Detect spyware and determine who is spying on my imac

Hello,

I am not sure if I have a spyware problem, but a few things have started to pop up on my mac one tryed to download a font to my computer. It first started out with popups telling me I need to run a system scan. which I never had before. So I looked up the system scan in line and looked in my applications for it and It was just installed by date it reflected I knew I did not install it. So I uninstalled it. Long story short I got a strange message when trying to log into facebook and lead me to you. I ran the Terminal as listed and this is what I got. Not sure what any of it means. But do I need to do anything else to protect my computer and my personal data?

Please help!

Last login: Sun Jun 4 14:48:48 on ttys000

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

-iMac:~

Password:

com.adobe.ARMDC.Communicator

com.adobe.adobeupdatedaemon

com.adobe.versioncueCS4

Adobe_Genuine_Software_Integrity_Service

com.adobe.SwitchBoard

com.adobe.fpsaud

com.adobe.ARMDC.SMJobBlessHelper

launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.adobe.CS4ServiceManager

com.adobe.AdobeCreativeCloud

com.openssh.ssh-agent

com.getdropbox.dropbox.5120

com.adobe.acc.AdobeDesktopService.2760.FAC954BC-B838-48FF-90FF-D4F533E3CA11

com.adobe.accmac.2708

com.updater.mcy

com.coupons.coupond

com.updater.watch.mcy

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d

com.adobe.AAM.Scheduler-1.0

com.citrixonline.GoToMeeting.G2MUpdate

com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109

com.google.Chrome.4808

com.google.keystone.user.agent

com.adobe.CCXProcess.2736

com.dropbox.DropboxMacUpdate.agent

jp.co.canon.ij.CNSSelectorAgent.1548

ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

BJUSBLoad.kext

CIJUSBLoad.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

hp_io_enabler_compound.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobeAAMDetect.plugin

AdobeExManDetect.plugin

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

CouponPrinter-FireFox_v2.plugin

Disabled Plug-Ins

EPPEX Plugin.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

flashplayer.xpt

iPhotoPhotocast.plugin

npContributeMac.bundle

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist

com.adobe.AdobeCreativeCloud.plist

com.adobe.CS4ServiceManager.plist

com.coupons.coupond.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.ARMDC.Communicator.plist

com.adobe.ARMDC.SMJobBlessHelper.plist

com.adobe.SwitchBoard.plist

com.adobe.adobeupdatedaemon.plist

com.adobe.agsservice.plist

com.adobe.fpsaud.plist

com.adobe.versioncueCS4.plist

com.oracle.java.Helper-Tool.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

VersionCueCS4.prefPane

/Library/PrivilegedHelperTools:

com.adobe.ARMDC.Communicator

com.adobe.ARMDC.SMJobBlessHelper

com.genieoinnovation.macextension.client

/Library/QuickLook:

GBQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

SoundboothScoreCodec.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

#Pilgiche.dfont

A Gothique Time .ttf

BNHRDFAN.TTF

BODYH___.otf

Bandung Hardcore GP.otf

BauhaBol

BauhaDem

BauhaHea

BauhaLig

BauhaMed

Bauhaus Screen Fonts

Bleeding_Cowboys-1.ttf

Bosque Encantado.ttf

CAMBRIA.TTC

CAMBRIAB_1.TTF

CAMBRIAI_1.TTF

CAMBRIAZ_1.TTF

CHEAPSTE.ttf

CalifR.TTF

Cheeky Rabbit.ttf

CloisterBlack.ttf

CoolockBlack-Regular.otf

DK Honey Dew.otf

Embossed Black Normal.ttf

Embossed Black Wide.ttf

Eternal Call.ttf

GIRLW___.TTF

GRVSTNBT.TTF

Gingerbread House.ttf

Gingersnaps.ttf

INKITMT_.otf

Incised Black Wide.ttf

Incised Black.ttf

KiddyHalloween.ttf

LOVELETTERS.ttf

Like Giselle.ttf

Lost Saloon.ttf

Ministry Script.ttf

Ministry_Script_Stylistic_HFF.ttf

Mochary_PERSONAL_USE_ONLY.ttf

Monotype - BellMTStd-Regular.otf

Mortised Ornaments Free.ttf

OldLondon.ttf

Orbicularis.otf

PANHEAD_.TTF

Plain Black Wide.ttf

Plain Black.ttf

Shadowed Black Wide.ttf

Shadowed Black.ttf

Sloop_Script_Three_BETA_Bold.ttf

Soft Ornaments Nine.ttf

Strawberry Gossip DEMO.otf

TunaAndHotDogsOnRye.ttf

Vampire Kiss Demo.ttf

VarsityPlaybook-DEMO.ttf

halloween_borders.ttf

poke.otf

poke.ttf

retroRockPoster.ttf

sloopscript.ttf

sloopscriptboldtwo.ttf

spankysbblancoitalico.ttf

spankysbungalow.ttf

spankysbungalowblanco.ttf

spankysbungalowitalico.ttf

varsity_regular.ttf

{skinny} jeans solid.ttf

{skinny} jeans.ttf

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

CitrixOnlineWebDeploymentPlugin.plugin

Library/Keyboard:

en-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.107EC825-535A-4571-97B2-D36 C0E054F23.plist

com.apple.MobileMeSyncClientAgent.plist

com.apple.SafariBookmarksSyncer.plist

com.citrixonline.GoToMeeting.G2MUpdate.plist

com.dropbox.DropboxMacUpdate.agent.plist

com.google.keystone.agent.plist

com.updater.mcy.plist

com.updater.watch.mcy.plist

Library/PreferencePanes:

Library/Services:

WinzipAdd.workflow

WinzipEmail.workflow

WinzipUnzip.workflow

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Dropbox, Canon IJ Network Scanner Selector EX, AIM

A lot of the recent posts on output look like what Etrecheck produces, but maybe Linc's script does something else too. I don't know if it does anything about keyloggers as such (the original topic) but many of the recent posts (which really, really should be asked in new topics) seems to have issues in things Etrecheck would reveal in red. That, and try Malwarebytes.

http://www.etresoft.com/etrecheck

Using Etrecheck - https://discussions.apple.com/docs/DOC-6174

https://www.malwarebytes.com/antimalware/mac/

Dear Linc,

I came across your answer and I followed the advice you listed above.

I am not sure whether I can share my output over here, however, this is the link to my post:

Detection of Spyware on Macbook Pro

Many thanks.

Hi Linc,

I have the same issue, can you tell me anything about this output?

org.virtualbox.kext.VBoxDrv (5.1.12)

org.virtualbox.kext.VBoxUSB (5.1.12)

org.virtualbox.kext.VBoxNetFlt (5.1.12)

org.virtualbox.kext.VBoxNetAdp (5.1.12)

com.skype.skypeinstaller

com.adobe.ARMDC.Communicator

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.oracle.java.Helper-Tool

com.github.GitHub.GHInstallCLI

com.adobe.fpsaud

com.adobe.ARMDC.SMJobBlessHelper

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

hp_io_enabler_compound.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

Python.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

CitrixICAClientPlugIn.plugin

Disabled Plug-Ins

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

flashplayer.xpt

googletalkbrowserplugin.plugin

o1dbrowserplugin.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist

com.citrix.AuthManager_Mac.plist

com.citrix.ReceiverHelper.plist

com.citrix.ServiceRecords.plist

com.google.keystone.agent.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.ARMDC.Communicator.plist

com.adobe.ARMDC.SMJobBlessHelper.plist

com.adobe.fpsaud.plist

com.github.GitHub.GHInstallCLI.plist

com.google.keystone.daemon.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.skype.skypeinstaller.plist

org.virtualbox.startup.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

OSXFUSE.prefPane

/Library/PrivilegedHelperTools:

com.adobe.ARMDC.Communicator

com.adobe.ARMDC.SMJobBlessHelper

com.github.GitHub.GHInstallCLI

com.microsoft.office.licensing.helper

com.skype.skypeinstaller

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

MySQLCOM

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.bittorrent.uTorrent.plist

net.juniper.SetupClient.plist

org.virtualbox.vboxwebsrv.plist

Library/PreferencePanes:

MySQL.prefPane

Library/Services:

iTunesHelper, uTorrent

notahippie wrote:

Hi Linc,

I have the same issue, can you tell me anything about this output?

Linc no longer posts in these forums. Other users have indicated that they don't feel comfortable interpreting the results of his suggestions.

I did notice a reference to uTorrent at the bottom of your post. Torrent apps and torrent sites are notorious for causing problems. Best to get rid of it.

Last login: Tue Apr 25 01:54:27 on ttys001

Ushas-MacBook-Air:~ usha$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Ushas-MacBook-Air:~ usha$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

Sorry, try again.

Password:

com.adobe.ARMDC.Communicator

com.oracle.java.Helper-Tool

com.microsoft.office.licensingV2.helper

com.adobe.fpsaud

com.adobe.ARMDC.SMJobBlessHelper

com.symantec.NWPService

com.microsoft.autoupdate.helper

Ushas-MacBook-Air:~ usha$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

at.obdev.MicroSnitchOpenAtLoginHelper

at.obdev.MicroSnitch.1944

com.openssh.ssh-agent

com.symantec.NortonWiFiPrivacy.3904

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d

net.qneo.Camera-Lock-Starter

com.oracle.java.Java-Updater

com.pia.pia_manager

net.qneo.Camera-Lock.1520

Ushas-MacBook-Air:~ usha$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

Disabled Plug-Ins

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

flashplayer.xpt

googletalkbrowserplugin.plugin

o1dbrowserplugin.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.ARMDC.Communicator.plist

com.adobe.ARMDC.SMJobBlessHelper.plist

com.adobe.fpsaud.plist

com.microsoft.autoupdate.helper.plist

com.microsoft.office.licensingV2.helper.plist

com.oracle.java.Helper-Tool.plist

com.symantec.NWPService.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

/Library/PrivilegedHelperTools:

com.adobe.ARMDC.Communicator

com.adobe.ARMDC.SMJobBlessHelper

com.microsoft.autoupdate.helper

com.microsoft.office.licensingV2.helper

com.symantec.NWPService

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard:

en-dynamic.lm

fr-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.pia.pia_manager.plist

Library/PreferencePanes:

Library/Private Internet Access:

.installed

Library/Services:

Ushas-MacBook-Air:~ usha$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Norton WiFi Privacy, Norton WiFi Privacy, Norton WiFi Privacy

Ushas-MacBook-Air:~ usha$

Ushas-MacBook-Air:~ usha$

please check anything suspicious

I'm afraid you are in the wrong place to get help with this issue.

Linc no longer participates in the Forum and nobody else knows how to interpret what you have posted.

This discussion is over four years old and I doubt that anybody else is following it any more, so chances of anybody else seeing your posting are close to zero.

If you have reason to suspect that your computer has been illegally compromised then you should stop using it and inform law enforcement before trying to go any further.

Otherwise, your best bet here would be to start a new discussion with a detailed description of your issue and why you believe your computer is compromised.

It doesn't hurt to check to check to see if anybody else has this problem and to try any recommended solutions, but if that doesn't help it's always best to start a new discussion so that current troubleshooters will notice it and respond quickly. That's just the way this Forum works best for folks.

Hey.. have seen ur comments across a few forums and all seem to be amazingly helpful 🙂
I did the procedure on my Mac as am concerned that the contents are being accessed elsewhere.

i have posted the output below if you wouldnt mind having a look over to see if there was anything that shows it might be at risk?

Thanks, I appreciate it.

🙂

Last login: Thu May 4 19:33:39 on ttys000

UnfinishedFairytale:~ user$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

awk: can't open file launchctl

source line number 1

UnfinishedFairytale:~ user$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

org.virtualbox.kext.VBoxDrv (5.0.18)

org.virtualbox.kext.VBoxUSB (5.0.18)

org.virtualbox.kext.VBoxNetFlt (5.0.18)

org.virtualbox.kext.VBoxNetAdp (5.0.18)

com.avast.PacketForwarder (2.1)

com.avast.FileShield (3.0.0)

UnfinishedFairytale:~ user$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.avast.secureline.update

com.avast.uninstall

com.avast.daemon

com.avast.update

com.avast.secureline.uninstall

com.avast.proxy

org.wireshark.ChmodBPF

com.google.keystone.daemon

com.avast.service

com.avast.fileshield

com.avast.account

jp.co.canon.MasterInstaller

com.adobe.fpsaud

com.avast.secureline.service

com.avast.secureline.init

com.avast.secureline.burger

com.avast.init

com.iwaxx.Debookee.PacketTool

UnfinishedFairytale:~ user$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper

com.iwaxx.Debookee-Tools.696

com.avast.home.userinit

com.avast.userinit

com.avast.helper

com.avast.secureline.userinit

com.google.Chrome.1608

com.bittorrent.uTorrent

com.openssh.ssh-agent

com.google.keystone.system.agent

com.iwaxx.Debookee-Tools-Helper

com.avast.secureline.home.userinit

com.avast.update-agent

com.spotify.webhelper

com.spigot.ApplicationManager

com.avast.secureline.update-agent

UnfinishedFairytale:~ user$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

BJUSBLoad.kext

CIJUSBLoad.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

HockeySDK.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Disabled Plug-Ins

Flash Player.plugin

Google Earth Web Plug-in.plugin

Quartz Composer.webplugin

Silverlight.plugin

Unity Web Player.plugin

Unused

flashplayer.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.avast.secureline.update-agent.plist

com.avast.secureline.userinit.plist

com.avast.update-agent.plist

com.avast.userinit.plist

com.google.keystone.agent.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.avast.init.plist

com.avast.secureline.init.plist

com.avast.secureline.uninstall.plist

com.avast.secureline.update.plist

com.avast.uninstall.plist

com.avast.update.plist

com.google.keystone.daemon.plist

com.iwaxx.Debookee.PacketTool.plist

jp.co.canon.MasterInstaller.plist

org.virtualbox.startup.plist

org.wireshark.ChmodBPF.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/PrivilegedHelperTools:

com.iwaxx.Debookee.PacketTool

jp.co.canon.MasterInstaller

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

SkypePlugin-7.26.0.48.bundle

Library/Keyboard:

en-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.avast.home.userinit.plist

com.avast.secureline.home.userinit.plist

com.bittorrent.uTorrent.plist

com.spigot.ApplicationManager.plist

com.spotify.webhelper.plist

jp.co.canon.Inkjet_Extended_Survey_Agent.plist

org.virtualbox.vboxwebsrv.plist

Library/PreferencePanes:

Library/Services:

UnfinishedFairytale:~ user$

miss.lex1 wrote:

Hey.. have seen ur comments across a few forums and all seem to be amazingly helpful 🙂
I did the procedure on my Mac as am concerned that the contents are being accessed elsewhere.

i have posted the output below if you wouldnt mind having a look over to see if there was anything that shows it might be at risk?

Please read the post immediately above yours by MadMacs0 dated April 25, 2017

Last login: Tue May 30 20:35:55 on ttys000

Andrews-MacBook-Pro:~ palazzo_living$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Andrews-MacBook-Pro:~ palazzo_living$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

Sorry, try again.

Password:

Sorry, try again.

Password:

com.google.keystone.daemon

com.smithmicro.netwise.osx.helper

Andrews-MacBook-Pro:~ palazzo_living$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.openssh.ssh-agent

com.google.keystone.system.agent

com.paragon-software.facebook.agent

com.grammarly.DesktopEditor.7280

com.smithmicro.netwise.osx.comcast.7568

Andrews-MacBook-Pro:~ palazzo_living$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Disabled Plug-Ins

Flash Player.plugin

Quartz Composer.webplugin

flashplayer.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.google.keystone.agent.plist

com.paragon-software.facebook.agent.plist

/Library/LaunchDaemons:

com.google.keystone.daemon.plist

com.smithmicro.netwise.osx.helper.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/PrivilegedHelperTools:

com.malwarebytes.HelperTool

com.smithmicro.netwise.osx.helper

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleAVCIntraCodec.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleMXFImport.component

AppleProResCodec.component

CFHDCompressor.component

CFHDDecompressor.component

DVCPROHDCodec.component

FCP Uncompressed 422.component

IMXCodec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

WebEx64.plugin

Library/Keyboard:

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

1007-dynamic.lm

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

.DS_Store

Library/PreferencePanes:

Library/Services:

Andrews-MacBook-Pro:~ palazzo_living$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

XFINITY WiFi

Andrews-MacBook-Pro:~ palazzo_living$

I'm afraid you are in the wrong place to get help with this issue.

Linc no longer participates in the Forum and nobody else knows how to interpret what you have posted.

This discussion is over four years old and I doubt that anybody else is following it any more, so chances of anybody else seeing your posting are close to zero.

If you have reason to suspect that your computer has been illegally compromised then you should stop using it and inform law enforcement before trying to go any further.

Otherwise, your best bet here would be to start a new discussion with a detailed description of your issue and why you believe your computer is compromised.

It doesn't hurt to check to check to see if anybody else has this problem and to try any recommended solutions, but if that doesn't help it's always best to start a new discussion so that current troubleshooters will notice it and respond quickly. That's just the way this Forum works best for folks.

JenniferDD wrote:

Hello,

I am not sure if I have a spyware problem, but a few things have started to pop up on my mac one tryed to download a font to my computer. It first started out with popups telling me I need to run a system scan. which I never had before. So I looked up the system scan in line and looked in my applications for it and It was just installed by date it reflected I knew I did not install it. So I uninstalled it. Long story short I got a strange message when trying to log into facebook and lead me to you. I ran the Terminal as listed and this is what I got. Not sure what any of it means. But do I need to do anything else to protect my computer and my personal data?

Please help!

Neither the original poster nor Linc Davis are going to be able to help you. Please start your own thread. Explain what is happening on your computer that makes you think something might be wrong. Download Etrecheck, run it and paste the results into your post.

https://etrecheck.com/

Best of luck.

I believe my wifi continues to be compromised, but if you could let me know if you see any red flags, I'd appreciate it. Remote sharing is of course off, but I am consistently watched or recorded on all my devices no matter where I go.

Many Thanks

$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.oracle.oss.mysql.mysqld

com.adobe.fpsaud

green:~ x$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.logmein.GoToMeeting.G2MUpdate

com.openssh.ssh-agent

com.citrixonline.GoToMeeting.G2MUpdate

com.spotify.webhelper

$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

Python.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Disabled Plug-Ins

Flash Player.plugin

Quartz Composer.webplugin

flashplayer.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.oracle.oss.mysql.mysqld.plist

/Library/PreferencePanes:

Flash Player.prefPane

MySQL.prefPane

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

.DS_Store

DISH Anywhere Player.plugin

WebEx64.plugin

Library/Keyboard:

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

pt-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

245-dynamic.lm

256-dynamic.lm

2441-dynamic.lm

3938-dynamic.lm

5802-dynamic.lm

11626-dynamic.lm

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pl-dynamic.lm

pt-dynamic.lm

ru-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.citrixonline.GoToMeeting.G2MUpdate.plist

com.logmein.GoToMeeting.G2MUpdate.plist

com.spotify.webhelper.plist

Library/PreferencePanes:

Library/Services:

$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Spotify, DISHAnywherePlayer_Launcher

I believe my wifi continues to get compromised, but if you could let me know if you see any red flags, I'd appreciate it. Remote sharing is of course off, but I am consistently watched or recorded on all my devices no matter where I go, it's been years & I am not doing or watching anything that would warrant this type of monitoring. It is invasive and creepy and I want to kill myself because these people can hide behind computers, watching your activity and listening to your life, knowing where you and your family are, and you don't know who or why or where.

Many thanks

$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.oracle.oss.mysql.mysqld

com.adobe.fpsaud

green:~ x$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.logmein.GoToMeeting.G2MUpdate

com.openssh.ssh-agent

com.citrixonline.GoToMeeting.G2MUpdate

com.spotify.webhelper

$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

Python.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Disabled Plug-Ins

Flash Player.plugin

Quartz Composer.webplugin

flashplayer.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.oracle.oss.mysql.mysqld.plist

/Library/PreferencePanes:

Flash Player.prefPane

MySQL.prefPane

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

.DS_Store

DISH Anywhere Player.plugin

WebEx64.plugin

Library/Keyboard:

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

pt-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

245-dynamic.lm

256-dynamic.lm

2441-dynamic.lm

3938-dynamic.lm

5802-dynamic.lm

11626-dynamic.lm

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pl-dynamic.lm

pt-dynamic.lm

ru-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.citrixonline.GoToMeeting.G2MUpdate.plist

com.logmein.GoToMeeting.G2MUpdate.plist

com.spotify.webhelper.plist

Library/PreferencePanes:

Library/Services:

$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Spotify, DISHAnywherePlayer_Launcher

eljeg wrote:

I believe my wifi continues to get compromised, but if you could let me know if you see any red flags, I'd appreciate it. Remote sharing is of course off, but I am consistently watched or recorded on all my devices no matter where I go, it's been years & I am not doing or watching anything that would warrant this type of monitoring.

Neither the original poster nor Linc Davis are going to be able to help you. Please start your own thread. Explain what is happening on your computer that makes you think something might be wrong. Download Etrecheck, run it and paste the results into your post.

https://etrecheck.com/

Best of luck.