Detect spyware and determine who is spying on my imac

I suspect I have monitoring software on my computer: my output is:

com.dropbox.activityprovider

com.dropbox.foldertagger

com.fitbit.galileod

com.adobe.fpsaud

hayleysleodsmbp:~ mcleod$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

jp.co.canon.cijscannerregister.8480

com.getdropbox.dropbox.34000

com.arcsoft.Daemon.45264

com.epson.ews.launcher

com.divx.update.agent

com.divx.dms.agent

com.Affinegy.InstaLANa

com.dropbox.DropboxMacUpdate.agent

hayleysleodsmbp:~ mcleod$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/**,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

EPSONUSBPrintClass.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

ArcCon.framework

ArcSocketLib.framework

AudioMixEngine.framework

BaseFunction.framework

Cocoa2Carbon.framework

DivX Toolkit.framework

DivXInstallerUtilities.framework

EWSMac.framework

MagAppFramework.framework

MagCore.framework

MagImgTlsCtrl.framework

MagPCMac.framework

Maglib5.framework

MediaClub.framework

NyxAudioAnalysis.framework

PluginManager.framework

TSLicense.framework

TaskDLL.framework

XSKey.framework

iLifeFaceRecognition.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Default Browser.plugin

Disabled Plug-Ins

DivX Web Player.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

JavaAppletPlugin.plugin

OVSHelper.plugin

Quartz Composer.webplugin

Silverlight.plugin

Unity Web Player.plugin

Unused

VeetleBroadcast-0.9.16

VeetleTVCore-0.9.16

VeetleTVPlayer-0.9.16

flashplayer.xpt

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

version.txt

/Library/Internet Plug-Ins (Disabled):

Flash Player.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.Affinegy.InstaLANa.plist

com.divx.dms.agent.plist

com.divx.update.agent.plist

com.epson.ews.launcher.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.apple.aelwriter.plist

com.fitbit.galileod.plist

/Library/PreferencePanes:

Flash Player.prefPane

Flip4Mac WMV.prefPane

Growl.prefPane

Perian.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

GBQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AC3MovieImport.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Perian.component

/Library/ScriptingAdditions:

/Library/Spotlight:

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

HWNetMgr

HWPortDetect

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

waltograph42.otf

waltographUI.ttf

Library/Input Methods:

.localized

Library/Keyboard Layouts:

Library/LaunchAgents:

com.apple.CSConfigDotMacCert-hayleymcleod@me.com-SharedServices.Agent.plist

com.dropbox.DropboxMacUpdate.agent.plist

Library/PreferencePanes:

Library/Services:

ENService.app

Library/Spotlight:

EndNote.mdimporter

hayleysleodsmbp:~ mcleod$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

Steam, iTunesHelper, Skype, EndNote X2, GrowlHelperApp, Belkin Router Monitor, Fitbit Connect Menubar Helper, Dropbox, Garmin Express Service, ConnectService

As I keep telling everyone, Linc no longer participates in this Forum and nobody else can interpret his diagnostics. And since very few of us are even monitoring this very old discussion, you need to start a new one and instead of posting all that information nobody wants, give us a detailed explanation of what you are seeing and why you believe monitoring software is involved. Better yet, report it to the local authorities and have a trained forensic technician examine your computer.

start a new thread

describe your issue and what you have tired to do to resolve it if any.

post an etrcheck report.

www.etrecheck.com

do not add your issue to an existing post as it will complicate things. This post began in 2013, the person you are asking to read your terminal output may no longer be active on these forms.

Hello,

I am not sure if I have a spyware problem, but a few things have started to pop up on my mac one tryed to download a font to my computer. It first started out with popups telling me I need to run a system scan. which I never had before. So I looked up the system scan in line and looked in my applications for it and It was just installed by date it reflected I knew I did not install it. So I uninstalled it. Long story short I got a strange message when trying to log into facebook and lead me to you. I ran the Terminal as listed and this is what I got. Not sure what any of it means. But do I need to do anything else to protect my computer and my personal data?

Please help!

Last login: Sun Jun 4 14:48:48 on ttys000

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

-iMac:~

Password:

com.adobe.ARMDC.Communicator

com.adobe.adobeupdatedaemon

com.adobe.versioncueCS4

Adobe_Genuine_Software_Integrity_Service

com.adobe.SwitchBoard

com.adobe.fpsaud

com.adobe.ARMDC.SMJobBlessHelper

launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.adobe.CS4ServiceManager

com.adobe.AdobeCreativeCloud

com.openssh.ssh-agent

com.getdropbox.dropbox.5120

com.adobe.acc.AdobeDesktopService.2760.FAC954BC-B838-48FF-90FF-D4F533E3CA11

com.adobe.accmac.2708

com.updater.mcy

com.coupons.coupond

com.updater.watch.mcy

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d

com.adobe.AAM.Scheduler-1.0

com.citrixonline.GoToMeeting.G2MUpdate

com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109

com.google.Chrome.4808

com.google.keystone.user.agent

com.adobe.CCXProcess.2736

com.dropbox.DropboxMacUpdate.agent

jp.co.canon.ij.CNSSelectorAgent.1548

ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/**,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

BJUSBLoad.kext

CIJUSBLoad.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

hp_io_enabler_compound.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobeAAMDetect.plugin

AdobeExManDetect.plugin

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

CouponPrinter-FireFox_v2.plugin

Disabled Plug-Ins

EPPEX Plugin.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

flashplayer.xpt

iPhotoPhotocast.plugin

npContributeMac.bundle

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist

com.adobe.AdobeCreativeCloud.plist

com.adobe.CS4ServiceManager.plist

com.coupons.coupond.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.ARMDC.Communicator.plist

com.adobe.ARMDC.SMJobBlessHelper.plist

com.adobe.SwitchBoard.plist

com.adobe.adobeupdatedaemon.plist

com.adobe.agsservice.plist

com.adobe.fpsaud.plist

com.adobe.versioncueCS4.plist

com.oracle.java.Helper-Tool.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

VersionCueCS4.prefPane

/Library/PrivilegedHelperTools:

com.adobe.ARMDC.Communicator

com.adobe.ARMDC.SMJobBlessHelper

com.genieoinnovation.macextension.client

/Library/QuickLook:

GBQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

SoundboothScoreCodec.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

#Pilgiche.dfont

A Gothique Time .ttf

BNHRDFAN.TTF

BODYH___.otf

Bandung Hardcore GP.otf

BauhaBol

BauhaDem

BauhaHea

BauhaLig

BauhaMed

Bauhaus Screen Fonts

Bleeding_Cowboys-1.ttf

Bosque Encantado.ttf

CAMBRIA.TTC

CAMBRIAB_1.TTF

CAMBRIAI_1.TTF

CAMBRIAZ_1.TTF

CHEAPSTE.ttf

CalifR.TTF

Cheeky Rabbit.ttf

CloisterBlack.ttf

CoolockBlack-Regular.otf

DK Honey Dew.otf

Embossed Black Normal.ttf

Embossed Black Wide.ttf

Eternal Call.ttf

GIRLW___.TTF

GRVSTNBT.TTF

Gingerbread House.ttf

Gingersnaps.ttf

INKITMT_.otf

Incised Black Wide.ttf

Incised Black.ttf

KiddyHalloween.ttf

LOVELETTERS.ttf

Like Giselle.ttf

Lost Saloon.ttf

Ministry Script.ttf

Ministry_Script_Stylistic_HFF.ttf

Mochary_PERSONAL_USE_ONLY.ttf

Monotype - BellMTStd-Regular.otf

Mortised Ornaments Free.ttf

OldLondon.ttf

Orbicularis.otf

PANHEAD_.TTF

Plain Black Wide.ttf

Plain Black.ttf

Shadowed Black Wide.ttf

Shadowed Black.ttf

Sloop_Script_Three_BETA_Bold.ttf

Soft Ornaments Nine.ttf

Strawberry Gossip DEMO.otf

TunaAndHotDogsOnRye.ttf

Vampire Kiss Demo.ttf

VarsityPlaybook-DEMO.ttf

halloween_borders.ttf

poke.otf

poke.ttf

retroRockPoster.ttf

sloopscript.ttf

sloopscriptboldtwo.ttf

spankysbblancoitalico.ttf

spankysbungalow.ttf

spankysbungalowblanco.ttf

spankysbungalowitalico.ttf

varsity_regular.ttf

{skinny} jeans solid.ttf

{skinny} jeans.ttf

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

CitrixOnlineWebDeploymentPlugin.plugin

Library/Keyboard:

en-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.107EC825-535A-4571-97B2-D36 C0E054F23.plist

com.apple.MobileMeSyncClientAgent.plist

com.apple.SafariBookmarksSyncer.plist

com.citrixonline.GoToMeeting.G2MUpdate.plist

com.dropbox.DropboxMacUpdate.agent.plist

com.google.keystone.agent.plist

com.updater.mcy.plist

com.updater.watch.mcy.plist

Library/PreferencePanes:

Library/Services:

WinzipAdd.workflow

WinzipEmail.workflow

WinzipUnzip.workflow

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Dropbox, Canon IJ Network Scanner Selector EX, AIM

A lot of the recent posts on output look like what Etrecheck produces, but maybe Linc's script does something else too. I don't know if it does anything about keyloggers as such (the original topic) but many of the recent posts (which really, really should be asked in new topics) seems to have issues in things Etrecheck would reveal in red. That, and try Malwarebytes.

http://www.etresoft.com/etrecheck

Using Etrecheck - https://discussions.apple.com/docs/DOC-6174

https://www.malwarebytes.com/antimalware/mac/

Dear Linc,

I came across your answer and I followed the advice you listed above.

I am not sure whether I can share my output over here, however, this is the link to my post:

Detection of Spyware on Macbook Pro

Many thanks.

Candicemaries123 wrote:

Hello Linc Davis. Can you please please look at my information below and email me at nowforsale@me.com? Thank you very much!

Auoting the post immediately above yours by MadMacs0: Linc no longer participates in the Forum. Nobody but Linc understands how to interpret the output of his diagnostics and when he was here he strenuously objected to anybody else who tried, so you did exactly the right thing by starting a new discussion topic as I may be the only other person still monitoring this 4-1/2 year old discussion.

Lol. Thank you!

Sent from my iPhone

It's amazing that people go to all the trouble of running through the terminal commands and still posting here...

Lol

Hi Linc,

I have the same issue, can you tell me anything about this output?

org.virtualbox.kext.VBoxDrv (5.1.12)

org.virtualbox.kext.VBoxUSB (5.1.12)

org.virtualbox.kext.VBoxNetFlt (5.1.12)

org.virtualbox.kext.VBoxNetAdp (5.1.12)

com.skype.skypeinstaller

com.adobe.ARMDC.Communicator

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.oracle.java.Helper-Tool

com.github.GitHub.GHInstallCLI

com.adobe.fpsaud

com.adobe.ARMDC.SMJobBlessHelper

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

hp_io_enabler_compound.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

Python.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

CitrixICAClientPlugIn.plugin

Disabled Plug-Ins

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

flashplayer.xpt

googletalkbrowserplugin.plugin

o1dbrowserplugin.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist

com.citrix.AuthManager_Mac.plist

com.citrix.ReceiverHelper.plist

com.citrix.ServiceRecords.plist

com.google.keystone.agent.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.ARMDC.Communicator.plist

com.adobe.ARMDC.SMJobBlessHelper.plist

com.adobe.fpsaud.plist

com.github.GitHub.GHInstallCLI.plist

com.google.keystone.daemon.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.skype.skypeinstaller.plist

org.virtualbox.startup.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

OSXFUSE.prefPane

/Library/PrivilegedHelperTools:

com.adobe.ARMDC.Communicator

com.adobe.ARMDC.SMJobBlessHelper

com.github.GitHub.GHInstallCLI

com.microsoft.office.licensing.helper

com.skype.skypeinstaller

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

MySQLCOM

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.bittorrent.uTorrent.plist

net.juniper.SetupClient.plist

org.virtualbox.vboxwebsrv.plist

Library/PreferencePanes:

MySQL.prefPane

Library/Services:

iTunesHelper, uTorrent

notahippie wrote:

Hi Linc,

I have the same issue, can you tell me anything about this output?

Linc no longer posts in these forums. Other users have indicated that they don't feel comfortable interpreting the results of his suggestions.

I did notice a reference to uTorrent at the bottom of your post. Torrent apps and torrent sites are notorious for causing problems. Best to get rid of it.

Last login: Tue Apr 25 01:54:27 on ttys001

Ushas-MacBook-Air:~ usha$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Ushas-MacBook-Air:~ usha$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

Sorry, try again.

Password:

com.adobe.ARMDC.Communicator

com.oracle.java.Helper-Tool

com.microsoft.office.licensingV2.helper

com.adobe.fpsaud

com.adobe.ARMDC.SMJobBlessHelper

com.symantec.NWPService

com.microsoft.autoupdate.helper

Ushas-MacBook-Air:~ usha$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

at.obdev.MicroSnitchOpenAtLoginHelper

at.obdev.MicroSnitch.1944

com.openssh.ssh-agent

com.symantec.NortonWiFiPrivacy.3904

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d

net.qneo.Camera-Lock-Starter

com.oracle.java.Java-Updater

com.pia.pia_manager

net.qneo.Camera-Lock.1520

Ushas-MacBook-Air:~ usha$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/**,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

Disabled Plug-Ins

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

flashplayer.xpt

googletalkbrowserplugin.plugin

o1dbrowserplugin.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.ARMDC.Communicator.plist

com.adobe.ARMDC.SMJobBlessHelper.plist

com.adobe.fpsaud.plist

com.microsoft.autoupdate.helper.plist

com.microsoft.office.licensingV2.helper.plist

com.oracle.java.Helper-Tool.plist

com.symantec.NWPService.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

/Library/PrivilegedHelperTools:

com.adobe.ARMDC.Communicator

com.adobe.ARMDC.SMJobBlessHelper

com.microsoft.autoupdate.helper

com.microsoft.office.licensingV2.helper

com.symantec.NWPService

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard:

en-dynamic.lm

fr-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fi-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.pia.pia_manager.plist

Library/PreferencePanes:

Library/Private Internet Access:

.installed

Library/Services:

Ushas-MacBook-Air:~ usha$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Norton WiFi Privacy, Norton WiFi Privacy, Norton WiFi Privacy

Ushas-MacBook-Air:~ usha$

Ushas-MacBook-Air:~ usha$

please check anything suspicious

I'm afraid you are in the wrong place to get help with this issue.

Linc no longer participates in the Forum and nobody else knows how to interpret what you have posted.

This discussion is over four years old and I doubt that anybody else is following it any more, so chances of anybody else seeing your posting are close to zero.

If you have reason to suspect that your computer has been illegally compromised then you should stop using it and inform law enforcement before trying to go any further.

Otherwise, your best bet here would be to start a new discussion with a detailed description of your issue and why you believe your computer is compromised.

It doesn't hurt to check to check to see if anybody else has this problem and to try any recommended solutions, but if that doesn't help it's always best to start a new discussion so that current troubleshooters will notice it and respond quickly. That's just the way this Forum works best for folks.

Hey.. have seen ur comments across a few forums and all seem to be amazingly helpful 🙂
I did the procedure on my Mac as am concerned that the contents are being accessed elsewhere.

i have posted the output below if you wouldnt mind having a look over to see if there was anything that shows it might be at risk?

Thanks, I appreciate it.

🙂

Last login: Thu May 4 19:33:39 on ttys000

UnfinishedFairytale:~ user$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

awk: can't open file launchctl

source line number 1

UnfinishedFairytale:~ user$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

org.virtualbox.kext.VBoxDrv (5.0.18)

org.virtualbox.kext.VBoxUSB (5.0.18)

org.virtualbox.kext.VBoxNetFlt (5.0.18)

org.virtualbox.kext.VBoxNetAdp (5.0.18)

com.avast.PacketForwarder (2.1)

com.avast.FileShield (3.0.0)

UnfinishedFairytale:~ user$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.avast.secureline.update

com.avast.uninstall

com.avast.daemon

com.avast.update

com.avast.secureline.uninstall

com.avast.proxy

org.wireshark.ChmodBPF

com.google.keystone.daemon

com.avast.service

com.avast.fileshield

com.avast.account

jp.co.canon.MasterInstaller

com.adobe.fpsaud

com.avast.secureline.service

com.avast.secureline.init

com.avast.secureline.burger

com.avast.init

com.iwaxx.Debookee.PacketTool

UnfinishedFairytale:~ user$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

6H4HRTU5E3.com.avast.osx.secureline.avastsecurelinehelper

com.iwaxx.Debookee-Tools.696

com.avast.home.userinit

com.avast.userinit

com.avast.helper

com.avast.secureline.userinit

com.google.Chrome.1608

com.bittorrent.uTorrent

com.openssh.ssh-agent

com.google.keystone.system.agent

com.iwaxx.Debookee-Tools-Helper

com.avast.secureline.home.userinit

com.avast.update-agent

com.spotify.webhelper

com.spigot.ApplicationManager

com.avast.secureline.update-agent

UnfinishedFairytale:~ user$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/**,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

BJUSBLoad.kext

CIJUSBLoad.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

HockeySDK.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Disabled Plug-Ins

Flash Player.plugin

Google Earth Web Plug-in.plugin

Quartz Composer.webplugin

Silverlight.plugin

Unity Web Player.plugin

Unused

flashplayer.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.avast.secureline.update-agent.plist

com.avast.secureline.userinit.plist

com.avast.update-agent.plist

com.avast.userinit.plist

com.google.keystone.agent.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.avast.init.plist

com.avast.secureline.init.plist

com.avast.secureline.uninstall.plist

com.avast.secureline.update.plist

com.avast.uninstall.plist

com.avast.update.plist

com.google.keystone.daemon.plist

com.iwaxx.Debookee.PacketTool.plist

jp.co.canon.MasterInstaller.plist

org.virtualbox.startup.plist

org.wireshark.ChmodBPF.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/PrivilegedHelperTools:

com.iwaxx.Debookee.PacketTool

jp.co.canon.MasterInstaller

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABCaller.bundle

SkypeABChatter.bundle

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

SkypePlugin-7.26.0.48.bundle

Library/Keyboard:

en-dynamic.lm

Library/Keyboard Layouts:

Library/KeyboardServices:

TextReplacements.db

TextReplacements.db-shm

TextReplacements.db-wal

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.avast.home.userinit.plist

com.avast.secureline.home.userinit.plist

com.bittorrent.uTorrent.plist

com.spigot.ApplicationManager.plist

com.spotify.webhelper.plist

jp.co.canon.Inkjet_Extended_Survey_Agent.plist

org.virtualbox.vboxwebsrv.plist

Library/PreferencePanes:

Library/Services:

UnfinishedFairytale:~ user$