I am having some serious issues with mcafee privacy service...the other day on this computer all my settings as far as what programs can and can't use the internet simply disappeared. Privacy service suddenly started popping up messages every time the computer tried to do anything with the internet. One of the things it did is sometimes randomly say that the administrator has disallowed "internet" acess except on a certain day at a particular time. I can't even find an option to set it that way, nevermind the fact that I never would have set that. And when I change any settings to allow programs to use the internet connection, and not prompt for every cookie, etc etc, it does not save them. I tell it not to prompt again and it does anyway. The only solution I have thus far found is to completely disable privacy service. My initial thought was that a virus or some kind of malware is causing this issue (disabling access to the internet seemed like a malware behavior) but a full system scan revealed no problems. I don't get it. This just happened out of the blue. It had been running fine for quite some time. Also, a minor side issue: a program called on demand is installed. I thought it was by mcafee but in the start menu it is under "network associates." Every time the computer starts up, it pops up a box that says "failed to connect to computer '.'" with some more information about why a remote computer could not be connected to. I have no idea why it does this. I thought this program was just an on-demand scanner. An exhaustive google search has led to no solutions to either of these problems! Help!!

Download Hijack This 1.99.1 here ,install it and "Do A System Scan Only". Click on "SCAN" at the bottom. Once it's finished click on "Save Log" and save it as a .txt file. DO NOT fix anything! This is a pretty powerful tool. Be sure that the program is in its own folder on the root drive (eg. C:/HJT). If it's saved in a temp folder it won't be able to make back-ups if needed. Also be sure that while it's running that all other windows are closed. Then copy and paste the log back here and I'll take a look at it for you. I've got a funny feeling that your internet has been hijacked. McAfee doesn't always catch everything unless it's right up to date. Let's see what the HJT log brings up. If it's clean we'll look at other options. Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Thanks for the reply. Hijak this log at end of post. It doesn't seem to show anything suspicious as far as I can tell. The problem with McAfee privacy service seems to be that it won't save any settings on reboot and somehow my settings have been wiped out. The error message that the Network Associates VirusScan program pops up on startup has been happening for a while, with no apparent repercussions. I have just never been one to ignore error messages and hope they go away. Logfile of HijackThis v1.99.1 Scan saved at 8:02:41 AM, on 5/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe C:\WINDOWS\system32\ctfmon.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe c:\program files\mcafee.com\agent\mcdetect.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe c:\PROGRA~1\mcafee.com\agent\mctskshd.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\Opera.exe C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.exe C:\Program Files\McAfee\McAfee Privacy Service\guarddog.exe C:\Hijak this\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8118 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: McAfee Privacy Service - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [McAfee Guardian] C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe /SU O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: VirusScan Console.lnk = C:\Program Files\Network Associates\VirusScan\mcconsol.exe O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Privacy Bar - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,23/mcgdmgr.cab O23 - Service: McAfee Privacy Service (GuardDogEXE) - Unknown owner - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.exe" /SERVICE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe

It looks like we're in for a fight. Download and unzip Avenger to your desktop. Start up Avenger. Check the 'Input script manually' option. Click the Magnifying Glass icon. In the box that opens, copy,then paste the following: File to delete: C:\WINDOWS\SYSTEM32\winmyy32.dll Then click on 'Done'. Click the Traffic Light icon to start the program. Then press OK at the prompts to reboot your PC. After the reboot, Open hijackthis, scan and place a check mark next to the following if it remains. O20 - Winlogon Notify: winmyy32 - C:\WINDOWS\SYSTEM32\winmyy32.dll Then,, Please download ATF-Cleaner.exe to run the program. Under Main choose: Select All - Uncheck cookies if you do not want them removed. Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All - Uncheck cookies if you do not want them removed. Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. This will remove all files from the items that are checked so if you have some cookies you'd like to save. please move them to a different directory first. 1. Download Ewido security suite 2. After the download is complete, double click on the file to launch the install process. 3. During installation under the Additional Options menu, you will be asked if you want to "Install background guard (required for automatic updates)" and "Install scan via context menu". Please UNCHECK both of these options. 4. Once installation is complete, launch Ewido by double-clicking the big "E" icon on your desktop. The program will prompt you to update -- click the 'OK' button. 5. The program will now go to the main screen. On the left hand side of the main screen, click on Update and then click 'Start Update'. The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see 'Update Successful' in the lower left corner. 6. Click on 'Scanner' (the 3rd bar from the top on the left) and Choose 'Settings' 7. Please make sure 'Scan Every File' is selected. Finally, please click 'OK' 8. On the main screen, please select 'Complete System Scan' and the scan should begin. 9. While the scan is in progress, you will be prompted to clean the first infected file it finds. Choose clean, then put a check next to 'Perform action on all infections' in the the box. Doing this, enables the scan to proceed automatically until its completion. Click OK 10. When the scan is complete, click "Save Report". Your scan results will be saved in a textfile. Please submit that with your next post. If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this: 1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder. 2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan. Then reboot, Then, Download Blacklite to C:\ Do not rut it yet Go start>run and paste or type in c:/blbeta.exe /expert Click ok or press enter, scan with Blacklite > next then exit. There will be a new log next to blacklite, post it please. Scan again and post a fresh hijackthis log. Post the contents of the C:\avenger.txt file. Post the contents of the log created by Ewido. This may seem to be quite a bit to do but I'm getting vengeful seeing as that entry doesn't want to go away. It's a little more serious than I first anticipated. How is your computer working, before and after all of the above? Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

Crap! Ignore all of that. I'm blushing. I post my reply on the wrong thread. This is what happens when you have two windows open at once. Very, very sorry for that. Proud member of Alliance of Security Analysis Professionals since 2005. ASAP

You were right though. That log is clean. One question I've been pondering though is this entry: C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe Maybe try disabling it and try McAfee. The two may possibly be conflicting one another. If there's no gain on your situation. Turn it right back on but that's all I can come up with. Once again, I am terribly sorry for the above. I have no idea what I was thinking. Proud member of Alliance of Security Analysis Professionals since 2005. ASAP