I hope this is a legit post and not from a stolen mac since an owner might be the one who has installed a keylogger, etc.
If it is legit -- no freekin way to know so I'll trust that it is -- this might be too late but,
advice above to buy new drive and back up: INVALUABLE -- I can tell you from experience (sadly).
I know for sure that Super Duper http://www.shirt-pocket.com/
will back up only your Users files & data
if you choose to do it that way. But it sounds like you need to back up everything then run at least two of the following:
are you running ClamXAV? (beta 2 has most updated engine and is easy to install and use;
but review & read the forum too before tweaking & modifying the default settings) http://clamxav.com/index.php?page=v2beta
Another option is to find a rootkit hunter for mac os x. Only two that I know of:
OS X Rootkit Hunter for Mac by http://christian-hornung.de
there's an article at http://gigaom.com/apple/why-mac-securit ... it-hunter/
another is chkrootkit_macosx http://www.macupdate.com/app/mac/24011/ ... kit_macosx
but it seems now undownloadable/a dead link on my end may still be downloadable from mirror sites ?
don't go tinkering w/ that stuff tho before you back up your data.
finally there is now a mac anti-virus/anti-malware freeware (mainly to prevent windoze virusus being inadvertently spread via macs) by sophos.com but it is slower than molasses in winter
and not very customizable, (and everyone I know including me removed it after an initial attempt to try it out -- I would be loathe to ever try a windoze-inspired / winduhs based app again) but in your situation, I think I might try it as a scan to see what it can find and since you can tell it to just scan and not remove anything to start with, which you can also do w/ Clamxav, but they are likely to find some different things since clamxav is not the most updated clamav engine, it lags on the engine, not the virus defs from my understanding.
you could read about the keystroke loggers that can be embedded / run on mac os x and try to determine where its files are installed, then search specifically for those files. It might help to have a utility like iShow Invisible script by TOM X
. Again, don't be removing a bunch of now visible files just because you don't understand what they are or you will be doomed and have to reinstall and definitely could lose data!
good luck if you are legit, bad luck if you are not
oh yeah, don't forget to have a basic daily user account that is NON-admin for your everyday use for email, browsing, everything you do on a daily basis and a separate Admin-authorized account as a barrier to inadvertently installing everything at root level w/out admin permission. AND Always use Little Snitch