Keylogger or controlled by someone else?

Ok, will do…..I did not install it..I found another recommendation to determine if computer was hacked…..

I have all these users on my system.. I did not put these on.

Thank you for replying!!! I am freaking out.

Matching Defaults entries for root on this host:

env_reset, env_keep+=BLOCKSIZE, env_keep+="COLORFGBG COLORTERM",

env_keep+=__CF_USER_TEXT_ENCODING, env_keep+="CHARSET LANG LANGUAGE LC_ALL

LC_COLLATE LC_CTYPE", env_keep+="LC_MESSAGES LC_MONETARY LC_NUMERIC

LC_TIME", env_keep+="LINES COLUMNS", env_keep+=LSCOLORS,

env_keep+=SSH_AUTH_SOCK, env_keep+=TZ, env_keep+="DISPLAY XAUTHORIZATION

XAUTHORITY", env_keep+="EDITOR VISUAL", env_keep+="HOME MAIL"

User root may run the following commands on this host:

(ALL) ALL

(ALL) ALL

new-host-2:~ root#

new-host-2:~ root# dscl . list /users

_amavisd

_appleevents

_appowner

_appserver

_ard

_assetcache

_astris

_atsserver

_avbdeviced

_calendar

_ces

_clamav

_coreaudiod

_coremediaiod

_cvmsroot

_cvs

_cyrus

_devdocs

_devicemgr

_displaypolicyd

_distnote

_dovecot

_dovenull

_dpaudio

_eppc

_ftp

_geod

_iconservices

_installassistant

_installer

_jabber

_kadmin_admin

_kadmin_changepw

_krb_anonymous

_krb_changepw

_krb_kadmin

_krb_kerberos

_krb_krbtgt

_krbfast

_krbtgt

_launchservicesd

_lda

_locationd

_lp

_mailman

_mcxalr

_mdnsresponder

_mysql

_netbios

_netstatistics

_networkd

_nsurlsessiond

_nsurlstoraged

_postfix

_postgres

_qtss

_sandbox

_screensaver

_scsd

_securityagent

_serialnumberd

_softwareupdate

_spotlight

_sshd

_svn

_taskgated

_teamsserver

_timezone

_tokend

_trustevaluationagent

_unknown

_update_sharing

_usbmuxd

_uucp

_warmd

_webauthserver

_windowserver

_www

daemon

geddesGeddes

Guest

janinependley

nobody

root

new-host-2:~ root# last

root ttys000 Wed May 6 22:37 still logged in

wtmp begins Wed May 6 22:37

new-host-2:~ root#

https://discussions.apple.com/thread/4243511

Dear Sir(s),

I used the above referenced instructions provided in link above.

Why do I think someone is accessing my account?

1) Ex-husband has access and has used my identity,

2) Extensive ****, and other inappropriate content,

3) Changes in my computer on an ongoing basis,

4) The computer was restored last week,

5) The most recent information I posted is post restore, I still think he has access.

Janines-iMac:~ janinependley$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}

> kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7

awk: syntax error at source line 2

context is

kextstat -kl | >>> awk <<< !/com.apple/{printf

missing }

awk: bailing out at source line 2

Janines-iMac:~ janinependley$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apac

> sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}

-bash: syntax error near unexpected token `apple'

Janines-iMac:~ janinependley$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3

> sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3

-bash: syntax error near unexpected token `apple'

Janines-iMac:~ janinependley$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $

> sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3

-bash: syntax error near unexpected token `apple'

Janines-iMac:~ janinependley$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Default Browser.plugin

Flash Player.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

flashplayer.xpt

googletalkbrowserplugin.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.google.keystone.agent.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.apple.spirecorder.plist

com.google.keystone.daemon.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LanguageModeling:

de-dynamic.lm

en-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/PreferencePanes:

Library/Services:

Janines-iMac:~ janinependley$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper

Janines-iMac:~ janinependley$

Janines-iMac:~ janinependley$