User profile for user: kingrosa
kingrosa Author
User level: Level 1
8 points

help please! worried about hack

i'm a researcher for work and may be hyper sensitive to this but want to make sure a hack is what's happened before doing a wipe (also I can't erase my HD in recovery mode either) can anyone let me know based on this?User uploaded file

MacBook Pro with Retina display

Posted on Feb 8, 2017 9:06 AM

Reply
11 replies
User profile for user: kingrosa
kingrosa Author
User level: Level 1
8 points

Feb 8, 2017 10:37 AM in response to etresoft

Thank you so much!!!! I'll be sure to tell friends about this and of course donate 🙂 Let me know what to remove if anything at all

EtreCheck version: 3.1.5 (343)

Report generated 2017-02-08 13:33:18

Download EtreCheck from https://etrecheck.com

Runtime 1:55

Performance: Excellent


Click the [Support] links for help with non-Apple products.

Click the [Details] links for more information about that line.


Problem: No problem - just checking


Hardware Information:

MacBook Pro (Retina, 13-inch, Early 2015)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro12,1

1 2.9 GHz Intel Core i5 (i5-5287U) CPU: 2-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1867 MHz ok

BANK 1/DIMM0

4 GB DDR3 1867 MHz ok

Bluetooth: Good - Handoff/Airdrop2 supported

Wireless: en0: 802.11 a/b/g/n/ac

Battery: Health = Normal - Cycle count = 639


Video Information:

Intel Iris Graphics 6100

Color LCD 2560 x 1600


System Software:

macOS Sierra 10.12.3 (16D32) - Time since boot: about 5 hours


Disk Information:

APPLE SSD SM1024G disk0 : (1 TB) (Solid State - TRIM: Yes)

[Show SMART report]

EFI (disk0s1) <not mounted> : 210 MB

Macintosh HD (disk0s2) / [Startup]: 999.70 GB (123.06 GB free)

Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB


USB Information:

Broadcom Corp. Bluetooth USB Host Controller


Thunderbolt Information:

Apple Inc. thunderbolt_bus


Gatekeeper:

Mac App Store and identified developers


Kernel Extensions:

/Library/Extensions

[loaded] at.obdev.nke.LittleSnitch (3.7.2 - SDK 10.11 - 2017-02-06) [Support]


System Launch Agents:

[failed] com.apple.DiskArbitrationAgent.plist (2016-12-10)

[not loaded] 6 Apple tasks

[loaded] 163 Apple tasks

[running] 110 Apple tasks


System Launch Daemons:

[not loaded] 43 Apple tasks

[loaded] 161 Apple tasks

[running] 107 Apple tasks


Launch Agents:

[running] at.obdev.LittleSnitchUIAgent.plist (2017-02-05) [Support]

[not loaded] com.adobe.AAM.Updater-1.0.plist (2017-02-03) [Support] - /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility: Executable not found!

[failed] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a2 3d420d.plist (2017-01-11) [Support]

[loaded] com.adobe.AdobeCreativeCloud.plist (2017-01-02) [Support]


Launch Daemons:

[running] at.obdev.littlesnitchd.plist (2017-02-05) [Support]

[loaded] com.adobe.ARMDC.Communicator.plist (2017-01-11) [Support]

[loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (2017-01-11) [Support]

[running] com.adobe.adobeupdatedaemon.plist (2017-01-02) [Support]

[running] com.adobe.agsservice.plist (2017-02-01) [Support]

[loaded] com.adobe.fpsaud.plist (2016-12-16) [Support]

[running] com.malwarebytes.HelperTool.plist (2017-02-06) [Support]

[loaded] uk.co.canimaansoftware.ClamXavHelper.plist (2016-11-28) [Support]

[loaded] uk.co.canimaansoftware.ClamXavHelperUpdater.plist (2016-11-28) [Support]


User Launch Agents:

[not loaded] com.adobe.AAM.Updater-1.0.plist (2017-01-02) [Support] - /Library/Application Support/Adobe/OOBE/PDApp/UWA/UpdaterStartupUtility: Executable not found!


User Login Items:

iTunesHelper Application (2017-01-31)

(/Applications/iTunes.app/Contents/MacOS/iTunesHelper.app)


3rd Party Preference Panes:

Flash Player (2016-12-16) [Support]


Time Machine:

Time Machine not configured!


Top Processes by CPU:

26% Safari

18% WindowServer

8% com.apple.WebKit.WebContent(10)

6% hidd

6% kernel_task


Top Processes by Memory:

1.66 GB com.apple.WebKit.WebContent(9)

867 MB kernel_task

360 MB mdworker(10)

303 MB Finder

287 MB MTLCompilerService(12)


Virtual Memory Information:

2.28 GB Available RAM

278 MB Free RAM

5.72 GB Used RAM

2.01 GB Cached files

199 MB Swap Used


Diagnostics Information:

Feb 8, 2017, 09:39:00 AM /Library/Logs/DiagnosticReports/Little Snitch Configuration_2017-02-08-093900_[redacted].hang

/Applications/Little Snitch Configuration.app/Contents/MacOS/Little Snitch Configuration

Feb 8, 2017, 09:37:59 AM ~/Library/Logs/DiagnosticReports/Little Snitch Network Monitor_2017-02-08-093759_[redacted].crash

at.obdev.LittleSnitchNetworkMonitor - /Library/Little Snitch/Little Snitch Network Monitor.app/Contents/MacOS/Little Snitch Network Monitor

Feb 8, 2017, 07:44:44 AM ~/Library/Logs/DiagnosticReports/Little Snitch Network Monitor_2017-02-08-074444_[redacted].crash

Feb 8, 2017, 07:36:15 AM /Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2017-02-08-073615_[ redacted].cpu_resource.diag [Details]

/System/Library/Frameworks/WebKit.framework/Versions/A/XPCServices/com.apple.We bKit.WebContent.xpc/Contents/MacOS/com.apple.WebKit.WebContent

Feb 8, 2017, 07:33:34 AM Self test - passed

Feb 8, 2017, 07:30:38 AM ~/Library/Logs/DiagnosticReports/Finder_2017-02-08-073038_[redacted].crash

com.apple.finder - /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder

Feb 8, 2017, 07:27:37 AM /Library/Logs/DiagnosticReports/Finder_2017-02-08-072737_[redacted].cpu_resourc e.diag [Details]

Feb 8, 2017, 07:20:59 AM /Library/Logs/DiagnosticReports/com.apple.WebKit.WebContent_2017-02-08-072059_[ redacted].cpu_resource.diag [Details]

Feb 8, 2017, 07:02:31 AM ~/Library/Logs/DiagnosticReports/Adobe Premiere Pro CC 2017_2017-02-08-070231_[redacted].crash

com.adobe.PremierePro.CC11 - /Applications/Adobe Premiere Pro CC 2017/Adobe Premiere Pro CC 2017.app/Contents/MacOS/Adobe Premiere Pro CC 2017

Feb 7, 2017, 02:35:20 AM /Library/Logs/DiagnosticReports/Adobe Premiere Pro CC 2017_2017-02-07-023520_[redacted].cpu_resource.diag [Details]

Feb 7, 2017, 02:26:16 AM ~/Library/Logs/DiagnosticReports/Adobe Premiere Pro CC 2017_2017-02-07-022616_[redacted].crash

Feb 6, 2017, 07:53:26 PM ~/Library/Logs/DiagnosticReports/Little Snitch Network Monitor_2017-02-06-195326_[redacted].crash

Feb 6, 2017, 06:40:39 AM ~/Library/Logs/DiagnosticReports/Little Snitch Network Monitor_2017-02-06-064039_[redacted].crash

Feb 6, 2017, 02:28:26 AM /Library/Logs/DiagnosticReports/AdobeGCClient_2017-02-06-022826_[redacted].cras h

/Library/Application Support/Adobe/*/AdobeGCClient.app/Contents/MacOS/AdobeGCClient

Feb 5, 2017, 11:37:26 PM /Library/Logs/DiagnosticReports/Safari_2017-02-05-233726_[redacted].cpu_resourc e.diag [Details]

/Applications/Safari.app/Contents/MacOS/Safari

Feb 5, 2017, 09:33:44 PM /Library/Logs/DiagnosticReports/Little Snitch Daemon_2017-02-05-213344_[redacted].crash

/Library/Little Snitch/Little Snitch Daemon.bundle/Contents/MacOS/Little Snitch Daemon

Feb 5, 2017, 09:33:44 PM ~/Library/Logs/DiagnosticReports/Little Snitch Agent_2017-02-05-213344_[redacted].crash

/Library/Little Snitch/Little Snitch Agent.app/Contents/MacOS/Little Snitch Agent

Reply
User profile for user: kingrosa
kingrosa Author
User level: Level 1
8 points

Feb 8, 2017 9:28 AM in response to JimmyCMPIT

my CPU was running really high with unknown guests. in my wifi I saw the name of my computer was in use elsewhere and I could not change the IP address. on little snitch there are many IP addresses trying to connect I have to block, on high number ports.

I checked through little snitch traffic and saw many HAD connected on UDP 137.

:fe80::5406:c0ff:fe54:

Total: 405 B sent, 0 B received

Outgoing to ff02::fb, Port mdns (5353), Protocol UDP (17), 405 B sent, 0 B received


I'm really not tech savvy though and now pretty anxious because it just seems unusual.

Reply
User profile for user: kingrosa
kingrosa Author
User level: Level 1
8 points

Feb 8, 2017 10:01 AM in response to kingrosa

Last login: Wed Feb 8 12:17:49 on ttys001

196819681968:~ r$ netstat [-a]

Active Internet connections

Proto Recv-Q Send-Q Local Address Foreign Address (state)

tcp4 0 0 192.168.1.206.51657 xx-fbcdn-shv-01-.https ESTABLISHED

tcp4 0 0 192.168.1.206.51656 a172-226-65-200..https ESTABLISHED

tcp4 0 0 192.168.1.206.51654 172.82.200.144.https ESTABLISHED

tcp4 0 0 192.168.1.206.51635 ec2-23-21-193-21.https ESTABLISHED

tcp4 0 0 192.168.1.206.51634 ec2-107-21-1-61..https ESTABLISHED

tcp4 0 0 192.168.1.206.51631 ec2-107-21-1-61..https ESTABLISHED

tcp4 0 0 192.168.1.206.51629 r-199-59-148-23..https ESTABLISHED

tcp4 0 0 192.168.1.206.50916 edge-star-shv-01.https ESTABLISHED

tcp4 0 0 192.168.1.206.50370 17.188.166.14.5223 ESTABLISHED

tcp4 0 0 192.168.1.206.50369 17.249.76.23.5223 ESTABLISHED

udp6 0 0 *.49241 *.*

udp4 0 0 *.49241 *.*

udp6 0 0 *.51885 *.*

udp4 0 0 *.51885 *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.53761 *.*

udp6 0 0 *.49812 *.*

udp4 0 0 *.49812 *.*

udp4 0 0 *.49920 *.*

udp6 0 0 fe80::5406:c0ff:.ntp *.*

udp4 0 0 192.168.1.206.ntp *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp6 0 0 fe80::3bba:10b7:.ntp *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.63268 *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp6 0 0 fe80::1%lo0.ntp *.*

udp6 0 0 localhost.ntp *.*

udp4 0 0 localhost.ntp *.*

udp4 0 0 *.ntp *.*

udp6 0 0 *.ntp *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp46 0 0 *.* *.*

udp6 0 0 *.mdns *.*

udp4 0 0 *.mdns *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.* *.*

udp4 0 0 *.netbios-ns *.*

udp4 0 0 *.netbios-dgm *.*

icm4 0 0 *.* *.*

Active Multipath Internet connections

Proto/ID Flags Local Address Foreign Address (state)

Active LOCAL (UNIX) domain sockets

Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr

578c503a405d562f stream 0 0 0 578c503a405d56f7 0 0 /var/run/mDNSResponder

578c503a405d56f7 stream 0 0 0 578c503a405d562f 0 0

578c503a405d594f stream 0 0 0 578c503a405d6827 0 0

578c503a405d6827 stream 0 0 0 578c503a405d594f 0 0

578c503a48f59b47 stream 0 0 0 578c503a48f59697 0 0 /var/run/mDNSResponder

578c503a48f59697 stream 0 0 0 578c503a48f59b47 0 0

578c503a48f5a24f stream 0 0 0 578c503a48f5975f 0 0 /var/run/mDNSResponder

578c503a48f5975f stream 0 0 0 578c503a48f5a24f 0 0

578c503a48f59377 stream 0 0 0 578c503a48f5817f 0 0 /var/run/mDNSResponder

578c503a48f5817f stream 0 0 0 578c503a48f59377 0 0

578c503a48f58c6f stream 0 0 0 578c503a48f5943f 0 0 /var/run/mDNSResponder

578c503a48f5943f stream 0 0 0 578c503a48f58c6f 0 0

578c503a453870bf stream 0 0 0 578c503a453873df 0 0 /var/run/mDNSResponder

578c503a453873df stream 0 0 0 578c503a453870bf 0 0

578c503a453844ff stream 0 0 0 578c503a45387187 0 0 /var/run/mDNSResponder

578c503a45387187 stream 0 0 0 578c503a453844ff 0 0

578c503a4538549f stream 0 0 0 578c503a4538468f 0 0 /var/run/mDNSResponder

578c503a4538468f stream 0 0 0 578c503a4538549f 0 0

578c503a45385567 stream 0 0 0 578c503a45386b47 0 0 /var/run/mDNSResponder

578c503a45386b47 stream 0 0 0 578c503a45385567 0 0

578c503a45387317 stream 0 0 0 578c503a45385a17 0 0 /var/run/mDNSResponder

578c503a45385a17 stream 0 0 0 578c503a45387317 0 0

578c503a45384ccf stream 0 0 0 578c503a45386cd7 0 0 /var/run/mDNSResponder

578c503a45386cd7 stream 0 0 0 578c503a45384ccf 0 0

578c503a3d8d71e7 stream 0 0 0 578c503a3d8d6ec7 0 0 /var/run/mDNSResponder

578c503a3d8d6ec7 stream 0 0 0 578c503a3d8d71e7 0 0

578c503a405d7317 stream 0 0 0 0 0 0

578c503a405d549f stream 0 0 0 578c503a405d6d9f 0 0 /var/run/mDNSResponder

578c503a405d6d9f stream 0 0 0 578c503a405d549f 0 0

578c503a453853d7 stream 0 0 0 578c503a45384b3f 0 0

578c503a45384b3f stream 0 0 0 578c503a453853d7 0 0

578c503a45384a77 stream 0 0 0 578c503a45386f2f 0 0

578c503a45386f2f stream 0 0 0 578c503a45384a77 0 0

578c503a3d8d7827 stream 0 0 0 578c503a3d8d6887 0 0 /var/run/mDNSResponder

578c503a3d8d6887 stream 0 0 0 578c503a3d8d7827 0 0

578c503a405d53d7 stream 0 0 0 578c503a405d6e67 0 0 /var/run/mDNSResponder

578c503a405d6e67 stream 0 0 0 578c503a405d53d7 0 0

578c503a405d4c07 stream 0 0 0 578c503a405d4b3f 0 0 /var/run/mDNSResponder

578c503a405d4b3f stream 0 0 0 578c503a405d4c07 0 0

578c503a405d5567 stream 0 0 0 578c503a405d7187 0 0 /var/run/usbmuxd

578c503a405d7187 stream 0 0 0 578c503a405d5567 0 0

578c503a405d611f stream 0 0 0 578c503a405d44ff 0 0 /var/run/usbmuxd

578c503a405d44ff stream 0 0 0 578c503a405d611f 0 0

578c503a405d68ef stream 0 0 0 578c503a405d5247 0 0 /var/run/mDNSResponder

578c503a405d5247 stream 0 0 0 578c503a405d68ef 0 0

578c503a405d724f stream 0 0 0 578c503a405d4d97 0 0 /var/run/mDNSResponder

578c503a405d4d97 stream 0 0 0 578c503a405d724f 0 0

578c503a405d4ccf stream 0 0 0 578c503a405d50b7 0 0 /var/run/mDNSResponder

578c503a405d50b7 stream 0 0 0 578c503a405d4ccf 0 0

578c503a405d6cd7 stream 0 0 0 578c503a405d65cf 0 0 /var/run/mDNSResponder

578c503a405d65cf stream 0 0 0 578c503a405d6cd7 0 0

578c503a48f58d37 stream 0 0 0 578c503a48f59cd7 0 0 /var/run/mDNSResponder

578c503a48f59cd7 stream 0 0 0 578c503a48f58d37 0 0

578c503a48f57d97 stream 0 0 0 578c503a48f57e5f 0 0 /var/run/mDNSResponder

578c503a48f57e5f stream 0 0 0 578c503a48f57d97 0 0

578c503a453865cf stream 0 0 0 578c503a45385c6f 0 0 /var/run/mDNSResponder

578c503a45385c6f stream 0 0 0 578c503a453865cf 0 0

578c503a45385d37 stream 0 0 0 578c503a45386507 0 0 /var/run/mDNSResponder

578c503a45386507 stream 0 0 0 578c503a45385d37 0 0

578c503a45385dff stream 0 0 0 578c503a45385ec7 0 0 /var/run/mDNSResponder

578c503a45385ec7 stream 0 0 0 578c503a45385dff 0 0

578c503a4538643f stream 0 0 0 578c503a45386377 0 0 /var/run/mDNSResponder

578c503a45386377 stream 0 0 0 578c503a4538643f 0 0

578c503a45385f8f stream 0 0 0 578c503a45386057 0 0 /var/run/mDNSResponder

578c503a45386057 stream 0 0 0 578c503a45385f8f 0 0

578c503a453862af stream 0 0 0 578c503a453861e7 0 0 /var/run/mDNSResponder

578c503a453861e7 stream 0 0 0 578c503a453862af 0 0

578c503a4538611f stream 0 0 0 578c503a38c89ff7 0 0 /var/run/mDNSResponder

578c503a38c89ff7 stream 0 0 0 578c503a4538611f 0 0

578c503a38c878e7 stream 0 0 0 578c503a38c8768f 0 0 /var/run/mDNSResponder

578c503a38c87757 stream 0 0 0 578c503a3d8d83df 0 0 /var/run/mDNSResponder

578c503a38c8768f stream 0 0 0 578c503a38c878e7 0 0

578c503a3d8d83df stream 0 0 0 578c503a38c87757 0 0

578c503a3d8d5f27 stream 0 0 0 578c503a3d8d54ff 0 0 /var/run/mDNSResponder

578c503a3d8d54ff stream 0 0 0 578c503a3d8d5f27 0 0

578c503a38c89e67 stream 0 0 0 578c503a38c89f2f 0 0 /var/run/mDNSResponder

578c503a38c89f2f stream 0 0 0 578c503a38c89e67 0 0

578c503a38c874ff stream 0 0 0 578c503a38c8a3df 0 0 /var/run/mDNSResponder

578c503a38c8a3df stream 0 0 0 578c503a38c874ff 0 0

578c503a3d8d6567 stream 0 0 0 578c503a3d8d743f 0 0

578c503a3d8d743f stream 0 0 0 578c503a3d8d6567 0 0

578c503a3d8d6adf stream 0 0 0 578c503a3d8d6a17 0 0

578c503a3d8d6a17 stream 0 0 0 578c503a3d8d6adf 0 0

578c503a3d8d617f stream 0 0 0 578c503a3d8d6ba7 0 0

578c503a3d8d6ba7 stream 0 0 0 578c503a3d8d617f 0 0

578c503a3d8d60b7 stream 0 0 0 578c503a3d8d6d37 0 0

578c503a3d8d6d37 stream 0 0 0 578c503a3d8d60b7 0 0

578c503a3d8d649f stream 0 0 578c503a3dac28df 0 0 0 /private/tmp/com.apple.launchd.sZzCCiRWNy/Listeners

578c503a3d8d662f stream 0 0 578c503a3da8cf27 0 0 0 /private/tmp/com.apple.launchd.VBG8M8XaYM/Render

578c503a3d8d7377 stream 0 0 578c503a39e21fa7 0 0 0 /var/tmp/filesystemui.socket

578c503a3d8d66f7 stream 0 0 0 578c503a3d8d72af 0 0 /var/run/mDNSResponder

578c503a3d8d72af stream 0 0 0 578c503a3d8d66f7 0 0

578c503a38c88247 stream 0 0 578c503a3c041767 0 0 0 /var/run/.sim_diagnosticd_socket

578c503a38c87d97 stream 0 0 0 578c503a38c87e5f 0 0

578c503a38c87e5f stream 0 0 0 578c503a38c87d97 0 0

578c503a38c8943f stream 0 0 578c503a39f4eacf 0 0 0 /var/run/pppconfd

578c503a38c8849f stream 0 0 578c503a38ee4cbf 0 0 0 /var/run/uk.co.canimaansoftware.ClamXavHelperUpdater.socket

578c503a38c88567 stream 0 0 578c503a38ee5d37 0 0 0 /var/run/uk.co.canimaansoftware.ClamXavHelper.socket

578c503a38c8862f stream 0 0 578c503a38ee5577 0 0 0 /private/var/run/cupsd

578c503a38c891e7 stream 0 0 578c503a38ece3ff 0 0 0 /var/run/usbmuxd

578c503a38c8911f stream 0 0 578c503a38eccdb7 0 0 0 /var/run/systemkeychaincheck.socket

578c503a38c89057 stream 0 0 578c503a38ea6acf 0 0 0 /var/run/portmap.socket

578c503a38c886f7 stream 0 0 578c503a38ea6cbf 0 0 0 /var/run/vpncontrol.sock

578c503a38c88f8f stream 0 0 578c503a38e9b957 0 0 0 /var/rpc/ncacn_np/wkssvc

578c503a38c88ec7 stream 0 0 578c503a38e9acbf 0 0 0 /var/rpc/ncalrpc/wkssvc

578c503a38c887bf stream 0 0 578c503a38e9adb7 0 0 0 /var/rpc/ncacn_np/srvsvc

578c503a38c88dff stream 0 0 578c503a38e9aeaf 0 0 0 /var/rpc/ncalrpc/srvsvc

578c503a38c88887 stream 0 0 578c503a38e9afa7 0 0 0 /var/rpc/ncalrpc/NETLOGON

578c503a38c8894f stream 0 0 578c503a38e9b28f 0 0 0 /var/rpc/ncacn_np/lsarpc

578c503a38c88a17 stream 0 0 578c503a38e9b387 0 0 0 /var/rpc/ncalrpc/lsarpc

578c503a38c88d37 stream 0 0 578c503a38e838df 0 0 0 /var/rpc/ncacn_np/mdssvc

578c503a38c88c6f stream 0 0 578c503a38e8447f 0 0 0 /var/run/mDNSResponder

578c503a405d73df dgram 0 0 0 578c503a38c88ba7 0 578c503a48f5894f

578c503a48f5894f dgram 0 0 0 578c503a38c88ba7 0 578c503a48f59e67

578c503a48f59e67 dgram 0 0 0 578c503a38c88ba7 0 578c503a48f59f2f

578c503a48f59f2f dgram 0 0 0 578c503a38c88ba7 0 578c503a48f599b7

578c503a48f599b7 dgram 0 0 0 578c503a38c88ba7 0 578c503a48f58567

578c503a48f58567 dgram 0 0 0 578c503a38c88ba7 0 578c503a3d8d7f2f

578c503a3d8d7f2f dgram 0 0 0 578c503a38c88ba7 0 578c503a3d8d711f

578c503a3d8d711f dgram 0 0 0 578c503a38c88ba7 0 578c503a3d8d5757

578c503a3d8d5757 dgram 0 0 0 578c503a38c88ba7 0 578c503a405d57bf

578c503a405d57bf dgram 0 0 0 578c503a38c88ba7 0 578c503a405d6b47

578c503a405d6b47 dgram 0 0 0 578c503a38c88ba7 0 578c503a45386d9f

578c503a405d4f27 dgram 0 0 0 578c503a405d481f 578c503a405d481f 0

578c503a405d481f dgram 0 0 0 578c503a405d4f27 578c503a405d4f27 0

578c503a45386d9f dgram 0 0 0 578c503a38c88ba7 0 578c503a453857bf

578c503a453857bf dgram 0 0 0 578c503a38c88ba7 0 578c503a405d70bf

578c503a3d8d7e67 dgram 0 0 0 578c503a3d8d7ff7 578c503a3d8d7ff7 0

578c503a3d8d7ff7 dgram 0 0 0 578c503a3d8d7e67 578c503a3d8d7e67 0

578c503a405d517f dgram 0 0 0 578c503a405d6697 578c503a405d6697 0

578c503a405d6697 dgram 0 0 0 578c503a405d517f 578c503a405d517f 0

578c503a405d70bf dgram 0 0 0 578c503a38c88ba7 0 578c503a405d4e5f

578c503a405d4e5f dgram 0 0 0 578c503a38c88ba7 0 578c503a45386ff7

578c503a405d6a7f dgram 0 0 0 578c503a405d5adf 578c503a405d5adf 0

578c503a405d5adf dgram 0 0 0 578c503a405d6a7f 578c503a405d6a7f 0

578c503a405d5a17 dgram 0 0 0 578c503a405d62af 578c503a405d62af 0

578c503a405d62af dgram 0 0 0 578c503a405d5a17 578c503a405d5a17 0

578c503a45386ff7 dgram 0 0 0 578c503a38c88ba7 0 578c503a45386a7f

578c503a45386a7f dgram 0 0 0 578c503a38c88ba7 0 578c503a45385887

578c503a45385887 dgram 0 0 0 578c503a38c88ba7 0 578c503a405d69b7

578c503a405d530f dgram 0 0 0 578c503a405d643f 578c503a405d643f 0

578c503a405d643f dgram 0 0 0 578c503a405d530f 578c503a405d530f 0

578c503a405d69b7 dgram 0 0 0 578c503a38c88ba7 0 578c503a3d8d7d9f

578c503a405d5ec7 dgram 0 0 0 578c503a405d675f 578c503a405d675f 0

578c503a405d675f dgram 0 0 0 578c503a405d5ec7 578c503a405d5ec7 0

578c503a48f5a0bf dgram 0 0 0 578c503a48f5830f 578c503a48f5830f 0

578c503a48f5830f dgram 0 0 0 578c503a48f5a0bf 578c503a48f5a0bf 0

578c503a3d8d7d9f dgram 0 0 0 578c503a38c88ba7 0 578c503a48f583d7

578c503a3d8d6f8f dgram 0 0 0 578c503a3d8d67bf 578c503a3d8d67bf 0

578c503a3d8d67bf dgram 0 0 0 578c503a3d8d6f8f 578c503a3d8d6f8f 0

578c503a48f583d7 dgram 0 0 0 578c503a38c88ba7 0 578c503a48f57757

578c503a48f57757 dgram 0 0 0 578c503a38c88ba7 0 578c503a45384d97

578c503a45384d97 dgram 0 0 0 578c503a38c88ba7 0 578c503a45386c0f

578c503a4538517f dgram 0 0 0 578c503a453850b7 578c503a453850b7 0

578c503a453850b7 dgram 0 0 0 578c503a4538517f 578c503a4538517f 0

578c503a45386c0f dgram 0 0 0 578c503a38c88ba7 0 578c503a4538594f

578c503a4538594f dgram 0 0 0 578c503a38c88ba7 0 578c503a4538675f

578c503a4538675f dgram 0 0 0 578c503a38c88ba7 0 578c503a3d8d7a7f

578c503a3d8d7a7f dgram 0 0 0 578c503a38c88ba7 0 578c503a3d8d78ef

578c503a3d8d78ef dgram 0 0 0 578c503a38c88ba7 0 578c503a38c879af

578c503a38c879af dgram 0 0 0 578c503a38c88ba7 0 578c503a38c87a77

578c503a38c87a77 dgram 0 0 0 578c503a38c88ba7 0 578c503a38c89d9f

578c503a38c89d9f dgram 0 0 0 578c503a38c88ba7 0 578c503a38c8817f

578c503a38c87b3f dgram 0 0 0 578c503a38c89cd7 578c503a38c89cd7 0

578c503a38c89cd7 dgram 0 0 0 578c503a38c87b3f 578c503a38c87b3f 0

578c503a38c8817f dgram 0 0 0 578c503a38c88ba7 0 578c503a38c8975f

578c503a38c89c0f dgram 0 0 0 578c503a38c895cf 578c503a38c895cf 0

578c503a38c895cf dgram 0 0 0 578c503a38c89c0f 578c503a38c89c0f 0

578c503a38c8975f dgram 0 0 0 578c503a38c88ba7 0 578c503a38c87fef

578c503a38c87fef dgram 0 0 0 578c503a38c88ba7 0 578c503a38c89b47

578c503a38c89b47 dgram 0 0 0 578c503a38c88ba7 0 578c503a38c87f27

578c503a38c87f27 dgram 0 0 0 578c503a38c88ba7 0 578c503a38c89377

578c503a38c899b7 dgram 0 0 0 578c503a38c87ccf 578c503a38c87ccf 0

578c503a38c87ccf dgram 0 0 0 578c503a38c899b7 578c503a38c899b7 0

578c503a38c89507 dgram 0 0 0 578c503a38c8830f 578c503a38c8830f 0

578c503a38c8830f dgram 0 0 0 578c503a38c89507 578c503a38c89507 0

578c503a38c89377 dgram 0 0 0 578c503a38c88ba7 0 578c503a38c88adf

578c503a38c892af dgram 0 0 0 578c503a38c883d7 578c503a38c883d7 0

578c503a38c883d7 dgram 0 0 0 578c503a38c892af 578c503a38c892af 0

578c503a38c88adf dgram 0 0 0 578c503a38c88ba7 0 0

578c503a38c88ba7 dgram 0 0 578c503a38c6a767 0 578c503a405d73df 0 /private//var/run/syslog

Registered kernel control modules

id flags pcbcount rcvbuf sndbuf name

1 9 0 131072 131072 com.apple.flow-divert

2 1 1 16384 2048 com.apple.nke.sockwall

3 9 0 524288 524288 com.apple.content-filter

4 9 0 8192 2048 com.apple.packet-mangler

5 1 3 65536 65536 com.apple.net.necp_control

6 1 10 65536 65536 com.apple.net.netagent

7 9 1 524288 524288 com.apple.net.utun_control

8 1 0 65536 65536 com.apple.net.ipsec_control

9 0 18 8192 2048 com.apple.netsrc

a 18 5 8192 2048 com.apple.network.statistics

b 5 0 8192 2048 com.apple.network.tcp_ccdebug

c 1 1 8192 2048 com.apple.network.advisory

Active kernel event sockets

Proto Recv-Q Send-Q vendor class subcla

kevt 0 0 1 6 1

kevt 0 0 1 1 7

kevt 0 0 1 1 1

kevt 0 0 1 1 11

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 1 2

kevt 0 0 1 6 1

kevt 0 0 1 1 10

kevt 0 0 1001 5 11

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 6 1

kevt 0 0 1 1 2

kevt 0 0 1 1 2

kevt 0 0 1 6 1

kevt 0 0 1 1 0

Active kernel control sockets

Proto Recv-Q Send-Q unit id name

kctl 0 0 1 2 com.apple.nke.sockwall

kctl 0 0 1 5 com.apple.net.necp_control

kctl 0 0 2 5 com.apple.net.necp_control

kctl 0 0 3 5 com.apple.net.necp_control

kctl 0 0 1 6 com.apple.net.netagent

kctl 0 0 2 6 com.apple.net.netagent

kctl 0 0 3 6 com.apple.net.netagent

kctl 0 0 4 6 com.apple.net.netagent

kctl 0 0 5 6 com.apple.net.netagent

kctl 0 0 6 6 com.apple.net.netagent

kctl 0 0 7 6 com.apple.net.netagent

kctl 0 0 8 6 com.apple.net.netagent

kctl 0 0 9 6 com.apple.net.netagent

kctl 0 0 10 6 com.apple.net.netagent

kctl 0 0 1 7 com.apple.net.utun_control

kctl 0 0 1 9 com.apple.netsrc

kctl 0 0 2 9 com.apple.netsrc

kctl 0 0 3 9 com.apple.netsrc

kctl 0 0 4 9 com.apple.netsrc

kctl 0 0 5 9 com.apple.netsrc

kctl 0 0 6 9 com.apple.netsrc

kctl 0 0 7 9 com.apple.netsrc

kctl 0 0 8 9 com.apple.netsrc

kctl 0 0 9 9 com.apple.netsrc

kctl 0 0 10 9 com.apple.netsrc

kctl 0 0 11 9 com.apple.netsrc

kctl 0 0 12 9 com.apple.netsrc

kctl 0 0 13 9 com.apple.netsrc

kctl 0 0 16 9 com.apple.netsrc

kctl 0 0 17 9 com.apple.netsrc

kctl 0 0 18 9 com.apple.netsrc

kctl 0 0 19 9 com.apple.netsrc

kctl 0 0 20 9 com.apple.netsrc

kctl 0 0 1 10 com.apple.network.statistics

kctl 0 0 2 10 com.apple.network.statistics

kctl 0 0 3 10 com.apple.network.statistics

kctl 0 0 4 10 com.apple.network.statistics

kctl 0 0 5 10 com.apple.network.statistics

kctl 0 0 1 12 com.apple.network.advisory

196819681968:~$

Reply
User profile for user: etresoft
etresoft
User level: Level 9
56,656 points

Feb 8, 2017 10:36 AM in response to kingrosa

Hello kingrosa,

You can't tell much from a low-level netstat. You definitely have some servers running, but those could be legitimate software you are using.


I wrote a little diagnostic program to help show what is actually running on your machine in the background. Download EtreCheck from http://www.etrecheck.com, run it, and paste the results here. EtreCheck is perfectly safe to run, does not ask for your password to install, and is signed with my Apple Developer ID.


If adware is installed, EtreCheck will help you remove it, although you may have to supply a password. If you aren’t comfortable with that, just post the EtreCheck report here and other helpers can tell you exactly what files need to be deleted and how to do so.


Disclaimer: Although EtreCheck is free, there are other links on my site that could give me some form of compensation, financial or otherwise.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,233 points

Feb 8, 2017 1:50 PM in response to kingrosa

I don't see anything obvious regarding a hack either.


With regard to your Adobe issues, it would appear that you no longer have the Adobe Application Manager folder in your /Applications/Utilities folder or else the link to it has become corrupted. If you are trying to uninstall an Adobe product, check with Adobe on the correct way to do so. If not then you need to re-install Adobe Creative Cloud and Premier Pro and perhaps Adobe Acrobat Reader DC.


Little Snitch was update to v3.7.3 a day or two ago, so make sure you have the update and have restarted after installation.

Reply
User profile for user: JimmyCMPIT
JimmyCMPIT
User level: Level 7
29,306 points

Feb 8, 2017 1:57 PM in response to MadMacs0

and the forums have had posts with users who thought AV was off or didn't know they had it running, so I suggested the possibility of the OP turning removing it to test.


Further investigation on ClamX's forums show the helper can be obtrusive in some circumstances.

[loaded] uk.co.canimaansoftware.ClamXavHelper.plist (2016-11-28) [Support]

[loaded] uk.co.canimaansoftware.ClamXavHelperUpdater.plist (2016-11-28) [Support]

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,233 points

Feb 8, 2017 2:05 PM in response to JimmyCMPIT

You can tell if Sentry is active by checking the user Login items for it.


Scheduled scans would have uk.co.canimaansoftware.clamxav.clamscan.plist and scheduled updates would show uk.co.canimaansoftware.clamxav.freshclam.plist in the user's LaunchAgent folder.


I am an admin for the ClamXav forum and don't recall responding to any reports of obstruction. Can you point me to one?


I know that some ask what they are for, but I'm unaware of any issues with them. The first just allows the user to take action on anything that was found without having to repeatedly enter their admin password and the second will automatically offer to remove the ClamXav engine if the user drags the ClamXav app to the Trash Can. They are totally passive otherwise.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

help please! worried about hack

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up