Detect spyware and determine who is spying on my imac

You've no commercial keylogging software showing; but could probably do without the esellerate (EWS) framework and the genieo adware.

Thank you so much. Would things such as Webwatcher or SpectorPro show up by name in that diagnostic suggested by Linc Davis? How does one determine it?

Thanks again AndyBall_UK

Linc and anyone who might have a suggestion,

I know that someone took control of my MacBook Pro webcam and recorded video of me without my knowing it a few months back. Now I believe I have had a keylogger exposing my privacy so I'm revamping my entire security set up...

I ran the virus scan in MacKeeper, AVG AntiVirus (which claims to detect spy ware) and finally MacScan. None of these detected anything except tracking cookies (MacScan).

Could these people have taken over my MacBook Pro's webcam while I was logged into a website through some kind of malware that was designed to run from the website and not off my hard drive?

I'm not so comfortable running the terminal scripts that were posted I've just been burned so many times at this point... Any suggestions would be greatly appreciated...

morning sun wrote:

Could these people have taken over my MacBook Pro's webcam while I was logged into a website through some kind of malware that was designed to run from the website and not off my hard drive?

If you had Java (not JavaScript) enabled while on the web site, something like that would be possible, but currently unknown.

I'm not so comfortable running the terminal scripts that were posted I've just been burned so many times at this point... Any suggestions would be greatly appreciated...

Then nobody here can provide any additional help since we have no idea what is now installed on your computer. Even if we could it would be no substitute for an examination by a forensically trained police analyst which is probably who you should be talking to if a crime has been committed here.

Additionally, if you reconsider running the Terminal commands start a new thread if you want the fastest, most efficient help here in the forum. Linc and most others here don't often respond to "me too" requests.

morning sun wrote:

I ran the virus scan in MacKeeper, AVG AntiVirus (which claims to detect spy ware) and finally MacScan. None of these detected anything except tracking cookies (MacScan).

Do not install MacKeeper (and how to uninstall it if you have):

https://discussions.apple.com/docs/DOC-6221

(Please note that references to the original developers, Zeobit, also now refer to Kromtech Alliance Corp, who acquired MacKeeper and PCKeeper from ZeoBit LLC in early 2013.)

Also uninstall AVG AntiVirus. Virtually all third party anti virus applications do more harm to your system than not having them. and many give false positives.

You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.

https://discussions.apple.com/docs/DOC-2435

More useful information can also be found here:

http://www.thesafemac.com/mmg/

Ok Here are the results from Terminal. Thank you Klaus, Linc and All for your help. I've also posted a new thread with these results here:

Step 1

1. com.microsoft.driver.MicrosoftMouse (8.2)
2. com.microsoft.driver.MicrosoftMouseUSB (8.2)
3. com.avg.Antivirus.OnAccess.kext (14.0)

Step 2

1. com.zeobit.MacKeeper.plugin.AntiTheft.daemon
2. com.raynersw.nshctldo
3. com.microsoft.office.licensing.helper
4. com.avg.Antivirus
5. com.avg.Antivirus.infosd
6. com.adobe.SwitchBoard
7. com.adobe.fpsaud

Step 3

1. com.zeobit.MacKeeper.plugin.AntiTheft.daemon
2. com.raynersw.nshctldo
3. com.microsoft.office.licensing.helper
4. com.avg.Antivirus
5. com.avg.Antivirus.infosd
6. com.adobe.SwitchBoard
7. com.adobe.fpsaud

new-host:~ MacBookPro$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

1. com.extensis.FMCore
2. com.avg.Antivirus
3. com.adobe.CS5ServiceManager
4. com.adobe.CS4ServiceManager
5. com.adobe.AdobeCreativeCloud
6. com.zeobit.MacKeeper.Helper
7. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae
8. com.adobe.AAM.Scheduler-1.0

Step 4

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

1. AEProfiling.framework
2. AERegistration.framework

Adobe AIR.framework

1. AudioMixEngine.framework
2. EWSMac.framework
3. ExtensisPlugins.framework
4. NyxAudioAnalysis.framework
5. PluginManager.framework
6. TSLicense.framework
7. iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

1. AdobeAAMDetect.plugin
2. AdobeExManDetect.plugin
3. AdobePDFViewer.plugin
4. AdobePDFViewerNPAPI.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

JavaAppletPlugin.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

1. SharePointBrowserPlugin.plugin
2. SharePointWebKitPlugin.webplugin
3. Silverlight.plugin
4. SurveillanceClient.plugin
5. flashplayer.xpt
6. iPhotoPhotocast.plugin
7. npContributeMac.bundle
8. nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

1. com.adobe.AAM.Updater-1.0.plist
2. com.adobe.AdobeCreativeCloud.plist
3. com.adobe.CS4ServiceManager.plist
4. com.adobe.CS5ServiceManager.plist
5. com.avg.Antivirus.gui.plist
6. com.extensis.FMCore.plist

/Library/LaunchDaemons:

1. com.adobe.SwitchBoard.plist
2. com.adobe.fpsaud.plist
3. com.avg.Antivirus.infosd.plist
4. com.avg.Antivirus.services.plist
5. com.microsoft.office.licensing.helper.plist
6. com.raynersw.nshctldo.plist
7. com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist

/Library/PreferencePanes:

Flash Player.prefPane

Flip4Mac WMV.prefPane

Microsoft Mouse.prefPane

/Library/PrivilegedHelperTools:

1. com.microsoft.office.licensing.helper
2. com.raynersw.nshctldo

/Library/QuickLook:

1. GBQLGenerator.qlgenerator
2. iBooksAuthor.qlgenerator
3. iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

SoundboothScoreCodec.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

1. iBooksAuthor.mdimporter
2. iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

com.adobe.SwitchBoard.monitor.plist

Library/Extensis:

Suitcase Fusion

com.extensis.FMCore-LaunchInfo.conf

Library/Fonts:

Library/Frameworks:

EWSMac.framework

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

EMusic.plugin

RealPlayer Plugin.plugin

Library/Keyboard Layouts:

Library/LaunchAgents:

1. com.adobe.AAM.Updater-1.0.plist
2. com.adobe.ARM.202f4087f2bbde52e3ac2df389f53a4f123223c9cc56a8fd83a6f7ae.plist
3. com.zeobit.MacKeeper.Helper.plist

Library/PreferencePanes:

Step 5

iTunesHelper

Hello Everyone,

I have the same problem as the OP.

Could someone please have a look and tell me if you think the results from my mac terminal are off? I followed Linc's (thanks!!) directions

on how to do this. Super helpful!

(Here's the background info)

I found a "Steallth.ipa" iOS Application on my mac. It had the iTunes logo but wasn't an iTunes file. When I checked the info on the file (5.6MB) -

I noticed that I only had permission to read as did everyone else. Only admin could read and write. (I don't think I ever installed an admin login).

Not sure what to make of this Stealth app?

Checked my firewall and it was on, but these connections were greenlighted:

cups-lpd

iTunes

JavaApplicationStub

By the way I don't have any remote access enabled, but did find that an App was added to my login item: WDDriveManagerStatusMenu. I think this might be

for my external Western Digital.

Also found 2 invisible drives on desktop "home" and "net". And then that all the bluetooth boxes were checked which I don't think I did. But I have to say I haven't

used this machine as much as I am now.

I left everything as is, to run the Terminal with the 5 steps outlined after a normal boot.

I've since, disabled the 3 apps as incoming connections and turned on

stealth. Changed the password for Admin and permissions too.

And now am hoping to find out from one of you that's it all because my machine is

getting old.

Here are my results. Please let me know your thoughts.

Thanks so much for your time!

Mikado

Mac Book Pro circa 2006/2007 running Mac OS X 10.6.8

Mac_Terminal_results:

Last login: Sun Jun 29 13:26:54 on console

Finkston:~ mikado$

Finkston:~ mikado$ extstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

-bash: extstat: command not found

Finkston:~ mikado$

Finkston:~ mikado$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

Password:

com.wdc.drivemanagerservice

com.adobe.fpsaud

Finkston:~ mikado$

Finkston:~ mikado$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

ws.agile.1PasswordAgent

Finkston:~ mikado$

Finkston:~ mikado$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Address Book Plug-Ins:

.DS_Store

/Library/Components:

/Library/Extensions:

/Library/Frameworks:

.DS_Store

NyxAudioAnalysis.framework

PluginManager.framework

PrintMeSSL.framework

/Library/Input Methods:

Image Capture

/Library/Internet Plug-Ins:

.DS_Store

Flash Player.plugin

NP-PPC-Dir-Shockwave

QuickTime Plugin.plugin

flashplayer.xpt

nplastpass.plugin

/Library/Internet Plug-Ins (Disabled):

/Library/Keyboard Layouts:

/Library/LaunchAgents:

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.wdc.drivemanagerservice.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

GBQLGenerator.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

/Library/ScriptingAdditions:

Adobe Unit Types

/Library/Spotlight:

AppleWorks.mdimporter

GBSpotlightImporter.mdimporter

Microsoft Office.mdimporter

iWeb.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

dashboardadvisoryd.plist

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

AdiumAddressBookAction_AIM.scpt

AdiumAddressBookAction_ICQ.scpt

AdiumAddressBookAction_Jabber.scpt

AdiumAddressBookAction_MSN.scpt

AdiumAddressBookAction_SMS.scpt

AdiumAddressBookAction_Yahoo.scpt

Library/Fonts:

176 DIN Schriften

AACHEN

AacheDMedSh1

Abadi MT Condensed Extra Bold

Abadi MT Condensed Light

Andale Mono

Arial

Arial Black

Arial Narrow

Arial Rounded Bold

Avant Garde

AvantGarBol

AvantGarBolObl

AvantGarBoo

AvantGarBooObl

AvantGarConBol

AvantGarConBoo

AvantGarConDem

AvantGarConMed

AvantGarDem

AvantGarDemObl

AvantGarExtLig

AvantGarExtLigObl

AvantGarMed

AvantGarMedObl

AvantGarXLig

AvantGarXLigObl

BCitNor

Base 12 Serif Family

BaseTweSer

BaseTweSerB

BaseTweSerBI

BaseTweSerI

BaseTweSerSCB

BaseTweSerSCBI

BaseTweSerSCI

BaseTweSerSma

Baskerville Old Face

Batang.ttf

Bauhaus 93

BayerArcTyp

BayerArchiType.t1

Bell MT

Bernard MT Condensed

BisteBol

BisteckBold.bmap

Bolt Bold

BoltBolICG

Book Antiqua

Bookman Old Style

Braggadocio

Britannic Bold

Brush Script

BureaEmp

BureaEmpIta

Bureau Empire (FB)

CITY

COMPACTA BD BT

CRILLEE startrek

Calisto MT

CalveMTBol

CalveMTLig

CalveMTMed

CalvertMT.bmap

Century

Century Gothic

Century Schoolbook

CitizBol

CitizBolIta

CitizLig

CitizLigIta

CitizenScreenFonts

CityBld

CityBol

CityBolIta

CityMed

CityMedIta

CityNor

Colonna

Comic Sans MS

CompaBTBol

CompaBTBolIta

CompaLig

CompaMTBol

Compacta-Light.scr

CompactaMTBd.bmap

ConduITCBol

ConduITCBolIta

ConduITCLig

ConduITCLigIta

ConduITCMed

ConduITCMedIta

Conduit ITC Bold

Conduit ITC Bold Italic

Conduit ITC Light

Conduit ITC Light Italic

Conduit ITC Medium

Conduit ITC Medium Italic

Cooper Black

Copperplate Gothic Bold

Copperplate Gothic Light

CrillTBolIta

CrillTExtBolIta

CrillTLigIta

CrillTRegIta

Curlz MT

DINEng

DINMit

DINNeuGroBolCon

DINNeuGroLig

DOT MATRIX

Desdemona

DotmaReg

Edwardian Script ITC

Engravers MT

Eurostile

Expo SSi

ExpoBlaSSiBla

ExpoBlaSSiBlaIta

ExpoBooSSiBoo

ExpoBooSSiBooIta

ExpoBooSSiMed

ExpoBooSSiMedIta

ExpoLigSSiLig

ExpoLigSSiLigIta

ExpoSSi

ExpoSSiBol

ExpoSSiBolIta

ExpoSSiIta

ExposBlaSSiBla

ExposBlaSSiBlaIta

ExposMedSSiMed

ExposMedSSiMedIta

ExposSSi

ExposSSiBol

ExposSSiBolIta

ExposSSiIta

Folio.bmap

FolioBol

FolioBolCon

FolioExtBol

FolioLig

FolioMed

Footlight Light

FreewBla

FreewDem

FreewLig

FreewRom

FreewRomIta

Garamond

GentlSanBol

GentlSanBolIta

GentlSanBoo

GentlSanBooIta

GentlSanLig

GentlSanLigIta

GentlSanUltBol

Gentle Sans

Georgia

Gill Sans Ultra Bold

Gloucester MT Extra Condensed

Goudy Old Style

Gulim.ttf

Haettenschweiler

Harrington

HelveNeuLig

HelveNeuMed

ITC Avant Garde gothic

Impact

Imprint MT Shadow

Kabel.bmap

KabelITCbyBTBol

KabelITCbyBTBoo

KabelITCbyBTDem

KabelITCbyBTMed

KabelITCbyBTUlt

Kino

KochOriginal screen fonts

Kocho

Lucida Blackletter

Lucida Bright

Lucida Calligraphy

Lucida Fax

Lucida Handwriting

Lucida Sans

Lucida Sans Typewriter

MS Gothic.ttf

MS Mincho.ttf

MS PGothic.ttf

MS PMincho.ttf

MT Extra

Matura Script Capitals

Maus

Maus.suit

Mistral

MitteNor

Modern No. 20

Monotype Corsiva

Monotype Sorts

NeogrMT

NeographikMT.bmap

News Gothic MT

OPTIBinStyBol

OPTIBinStyLig

OPTIBinderStyle.bmap

OPTIChaBol

OPTIChampion-Bold.bmap

OPTIComIta

OPTIComLig

OPTIComReg

OPTICompit

OPTIStaExt

OPTIStaXtrBolExt

OPTIStaines-Extended.bmap

OPTIVagRouBol

OPTIVagRound-Bold.bmap

Onyx

PMingLiU.ttf

Perpetua Titling MT

PlacaMTCon

Placard_MT_Cn

Playbill

RenneArcTyp

RennerArchiType.t1

Rockwell

Rockwell Extra Bold

Ronda

RondaBol

RondaLig

RondaMed

SimSun.ttf

Stencil

Tahoma

TapeGun

TapeGun.bmap

Times New Roman

Trebuchet MS

TwentCenMTUltBol

Twentieth Century

U49.t1

U49Nor

UNITUS-REGULAR

UltraBla

UltraBlack.bmap

UnituTBla

UnituTBlaIta

UnituTBol

UnituTBolIta

UnituTLig

UnituTLigIta

UnituTReg

UnituTRegIta

UnituTUltBol

Upsil

Upsilon.bmap

VAG.bmap

VAGRouBla

VAGRouBol

VAGRouLig

VAGRouThi

VectoLHBla

VectoLHBlaIta

VectoLHBol

VectoLHBolIta

VectoLHIta

VectoLHLig

VectoLHLigIta

VectoLHRom

Vectora Bitmaps

Verdana

Wide Latin

Wingdings

Wingdings 2

Wingdings 3

displdts.ttf

freeway

mittelschrift

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

fbplugin_1_0_3.plugin

Library/Keyboard Layouts:

Library/LaunchAgents:

ws.agile.1PasswordAgent.plist

Library/PreferencePanes:

Growl.prefPane

Library/ScriptingAdditions:

1Password Addition.osax

Finkston:~ mikado$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

WDDriveManagerStatusMenu

Finkston:~ mikado$

IOS apps won't run on a Mac. It's nothing to worry about.

mikado_409 wrote:

I have the same problem as the OP.

I doubt that it is the same problem and this discussion is far too old to be of any use from anybody else that might still be following it.

The way this forum works best is that you read through similar problems and try any solutions you think might apply to your situation, but if you aren't able to resolve it you need to start a new discussion so that current users can quickly drop by to help you out. There may not be anybody other than me that will see your posting.

Sorry, but that's just the way this forum works.

Thanks for your reply. I did read through a lot of posts actually - that's where I got the brilliant idea to try Linc's code on the mac terminal before posting on here - I just don't know what any of it means, so I came back here....but now I've got bigger issues. Keychains from the laptop locked me out of my iphone. I'll start a new discussion....thanks

I have done this to my friends mAC, as she has asked me to. I don't have her password, so i could not do that step. If you could, please check what came up.

Last login: Fri Dec 26 17:55:43 on ttys000

Emmalees-MacBook-Pro:~ emmaleecerbone$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

Emmalees-MacBook-Pro:~ emmaleecerbone$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.zeobit.MacKeeper.35584

com.zeobit.MacKeeper.Helper

com.google.keystone.user.agent

Emmalees-MacBook-Pro:~ emmaleecerbone$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

AudioMixEngine.framework

NyxAudioAnalysis.framework

PluginManager.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Default Browser.plugin

Flash Player.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

flashplayer.xpt

nsIQTScriptablePlugin.xpt

/Library/Keyboard Layouts:

/Library/LaunchAgents:

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.zeobit.MacKeeper.AntiVirus.plist

com.zeobit.MacKeeper.plugin.AntiTheft.daemon.plist

/Library/PreferencePanes:

Flash Player.prefPane

/Library/PrivilegedHelperTools:

/Library/QuickLook:

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

/Library/Spotlight:

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

com.google.keystone.agent.plist

com.zeobit.MacKeeper.Helper.plist

Library/PreferencePanes:

Library/Services:

Emmalees-MacBook-Pro:~ emmaleecerbone$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper

Emmalees-MacBook-Pro:~ emmaleecerbone$

Step 1 Output:

com.metakine.handsoff.driver (2.3.3)

com.taoeffect.ispy.kext (2.0.2)

jp.co.roland.RDUSB0096Dev (1.0.0)

com.mcafee.kext.Virex (1.1.0d1)

com.anchorfree.tun (1.0.2)

Step 2 Output:

org.tcpdump.chmod_bpf

org.macosforge.xquartz.privileged_startx

com.taoeffect.ispyd

com.metakine.handsoff.daemon

com.mcafee.virusscan.fmpd

com.mcafee.ssm.ScanManager

com.mcafee.ssm.Eupdate

com.bombich.ccchelper

com.anchorfree.ajaxserver

com.adobe.fpsaud

com.v.helper

Step 3 Output:

org.macosforge.xquartz.startx

com.mcafee.reporter

com.mcafee.menulet

com.v.agent

com.taoeffect.EspionageHelper

com.spigot.SearchProtection

Step 4 Output:

/Library/Components:

/Library/Extensions:

HandsOff.kext

/Library/Frameworks:

AECore.framework

AEProfiling.framework

AERegistration.framework

AVEngine.framework

AudioMixEngine.framework

Compressor.framework

DSPPublishing.framework

EWSMac.framework

FxPlug.framework

MacFUSE.framework

MacScanner.framework

MediaServerAPI.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

ProMetadataSupport.framework

Qmaster.framework

ScanBooster.framework

TSLicense.framework

VirusScanPreferences.framework

XSKey.framework

iLifeFaceRecognition.framework

iLifeKit.framework

iLifePageLayout.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

JavaAppletPlugin.plugin

PepperFlashPlayer

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

/Library/Internet Plug-Ins (Disabled):

.DS_Store

Flash Player.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.2a246b7c762bbfc2.agent.plist

com.mcafee.menulet.plist

com.mcafee.reporter.plist

com.motu.MOTULauncher.plist

org.macosforge.xquartz.startx.plist

/Library/LaunchDaemons:

com.2a246b7c762bbfc2.daemon.plist

com.2a246b7c762bbfc2.helper.plist

com.adobe.fpsaud.plist

com.anchorfree.ajaxserver.plist

com.apple.aelwriter.plist

com.apple.qmaster.qmasterd.plist

com.bombich.ccchelper.plist

com.mcafee.ssm.Eupdate.plist

com.mcafee.ssm.ScanManager.plist

com.mcafee.virusscan.fmpd.plist

com.metakine.handsoff.daemon.plist

com.microsoft.office.licensing.helper.plist

com.taoeffect.ispyd.plist

org.macosforge.xquartz.privileged_startx.plist

org.tcpdump.chmod_bpf.plist

/Library/PreferencePanes:

Apple Qmaster.prefPane

Flash Player.prefPane

Flip4Mac WMV.prefPane

NIUSBAudio.prefPane

OSXFUSE.prefPane

Perian.prefPane

RDUSB0096Pref.prefPane

YAMAHA-USBMIDIPatch.prefPane

Yamaha Steinberg USB.prefPane

/Library/PrivateFrameworks:

LLDB.framework

SymIPS.framework

/Library/PrivilegedHelperTools:

com.bombich.ccchelper

com.microsoft.office.licensing.helper

/Library/QuickLook:

GBQLGenerator.qlgenerator

LogicQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AC3MovieImport.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleProResCodec.component

DVCPROHDCodec.component

DVCPROHDMuxer.component

DVCPROHDVideoDigitizer.component

DVCPROHDVideoOutput.component

DVCPROHDVideoOutputClock.component

DVCPROHDVideoOutputCodec.component

DesktopVideoOut.component

FCP Uncompressed 422.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

IMXCodec.component

Perian.component

/Library/ScriptingAdditions:

/Library/Spotlight:

GBSpotlightImporter.mdimporter

LogicPro.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

cma

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

Library/Fonts:

Library/Frameworks:

EWSMac-GC.framework

EWSMac.framework

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

.DS_Store

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.D820D739-A73E-49FB-AD7D-470 6B9086A88.plist

com.spigot.SearchProtection.plist

com.taoeffect.EspionageHelper.plist

Library/PreferencePanes:

Library/Services:

EspionageMenu.service

Step 5 Output:

None

Step 1 Output:

com.metakine.handsoff.driver (2.3.3)

com.taoeffect.ispy.kext (2.0.2)

jp.co.roland.RDUSB0096Dev (1.0.0)

com.mcafee.kext.Virex (1.1.0d1)

com.anchorfree.tun (1.0.2)

Step 2 Output:

org.tcpdump.chmod_bpf

org.macosforge.xquartz.privileged_startx

com.taoeffect.ispyd

com.metakine.handsoff.daemon

com.mcafee.virusscan.fmpd

com.mcafee.ssm.ScanManager

com.mcafee.ssm.Eupdate

com.bombich.ccchelper

com.anchorfree.ajaxserver

com.adobe.fpsaud

com.v.helper

Step 3 Output:

org.macosforge.xquartz.startx

com.mcafee.reporter

com.mcafee.menulet

com.v.agent

com.taoeffect.EspionageHelper

com.spigot.SearchProtection

Step 4 Output:

/Library/Components:

/Library/Extensions:

HandsOff.kext

/Library/Frameworks:

AECore.framework

AEProfiling.framework

AERegistration.framework

AVEngine.framework

AudioMixEngine.framework

Compressor.framework

DSPPublishing.framework

EWSMac.framework

FxPlug.framework

MacFUSE.framework

MacScanner.framework

MediaServerAPI.framework

NyxAudioAnalysis.framework

OSXFUSE.framework

PluginManager.framework

ProMetadataSupport.framework

Qmaster.framework

ScanBooster.framework

TSLicense.framework

VirusScanPreferences.framework

XSKey.framework

iLifeFaceRecognition.framework

iLifeKit.framework

iLifePageLayout.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

JavaAppletPlugin.plugin

PepperFlashPlayer

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

flashplayer.xpt

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

/Library/Internet Plug-Ins (Disabled):

.DS_Store

Flash Player.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.2a246b7c762bbfc2.agent.plist

com.mcafee.menulet.plist

com.mcafee.reporter.plist

com.motu.MOTULauncher.plist

org.macosforge.xquartz.startx.plist

/Library/LaunchDaemons:

com.2a246b7c762bbfc2.daemon.plist

com.2a246b7c762bbfc2.helper.plist

com.adobe.fpsaud.plist

com.anchorfree.ajaxserver.plist

com.apple.aelwriter.plist

com.apple.qmaster.qmasterd.plist

com.bombich.ccchelper.plist

com.mcafee.ssm.Eupdate.plist

com.mcafee.ssm.ScanManager.plist

com.mcafee.virusscan.fmpd.plist

com.metakine.handsoff.daemon.plist

com.microsoft.office.licensing.helper.plist

com.taoeffect.ispyd.plist

org.macosforge.xquartz.privileged_startx.plist

org.tcpdump.chmod_bpf.plist

/Library/PreferencePanes:

Apple Qmaster.prefPane

Flash Player.prefPane

Flip4Mac WMV.prefPane

NIUSBAudio.prefPane

OSXFUSE.prefPane

Perian.prefPane

RDUSB0096Pref.prefPane

YAMAHA-USBMIDIPatch.prefPane

Yamaha Steinberg USB.prefPane

/Library/PrivateFrameworks:

LLDB.framework

SymIPS.framework

/Library/PrivilegedHelperTools:

com.bombich.ccchelper

com.microsoft.office.licensing.helper

/Library/QuickLook:

GBQLGenerator.qlgenerator

LogicQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AC3MovieImport.component

AppleHDVCodec.component

AppleIntermediateCodec.component

AppleMPEG2Codec.component

AppleProResCodec.component

DVCPROHDCodec.component

DVCPROHDMuxer.component

DVCPROHDVideoDigitizer.component

DVCPROHDVideoOutput.component

DVCPROHDVideoOutputClock.component

DVCPROHDVideoOutputCodec.component

DesktopVideoOut.component

FCP Uncompressed 422.component

Flip4Mac WMV Advanced.component

Flip4Mac WMV Export.component

Flip4Mac WMV Import.component

IMXCodec.component

Perian.component

/Library/ScriptingAdditions:

/Library/Spotlight:

GBSpotlightImporter.mdimporter

LogicPro.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

cma

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

Library/Fonts:

Library/Frameworks:

EWSMac-GC.framework

EWSMac.framework

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

Library/Keyboard Layouts:

Library/LaunchAgents:

.DS_Store

com.apple.AddressBook.ScheduledSync.PHXCardDAVSource.D820D739-A73E-49FB-AD7D-470 6B9086A88.plist

com.spigot.SearchProtection.plist

com.taoeffect.EspionageHelper.plist

Library/PreferencePanes:

Library/Services:

EspionageMenu.service

Step 5 Output:

None

Linc doesn't usually respond to "me too" requests and probably isn't even monitoring this old discussion. You will always be better off posting a new topic with a clear statement of the problem you are seeing, without jumping to the conclusion that you have some sort of spyware on your Mac and posting something that many of us cannot interpret for you.

That being said you need to uninstall McAfee in accordance with theses developer's instructions and run AdwareMedic to get rid of the VSearch, Spigot and perhaps other adware you seem to have accidentally installed. You might be able to do this manually by following these instructions from Apple, but they are incomplete.

What do you use Espionage from TaoEffect for?

appreciate the help Linc

drazeks-MacBook-Pro-2:~ drazek$ kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}'

drazeks-MacBook-Pro-2:~ drazek$ sudo launchctl list | sed 1d | awk '!/0x|com\.(apple|openssh|vix)|edu\.mit|org\.(amavis|apache|cups|isc|ntp|postfi x|x)/{print $3}'

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

com.adobe.versioncueCS4

com.microsoft.office.licensing.helper

com.google.keystone.daemon

com.oracle.java.Helper-Tool

com.adobe.fpsaud

drazeks-MacBook-Pro-2:~ drazek$ launchctl list | sed 1d | awk '!/0x|com\.apple|edu\.mit|org\.(x|openbsd)/{print $3}'

com.google.Chrome.92332

com.adobe.CS4ServiceManager

org.mozilla.firefox.49164

jp.co.canon.cijscannerregister.86368

com.microsoft.Word.56832

com.google.keystone.system.agent

com.jdibackup.ZipCloud.autostart

com.oracle.java.Java-Updater

com.getdropbox.dropbox.80120

com.rpatechnology.mobilemouse.61944

com.jdibackup.ZipCloud.notify

com.adobe.dreamweaver-10.0.40360

com.divx.update.agent

com.microsoft.autoupdate.fba.86652

com.divx.dms.agent

drazeks-MacBook-Pro-2:~ drazek$ ls -1A /e*/mach* {,/}L*/{Ad,Compon,Ex,Fram,In,Keyb,La,Mail/Bu,P*P,Priv,Qu,Scripti,Servi,Spo,Sta} * L*/Fonts 2> /dev/null

/Library/Components:

/Library/Extensions:

ACS6x.kext

ATTOCelerityFC8.kext

ATTOExpressSASHBA2.kext

ATTOExpressSASRAID2.kext

ArcMSR.kext

CalDigitHDProDrv.kext

EPSONUSBPrintClass.kext

HighPointIOP.kext

HighPointRR.kext

PromiseSTEX.kext

SoftRAID.kext

/Library/Frameworks:

AEProfiling.framework

AERegistration.framework

Adobe AIR.framework

AudioMixEngine.framework

DivX Toolkit.framework

DivXInstallerUtilities.framework

EWSMac.framework

NyxAudioAnalysis.framework

PluginManager.framework

TSLicense.framework

iLifeFaceRecognition.framework

iLifeKit.framework

iLifePageLayout.framework

iLifeSQLAccess.framework

iLifeSlideshow.framework

iTunesLibrary.framework

/Library/Input Methods:

/Library/Internet Plug-Ins:

Default Browser.plugin

DivX Web Player.plugin

Flash Player.plugin

Flip4Mac WMV Plugin.plugin

Flip4Mac WMV Plugin.webplugin

JavaAppletPlugin.plugin

LogitechHarmony.plugin

OVSHelper.plugin

Quartz Composer.webplugin

QuickTime Plugin.plugin

SharePointBrowserPlugin.plugin

SharePointWebKitPlugin.webplugin

Silverlight.plugin

SnagitSafariScroller.webplugin

flashplayer.xpt

googletalkbrowserplugin.plugin

iPhotoPhotocast.plugin

nsIQTScriptablePlugin.xpt

o1dbrowserplugin.plugin

/Library/Keyboard Layouts:

/Library/LaunchAgents:

com.adobe.CS4ServiceManager.plist

com.divx.dms.agent.plist

com.divx.update.agent.plist

com.google.keystone.agent.plist

com.oracle.java.Java-Updater.plist

/Library/LaunchDaemons:

com.adobe.fpsaud.plist

com.adobe.versioncueCS4.plist

com.google.keystone.daemon.plist

com.microsoft.office.licensing.helper.plist

com.oracle.java.Helper-Tool.plist

/Library/PreferencePanes:

Flash Player.prefPane

Flip4Mac WMV.prefPane

JavaControlPanel.prefPane

VersionCueCS4.prefPane

/Library/PrivilegedHelperTools:

com.microsoft.office.licensing.helper

/Library/QuickLook:

GBQLGenerator.qlgenerator

iBooksAuthor.qlgenerator

iWork.qlgenerator

/Library/QuickTime:

AppleIntermediateCodec.component

AppleMPEG2Codec.component

/Library/ScriptingAdditions:

Adobe Unit Types.osax

/Library/Spotlight:

GBSpotlightImporter.mdimporter

LogicPro.mdimporter

Microsoft Office.mdimporter

iBooksAuthor.mdimporter

iWork.mdimporter

/Library/StartupItems:

/etc/mach_init.d:

/etc/mach_init_per_login_session.d:

/etc/mach_init_per_user.d:

Library/Address Book Plug-Ins:

SkypeABDialer.bundle

SkypeABSMS.bundle

Library/Fonts:

eurof35.ttf

eurof36.ttf

eurof55.ttf

eurof56.ttf

eurof75.ttf

eurof76.ttf

Library/Frameworks:

EWSMac.framework

Library/Input Methods:

.localized

Library/Internet Plug-Ins:

CitrixOnlineWebDeploymentPlugin.plugin

ZoomUsPlugIn.plugin

Library/Keyboard Layouts:

Library/LanguageModeling:

da-dynamic.lm

de-dynamic.lm

en-dynamic.lm

es-dynamic.lm

fr-dynamic.lm

it-dynamic.lm

nb-dynamic.lm

nl-dynamic.lm

pt-dynamic.lm

sv-dynamic.lm

tr-dynamic.lm

Library/LaunchAgents:

com.apple.CSConfigDotMacCert-email@hidden-SharedServices.Agent.plist

com.apple.FolderActions.enabled.plist

com.apple.FolderActions.folders.plist

com.jdibackup.ZipCloud.autostart.plist

com.jdibackup.ZipCloud.notify.plist

Library/PreferencePanes:

Library/Services:

.localized

drazeks-MacBook-Pro-2:~ drazek$ osascript -e 'tell application "System Events" to get name of every login item' 2> /dev/null

iTunesHelper, Mobile Mouse Server, BitTorrent, Dropbox, Google Chrome

drazeks-MacBook-Pro-2:~ drazek$