Console showing repeated com.teamviewer.service - what is it?

Well someone installed it on your Mac. My guess is they also removed it but botched the job. Who else has access and would want to spy on you?

C.

Did you, or anyone else using the computer, allow a "tech support" service to take control of it remotely?

It case it is not clear, TeamViewer.com is a screen sharing utility. It is free for personal use, and is very popular in situations where Mac OS X Screen Sharing is difficult to get working (such as maintaining a relative's Mac remotely and the relatives are not very helpful getting Mac OS X Screen Sharing up and running on their end).

But is also happens to be very popular with SCAM'ers that trick people into installing TeamViewer.com under the pretense of remotely fixing the user's system after a SCAM web site throws up a false virus detected warning in the web browser. Once the SCAN'ers get TeamViewer installed and connected the user's system is compromised, and often user also paid a few hundred dollars via credit card for the privilege.

You might want to visit the TeamViewer.com site and see about uninstall instructions. You may need to re-install TeamViewer.com in order to do a proper uninstall. There is nothing evil about TeamViewer, it is how and by whom it is used that can be a problem.

If you don't know how that software got on your computer, and you're the only user, then you may have a serious problem. You can remove it according to the developer's instructions, but in my view that's not nearly enough to be sure that the computer is safe to use. Ask if you want further guidance.

I'm taking at face value your statement that you're sure you didn't install TeamViewer yourself. If you did install it and forgot about it, then all this is a waste of time.

The only way you can be sure that the computer is not compromised is to erase at least the startup volume and restore it to something like the state it was in before the attack. By "attack" I mean that some unknown person tampered with the computer in an unknown way. The easiest approach is to recover the entire system from a backup that predates the attack. Obviously, that's only practical if you know when the attack took place, and it was recent, and you have such a backup. You will lose all changes to data, such as email, that were made after the time of the snapshot. Some of those changes can be restored from a later backup.

If you don't know when the attack happened, or if it was too long ago for a complete rollback to be practical, then you should erase and install OS X. If you don't already have at least two complete, independent backups of all data, then you must make them first. One backup is not enough to be safe.

When you restart after the installation, you'll be prompted to go through the initial setup process for a new computer. That’s when you transfer the data from a backup in Setup Assistant.

Select only users in the Setup Assistant dialog—not Applications, Other files and folders, or Computer & Network Settings. Don't transfer the Guest account, if it was enabled.

Reinstall third-party software from original media or fresh downloads—not from a backup, which could be contaminated.

Unless you were the target of an improbably sophisticated attack, this procedure will leave you with a clean system. If you have reason to think that you were the target of a sophisticated attack, then you need expert help.

The above being done, change all Internet passwords and check all financial accounts for unauthorized transactions. Do this after the system has been secured, not before.

If you select all three of these lines

sqlite3 ~/Library/Preferences/com.apple.LaunchServices.QuarantineEventsV2 \

"select datetime(LSQuarantineTimeStamp + 978307200, 'unixepoch', 'localtime') as thedate, \

LSQuarantineDataURLString from LSQuarantineEvent order by LSQuarantineTimeStamp;"

then copy and paste them into the Terminal.app comand line window, you will get a (long) list of all downloads with the date and time they occurred. By studying this, you may be able to figure out when/how TeamViewer arrived on your system.

C.