amerfrommiami

Q: spyware question

This is a log of when I ran certain commands....can someone please look through and let me know if anything has been installed thank you

 

 

 

Last login: Sun Apr  6 14:48:19 on console

Amers-MacBook-Pro:~ ameramajid$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

at.obdev.nke.LittleSnitch (4052)

com.globaldelight.driver.BoomDevice (1.1)

Amers-MacBook-Pro:~ ameramajid$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.sharpcast.xfsmond

com.parallels.mobile.kextloader.launchdaemon

com.parallels.mobile.dispatcher.launchdaemon

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.leapmotion.leapd

com.cirrusthinking.dsfploader

com.cirrusthinking.dollycloned

com.backblaze.bzserv

com.adobe.fpsaud

at.obdev.littlesnitchd

Amers-MacBook-Pro:~ ameramajid$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.cirrusthinking.RevoScheduler

com.cirrusthinking.dssbackupd-local

com.cirrusthinking.dssbackupd

com.cirrusthinking.dsyncrevod

com.foundapp.FoundLoginItem

com.runningwithcrayons.Alfred-2.24320

com.scriptsoftware.iClockPro.71312

ca.indev.MailTagsHelper.105104

de.bahoom.HyperDock-Helper.69904

com.lightheadsw.caffeine.27136

com.smileonmymac.textexpander.60928

com.generalarcade.flycut.35408

com.getdropbox.dropbox.32944

com.google.GoogleDrive.106864

com.pilotmoon.popclip.53184

com.cirrusthinking.DollyDrive-Revo.10416

com.KnewSense.MacAppBlocker.28720

com.oracle.java.Java-Updater

com.citrix.ServiceRecords

com.citrix.AuthManager_Mac

at.obdev.LittleSnitchUIAgent

com.koingosw.MacCleanse4Helper.TrashWatcher

com.koingosw.MacCleanse4Helper.Reminder

com.google.keystone.user.agent

com.backblaze.bzbmenu

Amers-MacBook-Pro:~ ameramajid$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

 

/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

LittleSnitch.kext

PromiseSTEX.kext

SoftRAID.kext

 

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

MacFUSE.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

iTunesLibrary.framework

 

/Library/Input Methods:

ParallelsIM.app

 

/Library/Internet Plug-Ins:

CitrixICAClientPlugIn.plugin

Default Browser.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

nplastpass.plugin

nsIQTScriptablePlugin.xpt

 

/Library/Keyboard Layouts:

 

/Library/LaunchAgents:

at.obdev.LittleSnitchUIAgent.plist

com.citrix.AuthManager_Mac.plist

com.citrix.ServiceRecords.plist

com.oracle.java.Java-Updater.plist

 

/Library/LaunchDaemons:

at.obdev.littlesnitchd.plist

com.adobe.fpsaud.plist

com.backblaze.bzserv.plist

com.cirrusthinking.dollycloned.plist

com.cirrusthinking.dsfploader.plist

com.leapmotion.leapd.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.parallels.mobile.dispatcher.launchdaemon.plist

com.parallels.mobile.kextloader.launchdaemon.plist

com.sharpcast.xfsmond.plist

 

/Library/PreferencePanes:

BackblazeBackup.prefPane

Box Sync.prefPane

FMDSysPrefPane.prefPane

Flash Player.prefPane

JavaControlPanel.prefPane

OSXFUSE.prefPane

SMEStorage.prefPane

SwitchResX-3.prefPane

SwitchResX.prefPane

iClock Pro.prefPane

 

/Library/PrivilegedHelperTools:

Google Drive Icon Helper

com.microsoft.office.licensing.helper

 

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

 

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

 

/Library/ScriptingAdditions:

SwitchResX Extensions.osax

SwitchResX Menu.osax

 

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

 

/Library/StartupItems:

 

/etc/mach_init.d:

 

/etc/mach_init_per_login_session.d:

 

/etc/mach_init_per_user.d:

 

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

 

Library/Fonts:

 

Library/Frameworks:

SamsungKiesFoundation.framework

SamsungKiesSerialPort.framework

 

Library/Input Methods:

.localized

 

Library/Internet Accounts:

V1

 

Library/Internet Plug-Ins:

Picasa.plugin

thinkorswim plugin_x86_64.plugin

tossc plugin_x86_64.plugin

 

Library/Keyboard Layouts:

 

Library/LaunchAgents:

com.backblaze.bzbmenu.plist

com.cirrusthinking.RevoScheduler.plist

com.cirrusthinking.dssbackupd-local.plist

com.cirrusthinking.dssbackupd.plist

com.cirrusthinking.dsyncrevod.plist

com.google.keystone.agent.plist

com.koingosw.MacCleanse4Helper.Reminder.plist

com.koingosw.MacCleanse4Helper.TrashWatcher.plist

 

Library/Mail/Bundles:

MailActOn.mailbundle

MailTags.mailbundle

 

Library/PreferencePanes:

Growl.prefPane

MusicManager.prefPane

SwitchResX-5.prefPane

 

Library/Services:

.localized

SMEService.service

Amers-MacBook-Pro:~ ameramajid$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, MacAppBlocker, DollyDrive, PopClip, Google Drive, Dropbox, Flycut, TextExpander, Caffeine, HyperDock Helper, MailTagsHelper, Google+ Auto Backup, Alfred 2

Amers-MacBook-Pro:~ ameramajid$

MacBook Pro with Retina display, OS X Mavericks (10.9.2)

Posted on Apr 7, 2014 2:30 PM

Close

Q: spyware question

  • All replies
  • Helpful answers

  • by MadMacs0,

    MadMacs0 MadMacs0 Apr 7, 2014 2:55 PM in response to amerfrommiami
    Level 5 (4,791 points)
    Apr 7, 2014 2:55 PM in response to amerfrommiami

    As I mentioned in your previous posting, you should start by telling us why you think there could be a Keylogger or Spyware on your computer.

     

    LittleSnitch would have alerted you to anything attempting to communicate from your Computer.

     

    What are you using Citrix for?

     

    Nothing else jumps out at me, but there are a few items I don't recognize. Can you account for all of those files? If not which ones?

     

    I do see some items that can cause performance issues, but since that's not what you are here for, I'll wait for that problem to be addressed.

  • by Ralph Johns (UK),

    Ralph Johns (UK) Ralph Johns (UK) Apr 8, 2014 1:02 PM in response to amerfrommiami
    Level 9 (73,279 points)
    Applications
    Apr 8, 2014 1:02 PM in response to amerfrommiami

    Hi,

     

    Put another way.

    The way you have asked the Question:-

     

    ... can someone please look through and let me know if anything has been installed thank you

     

    Is going to get a Yes.

    Very little of what you have posted refers to Apple Items.

     

    The Question is not specific enough to generate useful answer.

     

    You also seem to be using several external web based "Drive" items and I cannot discern a pattern to why you are using so many.

     

     

     

     

     

    3Sigcopy2.png

    9:02 pm      Tuesday; April 8, 2014

     

      iMac 2.5Ghz i5 2011 (Mavericks 10.9)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     Couple of iPhones and an iPad
  • by amerfrommiami,

    amerfrommiami amerfrommiami Apr 8, 2014 1:07 PM in response to amerfrommiami
    Level 1 (0 points)
    Apr 8, 2014 1:07 PM in response to amerfrommiami

    Yes..and put a very straight forward way...I started the thread with the title about "spyware"...and then my question by me, the individual who started this thread about "spyware" was is anything installed?....so if it gets a "yes" because someone read it as "is anything installed" than that individuals response will be ignored; since they can not even understand or follow a thread...

     

    regardless is any spyware installed?

  • by Ralph Johns (UK),

    Ralph Johns (UK) Ralph Johns (UK) Apr 8, 2014 1:12 PM in response to amerfrommiami
    Level 9 (73,279 points)
    Applications
    Apr 8, 2014 1:12 PM in response to amerfrommiami

       

     

    3Sigcopy2.png

    9:09 pm      Tuesday; April 8, 2014

     

      iMac 2.5Ghz i5 2011 (Mavericks 10.9)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
     Couple of iPhones and an iPad
  • by amerfrommiami,

    amerfrommiami amerfrommiami Apr 8, 2014 1:37 PM in response to amerfrommiami
    Level 1 (0 points)
    Apr 8, 2014 1:37 PM in response to amerfrommiami

    Great. Lol.

  • by MadMacs0,

    MadMacs0 MadMacs0 Apr 8, 2014 1:55 PM in response to amerfrommiami
    Level 5 (4,791 points)
    Apr 8, 2014 1:55 PM in response to amerfrommiami

    amerfrommiami wrote:

     

    regardless is any spyware installed?

    Only a trained forensic law enforcement technician is going to be able to answer that question for you. The information will only reveal any obvious attempts to have something suspicious run when you startup/login, but from everything we read about state sponsored computer spying, there's no way for any of us to give you a clean bill of health.

     

    Again, some explanation of why you think there might be something there would help us point you to the right place to be looking. Are you seeing issues that might be caused by something else? Have you had privacy information harvested in some manner? Do you feel somebody is reading your e-mail? That's the sort of information we need to help you instead of jumping immediately to the information you posted above.