Thanks chscag
I installed malwarebytes, it detected some malware, and after a restart the etrecheck just showed a couple of aphrodite plists. I deleted those. It also showed a malware executable but this couldn't be found in library. Anyway, after another restart this seems to have gone as well.
So hopefully the unwanted data transfers will now stop.
Have pasted the last etrecheck report.
Not sure about the heavy I/O use
Thanks again.
EtreCheck version: 5.0.2 (5015)
Report generated: 2018-11-18 22:07:06
Download EtreCheck from
https://etrecheck.com
Runtime: 3:08
Performance: Good
Sandbox: Enabled
Full drive access: Disabled
Problem: Other problem
Description:
? malware
Major Issues:
Anything that appears on this list needs immediate attention.
More than one antivirus app - This machine has multiple antivirus apps installed.
Minor Issues:
These issues do not need immediate attention but they may indicate future problems.
Unsigned files - There are unsigned software files installed. They appear to be legitimate but should be reviewed.
Heavy I/O usage - Your system is under heavy I/O use. This will reduce your performance.
32-bit Apps - This machine has 32-bits apps that may have problems in the future.
Hardware Information:
MacBook Pro (Retina, 13-inch, Early 2015)
MacBook Pro Model: MacBookPro12,1
1 2,9 GHz Intel Core i5 (i5-5287U) CPU: 2-core
8 GB RAM - Not upgradeable
BANK 0/DIMM0 - 4 GB DDR3 1867 ok
BANK 1/DIMM0 - 4 GB DDR3 1867 ok
Battery: Health = Normal - Cycle count = 197
Video Information:
Intel Iris Graphics 6100 - VRAM: 1536 MB
Color LCD 2560 x 1600
Drives:
disk0 - APPLE SSD SM0512G 500.28 GB (Solid State - TRIM: Yes)
Internal PCI 5.0 GT/s x4 Serial ATA
disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB
disk0s2 [APFS Container] 500.07 GB
disk1 [APFS Virtual drive] 500.07 GB (Shared by 4 volumes)
disk1s1 - Macintosh HD (APFS) (Shared - 424.08 GB used)
disk1s2 - Preboot (APFS) [APFS Preboot] (Shared)
disk1s3 - Recovery (APFS) [Recovery] (Shared)
disk1s4 - VM (APFS) [APFS VM] (Shared - 1.07 GB used)
Mounted Volumes:
disk1s1 - Macintosh HD 500.07 GB (74.19 GB free)
APFS
Mount point: /
disk1s4 - VM [APFS VM] (Shared - 1.07 GB used)
APFS
Mount point: /private/var/vm
Network:
Interface usbmodem1411: DJI CONTROLLER
Interface en5: Thunderbolt Ethernet
Interface en6: iPad
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
Interface en3: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
System Software:
macOS Mojave 10.14.1 (18B75)
Time since boot: Less than an hour
Security:
System Status
Gatekeeper Enabled
System Integrity Protection Enabled
Unsigned Files:
Launchd: ~/Library/LaunchAgents/com.akamai.single-user-client.plist
Executable: ~/Applications/Akamai/netsession_mac
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.google.keystone.agent.plist
Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/com.oracle.java.Java-Updater.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.dropbox.DropboxMacUpdate.agent.plist
Executable: ~/Library/Dropbox/DropboxMacUpdate.app/Contents/MacOS/DropboxMacUpdate -check periodic
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.macpaw.CleanMyMac4.HealthMonitor.plist
Executable: ~/Library/Application Support/CleanMyMac X/CleanMyMac X HealthMonitor.app/Contents/MacOS/CleanMyMac X HealthMonitor
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.amazon.music.plist
Executable: /Applications/Amazon Music.app/Contents/MacOS/Amazon Music Helper
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/ch.tripmode.nke.TripMode.plist
Executable: /Library/Application Support/TripMode/TripModeNKE.kext/Contents/Resources/loadkext.sh '/Library/Application Support/TripMode/TripModeNKE.kext'
Details: Exact match found in the whitelist - probably OK
Launchd: ~/Library/LaunchAgents/com.macpaw.CleanMyMac4.Updater.plist
Executable: ~/Library/Application Support/CleanMyMac X/CleanMyMac X Updater.app/Contents/MacOS/CleanMyMac X Updater
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Helper-Tool
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.dymo.dls.webservice.plist
Executable: /Library/Frameworks/DYMO/SDK/DYMO.DLS.Printing.Host.app/Contents/MacOS/DYMO.DLS.Printing.Host
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchAgents/com.oracle.java.Java-Updater.plist
Executable: /Library/Internet Plug-Ins/JavaAppletPlugin.plugin/Contents/Resources/Java Updater.app/Contents/MacOS/Java Updater -bgcheck
Details: Exact match found in the whitelist - probably OK
Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist
Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper
Details: Exact match found in the whitelist - probably OK
32-bit Applications:
38 32-bit apps
Kernel Extensions:
/Applications/TripMode.app
TripModeNKE.kext (Ludovic LEGER, 2.0.2 - SDK 10.10)
/Applications/duet.app
DuetDisplay.kext (Rahul Dewan, 2.1.4 - SDK 10.9)
/Library/Application Support/Malwarebytes/MBAM/Kext
MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.5 - SDK 10.13)
/System/Library/Extensions
DymoUsbPrinterClassDriver.kext (1.1 - SDK 10.11)
HoRNDIS.kext (8 - SDK 10.6)
System Launch Agents:
[Not Loaded] 16 Apple tasks
[Loaded] 185 Apple tasks
[Running] 98 Apple tasks
System Launch Daemons:
[Not Loaded] 33 Apple tasks
[Loaded] 192 Apple tasks
[Running] 111 Apple tasks
Launch Agents:
[Running] com.dymo.dls.webservice.plist (? 77c41eb - installed 2016-11-08)
[Not Loaded] com.oracle.java.Java-Updater.plist (? 92d54e28 - installed 2018-10-06)
[Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-11-04)
[Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2015-05-03)
[Running] com.trusteer.rapport.rapportd.plist (Trusteer LTD - installed 2018-02-21)
[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2018-11-09)
Launch Daemons:
[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2018-11-18)
[Loaded] com.adobe.fpsaud.plist (Adobe Systems, Inc. - installed 2018-10-30)
[Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2010-08-25)
[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2018-11-09)
[Loaded] ch.tripmode.nke.TripMode.plist (? ad66da38 - installed 2018-11-11)
[Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-11-04)
[Loaded] ch.tripmode.TripMode.HelperTool.plist (Ludovic LEGER - installed 2018-11-11)
[Running] com.dymo.pnpd.plist (? 0 - installed 2016-11-08)
[Not Loaded] com.oracle.java.Helper-Tool.plist (? e3fefdd2 - installed 2018-10-06)
[Loaded] com.apple.installer.osmessagetracing.plist (Apple - installed 2018-10-24)
[Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-11-04)
[Running] com.trusteer.rooks.rooksd.plist (Trusteer LTD - installed 2018-02-21)
User Launch Agents:
[Loaded] com.dropbox.DropboxMacUpdate.agent.plist (? 0 - installed 2018-10-25)
[Running] com.akamai.single-user-client.plist (? 0 - installed 2018-05-11)
[Loaded] com.macpaw.CleanMyMac4.HealthMonitor.plist (? 0 - installed 2018-10-29)
[Running] com.macpaw.CleanMyMac4.Updater.plist (? 0 - installed 2018-10-29)
[Running] com.amazon.music.plist (? 0 - installed 2016-07-07)
[Loaded] com.google.keystone.agent.plist (? 0 - installed 2018-07-10)
[Loaded] com.bittorrent.uTorrent.plist (BitTorrent, Inc - installed 2015-11-11)
User Login Items:
Android File Transfer Agent.app (? - installed 2017-10-28)
(/private/var/folders/dq/zjzsdydj3cvcmh34blfhnscm0000gn/T/AppTranslocation/D5F436A5-AB1E-4FD8-A48D-005F821544BF/d/Android File Transfer Agent.app)
Backup and Sync.app (Google, Inc. - installed 2018-10-05)
(/Applications/Backup and Sync.app)
Bandwidth+.app (App Store - installed 2018-04-11)
(/Applications/Bandwidth+.app)
Dropbox.app (Dropbox, Inc. - installed 2018-11-08)
(/Applications/Dropbox.app)
Keenai.app (Eye-Fi, Inc - installed 2017-05-22)
(/Applications/Keenai.app)
TripMode.app (Ludovic LEGER - installed 2018-10-30)
(/Applications/TripMode.app)
WeatherCat.app (Stuart Ball - installed 2018-10-25)
(/Applications/WeatherCat.app)
duet.app (Rahul Dewan - installed 2018-07-19)
(/Applications/duet.app)
Internet Plug-ins:
FlashPlayer-10.6: 31.0.0.148 (installed 2018-11-14)
QuickTime Plugin: 7.7.3 (installed 2018-11-11)
AdobePDFViewerNPAPI: 17.012.20098 (installed 2018-09-20)
AdobePDFViewer: 19.008.20071 (installed 2018-09-20)
DYMO NPAPI Addin: 1.0 (installed 2017-01-28)
Flash Player: 31.0.0.148 (installed 2018-11-14)
SharePointBrowserPlugin: 14.7.7 (installed 2017-10-18)
PepperFlashPlayer: 31.0.0.148 (installed 2018-11-14)
DYMO Safari Addin: (installed 2017-01-28)
Silverlight: 5.1.41212.0 (installed 2016-01-28)
JavaAppletPlugin: Java 8 Update 191 build 12 (installed 2018-11-10)
3rd Party Preference Panes:
Flash Player (installed 2018-10-30)
Java (installed 2018-11-10)
Trusteer Endpoint Protection (installed 2018-03-20)
Time Machine:
Time Machine information not available without Full Drive Access.
Performance:
System Load: 65.86 (1 min ago) 20.35 (5 min ago) 7.71 (15 min ago)
Nominal I/O speed: 13.11 MB/s
File system: 92.51 seconds
Write speed: 430 MB/s
Read speed: 1381 MB/s
CPU Usage:
Type Overall Individual cores
System 10 % 14 % 6 % 13 % 6 %
User 21 % 28 % 15 % 27 % 14 %
Idle 70 % 58 % 79 % 60 % 81 %
Top Processes by CPU:
Process (count) Source CPU Location
Other processes ? 84.96 %
mdworker_shared (7) Apple 24.04 %
EtreCheck App Store 4.79 %
mdworker Apple 2.22 %
identityservicesd Apple 1.84 %
Top Processes by Memory:
Process (count) Source RAM usage Location
WeatherCat Stuart Ball 816 MB
EtreCheck App Store 598 MB
Dropbox Dropbox, Inc. 197 MB
Backup and Sync Google, Inc. 171 MB
Keenai Eye-Fi, Inc 89 MB
Top Processes by Network Use:
Process Source Input Output Location
Dropbox Dropbox, Inc. 134 KB 542 KB
mDNSResponder Apple 92 KB 31 KB
cloudd Apple 17 KB 10 KB
netsession_mac ? 7 KB 14 KB ~/Applications/Akamai
TripMode Ludovic LEGER 13 KB 3 KB
Virtual Memory Information:
Available RAM 4.05 GB
Free RAM 1.77 GB
Used RAM 3.95 GB
Cached files 2.28 GB
Swap Used 0 B
Software Installs (past 30 days):
Name Version Install Date
Memory Clean 6.6 2018-10-29
App Cleaner & Uninstal*ler 6.0 2018-10-29
Gatekeeper Configuration Data 156 2018-10-30
Adobe Acrobat Reader DC (Continuous) 2018-11-04
Pages 7.0 2018-11-10
Numbers 5.0 2018-11-10
Keynote 8.0 2018-11-10
EtreCheck 5.0.2 2018-11-10
Telegram 4.6.1 2018-11-10
Java 8 Update 191 2018-11-10
Adobe Flash Player 2018-11-14
Adobe Pepper Flash Player 2018-11-14
Evernote 7.6 2018-11-16
Malwarebytes for Mac 2018-11-18
Diagnostics Information (past 7 days):
Directory /Library/Logs/DiagnosticReports is not accessible without Full Drive Access.
End of report
