6 Replies Latest reply on Feb 6, 2012 1:08 PM by Jon Scholten

    Furious after McAfee Web Gateway 7 has suddenly appeared on my computer and is blocking sites.

      In the last hour somehow McAfee Web Gateway 7 has been installed onto my computer and is now actively preventing me from viewing certain webpages.


      The first thing I will say is that in the last hour I have not installed anything. I have Nod32 Firewall and AV. I have done a scan.

      Secondly I have DEP enabled and UAC is enabled.


      I also have Malwarebytes paid, actively protecting my PC and I have immunized my computer with Spybot S&D.

      I have done scans with ALL of these programs and can find NOTHING.


      This problem only appears on Firefox. It does not appear on Google Chrome or Internet Explorer.

      It has only been happening for an hour. I have so many security modules in place that I have no idea how this sort of thing can happen and it honestly really frustrates me that this can happen.


      I have tried uninstalling (to my absolute displeasure) Firefox and reinstalling it. Nothing works...


      Whenever I try to go to some websites I get this page:




      Alternatively when I download something it goes to the same page and apparently searches the file for viruses before letting me download it.


      I have NEVER installed this program or anything from McAfee. I have no idea in hell how this has gotten onto my computer. This is one of the most frustrating things ever because I cannot simply find the extension in Firefox settings where I can remove it.

      I have disabled all of my addons, and then checked and disabled all of my extensions and plugins as well. Nothing stops this from showing up.


      I have searched my whole computer for 'McAfee' including my registry and I do not have a single entry at all with anything to do with McAfee.

      Before 1 hour ago I could download files normally without this annoying popup and I could browse any website I wanted without this stupid thing telling me that I cannot...


      I have tried disabling all of my protection and re-enabling. I have tried restarting and shutting down.


      Here is a Hijack This log file:


      Logfile of Trend Micro HijackThis v2.0.4

      Scan saved at 20:11:28, on 6.2.2012

      Platform: Windows 7 SP1 (WinNT 6.00.3505)

      MSIE: Internet Explorer v9.00 (9.00.8112.16421)

      Boot mode: Normal


      Running processes:

      C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe

      C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

      C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe


      C:\Program Files (x86)\MagicDisc\MagicDisc.exe

      C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe

      C:\Program Files (x86)\Mozilla Firefox\firefox.exe

      C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

      C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

      F2 - REG:system.ini: UserInit=userinit.exe

      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

      O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

      O4 - HKLM\..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe

      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

      O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

      O4 - HKUS\S-1-5-21-2863558729-1456226192-851000428-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

      O4 - HKUS\S-1-5-21-2863558729-1456226192-851000428-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

      O4 - Startup: Dropbox.lnk = Kuutti\AppData\Roaming\Dropbox\bin\Dropbox.exe

      O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

      O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

      O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

      O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe

      O23 - Service: ASUS HM Com Service (asHmComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AAHM\1.00.11\aaHMSvc.exe

      O23 - Service: ASUS System Control Service (AsSysCtrlService) - Unknown owner - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe

      O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

      O23 - Service: Device Handle Service - ASUSTeK Computer Inc. - C:\Windows\SysWOW64\AsHookDevice.exe

      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe

      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

      O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

      O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

      O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

      O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

      O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

      O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

      O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)



      End of file - 9865 bytes


      I cannot see anything related at all to McAfee or even Firefox in that log... and I can't see anything wrong with anything there...

      So why is this happening to me? Why can I find no trace of this program or little piece of software in my 'Add/Remove Programs'? Why can I find no trace of this at all anywhere.


      I would consider myself a highly skilled computer user. I do freelance coding in Ruby and this is my work computer, it is extremely important that I do not have any sort of unauthorised software on my computer that I did not allow to be installed personally. No one else has acess to this computer, it's just my computer. Yet I am mindful of everything that I click on, I scan everything before opening, I never make mistakes so I have no idea how on earth this could have gotten onto my computer and why even when I do an uninstall of Firefox that it is still persistant.


      I will also send an email to the customer support here, because this is unacceptable regardless. The fact that there is absolutely no easy, end-user-friendly way of uninstalling this little piece of software, or addon or whatever it is. Is absolutely absurd.


      Lastly I have also run this file: MCPR.exe

      Located here: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe


      I have run the program and let it uninstall any sort of trace of anything McAfee related, not that I have installed anything in the first place.


      There is also nothing new in 'Startup items' in msconfig, as well as 'Services'.

      There is also no suspicious processes running in taskmanager and other than this problem nothing at all is out of the ordinary.

      I honestly have no idea in all of my years how this has happened and why it has happened and how I cannot be able to remove this. I have never had a problem that I have not been able to find an answer to on google. But searching google just gives me garbage links that lead me nowhere at all.

      Please someone provide assistance on removing this horrible thing from my computer.


      If you need additional information please do not hesitate to ask.

      Also I am sorry for the long post but I did not want anyone to offer simple advice when I have more or less covered all the bases to no avail. You have no idea how frustrating this is....


      Message was edited by: leijonasisu on 06/02/12 12:22:21 CST