EtreCheckPro version: 6.8.10 (68078) Report generated: 2025-06-18 09:39:21 Download EtreCheckPro from https://etrecheck.com Runtime: 2:14 Performance: Excellent Problem: Other problem Description: System compromised by malware, possibly root-kit in nature. Concerns a bout webcam being hacked and broadcast beyond the scope of current vid eo chat Major Issues: Anything that appears on this list needs immediate attention. Heavy CPU usage - Some processes are using an unusually high amount of CPU. Orphan system extension - A system extension has not been properly uninstalled. Minor Issues: These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. No Time Machine backup - Time Machine backup not found. Configuration profiles found - This computer may have configuration profiles installed. Low disk space - This computer is running low on free hard drive space. Apps crashing - There have been numerous app crashes. Apps with heavy CPU usage - There have been numerous cases of apps with heavy CPU usage. Clean up - There are orphan files that could be removed. Hardware Information: Mac mini (2024) Status: Supported Mac mini Model: Mac16,10 Apple M4 (m4) CPU: 10-core 16 GB RAM - Not upgradeable Video Information: Apple M4 LG ULTRAWIDE 3440 x 1440 TCL 55 2560 x 1440 Drives: disk0 - APPLE SSD AP0256Z 251.00 GB (Solid State - TRIM: Yes) Internal Apple Fabric NVM Express S.M.A.R.T. Details: 2% used, 28.41 TB written, 100% health, 73 unsafe shutdowns disk0s1 [APFS Container] 524 MB disk1 [APFS Virtual drive] 524 MB (Shared by 4 volumes) disk1s1 - iSCPreboot (APFS) [APFS Preboot] (6 MB used) disk1s2 - xART (APFS) (6 MB used) disk1s3 - Hardware (APFS) (3 MB used) disk1s4 - Recovery (APFS) [Recovery] (20 KB used) disk0s2 [APFS Container] 245.11 GB disk3 [APFS Virtual drive] 245.11 GB (Shared by 6 volumes) disk3s1 - Macintosh HD - Data (APFS) [APFS Virtual drive] (177.91 GB used) disk3s2 - Update (APFS) (48 MB used) disk3s3 (APFS) [APFS Container] (11.25 GB used) disk3s3s1 - Macintosh HD (APFS) [APFS Snapshot] (11.25 GB used) disk3s4 - Preboot (APFS) [APFS Preboot] (7.19 GB used) disk3s5 - Recovery (APFS) [Recovery] (1.03 GB used) disk3s6 - VM (APFS) [APFS VM] (20 KB used) disk0s3 [APFS Container] 5.37 GB disk2 [APFS Virtual drive] 5.37 GB (Shared by 2 volumes) disk2s1 - Recovery (APFS) [Recovery] (1.98 GB used) disk2s2 - Update (APFS) (1 MB used) Mounted Volumes: disk1s1 - iSCPreboot [APFS Preboot] Filesystem: APFS Mount point: /System/Volumes/iSCPreboot Used: 6 MB Shared values Size: 524 MB Free: 504 MB disk1s2 - xART Filesystem: APFS Mount point: /System/Volumes/xarts Used: 6 MB Shared values Size: 524 MB Free: 504 MB disk1s3 - Hardware Filesystem: APFS Mount point: /System/Volumes/Hardware Used: 3 MB Shared values Size: 524 MB Free: 504 MB disk3s1 - Macintosh HD - Data [APFS Virtual drive] Filesystem: APFS Mount point: /System/Volumes/Data Encrypted Used: 177.91 GB Shared values Size: 245.11 GB Free: 47.55 GB Available: 101.53 GB disk3s2 - Update Filesystem: APFS Mount point: /System/Volumes/Update Used: 48 MB Shared values Size: 245.11 GB Free: 47.55 GB disk3s3s1 - Macintosh HD [APFS Snapshot] Filesystem: APFS Mount point: / Read-only: Yes Used: 11.25 GB Shared values Size: 245.11 GB Free: 47.55 GB Available: 101.53 GB disk3s4 - Preboot [APFS Preboot] Filesystem: APFS Mount point: /System/Volumes/Preboot Used: 7.19 GB Shared values Size: 245.11 GB Free: 47.55 GB disk3s6 - VM [APFS VM] Filesystem: APFS Mount point: /System/Volumes/VM Used: 20 KB Shared values Size: 245.11 GB Free: 47.55 GB USB: USB 3.1 bus xxxxxxxx - USB Type-C Digital AV Adapter USB 3.1 bus VLI Inc. - USB 2.0 BILLBOARD USB 3.1 bus Apple - USB3 Gen2 Hub Apple - USB2 Hub Remo Tech Co., Ltd. - OBSBOT Meet 2 USB 3.1 bus Network: Interface en0: Ethernet Interface en1: Wi-Fi 802.11 a/b/g/n/ac/ax Firewall: Blocked apps: All Stealth mode: Enabled System Software: macOS Sequoia 15.5 (24F74) Installed 2025-05-21 Time since boot: About 2 hours Configuration Profiles: com.apple.Accessibility KeyboardEnabled SwitchControl HeadPointer DwellControl VoiceOver Security: Gatekeeper: App Store and identified developers System Integrity Protection: Enabled Secure Boot: Full Security Antivirus software: Apple and Microsoft Defender System Extensions: [Disabled] Microsoft Defender Endpoint Security Extension - version 101.25042.0002 (Microsoft Corporation - installed 2025-06-01) Application: Not found! Description: MdAtp Endpoint Security extension [Disabled] LuLu - version 3.1.5 (? - installed 2025-06-11) Application: /Applications/LuLu.app - version 3.1.5 (Objective-See, LLC - installed 2025-06-01) [Disabled] OBS Virtual Camera - version 31.0.3 (Wizards of OBS LLC - installed 2025-05-31) Application: /Applications/OBS.app - version 31.0.3 (Wizards of OBS LLC - installed 2025-05-28) Description: This Camera Extension enables virtual camera functionality in OBS Studio. [Disabled] com.obsbot.OBSBOT_Center.mcext - version 2.0.10 (Remo Tech Co.,Ltd. - installed 2025-05-19) Application: /Applications/OBSBOT_Center.app - version 2.0.10 (Remo Tech Co.,Ltd. - installed 2025-06-13) Description: This Camera Extension enables virtual camera functionality in OBSBOT Center. System Launch Daemons: [Not Loaded] 41 Apple tasks [Loaded] 195 Apple tasks [Running] 179 Apple tasks [Other] 2 Apple tasks System Launch Agents: [Not Loaded] 20 Apple tasks [Loaded] 210 Apple tasks [Running] 219 Apple tasks Launch Daemons: [Not Loaded] com.avast.hub.schedule.plist (Not signed - Not found!) [Not Loaded] com.avast.hub.xpc.plist (Not signed - Not found!) [Not Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2025-06-09) Executable: /Library/PrivilegedHelperTools/com.microsoft.autoupdate.helper [Not Loaded] com.microsoft.dlp.install_monitor.plist (Not signed - installed 2025-06-01) Command: /Library/Application Support/Microsoft/DLP/scripts/install_helper execute --path '/Library/Application Support/Microsoft/DLP/scripts/install_monitor' [Not Loaded] com.microsoft.fresno.plist (Not signed - installed 2025-06-01) Command: wdavdaemon privileged [Not Loaded] com.microsoft.fresno.uninstall.plist (Microsoft Corporation - installed 2025-06-01) Command: /Library/Application Support/Microsoft/Defender/uninstall/install_helper execute --path '/Library/Application Support/Microsoft/Defender/uninstall/uninstall' --args --post-uninstall-hook [Not Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (Not signed - installed 2025-05-22) [Not Loaded] com.microsoft.wdav.tracer_install_monitor.plist (Microsoft Corporation - installed 2025-06-01) Command: /Library/Application Support/Microsoft/Defender/uninstall/install_helper execute --path '/Applications/Microsoft Defender.app/Contents/MacOS/tracer.app/Contents/Resources/tracerscripts/tracer_install_monitor.sh' [Not Loaded] com.reincubate.macos.cam.PrivilegedHelper.plist (Reincubate Ltd - installed 2025-05-21) Executable: /Library/PrivilegedHelperTools/com.reincubate.macos.cam.PrivilegedHelper User Login Items: [Not Loaded] PasswordsMenuBarExtra (Apple - installed 2025-05-04) Modern Login Item /System/Applications/Passwords.app/Contents/Library/LoginItems/PasswordsMenuBarExtra.app [Not Loaded] WeatherMenu (Apple - installed 2025-05-04) Modern Login Item /System/Applications/Weather.app/Contents/Library/LoginItems/WeatherMenu.app Applications: 785 Apple apps 26 3rd party apps 7 x86-only apps No unsigned apps App Extensions: Share services: [Loaded] Telegram - /Applications/Telegram 2.app QuickLook Previews: [Loaded] EtreCheckQuickLook - ~/Downloads/EtreCheckPro.app com.etresoft.etrecheck4 *.etrecheck Backup: Time Machine information is limited without Full Disk Access Performance: System Load: 3.73 (1 min ago) 2.84 (5 min ago) 2.71 (15 min ago) Nominal I/O usage: 0.43 MB/s File system: 6.22 seconds Write speed: 2050 MB/s Read speed: 2747 MB/s CPU Usage Snapshot: Type Overall System: 7 % User: 16 % Idle: 77 % Top Processes Snapshot by CPU: Process (count) CPU (Source - Location) Discord Helper (Renderer) 64.02 % (Discord, Inc.) WindowServer 43.20 % (Apple) OBSBOT_Main 33.58 % (Remo Tech Co.,Ltd.) Discord Helper (GPU) 14.76 % (Discord, Inc.) kernel_task 13.92 % (Apple) Top Processes Snapshot by Memory: Process (count) RAM usage (Source - Location) EtreCheckPro 1.32 GB (Etresoft, Inc.) Discord Helper (Renderer) 989 MB (Discord, Inc.) Brave Browser Helper (Renderer) (4) 890 MB (Brave Software, Inc.) OBSBOT_Main 456 MB (Remo Tech Co.,Ltd.) Brave Browser 412 MB (Brave Software, Inc.) Top Processes Snapshot by Network Use: Process (count) Input / Output (Source - Location) mDNSResponder 1 MB / 306 KB (Apple) apsd 4 KB / 49 KB (Apple) com.apple.iCloudHelper 31 KB / 10 KB (Apple) trustd 33 KB / 7 KB (Apple) iCloudNotificationAgent 6 KB / 6 KB (Apple) Top Processes Snapshot by Energy Use: Process (count) Energy (0-100) (Source - Location) OBSBOT_Main 18 (Remo Tech Co.,Ltd.) WindowServer 8 (Apple) Discord Helper (Renderer) 5 (Discord, Inc.) VTDecoderXPCService (5) 5 (Apple) Discord Helper (GPU) 4 (Discord, Inc.) Virtual Memory Information: Physical RAM: 16 GB Free RAM: 118 MB Used RAM: 10.06 GB Cached files: 5.83 GB Available RAM: 5.94 GB Swap Used: 0 B Software Installs (past 60 days): Install Date Name (Version) 2025-05-20 macOS 15.5 (15.5) - Software update 2025-05-20 XProtectPlistConfigData (5297) - Software update 2025-05-20 MRTConfigData (1.93) - Software update 2025-05-20 Gatekeeper Compatibility Data (1.0) - Software update 2025-05-20 Microsoft Teams (25093.2105.3614.8220) - Installer 2025-05-20 Microsoft AutoUpdate (4.79.25033028) - Installer 2025-05-20 Microsoft Teams (25107.1606.3643.3915) - Installer 2025-05-20 Telegram (11.11) - App Store 2025-05-20 Bitdefender Virus Scanner (3.18) - App Store 2025-05-20 Telegram Lite (5.14.2) - App Store 2025-05-20 RosettaUpdateAuto (1.0.0.0.1.1746349326) - CoreServicesUIAgent 2025-05-21 XProtectPlistConfigData (5298) - Software update 2025-05-21 Avast Security (16.1.0) - Installer 2025-05-21 AvastHUB (3.1.41) - Installer 2025-05-21 macOS Sequoia (15.5) - Software update 2025-05-22 Microsoft Teams classic (1.00.725763) - Installer 2025-05-22 Microsoft Teams (25093.2105.3614.8220) - Installer 2025-05-22 MSTeamsAudioDevice (2024.45.0) - Installer 2025-05-25 Microsoft Teams (25107.1606.3643.3915) - Installer 2025-05-27 Microsoft Teams (25107.1606.3643.3915) - Installer 2025-05-28 Microsoft Teams (25107.1606.3643.3915) - Installer 2025-05-31 ‎WhatsApp (25.16.81) - App Store 2025-06-01 Microsoft Defender (101.25042.0002) - Installer 2025-06-01 Microsoft Teams (25122.1203.3671.7019) - Installer 2025-06-02 Command Line Tools for Xcode (16.2) - Software update 2025-06-04 Microsoft Teams (25107.1606.3643.3915) - Installer 2025-06-04 Microsoft Teams (25122.1207.3700.1444) - Installer 2025-06-05 XProtectPlistConfigData (5299) - Software update 2025-06-09 Microsoft Teams (25107.1606.3643.3915) - Installer 2025-06-11 XProtectPlistConfigData (5300) - Software update 2025-06-11 MSTeamsAudioDevice (2024.45.0) - Installer 2025-06-15 Microsoft Teams (25122.1207.3700.1444) - Installer 2025-06-18 XProtectCloudKitUpdate (5301) - XProtectUpdateService Clean up: [Disabled] Microsoft Defender Endpoint Security Extension - version 101.25042.0002 (Microsoft Corporation - installed 2025-06-01) Application: Not found! Description: MdAtp Endpoint Security extension /Library/LaunchDaemons/com.microsoft.fresno.plist wdavdaemon Executable not found /Library/LaunchDaemons/com.microsoft.dlp.install_monitor.plist /Library/Application Support/Microsoft/DLP/scripts/install_helper Executable not found Diagnostics Information (past 60 days): 2025-06-17 13:33:36 OBSBOT_Center.app High CPU Use (3 times) First occurrence: 2025-06-16 19:53:58 Executable: /Applications/OBSBOT_Center.app 2025-06-17 04:24:58 Telegram Lite.app High CPU Use (10 times) First occurrence: 2025-06-11 20:01:08 Executable: /Applications/Telegram Lite.app 2025-06-16 12:50:02 signpost_reporter High CPU Use (4 times) First occurrence: 2025-06-11 11:48:49 Executable: /usr/libexec/signpost_reporter 2025-06-16 11:12:42 spotlightknowledged High CPU Use (6 times) First occurrence: 2025-06-11 12:29:15 Executable: /System/Library/Frameworks/CoreSpotlight.framework/spotlightknowledged 2025-06-14 23:39:49 audiomxd High CPU Use (2 times) First occurrence: 2025-06-13 14:48:47 Executable: /usr/libexec/audiomxd 2025-06-14 19:33:49 lsd Crash (8 times) First occurrence: 2025-06-12 19:45:21 Executable: /usr/libexec/lsd 2025-06-11 09:10:50 Google Chrome.app High CPU Use Executable: /Applications/Google Chrome.app End of report