sirpig

Q: onclickads.net and other ad pop ups in safari due to flash player?

Hello all,

 

This past week all of the browsers on my computer (google chrome/safari) has been experiencing random popup ads upon click on many websites.

 

These occur when I click somewhere on the website page and happens on almost all websites I go to.

 

The popup usually goes to "onclickads.net" then redirects, usually to mackeeper, but will sometimes redirect to other ads.

 

This morning I thought I identified the issue as a fake flash player that I had installed, so I followed Adobe's "how to uninstall flash player" guide and completely uninstalled flash player.

 

The problem instantly went away and I thought I would never have to deal with the annoying popups ever again.

 

This afternoon, I decided to reinstall Flash Player from Adobe's actual site because I need to use flash player for sites like youtube.

 

After I installed it, the problem with popups came back. Even though I knew that this time, it was definitely the legitimate copy of Flash Player.

 

Frustrated, I uninstalled the flash player again and like magic, the popups and ads went away with it.

 

Now I can still watch youtube videos from chrome because I think it comes with flash player preinstalled, but I would still like to have flash player on my main browser, safari.

 

Does anyone know what could be causing the problem? I don't think adobe would put these annoying ads in flash player.

 

I mean, if there's really no fix, I guess I'll just go with using google chrome when I need to use flash :\

 

Thanks a ton!

MacBook Pro with Retina display, OS X Mavericks (10.9.2)

Posted on Apr 28, 2014 4:32 PM

Close

Q: onclickads.net and other ad pop ups in safari due to flash player?

  • All replies
  • Helpful answers

Page 1 of 3 last Next
  • by Carolyn Samit,

    Carolyn Samit Carolyn Samit Apr 28, 2014 5:13 PM in response to sirpig
    Level 10 (124,311 points)
    Apple Music
    Apr 28, 2014 5:13 PM in response to sirpig

    The pop ups are due to malware, not Flash.

     

    Help here > The Safe Mac » Adware Removal Guide

  • by sirpig,

    sirpig sirpig Apr 28, 2014 5:16 PM in response to Carolyn Samit
    Level 1 (0 points)
    Apr 28, 2014 5:16 PM in response to Carolyn Samit

    you're right, the problem came back again despite having removed flash...

     

    I went through that guide and didn't find anything that they listed as adware :\

     

    is there anything else I can do?

  • by Carolyn Samit,

    Carolyn Samit Carolyn Samit Apr 28, 2014 5:32 PM in response to sirpig
    Level 10 (124,311 points)
    Apple Music
    Apr 28, 2014 5:32 PM in response to sirpig

    The problem still exists?

  • by sirpig,

    sirpig sirpig Apr 28, 2014 5:37 PM in response to Carolyn Samit
    Level 1 (0 points)
    Apr 28, 2014 5:37 PM in response to Carolyn Samit

    yes, it keeps opening random popups, usually from onclickads.net

     

    I've looked through launch daemons and launch agents and couldn't find anything wrong...

     

    heres the code from Etrecheck:

     

    Hardware Information:

              MacBook Pro (Retina, 15-inch, Late 2013)

              MacBook Pro - model: MacBookPro11,3

              1 2.3 GHz Intel Core i7 CPU: 4 cores

              16 GB RAM

     

    Video Information:

              Intel Iris Pro - VRAM: 1024 MB

              NVIDIA GeForce GT 750M - VRAM: 2048 MB

     

    System Software:

              OS X 10.9.2 (13C1021) - Uptime: 0 days 4:28:9

     

    Disk Information:

              APPLE SSD SM0512F disk0 : (500.28 GB)

                        EFI (disk0s1) <not mounted>: 209.7 MB

                        Macintosh HD (disk0s2) / [Startup]: 499.42 GB (391.28 GB free)

                        Recovery HD (disk0s3) <not mounted>: 650 MB

     

    USB Information:

              Apple Internal Memory Card Reader

     

              Apple Inc. BRCM20702 Hub

                        Apple Inc. Bluetooth USB Host Controller

     

              Apple Inc. Apple Internal Keyboard / Trackpad

     

    Thunderbolt Information:

              Apple Inc. thunderbolt_bus

     

    Configuration files:

              /etc/hosts - Count: 5

     

    Gatekeeper:

              Anywhere

     

    Kernel Extensions:

              [kext loaded] at.obdev.nke.LittleSnitch (4050 - SDK 10.8) Support

              [kext loaded] com.AmbrosiaSW.AudioSupport (4.1.2 - SDK 10.7) Support

              [not loaded] com.mice.driver.Wireless360Controller (1.0.0d12 - SDK 10.8) Support

              [not loaded] com.mice.driver.WirelessGamingReceiver (1.0.0d12 - SDK 10.8) Support

              [not loaded] com.mice.driver.Xbox360Controller (1.0.0d12 - SDK 10.8) Support

     

    Launch Daemons:

              [running] at.obdev.littlesnitchd.plist Support

              [loaded] com.adobe.SwitchBoard.plist Support

              [loaded] com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist Support

              [loaded] com.google.keystone.daemon.plist Support

              [running] com.machangout.glims.loader.plist Support

              [loaded] com.microsoft.office.licensing.helper.plist Support

              [loaded] KillLittleSnitch.plist Support

              [loaded] org.macosforge.xquartz.privileged_startx.plist Support

     

    Launch Agents:

              [running] at.obdev.LittleSnitchUIAgent.plist Support

              [failed] com.adobe.AAM.Updater-1.0.plist Support

              [loaded] com.google.keystone.agent.plist Support

              [running] com.machangout.glims.agent.plist Support

              [loaded] KillLittleSnitch.plist Support

              [loaded] org.macosforge.xquartz.startx.plist Support

     

    User Login Items:

              Steam

              Macs Fan Control

              iTunesHelper

              ShiftIt

              Android File Transfer Agent

              Fantastical

              Google Chrome

     

    Internet Plug-ins:

              SharePointBrowserPlugin: Version: 14.4.1 - SDK 10.6 Support

              QuickTime Plugin: Version: 7.7.3

              JavaAppletPlugin: Version: 14.9.0 - SDK 10.7 Check version

              Default Browser: Version: 537 - SDK 10.9

     

    Safari Extensions:

              AdBlock: Version: 2.6.28

              Open in Internet Explorer: Version: 1.0

     

    Audio Plug-ins:

              BluetoothAudioPlugIn: Version: 1.0 - SDK 10.9

              AirPlay: Version: 2.0 - SDK 10.9

              AppleAVBAudio: Version: 203.2 - SDK 10.9

              iSightAudio: Version: 7.7.3 - SDK 10.9

     

    iTunes Plug-ins:

              Quartz Composer Visualizer: Version: 1.4 - SDK 10.9

     

    3rd Party Preference Panes:

              XBox 360 Controllers  Support

     

    Time Machine:

              Time Machine not configured!

     

    Top Processes by CPU:

                   2%          WindowServer

                   2%          hidd

                   1%          fontd

                   0%          Little Snitch Network Monitor

                   0%          MacsFanControl

     

    Top Processes by Memory:

              426 MB          Safari

              295 MB          Mail

              229 MB          WindowServer

              213 MB          Wunderlist

              197 MB          Preview

     

    Virtual Memory Information:

              6.44 GB          Free RAM

              7.45 GB          Active RAM

              881 MB          Inactive RAM

              1.25 GB          Wired RAM

              1.02 GB          Page-ins

              0 B          Page-outs

  • by Linc Davis,

    Linc Davis Linc Davis Apr 28, 2014 5:45 PM in response to sirpig
    Level 10 (208,037 points)
    Applications
    Apr 28, 2014 5:45 PM in response to sirpig

    Please post a screenshot that shows what you mean. Be careful not to include any private information.

    Start a reply to this message. Click the camera icon in the toolbar of the editing window and select the image file to upload it. You can also include text in the reply.

  • by Carolyn Samit,

    Carolyn Samit Carolyn Samit Apr 28, 2014 5:46 PM in response to sirpig
    Level 10 (124,311 points)
    Apple Music
    Apr 28, 2014 5:46 PM in response to sirpig

    I was just going to suggest EtreCheck .....  gmta.

     

    Uninstall LittleSnitch.

     

    Then uninstall the Glims Safari extension, then reboot your Mac.

     

     

    (I have Glims insttalled without any issue, but others have problems)

  • by sirpig,

    sirpig sirpig Apr 28, 2014 6:01 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 28, 2014 6:01 PM in response to Linc Davis

    This is really strange... I'm trying to replicate the problem, but it seems that the popups are no longer appearing...

     

    I don't recall changing anything, but then again, it went away for a while earlier when I uninstalled flash, but came back.

     

    I will keep you guys posted on what happens, and if the problem comes back I will be sure to post a screen shot.

     

    Thanks so much for your help!

  • by James Cook2,

    James Cook2 James Cook2 Apr 28, 2014 6:26 PM in response to sirpig
    Level 1 (15 points)
    Notebooks
    Apr 28, 2014 6:26 PM in response to sirpig

    I'm experiencing it too, as noted in another thread. It seems to come and go in frequency. More than once I thought it was gone, then later it would come back. There must be some random factor built in.

  • by sirpig,

    sirpig sirpig Apr 28, 2014 7:09 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 28, 2014 7:09 PM in response to Linc Davis

    Screen Shot 2014-04-28 at 7.01.35 PM copy.jpg

    So it decided to come back. It used to always popup when I clicked a picture/link on wikihow, but now it just came up when I clicked a link on my local ymca website...

     

    any help is greatly appreciated!

  • by Linc Davis,

    Linc Davis Linc Davis Apr 28, 2014 7:13 PM in response to sirpig
    Level 10 (208,037 points)
    Applications
    Apr 28, 2014 7:13 PM in response to sirpig

    1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.

    2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.

    There are ways to back up a computer that isn't fully functional. Ask if you need guidance.

    3. Below are instructions to run a UNIX shell script, a type of program. All it does is to collect information about the state of the computer. That information goes nowhere unless you choose to share it. However, you should be cautious about running any kind of program (not just a shell script) on the advice of a stranger. If you have doubts, search this site for other discussions in which this procedure has been followed without any report of ill effects. If you can't satisfy yourself that the instructions are safe, don't follow them. Ask for other options.

    Here's a summary of what you need to do, if you choose to proceed:

    ☞ Copy a line of text in this window to the Clipboard.

    ☞ Paste into the window of another application.

    ☞ Wait for the test to run. It usually takes a few minutes.

    ☞ Paste the results, which will have been copied automatically, back into a reply on this page.

    The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.

    4. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.

    5. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.

    6. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.

    Triple-click anywhere in the line of text below on this page to select it:

    PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts 51 4 300 25 5120 KiB/s 1024 85 % 5 1 MB/s 25000 ports 'com.autodesk.AutoCad com.evenflow.dropbox com.google.GoogleDrive' 'DYLD_INSERT_LIBRARIES DYLD_LIBRARY_PATH' -86 \< '>=' 'N\/A' down up 100 25 recvfrom sendto 'v[0]=' 'a=(' ';[[ "${v[0]}" ]]' ');v[0]=$a;ind=0' '(){ x=;[[ "$4" ]]&&x=\"${v[$4]}\";' '`eval "${c1[$1]} ${c2[$2]}" "$x"|' ' "${s[$3]}"`' ';};' CFBundleIdentifier 25 );f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' '\n%s: user %s%%, system %s%%\n' '%s\n\t(%s)\n' '%s %s' );s=('/^ *$|CSConfigDot/d;s/^ */   /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g' 's/^ *//;5p;6p;8p;12p' '/ Id/s/.+: //p;/Mem/{s/[^0-9]//g;p;}' '1,5d;/[Bmy].*:/d;H;${g;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;}' '5h;6{H;g;/P/!p;}' '/Cy|Cond.*: [^N]/s/^.*://p' '/:$/{s/ *:$//;x;s/\n//;/Apple|Genesy|Intel|SMSC/d;s/\n.*//;/\)/p;};/^ *(V.+ [0N]|Man).+ /{s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;}' 's/^.*C/C/;H;${g;/No th|pms/!p;}' '/= [^GO]/p' '{$1=""};1' '/Of/!{s/^.+is |\.//g;p;}' '/(sh|ng|ic)$/p' '/:/{$4=""};1' 'NR==2{print $4}' '/po/{sub("\\.","");print int($2/256)}' '$p' 2p '$8~/[RW]/{print $4,$1,int($9/10000000)}' 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}//;s/ .+//p' '/Launch[AD].+\.plist$/p' '/\.xpc\/(Contents\/)?Info\.plist$/p' 'NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$/{print $3}' '/\.(framew|lproj)/d;/plist:|:.+(M.+exec|scrip)/s/:[^:]+//p' '/root/p' '/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/d;/Lib.+\/Info.plist$/p' '/^\/usr\/lib\/.+dylib$/p' '/\/etc\/(auto_m|hosts[^.]|peri)/s/^\.\/[^/]+//p' '/\/(Contents\/.+\/Contents|Frameworks)\//d;p' 's/\/(Contents\/)?Info.plist$//;p' '{gsub("^| ","||kMDItem'${p[43]}'=");sub("^.."," ")};1' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '/e:/{print $2}' '1d;/[^)]$/{s/^\(.+\) //;h;d;};/[^ ]\)$/{s/^.+: |.$//g;G;s/\n/:/p;}' '/r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./{print $NF;exit}' '!/^T/{printf "(static)";exit}' 's/^.+://p' '(/k:/&&$3!~/(255\.){3}0/)||(/v6:/&&$2!~/A/)' '/lR/{print $2}' 'NR==2{print int($7/1024),int($10/1024)}' 'END{$3=int($3/10240);print}' 'END{if($5~/pro/)print$3}' 'BEGIN{L='${p[44]}'}!/^[[:space:]]*(#.*)?$/{l++;if(l<=L)f=f"\n\t"$0}END{print "\nContents of "FILENAME"\n"f;if(l>L)print"\n\tand "l-L" more line(s)"}' 'BEGIN{FS="= "}/Path/{print $2}' '/^ +B/{s/.+= |(-[0-9]+)?\.s.+//g;p;}' 'END{print NR}' '/id: N|te: Y/{i++}END{print i}' '/^F/!p' '/:/{$0="'"${p[28]}"'"};1' 'BEGIN{FS=":"}{n=split($3,a,".");sub(/_2.+/,"",a[n-1]);print($2,a[n-1],a[n],$1)|"sort";b=b$1}END{if(b)print("\n\t* Code injection")}' '/apsd|OpenD/!s/:.+//p' '$2>'${p[9]}'{$2=$2-1;print}' );c1=(system_profiler 'pmset -g' nvram fdesetup find syslog df vm_stat sar ps iostat 'sudo iotop' top pkgutil PlistBuddy whoami cksum kextstat launchctl 'sudo launchctl' crontab 'sudo defaults read' stat lsbom mdfind 'for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done' 'defaults read' scutil route networksetup 'sed -En' awk '/S*/*/P*/*/*/*/*/airport -I' netstat 'sudo dtrace' 'sudo profiles' 'sudo crontab' );c2=('com.apple.loginwindow LoginHook' '-c Print /L*/P*/loginw*' '-c Print L*/P*/*loginit*' '-c Print L*/Saf*/*/E*.plist' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \)' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' '-c Print\ :'${p[43]}' 2>&1' '-c Print\ :Label 2>&1' '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status '-F bsd -k Sender kernel -k Message CReq "caug|dead[^l]|GPU |hfs: Ru|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|timed? ?o|WARN" -k Message Ane "SMC:" -o -k Sender fseventsd -k Message CReq "SL"' '-u 1 10' 'acrx -o comm,ruid,%cpu' '-C 10 1' '-f -pfc /var/db/*/*.{BS,Bas,Es,OSXU,Rem}*.bom' '{/,}L*/Lo*/Diag* -type f \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true \) -execdir stat -f:%Sc:%N -t%F {} \;' '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo}* -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` " /e*/{auto_master,{cron,fs}tab,hosts,{launchd,sysctl}.conf} /u*/lo*/e*/per*/*/* .launchd.conf" list getenv '/Library/Preferences/com.apple.alf globalstate' --proxy '-n get default' -listnetworkserviceorder --dns -getdnsservers -getinfo '-b -I' '-m /' '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -P );N1=${#c2[@]};for j in {0..8};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n 'syscall::'${p[33+j]}':return {@[execname,uid]=sum(arg0)} tick-10sec {exit(0)}'";done;l=(Model 'RAM (GB)' 'RAM details' POST 'Battery cycles' 'Battery condition' 'Bad plists' 'High file counts' User Heat 'System load' 'boot args' FileVault 'Diagnostic reports' Log 'Free space (MiB)' 'Swap (MiB)' 'CPU total' 'CPU per process' 'Average I/O (MB/s)' 'I/O per process' 'Mach ports' kexts Daemons Agents launchd 'Startup items' 'Admin access' 'Root access' Bundles dylibs Apps 'Font issues' 'Inserted dylibs' Firewall Proxies DNS TCP/IP RSSI Profiles 'Elapsed time (s)' 'Root crontab' 'User crontab' 'Login hook' 'Global login items' 'User login items' 'Safari extensions' 'Restricted files' 'Hidden apps' );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Average ${p[29+j]}stream data (KiB/s)";l[N4+2+j]="Current ${p[29+j]}stream data";done;A0(){ id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear;v[11]=$((v[3]-`sysctl -n kern.boottime|cut -c9-18`));};for i in 0 1;do for j in 0 1;do eval A$((1+i+2*j))"${p[39]}${p[35+j]}${p[40]}${c1[30+i]}${p[41]}${p[37+j]}${p[42]}";done;eval A$((5+i))'(){ v[0]=`while read i;do eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}"`;[[ "${v[0]}" ]];};';eval A$((7+i))'(){ v[0]=`while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}"`;[[ "${v[0]}" ]];};';done;A9(){ v[0]=$((`date +%s`-v[3]));};B00(){ v[0]=${a[++ind]};};for j in 0 1; do eval B0$((1+j))'(){ v[0]=$((v[0]'${p[26+j]}'p[$1]?v[0]:0));};';eval B0$((3+j))'(){ a[$1]=${a[$1]%[.+-]*};((a[$1]'${p[26+j]}'p[$2]))||unset a;};';done;B05(){ v[0]=`tail -n${p[$1]}<<<"${v[0]}"`;};B06(){ [[ "${a[*]}" ]]&&a=("${a[$1]}" "${a[$2]}");};B07(){ unset a v[0] ind;((v[2]==0))||{ v[0]=No;false;};};B08(){ v[$1]="${v[0]}";};B09(){ a=(${v[0]});};B10(){ v[0]=`grep -F "${v[$1]}"<<<"${v[0]}"`;};B11(){ n=$((${#a[@]}-1));((n>2))||return;A="${a[*]}";B="${a[n-1]} ${a[n]}";a=("${A% $B}" $B);};B12(){ v[0]=;[[ "$a" ]]&&v[0]="$a (UID ${a[1]}) is using ${a[2]} ${p[$1]}";};B13(){ v[0]=$((v[0]/v[$1]));};B14(){ v[$2]=`eval "sed -En '${s[$3]}'"<<<"${v[$1]}"`;};B15(){ v[$2]=`eval "awk '${s[$3]}'"<<<"${v[$1]}"`;};B16(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B17(){ v[0]=`paste -d: <(echo "${v[$1]}") <(echo "${v[$2]}")|awk -F: '{printf("'"${f[$3]}"'",$1,$2)}'`;};B18(){ unset a v[0] ind;((v[1]==0))||{ v[0]=No;false;};};B19(){ v[0]="${a[++ind]}";};B20(){ v[0]=`grep -Fv "${v[$1]}"<<<"${v[0]}"`;};C0(){ echo $'\n'"${v[0]}";};C1(){ [[ "${v[0]}" ]]&&printf "${f[$1]}" "${l[$2]}" "${v[0]}";};C2(){ v[0]=`echo ${v[0]}`;[[ "${v[0]}" != 0 ]]&&C1 0 $1;};C3(){ v[0]=`sed -E "${s[0]}"<<<"${v[0]}"`&&C1 1 $1;};C4(){ [[ "${a[*]}" ]]&&printf "${f[$1]}" "${l[$2]}" "${a[@]}";};A0;{ B18;C2 27;B18&&! B07&&C2 28;A1 15 37 25;C2 8;A1 0 $N1 1;C0;A3 0 $((N1+1)) 2;C2 0;B00;B01 10;C2 1;A1 0 $((N1+2)) 3;C3 2;A1 0 $((N1+3)) 4;C3 3;A3 0 $((N1+4)) 5;B02 11;C2 4;B00;C2 5;for i in 0 1 2;do A1 0 $((N1+5+i)) 6;C3 $((N3+i));done;A1 1 10 7;C3 9;A1 1 11 8;C3 10;A2 2 12 9;C2 11;A1 3 13 10;C2 12;A1 4 19 11;B15 0 0 54;C3 13;A2 5 14 12;B05 12;C3 14;A2 6 36 13;B01 13;C2 15;A2 7 37 14;B02 15;C2 16;A3 8 15 15;B03 4 16;B06 1 3;C4 3 17&&{ A3 9 16 16;B11;B12 17;C2 18;};A2 10 38 17;B02 18;C2 19;B07&&{ A2 11 17 17;B05 19;B09;B11;B04 2 19;B12 20;C2 20;};A3 12 39 15;B11;B04 2 21;B12 22;C2 21;A1 13 40 18;B08 4;B14 4 0 19;A5 14 6 52 0;B08 5;A1 17 41 20;B20 5;C3 22;B14 4 6 21;A5 14 7 52 6;B08 7;B14 4 0 22;A5 14 6 52 0;B08 8;B16 7 8;B07&&{ A2 19 26 23;B20 7;C3 23;};A2 18 26 23;B20 7;C3 24;A1 4 20 21;B20 6;B08 9;A6 14 7 53 9;B08 10;B17 9 10 4;C3 25;A1 4 21 24;C3 26;B14 4 12 26;B14 4 13 27;A1 4 22 29;B20 12;B08 14;A6 14 6 53 14;B08 15;B17 14 15 4;B14 0 0 30;C3 29;A1 4 23 27;B20 13;C3 30;A1 24 24 32;C3 31;A1 23 18 28;B08 16;A2 16 25 33;B20 16;B14 0 0 34;B08 21;A8 47 21&&C0;B07&&{ A1 21 0 32;C3 43;};for i in 0 1;do A2 14 $((1+i)) 48;C3 $((44+i));done;A1 14 3 49;C3 46;A2 4 4 50;C2 47;A1 4 5 32;C3 48;A2 0 $((N1+8)) 51;C2 32;A1 4 8 55;C3 6;A2 22 9 56;C3 7;B07&&{ A1 36 42 32;C3 41;};A2 20 42 32;C3 42;A1 25 37 32;C3 33;A1 26 28 35;C2 34;A1 27 29 36;C3 35;A2 28 30 37;B08 17;A1 29 31 38;B10 17;B14 0 18 41;A2 27 32 39&&{ B08 19;A2 29 33 40;B08 20;B17 19 20 5;};C2 36;A2 29 34 42 18;C3 37;A2 32 37 43;B01 25;C2 38;A4 33 35 44 17;for i in 0 1;do B13 11;B02 $((31+i));C2 $((N4+i));B19;done;B07&&for i in 0 1;do A4 34 $((N2+i)) 45;B11;B04 3 $((31+i));B12 14;C2 $((N4+2+i));done;B07&&{ A2 35 43 46;C2 39;};A9;C2 40;} 2>/dev/null|pbcopy;exit 2>&-
      
    Copy the selected text to the Clipboard by pressing the key combination command-C.

    7. Launch the built-in Terminal application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.

    Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.

    8. If you see an error message in the Terminal window such as "syntax error," enter

    exec bash

    and press return. Then paste the script again.

    9. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.

    If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.

    10. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line

    [Process completed]

    to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report the results. No harm will be done.

    11. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.

    At or near the top of the results, there will be a line that begins with "System Version." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.

    If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.

    12. When you post the results, you might see the message, "You have included content in your post that is not permitted." It means that the forum software has misidentified something in the post as a violation of the rules. If that happens, please post the test results on Pastebin, then post a link here to the page you created.

    Note: This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.

    ________________________________

     
    Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.
  • by sirpig,

    sirpig sirpig Apr 28, 2014 8:07 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 28, 2014 8:07 PM in response to Linc Davis

    Here it is, thank you so much!:

     

    System Version: OS X 10.9.2 (13C1021)

    Kernel Version: Darwin 13.1.0

    Boot Mode: Normal

    Time since boot: 2:00

     

     

    Model: MacBookPro11,3

     

     

    Diagnostic reports

     

     

       2014-04-22 Finder hang

       2014-04-22 Finder hang

       2014-04-22 Finder hang

       2014-04-22 Finder hang

       2014-04-23 Safari hang

       2014-04-23 Safari hang

       2014-04-23 Safari hang

       2014-04-25 Chrome crash

       2014-04-25 Dolphin crash

     

     

    Log

     

     

       Apr 28 18:04:16  kernel[0]: process com.apple.intern[269] caught causing excessive wakeups. Observed wakeups rate (per sec): 13430; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 48044

       Apr 28 18:04:17  kernel[0]: process AddressBookSourc[261] caught causing excessive wakeups. Observed wakeups rate (per sec): 11306; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 48948

       Apr 28 18:04:17  kernel[0]: process Wunderlist[279] caught causing excessive wakeups. Observed wakeups rate (per sec): 14844; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45484

       Apr 28 18:04:18  kernel[0]: process MacsFanControl[251] caught causing excessive wakeups. Observed wakeups rate (per sec): 8790; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 55533

       Apr 28 18:04:22  kernel[0]: process tccd[207] caught causing excessive wakeups. Observed wakeups rate (per sec): 21064; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 214763

       Apr 28 18:04:22  kernel[0]: process Little Snitch Ne[270] caught causing excessive wakeups. Observed wakeups rate (per sec): 26796; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 258366

       Apr 28 18:04:23  kernel[0]: process ubd[209] caught causing excessive wakeups. Observed wakeups rate (per sec): 4354; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 48084

       Apr 28 18:04:23  kernel[0]: process gamed[264] caught causing excessive wakeups. Observed wakeups rate (per sec): 19831; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 216701

       Apr 28 18:04:25  kernel[0]: process Memory Clean[278] caught causing excessive wakeups. Observed wakeups rate (per sec): 14416; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 156971

       Apr 28 18:04:33  kernel[0]: process vb_realtimescann[311] caught causing excessive wakeups. Observed wakeups rate (per sec): 49995; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 549535

       Apr 28 18:04:33  kernel[0]: process storeagent[308] caught causing excessive wakeups. Observed wakeups rate (per sec): 48017; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 693905

       Apr 28 18:04:33  kernel[0]: process softwareupdate_n[314] caught causing excessive wakeups. Observed wakeups rate (per sec): 46135; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 478031

       Apr 28 18:04:33  kernel[0]: process imagent[232] caught causing excessive wakeups. Observed wakeups rate (per sec): 2727; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 56432

       Apr 28 18:04:33  kernel[0]: process SFLSharedPrefsTo[310] caught causing excessive wakeups. Observed wakeups rate (per sec): 46465; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 526314

       Apr 28 18:04:33  kernel[0]: process mdflagwriter[309] caught causing excessive wakeups. Observed wakeups rate (per sec): 46731; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 588608

       Apr 28 18:04:48  kernel[0]: process WindowServer[112] caught causing excessive wakeups. Observed wakeups rate (per sec): 613; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45022

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s1, pid 1960): ntfs_restart_page_header_is_valid(): $LogFile version 2.0 is not supported. (This driver supports version 1.1 only.)

       --- last message repeated 1 time ---

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s1, pid 1960): ntfs_logfile_check(): Did not find any restart pages in $LogFile and it was not empty.

       Apr 28 19:17:57  kernel[0]: NTFS-fs warning (device /dev/disk1s1, pid 1960): ntfs_system_inodes_get(): $LogFile is not clean. Will not be able to remount read-write. Mount in Windows.

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s2, pid 1964): ntfs_restart_page_header_is_valid(): $LogFile version 2.0 is not supported. (This driver supports version 1.1 only.)

       --- last message repeated 1 time ---

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s2, pid 1964): ntfs_logfile_check(): Did not find any restart pages in $LogFile and it was not empty.

       Apr 28 19:17:57  kernel[0]: NTFS-fs warning (device /dev/disk1s2, pid 1964): ntfs_system_inodes_get(): $LogFile is not clean. Will not be able to remount read-write. Mount in Windows.

       Apr 28 19:17:57  kernel[0]: NTFS-fs warning (device /dev/disk1s2, pid 1964): ntfs_system_inodes_get(): Windows is hibernated. Will not be able to remount read-write. Run chkdsk.

     

     

    kexts

     

     

       at.obdev.nke.LittleSnitch

       com.AmbrosiaSW.AudioSupport

       com.intego.netbarrier.kext.monitor

       com.intego.netbarrier.kext.process

       com.intego.netbarrier.kext.network

       com.intego.virusbarrier.kext.realtime

     

     

    Daemons

     

     

       com.tunabellysoftware.checkmytemp.GNTPClientService

       com.adobe.fpsaud

       com.intego.virusbarrier.daemon.realtime

       org.macosforge.xquartz.privileged_startx

       com.microsoft.office.licensing.helper

       com.machangout.glims.loader

       com.intego.virusbarrier.daemon.scanner

       com.intego.virusbarrier.daemon

       com.intego.virusbarrier.daemon.logger

       com.intego.virusbarrier.daemon.emlparser

       com.intego.netupdate.daemon

       com.intego.netbarrier.daemon

       com.intego.netbarrier.daemon.monitor

       com.intego.netbarrier.daemon.logger

       com.intego.commonservices.metrics.kschecker

       com.intego.commonservices.icalserver

       com.intego.commonservices.daemon.taskmanager

       com.intego.commonservices.daemon.integod

       com.google.keystone.daemon

       com.ambrosiasw.ambrosiaaudiosupporthelper.daemon

       com.adobe.SwitchBoard

       at.obdev.littlesnitchd

     

     

    Agents

     

     

       com.tunabellysoftware.TemperatureGaugeHelper

       QA2G25RMZ4.com.wunderkinder.wunderlist-helper

       com.fiplab.MemoryCleanHelper

       com.apple.photostream-agent

       com.apple.AirPortBaseStationAgent

       org.macosforge.xquartz.startx

       KillLittleSnitch

       com.machangout.glims.agent

       com.intego.virusbarrier.alert

       com.intego.netupdate.agent

       com.intego.netbarrier.alert

       com.intego.commonservices.uninstaller

       com.intego.commonservices.taskmanager

       com.intego.commonservices.integomenu

       com.google.keystone.system.agent

       at.obdev.LittleSnitchUIAgent

     

     

    launchd

     

     

       /System/Library/LaunchAgents/com.apple.AirPortBaseStationAgent.plist

                 (com.apple.AirPortBaseStationAgent)

       /Library/LaunchAgents/at.obdev.LittleSnitchUIAgent.plist

                 (at.obdev.LittleSnitchUIAgent)

       /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

                 (com.adobe.AAM.Startup-1.0)

       /Library/LaunchAgents/com.google.keystone.agent.plist

                 (com.google.keystone.system.agent)

       /Library/LaunchAgents/com.intego.commonservices.integomenu.plist

                 (com.intego.commonservices.integomenu)

       /Library/LaunchAgents/com.intego.commonservices.taskmanager.plist

                 (com.intego.commonservices.taskmanager)

       /Library/LaunchAgents/com.intego.commonservices.uninstaller.plist

                 (com.intego.commonservices.uninstaller)

       /Library/LaunchAgents/com.intego.netbarrier.alert.plist

                 (com.intego.netbarrier.alert)

       /Library/LaunchAgents/com.intego.netupdate.agent.plist

                 (com.intego.netupdate.agent)

       /Library/LaunchAgents/com.intego.virusbarrier.alert.plist

                 (com.intego.virusbarrier.alert)

       /Library/LaunchAgents/com.machangout.glims.agent.plist

                 (com.machangout.glims.agent)

       /Library/LaunchAgents/KillLittleSnitch.plist

                 (KillLittleSnitch)

       /Library/LaunchAgents/org.macosforge.xquartz.startx.plist

                 (org.macosforge.xquartz.startx)

       /Library/LaunchDaemons/at.obdev.littlesnitchd.plist

                 (at.obdev.littlesnitchd)

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

                 (com.adobe.fpsaud)

       /Library/LaunchDaemons/com.adobe.SwitchBoard.plist

                 (com.adobe.SwitchBoard)

       /Library/LaunchDaemons/com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist

                 (com.ambrosiasw.ambrosiaaudiosupporthelper.daemon)

       /Library/LaunchDaemons/com.google.keystone.daemon.plist

                 (com.google.keystone.daemon)

       /Library/LaunchDaemons/com.intego.commonservices.daemon.integod.plist

                 (com.intego.commonservices.daemon.integod)

       /Library/LaunchDaemons/com.intego.commonservices.daemon.taskmanager.plist

                 (com.intego.commonservices.daemon.taskmanager)

       /Library/LaunchDaemons/com.intego.commonservices.icalserver.plist

                 (com.intego.commonservices.icalserver)

       /Library/LaunchDaemons/com.intego.commonservices.metrics.kschecker.plist

                 (com.intego.commonservices.metrics.kschecker)

       /Library/LaunchDaemons/com.intego.netbarrier.daemon.logger.plist

                 (com.intego.netbarrier.daemon.logger)

       /Library/LaunchDaemons/com.intego.netbarrier.daemon.monitor.plist

                 (com.intego.netbarrier.daemon.monitor)

       /Library/LaunchDaemons/com.intego.netbarrier.daemon.plist

                 (com.intego.netbarrier.daemon)

       /Library/LaunchDaemons/com.intego.netupdate.daemon.plist

                 (com.intego.netupdate.daemon)

       /Library/LaunchDaemons/com.intego.virusbarrier.daemon.emlparser.plist

                 (com.intego.virusbarrier.daemon.emlparser)

       /Library/LaunchDaemons/com.intego.virusbarrier.daemon.logger.plist

                 (com.intego.virusbarrier.daemon.logger)

       /Library/LaunchDaemons/com.intego.virusbarrier.daemon.plist

                 (com.intego.virusbarrier.daemon)

       /Library/LaunchDaemons/com.intego.virusbarrier.daemon.scanner.plist

                 (com.intego.virusbarrier.daemon.scanner)

       /Library/LaunchDaemons/com.machangout.glims.loader.plist

                 (com.machangout.glims.loader)

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

                 (com.microsoft.office.licensing.helper)

       /Library/LaunchDaemons/KillLittleSnitch.plist

                 (KillLittleSnitch)

       /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist

                 (org.macosforge.xquartz.privileged_startx)

     

     

    Bundles

     

     

       /System/Library/Extensions/360Controller.kext

                 (com.mice.driver.Xbox360Controller)

       /System/Library/Extensions/AmbrosiaAudioSupport.kext

                 (com.AmbrosiaSW.AudioSupport)

       /System/Library/Extensions/BJUSBLoad.kext

                 (jp.co.canon.bj.print.BJUSBLoad)

       /System/Library/Extensions/Wireless360Controller.kext

                 (com.mice.driver.Wireless360Controller)

       /System/Library/Extensions/WirelessGamingReceiver.kext

                 (com.mice.driver.WirelessGamingReceiver)

       /Library/Extensions/BJUSBLoad.kext

                 (jp.co.canon.bj.print.BJUSBLoad)

       /Library/Extensions/LittleSnitch.kext

                 (at.obdev.nke.LittleSnitch)

       /Library/Intego/commonservices.bundle

                 (com.intego.commonservices)

       /Library/Intego/IM_ObjectiveMetrics.framework/Resources

                 (com.bitspatter.IM-ObjectiveMetrics)

       /Library/Intego/IM_ObjectiveMetrics.framework/Versions/A/Resources

                 (com.bitspatter.IM-ObjectiveMetrics)

       /Library/Intego/IM_ObjectiveMetrics.framework/Versions/Current/Resources

                 (com.bitspatter.IM-ObjectiveMetrics)

       /Library/Intego/Intego Uninstaller.app

                 (com.intego.commonservices.uninstaller)

       /Library/Intego/netbarrier.bundle

                 (com.intego.netbarrier)

       /Library/Intego/netupdated.bundle

                 (com.intego.NetUpdateDaemon)

       /Library/Intego/TaskManager/TM_Notifier.app

                 (com.intego.commonservices.taskmanager.notifier)

       /Library/Intego/virusbarrier.bundle

                 (com.intego.virusbarrier.bundle)

       /Library/Intego/virusbarrier.bundle/Contents/Resources/encyclopedias

                 (N/A)

       /Library/Internet Plug-Ins/Flash Player.plugin

                 (com.macromedia.Flash Player.plugin)

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

                 (com.apple.java.JavaAppletPlugin)

       /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

                 (com.microsoft.sharepoint.browserplugin)

       /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

                 (com.microsoft.sharepoint.webkitplugin)

       /Library/PreferencePanes/Flash Player.prefPane

                 (com.adobe.flashplayerpreferences)

       /Library/PreferencePanes/Pref360Control.prefPane

                 (com.mice.driver.360Controller.Prefs)

       /Library/ScriptingAdditions/Adobe Unit Types.osax

                 (N/A)

       /Library/ScriptingAdditions/Glims.osax

                 (com.machangout.glims.osax)

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

                 (com.skype.skypeabdialer)

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

                 (com.skype.skypeabsms)

     

     

     

     

    Contents of /etc/hosts

     

     

              127.0.0.1          localhost

              255.255.255.255          broadcasthost

              ::1             localhost

              fe80::1%lo0          localhost

               127.0.0.1 sams.nikonimaging.com

               127.0.0.1 9k3x1jrq3kwx.nikonimaging.com

               127.0.0.1 www.nikonimaging.com

               127.0.0.1 www.onclickads.net

               127.0.0.1 www.watchmygf.net

     

     

    Global login items

     

     

       /Applications/Nikon Software/Nikon Message Center 2/Nikon Message Center 2.app/Contents/SharedSupport/Launch Nikon Message Center 2.app

     

     

    Safari extensions

     

     

       AdBlock

     

     

    Restricted files: 65

     

     

    Font issues: 21

     

     

    Root crontab

     

     

       */10 * * * * /usr/share/prey/prey.sh > /var/log/prey.log 2>&1

     

     

    Average upstream data (KiB/s): 27

     

     

    Profiles: no

     

     

    Elapsed time (s): 142

  • by Linc Davis,

    Linc Davis Linc Davis Apr 28, 2014 8:46 PM in response to sirpig
    Level 10 (208,037 points)
    Applications
    Apr 28, 2014 8:46 PM in response to sirpig

    You installed something called "KillLittleSnitch," the purpose of which seems to be to pirate the commercial software "Little Snitch." Any software intended to facilitate piracy should be considered ipso facto malware. I don't know what else it does, so you're on your own as far as that's concerned. It probably isn't related to the popups, but I can't be sure. "Little Snitch" isn't really useful, in my opinion, so I would suggest that you remove both it and the presumptive malware.

     

    More likely, the popups are caused by "Glims."

     

    Back up all data, then uninstall Glims. Log out, log back in, and test. I strongly recommend that you never install that unsupported hack again, or any other like it. If you want trouble-free computing, avoid software that makes miraculous changes to other software, especially built-in applications. The only real exception to that rule is Safari extensions, which are mostly safe, and are easy to get rid of when they don’t work. "Glims" is not a Safari extension.

     

    Incidentally, you also modified the hosts file, apparently in order to pirate another commercial application. If you do that sort of thing, neither "Little Snitch," nor the worthless Intego "anti-virus" product, nor anyting else will protect you from the consequences. Your concern for security when you installed those items was very much misplaced.

  • by sirpig,

    sirpig sirpig Apr 28, 2014 9:16 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 28, 2014 9:16 PM in response to Linc Davis

    thank you for your help!

    I will be sure to uninstall those things and revert.

    thank you so much again!

  • by sirpig,

    sirpig sirpig Apr 28, 2014 10:09 PM in response to Linc Davis
    Level 1 (0 points)
    Apr 28, 2014 10:09 PM in response to Linc Davis

    So I did everything you told me to do:

     

    -uninstalled "little snitch", removed killlittlesnitch

    -uninstalled glims

    -uninstalled intego antivirus

    -reverted host file

     

    however the problem continues to persist, the ads randomly pop up after clicking on a link in my local ymca web page.

     

    Here is the new data:

     

     

    System Version: OS X 10.9.2 (13C1021)

    Kernel Version: Darwin 13.1.0

    Boot Mode: Normal

    Time since boot: 2 minutes

     

     

    Model: MacBookPro11,3

     

     

    Diagnostic reports

     

     

       2014-04-22 Finder hang

       2014-04-22 Finder hang

       2014-04-22 Finder hang

       2014-04-22 Finder hang

       2014-04-23 Safari hang

       2014-04-23 Safari hang

       2014-04-23 Safari hang

       2014-04-25 Chrome crash

       2014-04-25 Dolphin crash

     

     

    Log

     

     

       Apr 28 18:04:18  kernel[0]: process MacsFanControl[251] caught causing excessive wakeups. Observed wakeups rate (per sec): 8790; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 55533

       Apr 28 18:04:22  kernel[0]: process tccd[207] caught causing excessive wakeups. Observed wakeups rate (per sec): 21064; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 214763

       Apr 28 18:04:22  kernel[0]: process Little Snitch Ne[270] caught causing excessive wakeups. Observed wakeups rate (per sec): 26796; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 258366

       Apr 28 18:04:23  kernel[0]: process ubd[209] caught causing excessive wakeups. Observed wakeups rate (per sec): 4354; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 48084

       Apr 28 18:04:23  kernel[0]: process gamed[264] caught causing excessive wakeups. Observed wakeups rate (per sec): 19831; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 216701

       Apr 28 18:04:25  kernel[0]: process Memory Clean[278] caught causing excessive wakeups. Observed wakeups rate (per sec): 14416; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 156971

       Apr 28 18:04:33  kernel[0]: process vb_realtimescann[311] caught causing excessive wakeups. Observed wakeups rate (per sec): 49995; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 549535

       Apr 28 18:04:33  kernel[0]: process storeagent[308] caught causing excessive wakeups. Observed wakeups rate (per sec): 48017; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 693905

       Apr 28 18:04:33  kernel[0]: process softwareupdate_n[314] caught causing excessive wakeups. Observed wakeups rate (per sec): 46135; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 478031

       Apr 28 18:04:33  kernel[0]: process imagent[232] caught causing excessive wakeups. Observed wakeups rate (per sec): 2727; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 56432

       Apr 28 18:04:33  kernel[0]: process SFLSharedPrefsTo[310] caught causing excessive wakeups. Observed wakeups rate (per sec): 46465; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 526314

       Apr 28 18:04:33  kernel[0]: process mdflagwriter[309] caught causing excessive wakeups. Observed wakeups rate (per sec): 46731; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 588608

       Apr 28 18:04:48  kernel[0]: process WindowServer[112] caught causing excessive wakeups. Observed wakeups rate (per sec): 613; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45022

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s1, pid 1960): ntfs_restart_page_header_is_valid(): $LogFile version 2.0 is not supported. (This driver supports version 1.1 only.)

       --- last message repeated 1 time ---

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s1, pid 1960): ntfs_logfile_check(): Did not find any restart pages in $LogFile and it was not empty.

       Apr 28 19:17:57  kernel[0]: NTFS-fs warning (device /dev/disk1s1, pid 1960): ntfs_system_inodes_get(): $LogFile is not clean. Will not be able to remount read-write. Mount in Windows.

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s2, pid 1964): ntfs_restart_page_header_is_valid(): $LogFile version 2.0 is not supported. (This driver supports version 1.1 only.)

       --- last message repeated 1 time ---

       Apr 28 19:17:57  kernel[0]: NTFS-fs error (device /dev/disk1s2, pid 1964): ntfs_logfile_check(): Did not find any restart pages in $LogFile and it was not empty.

       Apr 28 19:17:57  kernel[0]: NTFS-fs warning (device /dev/disk1s2, pid 1964): ntfs_system_inodes_get(): $LogFile is not clean. Will not be able to remount read-write. Mount in Windows.

       Apr 28 19:17:57  kernel[0]: NTFS-fs warning (device /dev/disk1s2, pid 1964): ntfs_system_inodes_get(): Windows is hibernated. Will not be able to remount read-write. Run chkdsk.

       Apr 28 21:30:03  kernel[0]: waitForUrgentScanEntry: tErrAssert=2

       Apr 28 21:30:29  kernel[0]: SATA WARNING: IDENTIFY DEVICE checksum not implemented.

       --- last message repeated 1 time ---

     

     

    kexts

     

     

       com.AmbrosiaSW.AudioSupport

     

     

    Daemons

     

     

       com.tunabellysoftware.checkmytemp.GNTPClientService

       org.macosforge.xquartz.privileged_startx

       com.microsoft.office.licensing.helper

       com.google.keystone.daemon

       com.ambrosiasw.ambrosiaaudiosupporthelper.daemon

       com.adobe.SwitchBoard

       com.adobe.fpsaud

     

     

    Agents

     

     

       com.tunabellysoftware.TemperatureGaugeHelper

       QA2G25RMZ4.com.wunderkinder.wunderlist-helper

       com.fiplab.MemoryCleanHelper

       com.apple.photostream-agent

       com.apple.AirPortBaseStationAgent

       org.macosforge.xquartz.startx

       com.google.keystone.system.agent

     

     

    launchd

     

     

       /System/Library/LaunchAgents/com.apple.AirPortBaseStationAgent.plist

                 (com.apple.AirPortBaseStationAgent)

       /Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

                 (com.adobe.AAM.Startup-1.0)

       /Library/LaunchAgents/com.google.keystone.agent.plist

                 (com.google.keystone.system.agent)

       /Library/LaunchAgents/org.macosforge.xquartz.startx.plist

                 (org.macosforge.xquartz.startx)

       /Library/LaunchDaemons/com.adobe.fpsaud.plist

                 (com.adobe.fpsaud)

       /Library/LaunchDaemons/com.adobe.SwitchBoard.plist

                 (com.adobe.SwitchBoard)

       /Library/LaunchDaemons/com.ambrosiasw.ambrosiaaudiosupporthelper.daemon.plist

                 (com.ambrosiasw.ambrosiaaudiosupporthelper.daemon)

       /Library/LaunchDaemons/com.google.keystone.daemon.plist

                 (com.google.keystone.daemon)

       /Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

                 (com.microsoft.office.licensing.helper)

       /Library/LaunchDaemons/org.macosforge.xquartz.privileged_startx.plist

                 (org.macosforge.xquartz.privileged_startx)

     

     

    Bundles

     

     

       /System/Library/Extensions/360Controller.kext

                 (com.mice.driver.Xbox360Controller)

       /System/Library/Extensions/AmbrosiaAudioSupport.kext

                 (com.AmbrosiaSW.AudioSupport)

       /System/Library/Extensions/BJUSBLoad.kext

                 (jp.co.canon.bj.print.BJUSBLoad)

       /System/Library/Extensions/Wireless360Controller.kext

                 (com.mice.driver.Wireless360Controller)

       /System/Library/Extensions/WirelessGamingReceiver.kext

                 (com.mice.driver.WirelessGamingReceiver)

       /Library/Extensions/BJUSBLoad.kext

                 (jp.co.canon.bj.print.BJUSBLoad)

       /Library/Internet Plug-Ins/Flash Player.plugin

                 (com.macromedia.Flash Player.plugin)

       /Library/Internet Plug-Ins/JavaAppletPlugin.plugin

                 (com.apple.java.JavaAppletPlugin)

       /Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

                 (com.microsoft.sharepoint.browserplugin)

       /Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

                 (com.microsoft.sharepoint.webkitplugin)

       /Library/PreferencePanes/Flash Player.prefPane

                 (com.adobe.flashplayerpreferences)

       /Library/ScriptingAdditions/Adobe Unit Types.osax

                 (N/A)

       Library/Address Book Plug-Ins/SkypeABDialer.bundle

                 (com.skype.skypeabdialer)

       Library/Address Book Plug-Ins/SkypeABSMS.bundle

                 (com.skype.skypeabsms)

     

     

     

     

    Contents of

     

     

    Global login items

     

     

       /Applications/Nikon Software/Nikon Message Center 2/Nikon Message Center 2.app/Contents/SharedSupport/Launch Nikon Message Center 2.app

     

     

    Safari extensions

     

     

       AdBlock

     

     

    Restricted files: 83

     

     

    Font issues: 21

     

     

    Root crontab

     

     

       */10 * * * * /usr/share/prey/prey.sh > /var/log/prey.log 2>&1

     

     

    Firewall: On

     

     

    Average downstream data (KiB/s): 136

     

     

    Profiles: no

     

     

    Elapsed time (s): 134

     

    hello.png

Page 1 of 3 last Next