, 41.91 GB available, 39.60 GB free) APFS Mount point: / Read-only: Yes disk1s6 - Update 250.79 GB (Shared - 4 MB used, 39.60 GB free) APFS Mount point: /System/Volumes/Update Network: Interface en0: Wi-Fi 802.11 a/b/g/n/ac Interface en2: Bluetooth PAN Proxies: HTTP, HTTPS Interface bridge0: Thunderbolt Bridge Proxies: HTTP, HTTPS iCloud Quota: 123.13 GB available System Software: macOS Big Sur 11.6.5 (20G527) Time since boot: About 5 days Notifications: EtreCheckPro 2.app one notification FrontendAgent.app one notification Safari.app 10 notifications Creative Cloud.app one notification Security: Gatekeeper: App Store and identified developers System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes Adware: Launchd: /Library/LaunchDaemons/com.AssistiveRecord.system.plist Executable: /Library/Application Support/.9244651991066275668/System/com.AssistiveRecord.system/AssistiveRecord.system r Reason: Adware pattern match Unsigned Files: Launchd: /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist Executable: /Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.rim.tunmgr.plist Executable: /Library/Application Support/BlackBerry/tunmgr Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.fitbit.galileod.plist Executable: /Library/Application Support/Fitbit Connect/galileod Details: Exact match found in the legitimate list - probably OK Launchd: ~/Library/LaunchAgents/com.AssistiveRecord.service.plist Executable: ~/Library/Application Support/.9244651991066275668/Services/com.AssistiveRecord.service/AssistiveRecord.service -s 6600 Details: Executable file is hidden - possibly adware Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.nordvpn.osx.helper.plist Executable: /Library/PrivilegedHelperTools/com.nordvpn.osx.helper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.17059776880098025560.8C9687D8DF30370B92CF6321005CA84EA6CAF44EAFE73771CC7B72903E7563AF.plist Executable: /Library/Application Support/com.12404342367073081522/15740896916662689525 '/Library/Application Support/com.12404342367073081522/2099699949628143303' gfgmdbennbhcfcmbmldpdphlbgkfoahi Default '/Library/Application Support/com.12404342367073081522/8910350496815713641' 40C0B55B-40FE-54D4-98C7-3E0AC6827682 Details: Domain name invalid - possibly adware Launchd: /Library/LaunchDaemons/com.wdc.WDPrivilegedHelper.plist Executable: /Library/PrivilegedHelperTools/com.wdc.WDPrivilegedHelper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchAgents/com.rim.PeerManager.plist Executable: /Library/Application Support/BlackBerry/PeerManager Details: Exact match found in the legitimate list - probably OK Safari Extension: ArchitecturePrime Safari Extension: VectorPath Login Item: /Applications/NordVPN.app/Contents/Library/LoginItems/NordVPNLauncher.app Plugin: /Library/Internet Plug-Ins/RL Secure Plug-In Layer.plugin Plugin: /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin Plugin: ~/Library/Internet Plug-Ins/UploadManager.plugin Plugin: ~/Library/Internet Plug-Ins/npUplayer.1.0.2.7.plugin Plugin: ~/Library/Internet Plug-Ins/ContentManager.plugin Plugin: ~/Library/Internet Plug-Ins/RocketEngine.plugin Apps: 11 Old Applications: 21 x86-only apps Kernel Extensions: /Library/Application Support/VirtualBox [Not Loaded] VBoxDrv.kext - org.virtualbox.kext.VBoxDrv (6.1.16) [Not Loaded] VBoxNetAdp.kext - org.virtualbox.kext.VBoxNetAdp (6.1.16) [Not Loaded] VBoxNetFlt.kext - org.virtualbox.kext.VBoxNetFlt (6.1.16) [Not Loaded] VBoxUSB.kext - org.virtualbox.kext.VBoxUSB (6.1.16) /Library/Extensions [Not Loaded] BlackBerryUSBCDCNCM.kext - com.BlackBerry.driver.USBCDCNCM (1.0.12 - SDK 10.7) [Not Loaded] hp_fax_io.kext - com.hp.kext.hp-fax-io (5.28.5 - SDK 10.13) [Not Loaded] hp_io_enabler_compound.kext - com.hp.kext.io.enabler.compound (3.4.0) [Not Loaded] hp_Inkjet9_io_enabler.kext - com.hp.print.hpio.Inkjet9.kext (2.12.1 - SDK 10.13) [Not Loaded] JMicronATA.kext - com.jmicron.JMicronATA (1.1.6) [Not Loaded] RIMBBUSB.kext - com.rim.driver.BlackBerryUSBDriverInt (2.2.14 - SDK 10.7) [Loaded] BlackBerryVirtualPrivateNetwork.kext - com.rim.driver.BlackBerryVirtualPrivateNetwork (1.0.18 - SDK 10.8) [Not Loaded] BJUSBLoad.kext - jp.co.canon.bj.print.BJUSBLoad (10.75.21 - SDK 10.8) [Not Loaded] CIJUSBLoad.kext - jp.co.canon.ij.print.CIJUSBLoad (16.0.10 - SDK 10.9) System Launch Daemons: [Not Loaded] 36 Apple tasks [Loaded] 213 Apple tasks [Running] 113 Apple tasks [Other] 2 Apple tasks System Launch Agents: [Not Loaded] 16 Apple tasks [Loaded] 195 Apple tasks [Running] 122 Apple tasks [Other] One Apple task Launch Daemons: [Loaded] com.17059776880098025560.8C9687D8DF30370B92CF6321005CA84EA6CAF44EAFE73771CC7B72903E7563AF.plist (? 2a5d5576 - installed 2022-04-08) [Loaded] com.AssistiveRecord.system.plist (Adware - installed 2022-04-06) [Loaded] com.BlueStacks.AppPlayer.bstservice_helper.plist (BlueStack Systems, Inc. - installed 2022-02-15) [Running] com.adobe.ARMDC.Communicator.plist (Adobe Inc. - installed 2022-02-15) [Running] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Inc. - installed 2022-02-15) [Running] com.adobe.acc.installer.v2.plist (Adobe Inc. - installed 2022-04-07) [Loaded] com.adobe.agsservice.plist (Adobe Inc. - installed 2022-02-15) [Loaded] com.apple.installer.osmessagetracing.plist (? dbb717cc - installed 2022-02-15) [Running] com.fitbit.galileod.plist (? 485714a8 - installed 2022-02-15) [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2022-02-15) [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2022-02-15) [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2022-03-16) [Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2022-02-15) [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2022-02-15) [Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Microsoft Corporation - installed 2022-03-30) [Running] com.nordvpn.osx.helper.plist (? e0112837 - installed 2022-02-15) [Not Loaded] com.oracle.java.Helper-Tool.plist (? 0 - installed ) [Other] com.rim.BBDaemon.plist (BlackBerry Limited - installed 2022-02-15) [Not Loaded] com.rim.nkehelper.plist (Apple - installed 2022-02-15) [Other] com.rim.tunmgr.plist (? 6f5f4ca9 - installed 2022-02-15) [Loaded] com.starstechnologies.updater.plist (Rational Intellectual Holdings Limited - installed 2022-02-15) [Loaded] com.wdc.WDPrivilegedHelper.plist (? 9f7f4405 - installed 2022-02-15) [Loaded] jp.co.canon.MasterInstaller.plist (? d0637166 - installed 2022-02-15) Launch Agents: [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Inc. - installed 2022-02-15) [Other] com.adobe.AdobeCreativeCloud.plist (Adobe Inc. - installed 2022-04-07) [Running] com.adobe.GC.AGM.plist (Adobe Inc. - installed 2022-02-15) [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2022-02-15) [Loaded] com.adobe.ccxprocess.plist (Adobe Inc. - installed 2022-03-10) [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2022-02-15) [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2022-03-16) [Other] com.rim.PeerManager.plist (? b92c3e99 - installed 2022-02-15) User Launch Agents: [Loaded] com.AssistiveRecord.service.plist (? 0 - installed 2022-04-09) [Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-12-24) [Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2021-08-23) [Loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2021-08-23) [Not Loaded] com.hp.devicemonitor.plist (HP Inc. - installed 2022-04-03) [Running] com.hp.productresearch.plist (HP Inc. - installed 2022-04-03) User Login Items: [Loaded] AdobeResourceSynchronizer (Adobe Inc. - installed 2022-04-04) Application /Applications/Adobe Acrobat Reader DC.app/Contents/Helpers/AdobeResourceSynchronizer.app [Running] CIJSULAgent (Canon Inc. - installed 2021-02-28) Modern Login Item /Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility Lite.app/Contents/Library/LoginItems/CIJSULAgent.app [Running] CanonIJExtendedSurveyLaunchAgent (Canon Inc. - installed 2021-02-28) Modern Login Item /Applications/Canon Utilities/Inkjet Extended Survey Program/Inkjet Extended Survey Program.app/Contents/MacOS/ESPController.app/Contents/Library/LoginItems/CanonIJExtendedSurveyLaunchAgent.app [Not Loaded] NordVPNLauncher (? - installed 2019-03-05) Modern Login Item /Applications/NordVPN.app/Contents/Library/LoginItems/NordVPNLauncher.app [Loaded] StartUpHelper (Spotify - installed 2018-08-20) Modern Login Item /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app [Not Loaded] PhotoStreamAgent (App Store - installed 2038-01-18) Modern Login Item /Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-03-17) Modern Login Item /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app [Running] HP Product Research (HP Inc. - installed 2019-03-17) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app Internet Plug-ins: AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2022-02-15) RL Secure Plug-In Layer: (? - installed 2022-02-15) AdobePDFViewer: 21.005.20058 (Adobe Systems, Inc. - installed 2022-02-15) PepperFlashPlayer: 32.0.0.465 (Adobe Inc. - installed 2020-12-11) AdobeAAMDetect: 3.0.0.0 (Adobe Inc. - installed 2022-04-07) SharePointBrowserPlugin: 14.7.7 (? - installed 2022-02-15) Safari Extensions: ArchitecturePrime (? - installed 2022-03-21) VectorPath (? - installed 2022-03-29) 3rd Party Preference Panes: MusicManager (Google, Inc. - installed 2020-08-25) Backup: Time Machine information not available without Full Drive Access. Performance: System Load: 2.26 (1 min ago) 2.82 (5 min ago) 2.83 (15 min ago) Nominal I/O speed: 0.39 MB/s File system: 35.99 seconds Write speed: 170 MB/s Read speed: 439 MB/s CPU Usage Snapshot: Type Overall System: 9 % User: 13 % Idle: 78 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) fontworker (2) 15.84 % (Apple) WindowServer 11.92 % (Apple) EtreCheckPro 7.88 % (Etresoft, Inc.) kernel_task 5.14 % (Apple) fontd (2) 4.80 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) kernel_task 172 MB (Apple) Google Chrome Helper (Renderer) (7) 91 MB (Google LLC) EtreCheckPro 61 MB (Etresoft, Inc.) NewsToday2 60 MB (Apple) AppleSpell 56 MB (Apple) Top Processes Snapshot by Network Use: Process (count) Input / Output (Source - Location) mDNSResponder 7 MB / 4 MB (Apple) Mail 242 KB / 117 KB (Apple) netbiosd 66 KB / 40 KB (Apple) trustd 69 KB / 5 KB (Apple) Notes 16 KB / 9 KB (Apple) Top Processes Snapshot by Energy Use: Process (count) Energy (0-100) (Source - Location) WindowServer 8 (Apple) airportd 1 (Apple) locationd 1 (Apple) ControlCenter 0 (Apple) identityservicesd 0 (Apple) Virtual Memory Information: Physical RAM: 4 GB Free RAM: 16 MB Used RAM: 3.32 GB Cached files: 679 MB Available RAM: 695 MB Swap Used: 772 MB Software Installs (past 60 days): Install Date Name (Version) 2022-02-15 macOS 11.6.4 (11.6.4) 2022-03-16 Microsoft AutoUpdate (4.45.22031300) 2022-03-16 Microsoft Excel (16.59.22031300) 2022-03-16 Microsoft OneNote (16.59.22031300) 2022-03-16 Microsoft Outlook (16.59.22031300) 2022-03-16 Microsoft PowerPoint (16.59.22031300) 2022-03-16 Microsoft Word (16.59.22031300) 2022-03-17 XProtectPlistConfigData (2158) 2022-03-17 macOS 11.6.5 (11.6.5) 2022-03-30 Microsoft Teams (1.00.435562) 2022-04-03 Adobe Acrobat DC (22.001.20085) (22.001.20085) 2022-04-04 MRTConfigData (1.91) 2022-04-04 Safari (15.4) 2022-04-04 Adobe Acrobat Reader DC (22.001.20085) (22.001.20085) Diagnostics Information (past 7-30 days): 2022-04-03 21:09:28 fseventsd High CPU Use Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd 2022-04-03 20:01:53 mds_stores Crash Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mds_stores Details: dyld3 mode [0x70000b29e000] *warn* 0. id:3 flags:e7 [0x70000b29e000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1 [0x70000b29e000] *warn* live.3. id:167 flags:88 [0x70000b29e000] *warn* live.2. id:168 flags:e7 [0x70000b29e000] *warn* live.1. id:163 flags:8b [0x70000b29e000] *warn* live.0. id:166 flags:e7 [0x70000b29e000] *warn* indexSet:0x7fa533a75e50 count:4 current:3 [0x70000b092000] *warn* 0. id:3 flags:e7 [0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1 [0x70000b092000] *warn* live.2. id:164 flags:88 [0x70000b092000] *warn* live.1. id:163 flags:8b [0x70000b092000] *warn* live.0. id:166 flags:e7 [0x70000b092000] *warn* indexSet:0x7fa533fbcba0 count:3 current:2 [0x70000b092000] *warn* 0. id:3 flags:e7 [0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1 [0x70000b092000] *warn* live.6. id:164 flags:88 [0x70000b092000] *warn* live.5. id:163 flags:8b [0x70000b092000] *warn* live.4. id:165 flags:e7 [0x70000b092000] *warn* live.3. id:160 flags:e7 [0x70000b092000] *warn* live.2. id:155 flags:e7 [0x70000b092000] *warn* live.1. id:150 flags:e7 [0x70000b092000] *warn* live.0. id:145 flags:e7 [0x70000b092000] *warn* indexSet:0x7fa533a45070 count:7 current:6 [0x70000b092000] *warn* 0. id:3 flags:e7 [0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1 [0x70000b092000] *warn* live.6. id:161 flags:88 [0x70000b092000] *warn* live.5. id:162 flags:e7 [0x70000b092000] *warn* live.4. id:158 flags:8b [0x70000b092000] *warn* live.3. id:160 flags:e7 [0x70000b092000] *warn* live.2. id:155 flags:e7 [0x70000b092000] *warn* live.1. id:150 flags:e7 [0x70000b092000] *warn* live.0. id:145 flags:e7 [0x70000b092000] *warn* indexSet:0x7fa522fc6ed0 count:7 current:6 [0x70000b29e000] *warn* time stamp should be more recent new:164899466 5, old:1648994730 [0x70000b739000] *warn* time stamp should be more recent new:164899446 9, old:1648994530 [0x70000b092000] *warn* 0. id:3 flags:e7 [0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1 [0x70000b092000] *warn* live.5. 2022-04-02 15:18:43 Stocks.app Crash Executable: /System/Applications/Stocks.app Details: dyld3 mode 2022-04-02 10:26:41 AMPLibraryAgent Crash Executable: /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent Details: dyld3 mode End of report


MacBook Air 13″, macOS 11.6

Posted on Apr 9, 2022 10:40 AM

Reply
1 reply
Sort By: 

Apr 9, 2022 11:32 AM in response to Dawn4354

Does Malware bytes remove it & it comes back? See if you have unknown Profiles. To remove a configuration profile in macOS: From the Apple menu, select System Preferences.... From the View menu in System Preferences, select Profiles.Note: Profiles won't be visible until you have at least one profile installed. Select the profile you want to remove, and then press the - (minus) button. Click Remove to remove the profile. Delete these files & restart... /Library/LaunchDaemons/com.AssistiveRecord.system.plist /Library/Application Support/.9244651991066275668/System/com.AssistiveRecord.system/AssistiveRecord.system r /Library/LaunchDaemons/com.17059776880098025560.8C9687D8DF30370B92CF6321005CA84EA6CAF44EAFE73771CC7B72903E7563AF.plist /Library/Application Support/com.12404342367073081522/15740896916662689525 '/Library/Application Support/com.12404342367073081522/2099699949628143303' gfgmdbennbhcfcmbmldpdphlbgkfoahi Default


Reply

Why does my browser continue to get highjacked?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.