Backdoor created on my MacBook Pro??? Password bypass iPhone??

[amamo5]

Hello,
I have a 2019 MacBook Pro 2.3 GHz 8-Core Intel Core i9, a iPhone 12 Pro Max and an Apple Watch v 6.
I have been noticing that they have all been running slow and “odd” things have been happening recently. For example when I close my computer for the day (not putting it into sleep or shutting down), when I come back to it - I get a message about it not being able to log out due to some program not saving the work. I have a document in word that refuses to save for example. Apps on my phone stopped downloading updates automatically, sometimes they seem to have moved around.

I downloaded MalwareBytes at one point and never got any alerts so I thought everything was fine. More recently, I noticed that my wifi looked funny. It said “weak security” (see attached). Digging into it more, I some things were off, I was connected to a Network, I didn’t recognize. The tcp/ip had two ipvP6 addresses. I think I found a “backdoor” entrance, found some other odd things in users, sharing and a downloaded disc image. I included a lot of images with more detail. I know several coders and I’m wondering if it’s possible someone used their skills to have access to my personal info for their personal use? Or if someone is wanting my data for business purposes. Also, how do I find out for sure when it was done? Can I find out what exactly was done? Where is my data going? Who did it? I also attached the EtreCheckpro report. MalwareBytes is clear - Looks like there was something written in the code to bypass it. There are two different UUIDs under the Thunderport.

Please help! I can check anything else

 

[amamo5]

Apps with heavy CPU usage - There have been numerous cases of apps with heavy CPU usage.

System modifications - There are a large number of system modifications running in the background.

Runaway user process - A user process is using a large percentage of your CPU.

x86-only Apps - This computer has x86-only apps might not work on future versions of the operating system.

Limited drive access - More information may be available with Full Drive Access.

Hardware Information:
MacBook Pro (16-inch, 2019)
MacBook Pro Model: MacBookPro16,1
2.3 GHz 8-Core Intel Core i9 (i9-9880H) CPU: 8-core
16 GB RAM - Not upgradeable
BANK 0/ChannelA-DIMM0 - 8 GB DDR4 2667
BANK 2/ChannelB-DIMM0 - 8 GB DDR4 2667
Battery: Health = Normal - Cycle count = 82

Video Information:
Intel UHD Graphics 630 - VRAM: 1536 MB
AMD Radeon Pro 5500M - VRAM: 4 GB
Color LCD (built-in) 3584 x 2240

Drives:
disk0 - APPLE SSD AP1024N 1.00 TB (Solid State - TRIM: Yes)
Internal PCI-Express 8.0 GT/s x4 NVM Express
disk0s1 - EFI [EFI] 315 MB
disk0s2 [APFS Container] 1.00 TB
disk1 [APFS Virtual drive] 1.00 TB (Shared by 6 volumes)
disk1s1 (APFS) [APFS Container] (Shared - 15.33 GB used)
disk1s1s1 - Macintosh HD (APFS) [APFS Snapshot] (Shared - 15.33 GB used)
disk1s2 - Macintosh HD - Data (APFS) [APFS Virtual drive] (Shared - 355.16 GB used)
disk1s3 - Preboot (APFS) [APFS Preboot] (Shared - 366 MB used)
disk1s4 - Recovery (APFS) [Recovery] (Shared - 623 MB used)
disk1s5 - VM (APFS) [APFS VM] (Shared - 2.15 GB used)
disk1s6 - Update (APFS) (Shared - 991 KB used)

Mounted Volumes:
disk1s1s1 - Macintosh HD [APFS Snapshot]
1.00 TB (Shared - 15.33 GB used, 674.00 GB available, 626.41 GB free)
APFS
Mount point: /
Read-only: Yes
disk1s2 - Macintosh HD - Data [APFS Virtual drive]
1.00 TB (Shared - 355.16 GB used, 674.00 GB available, 626.41 GB free)
APFS
Mount point: /System/Volumes/Data
Encrypted
disk1s3 - Preboot [APFS Preboot]
1.00 TB (Shared - 366 MB used, 626.41 GB free)
APFS
Mount point: /System/Volumes/Preboot
disk1s5 - VM [APFS VM]
1.00 TB (Shared - 2.15 GB used, 626.41 GB free)
APFS
Mount point: /System/Volumes/VM
disk1s6 - Update
1.00 TB (Shared - 991 KB used, 626.41 GB free)
APFS
Mount point: /System/Volumes/Update

Network:
Interface en0: Wi-Fi
802.11 a/b/g/n/ac
Interface en6: Bluetooth PAN
Interface bridge0: Thunderbolt Bridge
iCloud Quota: 1.75 TB available

System Software:
macOS Big Sur 11.6 (20G165)
Time since boot: About 3 days

Notifications:

Creative Cloud.app

2 notifications


Security:
Gatekeeper: App Store and identified developers

System Integrity Protection: Enabled

Antivirus software: Apple and Malwarebytes


Old Applications:
5 x86-only apps

System Launch Daemons:
[Not Loaded] 36 Apple tasks

[Loaded] 169 Apple tasks

[Running] 157 Apple tasks

[Other] 2 Apple tasks


System Launch Agents:
[Not Loaded] 16 Apple tasks

[Loaded] 161 Apple tasks

[Running] 157 Apple tasks

Launch Daemons:
[Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Inc. - installed 2022-01-07)

[Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Inc. - installed 2022-01-07)

[Running] com.adobe.acc.installer.v2.plist (Adobe Inc. - installed 2021-10-28)

[Loaded] com.adobe.agsservice.plist (Adobe Inc. - installed 2021-12-10)

[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2021-11-13)

[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2021-11-13)

[Running] com.microsoft.OneDriveStandaloneUpdaterDaemon.plist (Microsoft Corporation - installed 2021-10-28)

[Loaded] com.microsoft.OneDriveUpdaterDaemon.plist (Microsoft Corporation - installed 2021-10-28)

[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2021-12-14)

[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2021-11-17)

[Loaded] me.connectify.SMJobBlessHelper.plist (Connectify, Inc. - installed 2021-10-28)

 

[amamo5]

Launch Agents:
[Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Inc. - installed 2022-01-07)

[Running] com.adobe.AdobeCreativeCloud.plist (Adobe Inc. - installed 2021-12-15)

[Running] com.adobe.GC.AGM.plist (Adobe Inc. - installed 2021-12-10)

[Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-12-10)

[Loaded] com.adobe.ccxprocess.plist (Adobe Inc. - installed 2021-12-21)

[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2021-11-13)

[Loaded] com.microsoft.OneDriveStandaloneUpdater.plist (Microsoft Corporation - installed 2021-10-28)

[Loaded] com.microsoft.update.agent.plist (Microsoft Corporation - installed 2021-12-14)


User Launch Agents:
[Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Inc. - installed 2021-12-10)


User Login Items:
[Not Loaded] Launcher Disabler (Microsoft Corporation - installed 2021-10-28)
Modern Login Item
/Applications/OneDrive.app/Contents/Library/LoginItems/Launcher Disabler.app
[Not Loaded] OneDrive Launcher (Microsoft Corporation - installed 2021-10-28)
Modern Login Item
/Applications/OneDrive.app/Contents/Library/LoginItems/OneDrive Launcher.app
[Not Loaded] StartUpHelper (Spotify - installed 2021-10-28)
Modern Login Item
/Applications/Spotify.app/Contents/Library/LoginItems/StartUpHelper.app

Internet Plug-ins:
AdobeAAMDetect: 3.0.0.0 (Adobe Inc. - installed 2021-10-28)

Safari Extensions:
G App Launcher Extension (App Store - installed 2021-12-14)


Backup:
Time Machine Not Configured!

Performance:
System Load: 26.96 (1 min ago) 26.16 (5 min ago) 25.65 (15 min ago)
Nominal I/O speed: 6.81 MB/s
File system: 60.47 seconds
Write speed: 2398 MB/s
Read speed: 2768 MB/s

CPU Usage Snapshot:
Type Overall

System: 6 %

User: 13 %

Idle: 81 %


Top Processes Snapshot by CPU:
Process (count) CPU (Source - Location)

IMDPersistenceAgent 87.74 % (Apple)

EtreCheckPro 32.52 % (Etresoft, Inc.)

Finder 32.38 % (Apple)

System Information 20.78 % (Apple)

diskarbitrationd 14.76 % (Apple)


Top Processes Snapshot by Memory:
Process (count) RAM usage (Source - Location)

com.apple.WebKit.WebContent (30) 1.82 GB (Apple)

EtreCheckPro 622 MB (Etresoft, Inc.)

MTLCompilerService (107) 427 MB (Apple)

Finder 400 MB (Apple)

Microsoft Word 256 MB (Microsoft Corporation)


Top Processes Snapshot by Network Use:
Process Input / Output (Source - Location)

mDNSResponder 932 KB / 771 KB (Apple)

biometrickitd 415 KB / 102 KB (Apple)

Mail 437 KB / 8 KB (Apple)

remoted 111 KB / 150 KB (Apple)

apsd 42 KB / 64 KB (Apple)


Top Processes Snapshot by Energy Use:
Process (count) Energy (0-100) (Source - Location)

IMDPersistenceAgent 28 (Apple)

Finder 13 (Apple)

System Information 8 (Apple)

diskarbitrationd 7 (Apple)

cfprefsd (3) 5 (Apple)


Virtual Memory Information:
Physical RAM: 16 GB


Free RAM: 135 MB

Used RAM: 12.71 GB

Cached files: 3.16 GB


Available RAM: 3.29 GB

Swap Used: 494 MB


Software Installs (past 60 days):
Install Date Name (Version)

2021-11-13 Malwarebytes for Mac (1.0)

2021-11-16 iMovie (10.3.1)

2021-11-17 Microsoft Office Licensing Helper (0)

2021-11-21 Adobe Acrobat Reader DC (Continuous) (21.007.20099)

2021-12-06 Audio Library (3.4.2)

2021-12-10 GarageBand (10.4.5)

2021-12-14 G App Launcher (24.4.0)

2021-12-14 Microsoft AutoUpdate (4.42.21121100)

2021-12-14 Microsoft Excel (16.56.21121100)

2021-12-14 Microsoft OneNote (16.56.21121100)

2021-12-14 Microsoft Outlook (16.56.21121100)

2021-12-14 Microsoft PowerPoint (16.56.21121100)

2021-12-14 Microsoft Word (16.56.21121100)

2021-12-17 XProtectPlistConfigData (2153)

2021-12-19 Mobile Device (1.0.0.0)

2022-01-07 ARMDC Agent Installer (1.0.0)

Diagnostics Information (past 7-30 days):
2022-01-10 07:33:06 RTProtectionDaemon.app - High CPU Use (2 times)
Executable: /Library/Application Support/Malwarebytes/MBAM/Engine.bundle/Contents/PlugIns/RTProtectionDaemon.app
2022-01-10 06:08:42 Finder.app - High CPU Use
Executable: /System/Library/CoreServices/Finder.app
2022-01-08 19:56:41 Keyboard.prefPane - Crash
Executable: /System/Library/PreferencePanes/Keyboard.prefPane
Details:
objc_msgSend() selector name: setBackgroundColor:
dyld3 mode

2022-01-05 21:43:17 Safari.app - High CPU Use
Executable: /Applications/Safari.app
2022-01-05 20:05:25 Console.app - High CPU Use
Executable: /System/Applications/Utilities/Console.app
2022-01-04 15:07:21 App Store.app - Crash
Executable: /System/Applications/App Store.app
Details:
objc_msgSend() selector name: _handleMessage:withMessageBody:
dyld3 mode

2022-01-04 07:20:08 Microsoft Excel.app - High CPU Use
Executable: /Applications/Microsoft Excel.app