Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Mac Malware Removal Help & Support
Do I have malware?
Message
<blockquote data-quote="Juliasand" data-source="post: 850296" data-attributes="member: 84783"><p>I've had different vague signs of remote monitoring. Can you have a look at the EtreCheck and see if something is up?</p><p>FYI: I suddenly had TWO different Onedrive applications, so I deleted them both. But Onedrive is still showing up in the EtreCheck report as the only unsigned file not found on the white list.</p><p></p><p><strong>EtreCheck version: 5.4.8 (5091)</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Report generated: 2019-12-23 22:24:44</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Download EtreCheck from <a href="https://etrecheck.com" target="_blank">EtreCheck</a></strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Runtime: 2:32</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Performance: Excellent</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Sandbox: Enabled</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Full drive access: Disabled</strong></p><p><strong></strong></p><p><strong></strong></p><p><strong>Problem: </strong>Other problem</p><p></p><p></p><p><strong>Major Issues:</strong></p><p></p><p> Anything that appears on this list needs immediate attention.</p><p></p><p></p><p> <strong>No Time Machine backup</strong> - Time Machine backup not found.</p><p></p><p></p><p> <strong>Runaway process</strong> - A process is using a large percentage of your CPU.</p><p></p><p></p><p> <strong>Unsigned files</strong> - There are unsigned software files installed that could be adware and should be reviewed.</p><p></p><p></p><p> <strong>System Integrity Protection disabled</strong> - System Integrity Protection is disabled. This computer is at risk of malware infection.</p><p></p><p></p><p> <strong>Apple security disabled</strong> - Apple security software is disabled. This computer is at risk of malware infection.</p><p></p><p></p><p> <strong>More than one antivirus app</strong> - This machine has multiple antivirus apps installed.</p><p></p><p></p><p><strong>Minor Issues:</strong></p><p></p><p> These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.</p><p></p><p></p><p> <strong>System modifications</strong> - There are a large number of system modifications running in the background.</p><p></p><p></p><p> <strong>32-bit Apps</strong> - This machine has 32-bits apps will not work on macOS 10.15 “Catalina”.</p><p></p><p></p><p> <strong>Limited drive access</strong> - More information may be available with Full Drive Access.</p><p></p><p></p><p><strong>Hardware Information:</strong></p><p></p><p> MacBook Pro (13-inch, 2018-2019, Four Thunderbolt 3 ports)</p><p> MacBook Pro Model: MacBookPro15,2</p><p> 1 2,3 GHz Quad-Core Intel Core i5 (i5-8259U) CPU: 4-core</p><p> 8 GB RAM - Not upgradeable</p><p> BANK 0/ChannelA-DIMM0 - 4 GB LPDDR3 2133 </p><p> BANK 2/ChannelB-DIMM0 - 4 GB LPDDR3 2133 </p><p> Battery: Health = Normal - Cycle count = 187</p><p></p><p><strong>Video Information:</strong></p><p></p><p> Intel Iris Plus Graphics 655 - VRAM: 1536 MB</p><p> Color LCD (built-in) 2880 x 1800</p><p></p><p><strong>Drives:</strong></p><p></p><p> disk0 - APPLE SSD AP0256M 251.00 GB (Solid State - TRIM: Yes)</p><p> Internal PCI-Express 8.0 GT/s x4 NVM Express</p><p> disk0s1 - EFI [EFI] 315 MB</p><p> disk0s2 [APFS Container] 250.69 GB</p><p> disk1 [APFS Virtual drive] 250.69 GB (Shared by 5 volumes)</p><p> disk1s1 - M*****************a (APFS) [APFS Virtual drive] (Shared - 99.03 GB used)</p><p> disk1s2 - Preboot (APFS) [APFS Preboot] (Shared)</p><p> disk1s3 - Recovery (APFS) [Recovery] (Shared)</p><p> disk1s4 - VM (APFS) [APFS VM] (Shared - 5.37 GB used)</p><p> disk1s5 - Macintosh HD (APFS) (Shared - 10.71 GB used)</p><p></p><p><strong>Mounted Volumes:</strong></p><p></p><p> disk1s1 - M*****************a [APFS Virtual drive]</p><p> 250.69 GB (Shared - 99.03 GB used, 144.40 GB available, 134.29 GB free)</p><p> APFS</p><p> Mount point: /System/Volumes/Data</p><p> Encrypted</p><p></p><p> disk1s4 - VM [APFS VM]</p><p> 250.69 GB (Shared - 5.37 GB used, 134.29 GB free)</p><p> APFS</p><p> Mount point: /private/var/vm</p><p> Encrypted</p><p></p><p> disk1s5 - Macintosh HD</p><p> 250.69 GB (Shared - 10.71 GB used, 144.40 GB available, 134.29 GB free)</p><p> APFS</p><p> Mount point: /</p><p> Encrypted</p><p> Read-only: Yes</p><p></p><p> disk2s1 - S************1</p><p> 409 MB (405 MB used, 3 MB free)</p><p> Mac OS Extended</p><p> Disk Image</p><p> Mount point: /Volumes/S************1</p><p> Owners enabled: No</p><p> Read-only: Yes</p><p></p><p> disk3s1 - A***********s</p><p> 25 MB (21 MB used, 4 MB free)</p><p> Mac OS Extended</p><p> Disk Image</p><p> Mount point: /Volumes/A***********s</p><p> Owners enabled: No</p><p> Read-only: Yes</p><p></p><p> disk4s2 - Flash Player</p><p> 24 MB (24 MB used)</p><p> Mac OS Extended</p><p> Disk Image</p><p> Mount point: /Volumes/Flash Player</p><p> Owners enabled: No</p><p> Read-only: Yes</p><p></p><p> disk5s2 - M*****n</p><p> 34 MB (21 MB used, 13 MB free)</p><p> Mac OS Extended</p><p> Disk Image</p><p> Mount point: /Volumes/M*****n</p><p> Owners enabled: No</p><p> Read-only: Yes</p><p></p><p> disk6s2 - M*********b</p><p> 100 MB (100 MB used)</p><p> Mac OS Extended</p><p> Disk Image</p><p> Mount point: /Volumes/M*********b</p><p> Owners enabled: No</p><p> Read-only: Yes</p><p></p><p><strong>Network:</strong></p><p></p><p> Interface en7: USB-C Dock Ethernet</p><p> Interface en8: ThinkPad TBT3 LAN</p><p> Interface en11: USB 10/100/1000 LAN</p><p> Interface en0: Wi-Fi</p><p> 802.11 a/b/g/n/ac</p><p> Interface en10: iPhone</p><p> Interface en6: Bluetooth PAN</p><p> Interface bridge0: Thunderbolt Bridge</p><p> Interface en9: Apple USB Ethernet Adapter</p><p> Interface en12: iPhone 2</p><p></p><p><strong>System Software:</strong></p><p></p><p> macOS Catalina 10.15.1 (19B88)</p><p> Time since boot: About 20 days</p><p></p><p><strong>Notifications:</strong></p><p></p><p> <strong>Notifications not available without Full Drive Access.</strong></p><p><strong></strong></p><p><strong>Security:</strong></p><p></p><p> Gatekeeper: Enabled</p><p></p><p></p><p> System Integrity Protection: Disabled</p><p></p><p></p><p></p><p> Antivirus software: AVG, SecureMac, and Malwarebytes</p><p></p><p></p><p><strong>Unsigned Files:</strong></p><p></p><p> Launchd: /Library/LaunchDaemons/com.avg.uninstall.plist</p><p> Executable: /Library/Application Support/AVGAntivirus/autouninstall/autouninstall.sh</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: ~/Library/LaunchAgents/com.google.keystone.xpcservice.plist</p><p> Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: <strong>/Library/LaunchDaemons/com.microsoft.OneDriveStandaloneUpdaterDaemon.plist</strong></p><p> Executable: /Applications/OneDrive.app/Contents/StandaloneUpdaterDaemon.xpc/Contents/MacOS/StandaloneUpdaterDaemon</p><p></p><p> Launchd: /Library/LaunchDaemons/com.avg.update.plist</p><p> Executable: /Applications/AVGAntivirus.app/Contents/Backend/scripts/update/update.sh</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: /Library/LaunchDaemons/com.avg.hub.schedule.plist</p><p> Executable: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/schedule.sh --ttl 14400</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: /Library/LaunchAgents/com.microsoft.OneDriveStandaloneUpdater.plist</p><p> Executable: /Applications/OneDrive.app/Contents/StandaloneUpdater.app/Contents/MacOS/OneDriveStandaloneUpdater</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: /Library/LaunchAgents/com.avg.userinit.plist</p><p> Executable: /Applications/AVGAntivirus.app/Contents/Backend/hub/userinit.sh</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: /Library/LaunchDaemons/com.microsoft.OneDriveUpdaterDaemon.plist</p><p> Executable: /Applications/OneDrive.app/Contents/OneDriveUpdaterDaemon.xpc/Contents/MacOS/OneDriveUpdaterDaemon</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/com.avg.hub.schedule.plist</p><p> Executable: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/schedule.sh --ttl 14400</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: ~/Library/LaunchAgents/com.google.keystone.agent.plist</p><p> Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Launchd: /Library/LaunchDaemons/com.avg.init.plist</p><p> Executable: /Applications/AVGAntivirus.app/Contents/Backend/hub/init.sh</p><p> Details: Exact match found in the whitelist - probably OK</p><p></p><p> Login Item: /Applications/MacScan.app/Contents/Library/LoginItems/com.securemac.MacScanAgent.app</p><p></p><p><strong>32-bit Applications:</strong></p><p></p><p> 5 32-bit apps</p><p></p><p><strong>Kernel Extensions:</strong></p><p></p><p> /Applications/AVGAntivirus.app</p><p> AVGFileShield.kext (AVG Technologies CZ, s.r.o., 4.0.0 - SDK 10.12)</p><p> AVGPacketForwarder.kext (AVG Technologies CZ, s.r.o., 2.1 - SDK 10.12)</p><p></p><p> /Library/Extensions</p><p> Dropbox.kext (Dropbox, Inc., 1.10.3 - SDK 10.14)</p><p></p><p><strong>System Launch Agents:</strong></p><p></p><p> [Not Loaded] 18 Apple tasks</p><p></p><p></p><p> [Loaded] 147 Apple tasks</p><p></p><p></p><p> [Running] 144 Apple tasks</p><p></p><p></p><p> [Other] One Apple task</p><p></p><p></p><p><strong>System Launch Daemons:</strong></p><p></p><p> [Not Loaded] 36 Apple tasks</p><p></p><p></p><p> [Loaded] 165 Apple tasks</p><p></p><p></p><p> [Running] 134 Apple tasks</p><p></p><p></p><p> [Other] One Apple task</p><p></p><p></p><p><strong>Launch Agents:</strong></p><p> </p><p> [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2019-08-22)</p><p></p><p> </p><p> [Loaded] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2019-09-30)</p><p></p><p> </p><p> [Running] com.adobe.GC.AGM.plist (Adobe Systems, Inc. - installed 2019-10-25)</p><p></p><p> </p><p> [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2019-10-25)</p><p></p><p> </p><p> [Not Loaded] com.avg.hub.plist (AVG Technologies CZ, s.r.o. - installed 2019-12-20)</p><p></p><p> </p><p> [Loaded] com.avg.userinit.plist (? 3ed33f6f - installed 2019-12-20)</p><p></p><p> </p><p> [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-11-18)</p><p></p><p> </p><p> [Loaded] com.microsoft.OneDriveStandaloneUpdater.plist (? b97e8726 - installed 2019-07-23)</p><p></p><p> </p><p> [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2019-11-14)</p><p></p><p> </p><p> [Not Loaded] com.teamviewer.teamviewer.plist (TeamViewer GmbH - installed 2019-07-25)</p><p></p><p> </p><p> [Not Loaded] com.teamviewer.teamviewer_desktop.plist (TeamViewer GmbH - installed 2019-07-25)</p><p></p><p> </p><p><strong>Launch Daemons:</strong></p><p> </p><p> [Running] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2019-08-22)</p><p></p><p> </p><p> [Running] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2019-08-22)</p><p></p><p> </p><p> [Running] com.adobe.acc.installer.v2.plist (Adobe Systems, Inc. - installed 2019-09-30)</p><p></p><p> </p><p> [Loaded] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2019-10-25)</p><p></p><p> </p><p> [Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2019-11-22)</p><p></p><p> </p><p> [Not Loaded] com.avg.hub.schedule.plist (? a81c8beb - installed 2019-12-20)</p><p></p><p> </p><p> [Not Loaded] com.avg.hub.xpc.plist (AVG Technologies CZ, s.r.o. - installed 2019-12-20)</p><p></p><p> </p><p> [Loaded] com.avg.init.plist (? b7d61217 - installed 2019-12-20)</p><p></p><p> </p><p> [Loaded] com.avg.uninstall.plist (? 70fb3cd - installed 2019-12-20)</p><p></p><p> </p><p> [Loaded] com.avg.update.plist (? 3d634b49 - installed 2019-12-20)</p><p></p><p> </p><p> [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-12-19)</p><p></p><p> </p><p> [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-11-18)</p><p></p><p> </p><p> [Running] com.microsoft.OneDriveStandaloneUpdaterDaemon.plist (? 1a4f628 - installed 2019-07-25)</p><p></p><p> </p><p> [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (? a510a00 - installed 2019-07-23)</p><p></p><p> </p><p> [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2019-11-14)</p><p></p><p> </p><p> [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2019-07-15)</p><p></p><p> </p><p> [Not Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (? 0 - installed 2019-11-08)</p><p></p><p> </p><p> [Loaded] com.securemac.MacScanDaemon.plist (? 2f2f5c03 - installed 2019-12-23)</p><p></p><p> </p><p> [Loaded] com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2019-07-03)</p><p></p><p> </p><p> [Not Loaded] com.teamviewer.teamviewer_service.plist (TeamViewer GmbH - installed 2019-07-25)</p><p></p><p> </p><p><strong>User Launch Agents:</strong></p><p> </p><p> [Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2019-07-26)</p><p></p><p> </p><p> [Loaded] com.adobe.ccxprocess.plist (Apple - installed 2019-08-21)</p><p></p><p> </p><p> [Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2019-10-14)</p><p></p><p> </p><p> [Loaded] com.google.keystone.agent.plist (? 0 - installed 2019-12-04)</p><p></p><p> </p><p> [Loaded] com.google.keystone.xpcservice.plist (? 0 - installed 2019-12-04)</p><p></p><p> </p><p><strong>User Login Items:</strong></p><p></p><p> [Not Loaded] Any.do Login Helper (App Store - installed 2019-10-28)</p><p> Modern Login Item</p><p> /Applications/Any.do.app/Contents/Library/LoginItems/Any.do Login Helper.app</p><p></p><p> [Not Loaded] Day One Helper (App Store - installed 2019-12-03)</p><p> Modern Login Item</p><p> /Applications/Day One.app/Contents/Library/LoginItems/Day One Helper.app</p><p></p><p> [Not Loaded] LoginHelper (App Store - installed 2019-10-16)</p><p> Modern Login Item</p><p> /Applications/Go for Instagram.app/Contents/Library/LoginItems/LoginHelper.app</p><p></p><p> [Running] com.securemac.MacScanAgent (? - installed 2016-01-13)</p><p> Modern Login Item</p><p> /Applications/MacScan.app/Contents/Library/LoginItems/com.securemac.MacScanAgent.app</p><p></p><p> [Not Loaded] LaunchHelper (App Store - installed 2019-10-15)</p><p> Modern Login Item</p><p> /Applications/Mail for Gmail.app/Contents/Library/LoginItems/LaunchHelper.app</p><p></p><p> [Loaded] StartUpHelper (Spotify - installed 2019-11-28)</p><p> Modern Login Item</p><p> /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app</p><p></p><p> [Running] WunderlistHelper (App Store - installed 2019-11-01)</p><p> Modern Login Item</p><p> /Applications/Wunderlist.app/Contents/Library/LoginItems/WunderlistHelper.app</p><p></p><p> [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-04-30)</p><p> Modern Login Item</p><p> /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app</p><p></p><p> [Not Loaded] HP Product Research (HP Inc. - installed 2019-04-30)</p><p> Modern Login Item</p><p> /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app</p><p></p><p><strong>Internet Plug-ins:</strong></p><p></p><p> AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2019-12-19)</p><p> AdobePDFViewer: 19.021.20061 (Adobe Systems, Inc. - installed 2019-12-19)</p><p> PepperFlashPlayer: 32.0.0.303 (Adobe Systems, Inc. - installed 2019-12-21)</p><p> AdobeAAMDetect: 3.0.0.0 (Adobe Systems, Inc. - installed 2019-09-30)</p><p></p><p><strong>3rd Party Preference Panes:</strong></p><p></p><p> Flash Player (installed 2019-11-22)</p><p></p><p><strong>Time Machine:</strong></p><p></p><p> <strong>Time Machine Not Configured!</strong></p><p><strong></strong></p><p><strong>Performance:</strong></p><p></p><p> System Load: 9.89 (1 min ago) 4.81 (5 min ago) 3.82 (15 min ago)</p><p> Nominal I/O speed: 1.16 MB/s</p><p> File system: 26.43 seconds</p><p> Write speed: 1077 MB/s</p><p> Read speed: 2922 MB/s</p><p></p><p><strong>CPU Usage Snapshot:</strong></p><p></p><p> <strong>Type</strong> <strong>Overall</strong></p><p></p><p></p><p> System 11 %</p><p></p><p></p><p> User 21 %</p><p></p><p></p><p> Idle 68 %</p><p></p><p></p><p><strong>Top Processes Snapshot by CPU:</strong></p><p></p><p> <strong>Process (count)</strong> <strong>CPU</strong> (<strong>Source</strong> - <strong>Location</strong>)</p><p></p><p></p><p> Other processes 149.21 % (?)</p><p></p><p></p><p> Console 38.54 % (Apple)</p><p></p><p></p><p> Google Chrome 18.56 % (Google, Inc.)</p><p></p><p></p><p> Google Chrome Helper (GPU).app 17.86 % (Google, Inc.)</p><p></p><p></p><p> Activity Monitor 7.17 % (Apple)</p><p></p><p></p><p><strong>Top Processes Snapshot by Memory:</strong></p><p></p><p> <strong>Process (count)</strong> <strong>RAM usage</strong> (<strong>Source</strong> - <strong>Location</strong>)</p><p></p><p></p><p> EtreCheck 534 MB (App Store)</p><p></p><p></p><p> Console 284 MB (Apple)</p><p></p><p></p><p> Google Chrome 275 MB (Google, Inc.)</p><p></p><p></p><p> Activity Monitor 175 MB (Apple)</p><p></p><p></p><p> Google Chrome Helper (GPU).app 137 MB (Google, Inc.)</p><p></p><p></p><p><strong>Top Processes Snapshot by Network Use:</strong></p><p></p><p> <strong>Process</strong> <strong>Input</strong> / <strong>Output</strong> (<strong>Source</strong> - <strong>Location</strong>)</p><p></p><p></p><p> Other processes 161 MB / 20 MB (?)</p><p></p><p></p><p> rapportd 10 KB / 17 KB (Apple)</p><p></p><p></p><p> SystemUIServer 0 B / 7 KB (Apple)</p><p></p><p></p><p> PowerChime 634 B / 2 KB (Apple)</p><p></p><p></p><p> homed 0 B / 0 B (Apple)</p><p></p><p></p><p><strong>Virtual Memory Information:</strong></p><p></p><p> Physical RAM: 8 GB</p><p></p><p></p><p> Free RAM: 20 MB</p><p></p><p></p><p> Used RAM: 6.63 GB</p><p></p><p></p><p> Cached files: 1.35 GB</p><p></p><p></p><p> Available RAM: 1.37 GB</p><p></p><p></p><p> Swap Used: 2.75 GB</p><p></p><p></p><p><strong>Software Installs (past 30 days):</strong></p><p></p><p> <strong>Install Date</strong> <strong>Name</strong> (<strong>Version</strong>)</p><p></p><p></p><p> 2019-12-03 Day One (4.3.1)</p><p></p><p></p><p> 2019-12-08 OneDrive (19.192.0926)</p><p></p><p></p><p> 2019-12-11 Microsoft Excel</p><p></p><p></p><p> 2019-12-11 Microsoft OneNote</p><p></p><p></p><p> 2019-12-11 Microsoft Outlook</p><p></p><p></p><p> 2019-12-12 Adobe Acrobat DC (19.021.20058)</p><p></p><p></p><p> 2019-12-13 XProtectPlistConfigData (2110)</p><p></p><p></p><p> 2019-12-13 MRTConfigData (1.51)</p><p></p><p></p><p> 2019-12-15 Microsoft Word</p><p></p><p></p><p> 2019-12-15 Microsoft PowerPoint</p><p></p><p></p><p> 2019-12-19 Adobe Acrobat DC (19.021.20061)</p><p></p><p></p><p> 2019-12-19 Malwarebytes for Mac</p><p></p><p></p><p> 2019-12-20 AVG AntiVirus (19.4)</p><p></p><p></p><p> 2019-12-20 AVGHUB</p><p></p><p></p><p> 2019-12-20 Bitdefender Virus Scanner (3.15)</p><p></p><p></p><p> 2019-12-21 Adobe Pepper Flash Player</p><p></p><p></p><p> 2019-12-23 EtreCheck (5.4.8)</p><p></p><p></p><p><strong>Diagnostics Information (past 7-30 days):</strong></p><p></p><p> <strong>Directory /Library/Logs/DiagnosticReports is not accessible.</strong></p><p> <strong>Enable Full Drive Access to see more information.</strong></p><p><strong></strong></p><p><strong>End of report</strong></p></blockquote><p></p>
[QUOTE="Juliasand, post: 850296, member: 84783"] I've had different vague signs of remote monitoring. Can you have a look at the EtreCheck and see if something is up? FYI: I suddenly had TWO different Onedrive applications, so I deleted them both. But Onedrive is still showing up in the EtreCheck report as the only unsigned file not found on the white list. [B]EtreCheck version: 5.4.8 (5091) Report generated: 2019-12-23 22:24:44 Download EtreCheck from [URL="https://etrecheck.com"]EtreCheck[/URL] Runtime: 2:32 Performance: Excellent Sandbox: Enabled Full drive access: Disabled Problem: [/B]Other problem [B]Major Issues:[/B] Anything that appears on this list needs immediate attention. [B]No Time Machine backup[/B] - Time Machine backup not found. [B]Runaway process[/B] - A process is using a large percentage of your CPU. [B]Unsigned files[/B] - There are unsigned software files installed that could be adware and should be reviewed. [B]System Integrity Protection disabled[/B] - System Integrity Protection is disabled. This computer is at risk of malware infection. [B]Apple security disabled[/B] - Apple security software is disabled. This computer is at risk of malware infection. [B]More than one antivirus app[/B] - This machine has multiple antivirus apps installed. [B]Minor Issues:[/B] These issues do not need immediate attention but they may indicate future problems or opportunities for improvement. [B]System modifications[/B] - There are a large number of system modifications running in the background. [B]32-bit Apps[/B] - This machine has 32-bits apps will not work on macOS 10.15 “Catalina”. [B]Limited drive access[/B] - More information may be available with Full Drive Access. [B]Hardware Information:[/B] MacBook Pro (13-inch, 2018-2019, Four Thunderbolt 3 ports) MacBook Pro Model: MacBookPro15,2 1 2,3 GHz Quad-Core Intel Core i5 (i5-8259U) CPU: 4-core 8 GB RAM - Not upgradeable BANK 0/ChannelA-DIMM0 - 4 GB LPDDR3 2133 BANK 2/ChannelB-DIMM0 - 4 GB LPDDR3 2133 Battery: Health = Normal - Cycle count = 187 [B]Video Information:[/B] Intel Iris Plus Graphics 655 - VRAM: 1536 MB Color LCD (built-in) 2880 x 1800 [B]Drives:[/B] disk0 - APPLE SSD AP0256M 251.00 GB (Solid State - TRIM: Yes) Internal PCI-Express 8.0 GT/s x4 NVM Express disk0s1 - EFI [EFI] 315 MB disk0s2 [APFS Container] 250.69 GB disk1 [APFS Virtual drive] 250.69 GB (Shared by 5 volumes) disk1s1 - M*****************a (APFS) [APFS Virtual drive] (Shared - 99.03 GB used) disk1s2 - Preboot (APFS) [APFS Preboot] (Shared) disk1s3 - Recovery (APFS) [Recovery] (Shared) disk1s4 - VM (APFS) [APFS VM] (Shared - 5.37 GB used) disk1s5 - Macintosh HD (APFS) (Shared - 10.71 GB used) [B]Mounted Volumes:[/B] disk1s1 - M*****************a [APFS Virtual drive] 250.69 GB (Shared - 99.03 GB used, 144.40 GB available, 134.29 GB free) APFS Mount point: /System/Volumes/Data Encrypted disk1s4 - VM [APFS VM] 250.69 GB (Shared - 5.37 GB used, 134.29 GB free) APFS Mount point: /private/var/vm Encrypted disk1s5 - Macintosh HD 250.69 GB (Shared - 10.71 GB used, 144.40 GB available, 134.29 GB free) APFS Mount point: / Encrypted Read-only: Yes disk2s1 - S************1 409 MB (405 MB used, 3 MB free) Mac OS Extended Disk Image Mount point: /Volumes/S************1 Owners enabled: No Read-only: Yes disk3s1 - A***********s 25 MB (21 MB used, 4 MB free) Mac OS Extended Disk Image Mount point: /Volumes/A***********s Owners enabled: No Read-only: Yes disk4s2 - Flash Player 24 MB (24 MB used) Mac OS Extended Disk Image Mount point: /Volumes/Flash Player Owners enabled: No Read-only: Yes disk5s2 - M*****n 34 MB (21 MB used, 13 MB free) Mac OS Extended Disk Image Mount point: /Volumes/M*****n Owners enabled: No Read-only: Yes disk6s2 - M*********b 100 MB (100 MB used) Mac OS Extended Disk Image Mount point: /Volumes/M*********b Owners enabled: No Read-only: Yes [B]Network:[/B] Interface en7: USB-C Dock Ethernet Interface en8: ThinkPad TBT3 LAN Interface en11: USB 10/100/1000 LAN Interface en0: Wi-Fi 802.11 a/b/g/n/ac Interface en10: iPhone Interface en6: Bluetooth PAN Interface bridge0: Thunderbolt Bridge Interface en9: Apple USB Ethernet Adapter Interface en12: iPhone 2 [B]System Software:[/B] macOS Catalina 10.15.1 (19B88) Time since boot: About 20 days [B]Notifications:[/B] [B]Notifications not available without Full Drive Access. Security:[/B] Gatekeeper: Enabled System Integrity Protection: Disabled Antivirus software: AVG, SecureMac, and Malwarebytes [B]Unsigned Files:[/B] Launchd: /Library/LaunchDaemons/com.avg.uninstall.plist Executable: /Library/Application Support/AVGAntivirus/autouninstall/autouninstall.sh Details: Exact match found in the whitelist - probably OK Launchd: ~/Library/LaunchAgents/com.google.keystone.xpcservice.plist Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost Details: Exact match found in the whitelist - probably OK Launchd: [B]/Library/LaunchDaemons/com.microsoft.OneDriveStandaloneUpdaterDaemon.plist[/B] Executable: /Applications/OneDrive.app/Contents/StandaloneUpdaterDaemon.xpc/Contents/MacOS/StandaloneUpdaterDaemon Launchd: /Library/LaunchDaemons/com.avg.update.plist Executable: /Applications/AVGAntivirus.app/Contents/Backend/scripts/update/update.sh Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchDaemons/com.avg.hub.schedule.plist Executable: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/schedule.sh --ttl 14400 Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchAgents/com.microsoft.OneDriveStandaloneUpdater.plist Executable: /Applications/OneDrive.app/Contents/StandaloneUpdater.app/Contents/MacOS/OneDriveStandaloneUpdater Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchAgents/com.avg.userinit.plist Executable: /Applications/AVGAntivirus.app/Contents/Backend/hub/userinit.sh Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchDaemons/com.microsoft.OneDriveUpdaterDaemon.plist Executable: /Applications/OneDrive.app/Contents/OneDriveUpdaterDaemon.xpc/Contents/MacOS/OneDriveUpdaterDaemon Details: Exact match found in the whitelist - probably OK Launchd: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/com.avg.hub.schedule.plist Executable: /Library/Application Support/AVGHUB/com.avg.hub.app/Contents/scripts/schedule.sh --ttl 14400 Details: Exact match found in the whitelist - probably OK Launchd: ~/Library/LaunchAgents/com.google.keystone.agent.plist Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded Details: Exact match found in the whitelist - probably OK Launchd: /Library/LaunchDaemons/com.avg.init.plist Executable: /Applications/AVGAntivirus.app/Contents/Backend/hub/init.sh Details: Exact match found in the whitelist - probably OK Login Item: /Applications/MacScan.app/Contents/Library/LoginItems/com.securemac.MacScanAgent.app [B]32-bit Applications:[/B] 5 32-bit apps [B]Kernel Extensions:[/B] /Applications/AVGAntivirus.app AVGFileShield.kext (AVG Technologies CZ, s.r.o., 4.0.0 - SDK 10.12) AVGPacketForwarder.kext (AVG Technologies CZ, s.r.o., 2.1 - SDK 10.12) /Library/Extensions Dropbox.kext (Dropbox, Inc., 1.10.3 - SDK 10.14) [B]System Launch Agents:[/B] [Not Loaded] 18 Apple tasks [Loaded] 147 Apple tasks [Running] 144 Apple tasks [Other] One Apple task [B]System Launch Daemons:[/B] [Not Loaded] 36 Apple tasks [Loaded] 165 Apple tasks [Running] 134 Apple tasks [Other] One Apple task [B]Launch Agents:[/B] [Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2019-08-22) [Loaded] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2019-09-30) [Running] com.adobe.GC.AGM.plist (Adobe Systems, Inc. - installed 2019-10-25) [Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2019-10-25) [Not Loaded] com.avg.hub.plist (AVG Technologies CZ, s.r.o. - installed 2019-12-20) [Loaded] com.avg.userinit.plist (? 3ed33f6f - installed 2019-12-20) [Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-11-18) [Loaded] com.microsoft.OneDriveStandaloneUpdater.plist (? b97e8726 - installed 2019-07-23) [Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2019-11-14) [Not Loaded] com.teamviewer.teamviewer.plist (TeamViewer GmbH - installed 2019-07-25) [Not Loaded] com.teamviewer.teamviewer_desktop.plist (TeamViewer GmbH - installed 2019-07-25) [B]Launch Daemons:[/B] [Running] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2019-08-22) [Running] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2019-08-22) [Running] com.adobe.acc.installer.v2.plist (Adobe Systems, Inc. - installed 2019-09-30) [Loaded] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2019-10-25) [Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2019-11-22) [Not Loaded] com.avg.hub.schedule.plist (? a81c8beb - installed 2019-12-20) [Not Loaded] com.avg.hub.xpc.plist (AVG Technologies CZ, s.r.o. - installed 2019-12-20) [Loaded] com.avg.init.plist (? b7d61217 - installed 2019-12-20) [Loaded] com.avg.uninstall.plist (? 70fb3cd - installed 2019-12-20) [Loaded] com.avg.update.plist (? 3d634b49 - installed 2019-12-20) [Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-12-19) [Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-11-18) [Running] com.microsoft.OneDriveStandaloneUpdaterDaemon.plist (? 1a4f628 - installed 2019-07-25) [Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (? a510a00 - installed 2019-07-23) [Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2019-11-14) [Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2019-07-15) [Not Loaded] com.microsoft.teams.TeamsUpdaterDaemon.plist (? 0 - installed 2019-11-08) [Loaded] com.securemac.MacScanDaemon.plist (? 2f2f5c03 - installed 2019-12-23) [Loaded] com.teamviewer.Helper.plist (TeamViewer GmbH - installed 2019-07-03) [Not Loaded] com.teamviewer.teamviewer_service.plist (TeamViewer GmbH - installed 2019-07-25) [B]User Launch Agents:[/B] [Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2019-07-26) [Loaded] com.adobe.ccxprocess.plist (Apple - installed 2019-08-21) [Loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2019-10-14) [Loaded] com.google.keystone.agent.plist (? 0 - installed 2019-12-04) [Loaded] com.google.keystone.xpcservice.plist (? 0 - installed 2019-12-04) [B]User Login Items:[/B] [Not Loaded] Any.do Login Helper (App Store - installed 2019-10-28) Modern Login Item /Applications/Any.do.app/Contents/Library/LoginItems/Any.do Login Helper.app [Not Loaded] Day One Helper (App Store - installed 2019-12-03) Modern Login Item /Applications/Day One.app/Contents/Library/LoginItems/Day One Helper.app [Not Loaded] LoginHelper (App Store - installed 2019-10-16) Modern Login Item /Applications/Go for Instagram.app/Contents/Library/LoginItems/LoginHelper.app [Running] com.securemac.MacScanAgent (? - installed 2016-01-13) Modern Login Item /Applications/MacScan.app/Contents/Library/LoginItems/com.securemac.MacScanAgent.app [Not Loaded] LaunchHelper (App Store - installed 2019-10-15) Modern Login Item /Applications/Mail for Gmail.app/Contents/Library/LoginItems/LaunchHelper.app [Loaded] StartUpHelper (Spotify - installed 2019-11-28) Modern Login Item /Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app [Running] WunderlistHelper (App Store - installed 2019-11-01) Modern Login Item /Applications/Wunderlist.app/Contents/Library/LoginItems/WunderlistHelper.app [Not Loaded] HP Device Monitor (HP Inc. - installed 2019-04-30) Modern Login Item /Library/Printers/hp/Frameworks/HPDeviceMonitoring.framework/Versions/1.0/Helpers/HP Device Monitor Manager.app/Contents/Library/LoginItems/HP Device Monitor.app [Not Loaded] HP Product Research (HP Inc. - installed 2019-04-30) Modern Login Item /Library/Printers/hp/Utilities/HPPU Plugins/ProductImprovementStudy.hptask/Contents/Helpers/HP Product Research Manager.app/Contents/Library/LoginItems/HP Product Research.app [B]Internet Plug-ins:[/B] AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2019-12-19) AdobePDFViewer: 19.021.20061 (Adobe Systems, Inc. - installed 2019-12-19) PepperFlashPlayer: 32.0.0.303 (Adobe Systems, Inc. - installed 2019-12-21) AdobeAAMDetect: 3.0.0.0 (Adobe Systems, Inc. - installed 2019-09-30) [B]3rd Party Preference Panes:[/B] Flash Player (installed 2019-11-22) [B]Time Machine:[/B] [B]Time Machine Not Configured! Performance:[/B] System Load: 9.89 (1 min ago) 4.81 (5 min ago) 3.82 (15 min ago) Nominal I/O speed: 1.16 MB/s File system: 26.43 seconds Write speed: 1077 MB/s Read speed: 2922 MB/s [B]CPU Usage Snapshot:[/B] [B]Type[/B] [B]Overall[/B] System 11 % User 21 % Idle 68 % [B]Top Processes Snapshot by CPU:[/B] [B]Process (count)[/B] [B]CPU[/B] ([B]Source[/B] - [B]Location[/B]) Other processes 149.21 % (?) Console 38.54 % (Apple) Google Chrome 18.56 % (Google, Inc.) Google Chrome Helper (GPU).app 17.86 % (Google, Inc.) Activity Monitor 7.17 % (Apple) [B]Top Processes Snapshot by Memory:[/B] [B]Process (count)[/B] [B]RAM usage[/B] ([B]Source[/B] - [B]Location[/B]) EtreCheck 534 MB (App Store) Console 284 MB (Apple) Google Chrome 275 MB (Google, Inc.) Activity Monitor 175 MB (Apple) Google Chrome Helper (GPU).app 137 MB (Google, Inc.) [B]Top Processes Snapshot by Network Use:[/B] [B]Process[/B] [B]Input[/B] / [B]Output[/B] ([B]Source[/B] - [B]Location[/B]) Other processes 161 MB / 20 MB (?) rapportd 10 KB / 17 KB (Apple) SystemUIServer 0 B / 7 KB (Apple) PowerChime 634 B / 2 KB (Apple) homed 0 B / 0 B (Apple) [B]Virtual Memory Information:[/B] Physical RAM: 8 GB Free RAM: 20 MB Used RAM: 6.63 GB Cached files: 1.35 GB Available RAM: 1.37 GB Swap Used: 2.75 GB [B]Software Installs (past 30 days):[/B] [B]Install Date[/B] [B]Name[/B] ([B]Version[/B]) 2019-12-03 Day One (4.3.1) 2019-12-08 OneDrive (19.192.0926) 2019-12-11 Microsoft Excel 2019-12-11 Microsoft OneNote 2019-12-11 Microsoft Outlook 2019-12-12 Adobe Acrobat DC (19.021.20058) 2019-12-13 XProtectPlistConfigData (2110) 2019-12-13 MRTConfigData (1.51) 2019-12-15 Microsoft Word 2019-12-15 Microsoft PowerPoint 2019-12-19 Adobe Acrobat DC (19.021.20061) 2019-12-19 Malwarebytes for Mac 2019-12-20 AVG AntiVirus (19.4) 2019-12-20 AVGHUB 2019-12-20 Bitdefender Virus Scanner (3.15) 2019-12-21 Adobe Pepper Flash Player 2019-12-23 EtreCheck (5.4.8) [B]Diagnostics Information (past 7-30 days):[/B] [B]Directory /Library/Logs/DiagnosticReports is not accessible.[/B] [B]Enable Full Drive Access to see more information. End of report[/B] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
