Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

I believe that I have a keylogger or some sort of spyware installed on my mac, please help!

I have many reasons to believe that my ex boyfriend installed a keylogger or spyware on my macbook. I have done a lot of research and cannot find the answers that I am looking for. I have taken a screenshot of my activity monitor in hopes that someone can let me know if anything looks suspicious. It appears fine to me, although I am confidant that I something is installed and being used regularly to snoop and creep my every move on my computer, please help me, any advice would be helpful. As a footnote I have installed macscan and completed a scan and it came up with nothing... I am not being paranoid my ex has basically confirmed my suspicions.




User uploaded file

MacBook Pro, Mac OS X (10.6.8)

Posted on Aug 26, 2012 6:41 PM

Reply
Question marked as Best reply

Posted on Aug 26, 2012 8:05 PM

Please read this whole message before doing anything.


The following procedure will help whether your system has been modified. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.


These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.


Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.


Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then either copy or drag it. The headings “Step 1” and so on are not part of the commands.


Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.


Launch the Terminal application in any of the following ways:


☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


☞ Open LaunchPad. Click Utilities, then Terminal in the page that opens.


When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.


Step 1


Copy or drag — do not type — the line below into the Terminal window, then press return:


kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'


Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.) You can omit the final line ending in “$”.


Step 2


Repeat with this line:


sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'


This time, you'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning.


Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.


Step 3


launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'


Step 4


ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null


Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.


Step 5


osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null


Remember, steps 1-5 are all drag-and-drop or copy-and-paste, whichever you prefer — no typing, except your password. Also remember to post the output.


You can then quit Terminal.

136 replies

Feb 20, 2013 1:55 AM in response to meltymax

Hi there,

Thank you for posting these instructions. Have previously found software such as Jumi-cam on my PC laptop and another similar app on my Ipad which my ex installed to remotely access my webcam and desktop. I am just concerned that my Mac may have a keylogger as my email accounts and facebook (which I have now deleted) have been logged into by someone who knew my password even tho I had changed my password twice.

I appreciate you taking the time to look at these results if you can,

Thank you in advance! 😍



Last login: Wed Feb 20 09:25:12 on ttys000

MyName-MacBook-Pro-15:~ MyName$ sh

sh-3.2$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

sh-3.2$

sh-3.2$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

Sorry, try again.

Password:

com.leapfrog.connect.shell

com.adobe.SwitchBoard

com.adobe.fpsaud

sh-3.2$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.adobe.CS5ServiceManager

com.google.keystone.user.agent

com.adobe.AAM.Scheduler-1.0

sh-3.2$

sh-3.2$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:



/Library/Extensions:



/Library/Frameworks:

Adobe AIR.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework



/Library/Input Methods:



/Library/Internet Plug-Ins:

Flash Player.plugin

JavaAppletPlugin.plugin

NP-PPC-Dir-Shockwave

Quartz Composer.webplugin

QuickTime Plugin.plugin

Silverlight.plugin

flashplayer.xpt

iPhotoPhotocast.plugin

npContributeMac.bundle

nsIQTScriptablePlugin.xpt



/Library/Internet Plug-Ins (Disabled):

Flash Player.plugin



/Library/Keyboard Layouts:



/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.CS5ServiceManager.plist



/Library/LaunchDaemons:

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.leapfrog.connect.shell.plist



/Library/PreferencePanes:

Flash Player.prefPane

Growl.prefPane



/Library/PrivilegedHelperTools:

com.leapfrog.connect.shell



/Library/QuickLook:

iWork.qlgenerator



/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

SoundboothScoreCodec.component



/Library/ScriptingAdditions:

Adobe Unit Types.osax



/Library/Spotlight:

AppleWorks.mdimporter

Microsoft Office.mdimporter

iWork.mdimporter



/Library/StartupItems:



/etc/mach_init.d:

dashboardadvisoryd.plist



/etc/mach_init_per_login_session.d:



/etc/mach_init_per_user.d:

com.adobe.SwitchBoard.monitor.plist



Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle



Library/Fonts:

DamaskDings1.ttf

Sanford-0103_demo.ttf



Library/Input Methods:

.localized



Library/Internet Plug-Ins:



Library/Keyboard Layouts:



Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.google.keystone.agent.plist



Library/PreferencePanes:

sh-3.2$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Monitor

sh-3.2$

sh-3.2$

Feb 21, 2013 7:15 PM in response to rrahimi

Hi rrahimi - since you were able to spot the spyware for meltymax, I was wondering - do you see anything obviously amiss with my output? I also have reason to believe someone installed monitoring software on my computer:


com.anchorfree.tun (1.0.1)


net.sourceforge.MonolingualHelper

net.openvpn.client

com.anchorfree.ajaxserver

com.adobe.fpsaud


com.spotify.webhelper

com.google.keystone.user.agent


/Library/Components:


/Library/Extensions:


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

PrivateTunnel.framework

Python.framework

iLifeFaceRecognition.framework

iLifeKit.framework

iLifePageLayout.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

flashplayer.xpt

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt


/Library/Internet Plug-Ins (Disabled):

Flash Player.plugin


/Library/Keyboard Layouts:


/Library/LaunchAgents:


/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.anchorfree.ajaxserver.plist

com.apple.remotepairtool.plist

net.openvpn.client.plist

net.sourceforge.MonolingualHelper.plist

org.eyebeam.SelfControl.plist


/Library/PreferencePanes:

Flash Player.prefPane


/Library/PrivilegedHelperTools:

net.sourceforge.MonolingualHelper

org.eyebeam.SelfControl

scheckup


/Library/QuickLook:

GBQLGenerator.qlgenerator

iWork.qlgenerator


/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component


/Library/ScriptingAdditions:


/Library/Spotlight:

GBSpotlightImporter.mdimporter

LogicPro.mdimporter

Microsoft Office.mdimporter

iWork.mdimporter


/Library/StartupItems:


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:


Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle


Library/Fonts:


Library/Frameworks:

EWSMac.framework


Library/Input Methods:

.localized


Library/Internet Plug-Ins:

Google Earth Web Plug-in.plugin


Library/Keyboard Layouts:


Library/LaunchAgents:

com.apple.AddressBook.ScheduledSync.ABExchangeSource.DE24DC9B-61F5-4662-9845-F58 A03391D21.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.8F5677FC-4A57-4F58-A519-803 3306E4127.plist

com.google.keystone.agent.plist

com.spotify.webhelper.plist


Dropbox, PrivateTunnel Tray, Hotspot Shield

Feb 22, 2013 5:25 AM in response to Linc Davis

Hi there,

Have posted the results from the instructions you gave to determine any keyloggers or spyware on my Mac. Would really appreciate any feedback as I am growing more and more concerned for my safety as my ex seems to know where I'll be and when and turns up at places and times he couldn't possibly have found out through any other means.

Thank you in advance 😐

Feb 22, 2013 7:58 AM in response to Linc Davis

If you have time, please review my outuput.


Step 1

After command:

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'



at.obdev.nke.LittleSnitch (3894)

com.intego.Family-Protector.safe-boot (1145)

com.globaldelight.driver.BoomDevice (1.1)

com.Cycling74.driver.Soundflower (1.5.1)

com.radiosilenceapp.nke.filter (1)

com.radiosilenceapp.nke.PrivateEye (1)

com.intego.netbarrier.kext.monitor (480)

com.intego.netbarrier.kext.process (480)

com.intego.netbarrier.kext.network (480)

com.intego.virusbarrier.kext.realtime (476)

com.intego.Family-Protector.extension (1145)

foo.tun (1.0)

foo.tap (1.0)

com.zeobit.kext.Firewall (2.3.1)



Step 2

After command:

sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'



com.intego.virusbarrier.daemon.realtime

org.macosforge.xquartz.privileged_startx

net.openvpn.client

net.conceited.RubbernetDaemon

com.zeobit.MacKeeper.AntiVirus

com.stclairsoft.AppTamerAgent

com.radiosilenceapp.nke.PrivateEye

com.radiosilenceapp.nke

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.intego.washingmachine.daemon

com.intego.virusbarrier.daemon.scanner

com.intego.virusbarrier.daemon

com.intego.virusbarrier.daemon.logger

com.intego.PersonalBackup.daemon

com.intego.netupdate.daemon

com.intego.netbarrier.daemon

com.intego.netbarrier.daemon.monitor

com.intego.netbarrier.daemon.logger

com.intego.Family-Protector.daemon

com.intego.commonservices.metrics.kschecker

com.intego.commonservices.icalserver

com.intego.commonservices.daemon.taskmanager

com.intego.commonservices.daemon.integod

com.delantis.TCPBlock

com.chungwasoft.shimo.helper

com.barebones.authd

com.adobe.SwitchBoard

com.adobe.fpsaud

at.obdev.littlesnitchd



Step 3

After command:

launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'



com.c-command.SpamSieve.LaunchAgent

com.dayoneapp.dayone-agent

J8RPQ294UB.com.skitch.SkitchHelper

org.macosforge.xquartz.startx

org.gpgtools.Libmacgpg.xpc

com.oracle.java.Java-Updater

com.maintain.SystemEvents

com.intego.virusbarrier.alert

com.intego.personalbackup.agent

com.intego.netupdate.agent

com.intego.netbarrier.alert

com.intego.Family-Protector.agent

com.intego.commonservices.uninstaller

com.intego.commonservices.taskmanager

com.intego.commonservices.integomenu

at.obdev.LittleSnitchUIAgent

com.zeobit.MacKeeper.Helper

com.macpaw.CleanMyMac.volumeWatcher

com.macpaw.CleanMyMac.trashSizeWatcher

com.macpaw.CleanMyMac.helperTool

com.erikhinterbichler.HeraldLaunchAgent

com.divx.agent.postinstall

com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

ca.madefresh.BodegaAgent

ca.indev.MailTagsHelper



Step 4

After command:

ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null



/Library/Components:

XiphQT.component


/Library/Extensions:


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AquaticPrime.framework

AudioMixEngine.framework

DivX Toolkit.framework

EWSMac.framework

IntegoiCalFramework.framework

NetUpdateShared.framework

NyxAudioAnalysis.framework

PluginManager.framework

PrivateTunnel.framework

XSKey.framework

iLifeFaceRecognition.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/InputManagers:

Ecamm


/Library/Intego:

.contentbarrier_info

.isb6_info

Family Protector.bundle

IM_ObjectiveMetrics.framework

Intego Uninstaller.app

IntegoiCalServer

TaskManager

commonservices.bundle

im_helper_tool

im_ks_tool

integod

netbarrier.bundle

netupdated.bundle

personalbackupd.bundle

virusbarrier.bundle

washingmachined.bundle


/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

DivXBrowserPlugin.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

MeetingJoinPlugin.plugin

OVSHelper.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

googletalkbrowserplugin.plugin

huludesktop.webplugin

npgtpo3dautoplugin.plugin

nsIQTScriptablePlugin.xpt


/Library/Keyboard Layouts:


/Library/LaunchAgents:

at.obdev.LittleSnitchUIAgent.plist

com.adobe.AAM.Updater-1.0.plist

com.intego.Family-Protector.agent.plist

com.intego.commonservices.integomenu.plist

com.intego.commonservices.taskmanager.plist

com.intego.commonservices.uninstaller.plist

com.intego.netbarrier.alert.plist

com.intego.netupdate.agent.plist

com.intego.personalbackup.agent.plist

com.intego.virusbarrier.alert.plist

com.maintain.PurgeInactiveMemory.plist

com.maintain.SystemEvents.plist

com.oracle.java.Java-Updater.plist

org.gpgtools.Libmacgpg.xpc.plist

org.macosforge.xquartz.startx.plist


/Library/LaunchDaemons:

at.obdev.littlesnitchd.plist

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.apple.aelwriter.plist

com.barebones.authd.plist

com.chungwasoft.shimo.helper.plist

com.delantis.TCPBlock.plist

com.intego.Family-Protector.daemon.plist

com.intego.PersonalBackup.daemon.plist

com.intego.commonservices.daemon.integod.plist

com.intego.commonservices.daemon.taskmanager.plist

com.intego.commonservices.icalserver.plist

com.intego.commonservices.metrics.kschecker.plist

com.intego.netbarrier.daemon.logger.plist

com.intego.netbarrier.daemon.monitor.plist

com.intego.netbarrier.daemon.plist

com.intego.netupdate.daemon.plist

com.intego.virusbarrier.daemon.logger.plist

com.intego.virusbarrier.daemon.plist

com.intego.virusbarrier.daemon.scanner.plist

com.intego.washingmachine.daemon.plist

com.maintain.CocktailScheduler.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.radiosilenceapp.nke.PrivateEye.plist

com.radiosilenceapp.nke.plist

com.stclairsoft.AppTamerAgent.plist

com.zeobit.MacKeeper.AntiVirus.plist

net.conceited.RubbernetDaemon.plist

net.openvpn.client.plist

org.macosforge.xquartz.privileged_startx.plist


/Library/Mail/Bundles:

GPGMail.mailbundle


/Library/PreferencePanes:

Flash Player.prefPane

Hosts.prefPane

JavaControlPanel.prefPane

LinkLiar.prefPane

MultiBrowser.prefPane

Perian.prefPane


/Library/PrivilegedHelperTools:

NetUpdateAgent.app

com.barebones.authd

com.chungwasoft.shimo.helper

com.delantis.TCPBlock

com.intego.washingmachine

com.microsoft.office.licensing.helper

com.stclairsoft.AppTamerAgent

net.conceited.RubbernetDaemon


/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator


/Library/QuickTime:

AC3MovieImport.component

AppleAVCIntraCodec.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleProResCodec.component

DVCPROHDCodec.component

DivX Decoder.component

DivX Encoder.component

FCP Uncompressed 422.component

IMXCodec.component

OggVorbis.component

Perian.component


/Library/ScriptingAdditions:

Adobe Unit Types.osax

BartenderHelper.osax

TotalFinder.osax

TotalSpaces.osax


/Library/Services:

GPGServices.service


/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter


/Library/StartupItems:


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:

com.adobe.SwitchBoard.monitor.plist


Library/Address Book Plug-Ins:

AdiumAddressBookAction_AIM.scpt

AdiumAddressBookAction_ICQ.scpt

AdiumAddressBookAction_Jabber.scpt

AdiumAddressBookAction_MSN.scpt

AdiumAddressBookAction_SMS.scpt

AdiumAddressBookAction_Yahoo.scpt

SkypeABDialer.bundle

SkypeABSMS.bundle

YMsgrCallABPlugin.bundle

YMsgrMsnABPlugin.bundle

YMsgrSmsABPlugin.bundle

YMsgrYimABPlugin.bundle


Library/Fonts:

[redacted by me given that the list is very long]


Library/Frameworks:

EWSMac-GC.framework

EWSMac.framework


Library/Input Methods:

.localized


Library/Internet Accounts:

V1


Library/Internet Plug-Ins:

RealPlayer Plugin.plugin


Library/Keyboard Layouts:


Library/LaunchAgents:

ca.indev.MailTagsHelper.agent.plist

ca.madefresh.BodegaAgent.plist

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist

com.apple.AddressBook.ScheduledSync.ABExchangeSource.3DB3EB15-8390-4287-BF79-85D 8F15074D7.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.66DBA429-98A8-421A-8C9C-8F1 6E294AF66.plist

com.c-command.SpamSieve.LaunchAgent.plist

com.divx.agent.postinstall.plist

com.erikhinterbichler.HeraldLaunchAgent.plist

com.macpaw.CleanMyMac.helperTool.plist

com.macpaw.CleanMyMac.trashSizeWatcher.plist

com.macpaw.CleanMyMac.volumeWatcher.plist

com.zeobit.MacKeeper.Helper.plist


Library/Mail/Bundles:

.DS_Store

Herald.mailbundle

MailTags.mailbundle

SpamSieve.mailbundle


Library/PreferencePanes:

Archives.prefPane


Library/Services:

ENService.app


Library/Spotlight:

EndNote.mdimporter



Step 5

After command:

osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null



Flux, iTunesHelper, iCleanMemory, Bartender, App Tamer, Clyppan, eXtra Voice Recorder, Overflow, PrivateTunnel Tray, Sparrow, TotalFinder, Cookie, OpenDNS Updater, Time Sink

Feb 22, 2013 8:07 AM in response to MsLeeSatchell

I don't mean to alarm you, but, if your ex is still finding you, also consider the possibility that he could have tapped your phone or your home. But before you consider those possibilities, try staying offline for a few days (about a week if possible) and see if he still seems to know where you are. If he does, then he hasn't only tapped into your computer. Of course, this is after removing any keyloggers. If after removing them he continues to discover your whereabouts, then try staying offline for a while as a test. Best of luck.

Mar 17, 2013 12:54 PM in response to Linc Davis

I ran the command above and i have no idea what they mean i ran across sba_ListenerAgent.Plist and net nanny which i am aware is on my comp but what exactly is sba_listner?I am posting my results pls help thankyou!

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

BackRow.framework

EWSMac.framework

NyxAudioAnalysis.framework

PluginManager.framework

iPhotoAccess.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt


/Library/Keyboard Layouts:


/Library/LaunchAgents:

SBA_ListenerAgent.plist

com.adobe.AAM.Updater-1.0.plist

com.contentwatch.NetNanny.agent.plist


/Library/LaunchDaemons:

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.apple.remotepairtool.plist

com.cleverfiles.cfbackd.plist

com.contentwatch.NetNanny.daemon.plist

com.microsoft.office.licensing.helper.plist

com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist


/Library/PreferencePanes:

Flash Player.prefPane


/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper


/Library/QuickLook:

iWork.qlgenerator


/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component


/Library/ScriptingAdditions:

Adobe Unit Types.osax


/Library/Spotlight:

Microsoft Office.mdimporter

iWork.mdimporter


/Library/StartupItems:

NetNanny


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:

com.adobe.SwitchBoard.monitor.plist


Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle


Library/Fonts:

MAELS___.TTF


Library/Frameworks:

EWSMac.framework


Library/Input Methods:

.localized


Library/Internet Plug-Ins:

doubleTwistWebPlugin.bundle


Library/Keyboard Layouts:


Library/LaunchAgents:

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.C0FB4FC2-260B-4B66-9269-B70 199AACDAA.plist

com.apple.CSConfigDotMacCert-marshad10@me.com-SharedServices.Agent.plist


Library/PreferencePanes:

Perian.prefPane


Library/QuickTime:

AC3MovieImport.component

Perian.component


Library/Services:

ToastIt.service

Thes-iMac:~ thecomputer$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, KGShareApp

Thes-iMac:~ thecomputer$

Thes-iMac:~ thecomputer$

Mar 24, 2013 6:43 AM in response to meltymax

Hi -- Same Problem here, too...

Can anyone check my process and let me know if I have spyware installed on my imac?

Thank you.



Last login: Sat Sep 29 09:27:03 on ttys001

Last login: Sun Mar 24 09:27:46 on console

ool-182fabae:~ Amanda$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

ool-182fabae:~ Amanda$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'


WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.


To proceed, enter your password, or type Ctrl-C to abort.


Password:


ool-182fabae:~ Amanda$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

ool-182fabae:~ Amanda$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'


WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.


To proceed, enter your password, or type Ctrl-C to abort.


Password:

com.adobe.versioncueCS4

com.adobe.versioncueCS3

com.adobe.SwitchBoard

com.adobe.fpsaud

ool-182fabae:~ Amanda$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.wacom.wacomtablet

com.adobe.CS5ServiceManager

com.adobe.CS4ServiceManager

com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9

com.adobe.AAM.Scheduler-1.0

ool-182fabae:~ Amanda$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle


/Library/Components:


/Library/Extensions:


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

HPDeviceModel.framework

HPPml.framework

HPServicesInterface.framework

HPSmartPrint.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

Disabled Plug-Ins

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

Silverlight.plugin

WacomNetscape.plugin

WacomSafari.plugin

flashplayer.xpt

iPhotoPhotocast.plugin

npContributeMac.bundle

nsIQTScriptablePlugin.xpt


/Library/Keyboard Layouts:


/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.CS4ServiceManager.plist

com.adobe.CS5ServiceManager.plist

com.wacom.wacomtablet.plist


/Library/LaunchDaemons:

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.adobe.versioncueCS3.plist

com.adobe.versioncueCS4.plist

com.apple.remotepairtool.plist


/Library/PreferencePanes:

Flash Player.prefPane

Growl.prefPane

HP Scanners.prefPane

VersionCueCS3.prefPane

VersionCueCS4.prefPane

WacomTablet.prefPane


/Library/PrivilegedHelperTools:


/Library/QuickLook:

GBQLGenerator.qlgenerator

iWork.qlgenerator


/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

SoundboothScoreCodec.component


/Library/ScriptingAdditions:

Adobe Unit Types.osax


/Library/Spotlight:

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iWork.mdimporter


/Library/StartupItems:


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:

Mar 24, 2013 9:26 PM in response to meltymax

Can someone please help he too. here is what i got.......


Last login: Sun Mar 24 21:26:14 on ttys000

unknownd8a25e91a94f:~ ericolson$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

at.obdev.nke.LittleSnitch (3908)

unknownd8a25e91a94f:~ ericolson$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.adobe.fpsaud

at.obdev.littlesnitchd

unknownd8a25e91a94f:~ ericolson$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

at.obdev.LittleSnitchUIAgent

unknownd8a25e91a94f:~ ericolson$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:


/Library/Extensions:


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

EWSMac.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

Flash Player.plugin

QuickTime Plugin.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt


/Library/Internet Plug-Ins (Disabled):

Flash Player.plugin


/Library/Keyboard Layouts:


/Library/LaunchAgents:

at.obdev.LittleSnitchUIAgent.plist


/Library/LaunchDaemons:

at.obdev.littlesnitchd.plist

com.adobe.fpsaud.plist


/Library/PreferencePanes:

Flash Player.prefPane


/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper


/Library/QuickLook:


/Library/QuickTime:


/Library/ScriptingAdditions:


/Library/Spotlight:


/Library/StartupItems:


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:


Library/Address Book Plug-Ins:


Library/Fonts:


Library/Frameworks:

EWSMac.framework


Library/Input Methods:

.localized


Library/Internet Plug-Ins:

Google Earth Web Plug-in.plugin


Library/Keyboard Layouts:


Library/LaunchAgents:


Library/PreferencePanes:

unknownd8a25e91a94f:~ ericolson$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Microsoft Database Daemon, HP Product Research

unknownd8a25e91a94f:~ ericolson$

Jun 4, 2013 6:06 PM in response to meltymax

here is my output, any keyloggers?



Last login: Tue Jun 4 11:34:37 on console

localhost:~ ryanwalker$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6,

> sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

-bash: syntax error near unexpected token `apple'

localhost:~ ryanwalker$

localhost:~ ryanwalker$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'



WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.



To proceed, enter your password, or type Ctrl-C to abort.



Password:

Sorry, try again.

Password:

com.sharpcast.xfsmond

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.adobe.fpsaud

localhost:~ ryanwalker$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.google.Chrome.framework.service_process/Users/ryanwalker/Library/Application _Support/Google/Chrome

com.fiplab.MemoryCleanHelper

org.chromium.chromoting

com.oracle.java.Java-Updater

com.google.keystone.system.agent

com.google.GoogleContactSyncAgent

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

localhost:~ ryanwalker$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:



/Library/Extensions:



/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

MacFUSE.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

iTunesLibrary.framework



/Library/Input Methods:



/Library/Internet Plug-Ins:

AdobeAAMDetect.plugin

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

SlingPlayer.plugin

flashplayer.xpt

googletalkbrowserplugin.plugin

npgtpo3dautoplugin.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin



/Library/Keyboard Layouts:



/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.google.keystone.agent.plist

com.oracle.java.Java-Updater.plist

org.chromium.chromoting.plist



/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.google.keystone.daemon.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.sharpcast.xfsmond.plist



/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

OSXFUSE.prefPane

org.chromium.chromoting.prefPane



/Library/PrivilegedHelperTools:

Google Drive Icon Helper

com.microsoft.office.licensing.helper

org.chromium.chromoting.json

org.chromium.chromoting.me2me.sh

org.chromium.chromoting.me2me_enabled

org.chromium.chromoting.me2me_host.app



/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator



/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component



/Library/ScriptingAdditions:



/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter



/Library/StartupItems:



/etc/mach_init.d:



/etc/mach_init_per_login_session.d:



/etc/mach_init_per_user.d:



Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle



Library/Fonts:



Library/Frameworks:

SamsungKiesFoundation.framework

SamsungKiesSerialPort.framework



Library/Input Methods:

.localized



Library/Internet Plug-Ins:

Google Earth Web Plug-in.plugin

Picasa.plugin



Library/Keyboard Layouts:



Library/LaunchAgents:

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.83D16311-079C-45FD-BD0D-60B C216776F3.plist

com.google.Chrome.framework.plist

com.google.GoogleContactSyncAgent.plist



Library/PreferencePanes:

MusicManager.prefPane

localhost:~ ryanwalker$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Google Drive, Dropbox, LivedriveCore, Music Manager, Google Chrome, LivedriveCore, SugarSync, fuspredownloader

Jun 15, 2013 7:12 AM in response to Linc Davis

I ran the steps above....I had previously downloaded kaspersky...so no worries there...these were my results...If someone had downloaded spyware to my mac and then removed it would that show up?


Last login: Sat Jun 15 06:11:03 on console

kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

com.kaspersky.kext.klif (3.0.0d23)

com.kaspersky.nke (1.0.1d41)

com.jft.driver.PdaNetDrv (1.0.64)

com.kaspersky.kext.kimul.38 (38)

520-mbp-02:~ cjones$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

Sorry, try again.

Password:

com.jft.PdaNetMac

com.promethean.activhardwareservice

com.microsoft.office.licensing.helper

com.kaspersky.kav

com.adobe.fpsaud

$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.promethean.activmgr

com.kaspersky.kav.gui

com.zeobit.MacKeeper.Helper

520-mbp-02:~ cjones$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.promethean.activmgr

com.kaspersky.kav.gui

com.zeobit.MacKeeper.Helper


I obviously deleted my name and computer name......So would something that was downloaded and then removed show up here or would all traces be clear...?

Jul 15, 2013 4:46 PM in response to Linc Davis

Hey Linc,


When you can spare a few min can you look this over for me? I'm going to through a divorce and things seam a bit fishy. There should be one normal keyloggerfor that when I hit the back space key that corasponds to the back arrow in my browser near the end of this post I'll just copy the text out of the app and paste it back here. It doesn't record passwords nor does it send my info to anyone else (I hope!).


I put your steps in bold and the output is in plain text.


Thanks in advanced and please let me know if there is a way I can repay you for the service!


kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

com.oxsemi.driver.OxsemiDeviceType00 (1.28.13)

at.obdev.nke.LittleSnitch (3932)

com.asix.driver.ax88179_178a (1.3.0)

com.LaCie.ScsiType00 (1.2.13)

com.BT.kext.bpkkext (1.0.0)

com.displaylink.driver.DisplayLinkDriver (1.7)

com.parallels.kext.prl_usb_connect (7.0

com.parallels.kext.prl_hypervisor (7.0

com.parallels.kext.prl_hid_hook (7.0

com.parallels.kext.prl_netbridge (7.0

com.parallels.kext.prl_vnic (7.0

com.github.osxfuse.filesystems.osxfusefs (2.6.0)

Black-Book-108:~ Old_blackbook$


Black-Book-108:~ Old_blackbook$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

com.agilebits.onepassword-osx-thumbs

com.parallels.vm.prl_naptd

com.syniumsoftware.CleanAppDaemon

com.parallels.desktop.launchdaemon

com.microsoft.office.licensing.helper

com.micromat.TechToolProDaemon

com.google.keystone.daemon

com.displaylink.displaylinkmanager

com.adobe.SwitchBoard

com.adobe.fpsaud

com.absolute.rpcnet

com.absolute.rpcgeo

at.obdev.littlesnitchd

Black-Book-108:~ Old_blackbook$



Black-Book-108:~ Old_blackbook$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.dayoneapp.dayone-agent

com.fiplab.clipboardhelper

com.joeworkman.mac.ClimateHelper

com.agilebits.onepassword-osx-helper

com.thursby.pkard.tokendagent

com.parallels.vm.prl_pcproxy

com.parallels.DesktopControlAgent

com.parallels.desktop.client.launch

com.micromat.TechToolProAgent

com.lacie.eventsactions.launcher.agent

com.google.keystone.system.agent

com.displaylink.useragent

com.BT.BPK

com.amazon.sendtokindle.launcher

at.obdev.LittleSnitchUIAgent

com.google.Chrome.framework.service_process/Users/Old_blackbook/Library/Applicat ion_Support/Google/Chrome

com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

com.adobe.ARM.031ead678131651e32346abaaf859369f569f63bac6112fd126a5660



Black-Book-108:~ Old_blackbook$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:


/Library/Extensions:


/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

EWSMac.framework

Inventoryx86.framework

MacFUSE.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

Sysinfo.framework

TSLicense.framework

geo.framework

iTunesLibrary.framework

wceprv.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

AdobeAAMDetect.plugin

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

DirectorShockwave.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

WebClient.plugin

flashplayer.xpt

googletalkbrowserplugin.plugin

npgtpo3dautoplugin.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin


/Library/Keyboard Layouts:


/Library/LaunchAgents:

at.obdev.LittleSnitchUIAgent.plist

com.BT.BPK.plist

com.adobe.AAM.Updater-1.0.plist

com.amazon.sendtokindle.launcher.plist

com.displaylink.useragent-prelogin.plist

com.displaylink.useragent.plist

com.google.keystone.agent.plist

com.lacie.eventsactions.launcher.agent.plist

com.micromat.TechToolProAgent.plist

com.parallels.DesktopControlAgent.plist

com.parallels.desktop.launch.plist

com.parallels.vm.prl_pcproxy.plist

com.thursby.pkard.tokendagent.plist


/Library/LaunchDaemons:

at.obdev.littlesnitchd.plist

com.absolute.rpcgeo.plist

com.absolute.rpcnet.plist

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.displaylink.displaylinkmanager.plist

com.displaylink.usbnivolistener.plist

com.google.keystone.daemon.plist

com.micromat.TechToolProDaemon.plist

com.microsoft.office.licensing.helper.plist

com.parallels.desktop.launchdaemon.plist

com.syniumsoftware.CleanAppDaemon.plist


/Library/PreferencePanes:

CleanApp Logging Service.prefPane

Flash Player.prefPane

Flip4Mac WMV.prefPane

HyperDock.prefpane

OSXFUSE.prefPane

TechTool Protection.prefPane


/Library/PrivilegedHelperTools:

DisplayLink

com.microsoft.office.licensing.helper


/Library/QuickLook:

ParallelsQL.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator


/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component


/Library/ScriptingAdditions:

Adobe Unit Types.osax

BXDockPlugin.osax


/Library/Spotlight:

Microsoft Office.mdimporter

ParallelsMD.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter


/Library/StartupItems:

PKard


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:


Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

YMsgrCallABPlugin.bundle

YMsgrMsnABPlugin.bundle

YMsgrSmsABPlugin.bundle

YMsgrYimABPlugin.bundle


Library/Fonts:


Library/Frameworks:

EWSMac.framework


Library/Input Methods:

.localized


Library/Internet Plug-Ins:

CitrixOnlineWebDeploymentPlugin.plugin

Picasa.plugin


Library/Keyboard Layouts:


Library/LaunchAgents:

com.adobe.ARM.031ead678131651e32346abaaf859369f569f63bac6112fd126a5660.plist

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.F940DCE7-790C-4149-8C3E-3CC 8849882C8.plist

com.apple.FolderActions.enabled.plist

com.apple.FolderActions.folders.plist

com.google.Chrome.framework.plist


Library/PreferencePanes:


Library/Services:

.DS_Store

SymbolicLinker.service

Toggle Hidden Files.workflow

Black-Book-108:~ Old_blackbook$


Black-Book-108:~ Old_blackbook$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Quicksilver, Spark Daemon, Dropbox, HyperDock Helper, Google Chrome, Things Helper, BackTrackBA

Jul 19, 2013 8:20 PM in response to meltymax

Hi can someone tell me if anything is on my comp? the name nathan is my ex he set up my comp. please and thank you!!!!


Last login: Fri Jul 19 01:06:41 on ttys000

Samaras-MacBook-Pro:~ nathan$

Last login: Sat Jul 20 12:22:52 on console

Samaras-MacBook-Pro:~ nathan$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Samaras-MacBook-Pro:~ nathan$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'


WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.



To proceed, enter your password, or type Ctrl-C to abort.



Password:

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.adobe.SwitchBoard

com.adobe.fpsaud

Samaras-MacBook-Pro:~ nathan$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

jp.buffalo.NASPower

com.oracle.java.Java-Updater

com.brother.LOGINserver

com.adobe.CS5ServiceManager

com.google.keystone.user.agent

com.facebook.videochat.nathan.updater

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

com.adobe.AAM.Scheduler-1.0

Samaras-MacBook-Pro:~ nathan$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:



/Library/Extensions:



/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework



/Library/Input Methods:



/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt



/Library/Keyboard Layouts:



/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.CS5ServiceManager.plist

com.brother.LOGINserver.plist

com.oracle.java.Java-Updater.plist

jp.buffalo.NASPower.plist

jp.buffalo.NASPower_pla.plist



/Library/LaunchDaemons:

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist



/Library/PreferencePanes:

Flash Player.prefPane

Growl.prefPane

JavaControlPanel.prefPane



/Library/PrivilegedHelperTools:

NasNavigator2.app

com.microsoft.office.licensing.helper



/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator



/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component



/Library/ScriptingAdditions:

Adobe Unit Types.osax



/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter



/Library/StartupItems:



/etc/mach_init.d:



/etc/mach_init_per_login_session.d:



/etc/mach_init_per_user.d:



Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle



Library/Fonts:



Library/Input Methods:

.localized



Library/Internet Plug-Ins:

CitrixOnlineWebDeploymentPlugin.plugin

FacebookVideoCalling.bundle



Library/Keyboard Layouts:



Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.29FF86E4-AC72-4B39-9144-559 952919309.plist

com.apple.CSConfigDotMacCert-nathan@me.com-SharedServices.Agent.plist

com.facebook.videochat.nathan.plist

com.google.keystone.agent.plist



Library/PreferencePanes:

Samaras-MacBook-Pro:~ nathan$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

Microsoft Database Daemon, iTunesHelper, Dropbox

Samaras-MacBook-Pro:~ nathan$

I believe that I have a keylogger or some sort of spyware installed on my mac, please help!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.