Safe Finder Troubles

Things like that get in because you granted permission for them to be installed. Don't do that. Read How to install adware - Apple Community.

To fix it, read below. The principles are described generally in Adware Safe Finder - new removal techniques? but you should capture and upload your own screenshots because the names of files and folders that cause its appearance are always changing.

To ascertain the cause, start by inspecting the contents of the following folder:

~/Library/LaunchAgents

To open that folder, copy the entire line above and paste it in the Finder's Go menu > Go to Folder... field. Make it look like this:

... and click the Go button.

A Finder window will open. Make sure all its file names are readable by selecting View > as List or other selection that shows that folder's complete contents. Then, take a screenshot of that Finder window.

• To learn how to capture a screenshot please read the Appendix in the following User Tip: Writing an effective Apple Support Communities question. It also includes instructions for posting a screenshot in a reply to this Discussion, so keep that Safari window open for now.

Often, there is nothing in that Launch Agents folder so don't be surprised to find it empty.

In the same manner as the above, navigate to this next folder:

/Library/LaunchDaemons

The Finder's Go menu > Go to Folder... field should look like this:

... and click the Go button once again.

Once again ensure all its files and their names are readable and capture a screenshot.

Then, repeat that exercise with the following folder:

/Library/LaunchAgents

Notice its pathname is different than the other two. The Finder's Go menu > Go to Folder... field should look like this:

In the end, you will have captured the contents of the following three separate folders:

~/Library/LaunchAgents

/Library/LaunchDaemons

/Library/LaunchAgents

All three will be saved to your Mac's Desktop with names "Screen Shot... " followed by the date and time they were captured. Please be sure to include or otherwise indicate the name of the folder that corresponds to each screenshot, so that you and I can keep track of which ones they are.

Post the entire contents of all three windows, one at a time, using the "picture" icon that appears below your reply text:

Thanks.

First, ensure you have a reliable backup of your Mac, in case something should go wrong with continued troubleshooting. To learn how to do that, please read Back up your Mac with Time Machine.

• A backup is a fundamental prerequisite regardless of whatever method you may choose uninstall adware, and would apply even if your Mac were running perfectly well. Do not overlook this fundamental requirement. It's important.

Next: This step will prevent the scam products from loading so that they can be removed while they are inactive. Restart in "Safe Mode", and log in: Use safe mode to isolate issues with your Mac. Starting in Safe Mode takes longer than usual so let it finish. The rogue processes affecting that Mac are inoperative in "Safe Mode".

The following files and / or folders need to be deleted while using your Mac in "Safe Mode":

First screenshot:

Nothing needs to be deleted from your first screenshot.

Second screenshot:

Delete the file with "TotalSearch" in its name.

Third screenshot:

Delete the file with "TotalSearch" in its name.

Drag those files to the Trash. You may be asked to authenticate. Confirm they are no longer present in that folder. Leave all the others alone for now.

Next: open Safari and select the Safari menu > Preferences... > Extensions. If you see any Safari Extensions that you do not recognize or understand, simply click the Uninstall button and they will be gone. No Safari Extensions are required for normal operation. Then, select the General pane and review your Homepage selection. Finally, select the Search pane and select your desired Search engine. Repeat those equivalent actions for any other browser you may use.

There may also be adware-associated app icons in your Mac's Applications folder. Open it and examine its contents. Any unwanted or mysterious app icons should be obvious to you, but again please don't remove anything if you are uncertain—ask first. Identify any suspicious apps by name, or post another screenshot.

Next: In an abundance of caution, examine System Preferences > Extensions. Determine if there are any System Extensions that may have been installed without your knowledge. Ask if you're uncertain.

Remaining in System Preferences, check for the presence of any Profiles. Profiles are installed by organizations with a need to manage Macs deployed in institutional corporate or educational environments (for example), but have also been exploited by adware creators and similar malcontents. If any Profiles are installed on your Mac an icon like this will appear in System Preferences:

If you see that icon in System Preferences, select it. To remove a Profile, select it, then click the [—] (minus) button and authenticate.

Remaining in System Preferences, open Users & Groups. Select your User Account's Login Items. You may or may not find those Applications in its list. If you do, select them then click the [—] (minus) button to remove them from Login Items.

You can then restart your Mac and log in as usual. Evaluate its operation and ensure everything is working as you expect it should.

Next: A non-Apple "cleaning" product is installed, or was installed at one time and not completely uninstalled. Those things are scams that will result in improper operation or data loss, now or in the future, perhaps long after you remember having installed it. Remove "CleanMyMac" in strict accordance with its instructions. Then, if any "CleanMyMac" files remain in the second or third screenshots, drag them to the Trash. Confirm their total absence from your system, and never install anything like it ever again.

Next: if you want to eradicate all remaining adware remnants post a screenshot of the following folder, in the same manner as you did earlier:

~/Library/Application Support

It is normal for that folder to contain many items, but anything associated with the above adware will bear identical names ("TotalSearch" etc). If you find a folder or folders bearing that name, drag them to the Trash. Without the files you already removed or the reintroduction of similar malware, they can do nothing but occupy space. These can be removed if you wish, but again don't remove anything if you are uncertain.

Finally: If any of the above actions result in abnormal operation or if something else stops working, the easiest way to recover would be to restore the Time Machine backup you created as a prerequisite, so the importance of that fundamental step cannot be overemphasized.

In your opinion, should I take that off as well?

Yes. I don't use "ComboCleaner" or anything like it, primarily since installing something to uninstall something else you installed or to prevent you from installing something you want to install complicates matters. How do you find the uninstaller for the uninstaller's uninstaller, when the world's most wildly successful advertising company is the one you're asking to help?

Besides, as you determined "ComboCleaner" wasn't completely effective at getting rid of "TotalSearch". It is technologically impossible to create such a tool guaranteed to work in all circumstances, and they often introduce more problems of their own.

Ideally, you should learn to recognize and avoid adware malware and junkware however they may manifest themselves now or in the future. It's a principle that works for me, my organization, my employees, everyone else in my little sphere of influence. Effective defenses against malware and other threats describes them in general terms that have withstood the test of time.