EtreCheckPro version: 6.7 (67009) Report generated: 2022-08-11 19:15:59 Download EtreCheckPro from https://etrecheck.com Runtime: 4:33 Performance: Good Problem: Other problem Description: It been a while since my mac keep on installing these unknown apps wit h a magnifying glass icon in a grey background. Whenever these things pop up, suddenly Safari opens, and i don't even use that browser, I us e Brave Browser by the way. So i keep on deleting these unknown apps b ut they keep on reinstalling on my computer without my permission. Major Issues: Anything that appears on this list needs immediate attention. Unsigned files - There are unsigned software files installed that could be malicious and should be reviewed. Heavy CPU usage - Some processes are using an unusually high amount of CPU. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. Low disk space - This computer is running low on free hard drive space. Clean up - There are orphan files that could be removed. Unsigned files - There are unsigned software files installed. These files could be old, incompatible, and cause problems. They should be reviewed. System modifications - There are a large number of system modifications running in the background. Runaway user process - A user process is using a large percentage of your CPU. x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system. Limited permissions - More information may be available with Full Disk Access. Kernel extensions present - This computer has kernel extensions that may not work in the future. Hardware Information: MacBook Air (13-inch, 2017) MacBook Air Model: MacBookAir7,2 1.8 GHz Dual-Core Intel Core i5 (i5-5350U) CPU: 2-core 8 GB RAM - Not upgradeable BANK 0/DIMM0 - 4 GB DDR3 1600 BANK 1/DIMM0 - 4 GB DDR3 1600 Battery: Health = Normal - Cycle count = 343 Video Information: Intel HD Graphics 6000 - VRAM: 1536 MB Color LCD 1440 x 900 Drives: disk0 - APPLE SSD SM0128G 121.33 GB (Solid State - TRIM: Yes) Internal PCI 5.0 GT/s x4 Serial ATA disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB disk0s2 [APFS Container] 121.12 GB disk1 [APFS Virtual drive] 121.12 GB (Shared by 6 volumes) disk1s1 - Macintosh HD - Data (APFS) [APFS Virtual drive] (78.62 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (573 MB used) disk1s3 - Recovery (APFS) [Recovery] (1.12 GB used) disk1s4 - VM (APFS) [APFS VM] (1.07 GB used) disk1s5 (APFS) [APFS Container] (15.42 GB used) disk1s5s1 - Macintosh HD (APFS) [APFS Snapshot] (15.42 GB used) disk1s6 - Update (APFS) (9 MB used) Mounted Volumes: disk1s1 - Macintosh HD - Data [APFS Virtual drive] Filesystem: APFS Mount point: /System/Volumes/Data Used: 78.62 GB Shared values Size: 121.12 GB Free: 24.18 GB Available: 24.44 GB disk1s2 - Preboot [APFS Preboot] Filesystem: APFS Mount point: /System/Volumes/Preboot Used: 573 MB Shared values Size: 121.12 GB Free: 24.18 GB disk1s4 - VM [APFS VM] Filesystem: APFS Mount point: /System/Volumes/VM Used: 1.07 GB Shared values Size: 121.12 GB Free: 24.18 GB disk1s5s1 - Macintosh HD [APFS Snapshot] Filesystem: APFS Mount point: / Read-only: Yes Used: 15.42 GB Shared values Size: 121.12 GB Free: 24.18 GB Available: 24.44 GB disk1s6 - Update Filesystem: APFS Mount point: /System/Volumes/Update Used: 9 MB Shared values Size: 121.12 GB Free: 24.18 GB Network: Interface en0: Wi-Fi 802.11 a/b/g/n/ac Interface bridge0: Thunderbolt Bridge iCloud Status: one pending file System Software: macOS Monterey 12.5 (21G72) Time since boot: Less than an hour Notifications: EtreCheckPro.app 2 notifications Security: Gatekeeper: App Store and identified developers System Integrity Protection: Enabled Antivirus software: Apple and Malwarebytes Unsigned Files: Launchd: /Library/LaunchDaemons/com.2212670367886837812.95AC7F8D936F4053483E2A3DC47C1054527D2F95F8D45E05795F198C112E03D8.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' eiedlffphcpchnjcebifkghhcgkpdnod 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.microsoft.teams.TeamsUpdaterDaemon.plist Executable: /Applications/Microsoft Teams.app/Contents/TeamsUpdaterDaemon.xpc/Contents/MacOS/TeamsUpdaterDaemon Details: Restrictive config permissions - possibly malware Launchd: /Library/LaunchDaemons/com.2212670367886837812.72C1F8ABFA155D62F3A06A325F2B64D839FC3C3D3921543992D483381B780684.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' pbpgnhggbbklemimadnmniekjfafniie 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.BBEA6310460DBC91B4CCFD3C1B98C5F08A6C6906D5A1A31435B41002B49E515B.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' dogabpblogimgpkcmancdmeinafhfakd 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchAgents/com.paragon-software.NTFS.fsnotifyagent.plist Executable: /Library/PreferencePanes/NTFSforMacOSX.prefPane/Contents/Resources/fsnotifyagent.app/Contents/MacOS/fsnotifyagent Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper Details: Exact match found in the legitimate list - probably OK Launchd: /Library/LaunchDaemons/com.2212670367886837812.DD960C5B98E251B1539F578AB06DDC179A5C85F0232AECAA5BB5A72F1F1BE048.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' ckfdjmoomojdgjmkkkbmfbjpcfhnbmgg 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/org.6052073606381774583.FEFE9F35-0A4D-464C-9719-A47AE76057EB.plist Executable: /Library/Application Support/15124453516270089783/org.15124453516270089783_.15124453516270089783/_3638416662334290851_ Launchd: /Library/LaunchDaemons/org.virtualbox.startup.plist Executable: /Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart Details: Exact match found in the legitimate list - probably OK Launchd: ~/Library/LaunchAgents/org.2479077414780970439.plist Executable: ~/Library/Application Support/org.1104549366831175633/app_assistant Launchd: /Library/LaunchDaemons/com.2212670367886837812.CC597A7666CE68956D76CDB6E443893E5928C394AE19B75ED1C3AE2C64C7529F.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' meofmanfcehgipkhncoknhmdcjmlbano 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: ~/Library/LaunchAgents/com.223D155A.466C.47E9.980F.C7201A455B22.plist Executable: ~/Library/Application Support/.89EC51D7-1282-4BDF-8764-DE20AA1308E3/.DEBA242A-DC27-46AB-B902-277E3636DC3D h Details: Executable file is hidden - possibly malware Launchd: /Library/LaunchDaemons/com.2212670367886837812.5DCBD99EFB4B79B55E254EB7A228CD1EB93EAA2ED337499F1C8A289B43EBB10A.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' jjngnlfoanjnldlbfnhhfaeenmnhbjhp 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.2714007EE6E309AE8FD3233920E3BA0AA4E0D3B2DFD9B5D6DAD1661582E23629.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' jobdelngdfkemgddpaaaobnjcecpbjbm 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.D31E07AF85EB27096E7CB9D375CE9B768A877FDE03C2FC4A391E94E2876B7AC1.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' kkocooocfeldlnacfopigkdknblijhok 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: /Library/LaunchDaemons/com.2212670367886837812.4DEF32274A568BBD1E256E459DFD4F2392B854EA6309820F21E0A6C8412937FF.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' hjeeicmjhmknpncimapcekeijolpbkae 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: ~/Library/LaunchAgents/com.ConnectionCache.service.plist Executable: ~/Library/Application Support/.2717498762591348536/Services/com.ConnectionCache.service/ConnectionCache.service -s 6600 Details: Executable file is hidden - possibly malware Launchd: /Library/LaunchDaemons/com.2212670367886837812.5C4BC45EFD91C14F1E72107F5414CA970043C598942F75D97537331C4E5DCE9D.plist Executable: /Library/Application Support/com.10026744331829180826/16862509899280762053 '/Library/Application Support/com.10026744331829180826/10019262877558550467' jnanhkobgacnfkdnjjhakidkinjgdmhk 'Profile 1,Default' '/Library/Application Support/com.10026744331829180826/13504654386487616108' 69F5E014-B14B-5C8F-B763-CD39B56AFA1C Launchd: ~/Library/LaunchAgents/com.44A850A3.B3CA.410E.BBAE.07DB106A71EC.plist Executable: ~/Library/Application Support/.558FBE29-D52D-489F-9240-FB16C61175DA/.E087C671-E642-4F09-AE4C-6F4E6D1A1D7D h Details: Executable file is hidden - possibly malware Launchd: /Library/LaunchDaemons/net.1057688344863274060.864A7636-E16C-434D-BC80-015F07D5D036.plist Executable: /Library/Application Support/com.2060031052529836040.3C8CCD99-11D1-45F4-9A63-1FAD1095FB0B/_17134215967813024648 Launchd: ~/Library/LaunchAgents/com.311914335583730018.plist Executable: ~/Library/Application Support/com.13374311640335583586/3511776244862875643 69F5E014-B14B-5C8F-B763-CD39B56AFA1C 1137 Plugin: /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin Preference panel: /Library/PreferencePanes/NTFSforMacOSX.prefPane Apps: 9 Old Applications: 8 x86-only apps Kernel Extensions: /Applications/VMware Fusion.app [Not Loaded] vmioplug.kext - com.vmware.kext.vmioplug.20.5.0 (20.5.0) [Not Loaded] vmnet.kext - com.vmware.kext.vmnet (12.2.3) [Not Loaded] vmmon.kext - com.vmware.kext.vmx86 (12.2.3) /Library/Application Support/VirtualBox [Loaded] VBoxDrv.kext - org.virtualbox.kext.VBoxDrv (6.1.34) [Loaded] VBoxNetAdp.kext - org.virtualbox.kext.VBoxNetAdp (6.1.34) [Loaded] VBoxNetFlt.kext - org.virtualbox.kext.VBoxNetFlt (6.1.34) [Loaded] VBoxUSB.kext - org.virtualbox.kext.VBoxUSB (6.1.34) /Library/Extensions [Not Loaded] ssuddrv.kext - com.devguru.driver.SamsungComposite (1.4.32 - SDK 10.6) [Not Loaded] fabio.kext - com.dvdfab.kext.fabio (1.0) [Loaded] ufsd_NTFS.kext - com.paragon-software.filesystems.ntfs (14.1.45 - SDK 10.5) System Launch Daemons: [Not Loaded] 34 Apple tasks [Loaded] 211 Apple tasks [Running] 135 Apple tasks [Other] One Apple task System Launch Agents: [Not Loaded] 15 Apple tasks [Loaded] 206 Apple tasks [Running] 135 Apple tasks Launch Daemons: [Running] com.2212670367886837812.2714007EE6E309AE8FD3233920E3BA0AA4E0D3B2DFD9B5D6DAD1661582E23629.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.4DEF32274A568BBD1E256E459DFD4F2392B854EA6309820F21E0A6C8412937FF.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.5C4BC45EFD91C14F1E72107F5414CA970043C598942F75D97537331C4E5DCE9D.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.5DCBD99EFB4B79B55E254EB7A228CD1EB93EAA2ED337499F1C8A289B43EBB10A.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.72C1F8ABFA155D62F3A06A325F2B64D839FC3C3D3921543992D483381B780684.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.95AC7F8D936F4053483E2A3DC47C1054527D2F95F8D45E05795F198C112E03D8.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.BBEA6310460DBC91B4CCFD3C1B98C5F08A6C6906D5A1A31435B41002B49E515B.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.CC597A7666CE68956D76CDB6E443893E5928C394AE19B75ED1C3AE2C64C7529F.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.D31E07AF85EB27096E7CB9D375CE9B768A877FDE03C2FC4A391E94E2876B7AC1.plist (Not signed - installed 2022-08-11) [Running] com.2212670367886837812.DD960C5B98E251B1539F578AB06DDC179A5C85F0232AECAA5BB5A72F1F1BE048.plist (Not signed - installed 2022-08-11) [Loaded] com.malwarebytes.MBAMHelperTool.plist (Malwarebytes Corporation - installed 2020-05-03) [Loaded] com.microsoft.office.licensing.helper.plist (Not signed - installed 2020-05-03) [Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Not signed - installed 2020-04-02) [Not Loaded] com.oracle.java.Helper-Tool.plist (Not signed - installed ) [Loaded] com.paragon.NTFS.launch.plist (Apple - installed 2022-07-14) [Other] net.1057688344863274060.864A7636-E16C-434D-BC80-015F07D5D036.plist (Not signed - installed 2022-02-09) [Loaded] org.6052073606381774583.FEFE9F35-0A4D-464C-9719-A47AE76057EB.plist (Not signed - installed 2022-02-09) [Not Loaded] org.virtualbox.startup.plist (Not signed - installed 2022-05-28) [Loaded] us.zoom.ZoomDaemon.plist (Zoom Video Communications, Inc. - installed 2022-05-14) Launch Agents: [Other] com.paragon-software.NTFS.fsnotifyagent.plist (Not signed - installed 2015-12-14) [Other] com.ugee.Pentablet2.0.plist (Not signed - installed 2022-01-25) User Launch Agents: [Loaded] com.223D155A.466C.47E9.980F.C7201A455B22.plist (Not signed - installed 2022-02-17) [Running] com.311914335583730018.plist (Not signed - installed 2022-01-23) [Loaded] com.44A850A3.B3CA.410E.BBAE.07DB106A71EC.plist (Not signed - installed 2022-05-26) [Other] com.8F571157.C109.4BBE.931A.0AE5A0C15670.plist (Not signed - installed 2022-02-17) [Loaded] com.ConnectionCache.service.plist (Not signed - installed 2022-08-06) [Loaded] com.google.keystone.agent.plist (Google LLC - installed 2022-04-19) [Loaded] com.google.keystone.xpcservice.plist (Google LLC - installed 2022-04-19) [Running] org.2479077414780970439.plist (Not signed - installed 2022-03-21) [Not Loaded] org.virtualbox.vboxwebsrv.plist (Not signed - installed 2022-05-28) User Login Items: [Loaded] BetternetAutorun (App Store - installed 2022-02-21) Modern Login Item /Applications/Betternet VPN.app/Contents/Library/LoginItems/BetternetAutorun.app [Not Loaded] MountyHelper (Uwe Hollatz - installed 2021-12-20) Modern Login Item /Applications/Mounty.app/Contents/Library/LoginItems/MountyHelper.app Internet Plug-ins: SharePointBrowserPlugin: 14.0.0 (? - installed 2010-08-25) 3rd Party Preference panels: Paragon NTFS for Mac OS X (? - installed 2018-01-26) Backup: Time Machine information is limited without Full Disk Access Destinations: G****v [Local] (Last used) Performance: System Load: 66.17 (1 min ago) 29.13 (5 min ago) 11.65 (15 min ago) Nominal I/O usage: 3.13 MB/s File system: 72.24 seconds Write speed: 420 MB/s Read speed: 1311 MB/s CPU Usage Snapshot: Type Overall System: 9 % User: 60 % Idle: 31 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) mds_stores 218.90 % (Apple) WindowServer 10.60 % (Apple) EtreCheckPro 4.78 % (Etresoft, Inc.) kernel_task 2.27 % (Apple) mds 1.80 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheckPro 624 MB (Etresoft, Inc.) mds_stores 99 MB (Apple) kernel_task 91 MB (Apple) WindowServer 72 MB (Apple) Finder 61 MB (Apple) Top Processes Snapshot by Network Use: Process (count) Input / Output (Source - Location) mDNSResponder 56 KB / 36 KB (Apple) apsd 12 KB / 17 KB (Apple) accountsd 7 KB / 1 KB (Apple) netbiosd 3 KB / 3 KB (Apple) helper 4 KB / 2 KB (Not signed - ~/Library/Application Support/18115457677586200522) Top Processes Snapshot by Energy Use: Process (count) Energy (0-100) (Source - Location) mds_stores 124 (Apple) WindowServer 5 (Apple) mds 1 (Apple) tccd (2) 0 (Apple) trustd (3) 0 (Apple) Virtual Memory Information: Physical RAM: 8 GB Free RAM: 2.17 GB Used RAM: 2.54 GB Cached files: 3.29 GB Available RAM: 5.46 GB Swap Used: 0 B Software Installs (past 60 days): Install Date Name (Version) 2022-06-22 Numbers (12.1) 2022-06-22 Pages (12.1) 2022-06-22 Keynote (12.1) 2022-07-01 XProtectPlistConfigData (2161) 2022-07-04 PDF Professional (2.9.1) 2022-07-09 Grammarly for Safari (9.59) 2022-08-04 Notability (11.4.1) 2022-08-06 macOS 12.5 (12.5) 2022-08-06 XProtectPayloads (68) Clean up: /Library/LaunchAgents/com.ugee.Pentablet2.0.plist /Applications/XP-PenPenTabletPro/PenTablet.app/Contents/MacOS/PenTablet Executable not found ~/Library/LaunchAgents/org.virtualbox.vboxwebsrv.plist /Applications/VirtualBox.app/Contents/MacOS/vboxwebsrv Executable not found ~/Library/LaunchAgents/com.8F571157.C109.4BBE.931A.0AE5A0C15670.plist ~/Library/Application Support/.F314E702-7210-4760-9486-E16F8D0E29DA/.9A9EF5D4-B53C-4C75-98C4-5A5287B0889B Executable not found Diagnostics Information (past 7-30 days): 2022-08-11 19:11:18 com.apple.MobileSoftwareUpdate.CleanupPreparePathService Crash Executable: /System/Library/PrivateFrameworks/MobileSoftwareUpdate.framework/Versions/A/XPCServices/com.apple.MobileSoftwareUpdate.CleanupPreparePathService.xpc/Contents/MacOS/com.apple.MobileSoftwareUpdate.CleanupPreparePathService 2022-08-10 21:15:20 3511776244862875643 Crash Executable: /Users/***/Library/Application Support/com.13374311640335583586/3511776244862875643 Details: libsystem_c.dylib: abort() called End of report