remote sharing/hacked

Trying to track down how my computer is hacked and my screen is being remotely shared. All of my screen sharing settings have always been off, and my firewall is always set to the highest level of security.

I ran ps -A | grep Remote in terminal and here are the results:

Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds

MacBook-Air:~ time$ sudo ps -A | grep Remote

7236 ?? 0:03.64 /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted

7934 ?? 0:00.18 /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoteagen t

10061 ?? 0:00.03 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

14665 ttys000 0:00.01 grep Remote

MacBook-Air:~ time$

sh-3.2# ps -A | grep Remote

69 ?? 0:00.20 /System/Library/PrivateFrameworks/MediaRemote.framework/Support/mediaremoted

384 ?? 0:00.10 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

386 ?? 0:00.03 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

387 ?? 0:00.10 /System/Library/PrivateFrameworks/IMFoundation.framework/XPCServices/IMRemoteUR LConnectionAgent.xpc/Contents/MacOS/IMRemoteURLConnectionAgent

572 ?? 0:00.43 /System/Library/PrivateFrameworks/LocalAuthenticationUI.framework/Versions/A/XP CServices/localAuthenticationRemoteService.xpc/Contents/MacOS/localAuthenticati o nRemoteService

699 ttys000 0:00.01 grep Remote

also, as additional information, when checking screen sharing in terminal

MacBook-Air:~ time$ [[ -f /etc/com.apple.screensharing.agent.launchd ]] && echo 'enabled' || echo 'disabled'

The reply is that screensharing is enabled