You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: meltymax
meltymax Author
User level: Level 1
9 points

I believe that I have a keylogger or some sort of spyware installed on my mac, please help!

I have many reasons to believe that my ex boyfriend installed a keylogger or spyware on my macbook. I have done a lot of research and cannot find the answers that I am looking for. I have taken a screenshot of my activity monitor in hopes that someone can let me know if anything looks suspicious. It appears fine to me, although I am confidant that I something is installed and being used regularly to snoop and creep my every move on my computer, please help me, any advice would be helpful. As a footnote I have installed macscan and completed a scan and it came up with nothing... I am not being paranoid my ex has basically confirmed my suspicions.




User uploaded file

MacBook Pro, Mac OS X (10.6.8)

Posted on Aug 26, 2012 6:41 PM

Reply
Question marked as Top-ranking reply
User profile for user: Linc Davis
Linc Davis
User level: Level 10
209,649 points

Posted on Aug 26, 2012 8:05 PM

Please read this whole message before doing anything.


The following procedure will help whether your system has been modified. Don’t be alarmed by the complexity of these instructions — they’re easy to carry out and won’t change anything on your Mac.


These steps are to be taken while booted in “normal” mode, not in safe mode. If you’re now running in safe mode, reboot as usual before continuing.


Below are instructions to enter some UNIX shell commands. The commands are harmless, but they must be entered exactly as given in order to work. If you have doubts about the safety of the procedure suggested here, search this site for other discussions in which it’s been followed without any report of ill effects.


Some of the commands will line-wrap or scroll in your browser, but each one is really just a single line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, and you can then either copy or drag it. The headings “Step 1” and so on are not part of the commands.


Note: If you have more than one user account, Step 2 must be taken as an administrator. Ordinarily that would be the user created automatically when you booted the system for the first time. The other steps should be taken as the user who has the problem, if different. Most personal Macs have only one user, and in that case this paragraph doesn’t apply.


Launch the Terminal application in any of the following ways:


☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)


☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.


☞ Open LaunchPad. Click Utilities, then Terminal in the page that opens.


When you launch Terminal, a text window will open with a line already in it, ending either in a dollar sign (“$”) or a percent sign (“%”). If you get the percent sign, enter “sh” and press return. You should then get a new line ending in a dollar sign.


Step 1


Copy or drag — do not type — the line below into the Terminal window, then press return:


kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'


Post the lines of output (if any) that appear below what you just entered (the text, please, not a screenshot.) You can omit the final line ending in “$”.


Step 2


Repeat with this line:


sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfix|x)/{print $3}'


This time, you'll be prompted for your login password, which won't be displayed when you type it. You may get a one-time warning not to screw up. You don't need to post the warning.


Note: If you don’t have a login password, you’ll need to set one before taking this step. If that’s not possible, skip to the next step.


Step 3


launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'


Step 4


ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta}* L*/Fonts 2> /dev/null


Important: If you formerly synchronized with a MobileMe account, your me.com email address may appear in the output of the above command. If so, anonymize it before posting.


Step 5


osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null


Remember, steps 1-5 are all drag-and-drop or copy-and-paste, whichever you prefer — no typing, except your password. Also remember to post the output.


You can then quit Terminal.

View in context
136 replies
User profile for user: stevejobsfan0123
stevejobsfan0123
User level: Level 9
54,442 points

Jul 20, 2013 3:29 PM in response to apple505

I'm nowhere near as experienced as Linc Davis as far as interpreting the outputs, but I can tell you one thing for sure:


pittershawn


at.obdev.nke.LittleSnitch (3894)

com.intego.virusbarrier.kext.realtime (476)

com.zeobit.kext.Firewall (2.3.1)

com.intego.virusbarrier.daemon

com.zeobit.MacKeeper.AntiVirus

at.obdev.littlesnitchd

com.zeobit.MacKeeper.Helper


You have A LOT of bloatware installed. Definitely uninstall MacKeeper. I didn't paste all of the appropriate lines above, but... you have a lot of anti-virus, dude! You don't need any! Mac AV is bloatware. Give ClamXav a try if you require anti-virus. You definitely don't need/want multiple anti-virus programs installed. I see that you have VirusBarrier, MacKeeper, Little Snitch, etc.


redoironman10


com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist

Again, MacKeeper needs to go.


eolson1968


at.obdev.nke.LittleSnitch (3908)

at.obdev.littlesnitchd

at.obdev.LittleSnitchUIAgent

at.obdev.littlesnitchd.plist

Not as bad as MacKeeper, but again, just bloatware.


apple505


com.kaspersky.kext.klif (3.0.0d23)

com.kaspersky.nke (1.0.1d41)

com.kaspersky.kav

com.zeobit.MacKeeper.Helper


Again, not a good idea to have multiple AV programs installed. MacKeeper needs to go, Kaspersky's junk as well.



I know the reason you all install such programs is probably because you are terrified of getting keyloggers and use these programs to protect you. However, I think that many AV software vendors simply do not understand the Mac operating system, and think that they can take their code for Windows and slap it into an OS X version. MacKeeper is simply a scam: https://discussions.apple.com/docs/DOC-3691, and others are known for false positives, or not catching actual malware/keyloggers.


There aren't many good AV programs out there, but try ClamXav or Sophos. Again, though, you probably won't see great benefit from such software. Apple has their own technologies integrated into the OS like XProtect and GateKeeper.


Also see: http://reedcorner.net/mmg/

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,227 points

Jul 20, 2013 5:27 PM in response to stevejobsfan0123

stevejobsfan0123 wrote:


There aren't many good AV programs out there, but try ClamXav or Sophos.

I know for certain that ClamXav won't detect any keyloggers and I doubt that Sophos will, either. The reason is because almost all A-V software is designed to find malware and by far the majority of spyware applications are commercial or hack software that serve legitimate purposes, requiring physical access to the computer for installation.


The only app that specializes in this area that I'm aware of is MacScan from SecureMac. Unfortunately it has a couple of well know deficiencies. It tends to give false alarms, so you need to be certain that it has correctly identified anything it finds or risk crippling another app or even the OS. It also failed miserably in Thomas Reed's malware testing (see MacScan disappoints), so I would not recommend it be used in that capacity.

Reply
User profile for user: andyBall_uk
andyBall_uk
User level: Level 7
20,516 points

Jul 28, 2013 5:28 AM in response to mark00thomas

>>Andy, how could you tell that was on my computer?


com.BT.kext.bpkkext & similar lines...

I don't know wceprv.framework - anyone else does ? (maybe it was part of BPK)


Mark - someone had full access to your computer, enough to install the first, and presumably you've no reason to think that they stopped with BPK... Nothing prevents such a person from installing things with innocent or recognised names, so viewing a list isn't enough when the intent may be malicious.


You should consider this : backup your data twice, then erase & reinstall, selectively importing just your user files, no apps or add-ons; & changing all passwords/security questions/even email addresses associated with accounts where possible.


I'd also suggest starting a new thread of your own for further questions.

Reply
User profile for user: Yagra
Yagra
User level: Level 1
0 points

Jul 29, 2013 10:20 AM in response to meltymax

I have this question too. My emails and twitter account were compromised. Often I have to change passwords. So who's using my passwords and how do thye know? My Mac seems slow and grinding the gears.


I followed your steps for terminal and got this result. There is a long list of fonts included for some reason. At the very bottom I noted this :

'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Kodak EasyShare Wireless Listener, AdobeResourceSynchronizer, SPanel


Anything suspicious on this list that I must remove? If so how? Your recoomendations are highly appreciated. Edith


kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'



sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'


ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null


osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null



RESULST 7.28.13


Last login: Mon Jul 29 11:45:09 on console

You have mail.

71-88-35-31:~ edithreimers$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

71-88-35-31:~ edithreimers$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'


WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.


To proceed, enter your password, or type Ctrl-C to abort.


Password:

com.quark.quarkupdate

com.barebones.textwrangler

com.barebones.authd

com.adobe.SwitchBoard

com.adobe.fpsaud

71-88-35-31:~ edithreimers$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:


/Library/Extensions:


/Library/Frameworks:

Adobe AIR.framework

EWSMac.framework

KodakCMS.framework

LogoSync.framework

NyxAudioAnalysis.framework

PluginManager.framework

QuarkUpdateInterface.framework

TSLicense.framework

Xalan-c-cw9.framework

Xalan-c-xc.framework

Xerces-c-cw9.framework

Xerces-c-xc.framework

iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:

.DS_Store

AdobePDFViewer.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

JavaAppletPlugin.plugin

NP-PPC-Dir-Shockwave

Quartz Composer.webplugin

QuickTime Plugin.plugin

Scorch.plugin

Silverlight.plugin

flashplayer.xpt

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt


/Library/Keyboard Layouts:

Showtime.ttf


/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.quark.quarkupdate.agent.plist


/Library/LaunchDaemons:

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.barebones.authd.plist

com.barebones.textwrangler.plist

com.quark.quarkupdate.plist


/Library/PreferencePanes:

Flash Player.prefPane

Flip4Mac WMV.prefPane

QUPreferencePane.prefPane


/Library/PrivilegedHelperTools:

com.barebones.authd

com.barebones.textwrangler

com.quark.quarkupdate


/Library/QuickLook:

GBQLGenerator.qlgenerator

QuarkXPress.qlgenerator

iWork.qlgenerator


/Library/QuickTime:

.DS_Store

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

Flix Flv.component

Flix Swf.component


/Library/ScriptingAdditions:

Adobe Unit Types.osax

QXPScriptingAdditions.osax


/Library/Spotlight:

AppleWorks.mdimporter

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

QuarkXPress.mdimporter

iWeb.mdimporter

iWork.mdimporter


/Library/StartupItems:


/etc/mach_init.d:

dashboardadvisoryd.plist


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:

com.adobe.SwitchBoard.monitor.plist


Library/Address Book Plug-Ins:


Library/Fonts:

.DS_Store

2001 Adobe Font Collections

4YEOVAL_.TTF

ANIMALS2.TTF

AOASWFTE.TTF

ARBOF___.TTF

Abadi MT Condensed Extra Bold

Abadi MT Condensed Light

Advantage Book

AlphaGarden.ttf

Andale Mono

Apple Chancery

Apple LiGothic Medium.dfont

AppleGothic.dfont

AquaKanaBold.otf

AquaKanaRegular.otf

Arial

Arial Black

Arial Black copy

Arial Narrow

Arial Rounded Bold

BATBATS.TTF

Baskerville Old Face

Bauhaus 93

Beesk

Bell MT

Bernard MT Condensed

BernhModBol

Bernhard Modern Bold

BernhardModernStd-Bold.otf

BernhardModernStd-BoldIt.otf

BernhardModernStd-Italic.otf

BernhardModernStd-Roman.otf

BickhamScriptStd-Bold.otf

Book Antiqua

Bookman Old Style

Braggadocio

Britannic Bold

Brush Script

Butterfl.ttf

CRAFL___.TTF

CS Benwood.otf

Calisto MT

Candcu__.ttf

CantoMTLig

Cantoria 2 Light

Century

Century Gothic

Century Schoolbook

Christmas3.ttf

ChristmasDebbie.ttf

ChristmasLightsOutdoor.ttf

ChristmasTime.ttf

Colonna

Comic Sans MS

Cooper Black

Copperplate Gothic Bold

Copperplate Gothic Light

Courier.dfont

Culinary Art 2.ttf

Curlz MT

Desdemona

Edwardian Script ITC

Engravers MT

Equestrian by Darrian 2.ttf

Eurostile

FROSTY__.TTF

Font Pro 3-Designer's Type TTF

Food!.ttf

Footlight Light

GENAUTIC.TTF

Garamond

Georgia

Gill Sans Ultra Bold

GillSans.dfont

GillSansStd-BoldCondensed.otf

GillSansStd-Italic.otf

GillSansStd.otf

Gloucester MT Extra Condensed

Goudy Old Style

Haettenschweiler

Harrington

HelveLTMM

Helvetica LT MM

HeyValentine.ttf

Hoefler Text.dfont

ICHIGC__.TTF

ITC Beesknees

ITC Ozwald

Impact

Imprint MT Shadow

KAISG___.TTF

KOOLDING.TTF

KR All Sport.ttf

KR Eight Santas.ttf

KR Silver Spoons.ttf

KabelLTStd-Black.otf

KabelLTStd-Book.otf

KabelLTStd-Heavy.otf

KabelLTStd-Light.otf

KellyAnnGothic.ttf

Kino

KinoMT

LABYRINT 2.TTF

LABYRINT.TTF

LITTLELO.TTF

Lucida Blackletter

Lucida Bright

Lucida Calligraphy

Lucida Fax

Lucida Handwriting

Lucida Sans

Lucida Sans Typewriter

MT Extra

MTCORSVA.TTF

Magik.ttf

Majestic Bold

Matura Script Capitals

Medici Text.ttf

Missi

Missionary.SF

Mistral

Modern No. 20

Monotype Corsiva

Monotype Sorts

Moonstar.ttf

Murphys.ttf

News Gothic MT

OLDENGLT.TTF

Onyx

Ozwal

PEGASUS.TTF

PTVALENTINE.TTF

Palm Desktop Fonts

Paris

Parisian

Party LET Fonts

Perpetua Titling MT

Playbill

Rockwell

Rockwell Extra Bold

Rose.ttf

SARSAPAR.TTF

SEASG___.TTF

SUGAC___.TTF

Shatter LET Fonts

Showtime.ttf

Someone Special.ttf

Stencil

Stone Sans OS ITC TT

TT HolidayPi BT

Tahoma

Techno

Times LT MM

Times New Roman

Times.dfont

TimesLTMM

Trebuchet MS

Type Embellishmnt One LET

UniveRom

University Roman

University Roman Bold LET

VRINDA.TTF

ValentineHearts.ttf

Veggi_Terra.TTF

Verdana

WINPETS2.TTF

Wide Latin

Wingdings

Wingdings 2

Wingdings 3

WoodtypeOrnamentsStd.otf

XMASTYME.TTF

Xmas Clipart 2.ttf

Xmasclip.ttf

YEEHAW.TTF

ZapfDingbats.dfont

Zapfino.dfont

abctrain.ttf

carbon bl.ttf

carbon phyber.ttf

ck_jewels.ttf

fauxsnow.ttf

funfish_sg.ttf

jd_jessica.ttf

kr.TTF

riesling.ttf

sloop-scriptone.ttf

wm-christmas1.ttf

wm-christmas2.ttf

wm-christmas3.ttf

wm-food1.ttf

wm-food2.ttf


Library/Internet Plug-Ins:

.DS_Store

KickStartPlugIn64.plugin


Library/Keyboard Layouts:


Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.df0ab5bbe6f698196fcc21e3c1e66dcb758bd911f4d637272d9d8109.plist

com.apple.SafariBookmarksSyncer.plist

71-88-35-31:~ edithreimers$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Kodak EasyShare Wireless Listener, AdobeResourceSynchronizer, SPanel

71-88-35-31:~ edithreimers$

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,227 points

Jul 29, 2013 11:17 AM in response to Yagra

Yagra wrote:


I have this question too. My emails and twitter account were compromised. Often I have to change passwords. So who's using my passwords and how do thye know?

See Someone is sending messages from my e-mail address.

There is a long list of fonts included for some reason.

You seem to be using Page Layout software which normally come with their own font collections, so I'm not sure why you are surprised about that.

At the very bottom I noted this :

...

iTunesHelper, Kodak EasyShare Wireless Listener, AdobeResourceSynchronizer, SPanel

What's your question here? Is there something you don't recognize.


And while were at it, is there any software mentioned in the rest of the list that you don't use any more? Perhaps it was not properly removed. If so, that could be contributing to the slowness you are seeing. Software should always be removed by running an un-installer provided by the developer and not just by dragging the application to the trash.


Nothing jumps out at me from the list. You should be aware that in order for somebody to have installed a keylogger you would have had to give them physical access to the machine or shared access to it from your network. A-V software is not generally designed to detect them either since they are all commercial or hack software that has legitimate uses. The only one the specializes in that is MacScan from SecureMac and it has problems with false positives, so make certain that what it identifies is actually something you don't want before deleting it. It also isn't very good at identifying malware (MacScan disappoints).


This is a very old thread and you may notice that none of the folks who have posted to it lately have received any responses. If a day or two go by and you haven't heard from anybody else, consider re-posting it as a new topic and you will start to hear from folks.

Reply
User profile for user: Yagra
Yagra
User level: Level 1
0 points

Jul 29, 2013 2:32 PM in response to MadMacs0

Thank you very much for your time and for your input - much ease to my mind.


Great suggestion for removing inactive software. I was using the demo version of MacScan and they usully removed tracking cookies.


As for fonts, I purchase and share fonts. I use Quark, Adobe CS 5.5 for magazine layout and design. Sometimes a corrupt font will interfere with PDF output. Just can't tell by looking at them though.


I did not recognize:

Wireless Listener at the bottom

and

tell application "System Events" to get name of every login item'


No need to reply if they are OK. Thanks again.

Reply
User profile for user: MadMacs0
MadMacs0
User level: Level 5
5,227 points

Jul 29, 2013 4:05 PM in response to Yagra

Yagra wrote:


I purchase and share fonts. I use Quark, Adobe CS 5.5 for magazine layout and design. Sometimes a corrupt font will interfere with PDF output. Just can't tell by looking at them though.

  • Type Command-Space and begin typing "font book" without the quotes until that app is highlighted, then hit the return/enter key.
  • Select "All Fonts" from the left-hand column and then the first font listed in the right-hand column.
  • Select "Select All" from the Edit menu or type Command-A.
  • Now select "Validate Fonts" from the File menu and wait for it to finish.
  • That should tell you what you need to know.

I did not recognize:

Wireless Listener at the bottom

I believe the full name is "Kodak Easyshare Wireless Listener." My guess is this is a feature of a Kodak camera that you use to transfer pictures over your Wi-Fi system.

tell application "System Events" to get name of every login item'

That's part of what you pasted into Terminal to get a list of all the Login Items which you can find in System Preferences->Accounts->Login Items tab.

Reply
User profile for user: kidnemo
kidnemo
User level: Level 1
1 points

Aug 6, 2013 7:55 AM in response to meltymax

These are my results.. I'd hate to jump on the band wagon.. but a while ago I had a 'friend' install some software and I've reformatted... gotten a new drive... etc.. but I still think my information is being hacked.. If I check my network status it shows that I have double information going out than coming in. Maybe thats why my internet is **** slow. Any advice or anything you see here that jumps out at you as weird?


com.google.Chrome.framework.service_process/Users/jbook/Library/Application_Supp ort/Google/Chrome

com.kodak.BonjourAgent

com.gopro.stereomodestatus

com.adobe.AdobeCreativeCloud

com.nero.HSMMonitor

com.nds.pcshow.uninstall

com.nds.pcshow

com.kodak.StatisticCollection

com.kodak.KODAK

com.kodak.KODAK

com.google.keystone.user.agent

com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77

com.adobe.AAM.Scheduler-1.0

Juans-MacBook:~ jbook$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:



/Library/Extensions:



/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework



/Library/Input Methods:



/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

DirectorShockwave.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

webplugin.plugin



/Library/Keyboard Layouts:



/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.AdobeCreativeCloud.plist

com.gopro.stereomodestatus.plist

com.kodak.BonjourAgent.plist



/Library/LaunchDaemons:

com.adobe.fpsaud.plist



/Library/PreferencePanes:

Flash Player.prefPane



/Library/PrivilegedHelperTools:



/Library/QuickLook:

CC_QL.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator



/Library/QuickTime:

AppleAVCIntraCodec.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleProResCodec.component

CFHDCompressor.component

CFHDDecompressor.component

DVCPROHDCodec.component

FCP Uncompressed 422.component

IMXCodec.component



/Library/ScriptingAdditions:

Adobe Unit Types.osax



/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter



/Library/StartupItems:



/etc/mach_init.d:



/etc/mach_init_per_login_session.d:



/etc/mach_init_per_user.d:



Library/Fonts:



Library/Input Methods:

.localized



Library/Internet Plug-Ins:

PlayerPlugin.bundle



Library/Keyboard Layouts:



Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.0F88385D-8406-487D-AB74-36F D36F3AC15.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.954783AB-B69F-418E-A6FC-C24 01F6C0CE7.plist

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.B1991C43-91AC-4072-9945-A3A E609305F1.plist

com.google.Chrome.framework.plist

com.google.keystone.agent.plist

com.kodak.KODAK AiO Firmware Updater.plist

com.kodak.KODAK AiO Software Updater.plist

com.kodak.StatisticCollection.plist

com.nds.pcshow.plist

com.nds.pcshow.uninstall.plist

com.nero.HSMMonitor.plist



Library/PreferencePanes:

MusicManager.prefPane

Juans-MacBook:~ jbook$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper

Juans-MacBook:~ jbook$

Reply
User profile for user: NY Jetman
NY Jetman
User level: Level 1
0 points

Aug 19, 2013 11:23 AM in response to meltymax

I have the same problem and I'm 100% sure i have one. Do you see something I should be worried about? PLease help...


Part 1


com.rim.driver.BlackBerryUSBDriverInt (0.0.68)
com.AmbrosiaSW.AudioSupport (4.1.2)
com.kaspersky.kext.klif (3.0.0d23)
com.kaspersky.nke (1.0.2d43)
com.kaspersky.kext.kimul.44 (44)


Part 2


com.microsoft.office.licensing.helper
com.macpaw.CleanMyMac2.Agent
com.kaspersky.kav
com.cleverfiles.cfbackd
com.ambrosiasw.ambrosiaaudiosupporthelper.daemon
com.adobe.SwitchBoard
com.adobe.fpsaud


Part 3


com.wacom.pentablet
com.sierrawireless.SwitchTool
com.kaspersky.kav.gui
com.divx.update.agent
com.divx.dms.agent
com.adobe.AdobeCreativeCloud
com.microsoft.SyncServicesAgent
com.macpaw.CleanMyMac2Helper.trashWatcher
com.macpaw.CleanMyMac2Helper.scheduledScan
com.divx.agent.postinstall
com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77
com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae
com.adobe.AAM.Scheduler-1.0


Part 4


/Library/Components:


/Library/Extensions:


/Library/Frameworks:
AEProfiling.framework
AERegistration.framework
Adobe AIR.framework
AudioMixEngine.framework
DivX Toolkit.framework
EWSMac-GC.framework
EWSMac.framework
FxPlug.framework
HPDeviceModel.framework
HPPml.framework
HPServicesInterface.framework
HPSmartPrint.framework
MacFUSE.framework
NyxAudioAnalysis.framework
PluginManager.framework
ProFX.framework
ProMetadataSupport.framework
Python.framework
RIM_VSP.framework
RimBlackBerryUSB.framework
RubyCocoa.framework
TSLicense.framework
WacomMultiTouch.framework
XSKey.framework
iLifeFaceRecognition.framework
iLifeKit.framework
iLifePageLayout.framework
iLifeSQLAccess.framework
iLifeSlideshow.framework
iTunesLibrary.framework


/Library/Input Methods:


/Library/Internet Plug-Ins:
.DS_Store
AdobeAAMDetect.plugin
AdobePDFViewer.plugin
AdobePDFViewerNPAPI.plugin
CANONiMAGEGATEWAYDL.plugin
DivX Plus Web Player.plugin
Flash Player.plugin
Flip4Mac WMV Plugin.plugin
JavaAppletPlugin.plugin
OVSHelper.plugin
OfficeLiveBrowserPlugin.plugin
Quartz Composer.webplugin
QuickTime Plugin.plugin
RealPlayer Plugin.plugin
SharePointBrowserPlugin.plugin
SharePointWebKitPlugin.webplugin
Silverlight.plugin
SkyCaddiePlugIn.plugin
WacomNetscape.plugin
WacomSafari.plugin
ebldetect.bundle
flashplayer.xpt
iPhotoPhotocast.plugin
nsIQTScriptablePlugin.xpt


/Library/Keyboard Layouts:


/Library/LaunchAgents:
com.adobe.AAM.Updater-1.0.plist
com.adobe.AdobeCreativeCloud.plist
com.divx.dms.agent.plist
com.divx.update.agent.plist
com.kaspersky.kav.gui.plist
com.sierrawireless.SwitchTool.plist
com.wacom.pentablet.plist


/Library/LaunchDaemons:
com.adobe.SwitchBoard.plist
com.adobe.fpsaud.plist
com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist
com.apple.aelwriter.plist
com.cleverfiles.cfbackd.plist
com.kaspersky.kav.plist
com.macpaw.CleanMyMac2.Agent.plist
com.microsoft.office.licensing.helper.plist


/Library/PreferencePanes:
Flash Player.prefPane
Flip4Mac WMV.prefPane
MacFUSE.prefPane
PenTablet.prefPane


/Library/PrivilegedHelperTools:
com.macpaw.CleanMyMac2.Agent
com.microsoft.office.licensing.helper


/Library/QuickLook:
GBQLGenerator.qlgenerator
ParallelsQL.qlgenerator
iBooksAuthor.qlgenerator
iWork.qlgenerator


/Library/QuickTime:
AppleAVCIntraCodec.component
AppleHDVCodec.component
AppleIntermediateCodec.component
AppleMPEG2Codec.component
AppleProResCodec.component
CanonMJPEGAVI.component
CanonMJPEGAVIDec.component
CanonText.component
DVCPROHDCodec.component
DesktopVideoOut.component
DivX Decoder.component
DivX Encoder.component
FCP Uncompressed 422.component
Flip4Mac WMV Advanced.component
Flip4Mac WMV Export.component
Flip4Mac WMV Import.component
IMXCodec.component
LiveType.component


/Library/ScriptingAdditions:
Adobe Unit Types.osax


/Library/Spotlight:
GBSpotlightImporter.mdimporter
LogicPro.mdimporter
Microsoft Office.mdimporter
ParallelsMD.mdimporter
iBooksAuthor.mdimporter
iWork.mdimporter


/Library/StartupItems:
Jaksta
ParallelsDesktopTransporter


/etc/mach_init.d:


/etc/mach_init_per_login_session.d:


/etc/mach_init_per_user.d:
com.adobe.SwitchBoard.monitor.plist


Library/Address Book Plug-Ins:
.DS_Store
SkypeABDialer.bundle
SkypeABSMS.bundle
YMsgrCallABPlugin.bundle
YMsgrMsnABPlugin.bundle
YMsgrSmsABPlugin.bundle
YMsgrYimABPlugin.bundle


Library/Fonts:
.DS_Store


Library/Frameworks:
EWSMac-GC.framework
EWSMac.framework


Library/Input Methods:
.localized


Library/Internet Plug-Ins:
BrowserPlus_2.9.8.plugin
CitrixOnlineWebDeploymentPlugin.plugin
WebEx.plugin
WebEx64.plugin
fbplugin_1_0_3.plugin


Library/Keyboard Layouts:


Library/LaunchAgents:
.DS_Store
com.adobe.AAM.Updater-1.0.plist
com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
com.adobe.ARM.de23d1e3aa2d00ce38d73f10fcbdc8dcaaaf6be989610710a1ddda77.plist
com.divx.agent.postinstall.plist
com.macpaw.CleanMyMac.helperTool.plist
com.macpaw.CleanMyMac.trashSizeWatcher.plist
com.macpaw.CleanMyMac2Helper.scheduledScan.plist
com.macpaw.CleanMyMac2Helper.trashWatcher.plist
com.microsoft.LaunchAgent.SyncServicesAgent.plist


Library/PreferencePanes:
BrowserPlusPrefs.prefPane


Library/Services:
ToastIt.service


Part 5


EEventManager, RealPlayer Downloader Agent, Boingo Wi-Finder, EEventManager, BambooCore

Reply
User profile for user: PrfctGrl
PrfctGrl
User level: Level 1
0 points

Aug 21, 2013 8:16 AM in response to NY Jetman

Have you been experiencing slower performance on your Mac? If so, then it sounds more like a virus. Keyloggers are NOT viruses and this day in age technology is so advanced that it would not slow down your systems performance. Keyloggers are virtually undetectable unless you do a scan of the system. Unless you are handeling very sensitive and valuable information I do notsee why you would have a keylogger issue. Although designing them is trivial, installing them without being caught is hard. Has anyone had access to your Mac? Maybe a repair shop, or law enforcement? Law enforcement officials are notorious for installing keyloggers.Anytime they ask you "can we look through your computer or phone" always answer NO. They are not supposed to look in your computer and open files etc., right procedure is to power down the system and make a bit stream copy of the Hard Drive then return it to you, and you should present does not take long to do.Do you use a wireless or bluetooth kepboard by chance? I noticed from the info provided you have legitimate software on there , such Adoabe, a Pentablet which all come from legitimate sources. Maybe a roommate could have had access to your system? It is very difficult to "spy" on your computers activity without having had physical access to it at some point in time.

Reply

I believe that I have a keylogger or some sort of spyware installed on my mac, please help!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up