Foxyfoxy Posted July 20, 2008 Report Share Posted July 20, 2008 u-torrent problem: No incoming connections.I have:Portfowarded utorrent in the router, I have allowed utorrent in my firewall. I have searched for 4-5 hours and found that this seems to be a common problem with this router. I think I also found what seems to be the issue.When utorrent checks the port the IP used is my external IP (82.249 etc.) while I have portforwarded the internal (192.168.0.3 - A static IP outside the router range.)I can't find anything about this, unless I happen to be completely blind. Link to comment Share on other sites More sharing options...
Switeck Posted July 20, 2008 Report Share Posted July 20, 2008 uTorrent checks your internet (external) ip. If you've port forwarded and not firewalled, then the test should pass ok.You may have more than your router blocking uTorrent.Does your modem contain a mini-router and/or firewall of its own that needs to be configured or disabled?Are you running any software firewalls? (...often hidden in antivirus/antispyware products now!) Link to comment Share on other sites More sharing options...
Foxyfoxy Posted July 20, 2008 Author Report Share Posted July 20, 2008 As far as I know anything firewall-ish should be allowing utorrent.I have Norton 360 where utorrent is allowed. I also have Lavasoft adaware.My modem is webstar EPX2203. I don't know much about configuring either routers or modems. As for the router I have followed all the portforward.com guides. Modem is like a mystery wrapped in a riddle to me. Link to comment Share on other sites More sharing options...
Switeck Posted July 20, 2008 Report Share Posted July 20, 2008 Norton may allow uTorrent incoming and outgoing access to the internet, but not allow internet incoming access to uTorrent. I did web searches (mostly using GOOGLE) for webstar EPX2203, but couldn't turn up proof it was a modem-router.This leaves only Norton and possibly windows firewall as likely blocking uTorrent causes....Or maybe you could try Process Explorer and/or HijackThis! as described in the 1st link in my signature?There is bad commercial software which may also interfere with uTorrent. Link to comment Share on other sites More sharing options...
Foxyfoxy Posted July 20, 2008 Author Report Share Posted July 20, 2008 Well... Hmm. My norton died and I shut down the windows firewall and still the same. Here's a hijack log:Logfile of Trend Micro HijackThis v2.0.2Scan saved at 22:53:44, on 2008-07-20Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16674)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program\Delade filer\Symantec Shared\ccSvcHst.exeC:\Program\Lavasoft\Ad-Aware\aawservice.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\ps2.exeC:\Program\Delade filer\Symantec Shared\ccApp.exeC:\Program\QuickTime\QTTask.exeC:\Program\iTunes\iTunesHelper.exeC:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program\Windows Media Player\WMPNSCFG.exeC:\Program\DNA\btdna.exeC:\WINDOWS\System32\PAStiSvc.exeC:\WINDOWS\System32\svchost.exeC:\Program\iPod\bin\iPodService.exeC:\Program\Mozilla Firefox\firefox.exeC:\Program\uTorrent\uTorrent.exeC:\Program\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktopR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktopR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = LänkarR3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program\Winamp Toolbar\winamptb.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dllO2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: (no name) - {97679B95-E8D6-4F90-AB58-0CB97407053F} - C:\WINDOWS\System32\gebyx.dll (file missing)O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dllO3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dllO3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dllO3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dllO3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dllO4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\imfmi.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exeO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [Orb] "C:\Program\Winamp Remote\bin\OrbTray.exe" /backgroundO4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exeO4 - HKCU\..\Policies\Explorer\Run: [{7CB8D062-07CF-1053-0902-04030504002e}] "C:\Program\Delade filer\{7CB8D062-07CF-1053-0902-04030504002e}\Update.exe" mc-110-12-0000272O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.htmlO8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htmO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?695b1c7a918f4df88953e95c71b93e77O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?695b1c7a918f4df88953e95c71b93e77O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabO16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{A2031F14-C307-41BC-A6B7-F05147C76A0F}: NameServer = 192.168.0.1O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: gebyx - C:\WINDOWS\System32\gebyx.dll (file missing)O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exeO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exeO23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exeO23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exeO23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exeO23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\Program\MYWEBS~1\bar\4.bin\mwssvc.exe (file missing)O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exeO23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe--End of file - 9634 bytes Link to comment Share on other sites More sharing options...
Switeck Posted July 21, 2008 Report Share Posted July 21, 2008 Signs of malware infection here:O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: (no name) - {97679B95-E8D6-4F90-AB58-0CB97407053F} - C:\WINDOWS\System32\gebyx.dll (file missing)O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)O20 - Winlogon Notify: gebyx - C:\WINDOWS\System32\gebyx.dll (file missing)O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)Partial (failed?) uninstall here?:O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\Program\MYWEBS~1\bar\4.bin\mwssvc.exe (file missing) Link to comment Share on other sites More sharing options...
thelittlefire Posted July 21, 2008 Report Share Posted July 21, 2008 You seem to have overlooked these O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\imfmi.exeO4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exerather illegitimate processes.Also, for the record MyWebSearch isn't always badware... the site zwinky (tween hangout) requires it to actually run the site. Though it does appear perhaps someone tried an incomplete removal. When you try to remove MWS from the control panel it guides you through the process. Link to comment Share on other sites More sharing options...
Switeck Posted July 21, 2008 Report Share Posted July 21, 2008 I probably missed more than that. I only glance over hijackthis! logs.At this point, I'd like to make the off-handed comment that I think Norton's worthless junk.Does it do anything besides slow a computer down? Link to comment Share on other sites More sharing options...
thelittlefire Posted July 21, 2008 Report Share Posted July 21, 2008 I think it's more of a "I got to the root problem instead of listing all which is wrong". I consider ALL processes running from \system32 to be suspect unless they pass MS verification for starters. Process Explorer would also give up more information on those processes while running.In this day-and-age, all the "suites" as-packaged are junk, in my opinion --too many background processes. All you SHOULD need is regular scanning (with the Windows Scheduler, which noone uses) by a program BEST at each type of vulnerability/problem. Link to comment Share on other sites More sharing options...
Switeck Posted July 21, 2008 Report Share Posted July 21, 2008 thelittlefire said: I think it's more of a "I got to the root problem instead of listing all which is wrong".Huh?You mean my comment about Norton or my guesses about possible malware? Link to comment Share on other sites More sharing options...
Foxyfoxy Posted July 21, 2008 Author Report Share Posted July 21, 2008 Here's what my firewall in the router looks like. Since I don't get it at all (well, I get the concept but how to do stuff with it I don't). Could this be messing it up? It's not my router so I don't know much about it.(Edit: I tried downloading the large test file on bttorrent, or whatever the site was called. It was a 15 MB file and I didn't even see the progressbar. It was done pretty much when I clicked it.) Link to comment Share on other sites More sharing options...
Switeck Posted July 21, 2008 Report Share Posted July 21, 2008 Enable + Allow checked.Forward from source WAN (all ip addresses)...to destination LAN to your computer's LAN ip address on both TCP and UDP (UDP is only needed if you use DHT).The port range is only the 1 listening port you use in uTorrent.Probably for the best to ALWAYS have this enabled.Check FILTERS (on the left side of your screenshot) for any possible blocking filter rules that may be blocking uTorrent. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.