Adware/Malware Issue ?

Washac · Jun 3, 2016

The last few days have seen me getting a Adware/Malware program wanting me to allow access at bootup.

I use Malwarebytes to remove said program/programs.

Reboot and up pops another one.

I have run ClamXav which found a few suspicious items which I removed but still the problem persists.

EDIT: Just tried using Safari and Chrome and I get the Bing bar and Trovi search thing in both, I was getting this this Firefox also but thought I had removed it, seems there is a browser virus issue going on and recent checks and removels have NOT solved the issue.

Can anybody recommend any other programs that will clean and stop this from happening ?

Thanks

robert05au · Jun 3, 2016

for firefox and chrome check what extensios are showing as being used and also with firefox check the pliugins.
For firefox they can be found under the toolsd menu and addons.

Not really sure about safari.

I will do some more digging and post any further locations to check

I personally use Intego Internet Security X8 and don't seem to see these type of things.

Washac · Jun 3, 2016

robert05au said:
for firefox and chrome check what extensios are showing as being used and also with firefox check the pliugins.
For firefox they can be found under the toolsd menu and addons.

Not really sure about safari.

I will do some more digging and post any further locations to check

I personally use Intego Internet Security X8 and don't seem to see these type of things.

Yes I just did all the things to all three browsers that cure the issues but I just got yet another piece of adware/malware wanting connections, going to try your Intego program, or rather was until I see you pay per year

beachmusic · Jun 3, 2016

You could try Avira. I use it on all 7 of my mac's.
http://www.avira.com/en/free-antivirus-mac

Washac · Jun 3, 2016

beachmusic said:
You could try Avira. I use it on all 7 of my mac's.
http://www.avira.com/en/free-antivirus-mac

I was using ClamXav but that does not seem to deal with Adware/Malware, so I will try Avira as long asthere is no yearly charge and it deals with Adware/Malware.

Thanks

Old Muley · Jun 3, 2016

Here is some good information on removing the Trovi hijacker...

https://malwaretips.com/blogs/remove-trovi-mac-os-x/

I've also had good luck using AdwareMedic (now part of Malwarebytes) for dealing with these kind of issues in the past. You can find out more at: https://www.malwarebytes.org/

Weaselboy · Jun 3, 2016

Washac said:
The last few days have seen me getting a Adware/Malware program wanting me to allow access at bootup.

Download and run the app Etrecheck. It will create an anonymized report showing all launch items. Post the report here and we can take a look for you to help find what is causing this.

Washac · Jun 3, 2016

Weaselboy said:
Download and run the app Etrecheck. It will create an anonymized report showing all launch items. Post the report here and we can take a look for you to help find what is causing this.

There you go.......

EtreCheck version: 2.9.12 (265)
Report generated 2016-06-03 16:21:59
Download EtreCheck from https://etrecheck.com
Runtime 2:51
Performance: Excellent

Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.
Click the [Check files] link for help with unknown files.

Problem: Other problem

Hardware Information: ⓘ
Mac Pro (Early 2009)
[Technical Specifications] - [User Guide] - [Warranty & Service]
Mac Pro - model: MacPro4,1
1 2.66 GHz Quad-Core Intel Xeon CPU: 4-core
12 GB RAM Upgradeable - [Instructions]
DIMM 1
4 GB DDR3 ECC 1066 MHz ok
DIMM 2
4 GB DDR3 ECC 1066 MHz ok
DIMM 3
2 GB DDR3 ECC 1066 MHz ok
DIMM 4
2 GB DDR3 ECC 1066 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported

Video Information: ⓘ
AMD Radeon HD 7950 - VRAM: 3072 MB
iMac 1920 x 1200

System Software: ⓘ
OS X Mavericks 10.9.5 (13F1808) - Time since boot: about 5 hours

Disk Information: ⓘ
HL-DT-ST DVD-RW GH41N ()

HL-DT-ST DVD-RW GH41N ()

Hitachi HDE721064SLA360 disk0 : (640.14 GB) (Rotational)
EFI (disk0s1) <not mounted> : 210 MB
MacHD (disk0s2) /Volumes/ MacHD : 238.42 GB (178.99 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
BOOTCAMP (disk0s4) /Volumes/BOOTCAMP : 400.85 GB (146.89 GB free)

WDC WD20EZRX-00D8PB0 disk2 : (2 TB) (Rotational)
EFI (disk2s1) <not mounted> : 210 MB
Storage (disk2s2) /Volumes/Storage : 2.00 TB (437.38 GB free)

WDC WD10EARX-00PASB0 disk1 : (1 TB) (Rotational)
EFI (disk1s1) <not mounted> : 210 MB
MavericksHD (disk1s2) / : 999.21 GB (216.61 GB free)
Recovery HD (disk1s3) <not mounted> [Recovery]: 784 MB

USB Information: ⓘ
Apple, Inc. Keyboard Hub
Corsair Corsair M65 Gaming Mouse
Apple, Inc Apple Keyboard
Apple Inc. Display Audio
Apple Inc. Apple LED Cinema Display
Apple Inc. Display iSight
©Microsoft Xbox 360 Wireless Receiver for Windows
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller

Firewire Information: ⓘ
WD My Book 111D 800mbit - 800mbit max
EFI (disk3s1) <not mounted> : 210 MB
MavericksHD BackUp (disk3s2) /Volumes/MavericksHD BackUp : 999.18 GB (55.55 GB free)
Recovery HD (disk3s3) <not mounted> [Recovery]: 784 MB

Gatekeeper: ⓘ
Anywhere

Unknown Files: ⓘ
/Library/LaunchDaemons/com.abstemiousness.plist
/etc/abstemiousness.sh
/Library/LaunchDaemons/com.anapeiratic.plist
/etc/anapeiratic.sh
/Library/LaunchDaemons/com.bratling.plist
/etc/bratling.sh
/Library/LaunchDaemons/com.chestful.plist
/etc/chestful.sh
/Library/LaunchDaemons/com.ckb.daemon.plist
/Applications/ckb.app/Contents/Resources/ckb-daemon
/Library/LaunchDaemons/com.clinoprism.plist
/etc/clinoprism.sh
/Library/LaunchDaemons/com.ferrotitanium.plist
/etc/ferrotitanium.sh
/Library/LaunchDaemons/com.nonsharing.plist
/etc/nonsharing.sh
/Library/LaunchDaemons/com.pole.plist
/etc/pole.sh
/Library/LaunchDaemons/com.spongioplasm.plist
/etc/spongioplasm.sh
/Library/LaunchDaemons/com.urethritis.plist
/etc/urethritis.sh
/Library/LaunchDaemons/com.vajrasana.plist
/etc/vajrasana.sh
~/Library/LaunchAgents/com.ckb.ckb.plist
/Applications/ckb.app/Contents/MacOS/ckb --background
13 unknown files found. [Check files]

Kernel Extensions: ⓘ
/Library/Extensions
[loaded] com.avira.kext.FileAccessControl (1.2.2 - SDK 10.9 - 2016-06-03) [Support]
[loaded] com.squirrels.driver.AirParrotSpeakers (1.8 - SDK 10.8 - 2016-06-03) [Support]

/System/Library/Extensions
[not loaded] com.mice.driver.Xbox360Controller (1.0.0d13 - SDK 10.8 - 2016-06-03) [Support]
[loaded] com.orderedbytes.driver.ControllerMateFamily (4.4 - 2016-06-03) [Support]
[loaded] com.squirrels.airparrot.framebuffer (1.6 - SDK 10.8 - 2016-06-03) [Support]
[loaded] org.dungeon.driver.SATSMARTDriver (0.6 - SDK 10.6 - 2016-06-03) [Support]

/System/Library/Extensions/360Controller.kext/Contents/PlugIns
[not loaded] com.mice.driver.Wireless360Controller (1.0.0d13 - SDK 10.8 - 2013-10-11) [Support]
[loaded] com.mice.driver.WirelessGamingReceiver (1.0.0d13 - SDK 10.8 - 2013-10-11) [Support]

/System/Library/Extensions/ControllerMate.kext/Contents/PlugIns
[not loaded] com.orderedbytes.driver.CMADBDevices (4.3.10 - 2014-04-28) [Support]
[loaded] com.orderedbytes.driver.CMUSBDevices (4.4 - 2014-04-28) [Support]
[not loaded] com.orderedbytes.driver.CMUSBKeyboard (1.0 - 2014-04-28) [Support]
[not loaded] com.orderedbytes.driver.CMUSBPointer (1.0 - 2014-04-28) [Support]

/Volumes/ MacHD/Applications/TemperatureMonitor.app
[loaded] com.bresink.driver.BRESINKx86Monitoring (9.0 - 2012-07-30) [Support]

/Volumes/ MacHD/Applications/Toast 10 Titanium/Toast Titanium.app
[not loaded] com.roxio.BluRaySupport (1.1.6 - 2014-05-31) [Support]

/Volumes/ MacHD/Users/[redacted]/Library/Services/ToastIt.service/Contents/MacOS
[not loaded] com.roxio.TDIXController (2.0 - 2014-04-25) [Support]

/Volumes/MavericksHD BackUp/Applications/Parallels Desktop.app
[not loaded] com.parallels.kext.hidhook (9.0 24251.1052177 - 2016-02-19) [Support]
[not loaded] com.parallels.kext.hypervisor (9.0 24251.1052177 - 2016-02-19) [Support]
[not loaded] com.parallels.kext.netbridge (9.0 24251.1052177 - 2016-02-19) [Support]
[not loaded] com.parallels.kext.usbconnect (9.0 24251.1052177 - 2016-02-19) [Support]
[not loaded] com.parallels.kext.vnic (9.0 24251.1052177 - 2016-02-19) [Support]

System Launch Agents: ⓘ
[not loaded] 4 Apple tasks
[loaded] 140 Apple tasks
[running] 40 Apple tasks

System Launch Daemons: ⓘ
[not loaded] 47 Apple tasks
[loaded] 140 Apple tasks
[running] 62 Apple tasks

Launch Agents: ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (2014-04-26) [Support]
[loaded] com.avira.antivirus.general.agent.plist (2016-01-21) [Support]
[loaded] com.avira.antivirus.ipm.ui.plist (2016-01-21) [Support]
[loaded] com.avira.antivirus.notifications.agent.plist (2016-01-21) [Support]
[loaded] com.avira.antivirus.odscan.default.plist (2016-06-03) [Support]
[loaded] com.avira.antivirus.scheduler.agent.plist (2016-01-21) [Support]
[running] com.avira.antivirus.systray.plist (2016-01-21) [Support]
[loaded] com.avira.antivirus.telemetry.agent.plist (2016-01-21) [Support]
[failed] com.avira.antivirus.update.default.plist (2016-01-21) [Support]
[running] com.avira.helper.avstats.plist (2016-01-21) [Support]
[loaded] com.gog.galaxy.commservice.plist (2016-05-26) [Support]
[loaded] com.oracle.java.Java-Updater.plist (2014-05-06) [Support]
[running] com.orderedbytes.ControllerMateHelper.plist (2014-04-28) [Support]
[loaded] org.macosforge.xquartz.startx.plist (2015-10-16) [Support]

Launch Daemons: ⓘ
[failed] com.abstemiousness.plist (2016-06-03) [Support]
[failed] com.adobe.fpsaud.plist (2016-05-09) [Support]
[failed] com.anapeiratic.plist (2016-06-03) [Support]
[loaded] com.avira.antivirus.dbcleaner.plist (2016-01-21) [Support]
[loaded] com.avira.antivirus.ipm.loader.plist (2016-01-21) [Support]
[running] com.avira.helper.watchdox.plist (2016-01-21) [Support]
[loaded] com.bombich.ccc.plist (2014-04-26) [Support]
[running] com.bombich.ccchelper.plist (2016-05-25) [Support]
[failed] com.bratling.plist (2016-06-01) [Support]
[failed] com.chestful.plist (2016-06-02) [Support]
[failed] com.ckb.daemon.plist (2015-08-26) [Support]
[running] com.cleverfiles.cfbackd.plist (2016-01-03) [Support]
[failed] com.clinoprism.plist (2016-06-03) [Support]
[loaded] com.ea.origin.ESHelper.plist (2014-06-25) [Support]
[failed] com.ferrotitanium.plist (2016-06-01) [Support]
[loaded] com.gog.galaxy.clientservice.plist (2016-05-26) [Support]
[loaded] com.malwarebytes.MBAMHelperTool.plist (2016-01-09) [Support]
[running] com.mice.360Daemon.plist (2013-10-08) [Support]
[failed] com.nonsharing.plist (2016-06-03) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2014-05-06) [Support]
[loaded] com.paragon-software.camptunex.helper.plist (2016-02-16) [Support]
[loaded] com.paragon-software.camptunex.installer.plist (2016-02-16) [Support]
[failed] com.pole.plist (2016-06-03) [Support]
[failed] com.spongioplasm.plist (2016-06-03) [Support]
[failed] com.urethritis.plist (2016-06-01) [Support]
[loaded] com.vajrasana.plist (2016-06-03) [Support]
[loaded] org.macosforge.xquartz.privileged_startx.plist (2015-10-16) [Support]

User Launch Agents: ⓘ
[running] com.amazon.music.plist (2015-10-05) [Support]
[failed] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist
[failed] com.ckb.ckb.plist (2015-10-17) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-03) [Support]

User Login Items: ⓘ
Temperature Monitor Application (/Applications/TemperatureMonitor.app)
BootChamp Application (/Applications/BootChamp.app)
Brightness Slider Application (/Applications/Brightness Slider.app)
Android File Transfer Agent Application (~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)
MacGameStore Helper Application (~/Library/Application Support/MacGameStore.com/Helper/MacGameStore Helper.app)
CCC User Agent Application (/Applications/Utilities/Carbon Copy Cloner/Carbon Copy Cloner.app/Contents/Library/LoginItems/CCC User Agent.app)

Other Apps: ⓘ
[loaded] 0x7fc695100ff0.mach_init.Inspector
[running] anabrosisUpd.plist
[running] com.bombich.cccuseragent.1483360
[running] com.bresink.system.tempmonitor.695760
[running] com.etresoft.EtreCheck.1641056
[running] com.google.android.mtpagent.1413488
[running] com.kainjow.BootChamp.891472
[running] com.macgamestore.helper.836736
[running] com.malwarebytes.Malwarebytes-Anti-Malware-Service
[running] com.malwarebytes.antimalware.1414192
[running] net.ACT-Productions.Brightness-Control.1345376
[running] org.mozilla.firefox.10944
[loaded] 450 Apple tasks
[running] 320 Apple tasks

Internet Plug-ins: ⓘ
Silverlight: 5.1.30514.0 - SDK 10.6 (2015-02-13) [Support]
FlashPlayer-10.6: 21.0.0.242 - SDK 10.6 (2016-05-18) [Support]
QuickTime Plugin: 7.7.3 (2016-06-01)
Flash Player: 21.0.0.242 - SDK 10.6 (2016-05-18) [Support]
JavaAppletPlugin: Java 8 Update 91 build 14 (2016-04-24) Check version
Default Browser: 537 - SDK 10.9 (2014-09-18)

Safari Extensions: ⓘ
OpenIE - Parallels - http://www.parallels.com (2014-10-27)

3rd Party Preference Panes: ⓘ
Flash Player (2016-05-09) [Support]
Java (2016-04-24) [Support]
XBox 360 Controllers (2013-10-11) [Support]

Time Machine: ⓘ
Time Machine not configured!

Top Processes by CPU: ⓘ
29% com.malwarebytes.Malwarebytes-Anti-Malware-Service
4% WindowServer
4% fontd
3% TemperatureMonitor
1% Dock

Top Processes by Memory: ⓘ
907 MB kernel_task
651 MB firefox
442 MB savapi
221 MB avguard.bin
197 MB com.apple.IconServicesAgent(3)

Virtual Memory Information: ⓘ
4.50 GB Free RAM
6.73 GB Used RAM (3.69 GB Cached)
0 B Swap Used

Diagnostics Information: ⓘ
Jun 3, 2016, 10:23:02 AM Self test - passed

Weaselboy · Jun 3, 2016

Washac said:
Unknown Files: ⓘ
/Library/LaunchDaemons/com.abstemiousness.plist
/etc/abstemiousness.sh
/Library/LaunchDaemons/com.anapeiratic.plist
/etc/anapeiratic.sh
/Library/LaunchDaemons/com.bratling.plist
/etc/bratling.sh
/Library/LaunchDaemons/com.chestful.plist
/etc/chestful.sh
/Library/LaunchDaemons/com.ckb.daemon.plist
/Applications/ckb.app/Contents/Resources/ckb-daemon
/Library/LaunchDaemons/com.clinoprism.plist
/etc/clinoprism.sh
/Library/LaunchDaemons/com.ferrotitanium.plist
/etc/ferrotitanium.sh
/Library/LaunchDaemons/com.nonsharing.plist
/etc/nonsharing.sh
/Library/LaunchDaemons/com.pole.plist
/etc/pole.sh
/Library/LaunchDaemons/com.spongioplasm.plist
/etc/spongioplasm.sh
/Library/LaunchDaemons/com.urethritis.plist
/etc/urethritis.sh
/Library/LaunchDaemons/com.vajrasana.plist
/etc/vajrasana.sh
com.ckb.ckb.plist
/Applications/ckb.app/Contents/MacOS/ckb --background
13 unknown files found. [Check files]

I think this is your issue here. Read over an earlier thread here on this issue. Pay attention to posts #18 and #19. Also see my post #8 there to determine if you have the hidden user account mentioned in that thread.

This looks like the same adware mentioned in that thread, but I think you already got rid of the underlying adware with MalwareBytes, and these plists are the leftovers. What that adware does is make these random plists to launch the script files in /etc/ on the list. The plists names are completely random and this explains why Google turns up nothing for "com.clinoprism.plist" for example.

Here is what I would do now. Boot while holding the shift key to do a safe mode boot. That will stop all this stuff from launching at boot.

Then follow the instructions in my post #8 in the other thread to look for and delete the hidden user account if it is there.

Then go to these folders and delete the files in the list above.

Code:

/Library/LaunchDaemons/

~/Library/LaunchDaemons/

/etc/

Note the ~ is your users folder.

Once you are all done, reboot normally and do another Etrecheck report to make sure you got everything.

Washac · Jun 3, 2016

Weaselboy said:
I think this is your issue here. Read over an earlier thread here on this issue. Pay attention to posts #18 and #19. Also see my post #8 there to determine if you have the hidden user account mentioned in that thread.

This looks like the same adware mentioned in that thread, but I think you already got rid of the underlying adware with MalwareBytes, and these plists are the leftovers. What that adware does is make these random plists to launch the script files in /etc/ on the list. The plists names are completely random and this explains why Google turns up nothing for "com.clinoprism.plist" for example.

Here is what I would do now. Boot while holding the shift key to do a safe mode boot. That will stop all this stuff from launching at boot.

Then follow the instructions in my post #8 in the other thread to look for and delete the hidden user account if it is there.

Then go to these folders and delete the files in the list above.

Code:

/Library/LaunchDaemons/ ~/Library/LaunchDaemons/ /etc/

Note the ~ is your users folder.

Once you are all done, reboot normally and do another Etrecheck report to make sure you got everything.

How it looks now

EtreCheck version: 2.9.12 (265)
Report generated 2016-06-03 19:26:22
Download EtreCheck from https://etrecheck.com
Runtime 5:27
Performance: Below Average

Click the [Support] links for help with non-Apple products.
Click the [Details] links for more information about that line.

Problem: Other problem

Hardware Information: ⓘ
Mac Pro (Early 2009)
[Technical Specifications] - [User Guide] - [Warranty & Service]
Mac Pro - model: MacPro4,1
1 2.66 GHz Quad-Core Intel Xeon CPU: 4-core
12 GB RAM Upgradeable - [Instructions]
DIMM 1
4 GB DDR3 ECC 1066 MHz ok
DIMM 2
4 GB DDR3 ECC 1066 MHz ok
DIMM 3
2 GB DDR3 ECC 1066 MHz ok
DIMM 4
2 GB DDR3 ECC 1066 MHz ok
Bluetooth: Old - Handoff/Airdrop2 not supported

Video Information: ⓘ
AMD Radeon HD 7950 - VRAM: 3072 MB
iMac 1920 x 1200

System Software: ⓘ
OS X Mavericks 10.9.5 (13F1808) - Time since boot: less than an hour

Disk Information: ⓘ
HL-DT-ST DVD-RW GH41N ()

HL-DT-ST DVD-RW GH41N ()

Hitachi HDE721064SLA360 disk0 : (640.14 GB) (Rotational)
EFI (disk0s1) <not mounted> : 210 MB
MacHD (disk0s2) /Volumes/ MacHD : 238.42 GB (178.99 GB free)
Recovery HD (disk0s3) <not mounted> [Recovery]: 650 MB
BOOTCAMP (disk0s4) /Volumes/BOOTCAMP : 400.85 GB (146.89 GB free)

WDC WD20EZRX-00D8PB0 disk2 : (2 TB) (Rotational)
EFI (disk2s1) <not mounted> : 210 MB
Storage (disk2s2) /Volumes/Storage : 2.00 TB (437.38 GB free)

WDC WD10EARX-00PASB0 disk1 : (1 TB) (Rotational)
EFI (disk1s1) <not mounted> : 210 MB
MavericksHD (disk1s2) / : 999.21 GB (227.87 GB free)
Recovery HD (disk1s3) <not mounted> [Recovery]: 784 MB

USB Information: ⓘ
Apple, Inc. Keyboard Hub
Corsair Corsair M65 Gaming Mouse
Apple, Inc Apple Keyboard
Apple Inc. Display iSight
Apple Inc. Apple LED Cinema Display
Apple Inc. Display Audio
Apple Inc. BRCM2046 Hub
Apple Inc. Bluetooth USB Host Controller
©Microsoft Xbox 360 Wireless Receiver for Windows

Firewire Information: ⓘ
WD My Book 111D 800mbit - 800mbit max
EFI (disk3s1) <not mounted> : 210 MB
MavericksHD BackUp (disk3s2) /Volumes/MavericksHD BackUp : 999.18 GB (51.14 GB free)
Recovery HD (disk3s3) <not mounted> [Recovery]: 784 MB

Gatekeeper: ⓘ
Anywhere

Kernel Extensions: ⓘ
/Library/Application Support/Avast/components/fileshield/unsigned
[loaded] com.avast.AvastFileShield (3.0.0 - SDK 10.10 - 2016-05-24) [Support]

/Library/Application Support/Avast/components/proxy/unsigned
[loaded] com.avast.PacketForwarder (2.1 - SDK 10.10 - 2016-05-24) [Support]

/Library/Application Support/Roxio
[not loaded] com.roxio.TDIXController (2.0 - 2015-04-18) [Support]

/Library/Extensions
[loaded] com.squirrels.driver.AirParrotSpeakers (1.8 - SDK 10.8 - 2016-06-03) [Support]

/Library/StartupItems/BRESINKx86Monitoring
[loaded] com.bresink.driver.BRESINKx86Monitoring (9.0 - 2014-04-26) [Support]

/System/Library/Extensions
[not loaded] com.mice.driver.Xbox360Controller (1.0.0d13 - SDK 10.8 - 2016-06-03) [Support]
[loaded] com.orderedbytes.driver.ControllerMateFamily (4.4 - 2016-06-03) [Support]
[loaded] com.squirrels.airparrot.framebuffer (1.6 - SDK 10.8 - 2016-06-03) [Support]
[loaded] org.dungeon.driver.SATSMARTDriver (0.6 - SDK 10.6 - 2016-06-03) [Support]

/System/Library/Extensions/360Controller.kext/Contents/PlugIns
[not loaded] com.mice.driver.Wireless360Controller (1.0.0d13 - SDK 10.8 - 2013-10-11) [Support]
[loaded] com.mice.driver.WirelessGamingReceiver (1.0.0d13 - SDK 10.8 - 2013-10-11) [Support]

/System/Library/Extensions/ControllerMate.kext/Contents/PlugIns
[not loaded] com.orderedbytes.driver.CMADBDevices (4.3.10 - 2014-04-28) [Support]
[loaded] com.orderedbytes.driver.CMUSBDevices (4.4 - 2014-04-28) [Support]
[not loaded] com.orderedbytes.driver.CMUSBKeyboard (1.0 - 2014-04-28) [Support]
[not loaded] com.orderedbytes.driver.CMUSBPointer (1.0 - 2014-04-28) [Support]

System Launch Agents: ⓘ
[not loaded] 4 Apple tasks
[loaded] 148 Apple tasks
[running] 32 Apple tasks

System Launch Daemons: ⓘ
[not loaded] 47 Apple tasks
[loaded] 143 Apple tasks
[running] 59 Apple tasks

Launch Agents: ⓘ
[not loaded] com.adobe.AAM.Updater-1.0.plist (2014-04-26) [Support]
[running] com.avast.update-agent.plist (2016-06-03) [Support]
[loaded] com.avast.userinit.plist (2016-06-03) [Support]
[loaded] com.gog.galaxy.commservice.plist (2016-05-26) [Support]
[loaded] com.oracle.java.Java-Updater.plist (2014-05-06) [Support]
[running] com.orderedbytes.ControllerMateHelper.plist (2014-04-28) [Support]
[loaded] org.macosforge.xquartz.startx.plist (2015-10-16) [Support]

Launch Daemons: ⓘ
[loaded] com.adobe.fpsaud.plist (2016-05-09) [Support]
[loaded] com.avast.init.plist (2016-06-03) [Support]
[loaded] com.avast.uninstall.plist (2016-06-03) [Support]
[loaded] com.avast.update.plist (2016-06-03) [Support]
[loaded] com.bombich.ccc.plist (2014-04-26) [Support]
[running] com.bombich.ccchelper.plist (2016-05-25) [Support]
[running] com.cleverfiles.cfbackd.plist (2016-01-03) [Support]
[loaded] com.ea.origin.ESHelper.plist (2014-06-25) [Support]
[loaded] com.gog.galaxy.clientservice.plist (2016-05-26) [Support]
[loaded] com.malwarebytes.MBAMHelperTool.plist (2016-01-09) [Support]
[running] com.mice.360Daemon.plist (2013-10-08) [Support]
[loaded] com.oracle.java.Helper-Tool.plist (2014-05-06) [Support]
[loaded] com.paragon-software.camptunex.helper.plist (2016-02-16) [Support]
[loaded] com.paragon-software.camptunex.installer.plist (2016-02-16) [Support]
[loaded] org.macosforge.xquartz.privileged_startx.plist (2015-10-16) [Support]

User Launch Agents: ⓘ
[running] com.amazon.music.plist (2015-10-05) [Support]
[failed] com.apple.CSConfigDotMacCert-[...]@me.com-SharedServices.Agent.plist
[loaded] com.avast.home.userinit.plist (2016-06-03) [Support]
[loaded] com.google.keystone.agent.plist (2016-03-03) [Support]

User Login Items: ⓘ
Temperature Monitor Application (/Applications/TemperatureMonitor.app)
BootChamp Application (/Applications/BootChamp.app)
Brightness Slider Application (/Applications/Brightness Slider.app)
Android File Transfer Agent Application (~/Library/Application Support/Google/Android File Transfer/Android File Transfer Agent.app)
MacGameStore Helper Application (~/Library/Application Support/MacGameStore.com/Helper/MacGameStore Helper.app)
CCC User Agent Application (/Applications/Utilities/Carbon Copy Cloner/Carbon Copy Cloner.app/Contents/Library/LoginItems/CCC User Agent.app)

Other Apps: ⓘ
[loaded] 0x7fb7fb501b60.mach_init.Inspector
[loaded] com.avast.account
[running] com.avast.daemon
[running] com.avast.fileshield
[running] com.avast.helper
[running] com.avast.proxy
[running] com.avast.service
[running] com.bombich.cccuseragent.26960
[running] com.bresink.system.tempmonitor.10944
[running] com.etresoft.EtreCheck.47728
[running] com.google.android.mtpagent.8832
[running] com.kainjow.BootChamp.27312
[running] com.macgamestore.helper.47904
[running] net.ACT-Productions.Brightness-Control.27840
[loaded] 451 Apple tasks
[running] 270 Apple tasks

Internet Plug-ins: ⓘ
Silverlight: 5.1.30514.0 - SDK 10.6 (2015-02-13) [Support]
FlashPlayer-10.6: 21.0.0.242 - SDK 10.6 (2016-05-18) [Support]
QuickTime Plugin: 7.7.3 (2016-06-01)
Flash Player: 21.0.0.242 - SDK 10.6 (2016-05-18) [Support]
JavaAppletPlugin: Java 8 Update 91 build 14 (2016-04-24) Check version
Default Browser: 537 - SDK 10.9 (2014-09-18)

Safari Extensions: ⓘ
OpenIE - Parallels - http://www.parallels.com (2014-10-27)

3rd Party Preference Panes: ⓘ
Flash Player (2016-05-09) [Support]
Java (2016-04-24) [Support]
XBox 360 Controllers (2013-10-11) [Support]

Time Machine: ⓘ
Time Machine not configured!

Top Processes by CPU: ⓘ
5% fontd
0% WindowServer
0% kernel_task
0% aosnotifyd

Top Processes by Memory: ⓘ
707 MB kernel_task
639 MB com.apple.IconServicesAgent
172 MB mds_stores
160 MB com.avast.daemon
111 MB Finder

Virtual Memory Information: ⓘ
3.26 GB Free RAM
8.73 GB Used RAM (6.87 GB Cached)
0 B Swap Used

Diagnostics Information: ⓘ
Jun 3, 2016, 07:19:57 PM ~/Library/Logs/DiagnosticReports/Finder_2016-06-03-191957_[redacted].crash
com.apple.finder - /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
Jun 3, 2016, 07:17:25 PM Self test - passed

Weaselboy · Jun 3, 2016

Washac said:
How it looks now

Much better! Looks like you got rid of it all. Everything seem back to normal now?

Washac · Jun 3, 2016

Weaselboy said:
Much better! Looks like you got rid of it all. Everything seem back to normal now?

Thanks for your assistance

Bigg_Erok · Jun 3, 2016

Washac said:
The last few days have seen me getting a Adware/Malware program wanting me to allow access at bootup.

I use Malwarebytes to remove said program/programs.

Reboot and up pops another one.

I have run ClamXav which found a few suspicious items which I removed but still the problem persists.

EDIT: Just tried using Safari and Chrome and I get the Bing bar and Trovi search thing in both, I was getting this this Firefox also but thought I had removed it, seems there is a browser virus issue going on and recent checks and removels have NOT solved the issue.

Can anybody recommend any other programs that will clean and stop this from happening ?

Thanks

Trovi is the culprit. I saw that add-on all the time when I was working the Genius Bar. You also need to check the Applications folder for any apps you didn't install. Things like MegaBackup and ZipCloud. They are installed at the same time and while they're pretty harmless on the whole, if you didn't install it, it shouldn't be there.

Washac · Jun 4, 2016

Bigg_Erok said:
Trovi is the culprit. I saw that add-on all the time when I was working the Genius Bar. You also need to check the Applications folder for any apps you didn't install. Things like MegaBackup and ZipCloud. They are installed at the same time and while they're pretty harmless on the whole, if you didn't install it, it shouldn't be there.

I have looked and can see nothing in applications that should not be there.

Thanks for the information.

nikishniki · Jun 17, 2019

Weaselboy said:
I think this is your issue here. Read over an earlier thread here on this issue. Pay attention to posts #18 and #19. Also see my post #8 there to determine if you have the hidden user account mentioned in that thread.

This looks like the same adware mentioned in that thread, but I think you already got rid of the underlying adware with MalwareBytes, and these plists are the leftovers. What that adware does is make these random plists to launch the script files in /etc/ on the list. The plists names are completely random and this explains why Google turns up nothing for "com.clinoprism.plist" for example.

Here is what I would do now. Boot while holding the shift key to do a safe mode boot. That will stop all this stuff from launching at boot.

Then follow the instructions in my post #8 in the other thread to look for and delete the hidden user account if it is there.

Then go to these folders and delete the files in the list above.

Code:

/Library/LaunchDaemons/ ~/Library/LaunchDaemons/ /etc/

Note the ~ is your users folder.

Once you are all done, reboot normally and do another Etrecheck report to make sure you got everything.

Hi there I'm having the same problem, qsearch keeps changing into my search engine and then apple virus keeps opening in a tab. Also, something keeps on popping about an installation done covering the extension manager on safari. I'm not really a techy person I'm not sure what I'm dealing with and what to do please help

EtreCheck version: 5.2 (5029)

Report generated: 2019-06-18 10:13:36

Download EtreCheck from https://etrecheck.com

Runtime: 4:36

Performance: Good

Sandbox: Enabled

Full drive access: Disabled

Problem: Other problem

Major Issues:

Anything that appears on this list needs immediate attention.

No Time Machine backup - Time Machine backup not found.

Unsigned files - There are unsigned software files installed that could be adware and should be reviewed.

Minor Issues:

These issues do not need immediate attention but they may indicate future problems or opportunities for improvement.

32-bit Apps - This machine has 32-bits apps will not work after macOS 10.14 “Mojave”.

Limited drive access - More information may be available with Full Drive Access.

Hardware Information:

iMac (21.5-inch, Late 2012)

iMac Model: iMac13,1

1 2.7 GHz Intel Core i5 (i5-3330S) CPU: 4-core

8 GB RAM - Upgradeable

BANK 0/DIMM0 - 4 GB DDR3 1600 ok

BANK 1/DIMM0 - 4 GB DDR3 1600 ok

Video Information:

NVIDIA GeForce GT 640M - VRAM: 512 MB

iMac 1920 x 1080

Drives:

disk0 - APPLE HDD ST1000LM024 1.00 TB (Mechanical - 5400 RPM)

Internal SATA 3 Gigabit Serial ATA

disk0s1 - EFI (MS-DOS FAT32) [EFI] 210 MB

disk0s2 - Macintosh HD (Journaled HFS+) 900.21 GB (289.49 GB used)

disk0s3 - Recovery HD (Journaled HFS+) [Recovery] 650 MB

disk0s4 - B******P (MS-DOS FAT12) 99.00 GB (87.87 GB used)

Mounted Volumes:

disk0s2 - Macintosh HD 900.21 GB (610.46 GB free)

Journaled HFS+

Mount point: /

disk0s4 - B******P 99.00 GB (11.13 GB free)

MS-DOS FAT12

Mount point: /Volumes/B******P

Network:

Interface en0: Ethernet

Interface en5: iPhone

Interface en1: Wi-Fi

802.11 a/b/g/n

Interface en4: Bluetooth PAN

Interface bridge0: Thunderbolt Bridge

System Software:

macOS High Sierra 10.13.6 (17G65)

Time since boot: About 2 hours

Notifications:

Notifications not available without Full Drive Access.

Security:

Gatekeeper: Enabled

System Integrity Protection: Enabled

Antivirus apps: MalwareBytes

Unsigned Files:

Launchd: ~/Library/LaunchAgents/com.google.keystone.xpcservice.plist

Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode xpchost

Details: Restrictive config permissions - possibly adware

Launchd: ~/Library/LaunchAgents/com.valvesoftware.steamclean.plist

Executable: ~/Library/Application Support/Steam/SteamApps/steamclean Public

Details: Exact match found in the whitelist - probably OK

Launchd: ~/Library/LaunchAgents/com.google.keystone.agent.plist

Executable: ~/Library/Google/GoogleSoftwareUpdate/GoogleSoftwareUpdate.bundle/Contents/Resources/GoogleSoftwareUpdateAgent.app/Contents/MacOS/GoogleSoftwareUpdateAgent -runMode ifneeded

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/org.virtualbox.startup.plist

Executable: /Library/Application Support/VirtualBox/LaunchDaemons/VirtualBoxStartup.sh restart

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.netease.nemu.startup.plist

Executable: /Library/Application Support/Nemu/Startup.sh restart

Launchd: ~/Library/LaunchAgents/com.PowerLog.plist

Executable: ~/Library/PowerLog/PowerLog.app/Contents/MacOS/PowerLog

Details: Restrictive config permissions - possibly adware

Launchd: ~/Library/LaunchAgents/com.utilityData.plist

Executable: ~/Library/utilityData/utilityData.app/Contents/MacOS/utilityData

Details: Restrictive config permissions - possibly adware

Launchd: /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

Executable: /Library/PrivilegedHelperTools/com.microsoft.office.licensing.helper

Details: Exact match found in the whitelist - probably OK

Launchd: /Library/LaunchDaemons/com.wacom.UpdateHelper.plist

Executable: /Library/PrivilegedHelperTools/com.wacom.UpdateHelper.app/Contents/MacOS/com.wacom.UpdateHelper

Details: Exact match found in the whitelist - probably OK

32-bit Applications:

19 32-bit apps

Kernel Extensions:

/Library/Application Support/Malwarebytes/MBAM/Kext

MB_MBAM_Protection.kext (Malwarebytes Corporation, 3.8 - SDK 10.14)

/Library/Application Support/Nemu

NemuDrv.kext (NetEase Information Technology (Beijing) Co., Ltd., 15.2.97)

/Library/Application Support/VirtualBox

VBoxDrv.kext (Oracle America, Inc., 5.2.14)

VBoxNetAdp.kext (Oracle America, Inc., 5.2.14)

VBoxNetFlt.kext (Oracle America, Inc., 5.2.14)

VBoxUSB.kext (Oracle America, Inc., 5.2.14)

/Library/Extensions

FTDIKext.kext (Wacom Technology Corp., 1.0 - SDK 10.13)

iShowU Audio Capture.kext (Shiny White Box Limited, 1.0.4 - SDK 10.13)

Wacom Tablet.kext (Wacom Technology Corp., Wacom Tablet 6.3.32-3 - SDK 10.13)

System Launch Agents:

[Not Loaded] 15 Apple tasks

[Loaded] 163 Apple tasks

[Running] 115 Apple tasks

[Other] One Apple task

System Launch Daemons:

[Not Loaded] 38 Apple tasks

[Loaded] 182 Apple tasks

[Running] 115 Apple tasks

Launch Agents:

[Not Loaded] com.adobe.AAM.Updater-1.0.plist (? ffb65062 - installed 2018-08-14)

[Other] com.adobe.ARMDCHelper.cc24aef4a1b90ed56a725c38014c95072f92651fb65e1bf9c8e43c37a23d420d.plist (Adobe Systems, Inc. - installed 2018-08-15)

[Running] com.adobe.AdobeCreativeCloud.plist (Adobe Systems, Inc. - installed 2018-02-07)

[Running] com.adobe.GC.AGM.plist (Adobe Systems, Inc. - installed 2019-05-17)

[Not Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2019-05-17)

[Running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2019-05-10)

[Running] com.wacom.DataStoreMgr.plist (Wacom Technology Corp. - installed 2018-12-04)

[Running] com.wacom.DisplayMgr.plist (Wacom Technology Corp. - installed 2018-12-04)

[Running] com.wacom.wacomtablet.plist (Wacom Technology Corp. - installed 2018-12-04)

Launch Daemons:

[Loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2018-08-15)

[Loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2018-08-15)

[Loaded] com.adobe.acc.installer.plist (Adobe Systems, Inc. - installed 2018-02-07)

[Loaded] com.adobe.agsservice.plist (Adobe Systems, Inc. - installed 2019-05-17)

[Loaded] com.bombich.ccchelper.plist (? bc948f55 - installed 2018-10-16)

[Loaded] com.ea.origin.ESHelper.plist (EA Swiss Sarl - installed 2019-05-22)

[Running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2019-05-25)

[Running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2019-05-10)

[Loaded] com.microsoft.autoupdate.helper.plist (Microsoft Corporation - installed 2018-09-19)

[Loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e - installed 2010-08-25)

[Loaded] com.microsoft.office.licensingV2.helper.plist (Microsoft Corporation - installed 2018-09-19)

[Not Loaded] com.netease.nemu.startup.plist (? bb2a5dba - installed 2019-04-26)

[Loaded] com.paragon-software.installer.plist (Paragon Software GmbH - installed 2018-01-15)

[Loaded] com.shinywhitebox.iShowUAudioDaemon.plist (Shiny White Box Limited - installed 2019-02-25)

[Running] com.wacom.UpdateHelper.plist (? 247c9951 - installed 2018-12-04)

[Loaded] com.wacom.displayhelper.plist (Apple - installed 2018-12-04)

[Not Loaded] org.virtualbox.startup.plist (? 700b9385 - installed 2019-04-26)

User Launch Agents:

[Loaded] com.PowerLog.plist (? 0 - installed 2019-05-21)

[Loaded] com.adobe.GC.Invoker-1.0.plist (Adobe Systems, Inc. - installed 2018-03-10)

[Loaded] com.ea.origin.WebHelper.plist (EA Swiss Sarl - installed 2019-05-24)

[Loaded] com.google.keystone.agent.plist (? 0 - installed 2019-05-10)

[Loaded] com.google.keystone.xpcservice.plist (? 0 - installed 2019-05-10)

[Loaded] com.utilityData.plist (? 0 - installed 2019-05-21)

[Loaded] com.valvesoftware.steamclean.plist (? 0 - installed 2019-04-20)

Internet Plug-ins:

AdobePDFViewerNPAPI: 17.012.20098 (Adobe Systems, Inc. - installed 2018-08-14)

AdobePDFViewer: 18.009.20050 (Adobe Systems, Inc. - installed 2018-08-14)

AdobeAAMDetect: 3.0.0.0 (Adobe Systems, Inc. - installed 2018-02-07)

SharePointBrowserPlugin: 14.1.0 (? - installed 2017-09-27)

Audio Plug-ins:

BluetoothAudioPlugIn: 6.0.7 (Apple - installed 2018-08-15)

iSightAudio: 7.7.3 (Apple - installed 2018-08-15)

AirPlay: 2.0 (Apple - installed 2018-08-15)

AppleAVBAudio: 680.2 (Apple - installed 2018-08-15)

BridgeAudioSP: 4.20.2 (Apple - installed 2018-08-15)

AppleTimeSyncAudioClock: 1.0 (Apple - installed 2018-08-15)

3rd Party Preference Panes:

WacomTablet (installed 2018-12-04)

Time Machine:

Time Machine Not Configured!

Performance:

System Load: 3.58 (1 min ago) 3.44 (5 min ago) 2.87 (15 min ago)

Nominal I/O speed: 1.25 MB/s

File system: 34.89 seconds

Write speed: 78 MB/s

Read speed: 87 MB/s

CPU Usage Snapshot:

Type Overall

System 5 %

User 10 %

Idle 85 %

Top Processes Snapshot by CPU:

Process (count) CPU (Source - Location)

Other processes 45.09 % (?)

EtreCheck 5.23 % (App Store)

Google Chrome 1.53 % (Google, Inc.)

mdworker (7) 1.42 % (Apple)

WhatsApp 1.22 % (WhatsApp Inc.)

Top Processes Snapshot by Memory:

Process (count) RAM usage (Source - Location)

EtreCheck 447 MB (App Store)

Google Chrome 298 MB (Google, Inc.)

Adobe Photoshop CC 2018 264 MB (Adobe Systems, Inc.)

Google Chrome Helper 124 MB (Google, Inc.)

WhatsApp 82 MB (WhatsApp Inc.)

Top Processes Snapshot by Network Use:

Process Input / Output (Source - Location)

mDNSResponder 169 KB / 84 KB (Apple)

WhatsApp 30 KB / 7 KB (WhatsApp Inc.)

apsd 5 KB / 5 KB (Apple)

netbiosd 810 B / 558 B (Apple)

SystemUIServer 0 B / 80 B (Apple)

Virtual Memory Information:

Physical RAM: 8 GB

Free RAM: 18 MB

Used RAM: 6.49 GB

Cached files: 1.49 GB

Available RAM: 1.51 GB

Swap Used: 0 B

Software Installs (past 30 days):

Install Date Name (Version)

2019-05-25 Malwarebytes for Mac

2019-06-07 Gatekeeper Configuration Data (167)

2019-06-18 EtreCheck (5.2)

Diagnostics Information (past 7 days):

Directory /Library/Logs/DiagnosticReports is not accessible.

Enable Full Drive Access to see more information.

End of report

Weaselboy · Jun 18, 2019

Launchd: /Library/LaunchDaemons/com.netease.nemu.startup.plist

Launchd: ~/Library/LaunchAgents/com.PowerLog.plist

Launchd: ~/Library/LaunchAgents/com.utilityData.plist

I would remove these to start with and also check to see what Safari extensions you have enabled.

nikishniki · Jun 18, 2019

Weaselboy said:
Launchd: /Library/LaunchDaemons/com.netease.nemu.startup.plist

Launchd: ~/Library/LaunchAgents/com.PowerLog.plist

Launchd: ~/Library/LaunchAgents/com.utilityData.plist

I would remove these to start with and also check to see what Safari extensions you have enabled.

Thank you so much for the reply!!! I already removed the things listed above. There's nothing on my Safari extensions also on Google Chrome (I use Google Chrome, that's where the tab keeps opening and the search engine keeps changing).

Weaselboy · Jun 19, 2019

nikishniki said:
Thank you so much for the reply!!! I already removed the things listed above. There's nothing on my Safari extensions also on Google Chrome (I use Google Chrome, that's where the tab keeps opening and the search engine keeps changing).

Try this just as a test. Hold the shift key down as you restart. That will start in safe mode that stops all launch and strartup item from running. Does the problem still occur in safe mode? If is does, that proves it is one of the startup or launch items causing this.

nikishniki · Jun 19, 2019

Weaselboy said:
Try this just as a test. Hold the shift key down as you restart. That will start in safe mode that stops all launch and strartup item from running. Does the problem still occur in safe mode? If is does, that proves it is one of the startup or launch items causing this.

Hi, I tried doing what you said and it doesn't seem to be popping up. What would be my next step? Also is it normal for the screen to keep looking like it's sliding up when it's in safe mode? Thank you again!

Weaselboy · Jun 20, 2019

nikishniki said:
Hi, I tried doing what you said and it doesn't seem to be popping up. What would be my next step? Also is it normal for the screen to keep looking like it's sliding up when it's in safe mode? Thank you again!

Safe mode turns off graphics acceleration, so the screen can refresh more slowly. Is that what you are seeing?

Okay... if the problem is gone in safe mode, that pretty much proves it is a launch or startup item causing this. There is no magic way to figure this out short of jusyt start removing those items listed in these folders in the Etrecheck report and restart and test. What I would do it print out the Etrecheck report and use it as a work sheet then remove half the items on the list at a time and restart each time to test until you narrow it down.

~/Library/LaunchAgents (~ is your users folder)
/Library/LaunchAgents
/Library/LaunchDaemons
/Library/StartupItems
/Library/Extensions
/System/Library/Extensions/

nikishniki · Jun 20, 2019

Weaselboy said:
Safe mode turns off graphics acceleration, so the screen can refresh more slowly. Is that what you are seeing?

Oh okay I get it now.

Weaselboy said:
Okay... if the problem is gone in safe mode, that pretty much proves it is a launch or startup item causing this. There is no magic way to figure this out short of jusyt start removing those items listed in these folders in the Etrecheck report and restart and test. What I would do it print out the Etrecheck report and use it as a work sheet then remove half the items on the list at a time and restart each time to test until you narrow it down.

~/Library/LaunchAgents (~ is your users folder)
/Library/LaunchAgents
/Library/LaunchDaemons
/Library/StartupItems
/Library/Extensions
/System/Library/Extensions/

Is there a possibility that I will delete the wrong item? What happens then? Or it's not going to affect anything?

Weaselboy · Jun 21, 2019

nikishniki said:
Is there a possibility that I will delete the wrong item? What happens then? Or it's not going to affect anything?

If you stick to just those folders I listed, you cannot break the OS. It might make an app stop working though, but you can just put the item back (from the trash). I would save the Adobe and MS items for last, as I think it is unlikely they are the problem.

nikishniki · Jun 28, 2019

Weaselboy said:
If you stick to just those folders I listed, you cannot break the OS. It might make an app stop working though, but you can just put the item back (from the trash). I would save the Adobe and MS items for last, as I think it is unlikely they are the problem.

Thank you so much! The pop up is gone. I think it was the file macperformance in launchagents

Adware/Malware Issue ?

macrumors 68030

macrumors regular

macrumors 68030

macrumors regular

macrumors 68030

macrumors 6502a

Moderator

macrumors 68030

Moderator

macrumors 68030

Moderator

macrumors 68030

macrumors newbie

macrumors 68030

macrumors newbie

Moderator

macrumors newbie

Moderator

macrumors newbie

Moderator

macrumors newbie

Moderator

macrumors newbie

Our Staff