MacBook Pro has been hacked. What next?

Open System Preferences->Users & Groups->Login Items tab for your username.

What does it say next to "Welcome" in the "Kind" column (normally will be "Application")?

Hover your cursor over "Welcome" and a yellow "tool-tip" will show you the path to where that file is located.

well, that is indeed odd. following instructions above, it reveals 'Welcome' but 'Unknown' in the 'Kind' column. next to that is a yellow warning triangle with the exclamation mark. i have not a clue what this is, or how it got there. moreover, i'm not sure what to do with it now that it's been discovered. the only thing i can think of is that it might be related to my external drive that i connected two days ago to perform a full backpup.

All I can tell you is what I read at the link I gave you which seems to say it's for one of these USB to Serial/UART and Parallel/Printer interface bridge solutions from Prolific.

i've checked the link, but have never been to the Prolific site before. if 'Welcome' appears, it is not something i've knowingly done (and i'm usually quite careful about these sorts of things).

The other extensions I didn't recognize were:

• com.aliph.driver.jstub (1.1.2) possibly associated with JAMBOX by Jawbone?
• com.smarttech.iokit.SMARTBoard (10) which seems to be an interactive flat panel from SMART.

these are okay. i recognise them, and you are correct: SMARTBoard 10 software and Jambox. these were installed by me and both are used regularly.

i did not purchase AppleCare (of course not -- just my luck!), but it sounds like i'm going to have to set up an appointment at my local Apple store. thanks once again.

What saved password? Are you talking about logging in to your account, or logging in to a website, or something else altogether? A login password is not saved anywhere unless you use automatic login, and then you wouldn't get the login screen at all.

all apologies, and thanks for pointing this out.

in my haste i was typing about one thing whilst thinking about 14 others. i was indeed talking about logging into my account, and no, the password isn't saved. nor do i use automatic login.

to clarify, upon restart or powering on, i'm referring to the login page that appears after the familiar Apple startup chime. the field is normally blank. however, since these problems began, the field is already populated with a password before i am able to type a single letter. at least i am now able to delete this and to enter my usual password.

this was the issue that concerned me most, and i'm still left with two questions: is the field being automatically completed because of a keyboard/hardware malfunction, or is it something more malicious (and, as yet, undefined)?

thank you for your help.

i followed your instructions to the letter, and am presently in safe mode. now, i'm stuck!

Note: If FileVault is enabled, or if a firmware password is set, or if the startup volume is a Fusion Drive or a software RAID, you can’t do this. Ask for further instructions.

problem 1: i don't know whether FileVault is enabled, or how to check if it is.

Test while in safe mode. Same problem?

problem 2: i'm not sure what you mean by 'test while in safe mode'. please advise (and sorry again for my dimwittedness).

i see.

yes, the field still populates itself in safe mode. on occasion, upon restart, the MBP yields a 'woodpecker' sound -- as if letters are still being 'typed in' beyond the character limit. as for the keyboard issue:

as youp can tellp from thips sentence, the issue with the letter 'p' is stipll relpipcatipng itself.

thank you. i've deleted 'Welcome'.

the only USB device connected is that for my wireless mouse. when i disconnect it and just use the track pad, i still have the same issue with the keyboard.

unfortunately, this is a house full of laptops, iPhones and iPads, so i don't have an extra keyboard lying around. (can't believe i never thought of something so simple!) i will test first thing tomorrow with an external keyboard when at work, and will post whatever i find.

thanks again for taking out a good chunk of your day to help.

... an update on symptoms, for what they're worth:

• the sleep disorder issue has returned this evening. commanded to sleep, the screen goes black -- only to turn back on again (on its own, that is) about two minutes later. when it first happened yesterday, the screen would go black for less than a second before 'waking up'.
• occasionally, when i attempt to use a pulldown menu (e.g. apple symbol > restart, or firefox > quit), i am unable to 'lock in' on my target. against my will, the blue bar turns to another command in the same dropdown menu, or scrolls all of them quickly -- up and down, down and up. this is new.
• desktop icons (but not dock icons) now 'blink' at 1 minute intervals, as if the screen were 'resetting' itself. this is also new.

until i can access an external keyboard in the morning, in the interim, i've taken Apple's instructions on software troubleshooting and disc utility HD checks, and report no problems at all.