Can't stop pop-up ads on Safari

Apple published an article recently that details how to remove he most common adware:

Remove unwanted adware that displays pop-up ads and graphics on your Mac - Apple Support

thanks it helps great

You can read all Apple's guide, you can follow all the instructions... you just have to download and install the AdwareMedic this guys has made the right stuff. At the moment no other software is needed no anti virus (never please).

As Advice for the future, pay attention on what you are installing (for example to see streaming of films...) consider that to install this pop-up you are asked to insert your system password, in other word you give the authorization to install.

If this is still an issue Apple Support just had me download the following app and this resolved the ad pop up's and links:

http://www.adwaremedic.com/index.php

System Version: Mac OS X 10.7.5 (11G63b)

Kernel Version: Darwin 11.4.2

Boot Mode: Normal

Model: MacBookAir5,2

Kernel messages

Feb 21 19:19:54 Sound assertion - Command/Response TIMED OUT and ( kRequestStateMatch == fCodecRequest->state = 2 ), fCodecRequest->command->codec: -549562698496, fCodecRequest->command->verb: 0x636038, fPoweredDown: 1

Feb 21 19:19:54 Sound assertion in AppleHDAController at line 5076

Feb 21 19:19:54 Sound assertion in AppleHDAController at line 5078

Feb 21 19:19:54 Sound assertion in IOHDACodecDevice at line 161

Feb 21 19:19:54 Sound assertion in AppleHDAWidget at line 1051

Feb 21 19:19:54 Sound assertion in AppleHDAWidget_10134206 at line 779

Feb 21 19:19:54 Sound assertion in AppleHDAPathControl at line 355

Feb 21 19:19:54 Sound assertion in AppleHDAEngine at line 4067

Feb 21 19:19:54 Sound assertion in AppleHDAEngine at line 3932

Feb 21 19:19:59 Sound assertion - Command/Response TIMED OUT and ( kRequestStateMatch == fCodecRequest->state = 2 ), fCodecRequest->command->codec: -549562698496, fCodecRequest->command->verb: 0x635038, fPoweredDown: 0

Feb 21 19:19:59 Sound assertion in AppleHDAController at line 5077

Feb 21 19:19:59 Sound assertion in AppleHDAController at line 5078

Feb 21 19:19:59 Sound assertion in IOHDACodecDevice at line 161

Feb 21 19:19:59 Sound assertion in AppleHDAWidget at line 1059

Feb 21 19:19:59 Sound assertion in AppleHDAWidget_10134206 at line 779

Feb 21 19:19:59 Sound assertion in AppleHDAPathControl at line 355

Feb 21 19:19:59 Sound assertion in AppleHDAEngine at line 4067

Feb 21 19:19:59 Sound assertion in AppleHDAEngine at line 3932

Total CPU usage: user 6%, system 8%

CPU usage by process "JavaApplicationS" with UID 501: 22.4%

Extrinsic daemons

com.vsearch.helper

com.oracle.java.Helper-Tool

com.microsoft.office.licensing.helper

com.adobe.fpsaud

Extrinsic agents

com.vsearch.agent

com.oracle.java.Java-Updater

com.google.keystone.user.agent

launchd items

/Library/LaunchAgents/com.oracle.java.Java-Updater.plist

(com.oracle.java.Java-Updater)

/Library/LaunchAgents/com.vsearch.agent.plist

(com.vsearch.agent)

/Library/LaunchDaemons/com.adobe.fpsaud.plist

(com.adobe.fpsaud)

/Library/LaunchDaemons/com.apple.remotepairtool.plist

(com.apple.RemotePairTool)

/Library/LaunchDaemons/com.microsoft.office.licensing.helper.plist

(com.microsoft.office.licensing.helper)

/Library/LaunchDaemons/com.oracle.java.Helper-Tool.plist

(com.oracle.java.Helper-Tool)

/Library/LaunchDaemons/com.vsearch.daemon.plist

(com.vsearch.daemon)

/Library/LaunchDaemons/com.vsearch.helper.plist

(com.vsearch.helper)

Library/LaunchAgents/com.google.keystone.agent.plist

(com.google.keystone.user.agent)

Extrinsic loadable bundles

/Library/Internet Plug-Ins/DirectorShockwave.plugin

(com.adobe.director_12_0.shockwave.pluginshim)

/Library/Internet Plug-Ins/Flash Player.plugin

(com.macromedia.Flash Player.plugin)

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

(com.oracle.java.JavaAppletPlugin)

/Library/Internet Plug-Ins/SharePointBrowserPlugin.plugin

(com.microsoft.sharepoint.browserplugin)

/Library/Internet Plug-Ins/SharePointWebKitPlugin.webplugin

(com.microsoft.sharepoint.webkitplugin)

/Library/PreferencePanes/Flash Player.prefPane

(com.adobe.flashplayerpreferences)

/Library/PreferencePanes/JavaControlPanel.prefPane

(com.oracle.java.JavaControlPanel)

Library/Address Book Plug-Ins/SkypeABDialer.bundle

(com.skype.skypeabdialer)

Library/Address Book Plug-Ins/SkypeABSMS.bundle

(com.skype.skypeabsms)

Library/Internet Plug-Ins/ConduitNPAPIPlugin.plugin

(com.conduit.ConduitNPAPIPlugin)

DNS (from DHCP): 202.156.1.16

Restricted user files: 66

Font problems: 20

Bad plists

Library/Preferences/com.apple.Safari.plist.plist

Library/Preferences/com.solidstatenetworks.host.plist

Elapsed time (s): 55

You have the Downlite (aka VSearch) adware installed. For removal, see my Adware Removal Guide.

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Notice something interesting there, Thomas? That user has VSearch, and also has the Conduit web plugin, but not the rest of Conduit. I never would have thought that could happen. Would you?

There is no need to download anything to solve this problem. You installed a variant of the "VSearch" ad-injection malware. Follow Apple Support's instructions to remove it. Make sure you remove the "Conduit" web plugin, which is included in some older versions of VSearch.

The trouble may have started when you downloaded and ran an application called "MPlayerX." That's the name of a legitimate free movie player, but the name is also used fraudulently to distribute VSearch. If there is an item with that name in the Applications folder, delete it, and if you wish, replace it with the genuine article from mplayerx.org.

This trojan is often found on illegal websites that traffic in pirated content such as movies. If you, or anyone else who uses the computer, visit such sites and follow prompts to install software, you can expect more of the same, and worse, to follow. Never install any software that you downloaded from a bittorrent, or that was downloaded by someone else from an unknown source.

In the Security & Privacy pane of System Preferences, select the General tab. The radio button marked Anywhere should not be selected. If it is, click the lock icon to unlock the settings, then select one of the other buttons. After that, don't ignore a warning that you are about to run or install an application from an unknown developer.

Then, still in System Preferences, open the App Store or Software Update pane and check the box marked

Install system data files and security updates (OS X 10.10 or later)

or

Download updates automatically (OS X 10.9 or earlier)

if it's not already checked.

Linc Davis wrote:

Notice something interesting there, Thomas? That user has VSearch, and also has the Conduit web plugin, but not the rest of Conduit. I never would have thought that could happen. Would you?

I never said it couldn't happen - in fact, I specifically said that I did not deny that you had seen such a thing - but rather said that it almost never does happen that way. Further, trishasng has no idea what you're talking about. Trying to continue a tired old argument from another topic by implying I said something I never did is rather unprofessional. I'm not going to pester trishasng by adding further distraction from solving her problem, and hope she will forgive this brief response.

Maybe you can help me as well?

Sean-MacBook-Air:~ seanbevan$ PATH=/usr/bin:/bin:/usr/sbin:/sbin; clear; Fb='%s\n\t(%s)\n'; Fm='\n%s\n\n%s\n'; Fr='\nRAM details\n%s\n'; Fs='\n%s: %s\n'; Fu='user %s%%, system %s%%'; AC="com.autodesk.AutoCAD com.google.GoogleDrive"; H='^[[:space:]]*((127\.0\.0\.1|::1|fe80::1%lo0)[[:space:]]+local|(255\.){3}255[ [:space:]]*broadcast)host[[:space:]]*$'; NS=networksetup; PB="/usr/libexec/PlistBuddy -c Print"; A () { [[ a -eq 0 ]]; }; M () { find -L "$d" -type f | while read f; do file -b "$f" | egrep -lq XML\|exec && echo $f; done; }; AT () { o=`file -b "$1" | egrep -v '^(A.{16}t$|cann)'`; Ps "${1##*/} format"; }; Pc () { o=`grep -v '^ *#' "$2"`; l=`wc -l <<< "$o"`; [[ l -gt 25 ]] && o=`head -n25 <<< "$o"`$'\n'"[$((l-25)) more line(s)]"; Pm "$1"; AT "$1"; }; Pm () { [[ "$o" ]] && o=`sed -E '/^ *$/d; s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/' <<< "$o"` && printf "$Fm" "$1" "$o"; }; Pp () { o=`$PB "$2" | awk -F'= ' \/$3'/{print $2}'`; Pm "$1"; }; Ps () { o=`echo $o`; [[ ! "$o" =~ ^0?$ ]] && printf "$Fs" "$1" "$o"; }; R () { o=; [[ r -eq 0 ]]; }; SP () { system_profiler SP${1}DataType; }; id -G | grep -qw 80; a=$?; A && sudo true; r=$?; t=`date +%s`; clear; { A || echo $'No admin access\n'; A && ! R && echo $'No root access\n'; SP Software | sed -n 's/^ *//;5p;6p;8p'; h=(`SP Hardware | awk '/ Id/{print $3}; /Mem/{print $2}'`); o=$h; Ps "Model"; o=$((h[1]<4?h[1]:0)); Ps "Total RAM (GB)"; o=`SP Memory | sed '1,5d;/[my].*:/d'`; [[ "$o" =~ s:\ [^O]|x([^08]|0[^2]|8[^0]) ]] && printf "$Fr" "$o"; o=`SP Diagnostics | sed '5,6!d'`; [[ "$o" =~ Pass ]] || Pm "POST"; p=`SP Power`; o=`awk '/Cy/{print $NF}' <<< "$p"`; o=$((o>=300?o:0)); Ps "Battery cycles"; o=`sed -n '/Cond.*: [^N]/{s/^.*://p;}' <<< "$p"`; Ps "Battery condition"; for b in Thunderbolt USB; do o=`SP $b | sed -En '1d;/:$/{s/ *:$//;x;s/\n//p;};/^ *V.* [0N].* /{s/ 0x.... //;s/[()]//g;s/(.*: )(.*)/ \(\2\)/;H;};/Apple|Genesy|Intel|SMSC/{s/.//g;h;}'`; Pm $b; done; o=`pmset -g therm | sed 's/^.*C/C/'`; [[ "$o" =~ No\ th|pms ]] && o=; Pm "Thermal conditions"; o=`pmset -g sysload | grep -v :`; [[ "$o" =~ =\ [^GO] ]] || o=; Pm "System load advisory"; o=`nvram boot-args | awk '{$1=""; print}'`; Ps "boot-args"; a=(/ ""); A=(System User); for i in 0 1; do o=`cd ${a[$i]}L*/Lo*/Diag* || continue; for f in *.{cr,h,pa,s}*; do [[ -f "$f" ]] || continue; d=$(stat -f%Sc -t%F "$f"); [[ "$f" =~ h$ ]] && grep -lq "^Thread c" "$f" && f="$f *"; echo "$d ${f%%_2*} ${f##*.}"; done | sort | tail`; Pm "${A[$i]} diagnostics"; done; grep -lq '*$' <<< "$o" && printf $'\n\t* Code injection\n'; o=`syslog -F bsd -k Sender kernel -k Message CReq 'caug|GPU |hfs: Ru|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|timed? ?o|WARN' -k Message Ane 'SMC:' | tail -n25 | awk '/:/{$4=""; $5=""};1'`; Pm "Kernel messages"; o=`df -m / | awk 'NR==2 {print $4}'`; o=$((o<5120?o:0)); Ps "Free space (MiB)"; o=$(($(vm_stat | awk '/eo/{sub("\\.",""); print $2}')/256)); o=$((o>=1024?o:0)); Ps "Pageouts (MiB)"; s=( `sar -u 1 10 | sed '$!d'` ); [[ s[4] -lt 85 ]] && o=`printf "$Fu" ${s[1]} ${s[3]}` || o=; Ps "Total CPU usage" && { s=(`ps acrx -o comm,ruid,%cpu | sed '2!d'`); n=$((${#s[*]}-1)); c="${s[*]}"; o=${s[$n]}%; Ps "CPU usage by process \"${c% ${s[$((n-1))]}*}\" with UID ${s[$((n-1))]}"; }; s=(`top -R -l1 -n1 -o prt -stats command,uid,prt | sed '$!d'`); n=$((${#s[*]}-1)); s[$n]=${s[$n]%[+-]}; c="${s[*]}"; o=$((s[$n]>=25000?s[$n]:0)); Ps "Mach ports used by process \"${c% ${s[$((n-1))]}*}\" with UID ${s[$((n-1))]}"; o=`kextstat -kl | grep -v com\\.apple | cut -c53- | cut -d\< -f1`; Pm "Loaded extrinsic kernel extensions"; R && o=`sudo launchctl list | awk 'NR>1 && !/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|calendarse|cups|dove|isc|nt p|openld|post[fg]|x)/{print $3}'`; Pm "Extrinsic daemons"; o=`launchctl list | awk 'NR>1 && !/0x|com\.apple|org\.(x|openbsd)|\.[0-9]+$/{print $3}'`; Pm "Extrinsic agents"; o=`for d in {/,}L*/Lau*; do M; done | egrep -v 'com\.apple\.(CSConfig|server)' | while read f; do ID=$($PB\ :Label "$f") || ID="No job label"; printf "$Fb" "$f" "$ID"; done`; Pm "launchd items"; o=`for d in /{S*/,}L*/StartupItems; do M; done`; Pm "Startup items"; sys=`pkgutil --regexp --only-files --files com.apple.pkg.* | sort | uniq | sed 's:^:/:'`; b=`sed -E '/^.+Lib.+\/Contents\/Info.plist$/!d;s/\/Info.plist$//;/Contents\/./d' <<< "$sys"`; l=`egrep '^/usr/lib/.+dylib$' <<< "$sys"`; [[ "$b" && "$l" ]] && { o=`find -L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo}* -type d -name Contents -prune | grep -Fv "$b" | while read d; do test -f "$d/Info.plist" || continue; ID=$($PB\ :CFBundleIdentifier "$_") || ID="No bundle ID"; printf "$Fb" "${d%/Contents}" "$ID"; done`; Pm "Extrinsic loadable bundles"; o=`find /usr/lib -type f -name *.dylib | grep -Fv "$l"`; Pm "Extrinsic shared libraries"; :; } || echo $'\nReceipts missing'; o=`for e in INSERT_LIBRARIES LIBRARY_PATH; do launchctl getenv DYLD_$e; done`; Pm "Environment"; o=`find -L {,/u*/lo*}/e*/periodic -type f -mtime -10d`; Pm "Modified periodic scripts"; o=`scutil --proxy | grep Prox`; Pm "Proxies"; o=`scutil --dns | awk '/r\[0\] /{if ($NF !~ /^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./) print $NF; exit}'`; i=`route -n get default | awk '/e:/{print $2}'`; I=`$NS -listnetworkserviceorder | sed -En '/ '$i'\)$/{x;s/^\(.+\) //p;q;};x'`; n=`$NS -getdnsservers "$I" | awk '!/^T/{print "not "}'`; Ps "DNS (${n}from DHCP)"; o=`$NS -getinfo "$I" | awk '/k:/{if ($3 !~ "(255\.){3}0") print $3}'`; Ps "Netmask"; R && o=`sudo profiles -P | grep : | wc -l`; Ps "Profiles"; f=auto_master; [[ `md5 -q /etc/$f` =~ ^b166 ]] || Pc $f /etc/$f; for f in fstab sysctl.conf crontab launchd.conf; do Pc $f /etc/$f; done; f=/etc/hosts; Pc "hosts" <(egrep -v "$H" $f ); AT $f; Pc "User launchd" ~/.launchd*; R && Pc "Root crontab" <(sudo crontab -l); Pc "User crontab" <(crontab -l | sed -E 's:/Users/[^/]+/:/Users/USER/:g'); R && o=`sudo defaults read com.apple.loginwindow LoginHook`; Pm "Login hook"; LD="$(`find /S*/*/F* -type f -name lsregister | head -n1` -dump)"; o=`for ID in $AC; do [[ "$LD" =~ $ID ]] && echo $ID; done`; Pm "Application check"; Pp "Global login items" /L*/P*/loginw* Path; Pp "User login items" L*/P*/*loginit* Name; Pp "Safari extensions" L*/Saf*/*/E*.plist Bundle | sed -E 's/(\..*$|-[1-9])//g'; o=`find ~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \) | wc -l`; Ps "Restricted user files"; cd; o=`SP Fonts | egrep 'id: N|te: Y' | wc -l`; Ps "Font problems"; o=`find L*/{Con,Pref}* -type f ! -size 0 -name *.plist | while read f; do plutil -s "$f" >&- || echo $f; done`; Pm "Bad plists"; d=(Desktop L*/Keyc*); n=(20 7); for i in 0 1; do o=`find "${d[$i]}" -type f -maxdepth 1 | wc -l`; o=$((o<=n[$i]?0:o)); Ps "${d[$i]##*/} file count"; done; o=; [[ UID -eq 0 ]] && o=root; Ps "UID"; o=$((`date +%s`-t)); Ps "Elapsed time (s)"; } 2>/dev/null | pbcopy; exit 2>&-

WARNING: Improper use of the sudo command could lead to data loss

or the deletion of important system files. Please double-check your

typing when using sudo. Type "man sudo" for more information.

To proceed, enter your password, or type Ctrl-C to abort.

Password:

PATH=/usr/bin:/bin:/usr/sbin:/sbin; clear; Fb='%s\n\t(%s)\n'; Fm='\n%s\n\n%s\n'; Fr='\nRAM details\n%s\n'; Fs='\n%s: %s\n'; Fu='user %s%%, system %s%%'; AC="com.autodesk.AutoCAD com.google.GoogleDrive"; H='^[[:space:]]*((127\.0\.0\.1|::1|fe80::1%lo0)[[:space:]]+local|(255\.){3}255[ [:space:]]*broadcast)host[[:space:]]*$'; NS=networksetup; PB="/usr/libexec/PlistBuddy -c Print"; A () { [[ a -eq 0 ]]; }; M () { find -L "$d" -type f | while read f; do file -b "$f" | egrep -lq XML\|exec && echo $f; done; }; AT () { o=`file -b "$1" | egrep -v '^(A.{16}t$|cann)'`; Ps "${1##*/} format"; }; Pc () { o=`grep -v '^ *#' "$2"`; l=`wc -l <<< "$o"`; [[ l -gt 25 ]] && o=`head -n25 <<< "$o"`$'\n'"[$((l-25)) more line(s)]"; Pm "$1"; AT "$1"; }; Pm () { [[ "$o" ]] && o=`sed -E '/^ *$/d; s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/' <<< "$o"` && printf "$Fm" "$1" "$o"; }; Pp () { o=`$PB "$2" | awk -F'= ' \/$3'/{print $2}'`; Pm "$1"; }; Ps () { o=`echo $o`; [[ ! "$o" =~ ^0?$ ]] && printf "$Fs" "$1" "$o";

[Process completed]

As I wrote in the comment where you found that script, the output is not shown in the Terminal window. It's on the Clipboard. Also, I don't recommend running the script at all unless asked to do so by me. It produces a lot of information that is liable to be misinterpreted by others.

PATH=/usr/bin:/bin:/usr/sbin:/sbin; clear; Fb='%s\n\t(%s)\n'; Fm='\n%s\n\n%s\n'; Fr='\nRAM details\n%s\n'; Fs='\n%s: %s\n'; Fu='user %s%%, system %s%%'; AC="com.autodesk.AutoCAD com.google.GoogleDrive"; H='^[[:space:]]*((127\.0\.0\.1|::1|fe80::1%lo0)[[:space:]]+local|(255\.){3}255[ [:space:]]*broadcast)host[[:space:]]*$'; NS=networksetup; PB="/usr/libexec/PlistBuddy -c Print"; A () { [[ a -eq 0 ]]; }; M () { find -L "$d" -type f | while read f; do file -b "$f" | egrep -lq XML\|exec && echo $f; done; }; AT () { o=`file -b "$1" | egrep -v '^(A.{16}t$|cann)'`; Ps "${1##*/} format"; }; Pc () { o=`grep -v '^ *#' "$2"`; l=`wc -l <<< "$o"`; [[ l -gt 25 ]] && o=`head -n25 <<< "$o"`$'\n'"[$((l-25)) more line(s)]"; Pm "$1"; AT "$1"; }; Pm () { [[ "$o" ]] && o=`sed -E '/^ *$/d; s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/' <<< "$o"` && printf "$Fm" "$1" "$o"; }; Pp () { o=`$PB "$2" | awk -F'= ' \/$3'/{print $2}'`; Pm "$1"; }; Ps () { o=`echo $o`; [[ ! "$o" =~ ^0?$ ]] && printf "$Fs" "$1" "$o"; }; R () { o=; [[ r -eq 0 ]]; }; SP () { system_profiler SP${1}DataType; }; id -G | grep -qw 80; a=$?; A && sudo true; r=$?; t=`date +%s`; clear; { A || echo $'No admin access\n'; A && ! R && echo $'No root access\n'; SP Software | sed -n 's/^ *//;5p;6p;8p'; h=(`SP Hardware | awk '/ Id/{print $3}; /Mem/{print $2}'`); o=$h; Ps "Model"; o=$((h[1]<4?h[1]:0)); Ps "Total RAM (GB)"; o=`SP Memory | sed '1,5d;/[my].*:/d'`; [[ "$o" =~ s:\ [^O]|x([^08]|0[^2]|8[^0]) ]] && printf "$Fr" "$o"; o=`SP Diagnostics | sed '5,6!d'`; [[ "$o" =~ Pass ]] || Pm "POST"; p=`SP Power`; o=`awk '/Cy/{print $NF}' <<< "$p"`; o=$((o>=300?o:0)); Ps "Battery cycles"; o=`sed -n '/Cond.*: [^N]/{s/^.*://p;}' <<< "$p"`; Ps "Battery condition"; for b in Thunderbolt USB; do o=`SP $b | sed -En '1d;/:$/{s/ *:$//;x;s/\n//p;};/^ *V.* [0N].* /{s/ 0x.... //;s/[()]//g;s/(.*: )(.*)/ \(\2\)/;H;};/Apple|Genesy|Intel|SMSC/{s/.//g;h;}'`; Pm $b; done; o=`pmset -g therm | sed 's/^.*C/C/'`; [[ "$o" =~ No\ th|pms ]] && o=; Pm "Thermal conditions"; o=`pmset -g sysload | grep -v :`; [[ "$o" =~ =\ [^GO] ]] || o=; Pm "System load advisory"; o=`nvram boot-args | awk '{$1=""; print}'`; Ps "boot-args"; a=(/ ""); A=(System User); for i in 0 1; do o=`cd ${a[$i]}L*/Lo*/Diag* || continue; for f in *.{cr,h,pa,s}*; do [[ -f "$f" ]] || continue; d=$(stat -f%Sc -t%F "$f"); [[ "$f" =~ h$ ]] && grep -lq "^Thread c" "$f" && f="$f *"; echo "$d ${f%%_2*} ${f##*.}"; done | sort | tail`; Pm "${A[$i]} diagnostics"; done; grep -lq '*$' <<< "$o" && printf $'\n\t* Code injection\n'; o=`syslog -F bsd -k Sender kernel -k Message CReq 'caug|GPU |hfs: Ru|last value [1-9]|n Cause: -|NVDA\(|pagin|proc: t|Roamed|rror|ssert|Thrott|timed? ?o|WARN' -k Message Ane 'SMC:' | tail -n25 | awk '/:/{$4=""; $5=""};1'`; Pm "Kernel messages"; o=`df -m / | awk 'NR==2 {print $4}'`; o=$((o<5120?o:0)); Ps "Free space (MiB)"; o=$(($(vm_stat | awk '/eo/{sub("\\.",""); print $2}')/256)); o=$((o>=1024?o:0)); Ps "Pageouts (MiB)"; s=( `sar -u 1 10 | sed '$!d'` ); [[ s[4] -lt 85 ]] && o=`printf "$Fu" ${s[1]} ${s[3]}` || o=; Ps "Total CPU usage" && { s=(`ps acrx -o comm,ruid,%cpu | sed '2!d'`); n=$((${#s[*]}-1)); c="${s[*]}"; o=${s[$n]}%; Ps "CPU usage by process \"${c% ${s[$((n-1))]}*}\" with UID ${s[$((n-1))]}"; }; s=(`top -R -l1 -n1 -o prt -stats command,uid,prt | sed '$!d'`); n=$((${#s[*]}-1)); s[$n]=${s[$n]%[+-]}; c="${s[*]}"; o=$((s[$n]>=25000?s[$n]:0)); Ps "Mach ports used by process \"${c% ${s[$((n-1))]}*}\" with UID ${s[$((n-1))]}"; o=`kextstat -kl | grep -v com\\.apple | cut -c53- | cut -d\< -f1`; Pm "Loaded extrinsic kernel extensions"; R && o=`sudo launchctl list | awk 'NR>1 && !/0x|com\.(apple|openssh|vix\.cron)|org\.(amav|apac|calendarse|cups|dove|isc|nt p|openld|post[fg]|x)/{print $3}'`; Pm "Extrinsic daemons"; o=`launchctl list | awk 'NR>1 && !/0x|com\.apple|org\.(x|openbsd)|\.[0-9]+$/{print $3}'`; Pm "Extrinsic agents"; o=`for d in {/,}L*/Lau*; do M; done | egrep -v 'com\.apple\.(CSConfig|server)' | while read f; do ID=$($PB\ :Label "$f") || ID="No job label"; printf "$Fb" "$f" "$ID"; done`; Pm "launchd items"; o=`for d in /{S*/,}L*/StartupItems; do M; done`; Pm "Startup items"; sys=`pkgutil --regexp --only-files --files com.apple.pkg.* | sort | uniq | sed 's:^:/:'`; b=`sed -E '/^.+Lib.+\/Contents\/Info.plist$/!d;s/\/Info.plist$//;/Contents\/./d' <<< "$sys"`; l=`egrep '^/usr/lib/.+dylib$' <<< "$sys"`; [[ "$b" && "$l" ]] && { o=`find -L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Compon,Ex,In,iTu,Keyb,Mail/B,P*P,Qu*T,Scripti,Sec,Servi,Spo}* -type d -name Contents -prune | grep -Fv "$b" | while read d; do test -f "$d/Info.plist" || continue; ID=$($PB\ :CFBundleIdentifier "$_") || ID="No bundle ID"; printf "$Fb" "${d%/Contents}" "$ID"; done`; Pm "Extrinsic loadable bundles"; o=`find /usr/lib -type f -name *.dylib | grep -Fv "$l"`; Pm "Extrinsic shared libraries"; :; } || echo $'\nReceipts missing'; o=`for e in INSERT_LIBRARIES LIBRARY_PATH; do launchctl getenv DYLD_$e; done`; Pm "Environment"; o=`find -L {,/u*/lo*}/e*/periodic -type f -mtime -10d`; Pm "Modified periodic scripts"; o=`scutil --proxy | grep Prox`; Pm "Proxies"; o=`scutil --dns | awk '/r\[0\] /{if ($NF !~ /^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./) print $NF; exit}'`; i=`route -n get default | awk '/e:/{print $2}'`; I=`$NS -listnetworkserviceorder | sed -En '/ '$i'\)$/{x;s/^\(.+\) //p;q;};x'`; n=`$NS -getdnsservers "$I" | awk '!/^T/{print "not "}'`; Ps "DNS (${n}from DHCP)"; o=`$NS -getinfo "$I" | awk '/k:/{if ($3 !~ "(255\.){3}0") print $3}'`; Ps "Netmask"; R && o=`sudo profiles -P | grep : | wc -l`; Ps "Profiles"; f=auto_master; [[ `md5 -q /etc/$f` =~ ^b166 ]] || Pc $f /etc/$f; for f in fstab sysctl.conf crontab launchd.conf; do Pc $f /etc/$f; done; f=/etc/hosts; Pc "hosts" <(egrep -v "$H" $f ); AT $f; Pc "User launchd" ~/.launchd*; R && Pc "Root crontab" <(sudo crontab -l); Pc "User crontab" <(crontab -l | sed -E 's:/Users/[^/]+/:/Users/USER/:g'); R && o=`sudo defaults read com.apple.loginwindow LoginHook`; Pm "Login hook"; LD="$(`find /S*/*/F* -type f -name lsregister | head -n1` -dump)"; o=`for ID in $AC; do [[ "$LD" =~ $ID ]] && echo $ID; done`; Pm "Application check"; Pp "Global login items" /L*/P*/loginw* Path; Pp "User login items" L*/P*/*loginit* Name; Pp "Safari extensions" L*/Saf*/*/E*.plist Bundle | sed -E 's/(\..*$|-[1-9])//g'; o=`find ~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 \) | wc -l`; Ps "Restricted user files"; cd; o=`SP Fonts | egrep 'id: N|te: Y' | wc -l`; Ps "Font problems"; o=`find L*/{Con,Pref}* -type f ! -size 0 -name *.plist | while read f; do plutil -s "$f" >&- || echo $f; done`; Pm "Bad plists"; d=(Desktop L*/Keyc*); n=(20 7); for i in 0 1; do o=`find "${d[$i]}" -type f -maxdepth 1 | wc -l`; o=$((o<=n[$i]?0:o)); Ps "${d[$i]##*/} file count"; done; o=; [[ UID -eq 0 ]] && o=root; Ps "UID"; o=$((`date +%s`-t)); Ps "Elapsed time (s)"; } 2>/dev/null | pbcopy; exit 2>&-

System Version: OS X 10.9.5 (13F34)

Kernel Version: Darwin 13.4.0

Boot Mode: Normal

Model: iMac8,1

Total RAM (GB): 2

RAM details

BANK 0/DIMM0:

Size: 1 GB

Speed: 800 MHz

Status: OK

Manufacturer: 0xAD00000000000000

BANK 1/DIMM1:

Size: 1 GB

Speed: 800 MHz

Status: OK

Manufacturer: 0xAD00000000000000

USB

EPSON WorkForce 630 Series (Seiko Epson Corp.)

USB Receiver (Logitech Inc.)

System diagnostics

2015-01-29 Image Capture Extension spin

2015-02-08 Mail hang

2015-02-08 Pages hang

2015-02-17 AAM Updates Notifier spin

User diagnostics

2015-02-02 iPhoto crash

2015-02-16 java crash

Kernel messages

Feb 17 08:43:36 PM notification timeout (pid 1197, iTunes)

Feb 18 11:03:39 process com.apple.WebKit[23052] caught causing excessive wakeups. Observed wakeups rate (per sec): 2212; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 66270

Feb 19 14:27:42 process com.apple.WebKit[44942] caught causing excessive wakeups. Observed wakeups rate (per sec): 223; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45280

Feb 20 17:03:47 process AAM Updates Noti[1306] caught causing excessive wakeups. Observed wakeups rate (per sec): 3774; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45897

Feb 23 00:16:12 process AAM Updates Noti[1320] caught causing excessive wakeups. Observed wakeups rate (per sec): 5634; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45253

Feb 23 13:49:11 process iPhoto[1201] caught causing excessive wakeups. Observed wakeups rate (per sec): 159; Maximum permitted wakeups rate (per sec): 150; Observation period: 300 seconds; Task lifetime number of wakeups: 45038

Extrinsic daemons

com.vmware.launchd.vmware

com.period.searchprotectd

com.leapfrog.connect.shell

Extrinsic agents

com.epson.scanner.ica.49312.UUID

com.flipvideo.FlipShareAutoRun

com.flashmall.updater

com.zeobit.MacKeeper.Helper

com.webhelper

com.macpaw.CleanMyMac2Helper.trashWatcher

com.macpaw.CleanMyMac2Helper.scheduledScan

com.macpaw.CleanMyMac2Helper.diskSpaceWatcher

com.jdibackup.ZipCloud.backupstart

com.jdibackup.ZipCloud.autostart

com.google.keystone.user.agent

com.genieo.completer.update

com.genieo.completer.ltvbit

com.genieo.completer.download

com.crossrider.wss002496.agent.plist

com.akamai.single-user-client

launchd items

/Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

(com.adobe.AAM.Startup-1.0)

/Library/LaunchAgents/com.flipvideo.FlipShare.AutoRun.plist

(com.flipvideo.FlipShareAutoRun)

/Library/LaunchDaemons/com.leapfrog.connect.shell.plist

(com.leapfrog.connect.shell)

/Library/LaunchDaemons/com.perion.searchprotectd.plist

(com.period.searchprotectd)

/Library/LaunchDaemons/com.vmware.launchd.vmware.plist

(com.vmware.launchd.vmware)

Library/LaunchAgents/com.adobe.AAM.Updater-1.0.plist

(com.adobe.AAM.Scheduler-1.0)

Library/LaunchAgents/com.akamai.single-user-client.plist

(com.akamai.single-user-client)

Library/LaunchAgents/com.apple.FolderActions.enabled.plist

(com.apple.FolderActions.enabled)

Library/LaunchAgents/com.apple.FolderActions.folders.plist

(com.apple.FolderActions.folders)

Library/LaunchAgents/com.crossrider.wss002496.agent.plist

(com.crossrider.wss002496.agent.plist)

Library/LaunchAgents/com.genieo.completer.download.plist

(com.genieo.completer.download)

Library/LaunchAgents/com.genieo.completer.ltvbit.plist

(com.genieo.completer.ltvbit)

Library/LaunchAgents/com.genieo.completer.update.plist

(com.genieo.completer.update)

Library/LaunchAgents/com.google.keystone.agent.plist

(com.google.keystone.user.agent)

Library/LaunchAgents/com.jdibackup.ZipCloud.autostart.plist

(com.jdibackup.ZipCloud.autostart)

Library/LaunchAgents/com.jdibackup.ZipCloud.backupstart.plist

(com.jdibackup.ZipCloud.backupstart)

Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.diskSpaceWatcher.plist

(com.macpaw.CleanMyMac2Helper.diskSpaceWatcher)

Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.scheduledScan.plist

(com.macpaw.CleanMyMac2Helper.scheduledScan)

Library/LaunchAgents/com.macpaw.CleanMyMac2Helper.trashWatcher.plist

(com.macpaw.CleanMyMac2Helper.trashWatcher)

Library/LaunchAgents/com.webhelper.plist

(com.webhelper)

Library/LaunchAgents/com.zeobit.MacKeeper.Helper.plist

(com.zeobit.MacKeeper.Helper)

Library/LaunchAgents/WebSocketServerApp

(No job label)

Extrinsic loadable bundles

/System/Library/Extensions/AppleFSCompressionTypeLZVN.kext

(com.apple.AppleFSCompression.AppleFSCompressionTypeLZVN)

/System/Library/Extensions/AppleIntelMCEReporter.kext

(com.apple.driver.AppleIntelMCEReporter)

/System/Library/Extensions/BJUSBMP.kext

(jp.co.canon.bj.kext.BJUSBMP)

/System/Library/Extensions/LfConnectDriver.kext

(com.leapfrog.driver.LfConnectDriver)

/System/Library/Extensions/MacOSXCameraDriver.kext

(com.flipvideo.IOUSBCameraMassStorage)

/Library/Audio/MIDI Drivers/EmagicUSBMIDIDriver.plugin

(info.emagic.driver.unitor)

/Library/Internet Plug-Ins/iPhotoPhotocast.plugin

(com.apple.plugin.iPhotoPhotocast)

/Library/Internet Plug-Ins/JavaAppletPlugin.plugin

(com.apple.java.JavaAppletPlugin)

/Library/Internet Plug-Ins/Silverlight.plugin

(com.microsoft.SilverlightPlugin)

/Library/Internet Plug-Ins/Unity Web Player.plugin

(com.unity.UnityWebPlayer)

/Library/QuickTime/QTMpeg4Codec.component

(com.apple.QTMpeg4Codec)

/Library/Spotlight/GBSpotlightImporter.mdimporter

(com.apple.garageband.spotlightimporter)

/Library/Spotlight/VMware Virtual Machine.mdimporter

(com.vmware.spotlightImporter)

Library/Internet Plug-Ins/fbplugin_1_0_3.plugin

(com.facebook.plugin)

Library/Internet Plug-Ins/TroviNPAPIPlugin.plugin

(com.conduit.ConduitNPAPIPlugin)

Library/Services/Add To Backup Selection.workflow

(No bundle ID)

Library/Services/Instant Backup.workflow

(No bundle ID)

Library/Services/Remove From Backup Selection.workflow

(No bundle ID)

Library/Services/View Previous Versions.workflow

(No bundle ID)

Extrinsic shared libraries

/usr/lib/libruby.2.0.0.dylib

User login items

Monitor

iTunesHelper.app

VMware Fusion Helper

QuickBooks 2010

Dropbox.app

Safari extensions

Omnibar

searchExt

searchme

Restricted user files: 3626

Font problems: 12

Bad plists

Library/Preferences/com.apple.iphotomosaic.plist

Desktop file count: 33

Elapsed time (s): 392

You have a LOT of adware installed. See my Adware Removal Guide for help finding and removing it all. It will give you both manual removal instructions and a link to my AdwareMedic app that can remove the adware for you automatically. In this case, given the quantity of adware you have installed and the real possibility that you'll miss some stuff trying to do it manually, I'd strongly recommend AdwareMedic. But the choice is entirely yours.

(Fair disclosure: I may receive compensation from links to my sites, TheSafeMac.com and AdwareMedic.com.)

Running "adwaremedic," even if it does remove all the adware you've installed (and I have no idea whether it will or not), will not even scratch the surface of solving your real problem, which is that you are using the computer unsafely. Blithely following advice on a website yet again to run an unknown application would be a further step in the wrong direction. Continue to behave that way, and you'll continue to be victimized by Internet criminals, and neither "adwaremedic" nor any other software will save you.

The right direction is to erase the startup volume, reinstall OS X, and then restore only your documents from a backup. Ask if you need detailed guidance to do that.

Until you have more experience as a Mac user, I suggest you change a setting to allow only Apple updates and software from the App Store to be installed.

Open the Security & Privacy pane in System Preferences and select the General tab. Click the lock icon in the lower left corner and enter your password to unlock the settings. Select the button marked

Mac App Store

and close the preference pane. For information about the effects of this setting, see this support article. You may need to change the setting temporarily to install some third-party software, such as Flash Player. Be especially careful with that, as malware is often distributed in the form of a fake Flash update. Never follow a link to a Flash update on any web page. Instead use the built-in updater in the Flash Player preference pane.

The products in the App Store, while they aren't always very good, can at least be considered safe enough to use.