EtreCheckPro version: 6.7 (67009) Report generated: 2022-08-11 07:53:18 Download EtreCheckPro from https://etrecheck.com Runtime: 4:23 Performance: Good Problem: Other problem Description: It been a while since my mac keep on installing these unknown apps wit h a magnifying glass icon in a grey background. Whenever these things pop up, suddenly Safari opens, and i don't even use that browser, I us e Brave Browser by the way. So i keep on deleting these unknown apps b ut they keep on reinstalling on my computer without my permission. Major Issues: Anything that appears on this list needs immediate attention. Malware - Malware detected. Unsigned files - There are unsigned software files installed that could be malicious and should be reviewed. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. Low disk space - This computer is running low on free hard drive space. Clean up - There are orphan files that could be removed. Unsigned files - There are unsigned software files installed. These files could be old, incompatible, and cause problems. They should be reviewed. System modifications - There are a large number of system modifications running in the background. x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system. Limited permissions - More information may be available with Full Disk Access. Kernel extensions present - This computer has kernel extensions that may not work in the future. Hardware Information: MacBook Air (13-inch, 2017) MacBook Air Model: MacBookAir7,2 1.8 GHz Dual-Core Intel Core i5 (i5-5350U) CPU: 2-core 8 GB RAM - Not upgradeable BANK 0/DIMM0 - 4 GB DDR3 1600 BANK 1/DIMM0 - 4 GB DDR3 1600 Battery: Health = Normal - Cycle count = 342 Video Information: Intel HD Graphics 6000 - VRAM: 1536 MB Color LCD 1440 x 900 Drives: disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x4 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [APFS Container] 121.12 GB disk1 [APFS Virtual drive] 121.12 GB (Shared by 6 volumes) disk1s1 - Macintosh HD - Data (APFS) [APFS Virtual drive] (78.91 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (573 MB used) disk1s3 - Recovery (APFS) [Recovery] (1.12 GB used) disk1s4 - VM (APFS) [APFS VM] (1.07 GB used) disk1s5 (APFS) [APFS Container] (15.42 GB used) disk1s5s1 - Macintosh HD (APFS) [APFS Snapshot] (15.42 GB used) disk1s6 - Update (APFS) (9 MB used) Mounted Volumes: disk1s1 - Macintosh HD - Data [APFS Virtual drive] Filesystem: APFS Mount point: /System/Volumes/Data Used: 78.91 GB Shared values Size: 121.12 GB Free: 23.90 GB Available: 24.02 GB disk1s2 - Preboot [APFS Preboot] Filesystem: APFS Mount point: /System/Volumes/Preboot Used: 573 MB Shared values Size: 121.12 GB Free: 23.90 GB disk1s4 - VM [APFS VM] Filesystem: APFS Mount point: /System/Volumes/VM Used: 1.07 GB Shared values Size: 121.12 GB Free: 23.90 GB disk1s5s1 - Macintosh HD [APFS Snapshot] Filesystem: APFS Mount point: / Read-only: Yes Used: 15.42 GB Shared values Size: 121.12 GB Free: 23.90 GB Available: 24.02 GB disk1s6 - Update Filesystem: APFS Mount point: /System/Volumes/Update Used: 9 MB Shared values Size: 121.12 GB Free: 23.90 GB Network: Interface en0: Wi-Fi 802.11 a/b/g/n/ac Interface bridge0: Thunderbolt Bridge iCloud Status: one pending file System Software: macOS Monterey 12.5 (21G72) Time since boot: Less than an hour Security: Gatekeeper: App Store and identified developers System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes Malware: Launchd: /Library/LaunchDaemons/com.ConnectionCached.plist Executable: /var/root/Library/Application Support/.SeoDBgwCBAQHhA0FhjQwP7M3dg==/ConnectionCache.gqa/ConnectionCachefld pd Reason: Malware pattern match Launchd: /Library/LaunchDaemons/com.ConnectionCache.system.plist Executable: /Library/Application Support/.2717498762591348536/System/com.ConnectionCache.system/ConnectionCache.system r Reason: Malware pattern match Unsigned Files: Launchd: /Library/LaunchDaemons/com.2212670367886837812.5DCBD99EFB4B79B55E254EB7A228CD1EB93EAA2ED337499F1C8A289B43EBB10A.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' jjngnlfoanjnldlbfnhhfaeenmnhbjhp 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.5C4BC45EFD91C14F1E72107F5414CA970043C598942F75D97537331C4E5DCE9D.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' jnanhkobgacnfkdnjjhakidkinjgdmhk 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/org.6052073606381774583.FEFE9F35-0A4D-464C-9719-A47AE76057EB.plist Executable: /Library/Application Support/15124453516270089783/org.15124453516270089783_.15124453516270089783/_3638416662334290851_ Launchd: ~/Library/LaunchAgents/com.311914335583730018.plist Executable: ~/Library/Application Support/com.13374311640335583586/3511776244862875643 69F5E014-B14B-5C8F-B763-CD39B56AFA1C 1137 Launchd: /Library/LaunchDaemons/com.2212670367886837812.DD960C5B98E251B1539F578AB06DDC179A5C85F0232AECAA5BB5A72F1F1BE048.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' ckfdjmoomojdgjmkkkbmfbjpcfhnbmgg 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/org.virtualbox.startup.plist Executable: /Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart Details: Exact match found in the legitimate list - probably OK Launchd: ~/Library/LaunchAgents/org.2479077414780970439.plist Executable: ~/Library/Application Support/org.1104549366831175633/app_assistant Launchd: /Library/LaunchDaemons/com.2212670367886837812.CC597A7666CE68956D76CDB6E443893E5928C394AE19B75ED1C3AE2C64C7529F.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' meofmanfcehgipkhncoknhmdcjmlbano 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchAgents/com.paragon-software.NTFS.fsnotifyagent.plist Executable: /Library/PreferencePanes/NTFSforMacOSX.prefPane/Contents/Resources/fsnotifyagent.app/Contents/MacOS/fsnotifyagent Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper Details: Exact match found in the legitimate list - probably OK Launchd: ~/Library/LaunchAgents/com.223D155A.466C.47E9.980F.C7201A455B22.plist Executable: ~/Library/Application Support/.89EC51D7-1282-4BDF-8764-DE20AA1308E3/.DEBA242A-DC27-46AB-B902-277E3636DC3D h Details: Executable file is hidden - possibly malware Launchd: /Library/LaunchDaemons/com.microsoft.teams.TeamsUpdaterDaemon.plist Executable: /Applications/Microsoft Teams.app/Contents/TeamsUpdaterDaemon.xpc/Contents/MacOS/TeamsUpdaterDaemon Details: Restrictive config permissions - possibly malware Launchd: /Library/LaunchDaemons/com.2212670367886837812.BBEA6310460DBC91B4CCFD3C1B98C5F08A6C6906D5A1A31435B41002B49E515B.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' dogabpblogimgpkcmancdmeinafhfakd 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: ~/Library/LaunchAgents/com.44A850A3.B3CA.410E.BBAE.07DB106A71EC.plist Executable: ~/Library/Application Support/.558FBE29-D52D-489F-9240-FB16C61175DA/.E087C671-E642-4F09-AE4C-6F4E6D1A1D7D h Details: Executable file is hidden - possibly malware Launchd: /Library/LaunchDaemons/net.1057688344863274060.864A7636-E16C-434D-BC80-015F07D5D036.plist Executable: /Library/Application Support/com.2060031052529836040.3C8CCD99-11D1-45F4-9A63-1FAD1095FB0B/_17134215967813024648 Launchd: /Library/LaunchDaemons/com.2212670367886837812.72C1F8ABFA155D62F3A06A325F2B64D839FC3C3D3921543992D483381B780684.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' pbpgnhggbbklemimadnmniekjfafniie 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: ~/Library/LaunchAgents/com.ConnectionCache.service.plist Executable: ~/Library/Application Support/.2717498762591348536/Services/com.ConnectionCache.service/ConnectionCache.service -s 6600 Details: Executable file is hidden - possibly malware Launchd: /Library/LaunchDaemons/com.2212670367886837812.4DEF32274A568BBD1E256E459DFD4F2392B854EA6309820F21E0A6C8412937FF.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' hjeeicmjhmknpncimapcekeijolpbkae 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.95AC7F8D936F4053483E2A3DC47C1054527D2F95F8D45E05795F198C112E03D8.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' eiedlffphcpchnjcebifkghhcgkpdnod 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.2714007EE6E309AE8FD3233920E3BA0AA4E0D3B2DFD9B5D6DAD1661582E23629.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' jobdelngdfkemgddpaaaobnjcecpbjbm 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.D31E07AF85EB27096E7CB9D375CE9B768A877FDE03C2FC4A391E94E2876B7AC1.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' kkocooocfeldlnacfopigkdknblijhok 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Plugin: /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin Preference panel: /Library/PreferencePanes/NTFSforMacOSX.prefPane Apps: 9 Old Applications: 8 x86-only apps Kernel Extensions: /Applications/VMware Fusion.app [Not Loaded] vmioplug.kext - com.vmware.kext.vmioplug.20.5.0 (20.5.0) [Not Loaded] vmnet.kext - com.vmware.kext.vmnet (12.2.3) [Not Loaded] vmmon.kext - com.vmware.kext.vmx86 (12.2.3) /Library/Application Support/VirtualBox [Loaded] VBoxDrv.kext - org.virtualbox.kext.VBoxDrv (6.1.34) [Loaded] VBoxNetAdp.kext - org.virtualbox.kext.VBoxNetAdp (6.1.34) [Loaded] VBoxNetFlt.kext - org.virtualbox.kext.VBoxNetFlt (6.1.34) [Loaded] VBoxUSB.kext - org.virtualbox.kext.VBoxUSB (6.1.34) /Library/Extensions [Not Loaded] ssuddrv.kext - com.devguru.driver.SamsungComposite (1.4.32 - SDK 10.6) [Not Loaded] fabio.kext - com.dvdfab.kext.fabio (1.0) [Loaded] ufsd_NTFS.kext - com.paragon-software.filesystems.ntfs (14.1.45 - SDK 10.5) System Launch Daemons: [Not Loaded] 35 Apple tasks [Loaded] 209 Apple tasks [Running] 136 Apple tasks [Other] One Apple task System Launch Agents: [Not Loaded] 15 Apple tasks [Loaded] 204 Apple tasks [Running] 137 Apple tasks Launch Daemons: [Running] com.2212670367886837812.2714007EE6E309AE8FD3233920E3BA0AA4E0D3B2DFD9B5D6DAD1661582E23629.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.4DEF32274A568BBD1E256E459DFD4F2392B854EA6309820F21E0A6C8412937FF.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.5C4BC45EFD91C14F1E72107F5414CA970043C598942F75D97537331C4E5DCE9D.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.5DCBD99EFB4B79B55E254EB7A228CD1EB93EAA2ED337499F1C8A289B43EBB10A.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.72C1F8ABFA155D62F3A06A325F2B64D839FC3C3D3921543992D483381B780684.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.95AC7F8D936F4053483E2A3DC47C1054527D2F95F8D45E05795F198C112E03D8.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.BBEA6310460DBC91B4CCFD3C1B98C5F08A6C6906D5A1A31435B41002B49E515B.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.CC597A7666CE68956D76CDB6E443893E5928C394AE19B75ED1C3AE2C64C7529F.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.D31E07AF85EB27096E7CB9D375CE9B768A877FDE03C2FC4A391E94E2876B7AC1.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.DD960C5B98E251B1539F578AB06DDC179A5C85F0232AECAA5BB5A72F1F1BE048.plist (Not signed - installed 2022-08-11) [Loaded] com.ConnectionCache.system.plist (Malware - installed 2022-08-10) [Running] com.ConnectionCached.plist (Malware - installed 2022-04-02) [Loaded] com.malwarebytes.MBAMHelperTool.plist (Malwarebytes Corporation - installed 2020-05-03) [Loaded] com.microsoft.office.licensing.helper.plist (Not signed - installed 2020-05-03) [Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Not signed - installed 2020-04-02) [Not Loaded] com.oracle.java.Helper-Tool.plist (Not signed - installed ) [Loaded] com.paragon.NTFS.launch.plist (Apple - installed 2022-07-14) [Other] net.1057688344863274060.864A7636-E16C-434D-BC80-015F07D5D036.plist (Not signed - installed 2022-02-09) [Loaded] org.6052073606381774583.FEFE9F35-0A4D-464C-9719-A47AE76057EB.plist (Not signed - installed 2022-02-09) [Not Loaded] org.virtualbox.startup.plist (Not signed - installed 2022-05-28) [Loaded] us.zoom.ZoomDaemon.plist (Zoom Video Communications, Inc. - installed 2022-05-14) Launch Agents: [Other] com.paragon-software.NTFS.fsnotifyagent.plist (Not signed - installed 2015-12-14) [Other] com.ugee.Pentablet2.0.plist (Not signed - installed 2022-01-25) User Launch Agents: [Loaded] com.223D155A.466C.47E9.980F.C7201A455B22.plist (Not signed - installed 2022-02-17) [Running] com.311914335583730018.plist (Not signed - installed 2022-01-23) [Loaded] com.44A850A3.B3CA.410E.BBAE.07DB106A71EC.plist (Not signed - installed 2022-05-26) [Other] com.8F571157.C109.4BBE.931A.0AE5A0C15670.plist (Not signed - installed 2022-02-17) [Loaded] com.ConnectionCache.service.plist (Not signed - installed 2022-08-06) [Loaded] com.google.keystone.agent.plist (Google LLC - installed 2022-04-19) [Loaded] com.google.keystone.xpcservice.plist (Google LLC - installed 2022-04-19) [Running] org.2479077414780970439.plist (Not signed - installed 2022-03-21) [Not Loaded] org.virtualbox.vboxwebsrv.plist (Not signed - installed 2022-05-28) User Login Items: [Loaded] BetternetAutorun (App Store - installed 2022-02-21) Modern Login Item /Applications/Betternet VPN.app/Contents/Library/LoginItems/BetternetAutorun.app [Not Loaded] MountyHelper (Uwe Hollatz - installed 2021-12-20) Modern Login Item /Applications/Mounty.app/Contents/Library/LoginItems/MountyHelper.app Internet Plug-ins: SharePointBrowserPlugin: 14.0.0 (? - installed 2010-08-25) 3rd Party Preference panels: Paragon NTFS for Mac OS X (? - installed 2018-01-26) Backup: Time Machine information is limited without Full Disk Access Destinations: G****v [Local] (Last used) Performance: System Load: 2.15 (1 min ago) 8.90 (5 min ago) 8.24 (15 min ago) Nominal I/O usage: 0.06 MB/s File system: 62.83 seconds Write speed: 394 MB/s Read speed: 1411 MB/s CPU Usage Snapshot: Type Overall System: 3 % User: 5 % Idle: 91 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) WindowServer 8.12 % (Apple) EtreCheckPro 5.36 % (Etresoft, Inc.) kernel_task 1.97 % (Apple) socketfilterfw 1.58 % (Apple) trustd (4) 1.46 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheckPro 632 MB (Etresoft, Inc.) Brave Browser Helper (Renderer) (5) 486 MB (Brave Software, Inc.) Brave Browser 308 MB (Brave Software, Inc.) Brave Browser Helper (3) 189 MB (Brave Software, Inc.) com.apple.appkit.xpc.openAndSavePanelService (2) 113 MB (Apple) Top Processes Snapshot by Network Use: Process (count) Input / Output (Source - Location) mDNSResponder 93 KB / 40 KB (Apple) trustd 45 KB / 3 KB (Apple) apsd 11 KB / 22 KB (Apple) netbiosd 3 KB / 3 KB (Apple) helper 2 KB / 802 B (Not signed - ~/Library/Application Support/18115457677586200522) Top Processes Snapshot by Energy Use: Process (count) Energy (0-100) (Source - Location) WindowServer 4 (Apple) socketfilterfw 1 (Apple) trustd (4) 1 (Apple) ControlCenter 0 (Apple) authd 0 (Apple) Virtual Memory Information: Physical RAM: 8 GB Free RAM: 140 MB Used RAM: 3.72 GB Cached files: 4.14 GB Available RAM: 4.28 GB Swap Used: 0 B Software Installs (past 60 days): Install Date Name (Version) 2022-06-12 Vectornator (4.8.2) 2022-06-22 Numbers (12.1) 2022-06-22 Pages (12.1) 2022-06-22 Keynote (12.1) 2022-07-01 XProtectPlistConfigData (2161) 2022-07-04 PDF Professional (2.9.1) 2022-07-09 Grammarly for Safari (9.59) 2022-08-04 Notability (11.4.1) 2022-08-06 macOS 12.5 (12.5) 2022-08-06 XProtectPayloads (68) Clean up: ~/Library/LaunchAgents/com.8F571157.C109.4BBE.931A.0AE5A0C15670.plist ~/Library/Application Support/.F314E702-7210-4760-9486-E16F8D0E29DA/.9A9EF5D4-B53C-4C75-98C4-5A5287B0889B Executable not found ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist /Applications/VirtualBox.app/Contents/MacOS/vboxwebsrv Executable not found /Library/LaunchAgents/com.ugee.Pentablet2.0.plist /Applications/XP-PenPenTabletPro/PenTablet.app/Contents/MacOS/PenTablet Executable not found Diagnostics Information (past 7-30 days): 2022-08-10 21:15:20 3511776244862875643 Crash Executable: /Users/***/Library/Application Support/com.13374311640335583586/3511776244862875643 Details: libsystem_c.dylib: abort() called End of report