My Mac Has Been Hacked via Remote Control by a Network - Please Help
My Macbook Pro has been hacked via what appears to be a remote connection into my Mac. I went into Apple, and they performed a hardware test and everything was okay. They said they could wipe out all the software, but I wanted to figure out what was going on (if possible) and call Apple Legal before all the evidence was wiped clean to at least figure out what was going on. In the mean time, here is the log. I never use Facebook videochat, but see it on the launch. My screen, camera, and sound is compromised.
Please help!
Last login: Sat Dec 24 08:44:10 on console
Sarahs-MacBook-Pro-2:~ SarahMyers$ com.apple.finder AppleShowAllFiles YES.
-bash: com.apple.finder: command not found
Sarahs-MacBook-Pro-2:~ SarahMyers$ com.apple.finder AppleShowAllFiles YES
-bash: com.apple.finder: command not found
Sarahs-MacBook-Pro-2:~ SarahMyers$ defaults write com.apple.finder AppleShowAllFiles YES
Sarahs-MacBook-Pro-2:~ SarahMyers$ tccutil reset AddressBook
Sarahs-MacBook-Pro-2:~ SarahMyers$
Sarahs-MacBook-Pro-2:~ SarahMyers$
Sarahs-MacBook-Pro-2:~ SarahMyers$ tccutil reset CoreLocationAgent
tccutil: Failed to reset database
Sarahs-MacBook-Pro-2:~ SarahMyers$ kextstat -kl | awk ' !/apple/ { print $6 $7 } '
com.movavi.driver.SoundGrabber(1.6.5)
Sarahs-MacBook-Pro-2:~ SarahMyers$ sudo launchctl list | sed 1d | awk ' !/0x|apple|com\.vix|edu\.|org\./ { print $3 } '
Password:
com.macpaw.CleanMyMac3.Agent
com.adobe.ARMDC.Communicator
com.adobe.adobeupdatedaemon
com.malwarebytes.HelperTool
com.microsoft.office.licensing.helper
Adobe_Genuine_Software_Integrity_Service
com.oracle.java.Helper-Tool
com.displaylink.displaylinkmanager
com.adobe.fpsaud
com.adobe.ARMDC.SMJobBlessHelper
Sarahs-MacBook-Pro-2:~ SarahMyers$ ls -1A {,/}Library/{Ad,Compon,Ex,Fram,In,La,Mail/Bu,P*P,Priv,Qu,Scripti,Sta}* 2> /dev/null
/Library/Components:
/Library/Extensions:
ACS6x.kext
ATTOCelerityFC8.kext
ATTOExpressSASHBA2.kext
ATTOExpressSASRAID2.kext
Apowersoft_AudioDevice.kext
ArcMSR.kext
CalDigitHDProDrv.kext
HighPointIOP.kext
HighPointRR.kext
MovaviSoundGrabber.kext
PromiseSTEX.kext
SoftRAID.kext
ham.kext
/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adlm.framework
Adobe AIR.framework
AudioMixEngine.framework
EpsonInformationService.framework
MacFUSE.framework
NyxAudioAnalysis.framework
PluginManager.framework
TSLicense.framework
iTunesLibrary.framework
/Library/Input Methods:
/Library/Internet Plug-Ins:
AdobeAAMDetect.plugin
AdobePDFViewer.plugin
AdobePDFViewerNPAPI.plugin
Disabled Plug-Ins
Flash Player.plugin
Flip4Mac WMV Plugin.plugin
JavaAppletPlugin.plugin
NP_2020Player_WEB.plugin
Quartz Composer.webplugin
SharePointBrowserPlugin.plugin
SharePointWebKitPlugin.webplugin
Silverlight.plugin
flashplayer.xpt
googletalkbrowserplugin.plugin
o1dbrowserplugin.plugin
/Library/Internet Plug-ins Disabled:
AdobeAAMDetect.plugin
AdobePDFViewer.plugin
/Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist
com.adobe.AdobeCreativeCloud.plist
com.displaylink.useragent-prelogin.plist
com.displaylink.useragent.plist
com.epson.Epson_Low_Ink_Reminder.launcher.plist
com.epson.ecrp.launcher.plist
com.epson.esua.launcher.plist
com.epson.eventmanager.agent.plist
com.oracle.java.Java-Updater.plist
org.macosforge.xquartz.startx.plist
/Library/LaunchDaemons:
com.adobe.ARMDC.Communicator.plist
com.adobe.ARMDC.SMJobBlessHelper.plist
com.adobe.adobeupdatedaemon.plist
com.adobe.agsservice.plist
com.adobe.fpsaud.plist
com.displaylink.displaylinkmanager.plist
com.macpaw.CleanMyMac3.Agent.plist
com.malwarebytes.HelperTool.plist
com.microsoft.office.licensing.helper.plist
com.oracle.java.Helper-Tool.plist
org.macosforge.xquartz.privileged_startx.plist
/Library/PreferencePanes:
Flash Player.prefPane
JavaControlPanel.prefPane
/Library/PreferencePanes Disabled:
OSXFUSE.prefPane
/Library/PrivateFrameworks:
/Library/PrivilegedHelperTools:
DisplayLink
com.adobe.ARMDC.Communicator
com.adobe.ARMDC.SMJobBlessHelper
com.macpaw.CleanMyMac3.Agent
com.malwarebytes.HelperTool
com.microsoft.office.licensing.helper
/Library/QuickLook:
iBooksAuthor.qlgenerator
iWork.qlgenerator
/Library/QuickLook Disabled:
iWork.qlgenerator
/Library/QuickTime:
AppleIntermediateCodec.component
AppleMPEG2Codec.component
/Library/QuickTime Disabled:
/Library/ScriptingAdditions:
Adobe Unit Types.osax
/Library/StartupItems:
ChmodBPF
Library/Address Book Plug-Ins:
SkypeABCaller.bundle
SkypeABChatter.bundle
SkypeABDialer.bundle
SkypeABSMS.bundle
Library/Input Methods:
.localized
Library/Internet Plug-Ins:
.DS_Store
CitrixOnlineWebDeploymentPlugin.plugin
FacebookVideoCalling.bundle
FreeConferenceCallChromeHostPlugin
FreeConferenceCallPlugin.plugin
Google Earth Web Plug-in.plugin
PlayerPlugin.bundle
Library/Internet Plug-ins Disabled:
Library/LanguageModeling:
da-dynamic.lm
de-dynamic.lm
en-dynamic.lm
es-dynamic.lm
fi-dynamic.lm
fr-dynamic.lm
it-dynamic.lm
nb-dynamic.lm
nl-dynamic.lm
pl-dynamic.lm
pt-dynamic.lm
sv-dynamic.lm
tr-dynamic.lm
Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.facebook.videochat.SarahMyers.plist
com.google.keystone.agent.plist
com.macpaw.CleanMyMac3.Scheduler.plist
com.nds.pcshow.plist
com.nds.pcshow.uninstall.plist
Library/PreferencePanes:
Sarahs-MacBook-Pro-2:~ SarahMyers$ ps -cx
PID TTY TIME CMD
283 ?? 0:02.64 distnoted
319 ?? 0:01.21 lsd
328 ?? 0:01.56 UserEventAgent
330 ?? 0:00.80 universalaccessd
331 ?? 0:10.12 Dock
334 ?? 0:07.05 SystemUIServer
339 ?? 0:00.08 pboard
342 ?? 0:01.37 bird
349 ?? 0:00.97 storedownloadd
361 ?? 0:00.42 sharedfilelistd
364 ?? 0:14.85 fontd
367 ?? 0:02.02 identityservicesd
368 ?? 0:01.04 imagent
382 ?? 0:01.72 usernoted
383 ?? 0:02.14 nsurlsessiond
385 ?? 0:01.66 EEventManager
388 ?? 0:45.21 CalendarAgent
394 ?? 0:02.17 storeaccountd
398 ?? 0:00.13 mdflagwriter
411 ?? 0:00.09 SocialPushAgent
416 ?? 0:02.65 NotificationCenter
417 ?? 0:00.28 imklaunchagent
418 ?? 0:00.78 Siri
420 ?? 0:07.39 Ecrp
421 ?? 0:00.22 icdd
425 ?? 0:00.16 EpsonLowInkReminderAgent
428 ?? 0:00.06 askpermissiond
429 ?? 0:02.09 sharingd
430 ?? 0:00.19 AirPlayUIAgent
431 ?? 0:00.18 cloudpaird
432 ?? 0:14.06 Creative Cloud
433 ?? 0:00.19 nbagent
435 ?? 0:00.38 WiFiAgent
436 ?? 0:00.40 diagnostics_agent
438 ?? 0:00.39 passd
440 ?? 3:06.28 DisplayLinkUserAgent
445 ?? 2:28.13 Dropbox
446 ?? 0:04.31 Spotlight
456 ?? 0:13.86 CleanMyMac 3 Menu
457 ?? 0:03.57 storeassetd
458 ?? 0:00.53 PAH_Extension
464 ?? 0:00.66 useractivityd
466 ?? 0:00.51 com.apple.dock.extra
467 ?? 0:00.67 WiFiProxy
481 ?? 0:00.06 cloudfamilyrestrictionsd
496 ?? 0:00.16 storeinappd
509 ?? 0:11.36 AdobeIPCBroker
515 ?? 0:22.82 AdobeCRDaemon
516 ?? 0:06.88 Adobe CEF Helper
521 ?? 0:00.05 storelegacy
522 ?? 0:51.59 Adobe Desktop Service
524 ?? 0:13.61 Adobe CEF Helper
525 ?? 0:24.95 AdobeCRDaemon
526 ?? 0:00.51 WiFiVelocityAgent
529 ?? 0:25.82 Core Sync
530 ?? 0:03.24 node
531 ?? 0:00.20 LaterAgent
532 ?? 0:24.96 AdobeCRDaemon
541 ?? 0:00.06 mediaremoteagent
556 ?? 0:00.47 IMRemoteURLConnectionAgent
591 ?? 0:00.74 AppleSpell
660 ?? 11:00.49 Google Chrome
663 ?? 0:00.02 crashpad_handler
664 ?? 2:51.85 Google Chrome Helper
669 ?? 1:38.64 Google Chrome Helper
677 ?? 0:03.12 node
801 ?? 0:00.53 com.apple.speech.speechsynthesisd
857 ?? 8:13.37 Google Chrome Helper
911 ?? 8:17.20 iTunes
1079 ?? 0:03.83 Google Chrome Helper
1094 ?? 0:05.11 Google Chrome Helper
1095 ?? 0:46.56 Google Chrome Helper
1748 ?? 0:00.02 USBAgent
1811 ?? 0:00.25 AppleMobileDeviceHelper
1864 ?? 0:05.17 Messages
1906 ?? 7:46.83 Google Chrome Helper
2076 ?? 0:00.57 PTPCamera
2078 ?? 0:00.07 ath
2181 ?? 2:32.79 Photo Booth
2210 ?? 5:42.18 Google Chrome Helper
2327 ?? 0:03.94 Quick Note
2466 ?? 3:03.38 Google Chrome Helper
2478 ?? 0:00.31 MIDIServer
2558 ?? 0:00.51 dbfseventsd
2559 ?? 0:02.59 dbfseventsd
2560 ?? 0:01.87 dbfseventsd
2783 ?? 0:00.91 nsurlstoraged
2790 ?? 0:00.96 cfprefsd
2905 ?? 0:00.50 iconservicesagent
2907 ?? 0:00.69 parsecd
2908 ?? 0:00.44 com.apple.geod
2910 ?? 0:00.04 com.apple.CommerceKit.TransactionService
2913 ?? 0:00.86 CommCenter
2916 ?? 0:00.14 secd
2918 ?? 0:01.41 callservicesd
2929 ?? 0:00.02 spindump_agent
2934 ?? 0:02.03 soagent
2935 ?? 0:00.72 secinitd
2936 ?? 0:02.98 trustd
2937 ?? 0:00.17 tccd
2938 ?? 0:00.12 ContactsAccountsService
2939 ?? 0:01.03 accountsd
2940 ?? 0:00.03 CloudKeychainProxy
2942 ?? 0:00.72 deleted
2943 ?? 0:00.45 pkd
2947 ?? 0:00.25 akd
2949 ?? 0:06.56 CalNCService
2960 ?? 0:00.24 ContactsAgent
2968 ?? 0:00.03 com.apple.hiservices-xpcservice
2990 ?? 0:00.12 CoreServicesUIAgent
2992 ?? 0:00.14 storeuid
2994 ?? 0:00.01 com.apple.appstore.PluginXPCService
3016 ?? 0:00.57 suggestd
3036 ?? 0:00.77 cloudphotosd
3037 ?? 0:00.07 com.apple.CloudPhotosConfiguration
3039 ?? 0:00.57 photolibraryd
3040 ?? 0:00.40 ScopedBookmarkAgent
3042 ?? 0:00.04 com.apple.photomoments
3043 ?? 0:00.04 com.apple.PhotoIngestService
3044 ?? 0:00.05 AssetCacheLocatorService
3047 ?? 0:00.02 coreauthd
3060 ?? 0:00.06 swcd
3061 ?? 0:00.03 com.apple.CommerceKit.TransactionService
3062 ?? 0:00.03 networkserviceproxy
3064 ?? 0:00.66 assistantd
3065 ?? 0:00.05 com.apple.iTunesLibraryService
3066 ?? 0:00.97 assistant_service
3068 ?? 0:00.04 com.apple.iTunesLibraryService
3069 ?? 0:01.50 com.apple.Safari.SafeBrowsing.Service
3072 ?? 0:00.14 pbs
3074 ?? 0:09.05 DrCleaner
3082 ?? 0:00.01 loginitemregisterd
3087 ?? 0:00.10 ViewBridgeAuxiliary
3089 ?? 0:03.84 com.apple.appkit.xpc.openAndSavePanelService
3090 ?? 0:00.07 MTLCompilerService
3091 ?? 0:00.21 ACCFinderSync
3092 ?? 0:00.24 garcon
3108 ?? 0:00.04 geodMachServiceBridge
3110 ?? 0:00.04 com.apple.quicklook.ThumbnailsAgent
3115 ?? 0:00.09 MTLCompilerService
3142 ?? 0:00.48 Google Chrome Helper
3154 ?? 0:00.05 MTLCompilerService
3166 ?? 0:00.04 com.apple.Safari.History
3167 ?? 0:05.15 Terminal
3168 ?? 0:00.06 MTLCompilerService
3186 ?? 0:00.09 photoanalysisd
3199 ?? 0:04.03 Finder
3208 ?? 0:00.22 garcon
3209 ?? 0:00.19 ACCFinderSync
3212 ?? 0:00.40 mdworker
3229 ?? 0:00.75 mdworker
3241 ?? 0:11.69 VTDecoderXPCService
3283 ?? 0:45.04 Google Chrome Helper
3314 ?? 0:00.12 cloudd
3503 ?? 0:00.03 IDSKeychainSyncingProxy
3506 ?? 0:00.02 ctkahp
3508 ?? 0:00.03 ctkd
3536 ?? 0:00.18 com.apple.CommerceKit.TransactionService
3828 ?? 0:00.08 com.apple.iCloudHelper
3829 ?? 0:00.13 mdworker
3830 ?? 0:00.09 mdworker
3831 ?? 0:00.12 mdworker
3832 ?? 0:00.12 mdworker
3833 ?? 0:00.09 mdworker
3834 ?? 0:00.06 com.apple.spotlight.IndexAgent
3837 ?? 0:00.07 mdworker
3838 ?? 0:00.07 mdworker
3839 ?? 0:00.07 mdworker
3861 ?? 0:00.10 quicklookd
3169 ttys000 0:00.11 login
3173 ttys000 0:00.06 -bash
3881 ttys000 0:00.00 ps
Sarahs-MacBook-Pro-2:~ SarahMyers$
MacBook Pro (Retina, 13-inch,Early 2015), Mac OS X (10.4.11)
