neuegirl

Q: Detect spyware and determine who is spying on my imac

I might be paranoid -- but need to know at this point if someone very close to me has installed spyware on my mac. I keep finding forums that say to back up files and just restart your system and wipe everything clean, change passwords, etc. But this won't work for me for a couple of reasons: 1) I really need to know if there is someone close to me who has installed this on my computer and would like to find the IP address that the information is headed to. and 2) the person in question still has access to my computer and almost all of my passwords.

 

Please can we not get into why I think this person is spying, etc. and if anyone knows anyway for me to detect spyware and determine where information is being sent that would be the most helpful.

 

Would greatly appreciate any help here as I am paranoid about even looking up these kinds of things of my home computer (which i am doing now) and my iphone. (which I also need help with determining if it has spyware on it).

 

Thanks very much for any help.

iMac, Mac OS X (10.7.5)

Posted on Mar 24, 2013 5:22 AM

Close

Q: Detect spyware and determine who is spying on my imac

  • All replies
  • Helpful answers

Page 1 of 5 last Next
  • by michaelsip4,

    michaelsip4 michaelsip4 Mar 24, 2013 5:58 AM in response to neuegirl
    Level 2 (304 points)
    Mar 24, 2013 5:58 AM in response to neuegirl

    for your own sanity - please change your home computers password and then go to apple and change your apple password.  http://support.apple.com/kb/HT5624?viewlocale=en_US  and make certain remote login is not on

    system preferences  - sharing - remote login is off.

     

    but what makes you believe this is occurring ?  facts ?

     

    there is also a good article on protecting ones self    http://www.reedcorner.net/mmg/

    but the most important thing is what is happening

  • by WZZZ,

    WZZZ WZZZ Mar 24, 2013 6:19 AM in response to neuegirl
    Level 6 (13,087 points)
    Mac OS X
    Mar 24, 2013 6:19 AM in response to neuegirl

    If this is happening, the most likely possibility is that a keylogger needing physical access to the computer has been installed. Get the free demo of MacScan. It's pretty worthless for any other kind of malware, but it does have a relatively good listing of known keyloggers. A keylogger does just what the name suggests; it logs all your keystrokes.

     

    Of course, it may not show up if it's not in their catalog of keyloggers.

     

    http://macscan.securemac.com/

     

    If, a backdoor (an automatic, invisible program set to connect elsewhere) has been installed--and this is doubtful--you might be able to see it happening using Little Snitch, which can check for unauthorized outbound connections. But you'll have a bit of a learning curve in order to use it.

     

    http://www.obdev.at/products/littlesnitch/

     

    Both have free demos.

  • by michaelsip4,

    michaelsip4 michaelsip4 Mar 24, 2013 6:15 AM in response to neuegirl
    Level 2 (304 points)
    Mar 24, 2013 6:15 AM in response to neuegirl

    the reason for the what is happening question is the fact that by changing your passwords, you may resolve the situation.......but not having an idea of what is making you believe there is spyware eliminates the possibility of giving you a quality answer.....  is it text related, email related, facebook related, twitter related, picture related, document related, phone call related...  also in the reedcorner you can down load sophos free to scan for issues

    but more info is needed

  • by michaelsip4,

    michaelsip4 michaelsip4 Mar 24, 2013 6:23 AM in response to WZZZ
    Level 2 (304 points)
    Mar 24, 2013 6:23 AM in response to WZZZ

    WZZZ

     

    We may be going out of scope and need a little more information.   Allow me to explain, we dont know what the indicators or reasons are.  Allow me to explain

     

    EG

    One person had reported in the past that some one was monitoring them, it turns out that the person had every password user id combination that the individual used and was pulling info that way.

     

    Another person reported, similiar issue and it turned out to be a friend sharing information with a person.

     

    the question is what is the reason  --- facts

  • by ssls6,

    ssls6 ssls6 Mar 24, 2013 7:05 AM in response to neuegirl
    Level 4 (2,869 points)
    Mar 24, 2013 7:05 AM in response to neuegirl

    First thing, turn off remote sharing (system preference, sharing, remote sharing).  This means you cannot remote access your mac but no one else can either.

     

    You can also install little snitch and watch if some background process is sending packets out to strange IPs.  If the person in question has access to the console, then logging could be local and not IP based.  Next time you're on the computer, redirect ps -ax to a file  "ps -ax > process.txt" just to capture all processes. 

     

    You can study that list or ask questions about it.  If something is running in the background locally it will be in the process list.

  • by michaelsip4,

    michaelsip4 michaelsip4 Mar 24, 2013 7:29 AM in response to ssls6
    Level 2 (304 points)
    Mar 24, 2013 7:29 AM in response to ssls6

    ssls6

     

    the individual has a person who is close to them has access to all userids/passwords and computer

    by turning off remote as we both suggested that will take care of one aspect (remote review) but if its

    reading text messages, knowing where the person is, emails and things along those lines it maybe self evident to what is occuring.  If its social site information (facebook) self evident too. people at times go to extremes without thinking it through macs are pretty secure and if i have every password i can see alot of information (as you would agree, im sure)  there are also products along the lines of  http://www.webwatcher.com/webwatcher-mac.html which can really mess with some one.  but in having no facts, reasons we can through a lot of stuff out here and possibly hurt the person with applications or changes we suggest if they are novices

  • by Eustace Mendis,

    Eustace Mendis Eustace Mendis Mar 24, 2013 7:30 AM in response to neuegirl
    Level 7 (25,402 points)
    Mar 24, 2013 7:30 AM in response to neuegirl

    Apple does have a service called the Genius Bar. Those folk are Apple employees, and their services are free. They deal with any and all Mac problems. You could take your iMac to a Apple store and have a "genius" look at it. You do have to make an appointment. In my opinion this is the safest way to deal with this problem, safe both for you and for your computer.

  • by Linc Davis,Helpful

    Linc Davis Linc Davis Mar 24, 2013 8:45 AM in response to neuegirl
    Level 10 (207,926 points)
    Applications
    Mar 24, 2013 8:45 AM in response to neuegirl

    Please read this whole message before doing anything.
      
    This procedure is a diagnostic test. It won’t solve your problem. Don’t be disappointed when you find that nothing has changed after you complete it.
       
    Third-party system modifications are a common cause of usability problems. By a “system modification,” I mean software that affects the operation of other software — potentially for the worse. The following procedure will help identify which such modifications you've installed. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.

     

    These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.

     

    Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.

     

    Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then copy it. The headings “Step 1” and so on are not part of the commands.

     

    Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.

     

    Launch the Terminal application in any of the following ways:

     

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

     

    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

     

    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

     

    When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.

     

    Step 1

     

    Triple-click the line of text below to select it:
    kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'
     
    Copy the selected text to the Clipboard by pressing the key combination command-C. Then click anywhere in the Terminal window and paste (command-V). Post the lines of output (if any) that appear below what you just entered. You can do that by copying and pasting as well. Omit the final line ending in “$”. No typing is involved in this step.
        
    Step 2

     

    Repeat with this line:
    sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'
     
    This time you'll be prompted for your login password, which you do have to type. It won't be displayed when you type it. Type it carefully and then press return. You may get a one-time warning to be careful. Heed that warning, but don't post it. If you see a message that your username "is not in the sudoers file," then you're not logged in as an administrator.

     

    Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.

     

    Step 3
    launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'
     
    Step 4
    ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null
      
    Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.

     

    Step 5
    osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null
     
    Remember, steps 1-5 are all copy-and-paste — no typing, except your password. Also remember to post the output.

     

    You can then quit Terminal.

  • by ssls6,

    ssls6 ssls6 Mar 24, 2013 8:54 AM in response to Linc Davis
    Level 4 (2,869 points)
    Mar 24, 2013 8:54 AM in response to Linc Davis

    That's some cool stuff Link.  Way better way to get at it.

  • by neuegirl,

    neuegirl neuegirl Mar 25, 2013 7:44 AM in response to Linc Davis
    Level 1 (0 points)
    Mar 25, 2013 7:44 AM in response to Linc Davis

    Thanks Link -- This is what I got:


     

    Last login: Sat Sep 29 09:27:03 on ttys001

    Last login: Sun Mar 24 09:27:46 on console

    ool-182fabae:~ Amanda$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    ool-182fabae:~ Amanda$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

    Password:

     

    ool-182fabae:~ Amanda$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

    ool-182fabae:~ Amanda$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

     

    WARNING: Improper use of the sudo command could lead to data loss

    or the deletion of important system files. Please double-check your

    typing when using sudo. Type "man sudo" for more information.

     

    To proceed, enter your password, or type Ctrl-C to abort.

     

    Password:

    com.adobe.versioncueCS4

    com.adobe.versioncueCS3

    com.adobe.SwitchBoard

    com.adobe.fpsaud

    ool-182fabae:~ Amanda$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.wacom.wacomtablet

    com.adobe.CS5ServiceManager

    com.adobe.CS4ServiceManager

    com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9

    com.adobe.AAM.Scheduler-1.0

    ool-182fabae:~ Amanda$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

    /Library/Components:

     

    /Library/Extensions:

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    HPDeviceModel.framework

    HPPml.framework

    HPServicesInterface.framework

    HPSmartPrint.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iTunesLibrary.framework

     

    /Library/Input Methods:

     

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    Disabled Plug-Ins

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Silverlight.plugin

    WacomNetscape.plugin

    WacomSafari.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

    npContributeMac.bundle

    nsIQTScriptablePlugin.xpt

     

    /Library/Keyboard Layouts:

     

    /Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.CS4ServiceManager.plist

    com.adobe.CS5ServiceManager.plist

    com.wacom.wacomtablet.plist

     

    /Library/LaunchDaemons:

    com.adobe.SwitchBoard.plist

    com.adobe.fpsaud.plist

    com.adobe.versioncueCS3.plist

    com.adobe.versioncueCS4.plist

    com.apple.remotepairtool.plist

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Growl.prefPane

    HP Scanners.prefPane

    VersionCueCS3.prefPane

    VersionCueCS4.prefPane

    WacomTablet.prefPane

     

    /Library/PrivilegedHelperTools:

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iWork.qlgenerator

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    SoundboothScoreCodec.component

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    iWork.mdimporter

     

    /Library/StartupItems:

     

    /etc/mach_init.d:

     

    /etc/mach_init_per_login_session.d:

     

    /etc/mach_init_per_user.d:

  • by Linc Davis,

    Linc Davis Linc Davis Mar 25, 2013 7:57 AM in response to neuegirl
    Level 10 (207,926 points)
    Applications
    Mar 25, 2013 7:57 AM in response to neuegirl

    You didn't post all the output from step 4, and you skipped step 5, but going by the information provided, I can say that no commercial software keylogger is installed. I can't rule out a more sophisticated attack by a forensic expert. If the person whom you suspect of spying on you is not an expert, he'd need a lot of help to carry out such an attack. There are also hardware keyloggers that don't involve software at all. They would look like a USB cable or connector, or they might be inside the computer enclosure.

      

    Keep in mind also that there are other ways a motivated attacker could spy on you, for example by planting listening devices in your home or your car. If you have good reason to believe that you're the object of illegal surveillance, than you need the advice of a lawyer, not of strangers on a message board.

  • by neuegirl,

    neuegirl neuegirl Mar 25, 2013 7:46 PM in response to Linc Davis
    Level 1 (0 points)
    Mar 25, 2013 7:46 PM in response to Linc Davis

    Oooops; I ommitted the last part of the steps because I thought the end was just fonts, didn't realize there was info past them. Below is the whole thing.

     

    But, just out of curiosity; one of the reasons I began to have suspicion of this in the first place was that my the person in question placed a USB in my computer and my imac instantly and completely crashed in a very odd way. I don't recall exactly what it did; but it was enough that it got my attention and seemed really peculiar. IT almost did feel for a minute like someone else had control over my computer. Especially when it did finally restart... it acted very strange, it auto-opened some very personal documents. It was very strange. My iMac always worked just fine before that incident. And, since then my computer has been glitchy, the weirdest is that I get weird rainbow stripes across my screen sometimes. What would I need to look for if something happened when he inserted the USB? Or does it have to be a device that is actually plugged into a USB hub?

     

    Thanks very much for your continued help...

     

    No results from Step 1...

    Here are the rest:

     

    com.adobe.versioncueCS4

    com.adobe.versioncueCS3

    com.adobe.SwitchBoard

    com.adobe.fpsaud

    ool-182fabae:~ Amanda$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

    com.wacom.wacomtablet

    com.adobe.CS5ServiceManager

    com.adobe.CS4ServiceManager

    com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9

    com.adobe.AAM.Scheduler-1.0

    ool-182fabae:~ Amanda$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

    /Library/Address Book Plug-Ins:

    SkypeABDialer.bundle

    SkypeABSMS.bundle

     

     

    /Library/Components:

     

     

    /Library/Extensions:

     

     

    /Library/Frameworks:

    AEProfiling.framework

    AERegistration.framework

    Adobe AIR.framework

    AudioMixEngine.framework

    HPDeviceModel.framework

    HPPml.framework

    HPServicesInterface.framework

    HPSmartPrint.framework

    NyxAudioAnalysis.framework

    PluginManager.framework

    iTunesLibrary.framework

     

     

    /Library/Input Methods:

     

     

    /Library/Internet Plug-Ins:

    AdobePDFViewer.plugin

    Disabled Plug-Ins

    Flash Player.plugin

    JavaAppletPlugin.plugin

    Quartz Composer.webplugin

    QuickTime Plugin.plugin

    Silverlight.plugin

    WacomNetscape.plugin

    WacomSafari.plugin

    flashplayer.xpt

    iPhotoPhotocast.plugin

    npContributeMac.bundle

    nsIQTScriptablePlugin.xpt

     

     

    /Library/Keyboard Layouts:

     

     

    /Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.CS4ServiceManager.plist

    com.adobe.CS5ServiceManager.plist

    com.wacom.wacomtablet.plist

     

     

    /Library/LaunchDaemons:

    com.adobe.SwitchBoard.plist

    com.adobe.fpsaud.plist

    com.adobe.versioncueCS3.plist

    com.adobe.versioncueCS4.plist

    com.apple.remotepairtool.plist

     

     

    /Library/PreferencePanes:

    Flash Player.prefPane

    Growl.prefPane

    HP Scanners.prefPane

    VersionCueCS3.prefPane

    VersionCueCS4.prefPane

    WacomTablet.prefPane

     

     

    /Library/PrivilegedHelperTools:

     

     

    /Library/QuickLook:

    GBQLGenerator.qlgenerator

    iWork.qlgenerator

     

     

    /Library/QuickTime:

    AppleIntermediateCodec.component

    AppleMPEG2Codec.component

    SoundboothScoreCodec.component

     

     

    /Library/ScriptingAdditions:

    Adobe Unit Types.osax

     

     

    /Library/Spotlight:

    GBSpotlightImporter.mdimporter

    Microsoft Office.mdimporter

    iWork.mdimporter

     

     

    /Library/StartupItems:

     

     

    /etc/mach_init.d:

     

     

    /etc/mach_init_per_login_session.d:

     

     

    /etc/mach_init_per_user.d:

     

     

    Library/Address Book Plug-Ins:

     

     

    Library/Fonts:

    Adobe Kabel

    AkzidGroBla

    AkzidGroBol

    AkzidGroLig

    AkzidGroRom

    AkzidenzGrotesk-Black.t1

    AkzidenzGrotesk-Bold.t1

    AkzidenzGrotesk-Light.t1

    AkzidenzGrotesk-Roman.t1

    AmericanTypewriter.dfont

    AveniBla

    AveniBlaObl

    AveniBoo

    AveniBooObl

    AveniHea

    AveniHeaObl

    AveniLig

    AveniLigObl

    AveniMed

    AveniMedObl

    AveniObl

    AveniRom

    Avenir

    Avenir.t1

    BLANCH_CAPS.otf

    BLANCH_CAPS_INLINE.otf

    BLANCH_CAPS_LIGHT.otf

    BLANCH_CONDENSED.otf

    BLANCH_CONDENSED_INLINE.otf

    BLANCH_CONDENSED_LIGHT.otf

    BaskeBEIta

    BaskeBEMed

    BaskeBEMedIta

    BaskeBEReg

    BaskervilleBE-Italic

    BaskervilleBE-Medium

    BaskervilleBE-MediumItalic

    BaskervilleBE-Regular

    CaeciliaLTStd-Bold.otf

    CaeciliaLTStd-BoldItalic.otf

    CaeciliaLTStd-Heavy.otf

    CaeciliaLTStd-HeavyItalic.otf

    CaeciliaLTStd-Italic.otf

    CaeciliaLTStd-Light.otf

    CaeciliaLTStd-LightItalic.otf

    CaeciliaLTStd-Roman.otf

    Cubano-Regular.otf

    DIN-Black

    DIN-Bold

    DIN-Light

    DIN-Medium

    DIN-Regular

    DINBla

    DINBol

    DINConReg

    DINCond-Regular

    DINLig

    DINMed

    DINNeuGroLig

    DINNeuzeitGrotesk-Light

    DINReg

    Duke Fill.otf

    Duke Shadow.otf

    Duke.otf

    Edmondsans-Bold.otf

    Edmondsans-Medium.otf

    Edmondsans-Regular.otf

    Futur

    FuturBTBol

    FuturBTBolCon

    FuturBTBolConIta

    FuturBTBolIta

    FuturBTBoo

    FuturBTBooIta

    FuturBTExtBla

    FuturBTExtBlaCon

    FuturBTExtBlaConIta

    FuturBTExtBlaIta

    FuturBTHea

    FuturBTHeaIta

    FuturBTLig

    FuturBTLigCon

    FuturBTLigIta

    FuturBTMed

    FuturBTMedCon

    FuturBTMedIta

    FuturBol

    FuturBolObl

    FuturBoo

    FuturBooObl

    FuturCon

    FuturConBol

    FuturConBolObl

    FuturConExtBol

    FuturConExtBolObl

    FuturConLig

    FuturConLigObl

    FuturConObl

    FuturExtBol

    FuturExtBolObl

    FuturHea

    FuturHeaObl

    FuturLig

    FuturLigObl

    FuturObl

    Futura-Bold.t1

    Futura-BoldOblique.t1

    Futura-Book.t1

    Futura-BookOblique.t1

    Futura-CondExtraBoldObl.t1

    Futura-Condensed.t1

    Futura-CondensedBold.t1

    Futura-CondensedBoldOblique.t1

    Futura-CondensedExtraBold.t1

    Futura-CondensedLight.t1

    Futura-CondensedLightOblique.t1

    Futura-CondensedOblique.t1

    Futura-ExtraBold.t1

    Futura-ExtraBoldOblique.t1

    Futura-Heavy.t1

    Futura-HeavyOblique.t1

    Futura-Light.t1

    Futura-LightOblique.t1

    Futura-Oblique.t1

    Futura.t1

    FuturaBT-Bold.t1

    FuturaBT-BoldCondensed.t1

    FuturaBT-BoldCondensedItalic.t1

    FuturaBT-BoldItalic.t1

    FuturaBT-Book.t1

    FuturaBT-BookItalic.t1

    FuturaBT-ExtraBlack.t1

    FuturaBT-ExtraBlackCondItalic.t1

    FuturaBT-ExtraBlackCondensed.t1

    FuturaBT-ExtraBlackItalic.t1

    FuturaBT-Heavy.t1

    FuturaBT-HeavyItalic.t1

    FuturaBT-Light.t1

    FuturaBT-LightCondensed.t1

    FuturaBT-LightItalic.t1

    FuturaBT-Medium.t1

    FuturaBT-MediumCondensed.t1

    FuturaBT-MediumItalic.t1

    FuturaVitra-Bold.otf

    FuturaVitra-Light.otf

    FuturaVitra-Medium.otf

    GoodFoot.ttf

    Gotham-Bold.otf

    Gotham-Book.otf

    Gotham-BookItalic.otf

    Gotham-Light.otf

    Gotham-Medium.otf

    Gotham-MediumItalic.otf

    Gotham-Thin.otf

    JohnsITCBolSC

    JohnsITCMedSC

    JohnstonITC-BoldSC

    JohnstonITC-MediumSC

    JohnstonITCStd-Bold.otf

    JohnstonITCStd-Light.otf

    KabelBla

    KabelBoo

    KabelHea

    KabelLig

    Liberator.otf

    Liberator.ttf

    MemphBol

    MemphBolIta

    MemphExtBol

    MemphLigIta

    MemphMedIta

    Memphis-Bold

    Memphis-BoldItalic

    Memphis-ExtraBold

    Memphis-LightItalic

    Memphis-MediumItalic

    MrsEavAllPetCap

    MrsEavAllSmaCap

    MrsEavBol

    MrsEavFra

    MrsEavIta

    MrsEavPetCap

    MrsEavRom

    MrsEavRomLin

    MrsEavSmaCap

    MrsEavesAllPetiteCaps

    MrsEavesAllSmallCaps

    MrsEavesBold

    MrsEavesBold.t1

    MrsEavesFractions

    MrsEavesFractions.t1

    MrsEavesItalic

    MrsEavesItalic.t1

    MrsEavesPetiteCaps

    MrsEavesPetiteCaps.t1

    MrsEavesRoman

    MrsEavesRoman.t1

    MrsEavesRomanLining

    MrsEavesSmallCaps

    MrsEavesSmallCaps.t1

    Muncie.ttf

    NixieOne.otf

    NixieOne.ttf

    P22JohUndBol

    P22JohUndExt

    P22JohUndReg

    P22JohnstonUnderground-Bold.bmap

    P22JohnstonUnderground-Extras.bmap

    P22JohnstonUnderground-Regular.bmap

    P22Underground-BkP.otf

    P22Underground-BkS.otf

    P22Underground-Book.otf

    P22Underground-Demi.otf

    P22Underground-DmP.otf

    P22Underground-DmS.otf

    P22Underground-Heavy.otf

    P22Underground-HvP.otf

    P22Underground-HvS.otf

    P22Underground-Light.otf

    P22Underground-LtP.otf

    P22Underground-LtS.otf

    P22Underground-Medium.otf

    P22Underground-PCp.otf

    P22Underground-SCp.otf

    P22Underground-ThP.otf

    P22Underground-ThS.otf

    P22Underground-Thin.otf

    P22UndergroundCE-Medium.otf

    P22UndergroundCY-BkP.otf

    P22UndergroundCY-BkS.otf

    P22UndergroundCY-Book.otf

    P22UndergroundCY-Demi.otf

    P22UndergroundCY-DmP.otf

    P22UndergroundCY-DmS.otf

    P22UndergroundCY-Heavy.otf

    P22UndergroundCY-HvP.otf

    P22UndergroundCY-HvS.otf

    P22UndergroundCY-Light.otf

    P22UndergroundCY-LtP.otf

    P22UndergroundCY-LtS.otf

    P22UndergroundCY-Medium.otf

    P22UndergroundCY-PCp.otf

    P22UndergroundCY-SCp.otf

    P22UndergroundCY-ThP.otf

    P22UndergroundCY-ThS.otf

    P22UndergroundCY-Thin.otf

    P22UndergroundCYPro-Book.otf

    P22UndergroundCYPro-Demi.otf

    P22UndergroundCYPro-Heavy.otf

    P22UndergroundCYPro-Light.otf

    P22UndergroundCYPro-Medium.otf

    P22UndergroundCYPro-Thin.otf

    P22UndergroundGR-BkP.otf

    P22UndergroundGR-BkS.otf

    P22UndergroundGR-Book.otf

    P22UndergroundGR-Demi.otf

    P22UndergroundGR-DmP.otf

    P22UndergroundGR-DmS.otf

    P22UndergroundGR-Heavy.otf

    P22UndergroundGR-HvP.otf

    P22UndergroundGR-HvS.otf

    P22UndergroundGR-Light.otf

    P22UndergroundGR-LtP.otf

    P22UndergroundGR-LtS.otf

    P22UndergroundGR-Medium.otf

    P22UndergroundGR-PCp.otf

    P22UndergroundGR-SCp.otf

    P22UndergroundGR-ThP.otf

    P22UndergroundGR-ThS.otf

    P22UndergroundGR-Thin.otf

    P22UndergroundGRPro-Book.otf

    P22UndergroundGRPro-Demi.otf

    P22UndergroundGRPro-Heavy.otf

    P22UndergroundGRPro-Light.otf

    P22UndergroundGRPro-Medium.otf

    P22UndergroundGRPro-Thin.otf

    P22UndergroundPro-Book.otf

    P22UndergroundPro-Demi.otf

    P22UndergroundPro-Heavy.otf

    P22UndergroundPro-Light.otf

    P22UndergroundPro-Medium.otf

    P22UndergroundPro-Thin.otf

    P22UndergroundTitling-A.otf

    P22UndergroundTitling-B.otf

    P22UndergroundTitling-C.otf

    P22UndergroundTitlingPro.otf

    Pigeon.otf

    SignPainter-HouseScript.otf

    Sullivan-Bevel.otf

    Sullivan-Fill.otf

    Sullivan-Regular.otf

    TTSlu.otf

    TTSluBol.otf

    VitraGrouch.otf

    Wingdings.ttf

    interstate-black.ttf

     

     

    Library/Input Methods:

    .localized

     

     

    Library/Internet Plug-Ins:

    BrowserPlus_2.4.21.plugin

     

     

    Library/Keyboard Layouts:

     

     

    Library/LaunchAgents:

    com.adobe.AAM.Updater-1.0.plist

    com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9.plist

    SharedServices.Agent.plist

    com.apple.SafariBookmarksSyncer.plist

     

     

    Library/PreferencePanes:

    AppTrap.prefPane

    BrowserPlusPrefs.prefPane

    ool-182fabae:~ Amanda$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

    Dropbox, HP Scanjet Manager, HP Scheduler

    ool-182fabae:~ Amanda$

  • by Linc Davis,

    Linc Davis Linc Davis Mar 25, 2013 8:07 PM in response to neuegirl
    Level 10 (207,926 points)
    Applications
    Mar 25, 2013 8:07 PM in response to neuegirl

    I have nothing to add to my last comment.

  • by WZZZ,

    WZZZ WZZZ Mar 26, 2013 3:58 AM in response to neuegirl
    Level 6 (13,087 points)
    Mac OS X
    Mar 26, 2013 3:58 AM in response to neuegirl

    May be useless, but try running MacScan demo, linked above. It's the only A-V, at least that I know of, that has keyloggers in its catalog. Might have been nothing, but I don't like the sound of whatever it was that happened when that USB device was connected.

     

    the weirdest is that I get weird rainbow stripes across my screen sometimes.

    That can be a hardware issue with the graphics card.

     

    If you are really still concerned, the safest thing you can do is completely wipe the drive and reinstall everything from scratch.

     

    ... erase the hard drive completely, reinstall the system and any apps from scratch, and then restore your documents (and only documents, no settings files, applications or other such things!) from a backup.

    Make sure you have everything in Sharing turned off, and if you are using WIFI, make sure the encryption is at least WPA (WPA2 is better) secured with a very long, random, all over the keyboard password. Turn the router firewill on, if it isn't already.

Page 1 of 5 last Next