https://discussions.apple.com/thread/4243511
Step 1
Copy or drag — do not type — the line below into the Terminal window, then press return:
kextstat -kl | awk ‘!/com\.apple/{printf “%s %s\n”, $6, $7}’
Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.) You can omit the final line ending in “$”.
Step 2
Repeat with this line:
sudo launchctl list | sed 1d | awk ‘!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}’
This time, you’ll be prompted for your login password, which won’t be displayed when you type it. You may get a one-time warning not to screw up. You don’t need to post the warning.
Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.
Step 3
launchctl list | sed 1d | awk ‘!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}’
Step 4
ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null
Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.
Step 5
osascript -e ‘tell application “System Events” to get name of every login item’ 2> /dev/null
Remember, steps 1-5 are all drag-and-drop or copy-and-paste, whichever you prefer — no typing, except your password. Also remember to post the output.