Popups - Onclickrev

So probably as you were typing, I called my internet provider for the 3rd time about this issue (because like you I kept thinking it stemmed from the router) he "reset" their end as I reset the router and entered different DNS settings. I then came back to Safari and it happened again. I then cleared Safari (now remember, I did this at least 2 dozen times before)... and what do you know - It hasn't happened again!!!!!!

SO the solution so far:

Reset the router - verify correct settings/DNS settings

Clear Safari (history, empty cache, and website data)

The issue must have altered my router settings to not allow me to completely clear Safari or send it on a loop... I don't know.

Your suggestions have been most helpful! I applaud you for taking the time for brainstorming this issue. Much thanks and appreciation! (fingers crossed this is the solution!!)

I did mention that I almost all suggestions found on the internet, including:

-Clearing Safari

-Clearing Safari in safe mode

-Downloading virus and adware software (Norton, AVG, Malwarebytes)

-Trying the websites an an outside network

-Calling my internet provider

-Speaking with a specialist from Malwarebytes (he stopped responding when the 4 different suggestions he had did not work)

-

I have tested all the suggestions in the first link you provided.

Safari is opening pages (it does not give me the error referred to in your second link).

The Report from EtreCheck:

EtreCheck version: 3.4.6 (460)

Report generated 2017-10-15 13:06:27

Download EtreCheck from https://etrecheck.com

Runtime: 3:11

Performance: Good

Click the [Lookup] links for more information from Apple Support Communities.

Click the [Details] links for more information about that line.

Click the [Clean up] link to delete unused files.

Problem: Other problem

Description:

Website redirects

Hardware Information:ⓘ

MacBook Pro (Retina, Mid 2012)

[Technical Specifications] - [User Guide] - [Warranty & Service]

MacBook Pro - model: MacBookPro10,1

1 2.3 GHz Intel Core i7 (i7-3615QM) CPU: 4-core

8 GB RAM Not upgradeable

BANK 0/DIMM0

4 GB DDR3 1600 MHz ok

BANK 1/DIMM0

4 GB DDR3 1600 MHz ok

Handoff/Airdrop2: supported

Wireless: en0: 802.11 a/b/g/n

Battery: Health = Normal - Cycle count = 600

iCloud Quota: 1.72 TB available

Video Information:ⓘ

Intel HD Graphics 4000 - VRAM: 1536 MB

Color LCD 2880 x 1800

NVIDIA GeForce GT 650M - VRAM: 1 GB

Disk Information:ⓘ

APPLE SSD SM256E disk0: (251 GB) (Solid State - TRIM: Yes)

[Show SMART report]

EFI (disk0s1 - MS-DOS FAT32) <not mounted> [EFI]: 210 MB

(disk0s2) <not mounted> [APFS Container]: 250.79 GB

USB Information:ⓘ

USB20Bus

hub_device

Apple Inc. FaceTime HD Camera (Built-in)

USB20Bus

hub_device

hub_device

Apple Inc. Apple Internal Keyboard / Trackpad

Apple Inc. BRCM20702 Hub

Apple Inc. Bluetooth USB Host Controller

USB30Bus

Thunderbolt Information:ⓘ

Apple Inc. thunderbolt_bus

Virtual disks:ⓘ

Macintosh HD (disk1s1 - APFS) / [Startup]: 250.79 GB (19.60 GB free)

Physical disk: disk0s2 250.79 GB (19.60 GB free)

(disk1s2) <not mounted> [Preboot]: 250.79 GB

Physical disk: disk0s2 250.79 GB

(disk1s3) <not mounted> [Recovery]: 250.79 GB

Physical disk: disk0s2 250.79 GB

(disk1s4) /private/var/vm [VM]: 250.79 GB

Physical disk: disk0s2 250.79 GB

System Software:ⓘ

macOS High Sierra 10.13 (17A405) - Time since boot: about one day

Gatekeeper:ⓘ

Mac App Store and identified developers

Clean up:ⓘ

/Library/LaunchAgents/com.canon.MFManager.plist

/Applications/Canon Utilities/ImageBrowser EX/ExtApp/MFManager.app/Contents/MacOS/MFManager

Executable not found!

com.adobe.ARM.[...].plist

/Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper semi-auto

Executable not found!

2 orphan files found. [Clean up]

Kernel Extensions:ⓘ

/Library/Extensions

[loaded] com.malwarebytes.mbam.rtprotection (3.0 - SDK 10.12) [Lookup]

[loaded] com.symantec.SymXIPS (8.1 - SDK 10.10) [Lookup]

[loaded] com.symantec.internetSecurity.kext (7.5.1 - SDK 10.11) [Lookup]

[loaded] com.symantec.ips.kext (7.5.1 - SDK 10.11) [Lookup]

[loaded] com.symantec.nfm.kext (7.5.1 - SDK 10.11) [Lookup]

/System/Library/Extensions

[not loaded] com.libusb.USB_Shield (6.0) [Lookup]

[not loaded] com.livescribe.kext.LivescribeSmartpen (1.0) [Lookup]

Startup Items:ⓘ

HWNetMgr: Path: /Library/StartupItems/HWNetMgr

HWPortDetect: Path: /Library/StartupItems/HWPortDetect

Startup items no longer function in OS X Yosemite or later

System Launch Agents:ⓘ

[not loaded] 8 Apple tasks

[loaded] 168 Apple tasks

[running] 112 Apple tasks

System Launch Daemons:ⓘ

[not loaded] 38 Apple tasks

[loaded] 180 Apple tasks

[running] 112 Apple tasks

Launch Agents:ⓘ

[failed] com.canon.MFManager.plist (? 8a8296d7 0 - installed 2012-05-22) [Lookup] - /Applications/Canon Utilities/ImageBrowser EX/ExtApp/MFManager.app/Contents/MacOS/MFManager: Executable not found!

[running] com.malwarebytes.mbam.frontend.agent.plist (Malwarebytes Corporation - installed 2017-10-09) [Lookup]

[loaded] com.oracle.java.Java-Updater.plist (? 58022947 72ac4dde - installed 2017-10-10) [Lookup]

[running] com.symantec.uiagent.application.NFM.plist (Symantec - installed 2017-10-09) [Lookup]

[loaded] ouc.plist (Shell Script 95eaf36e - installed 2014-07-07) [Lookup]

Launch Daemons:ⓘ

[loaded] com.adobe.ARMDC.Communicator.plist (Adobe Systems, Inc. - installed 2017-01-12) [Lookup]

[loaded] com.adobe.ARMDC.SMJobBlessHelper.plist (Adobe Systems, Inc. - installed 2017-01-12) [Lookup]

[not loaded] com.apple.installer.cleanupinstaller.plist (? 1963bf56 0 - installed 2017-09-30)

[failed] com.livescribe.PenCommService.plist (? ce8953a9 cc9bf92d - installed 2012-08-08) [Lookup]

[running] com.malwarebytes.mbam.rtprotection.daemon.plist (Malwarebytes Corporation - installed 2017-10-09) [Lookup]

[running] com.malwarebytes.mbam.settings.daemon.plist (Malwarebytes Corporation - installed 2017-10-09) [Lookup]

[loaded] com.microsoft.office.licensing.helper.plist (? 6d8cb30e afb3bef0 - installed 2010-08-25) [Lookup]

[loaded] com.oracle.java.Helper-Tool.plist (Shell Script e3fefdd2 - installed 2017-07-21) [Lookup]

[failed] com.symantec.SymLUHelper.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[loaded] com.symantec.UninstallerToolHelper.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[not loaded] com.symantec.deepsight-extractor.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[failed] com.symantec.liveupdate.daemon.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[running] com.symantec.nfm.wps.plist (Symantec - installed 2017-09-08) [Lookup]

[running] com.symantec.sharedsettings.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[running] com.symantec.symdaemon.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[loaded] com.symantec.symqual.detail.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[loaded] com.symantec.symqual.panicreporter.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

[loaded] com.symantec.symqual.submit.NFM.plist (Symantec - installed 2017-09-08) [Lookup]

User Launch Agents:ⓘ

[failed] com.adobe.ARM.[...].plist (? 560d19c8 0 - installed 2013-01-14) [Lookup] - /Applications/Adobe Reader.app/Contents/MacOS/Updater/Adobe Reader Updater Helper.app/Contents/MacOS/Adobe Reader Updater Helper: Executable not found!

[loaded] com.dropbox.DropboxMacUpdate.agent.plist (Dropbox, Inc. - installed 2017-08-10) [Lookup]

[loaded] com.google.keystone.agent.plist (Google, Inc. - installed 2017-09-27) [Lookup]

User Login Items:ⓘ

WunderlistHelper SMLoginItem - Hidden (Apple, Inc. - installed 2017-06-23)

(/Applications/Wunderlist.app/Contents/Library/LoginItems/WunderlistHelper.app)

Internet Plug-ins:ⓘ

Silverlight: 5.1.41212.0 (installed 2016-02-14) [Lookup]

QuickTime Plugin: 7.7.3 (installed 2017-09-20)

AdobePDFViewer: 17.012.20098 (installed 2017-09-01) [Lookup]

JavaAppletPlugin: Java 8 Update 144 build 01 (installed 2017-10-10) Check version

SharePointBrowserPlugin: 14.5.8 (installed 2015-12-06) [Lookup]

Safari Extensions:ⓘ

[enabled] Norton Security - Symantec Corporation - http://www.norton.com/mac (installed 2017-10-11)

3rd Party Preference Panes:ⓘ

Java (installed 2017-10-10) [Lookup]

Time Machine:ⓘ

Skip System Files: NO

Mobile backups: ON

Auto backup: YES

Volumes being backed up:

Macintosh HD: Disk size: 250.79 GB Disk used: 231.19 GB

Destinations:

MY PASSPORT [Local]

Total size: 750.12 GB

Total number of backups: 19

Oldest backup: 3/5/17, 10:32 PM

Last backup: 10/2/17, 9:41 PM

Size of backup disk: Adequate

Backup size 750.12 GB > (Disk used 231.19 GB X 3)

Top Processes by CPU:ⓘ

4% kernel_task

3% RTProtectionDaemon

2% com.apple.WebKit.WebContent

1% AppleIDAuthAgent

1% accountsd

Top Processes by Memory:ⓘ

959 MB kernel_task

410 MB NFMWps

214 MB kextd

212 MB mds_stores

195 MB com.apple.WebKit.WebContent

Top Processes by Network Use:ⓘ

Input Output Process name

17 KB 105 MB nsurlsessiond

611 KB 541 KB mDNSResponder

216 KB 212 KB com.apple.WebKit.Networking

108 KB 73 KB netbiosd

40 KB 35 KB apsd

Top Processes by Energy Use:ⓘ

4.12 com.apple.WebKit.WebContent

1.96 WindowServer

1.60 Safari

1.46 launchd

1.40 hidd

Virtual Memory Information:ⓘ

2.17 GB Available RAM

150 MB Free RAM

5.83 GB Used RAM

2.03 GB Cached files

46 MB Swap Used

Software installs (last 30 days):ⓘ

Malwarebytes for Mac: (installed 2017-09-28)

Combo Cleaner: 1.1.2 (installed 2017-09-28)

Malwarebytes for Mac: (installed 2017-10-09)

AVG AntiVirus: 17.4 (installed 2017-10-09)

Adware Doctor: 1.5.1 (installed 2017-10-09)

Adware Doctor: 1.5.1 (installed 2017-10-09)

Norton for Mac: (installed 2017-10-09)

Norton Security SKU: (installed 2017-10-09)

nfmavdefinitions: (installed 2017-10-09)

Java 8 Update 144: (installed 2017-10-10)

Install information may not be complete.

Diagnostics Events (last 3 days for minor events):ⓘ

2017-10-14 20:27:21 SymDaemon High CPU use [Open] [Details]

I did clean things up after I posted the results.

Symantec, was only recently installed as a result of this issue as a “last resort attempt” to clear anything up. I just haven’t had time to uninstall yet.

Currently attempting a reinstall of the system software without wiping the system clean.

Yeah, tried that and spoke with a fella from there.

He’s convinced that the websites I’m referring to are hacked (could be?) but I have a hard time believing so many are hacked, and if they are, for so long. (Two of them being DLink routers and Gymboree).

My thought is possibly a Java issue ♀

Yes, same situation on a Guest account.
Same thing happens in Chrome.

Tried Safari in Recovery mode.

Reinstalled System software.

Uninstalled Flash Player

Checked DNS servers on router.... but looking at DNS under System Preferences. What should they say or what should I look for?

I suppose it should be noted:

The redirect comes from clicking in a “Search” box, clicking on a radio button (for example to change the size of clothing for an item), after text is selected on a website - right clicking on it to copy, some text on websites have a hyperlink that shouldn’t.

Like I’ve said, it’s happening on various websites - from Gymboree.com, Toms.com, to local establishment websites. It’s also happening on dlink.com (routers etc).

I’m convinced something somewhere is wrong - either my router has changed settings (it happens on outside networks) or it is something “in” my computer.

I’ve not been successful finding info on this anywhere. I’m not a computer genius by any means, but I’ve never come across a computer issue (Mac or PC) that I haven’t been able to fix with a google search - much less have any Mac issues to begin with.

Anyone have anymore ideas????? This has become a personal challenge I must overcome!! (Haha)

Cleared NVRAM - still happens.

Here's the problem with wiping clean the computer (which if it has to be done - then that's what I will have to do)... I now have 3 computers in the house this is happening with.

I live in a remote area, to test on an outside network is 45 minutes away. I have a satellite internet provider that somewhat controls my router. I have called them and they say the router is fine, at this point, I tend to agree that this could be a compromised router. If so, will a reset fix that issue or did the issue stem from the router and then "infect" the computer?