I belive someone is hosting a webhost server or something to change website content. Also, if i google certain words the first meaning of the word is often wrong. I had someone over who did an badusb attack on me. i think someone is hosting a mirror server to mirror my whole computer..
here is my etrecheck log:
here is my etrecheck log:
Code:
EtreCheck version: 5.0.2 (5A012)
Report generated: 2018-10-02 22:19:46
Download EtreCheck from https://etrecheck.com
Runtime: 4:51
Performance: Good
Problem: Other problem
Major Issues:
Anything that appears on this list needs immediate attention.
No Time Machine backup - Time Machine backup not found.
Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.
System Integrity Protection disabled - System Integrity Protection is disabled. This computer is at risk of malware infection.
More than one antivirus app - This machine has multiple antivirus apps installed.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Heavy RAM usage - This machine is using a large amount of RAM.
Small backup drive - Time Machine backup drive is too small.
Apps crashing - There have been numerous app crashes.
Apps hanging - There have been numerous app hangs.
System modifications - There are a large number of system modifications running in the background.
Corrupt hosts file - Hosts file is corrupt.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
iMac (21.5-inch, Late 2013)
iMac Model: iMac14,1
1 3,49 GHz Intel Core i7 (i7-3770K) CPU: 4-core
16 RAM - Upgradeable
BANK0/DIMM0 - 4 GB DDR3 1600 ok
BANK1/DIMM0 - 4 GB DDR3 1600 ok
BANK0/DIMM1 - 4 GB DDR3 1600 ok
BANK1/DIMM1 - 4 GB DDR3 1600 ok
Video Information:
NVIDIA GeForce GTX 660 - VRAM: 1535 MB
M2550D 1920 x 1080
Drives:
disk0 - Hitachi HDS722020ALA330 2.00 TB (Mechanical - 7200 RPM)
Internal SATA 3 Gigabit Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 - H*********a (Journaled HFS+) 594.50 GB
disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB
disk0s4 - T**********e (Journaled HFS+) 716.05 GB
disk0s5 - S****a (Journaled HFS+) 688.20 GB (473.38 GB used)
Mounted Volumes:
disk0s5 - S****a 688.20 GB (214.56 GB free)
Journaled HFS+
Mount point: /
Network:
Interface en0: Ethernet
Interface en1: Xperia E3
Interface en3: Xperia Z3C
iCloud Status: one pending file
System Software:
macOS Sierra 10.12.6 (16G29)
Time since boot: About 4 hours
Configuration Files:
/etc/hosts - Count: 14 - Corrupt!
Security:
System Status
Gatekeeper Enabled
System Integrity Protection enabled (Custom Configuration)
Unsigned Files:
Launchd: /Library/LaunchDaemons/com.eltima.eveusb.daemon.plist
Executable: /Library/Frameworks/EveUSB.framework/Support/eveusbd
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.bresink.system.privilegedhelper-ts5.plist
Executable: /Library/PrivilegedHelperTools/com.bresink.system.privilegedhelper-ts5
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.maintain.CocktailScheduler.plist
Executable: /usr/bin/osascript -e try -e 'set schedulerOwner to do shell script "defaults read /Library/'Application Support'/Cocktail/Scheduler.plist SchedulerOwner"' -e 'do shell script "users"' -e 'if the result contains schedulerOwner then' -e 'do shell script "/bin/sh /Library/'Application Support'/Cocktail/Scheduler.sh"' -e 'end if' -e 'end try'
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.eset.esets_daemon.plist.old
Executable: /Applications/ESET Cyber Security Pro.app/Contents/MacOS/esets_ctl
Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/org.pqrs.Karabiner.load.plist
Executable: /Library/Application Support/org.pqrs/Karabiner/startup.sh start
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.adobe.fpsaud.plist
Executable: /Library/Application Support/Adobe/Flash Player Install Manager/fpsaud
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/at.obdev.littlesnitchd.plist
Executable: /Library/Little Snitch/Little Snitch Daemon.bundle/Contents/_MASReceipt/Hooker
Details: Exact match found in the whitelist - probably OK
32-bit Applications:
29 32-bit apps
Kernel Extensions:
/Applications/Hands Off!.app
HandsOff.kext (3.2.3 - SDK 10.9)
/Applications/Parallels Desktop.app
prl_hypervisor.kext (13.1.1 43120 - SDK 10.9)
prl_netbridge.kext (13.1.1 43120 - SDK 10.9)
prl_usb_connect.kext (13.1.1 43120 - SDK 10.9)
prl_vnic.kext (13.1.1 43120 - SDK 10.9)
/Applications/Tunnelblick.app
tap.kext (20141104 (Tunnelblick build 5120))
tun.kext (20141104 (Tunnelblick build 5120))
/Applications/VMware Fusion.app
VMwareVMCI.kext (8.5.7)
vmioplug.kext (8.5.7)
vmnet.kext (8.5.7)
vmmon.kext (8.5.7)
/Library/Application Support/ESET/esets/PlugIns/kext
esets_kac_64_106.kext (6.5.432 - SDK 10.6)
esets_mac_64_106.kext (6.5.432 - SDK 10.6)
esets_pfw_64_106.kext (6.5.432 - SDK 10.6)
/Library/Application Support/IPNetMonitorX/HelperTools
IPNetMonitor_NKE1.kext (v1.0.3 - SDK 10.9)
IPNetMonitor_TNKE.kext (v1.0.3 - SDK 10.9)
/Library/Application Support/Paragon Software/Snapshot
ParagonSnapshot.kext (2.1.3 - SDK 10.7)
/Library/Application Support/org.pqrs/Karabiner
Karabiner.signed.kext (10.22.0 - SDK 10.12)
/Library/Extensions
AppleALC.kext (1.0.19 - SDK 10.12)
LittleSnitch.kext (3.7.4 - SDK 10.11)
Niresh's Extra.kext (1.0 - SDK 10.8)
NIUSBAudio2DJ.kext (2.8.0 (R36) - SDK 10.9)
NIUSBAudio4DJ.kext (2.8.0 (R36) - SDK 10.9)
NIUSBAudioDriver.kext (2.8.0 (R36) - SDK 10.9)
NIUSBMaschineController.kext (2.6.0 (R82) - SDK 10.8)
NIUSBTraktorAudio2.kext (2.8.0 (R36) - SDK 10.9)
NIUSBTraktorKontrolS4.kext (2.8.0 (R36) - SDK 10.9)
NIUSBTraktorKontrolX1.kext (2.8.0 (R36) - SDK 10.9)
HoRNDIS.kext (9.2 - SDK 10.11)
com.malwarebytes.mbam.rtprotection.kext (3.0 - SDK 10.12)
ControllerMate.kext (4.6.0 - SDK 10.6)
ufsd_ExtFS.kext (11.0.278 - SDK 10.10)
ufsd_NTFS.kext (15.0.729 - SDK 10.10)
VDMounter.kext (111.2 - SDK 10.8)
USBInjectAll.kext (0.5.17 - SDK 10.11)
USBOverdrive.kext (3.3 - SDK 10.9)
GenericUSBXHCI.kext (1.2.11 - SDK 10.8)
DirectHW.kext (1.4 - SDK 10.11)
FakeSMC.kext (6.24-316-g197d663.1737 - SDK 10.8)
FakePCIID.kext (1.3.6 - SDK 10.6)
FakePCIID_XHCIMux.kext (1.3.6 - SDK 10.6)
VoodooPS2Controller.kext (1.8.25 - SDK 10.8)
NullCPUPowerManagement.kext (1.0.0d2 - SDK 10.12)
VoodooTSCSync.kext (1.1 - SDK 10.6)
/Library/Extensions/AppleALC.kext/Contents/PlugIns
PinConfigs.kext (1.0.0)
/Library/Extensions/ControllerMate.kext/Contents/PlugIns
CMUSBDevices.kext (4.6.0 - SDK 10.6)
CMUSBKeyboard.kext (1.0 - SDK 10.6)
CMUSBPointer.kext (1.0 - SDK 10.6)
/Library/Extensions/Niresh's Extra.kext/Contents/PlugIns
AHCIPortInjector.kext (1.0.1)
ATAPortInjector.kext (1.0.0)
IOAHCIBlockStorageInjector.kext (1.1.1)
SuperVIAATA.kext (1.0.3 - SDK 10.8)
ApplePCIIDE.kext (1.0.1)
AppleNForceATA.kext (1.0.4)
/Library/Extensions/USBOverdrive.kext/Contents/PlugIns
USBOverdriveBT.kext (3.3 - SDK 10.9)
USBOverdriveHID.kext (3.3)
/Library/Extensions/VoodooPS2Controller.kext/Contents/PlugIns
VoodooPS2Keyboard.kext (1.8.25 - SDK 10.8)
VoodooPS2Mouse.kext (1.8.25 - SDK 10.8)
VoodooPS2Trackpad.kext (1.8.25 - SDK 10.8)
/System/Library/Extensions
EyeTVAfaTechHidBlock.kext (1.1)
EyeTVCinergy450AudioBlock.kext (1.1)
EyeTVCinergyXSAudioBlock.kext (1.1)
EyeTVEmpiaAudioBlock.kext (1.1)
EyeTVVoyagerAudioBlock.kext (1.1)
RealtekRTL8111.kext (2.2.1 - SDK 10.11)
NVDAStartupWeb.kext (10.18.5 - OS X 10.7)
GeForceTeslaWeb.kext (10.18.5)
GeForceWeb.kext (10.18.5)
NVDAGF100HalWeb.kext (10.18.5)
NVDAGK100HalWeb.kext (10.18.5)
NVDAGM100HalWeb.kext (10.18.5)
NVDAGP100HalWeb.kext (10.18.5)
NVDANV50HalTeslaWeb.kext (10.18.5)
NVDAResmanTeslaWeb.kext (10.18.5)
NVDAResmanWeb.kext (10.18.5)
AppleHDADisabler.kext (1.0.1)
VoodooHDA.kext (2.8.8 - SDK 10.8)
System Launch Agents:
[Not Loaded] 10 Apple tasks
[Loaded] 180 Apple tasks
[Running] 96 Apple tasks
System Launch Daemons:
[Not Loaded] 54 Apple tasks
[Loaded] 169 Apple tasks
[Running] 93 Apple tasks
[Other] 2 Apple tasks
Launch Agents:
[Not Loaded] com.paragon-software.ntfs.notification-agent.plist (Paragon Software GmbH - installed 2017-05-24)
[Loaded] com.nvidia.nvagent.plist (NVIDIA Corporation - installed 2018-09-09)
[Not Loaded] com.oracle.java.Java-Updater.plist (? 57a58793 - installed 2017-07-29)
[Running] com.staticz.soundcontrol.agent.plist (Dominic Feira - installed 2018-01-18)
[Running] com.bjango.istatmenusagent.plist (Bjango Pty Ltd - installed 2017-08-06)
[Not Loaded] com.orderedbytes.ControllerMateHelper.plist (Ken Heglund - installed 2017-10-23)
[Not Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2018-09-09)
[Not Loaded] com.paragon-software.extfs.notification-agent.plist (Paragon Software GmbH - installed 2017-06-02)
[Running] com.bjango.istatmenusstatus.plist (Bjango Pty Ltd - installed 2017-08-06)
[Not Loaded] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-09-09)
[Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2018-09-09)
[Running] com.bjango.istatmenusnotifications.plist (Bjango Pty Ltd - installed 2017-08-06)
[Not Loaded] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2017-09-19)
[Running] at.obdev.LittleSnitchUIAgent.plist (Objective Development Software GmbH - installed 2017-10-22)
Launch Daemons:
[Loaded] com.adobe.fpsaud.plist (? 2afb3af7 - installed 2017-06-23)
[Loaded] com.bresink.system.privilegedhelper-ts5.plist (? 2ab87c3a - installed 2017-08-06)
[Not Loaded] org.pqrs.Karabiner.load.plist (? 44439558 - installed 2016-10-31)
[Loaded] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-09-19)
[Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-09-09)
[Loaded] com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2017-10-22)
[Not Loaded] com.maintain.CocktailScheduler.plist (? 300b8a41 - installed 2017-08-06)
[Not Loaded] org.virtualbox.startup.plist (? 0 - installed )
[Running] at.obdev.littlesnitchd.plist (? d0208090 - installed 2017-10-22)
[Not Loaded] com.maintain.HideSpotlightMenuBarIcon.plist (Apple - installed 2017-08-06)
[Running] com.bjango.istatmenusdaemon.plist (Bjango Pty Ltd - installed 2017-08-06)
[Loaded] com.macpaw.CleanMyMac4.Agent.plist (MacPaw Inc. - installed 2018-09-14)
[Running] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2017-09-30)
[Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2018-09-09)
[Not Loaded] com.eset.esets_daemon.plist.old (? 885d3557 - installed 2017-09-20)
[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-09-09)
[Loaded] com.nvidia.nvroothelper.plist (NVIDIA Corporation - installed 2018-09-09)
[Loaded] com.iobit.MBHelpToolerDaemon.plist (Apperience Corporation - installed 2017-11-16)
[Loaded] com.cocoatech.pathfinder.SMFHelper7.plist (Dragan Milic - installed 2017-10-13)
[Loaded] net.tunnelblick.tunnelblick.tunnelblickd.plist (Jonathan Bullard - installed 2018-09-14)
[Running] com.eltima.eveusb.daemon.plist (? 41386aaf - installed 2017-10-21)
[Loaded] com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2017-07-22)
[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2018-08-13)
[Other] com.spotflux.Spotflux.tun.plist (Apple - installed 2017-07-15)
[Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-09-09)
[Other] hackintosh.zone.voodooloader.plist (Apple - installed 2017-07-15)
User Launch Agents:
[Not Loaded] com.iobit.MacBoosterMini6.plist (Apperience Corporation - installed 2017-11-15)
[Loaded] com.macpaw.CleanMyMac4.HealthMonitor.plist (MacPaw Inc. - installed 2018-09-14)
[Loaded] net.tunnelblick.tunnelblick.LaunchAtLogin.plist (? 0 - installed 2018-08-01)
[Not Loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2018-09-03)
User Login Items:
CrossOver CD Helper.app (? - installed 2018-05-07)
(/Applications/CrossOver.app/Contents/Resources/CrossOver CD Helper.app)
Internet Plug-ins:
AdobeAAMDetect: 3.0.0.0 (installed 2017-10-22)
FlashPlayer-10.6: 26.0.0.131 (installed 2017-07-21)
QuickTime Plugin: 7.7.3 (installed 2017-08-06)
AdobePDFViewerNPAPI: 17.012.20098 (installed 2018-09-14)
AdobePDFViewer: 18.011.20058 (installed 2018-09-14)
DivX Web Player: 3.8.5.2 (installed 2017-08-07)
Flash Player: 26.0.0.131 (installed 2017-07-21)
PepperFlashPlayer: 26.0.0.131 (installed 2017-06-21)
Silverlight: 5.1.50901.0 (installed 2017-06-01)
JavaAppletPlugin: Java 8 Update 144 build 01 (installed 2017-10-15)
Safari Extensions:
OpenIE.safariextz - Parallels - http://www.parallels.com (installed 2017-10-27)
3rd Party Preference Panes:
Flash Player (installed 2017-06-23)
Java (installed 2017-08-01)
Native Instruments USB Audio (installed 2017-03-20)
NTFS (installed 2017-06-02)
NVIDIA Driver Manager (installed 2018-09-09)
USB Overdrive (installed 2017-10-14)
VoodooHDA (installed 2015-09-09)
Time Machine:
Time Machine Not Configured!
Performance:
System Load: 0.68 (1 min ago) 0.71 (5 min ago) 0.58 (15 min ago)
Nominal I/O speed: 0.96 MB/s
File system: 20.99 seconds
Write speed: 59 MB/s
Read speed: 60 MB/s
Top Processes by CPU:
Process (count) Source CPU Location
plugin-container (5) Mozilla Corporation 50.34 %
firefox Mozilla Corporation 30.44 %
EtreCheckPro Etresoft, Inc. 9.22 %
kernel_task Apple 7.13 %
WindowServer Apple 6.60 %
Top Processes by Memory:
Process (count) Source RAM usage Location
plugin-container (5) Mozilla Corporation 2.29 GB
kernel_task Apple 1019 MB
firefox Mozilla Corporation 828 MB
EtreCheckPro Etresoft, Inc. 585 MB
Path Finder ? 335 MB /Applications/Path Finder.app
Top Processes by Network Use:
Process Source Input Output Location
firefox Mozilla Corporation 3 MB 153 KB
mDNSResponder Apple 471 B 235 B
ntpd Apple 0 B 144 B
kernel_task Apple 0 B 0 B
cdpd Apple 0 B 0 B
Virtual Memory Information:
Available RAM 8.23 GB
Free RAM 914 MB
Used RAM 7.77 GB
Cached files 7.34 GB
Swap Used 0 B
Diagnostics Information (past 7 days):
2018-10-02 22:16:12 photoanalysisd Crash
/System/Library/PrivateFrameworks/PhotoAnalysis.framework/Versions/A/Support/photoanalysisd
dyld: launch, loading dependent libraries
2018-10-02 22:16:12 cloudphotosd.app Crash
/System/Library/CoreServices/cloudphotosd.app
dyld: launch, loading dependent libraries
2018-10-02 22:14:22 VTDecoderXPCService Crash
/System/Library/Frameworks/VideoToolbox.framework/Versions/A/XPCServices/VTDecoderXPCService.xpc/Contents/MacOS/VTDecoderXPCService
2018-10-02 17:23:19 com.apple.CloudPhotosConfiguration Crash
/System/Library/PrivateFrameworks/CloudPhotoServices.framework/Versions/A/Frameworks/CloudPhotosConfigurationXPC.framework/Versions/A/XPCServices/com.apple.CloudPhotosConfiguration.xpc/Contents/MacOS/com.apple.CloudPhotosConfiguration
dyld: launch, loading dependent libraries
2018-10-02 15:33:43 mediaanalysisd Crash
/System/Library/PrivateFrameworks/VideoProcessing.framework/Versions/A/mediaanalysisd
dyld: launch, loading dependent libraries
2018-10-02 13:08:47 Kodi 2.app CPU
/Applications/Kodi 2.app
2018-10-02 12:16:54 UniversalAccessPref.prefPane Crash
/System/Library/PreferencePanes/UniversalAccessPref.prefPane
Crashing on exception: <NSViewServiceMarshal: 0x7ffdc6c03bd0> was unable to obtain a view; did the -loadView method of <UniversalAccessPrefRemoteViewService: 0x6100000f8d80> call -setView:? Did it pass a non-nil value?
2018-09-30 15:53:49 spindump Crash
/usr/sbin/spindump
2018-09-29 15:55:33 iStat Menus Status.app Crash
/Library/Application Support/iStat Menus 5/iStat Menus Status.app
2018-09-29 14:18:17 Opera.app Hang
/Applications/Opera.app
2018-09-29 13:30:13 Little Snitch Network Monitor.app Crash
/Library/Little Snitch/Little Snitch Network Monitor.app
objc_msgSend() selector name: removeToken:
2018-09-29 11:25:27 sudo Crash
/usr/bin/sudo
Detected over-release of a CFTypeRef
2018-09-29 09:43:30 Preview.app Hang
/Applications/Preview.app
2018-09-27 13:26:26 ESET Cyber Security Pro.app Hang
/Applications/ESET Cyber Security Pro.app
End of report