When you next have the problem, note the exact time: hour, minute, second.

If you have more than one user account, these instructions must be carried out as an administrator.

Launch the Console application in any of the following ways:

☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

☞ Open LaunchPad. Click Utilities, then Console in the icon grid.

Make sure the title of the Console window is All Messages. If it isn't, select All Messages from the SYSTEM LOG QUERIES menu on the left. If you don't see that menu, select

View ▹ Show Log List

from the menu bar.

Each message in the log begins with the date and time when it was entered. Scroll back to the time you noted above. Select the messages entered from then until the end of the episode, or until they start to repeat, whichever comes first. Copy the messages to the Clipboard by pressing the key combination command-C. Paste into a reply to this message (command-V).

The log contains a vast amount of information, almost all of it useless for solving any particular problem. When posting a log extract, be selective. In most cases, a few dozen lines are more than enough. It is never necessary or helpful to post more than about 100 lines. "The more, the better" is not the rule here.

Please do not indiscriminately dump thousands of lines from the log into this discussion.

Important: Some private information, such as your name, may appear in the log. Anonymize before posting.

Remove the worthless "CleanMyMac" product by following the first set of instructions on this page. If you have a different version of the product, the procedure may be different. Do not drag the CleanMyMac application to the Trash.

Remove the equally useless AVG product according to its developer's instructions.

Back up all data before making any changes.

I have Avast installed as a virus checker.

That's even worse than AVG. However, it may not be causing this problem. Google applications aggressively install auto-updaters, and one of them may be throwing the alerts.

"Avast" is perhaps the worst of the whole wretched lot of commercial "security" products for the Mac. It's worse than the imaginary "viruses" you were worried about when you installed it. Not only does it fail to protect you from any real danger, it throws false warnings, destabilizes and slows down your computer, and sometimes or always corrupts the network settings and the permissions of files in your home folder. Removing it may not repair all the damage, and neither will Disk Utility or even reinstalling OS X.

Back up all data, then remove "Avast" according to the developer's instructions. Reboot.

If you tried to remove Avast by dragging an application to the Trash, you'll have to reinstall it and then follow the instructions linked above.

Software from an untrustworthy source

• Software of any kind is distributed via BitTorrent or Usenet.
• Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website.
• Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
• The software is advertised by means of spam or intrusive web popups.

Software that is plainly illegal or does something illegal

• Software that you would otherwise have to pay for is "cracked" or "free."
• An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.

Conditional or unsolicited offers from strangers

Unexpected events

♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe

Here's a summary of what you need to do, if you choose to proceed: Copy a line of text from this web page into the window of another application. Wait for the script to run. It usually takes a couple of minutes. Then paste the results, which will have been copied automatically, back into a reply on this page. The sequence is: copy, paste, wait, paste again. Details follow.

4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply.

6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking  anywhere in the line. The whole line will highlight, though you may not see all of it in your browser, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.

Triple-click anywhere in the line of text below on this page to select it:

PATH=/usr/bin:/bin:/usr/sbin:/sbin; clear; Fb='%s\n\t(%s)\n'; Fm='\n%s\n\n%s\n'; Fr='\nRAM details\n%s\n'; Fs='\n%s: %s\n'; Fu='user %s%%, system %s%%'; PB="/usr/libexec/PlistBuddy -c Print"; A () { [[ a -eq 0 ]]; }; M () { find -L "$d" -type f | while read f; do file -b "$f" | egrep -lq XML\|exec && echo $f; done; }; Pc () { o=`grep -v '^ *#' "$2"`; Pm "$1"; }; Pm () { [[ "$o" ]] && o=`sed -E '/^ *$/d;s/^ */   /;s/[-0-9A-Fa-f]{22,}/UUID/g' <<< "$o"` && printf "$Fm" "$1" "$o"; }; Pp () { o=`$PB "$2" | awk -F'= ' \/$3'/{print $2}'`; Pm "$1"; }; Ps () { o=`echo $o`; [[ ! "$o" =~ ^0?$ ]] && printf "$Fs" "$1" "$o"; }; R () { o=; [[ r -eq 0 ]]; }; SP () { system_profiler SP${1}DataType; }; id | grep -qw '80(admin)'; a=$?; A && sudo true; r=$?; t=`date +%s`; clear; { A || echo $'No admin access\n'; A && ! R && echo $'No root access\n'; SP Software | sed '8!d;s/^ *//'; o=`SP Hardware | awk '/Mem/{print $2}'`; o=$((o<4?o:0)); Ps "Total RAM (GB)"; o=`SP Memory | sed '1,5d; /[my].*:/d'`; [[ "$o" =~ s:\ [^O]|x([^08]||0[^2]8[^0]) ]] && printf "$Fr" "$o"; o=`SP Diagnostics | sed '5,6!d'`; [[ "$o" =~ Pass ]] || Pm "POST"; p=`SP Power`; o=`awk '/Cy/{print $NF}' <<< "$p"`; o=$((o>=300?o:0)); Ps "Battery cycles"; o=`sed -n '/Cond.*: [^N]/{s/^.*://p;}' <<< "$p"`; Ps "Battery condition"; for b in Thunderbolt USB; do o=`SP $b | sed -En '1d; /:$/{s/ *:$//;x;s/\n//p;}; /^ *V.* [0N].* /{s/ 0x.... //;s/[()]//g;s/\(.*: \)\(.*\)/ \(\2\)/;H;}; /Apple|SCSM/{s/.//g;h;}'`; Pm $b; done; o=`pmset -g therm | sed 's/^.*C/C/'`; [[ "$o" =~ No\ th|pms ]] && o=; Pm "Thermal conditions"; o=`pmset -g sysload | grep -v :`; [[ "$o" =~ =\ [^GO] ]] || o=; Pm "System load advisory"; o=`nvram boot-args | awk '{$1=""; print}'`; Ps "boot-args"; d=(/ ""); D=(System User); E=; for i in 0 1; do o=`cd ${d[$i]}L*/L*/Dia* || continue; ls | while read f; do [[ "$f" =~ h$ ]] && grep -lq "^Thread c" "$f" && e=" *" || e=; awk -F_ '!/ag$/{$NF=a[split($NF,a,".")]; print $0 "'"$e"'"}' <<< "$f"; done | tail`; Pm "${D[$i]} diagnostics"; done; [[ "$o" =~ \*$ ]] && printf $'\n* Code injection\n'; o=`syslog -F bsd -k Sender kernel -k Message CReq 'GPU |hfs: Ru|I/O e|last value [1-9]|n Cause: -|NVDA\(|pagin|SATA W|ssert|timed? ?o' | tail -n25 | awk '/:/{$4=""; $5=""};1'`; Pm "Kernel messages"; o=`df -m / | awk 'NR==2 {print $4}'`; o=$((o<5120?o:0)); Ps "Free space (MiB)"; o=$(($(vm_stat | awk '/eo/{sub("\\.",""); print $2}')/256)); o=$((o>=1024?o:0)); Ps "Pageouts (MiB)"; s=( `sar -u 1 10 | sed '$!d'` ); [[ s[4] -lt 85 ]] && o=`printf "$Fu" ${s[1]} ${s[3]}` || o=; Ps "Total CPU usage" && { s=(`ps acrx -o comm,ruid,%cpu | sed '2!d'`); o=${s[2]}%; Ps "CPU usage by process \"$s\" with UID ${s[1]}"; }; s=(`top -R -l1 -n1 -o prt -stats command,uid,prt | sed '$!d'`); s[2]=${s[2]%[+-]}; o=$((s[2]>=25000?s[2]:0)); Ps "Mach ports used by process \"$s\" with UID ${s[1]}"; o=`kextstat -kl | grep -v com\\.apple | cut -c53- | cut -d\< -f1`; Pm "Loaded extrinsic kernel extensions"; R && o=`sudo launchctl list | awk 'NR>1 && !/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|calendarse|cups|dove|isc|ntp|post[fg]|x)/{print $3}'`; Pm "Extrinsic system jobs"; o=`launchctl list | awk 'NR>1 && !/0x|com\.apple|org\.(x|openbsd)|\.[0-9]+$/{print $3}'`; Pm "Extrinsic agents"; o=`for d in {/,}L*/Lau*; do M; done | grep -v com\.apple\.CSConfig | while read f; do ID=$($PB\ :Label "$f") || ID="No job label"; printf "$Fb" "$f" "$ID"; done`; Pm "launchd items"; o=`for d in /{S*/,}L*/Star*; do M; done`; Pm "Startup items"; o=`find -L /S*/L*/E* {/,}L*/{A*d,Compon,Ex,In,Keyb,Mail/B,P*P,Qu*T,Scripti,Servi,Spo}* -type d -name Contents -prune | while read d; do ID=$($PB\ :CFBundleIdentifier "$d/Info.plist") || ID="No bundle ID"; [[ "$ID" =~ ^com\.apple\.[^x]|Accusys|ArcMSR|ATTO|HDPro|HighPoint|driver\.stex|hp-fax|\.hpio|JMicron|microsoft\.MDI|print|SoftRAID ]] || printf "$Fb" "${d%/Contents}" "$ID"; done`; Pm "Extrinsic loadable bundles"; o=`find -L /u*/{,*/}lib -type f | while read f; do file -b "$f" | grep -qw shared && ! codesign -v "$f" && echo $f; done`; Pm "Unsigned shared libraries"; o=`for e in DYLD_INSERT_LIBRARIES DYLD_LIBRARY_PATH; do launchctl getenv $e; done`; Pm "Environment"; o=`find -L {,/u*/lo*}/e*/periodic -type f -mtime -10d`; Pm "Modified periodic scripts"; o=`scutil --proxy | grep Prox`; Pm "Proxies"; o=`scutil --dns | awk '/r\[0\] /{if ($NF !~ /^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./) print $NF; exit}'`; Ps "DNS"; R && o=`sudo profiles -P | grep : | wc -l`; Ps "Profiles"; f=auto_master; [[ `md5 -q /etc/$f` =~ ^b166 ]] || Pc $f /etc/$f; for f in fstab sysctl.conf crontab launchd.conf; do Pc $f /etc/$f; done; Pc "hosts" <(grep -v 'host *$' /etc/hosts); Pc "User launchd" ~/.launchd*; R && Pc "Root crontab" <(sudo crontab -l); Pc "User crontab" <(crontab -l | sed 's:/Users/[^/]*/:/Users/USER/:g'); R && o=`sudo defaults read com.apple.loginwindow LoginHook`; Pm "Login hook"; Pp "Global login items" /L*/P*/loginw* Path; Pp "User login items" L*/P*/*loginit* Name; Pp "Safari extensions" L*/Saf*/*/E*.plist Bundle | sed -E 's/(\..*$|-[1-9])//g'; o=`find ~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \) | wc -l`; Ps "Restricted user files"; cd; o=`SP Fonts | egrep "Valid: N|Duplicate: Y" | wc -l`; Ps "Font problems"; o=`find L*/{Con,Pref}* -type f ! -size 0 -name *.plist | while read f; do plutil -s "$f" >&- || echo $f; done`; Pm "Bad plists"; d=(Desktop L*/Keyc*); n=(20 7); for i in 0 1; do o=`find "${d[$i]}" -type f -maxdepth 1 | wc -l`; o=$((o<=n[$i]?0:o)); Ps "${d[$i]##*/} file count"; done; o=$((`date +%s`-t)); Ps "Elapsed time (s)"; } 2>/dev/null | pbcopy; exit 2>&-

exec bash

If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know your password, or if you prefer not to enter it, just press return three times at the password prompt.

If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line "[Process completed]" to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report your results. No harm will be done.

8. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.

Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.

________________________________