Strange " wZCHMDFw " process uses a lot of resources.

First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.

• A backup is a fundamental prerequisite regardless of whatever method you may choose uninstall adware, and would apply even if your Mac were running perfectly well. Do not overlook this fundamental requirement. It's important.

Next: This step is optional, but will preclude any related inability to use your Mac due to the adware's excessive demands imposed upon it. Restart in "Safe Mode", and log in: Use safe mode to isolate issues with your Mac. Starting in Safe Mode takes longer than usual so let it finish. The resource-demanding process will not appear while you are using your Mac in that mode.

The following files and / or folders need to be deleted:

Drag that selection of files to the Trash. You will be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.

Next: open Safari and select the Safari menu > Preferences... > Extensions. If you see any Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Repeat those equivalent actions for any other browser you may use.

There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.

Next: In an abundance of caution, examine System Preferences > Extensions. Determine if there are any Extensions that may have been installed without your knowledge. Ask if you're uncertain. While you're there, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but are also being leveraged by adware creators.

You can then restart your Mac. Confirm the rogue process no longer appears in Activity Monitor and that its operation generally returns to normal.

Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:

~/Library/Application Support

It is normal for that folder to contain many items, but anything associated with the above adware will bear identical names ("athechyer" etc). Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.

PT.updd.plist is installed by a product called "Popcorn Time". Although it may have legitimate purposes it is one of many similar products used to watch movies or other copyrighted content that is not normally available "for free" so you need to be mindful of those implications.

I am not familiar with "hdjsd.plist" but it may also be associated with something you don't need or want. I doubt its presence is causing any trouble so leave it alone for now.

Next: You also installed a scam "cleaning" product. To uninstall "CleanMyMac" follow its uninstallation instructions exactly. They require using "CleanMyMac" to uninstall itself. As far as I have been able to determine they are sufficient to deactivate it, but are somewhat incomplete in that some of its components will remain. Please review each of the folders you posted in your screenshots, and manually drag any of remaining "CleanMyMac" components to the Trash.

• The effects of actually having used "CleanMyMac" or similarly categorized things are another subject altogether. Without knowing exactly what you did with it, it is not possible to determine the extent of damage it may have inflicted upon your Mac.

Finally: if any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.

You inadvertently installed adware. You do not need to download or install anything to fix it.

Navigate to the following folder, and post its contents in a screenshot.

~/Library/LaunchAgents

To open that folder, copy the entire line above and paste it in the Finder's Go menu > Go to Folder... field. Make it look like this:

... and click the Go button.

A Finder window will open. Take a screenshot showing all that folder's contents, and post it in a reply. To take a screenshot read the Appendix in the following User Tip: Writing an effective Apple Support Communities question.

Usually, there is nothing in that folder so don't be surprised to find it empty. The reason for starting with that folder is to eliminate other potential causes before proceeding with steps that will identify and eradicate whatever is affecting that Mac.

There will be additional instructions to follow and this is just the first step.

For a description of how this may have occurred, how to avoid it in the future, and for Apple's recommended actions read How to install adware.

Review your Gatekeeper settings: OS X : About Gatekeeper - Apple Support. Gatekeeper is designed to help prevent you from inadvertently installing garbage software.

If you get impatient and want to "read ahead" the remedy will follow the format of this Discussion: "root" process has high energy impact which drains my battery fast.

Besides likely adware, you have some serious garbage on your Mac you should remove immediately.

CleanMyMac is pure junk. It does nothing useful and is known to damage the OS with its "cleaning" attempts. Also remove all traces of Teamviewer. You should never have remote access software installed without having a very good reason for it.

Of the root Library daemons, com.wZCHMDFw.plist is the obvious one, but the three randomly named items after is are also highly likely to be adware.

As Luis noted, don't just start deleting unknown files. As he says, run EtreCheck. Post the results by using the Additional text button. It's too long otherwise to fit in one response.

Also, MalwareBytes for Mac is a highly trusted and often recommended app. It and EtreCheck are both written by longtime forum members. MalwareBytes' main function is to find and remove malware/adware.

I am pretty sure that all those filenames in Launch Daemons that look like a cat walked down the keyboard are also adware, possible the same strain.

I am also leery of MacBooster. You don't ned that stuff--it will cripple your computer.

Your post tells you right were the offending app is:

/Library/wZCHMDFw/wZCHMDFw.app

Go the the root Library folder and put the subfolder wZCHMDFw in the trash. Restart and then empty the trash.

Per John's notes, the adware may have also install launch daemons. Check the LaunchAgents folder in your user account as he mentioned, and also the one in the root Library folder.

You also have a lot of **** - most notoriously, "cleanmymac", which should rather be called "cripplemymac"...

But don't start deleting stuff you don't know about. This is a formula for disaster.

In the case of cleanmymac, follow their own instructions for uninstalling.

You should also run Etrecheck and post its full report here. It will give a clearer picture of your setup, including possible remaining adware.

Use the additional text button below and paste the report into the text box.

Probably all four of the ones with Apple in the name above com.bfkhayhprqma.plist, too.

etresoft has noted adware frequently uses apple as part of their daemon names to try and get users to overlook them. I can't think of any genuine Apple process that would end in such nonsense names as aelwriter, athechyer, beldanash, rothl or sysir.

Great! Thanks for the update.

ViBenn wrote:

Also I don't know what to do regarding this line of the EtreCheck report

   Launchd: ~/Library/LaunchAgents/.dat0110.000

        Executable: /usr/bin/osascript -e 'tell application "Folder Actions Dispatcher" to tick'

        Details: Launchd config file is hidden - possibly adware

I'd be suspicious of that file, for that reason. macOS doesn't intentionally hide things.

What John said. That hidden file is an automatic red flag to me. No valid app has any good reason to hide a simple data file.

Also, absolutely remove all traces of Teamviewer. Never, ever have remote access software installed without a very good reason for it to be there.