Apple Event: May 7th at 7 am PT
My iMac became super slow. It happened after i created new user only for sharing, but i'm not sure if the two things are connected. Below you can find an EtreCheck. I immediately removed the adware but nothing has changed. Looking forward to your answers. Thanks in advance.
iMac Line (2012 and Later)
The beginning of EtreCheck gives a very solid clue
Adware - Adware detected.
More than one antivirus app - This machine has multiple antivirus apps installed.
Side issue
/etc/hosts - Count: 15 - Corrupt!
This may be a failed attempt at blocking some websites, or an attempt by adware to redirect your web browsing to a different site from what you entered.
And being corrupt means someone did not do a good job of entering the values.
Antivirus apps: Avast and CleanMyMac
Have 2 anti-virus packages just means you spend even more system resources looking for viruses that do not exist, and as neither of these packages detected the Adware, I would say they are not doing a good job.
I would suggest uninstalling them using the vendors uninstall instrucitons
Adware:
Launchd: /Library/LaunchDaemons/com.undoubtingness.net-preferences.plist
Reason: Adware pattern match
Executable: /etc/change_net_settings.sh
If you re-run EtreCheck, there should be a button to remove the adware.
Or you can install MalwareBytes for Mac (written by a fellow forum volunteer). You do not need to keep MalwareBytes installed, because as of today, you only get adware/malware when when you are involved in the installation, so if you do not install any software that did not come from the App Store, then you are not getting any unintended side-installs of adware or malware.
MalwareBytes Anti-Malware
<https://www.malwarebytes.org>
And when you are finished checking (and cleaning) uninstall MalwareBytes
<https://support.malwarebytes.com/docs/DOC-1928>
You have a very long list of 3rd party kernel extensions.
Kernel Extensions:
/Library/Application Support/Roxio
TDIXController.kext (2.0)
/Library/Extensions
TelestreamAudio.kext (Telestream Inc., 1.1.1 - SDK 10.8)
/Library/StartupItems/BRESINKx86Monitoring
BRESINKx86Monitoring.kext (9.0)
/System/Library/Extensions
ApowersoftAudioDevice.kext (1.0.0d1 - SDK 10.6)
IntechFWDeviceTuner.kext (1.0)
ContourShuttle.kext (2.2)
CDSDAudioCaptureSupport.kext (1.2)
EyeTVCinergyXSAudioBlock.kext (1.1)
BoomDevice.kext (1.1 - SDK 10.1)
Terminus.kext (4)
RBIOKitHelper.kext (1.8.0)
M-AudioFireWireBeBoB.kext (1.10.2)
M-AudioUSBMIDISupport.kext (M-Audio USB MIDI Support 1.0)
Motu MIDI Driver.kext (1.3.7)
PACESupportFamily.kext (5.8)
RoxioBluRaySupport.kext (1.1.6)
SonyMagicGateDriver.kext (1.0.0)
/System/Library/Extensions/PACESupportFamily.kext/Contents/PlugIns
PACESupportLeopard.kext (5.8 - SDK 10.4)
PACESupportPanther.kext (5.8 - SDK 10.-1)
PACESupportSnowLeopard.kext (5.8 - SDK 10.6)
PACESupportTiger.kext (5.8 - SDK 10.4)
If you do not actively need these kernel extensions you might consider uninstalling them using the vendor's uninstall instructions. They are consuming RAM and CPU cycles.
You start a lot of processes when you login. If you are having performance issues, maybe consider pruning that list back to the absolute essentials, and start the others only when you actually need them. And of course if you stopped using an item, just stop starting it altogether
Aladdin Path: /Library/StartupItems/Aladdin
ChmodBPF Path: /Library/StartupItems/ChmodBPF
M-Audio FireWire Audio Helper Path: /Library/StartupItems/M-Audio FireWire Audio Helper
M-Audio Firmware Loader Path: /Library/StartupItems/M-Audio Firmware Loader
PACESupport Path: /Library/StartupItems/PACESupport
QuickBackStartupItem Path: /Library/StartupItems/QuickBackStartupItem
rEFItBlesser Path: /Library/StartupItems/rEFItBlesser
RetroRun Path: /Library/StartupItems/RetroRun
SpeedToolsDTStartupItem Path: /Library/StartupItems/SpeedToolsDTStartupItem
TuxeraNTFSUnmountHelper Path: /Library/StartupItems/TuxeraNTFSUnmountHelper
The beginning of EtreCheck gives a very solid clue
Adware - Adware detected.
More than one antivirus app - This machine has multiple antivirus apps installed.
Side issue
/etc/hosts - Count: 15 - Corrupt!
This may be a failed attempt at blocking some websites, or an attempt by adware to redirect your web browsing to a different site from what you entered.
And being corrupt means someone did not do a good job of entering the values.
Antivirus apps: Avast and CleanMyMac
Have 2 anti-virus packages just means you spend even more system resources looking for viruses that do not exist, and as neither of these packages detected the Adware, I would say they are not doing a good job.
I would suggest uninstalling them using the vendors uninstall instrucitons
Adware:
Launchd: /Library/LaunchDaemons/com.undoubtingness.net-preferences.plist
Reason: Adware pattern match
Executable: /etc/change_net_settings.sh
If you re-run EtreCheck, there should be a button to remove the adware.
Or you can install MalwareBytes for Mac (written by a fellow forum volunteer). You do not need to keep MalwareBytes installed, because as of today, you only get adware/malware when when you are involved in the installation, so if you do not install any software that did not come from the App Store, then you are not getting any unintended side-installs of adware or malware.
MalwareBytes Anti-Malware
<https://www.malwarebytes.org>
And when you are finished checking (and cleaning) uninstall MalwareBytes
<https://support.malwarebytes.com/docs/DOC-1928>
You have a very long list of 3rd party kernel extensions.
Kernel Extensions:
/Library/Application Support/Roxio
TDIXController.kext (2.0)
/Library/Extensions
TelestreamAudio.kext (Telestream Inc., 1.1.1 - SDK 10.8)
/Library/StartupItems/BRESINKx86Monitoring
BRESINKx86Monitoring.kext (9.0)
/System/Library/Extensions
ApowersoftAudioDevice.kext (1.0.0d1 - SDK 10.6)
IntechFWDeviceTuner.kext (1.0)
ContourShuttle.kext (2.2)
CDSDAudioCaptureSupport.kext (1.2)
EyeTVCinergyXSAudioBlock.kext (1.1)
BoomDevice.kext (1.1 - SDK 10.1)
Terminus.kext (4)
RBIOKitHelper.kext (1.8.0)
M-AudioFireWireBeBoB.kext (1.10.2)
M-AudioUSBMIDISupport.kext (M-Audio USB MIDI Support 1.0)
Motu MIDI Driver.kext (1.3.7)
PACESupportFamily.kext (5.8)
RoxioBluRaySupport.kext (1.1.6)
SonyMagicGateDriver.kext (1.0.0)
/System/Library/Extensions/PACESupportFamily.kext/Contents/PlugIns
PACESupportLeopard.kext (5.8 - SDK 10.4)
PACESupportPanther.kext (5.8 - SDK 10.-1)
PACESupportSnowLeopard.kext (5.8 - SDK 10.6)
PACESupportTiger.kext (5.8 - SDK 10.4)
If you do not actively need these kernel extensions you might consider uninstalling them using the vendor's uninstall instructions. They are consuming RAM and CPU cycles.
You start a lot of processes when you login. If you are having performance issues, maybe consider pruning that list back to the absolute essentials, and start the others only when you actually need them. And of course if you stopped using an item, just stop starting it altogether
Aladdin Path: /Library/StartupItems/Aladdin
ChmodBPF Path: /Library/StartupItems/ChmodBPF
M-Audio FireWire Audio Helper Path: /Library/StartupItems/M-Audio FireWire Audio Helper
M-Audio Firmware Loader Path: /Library/StartupItems/M-Audio Firmware Loader
PACESupport Path: /Library/StartupItems/PACESupport
QuickBackStartupItem Path: /Library/StartupItems/QuickBackStartupItem
rEFItBlesser Path: /Library/StartupItems/rEFItBlesser
RetroRun Path: /Library/StartupItems/RetroRun
SpeedToolsDTStartupItem Path: /Library/StartupItems/SpeedToolsDTStartupItem
TuxeraNTFSUnmountHelper Path: /Library/StartupItems/TuxeraNTFSUnmountHelper
Also, delete these plists & restart...
Clean up:
~/Library/LaunchAgents/com.macpaw.CleanMyMac3.Scheduler.plist
'~/Library/Application Support/CleanMyMac 3/CleanMyMac 3 Scheduler.app'
Executable not found
/Applications/Avast.app/Contents/Backend/launch/com.avast.account-sync.plist
@AV_BASE_DIR/utils/com.avast.account-sync
Executable not found
Thank you! I'm halfway through removing these files, and my iMac is improving in terms of speed. I tried to boot in recovery mode and there I made an "S.O.S" on the primary disk and the disk of Mac (the very small one); the return code was zero. After I rebooted to MacOS and the performances were back to normal. Sadly after turning it off an than back on, it became slow again.
For now I'll continue to delete these files.
Thank you.
Thank you! As I answered to Mr. BobHarris, I tried to boot in recovery mode and there I made an "S.O.S" on the primary disk and the disk of Mac (the very small one); the return code was zero and I got the green tick. After I rebooted to MacOS and the performances were back to normal. Sadly after turning it off an than back on, it became slow again.
I have already deleted the files that you wrote me about and after the reboot I saw some improvements.
Thank you.
It seems that it was all Avast's fault, because after having uninstalled it and rebooted the iMac, the speed was back to normal. For anyone that may have my same problem, you can uninstall Avast by opening it and selecting 'uninstall' in the drop-down menu (the one which says Avast in bold).
About the kernel extensions here
https://forums.macrumors.com/threads/com-hzsystems-terminus-driver-4.1746797/
I found that by running this command in the terminal, you get a text file in which there are written all the non-Apple's kernel extensions currently running. This command is helpful when trying to address the problem.
kextstat -kl | awk '!/com\.apple/{printf "%s %s\n", $6, $7}' | open -ef
Anyway, I want to say thank you to BobHarris and BDAqua for their quick and helpful responses.
Good news, good work, thanks for the report! :)
iMac became slow