I believe that I have a keylogger or some sort of spyware installed on my mac, please help!

I'm hoping someone will read this and see if something fishy is going on? I did the steps provided (Which were excellently posted! Easy to understand). Just have no clue beyond that.

An added note. We had someone on 8/13 make 3 fraudulent charges on our iTunes acct. We closed the acct. and only use gift cards now. In 12/13 we had another fraudulent charge from EETsac on our c.c. and had to be reissued a new credit card.

Maybe someone's on our computer? Thanks.

STEP 1:

com.eltima.ElmediaPlayer.kext (1.0)

STEP 2:

com.intego.BackupAssistant.daemon

com.eltima.ElmediaPlayer.daemon

com.adobe.SwitchBoard

com.adobe.fpsaud

STEP 3:

com.kodak.BonjourAgent

com.intego.backupassistant.agent

com.conduit.loader.Agent

com.adobe.CS5ServiceManager

com.yahoo.YahooContactSyncAgent

com.nchsoftware.expressinvoice.agent

com.kodak.KODAK

com.kodak.KODAK

com.kodak.KODAK

com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9

com.adobe.AAM.Scheduler-1.0

STEP 4:

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

Adobe AIR.framework

EWSMac.framework

NyxAudioAnalysis.framework

OnOneWidgets.framework

PluginManager.framework

TSLicense.framework

iTunesLibrary.framework

onOneToolbox.framework

/Library/Input Methods:

/Library/InputManagers:

CTLoader

/Library/Internet Plug-Ins:

.DS_Store

AdobePDFViewer.plugin

Disabled Plug-Ins

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

JavaAppletPlugin.plugin

Musicnotes.plugin

NP-PPC-Dir-Shockwave

Quartz Composer.webplugin

QuickTime Plugin.plugin

Scorch.plugin

Silverlight.plugin

Unity Web Player.plugin

Unused

flashplayer.xpt

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.CS5ServiceManager.plist

com.conduit.loader.agent.plist

com.intego.backupassistant.agent.plist

com.kodak.BonjourAgent.plist

/Library/LaunchDaemons:

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.apple.third_party_32b_kext_logger.plist

com.eltima.ElmediaPlayer.daemon.plist

com.intego.BackupAssistant.daemon.plist

/Library/PreferencePanes:

Flash Player.prefPane

Flip4Mac WMV.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

GBQLGenerator.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

ct_scripting.osax

/Library/Spotlight:

AppleWorks.mdimporter

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iWork.mdimporter

/Library/StartupItems:

Intego Backup Assistant

ProTec6b

/etc/mach_init.d:

dashboardadvisoryd.plist

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

com.adobe.SwitchBoard.monitor.plist

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

A BUNCH OF FONTS and this....

encodings.dir

fonts.dir

fonts.list

fonts.scale

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9.plist

com.kodak.KODAK AiO Annual Opt.plist

com.kodak.KODAK AiO Firmware Updater.plist

com.kodak.KODAK AiO Software Updater.plist

com.nchsoftware.expressinvoice.agent.plist

com.yahoo.YahooContactSyncAgent.plist

Library/PreferencePanes:

.DS_Store

Library/QuickTime:

STEP 5:

Safari, Dropbox

joandja as has already been noted numerous times in this ancient thread you need to start your own Discussion. It's only by chance that I happened to read this one. Most of its qualified participants may no longer be subscribed to it.

The Conduit Community Toolbar spyware is installed on your Mac. While it alone does not explain any fraudulent account activity it is garbage you probably you do not want, and you will require specific instructions for getting rid of it. To ensure you do, please start your own Discussion.

Start with this page:

https://discussions.apple.com/community/mac_os

Navigate to your OS X version, then click the "Start a Discussion" link near the upper right under Actions.

Thank you John! I had already deleted Conduit Community Toolbar but only for the reason I was irked it came up each time Safari was up. After doing a bit more research it looks like I should remove a few more files.

Hello,

I'm having the same problem, can anyone help me and see if I have any keylogger or spyware in my computer?

Last login: Fri Feb 14 00:19:23 on ttys000

edsons-mbp:~ edsonyazejy$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

com.manycamllc.driver.ManyCamDriver (0.0.9)

edsons-mbp:~ edsonyazejy$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.teamviewer.service

com.parallels.mobile.kextloader.launchdaemon

com.parallels.mobile.dispatcher.launchdaemon

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.adobe.fpsaud

edsons-mbp:~ edsonyazejy$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.microsoft.Excel.27840

com.adobe.Reader.23440

com.wondershare.helper_compact.63568

com.nike.nikeplusconnect

com.parallels.mobile.startgui.launchagent

com.goacemjobhmmbdlbbfjgifjcojdfnjfm.updater

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

edsons-mbp:~ edsonyazejy$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

EWSMac.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

AdobePDFViewerNPAPI.plugin

Default Browser.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.nike.nikeplusconnect.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.parallels.mobile.dispatcher.launchdaemon.plist

com.parallels.mobile.kextloader.launchdaemon.plist

com.teamviewer.teamviewer_service.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

OSXFUSE.prefPane

/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleAVCIntraCodec.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleProResCodec.component

DVCPROHDCodec.component

FCP Uncompressed 422.component

IMXCodec.component

ManyCamVDig_RGB.component

ManyCamVDig_YCbCr.component

/Library/ScriptingAdditions:

Ignitor.osax

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

.DS_Store

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

HARRP___.TTF

HPOTTER.TTF

LUMOS.TTF

MagicSchoolOne.ttf

MagicSchoolTwo.ttf

Library/Frameworks:

EWSMac.framework

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

.DS_Store

com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist

com.goacemjobhmmbdlbbfjgifjcojdfnjfm.updater.plist

com.parallels.mobile.startgui.launchagent.plist

Library/PreferencePanes:

Library/Services:

.localized

edsons-mbp:~ edsonyazejy$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, SmartDaemon, Dropbox, AdobeResourceSynchronizer, Wondershare Helper Compact

edsons-mbp:~ edsonyazejy$

THANK YOU

Re-install Mac OS X if you feel someone has backdoor access. It will be easier to reinstall the OS. And you can't be certian what services are legit or have backdoors themselves.. Backup all personal data then Delete the OS and Re-install. Run Little Snitch and keep up with outgoing connections for a little while. Install a virus scanner and scan your fresh install of Mac OS X.

rickbeacham wrote:

Re-install Mac OS X if you feel someone has backdoor access. It will be easier to reinstall the OS.

That will do nothing to remove a keylogger.

Install a virus scanner and scan your fresh install of Mac OS X.

If one suspects a keylogger or other malware has been installed but does not know how to go about eliminating it, a complete system erasure followed by installing OS X and one's essential software will eliminate all doubt. Keyloggers aren't viruses and there is no product that can possibly detect every variant of one that may exist. Installing a "virus scanner" will do nothing beneficial and is far more likely to cause unrelated problems.

If one suspects a keylogger or other malware has been installed but does not know how to go about eliminating it, a complete system erasure followed by installing OS X and one's essential software will eliminate all doubt.

That is exactly what i said. Delete the OS and re-install. Maybe i should have neen clearer and said "delete everything on the harddrive..

Install a virus scanner and scan your fresh install of Mac OS X.

Yes, some viruses/malware are able to save data on other partitions. Yes mac os x has its own virus protection but so does microsoft. I would then remove the virus scanner after the threat is removed or not found since they use resources and can slow down your system .I'm not sure how a virus scanner will cause problems worse then the ones they are having. Its just eleminating a potentional attack vector.

If you are still having problems. Install linux 🙂. Use VMware to run linux or use a live CD or USB(safer). Make sure its read only. This way when making credit card payments you will be safe.

Hi there Linc,

I too am in the same boat, and was wondering if you would so kind as to take a peek at my results and let me know if there is anything suspicious or if I have a keylogger. I followed all of your instructions, and will post the text after this short note. THANK YOU so much, if you have the time to look at it.

Kindest regards,

Crystal

-

Last login: Sat Mar 1 13:46:36 on console

localhost:~ crystal$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

1. com.paceap.kext.pacesupport.snowleopard (5.7.2)
2. com.digidesign.iokit.DigiDal (9.0.3f4)
3. com.Apogee.driver.DuetFWOverideDriver (1.4.4)
4. com.Cycling74.driver.Soundflower (1.6.2)

localhost:~ crystal$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

1. com.paceap.pacesupport
2. com.spotflux.Spotflux
3. com.paceap.eden.licensed
4. com.hidden.daemon
5. com.google.keystone.daemon
6. com.duetDaemon.plist
7. com.digidesign.fwfamily.helper
8. com.adobe.versioncueCS4
9. com.adobe.fpsaud

localhost:~ crystal$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

1. com.google.keystone.system.agent
2. com.frontierdesign.tranzport.daemon
3. com.adobe.CS4ServiceManager
4. com.yahoo.YahooContactSyncAgent
5. com.nchsoftware.reflect.agent
6. com.divx.agent.postinstall
7. com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9
8. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae

localhost:~ crystal$

localhost:~ crystal$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

1. AECore.framework
2. AFnd.framework

Adobe AIR.framework

1. ArcCon.framework
2. CFnd.framework
3. Compressor.framework
4. DAE.framework
5. DFW.framework
6. DHS.framework
7. DSI.framework
8. DSPManager.framework
9. DSPPublishing.framework
10. DUI.framework
11. DigiPlatformSupport.framework
12. DigiStreamManager.framework
13. DigidesignFWDriver.framework
14. DirectIO.framework

DivX Toolkit.framework

1. FxPlug.framework
2. MediaServerAPI.framework
3. Motion.framework
4. NyxAudioAnalysis.framework
5. PluginManager.framework
6. ProFX.framework
7. ProMetadataSupport.framework
8. Qmaster.framework
9. TSLicense.framework
10. XSKey.framework
11. iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

1. AdobePDFViewer.plugin
2. AdobePDFViewerNPAPI.plugin

AmazonMP3DownloaderPlugin.plugin

DivXBrowserPlugin.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

Google Earth Web Plug-in.plugin

JavaAppletPlugin.plugin

NP-PPC-Dir-Shockwave

• OVSHelper.plugin
• OfficeLiveBrowserPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

1. Silverlight.plugin
2. flashplayer.xpt
3. googletalkbrowserplugin.plugin
4. iPhotoPhotocast.plugin
5. npContributeMac.bundle

npgtpo3dautoplugin.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin

/Library/Internet Plug-Ins (Disabled):

Flash Player.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

1. com.adobe.CS4ServiceManager.plist
2. com.frontierdesign.tranzport.daemon.plist
3. com.google.keystone.agent.plist

/Library/LaunchDaemons:

1. PACESupport.plist
2. com.DuetDaemon.plist
3. com.adobe.fpsaud.plist
4. com.adobe.versioncueCS4.plist
5. com.apple.aelwriter.plist
6. com.apple.qmaster.qmasterd.plist
7. com.apple.third_party_32b_kext_logger.plist
8. com.digidesign.fwfamily.helper.plist
9. com.google.keystone.daemon.plist
10. com.hidden.daemon.plist
11. com.paceap.eden.licensed.plist
12. com.spotflux.Spotflux.plist

/Library/PreferencePanes:

Apple Qmaster.prefPane

DivX.prefPane

Flash Player.prefPane

Flip4Mac WMV.prefPane

Growl.prefPane

VersionCueCS4.prefPane

/Library/PrivilegedHelperTools:

1. com.spotflux.Spotflux
2. licenseDaemon.app

/Library/QuickLook:

1. GBQLGenerator.qlgenerator
2. iWork.qlgenerator

/Library/QuickTime:

1. AppleAVCIntraCodec.component
2. AppleHDVCodec.component
3. AppleIntermediateCodec.component

AppleMPEG2Codec.component

1. AppleProResCodec.component
2. DVCPROHDCodec.component
3. DVCPROHDMuxer.component
4. DVCPROHDVideoDigitizer.component
5. DVCPROHDVideoOutput.component
6. DVCPROHDVideoOutputClock.component
7. DVCPROHDVideoOutputCodec.component
8. DesktopVideoOut.component

DivX Decoder.component

DivX Encoder.component

FCP Uncompressed 422.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

1. IMXCodec.component
2. LiveType.component
3. Motion.component
4. PanasonicAVCCAMImporter.component
5. SoundboothScoreCodec.component
6. iChatTheaterPreview.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

1. AppleWorks.mdimporter
2. GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iWork.mdimporter

/Library/StartupItems:

DigidesignLoader

PACESupport

/etc/mach_init.d:

dashboardadvisoryd.plist

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

com.adobe.versioncueCS4.monitor.plist

Library/Address Book Plug-Ins:

AdiumAddressBookAction_AIM.scpt

AdiumAddressBookAction_ICQ.scpt

AdiumAddressBookAction_Jabber.scpt

AdiumAddressBookAction_MSN.scpt

AdiumAddressBookAction_SMS.scpt

AdiumAddressBookAction_Yahoo.scpt

1. SkypeABDialer.bundle
2. SkypeABSMS.bundle

Library/Fonts:

Belwe_Mono_Plain.ttf

Caviar Dreams Bold.ttf

CaviarDreams.ttf

CaviarDreams_BoldItalic.ttf

CaviarDreams_Italic.ttf

WendyLPStd-Medium.otf

Library/Frameworks:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Aspera Web 3.1.2.72265.plugin

BrowserPlus_2.9.8.plugin

CitrixOnlineWebDeploymentPlugin.plugin

OctoshapeWeb.plugin

fbplugin_1_0_3.plugin

Library/Keyboard Layouts:

Library/LaunchAgents:

1. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
2. com.adobe.ARM.930da3ce175de4e82bd3cdf1dd8571f74bd3b6a7236bc94bfc00f6e9.plist
3. com.divx.agent.postinstall.plist
4. com.nchsoftware.reflect.agent.plist
5. com.yahoo.YahooContactSyncAgent.plist

Library/PreferencePanes:

.2Q42TU49FV7VSGGC

.localized

1. BrowserPlusPrefs.prefPane
2. Growl.prefPane
3. MusicManager.prefPane

localhost:~ crystal$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

TomTomHOMERunner, Jumpcut, Music Manager, BitTorrent, Dropbox, ConnectService, DuetPopUp

localhost:~ crystal$

Can someone check mine out too please? I don't know too awful much about computers, but I ran the steps and here's what I came up with:

Password:

Sorry, try again.

Password:

com.mcafee.virusscan.fmpd

com.mcafee.ssm.ScanManager

com.adobe.fpsaud

-macbook-pro-2:~ Max$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

jp.co.canon.cijscannerregister.4784

com.adobe.PDApp.AAMUpdatesNotifier.44208.0F49F9FA-2C85-455B-94D3-F0A2E74EE2A9

com.skype.skype.16752

com.hp.productresearch.5312

com.thursby.pkard.tokendagent

com.mcafee.reporter

com.mcafee.menulet

com.hp.help.tocgenerator

com.google.keystone.user.agent

com.adobe.AAM.Scheduler-1.0

macbook-pro-2:~ Max$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AVEngine.framework

AudioMixEngine.framework

HPSmartPrint.framework

MacFUSE.framework

MacScanner.framework

NyxAudioAnalysis.framework

PluginManager.framework

ScanBooster.framework

Snapfish.framework

VirusScanPreferences.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AmazonMP3DownloaderPlugin101750.plugin

CouponPrinter-FireFox_v2.plugin

CouponPrinter-Safari.webplugin

Default Browser.plugin

Flash Player.plugin

OfficeLiveBrowserPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SiteAdvisor.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Internet Plug-Ins (Disabled):

Flash Player.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.hp.help.tocgenerator.plist

com.mcafee.menulet.plist

com.mcafee.reporter.plist

com.thursby.pkard.tokendagent.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.mcafee.ssm.ScanManager.plist

com.mcafee.virusscan.fmpd.plist

/Library/PreferencePanes:

Flash Player.prefPane

MacFUSE.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleAVCIntraCodec.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleProResCodec.component

DVCPROHDCodec.component

FCP Uncompressed 422.component

IMXCodec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

PKard

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

YMsgrCallABPlugin.bundle

YMsgrMsnABPlugin.bundle

YMsgrSmsABPlugin.bundle

YMsgrYimABPlugin.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.apple.FolderActions.enabled.plist

com.apple.FolderActions.folders.plist

com.google.keystone.agent.plist

Library/PreferencePanes:

Library/Services:

.localized

-macbook-pro-2:~ Max$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

Skype, HP Product Research, HPEventHandler

-macbook-pro-2:~ Max$

It all looks good to me, but like I said I don't know too much about it. I have a crazy ex and I want to make sure she's still not stalking me lol. Thanks!

Folks, please stop posting this output here! These are not helpful.

First of all, there's really no reliable way to determine whether you have a keylogger or other remote access tool installed. A knowledgeable user may be able to identify certain specific malicious programs from this output, but if nothing suspicious is seen, that really means nothing at all. There could still be something there.

Secondly, posting here is not an effective way of getting help. The knowledgeable people here are no longer responding on this topic. Linc Davis said it best here.

Wow, thank you for alerting us to this Thomas. It's almost hard to believe after reading the post you just shared that people STILL are specifically asking direct requests of him - *after* he just specifically asked them not to. At least in this case, we (unknowing/ignorant of the proper site ettiquette) saw someone get help on something and so asked for the same, but on the other article, the FIRST post is him explaining why he isn't responding to this one, how the site is supposed to work and what they should do to go about getting a response, should they still need one. People are either stupid or just selfish. I can't figure out which.

Anyways, apologies for the faux pas, and thanks for alerting me to the proper process.

Cheers,

Crystal

@ MadMacs0 and @andyBall_uk

Thank you guys so much for the help as well as to everyone else. My ex-wife admited to putting them on my computer. I have learned many lessons thru this, and thank you all for your time and advice.

Cheers

Same to me here. Don't know for sure, hope someone can help me with the output underneath, following steps 1 - 4

Output after step 1:

com.Cycling74.driver.Soundflower (1.6.6)$

Output after step 2:

org.tcpdump.chmod_bpf

com.oracle.java.Helper-Tool

com.adobe.fpsaud$

Output after step 3:

de.novamedia.VMCStatusMenue.10592

com.oracle.java.Java-Updater

com.spotify.webhelper

com.google.keystone.user.agent

com.divx.agent.postinstall$

Output after step 4:

/Library/Components:

/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

DivX Toolkit.framework

NMDeviceObserver.framework

NMGsmKit.framework

NMNetCore.framework

NMNetWorker.framework

NMRegistrationCore.framework

NMStatistics.framework

NyxAudioAnalysis.framework

PluginManager.framework

gsm_device_tools.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Becon.plugin

Default Browser.plugin

DivXBrowserPlugin.plugin

Flash Player.plugin

JavaAppletPlugin.plugin

OVSHelper.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.oracle.java.Java-Updater.plist

de.novamedia.VodafoneDeviceObserver.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.oracle.java.Helper-Tool.plist

org.tcpdump.chmod_bpf.plist

/Library/PreferencePanes:

DivX.prefPane

Flash Player.prefPane

JavaControlPanel.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

ChmodBPF

Sudochmod

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

.DS_Store

Becon.plugin

Google Earth Web Plug-in.plugin

Library/Keyboard Layouts:

Library/LaunchAgents:

.DS_Store

com.divx.agent.postinstall.plist

com.google.keystone.agent.plist

com.spotify.webhelper.plist

Library/PreferencePanes:

Perian.prefPane

Library/QuickTime:

AC3MovieImport.component

Perian.component

Library/Services:

.localized

Output after step 5:

iTunesHelper, Dropbox, VMCStatusMenu, Vodafone Mobile Broadband

This is the output I receive. Would be great if anyone can help me on this. Analyzing this data is too complex for me (unfortunaltely), but I trust on the community support.

Thanks!

I think we've all been duped and apple didnt even see it, that "flashplayer.xpt " is the winner it's an executable script from the browser it's been in there waiting for awhile now and its attaching to all your framework files or better yet replacing them this is a rough one boys we need and the worst part is, I think its been sitting to long to matter now

Okay, thanks Commander Smackaho. But I guess that "flashplayer.xpt" is not a keylogger or spyware in another sense. Or should I be aware of..?