Q: I believe that I have a keylogger or some sort of spyware installed on my mac, please help!

Hi,

I ran the process that you outline for detecting monitoring software. I believe that I may have had it installed on my MBP by my ex partner before he moved out. Below are the results to the process outline in your prior response to another user.

Thank you,

Jonathan

Step 2 results

Step 3 results

Step 4 results

Step 5 results

Thanks for your help,

I have the same concerns. I ran the above and found this.... What is your opinion?

Last login: Fri Jun 13 12:55:50 on console

11:~ nathan$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

11:~ nathan$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}' 

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

Sorry, try again.

Password:

Sorry, try again.

Password:

com.adobe.fpsaud

11:~ nathan$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.spotify.webhelper

11:~ nathan$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

Silverlight.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.4C945EC0-8B8E-4BA0-9696-527 C607F6E6A.plist

com.spotify.webhelper.plist

Library/PreferencePanes:

11:~ nathan$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Spotify

11:~ nathan$

Hi,

My results are:

Last login: Fri Jul 11 22:34:12 on ttys000

Ahmets-MacBook-Air:~ macbook$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Ahmets-MacBook-Air:~ macbook$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

YandexDiskHelper

YandexDiskInstaller

com.oracle.java.JavaUpdateHelper

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.genieoinnovation.macextension.client

com.adobe.fpsaud

Ahmets-MacBook-Air:~ macbook$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.spotify.webhelper

com.oracle.java.Java-Updater

com.genieoinnovation.macextension

com.amazon.sendtokindle.launcher

com.google.keystone.user.agent

com.facebook.videochat.macbook.updater

Ahmets-MacBook-Air:~ macbook$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

GenieoExtra.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Flash Player.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Unity Web Player.plugin

Unused

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.amazon.sendtokindle.launcher.plist

com.genieoinnovation.macextension.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

YandexDiskHelper.plist

YandexDiskInstaller.plist

com.adobe.fpsaud.plist

com.genieoinnovation.macextension.client.plist

com.gopro.stereomodestatus.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.oracle.java.JavaUpdateHelper.plist

/Library/PreferencePanes:

Flash Player.prefPane

GoPro.prefPane

JavaControlPanel.prefPane

/Library/PrivilegedHelperTools:

Google Drive Icon Helper

YandexDiskHelper

YandexDiskInstaller

com.genieoinnovation.macextension.client

com.microsoft.office.licensing.helper

com.oracle.java.JavaUpdateHelper

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleAVCIntraCodec.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleProResCodec.component

CFHDCompressor.component

CFHDDecompressor.component

DVCPROHDCodec.component

FCP Uncompressed 422.component

IMXCodec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Accounts:

V1

Library/Internet Plug-Ins:

FacebookVideoCalling.bundle

Library/Keyboard Layouts:

Library/LaunchAgents:

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.E31CFC2F-7A54-479E-81C7-DEC 4D9818F19.plist

com.facebook.videochat.macbook.plist

com.google.keystone.agent.plist

com.spotify.webhelper.plist

Library/PreferencePanes:

8TracksRadioHelper.prefPane

Ahmets-MacBook-Air:~ macbook$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Google Drive, 8Tracks Helper, Spotify, Dropbox, Yandex.Disk

Ahmets-MacBook-Air:~ macbook$

---

My mac is operating in an odd way, its fan works loudly, when I opened my mac after this overworking of the fan, the login screen was cropped - I thought there was something wrong with it. I stumbled on this thread and wanted to send my results. Thanks for your help in advance.

I'm so inept that I'm hoping I followed the directions correctly.  I have an evil sociopathic soon to be ex husband and I have reason to believe he's installed something on my computers.  This is just from 1.  I would so very much appreciate a translation. 

Meltymax, you are the bomb for sharing this and helping.  Thank you.  What do you see?

com.github.osxfuse.filesystems.osxfusefs (2.6.4)

SmartDaemon, iTunesHelper

I have the same problem - ex husband seems creepily informed of details of my life and it is freaking me out... can someone see if they see anything fishy??

Last login: Mon Aug 25 23:17:28 on console

Bethanys-iMac:~ Bethany$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Bethanys-iMac:~ Bethany$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

com.adobe.fpsaud

Bethanys-iMac:~ Bethany$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.adobe.Photoshop.35936

com.adobe.AdobeCreativeCloud

com.adobe.AAM.Scheduler-1.0

Bethanys-iMac:~ Bethany$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobeAAMDetect.plugin

Default Browser.plugin

Flash Player.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

Silverlight.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

com.adobe.AdobeCreativeCloud.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Fonthead Design - SpillMilk.otf

IgniteTheLight.ttf

Sue Ellen Francisco.ttf

appopaint-Regular.otf

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

com.adobe.AAM.Updater-1.0.plist

Library/PreferencePanes:

Library/Services:

Bethanys-iMac:~ Bethany$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null 

iTunesHelper

Bethanys-iMac:~ Bethany$

Bethanys-iMac:~ Bethany$

Hi Bethany,

It is quite impossible for anyone on this support site to provide absolute assurance that a keylogger is not installed on your system; it is only possible to confirm one of a few well-known keylogger apps exist. It is also quite impossible for anyone to provide absolute assurance that your Mac's hardware has not been maliciously altered to accomplish the same thing - short of an intensive, time-consuming hands-on inspection - and even that can be difficult.

Moreover, it is a bad idea to execute Terminal commands posted by random people on the Internet unless you know exactly what they are and what they are going to do. Terminal commands requiring superuser privileges can result in system corruption, loss of data, theft of personal information, or all of the above.

It is an especially bad idea to follow instructions intended to diagnose someone else's problem, and then post the results on a publicly accessible website such as this one.

I am sorry to tell you this, but all this demonstrates poor judgment on your part and strongly suggests you have not followed common-sense principles for safeguarding your private information such as your Mac's name and the passwords you use to keep your information secure. It's a lot easier for someone to spy on you and become creepily informed of your private activities using far simpler techniques than to install a keylogger on your Mac.

There are other simple precautions you should take. For thorough assistance and recommendations you should post your own question - not tack on a response to this very old one. To do that read Writing an effective Apple Support Communities question. It's the best way to receive timely, relevant, and accurate responses to your particular concerns.

Are the terminal commands posted by linc davis at the beginning of this thread unsafe? and is it a bad idea to publish the results on the internet?

I don't even understand a single letter of a terminal command, and I have published the results already

Good User

You can be assured that nothing that Linc posted, nor the output that you provided, could compromise your computer in any way. As John points out, it's best to start your own thread so that your post doesn't get lost in posts of long ago. Ask the question yourself in a new message and you will, perhaps, get some other responses which may be more helpful.

Good luck,

Clinton

MacBook Pro (15-inch Late 2011), OS Mavericks 10.9.4, 16GB Crucial RAM, Crucial M500 960GB SSD, 27” Apple Thunderbolt Display

Good User wrote:

 

Are the terminal commands posted by linc davis at the beginning of this thread unsafe?

No, they are fine.

However, for the purposes of this discussion, they are also useless. As John pointed out, it's possible someone may spot a known keylogger in those results, but that doesn't mean much. There could easily be something hidden that doesn't show up in those results. If you believe that someone malicious has had unsupervised physical access to your computer, or remote access via some remote access software you already had installed, then there's nothing on the planet that can determine accurately whether that system is safe or not. Your only option is to wipe the drive and reinstall everything from scratch, then manually copy documents only from a non-Time Machine backup. Or, restore your entire system from a Time Machine (or other) backup made prior to the incident.

Thanks, Is this method considered from scratch, if one make the bootable OS X installer drive with the tampered mac? http://osxdaily.com/2013/10/26/clean-install-os-x-mavericks/

That is one description of how to do it, yes. You just need to be cautious about what you restore from backups.

Hi Linc and others!

Thanks for the informative article.

I have proceeded the instructions and my result is below. Can you help me out and let me know if anything strange?

Thanks and sorry for the trouble.

Carlos

RESULT FROM TERMINAL WINDOW MAC.

Last login: Fri Jan  2 13:50:08 on console

Ons-iMac:~ online$ sh

sh-3.2$ sh

sh-3.2$     kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' 

com.symantec.kext.internetSecurity (5.4f7)

at.obdev.nke.LittleSnitch (4226)

com.symantec.kext.ips (3.9.2f1)

sh-3.2$     sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}' 

Password:

com.genieoinnovation.macextension.client

com.oracle.java.JavaUpdateHelper

com.symantec.liveupdate.daemon

at.obdev.littlesnitchd

com.microsoft.office.licensing.helper

com.symantec.errorreporting.periodic

com.symantec.symdaemon

com.adobe.SwitchBoard

com.symantec.sharedsettings

com.adobe.fpsaud

com.symantec.liveupdate.daemon.ondemand

com.teamviewer.Helper

sh-3.2$     ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null 

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

SymAPComm.kext

SymIPS.kext

SymInternetSecurity.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

ALUT.framework

Adobe AIR.framework

AudioMixEngine.framework

GenieoExtra.framework

NyxAudioAnalysis.framework

PluginManager.framework

QtBluetooth.framework

QtCLucene.framework

QtConcurrent.framework

QtCore.framework

QtDeclarative.framework

QtDesigner.framework

QtDesignerComponents.framework

QtGui.framework

QtHelp.framework

QtMacExtras.framework

QtMultimedia.framework

QtMultimediaQuick_p.framework

QtMultimediaWidgets.framework

QtNetwork.framework

QtNfc.framework

QtOpenGL.framework

QtPositioning.framework

QtPrintSupport.framework

QtQml.framework

QtQuick.framework

QtQuickParticles.framework

QtQuickTest.framework

QtScript.framework

QtScriptTools.framework

QtSensors.framework

QtSerialPort.framework

QtSql.framework

QtSvg.framework

QtTest.framework

QtWebKit.framework

QtWebKitWidgets.framework

QtWidgets.framework

QtXml.framework

QtXmlPatterns.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

AdobePDFViewer.plugin

Default Browser.plugin

Flash Player.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

at.obdev.LittleSnitchUIAgent.plist

com.adobe.AAM.Updater-1.0.plist

com.genieoinnovation.macextension.plist

com.oracle.java.Java-Updater.plist

com.symantec.errorreporter-periodicagent.plist

com.symantec.uiagent.application.plist

com.teamviewer.teamviewer.plist

com.teamviewer.teamviewer_desktop.plist

/Library/LaunchDaemons:

at.obdev.littlesnitchd.plist

com.adobe.SwitchBoard.plist

com.adobe.fpsaud.plist

com.genieoinnovation.macextension.client.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

com.oracle.java.JavaUpdateHelper.plist

com.symantec.errorreporter-periodic.plist

com.symantec.liveupdate.daemon.ondemand.plist

com.symantec.liveupdate.daemon.plist

com.symantec.nav.migrateqtf.plist

com.symantec.sharedsettings.plist

com.symantec.symdaemon.plist

com.teamviewer.Helper.plist

com.teamviewer.teamviewer_service.plist

/Library/PreferencePanes:

Flash Player.prefPane

JavaControlPanel.prefPane

SymantecQuickMenu.prefPane

/Library/PrivateFrameworks:

SymAVScan.framework

SymAppKitAdditions.framework

SymBase.framework

SymDaemon.framework

SymIPS.framework

SymLicensing.framework

SymSharedSettings.framework

SymSubmission.framework

SymUIAgent.framework

/Library/PrivilegedHelperTools:

com.genieoinnovation.macextension.client

com.microsoft.office.licensing.helper

com.oracle.java.JavaUpdateHelper

com.teamviewer.Helper

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

Library/LaunchAgents:

.DS_Store

com.genieo.completer.download.plist

com.genieo.completer.ltvbit.plist

com.genieo.completer.update.plist

Library/PreferencePanes:

Library/Services:

AppDelete.workflow

sh-3.2$     osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null 

iTunesHelper, Android File Transfer Agent

sh-3.2$

Please Please Help!!!

Library/PreferencePanes:

Tylers-MacBook-Pro:~ jdub$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' 

com.trendmicro.kext.filehook (1.5.0)

com.trendmicro.kext.KERedirect (1.0.0)

Tylers-MacBook-Pro:~ jdub$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}' 

Password:

Sorry, try again.

Password:

Sorry, try again.

Password:

Sorry, try again.

sudo: 3 incorrect password attempts

Tylers-MacBook-Pro:~ jdub$ J666999w

-bash: J666999w: command not found

Tylers-MacBook-Pro:~ jdub$ J666999j

-bash: J666999j: command not found

Tylers-MacBook-Pro:~ jdub$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}' 

com.trendmicro.TM.TmLoginMgr.16788

Tylers-MacBook-Pro:~ jdub$

Tylers-MacBook-Pro:~ jdub$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

Sorry, try again.

Password:

com.trendmicro.tmsm.plugin

com.trendmicro.icore.wp

com.trendmicro.icore.main

com.trendmicro.icore.av

com.trendmicro.tmsm.launcher

Tylers-MacBook-Pro:~ jdub$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null 

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

TMAppCommon.framework

TMAppCore.framework

TMGUIUtil.framework

iCoreClient.framework

iCoreClientPb.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Default Browser.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

/Library/LaunchDaemons:

com.trendmicro.icore.av.plist

com.trendmicro.icore.main.plist

com.trendmicro.icore.wp.plist

com.trendmicro.tmsm.launcher.plist

com.trendmicro.tmsm.plugin.plist

/Library/PreferencePanes:

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LanguageModeling:

en-dynamic.lm

es-dynamic.lm

nl-dynamic.lm

Library/PreferencePanes:

Library/Services:

Tylers-MacBook-Pro:~ jdub$

Tylers-MacBook-Pro:~ jdub$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null 

TmLoginMgr

Tylers-MacBook-Pro:~ jdub$

found these on my mac , how do i get rid of them? , i think these are keyloggers someone installed on my mac , i sthere anyway to view/delete the content aswell?