Why does my browser continue to get highjacked?
EtreCheckPro version: 6.5.6 (6F041)
Report generated: 2022-04-09 10:23:30
Download EtreCheckPro from https://etrecheck.com
Runtime: 5:31
Performance: Below Average
Problem: Other problem
Description:
browser highjacked
Major Issues:
Anything that appears on this list needs immediate attention.
Proxies - Network proxies detected. This could be evidence of malware.
Adware - Adware detected.
Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.
Obsolete hardware - This computer may be considered obsolete.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.
SSD too slow - SSD is showing poor performance.
No Time Machine backup - Time Machine backup not found.
Unsigned files - There are unsigned software files installed. Apple has said that unsigned software will not run by default in a future version of the operating system.
System modifications - There are a large number of system modifications running in the background.
x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system.
Limited drive access - More information may be available with Full Drive Access.
Kernel extensions present - This computer has kernel extensions that may not work in the future.
Hardware Information:
MacBook Air (13-inch, Early 2014) - Obsolete!
MacBook Air Model: MacBookAir6,2
1.4 GHz Dual-Core Intel Core i5 (i5-4260U) CPU: 2-core
4 GB RAM - Not upgradeable
BANK 0/DIMM0 - 2 GB DDR3 1600
BANK 1/DIMM0 - 2 GB DDR3 1600
Battery: Health = Normal - Cycle count = 681
Video Information:
Intel HD Graphics 5000 - VRAM: 1536 MB
Color LCD 1440 x 900
Drives:
disk0 - APPLE SSD SD0256F 251.00 GB (Solid State - TRIM: Yes)
Internal PCI 5.0 GT/s x2 Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 [APFS Container] 250.79 GB
disk1 [APFS Virtual drive] 250.79 GB (Shared by 6 volumes)
disk1s1 - Macintosh HD - Data (APFS) [APFS Virtual drive] (Shared - 191.32 GB used)
disk1s2 - Preboot (APFS) [APFS Preboot] (Shared - 554 MB used)
disk1s3 - Recovery (APFS) [Recovery] (Shared - 624 MB used)
disk1s4 - VM (APFS) [APFS VM] (Shared - 3.22 GB used)
disk1s5 (APFS) [APFS Container] (Shared - 15.33 GB used)
disk1s5s1 - Macintosh HD (APFS) [APFS Snapshot] (Shared - 15.33 GB used)
disk1s6 - Update (APFS) (Shared - 4 MB used)
Mounted Volumes:
disk1s1 - Macintosh HD - Data [APFS Virtual drive]
250.79 GB (Shared - 191.32 GB used, 41.91 GB available, 39.60 GB free)
APFS
Mount point: /System/Volumes/Data
Encrypted
disk1s2 - Preboot [APFS Preboot]
250.79 GB (Shared - 554 MB used, 39.60 GB free)
APFS
Mount point: /System/Volumes/Preboot
disk1s4 - VM [APFS VM]
250.79 GB (Shared - 3.22 GB used, 39.60 GB free)
APFS
Mount point: /System/Volumes/VM
disk1s5s1 - Macintosh HD [APFS Snapshot]
250.79 GB (Shared - 15.33 GB used, 41.91 GB available, 39.60 GB free)
APFS
Mount point: /
Read-only: Yes
disk1s6 - Update
250.79 GB (Shared - 4 MB used, 39.60 GB free)
APFS
Mount point: /System/Volumes/Update
Network:
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
Interface en2: Bluetooth PAN
Proxies: HTTP, HTTPS
Interface bridge0: Thunderbolt Bridge
Proxies: HTTP, HTTPS
iCloud Quota: 123.13 GB available
System Software:
macOS Big Sur 11.6.5 (20G527)
Time since boot: About 5 days
Notifications:
EtreCheckPro 2.app
one notification
FrontendAgent.app
one notification
Safari.app
10 notifications
Creative Cloud.app
one notification
Security:
Gatekeeper: App Store and identified developers
System Integrity Protection: Enabled
Antivirus software: Apple and Malwarebytes
Adware:
Launchd: /Library/LaunchDaemons/com.AssistiveRecord.system.plist
Executable: /Library/Application Support/.9244651991066275668/System/com.AssistiveRecord.system/AssistiveRecord.system r
Reason: Adware pattern match
Unsigned Files:
Launchd: /Library/LaunchDaemons/jp.co.canon.MasterInstaller.plist
Executable: /Library/PrivilegedHelperTools/jp.co.canon.MasterInstaller
Details: Exact match found in the legitimate list - probably OK
Launchd: /Library/LaunchDaemons/com.rim.tunmgr.plist
Executable: /Library/Application Support/BlackBerry/tunmgr
Details: Exact match found in the legitimate list - probably OK
Launchd: /Library/LaunchDaemons/com.fitbit.galileod.plist
Executable: /Library/Application Support/Fitbit Connect/galileod
Details: Exact match found in the legitimate list - probably OK
Launchd: ~/Library/LaunchAgents/com.AssistiveRecord.service.plist
Executable: ~/Library/Application Support/.9244651991066275668/Services/com.AssistiveRecord.service/AssistiveRecord.service -s 6600
Details: Executable file is hidden - possibly adware
Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
Details: Exact match found in the legitimate list - probably OK
Launchd: /Library/LaunchDaemons/com.nordvpn.osx.helper.plist
Executable: /Library/PrivilegedHelperTools/com.nordvpn.osx.helper
Details: Exact match found in the legitimate list - probably OK
Launchd: /Library/LaunchDaemons/com.17059776880098025560.8C9687D8DF30370B92CF6321005CA84EA6CAF44EAFE73771CC7B72903E7563AF.plist
Executable: /Library/Application Support/com.12404342367073081522/15740896916662689525 '/Library/Application Support/com.12404342367073081522/2099699949628143303' gfgmdbennbhcfcmbmldpdphlbgkfoahi Default '/Library/Application Support/com.12404342367073081522/8910350496815713641' 40C0B55B-40FE-54D4-98C7-3E0AC6827682
Details: Domain name invalid - possibly adware
Launchd: /Library/LaunchDaemons/com.wdc.WDPrivilegedHelper.plist
Executable: /Library/PrivilegedHelperTools/com.wdc.WDPrivilegedHelper
Details: Exact match found in the legitimate list - probably OK
Launchd: /Library/LaunchAgents/com.rim.PeerManager.plist
Executable: /Library/Application Support/BlackBerry/PeerManager
Details: Exact match found in the legitimate list - probably OK
Safari Extension: ArchitecturePrime
Safari Extension: VectorPath
Login Item: /Applications/NordVPN.app/Contents/Library/LoginItems/NordVPNLauncher.app
Plugin: /Library/Internet Plug-Ins/RL Secure Plug-In Layer.plugin
Plugin: /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin
Plugin: ~/Library/Internet Plug-Ins/UploadManager.plugin
Plugin: ~/Library/Internet Plug-Ins/npUplayer.1.0.2.7.plugin
Plugin: ~/Library/Internet Plug-Ins/ContentManager.plugin
Plugin: ~/Library/Internet Plug-Ins/RocketEngine.plugin
Apps: 11
Old Applications:
21 x86-only apps
Kernel Extensions:
/Library/Application Support/VirtualBox
[Not Loaded] VBoxDrv.kext - org.virtualbox.kext.VBoxDrv (6.1.16)
[Not Loaded] VBoxNetAdp.kext - org.virtualbox.kext.VBoxNetAdp (6.1.16)
[Not Loaded] VBoxNetFlt.kext - org.virtualbox.kext.VBoxNetFlt (6.1.16)
[Not Loaded] VBoxUSB.kext - org.virtualbox.kext.VBoxUSB (6.1.16)
/Library/Extensions
[Not Loaded] BlackBerryUSBCDCNCM.kext - com.BlackBerry.driver.USBCDCNCM (1.0.12 - SDK 10.7)
[Not Loaded] hp_fax_io.kext - com.hp.kext.hp-fax-io (5.28.5 - SDK 10.13)
[Not Loaded] hp_io_enabler_compound.kext - com.hp.kext.io.enabler.compound (3.4.0)
[Not Loaded] hp_Inkjet9_io_enabler.kext - com.hp.print.hpio.Inkjet9.kext (2.12.1 - SDK 10.13)
[Not Loaded] JMicronATA.kext - com.jmicron.JMicronATA (1.1.6)
[Not Loaded] RIMBBUSB.kext - com.rim.driver.BlackBerryUSBDriverInt (2.2.14 - SDK 10.7)
[Loaded] BlackBerryVirtualPrivateNetwork.kext - com.rim.driver.BlackBerryVirtualPrivateNetwork (1.0.18 - SDK 10.8)
[Not Loaded] BJUSBLoad.kext - jp.co.canon.bj.print.BJUSBLoad (10.75.21 - SDK 10.8)
[Not Loaded] CIJUSBLoad.kext - jp.co.canon.ij.print.CIJUSBLoad (16.0.10 - SDK 10.9)
System Launch Daemons:
[Not Loaded] 36 Apple tasks
[Loaded] 213 Apple tasks
[Running] 113 Apple tasks
[Other] 2 Apple tasks
System Launch Agents:
[Not Loaded] 16 Apple tasks
[Loaded] 195 Apple tasks
[Running] 122 Apple tasks
[Other] One Apple task
Launch Daemons:
[Loaded] com.17059776880098025560.8C9687D8DF30370B92CF6321005CA84EA6CAF44EAFE73771CC7B72903E7563AF.plist (? 2a5d5576 - installed 2022-04-08)
[Loaded] com.AssistiveRecord.system.plist (Adware - installed 2022-04-06)
[Loaded] com.BlueStacks.AppPlayer.bstservice_helper.plist (BlueStack Systems, Inc. - installed 2022-02-15)
[Running] com.adobe.ARMDC.Communicator.plist (Adobe Inc. - installed 2022-02-15)
[Running] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Inc. - installed 2022-02-15)
[Running] com.adobe.acc.installer.v2.plist (Adobe Inc. - installed 2022-04-07)
[Loaded] com.adobe.agsservice.plist (Adobe Inc. - installed 2022-02-15)
[Loaded] com.apple.installer.osmessagetracing.plist (? dbb717cc - installed 2022-02-15)
[Running] com.fitbit.galileod.plist (? 485714a8 - installed 2022-02-15)
[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2022-02-15)
[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2022-02-15)
[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2022-03-16)
[Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2022-02-15)
[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2022-02-15)
[Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Microsoft Corporation - installed 2022-03-30)
[Running] com.nordvpn.osx.helper.plist (? e0112837 - installed 2022-02-15)
[Not Loaded] com.oracle.java.Helper-Tool.plist (? 0 - installed )
[Other] com.rim.BBDaemon.plist (BlackBerry Limited - installed 2022-02-15)
[Not Loaded] com.rim.nkehelper.plist (Apple - installed 2022-02-15)
[Other] com.rim.tunmgr.plist (? 6f5f4ca9 - installed 2022-02-15)
[Loaded] com.starstechnologies.updater.plist (Rational Intellectual Holdings Limited - installed 2022-02-15)
[Loaded] com.wdc.WDPrivilegedHelper.plist (? 9f7f4405 - installed 2022-02-15)
[Loaded] jp.co.canon.MasterInstaller.plist (? d0637166 - installed 2022-02-15)
Launch Agents:
[Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Inc. - installed 2022-02-15)
[Other] com.adobe.AdobeCreativeCloud.plist (Adobe Inc. - installed 2022-04-07)
[Running] com.adobe.GC.AGM.plist (Adobe Inc. - installed 2022-02-15)
[Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2022-02-15)
[Loaded] com.adobe.ccxprocess.plist (Adobe Inc. - installed 2022-03-10)
[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2022-02-15)
[Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2022-03-16)
[Other] com.rim.PeerManager.plist (? b92c3e99 - installed 2022-02-15)
User Launch Agents:
[Loaded] com.AssistiveRecord.service.plist (? 0 - installed 2022-04-09)
[Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-12-24)
[Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2021-08-23)
[Loaded] com.google.keystone.xpcservice.plist (Google, Inc. - installed 2021-08-23)
[Not Loaded] com.hp.devicemonitor.plist (HP Inc. - installed 2022-04-03)
[Running] com.hp.productresearch.plist (HP Inc. - installed 2022-04-03)
User Login Items:
[Loaded] AdobeResourceSynchronizer (Adobe Inc. - installed 2022-04-04)
Application
/Applications/Adobe Acrobat Reader DC.app/Contents/Helpers/AdobeResourceSynchronizer.app
[Running] CIJSULAgent (Canon Inc. - installed 2021-02-28)
Modern Login Item
/Applications/Canon Utilities/IJ Scan Utility/Canon IJ Scan Utility Lite.app/Contents/Library/LoginItems/CIJSULAgent.app
[Running] CanonIJExtendedSurveyLaunchAgent (Canon Inc. - installed 2021-02-28)
Modern Login Item
/Applications/Canon Utilities/Inkjet Extended Survey Program/Inkjet Extended Survey Program.app/Contents/MacOS/ESPController.app/Contents/Library/LoginItems/CanonIJExtendedSurveyLaunchAgent.app
[Not Loaded] NordVPNLauncher (? - installed 2019-03-05)
Modern Login Item
/Applications/NordVPN.app/Contents/Library/LoginItems/NordVPNLauncher.app
[Loaded] StartUpHelper (Spotify - installed 2018-08-20)
Modern Login Item
/Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app
[Not Loaded] PhotoStreamAgent (App Store - installed 2038-01-18)
Modern Login Item
/Applications/iPhoto.app/Contents/Library/LoginItems/PhotoStreamAgent.app
[Not Loaded] HP Device Monitor (HP Inc. - installed 2019-03-17)
Modern Login Item
/Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app
[Running] HP Product Research (HP Inc. - installed 2019-03-17)
Modern Login Item
/Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app
Internet Plug-ins:
AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2022-02-15)
RL Secure Plug-In Layer: (? - installed 2022-02-15)
AdobePDFViewer: 21.005.20058 (Adobe Systems, Inc. - installed 2022-02-15)
PepperFlashPlayer: 32.0.0.465 (Adobe Inc. - installed 2020-12-11)
AdobeAAMDetect: 3.0.0.0 (Adobe Inc. - installed 2022-04-07)
SharePointBrowserPlugin: 14.7.7 (? - installed 2022-02-15)
Safari Extensions:
ArchitecturePrime (? - installed 2022-03-21)
VectorPath (? - installed 2022-03-29)
3rd Party Preference Panes:
MusicManager (Google, Inc. - installed 2020-08-25)
Backup:
Time Machine information not available without Full Drive Access.
Performance:
System Load: 2.26 (1 min ago) 2.82 (5 min ago) 2.83 (15 min ago)
Nominal I/O speed: 0.39 MB/s
File system: 35.99 seconds
Write speed: 170 MB/s
Read speed: 439 MB/s
CPU Usage Snapshot:
Type Overall
System: 9 %
User: 13 %
Idle: 78 %
Top Processes Snapshot by CPU:
Process (count) CPU (Source - Location)
fontworker (2) 15.84 % (Apple)
WindowServer 11.92 % (Apple)
EtreCheckPro 7.88 % (Etresoft, Inc.)
kernel_task 5.14 % (Apple)
fontd (2) 4.80 % (Apple)
Top Processes Snapshot by Memory:
Process (count) RAM usage (Source - Location)
kernel_task 172 MB (Apple)
Google Chrome Helper (Renderer) (7) 91 MB (Google LLC)
EtreCheckPro 61 MB (Etresoft, Inc.)
NewsToday2 60 MB (Apple)
AppleSpell 56 MB (Apple)
Top Processes Snapshot by Network Use:
Process (count) Input / Output (Source - Location)
mDNSResponder 7 MB / 4 MB (Apple)
Mail 242 KB / 117 KB (Apple)
netbiosd 66 KB / 40 KB (Apple)
trustd 69 KB / 5 KB (Apple)
Notes 16 KB / 9 KB (Apple)
Top Processes Snapshot by Energy Use:
Process (count) Energy (0-100) (Source - Location)
WindowServer 8 (Apple)
airportd 1 (Apple)
locationd 1 (Apple)
ControlCenter 0 (Apple)
identityservicesd 0 (Apple)
Virtual Memory Information:
Physical RAM: 4 GB
Free RAM: 16 MB
Used RAM: 3.32 GB
Cached files: 679 MB
Available RAM: 695 MB
Swap Used: 772 MB
Software Installs (past 60 days):
Install Date Name (Version)
2022-02-15 macOS 11.6.4 (11.6.4)
2022-03-16 Microsoft AutoUpdate (4.45.22031300)
2022-03-16 Microsoft Excel (16.59.22031300)
2022-03-16 Microsoft OneNote (16.59.22031300)
2022-03-16 Microsoft Outlook (16.59.22031300)
2022-03-16 Microsoft PowerPoint (16.59.22031300)
2022-03-16 Microsoft Word (16.59.22031300)
2022-03-17 XProtectPlistConfigData (2158)
2022-03-17 macOS 11.6.5 (11.6.5)
2022-03-30 Microsoft Teams (1.00.435562)
2022-04-03 Adobe Acrobat DC (22.001.20085) (22.001.20085)
2022-04-04 MRTConfigData (1.91)
2022-04-04 Safari (15.4)
2022-04-04 Adobe Acrobat Reader DC (22.001.20085) (22.001.20085)
Diagnostics Information (past 7-30 days):
2022-04-03 21:09:28 fseventsd High CPU Use
Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/FSEvents.framework/Versions/A/Support/fseventsd
2022-04-03 20:01:53 mds_stores Crash
Executable: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Support/mds_stores
Details:
dyld3 mode
[0x70000b29e000] *warn* 0. id:3 flags:e7
[0x70000b29e000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1
[0x70000b29e000] *warn* live.3. id:167 flags:88
[0x70000b29e000] *warn* live.2. id:168 flags:e7
[0x70000b29e000] *warn* live.1. id:163 flags:8b
[0x70000b29e000] *warn* live.0. id:166 flags:e7
[0x70000b29e000] *warn* indexSet:0x7fa533a75e50 count:4 current:3
[0x70000b092000] *warn* 0. id:3 flags:e7
[0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1
[0x70000b092000] *warn* live.2. id:164 flags:88
[0x70000b092000] *warn* live.1. id:163 flags:8b
[0x70000b092000] *warn* live.0. id:166 flags:e7
[0x70000b092000] *warn* indexSet:0x7fa533fbcba0 count:3 current:2
[0x70000b092000] *warn* 0. id:3 flags:e7
[0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1
[0x70000b092000] *warn* live.6. id:164 flags:88
[0x70000b092000] *warn* live.5. id:163 flags:8b
[0x70000b092000] *warn* live.4. id:165 flags:e7
[0x70000b092000] *warn* live.3. id:160 flags:e7
[0x70000b092000] *warn* live.2. id:155 flags:e7
[0x70000b092000] *warn* live.1. id:150 flags:e7
[0x70000b092000] *warn* live.0. id:145 flags:e7
[0x70000b092000] *warn* indexSet:0x7fa533a45070 count:7 current:6
[0x70000b092000] *warn* 0. id:3 flags:e7
[0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1
[0x70000b092000] *warn* live.6. id:161 flags:88
[0x70000b092000] *warn* live.5. id:162 flags:e7
[0x70000b092000] *warn* live.4. id:158 flags:8b
[0x70000b092000] *warn* live.3. id:160 flags:e7
[0x70000b092000] *warn* live.2. id:155 flags:e7
[0x70000b092000] *warn* live.1. id:150 flags:e7
[0x70000b092000] *warn* live.0. id:145 flags:e7
[0x70000b092000] *warn* indexSet:0x7fa522fc6ed0 count:7 current:6
[0x70000b29e000] *warn* time stamp should be more recent new:164899466
5, old:1648994730
[0x70000b739000] *warn* time stamp should be more recent new:164899446
9, old:1648994530
[0x70000b092000] *warn* 0. id:3 flags:e7
[0x70000b092000] *warn* indexSet:0x7fa541c06ab0 count:1 current:-1
[0x70000b092000] *warn* live.5.
2022-04-02 15:18:43 Stocks.app Crash
Executable: /System/Applications/Stocks.app
Details:
dyld3 mode
2022-04-02 10:26:41 AMPLibraryAgent Crash
Executable: /System/Library/PrivateFrameworks/AMPLibrary.framework/Versions/A/Support/AMPLibraryAgent
Details:
dyld3 mode
End of report
MacBook Air 13″, macOS 11.6
Posted on Apr 9, 2022 10:40 AM
Upvote if this is a clear question
Downvote if this question isn’t clear