Jump to content

DI-624+ (d-link)


Foxyfoxy

Recommended Posts

u-torrent problem: No incoming connections.

I have:

Portfowarded utorrent in the router, I have allowed utorrent in my firewall. I have searched for 4-5 hours and found that this seems to be a common problem with this router. I think I also found what seems to be the issue.

When utorrent checks the port the IP used is my external IP (82.249 etc.) while I have portforwarded the internal (192.168.0.3 - A static IP outside the router range.)

I can't find anything about this, unless I happen to be completely blind.

Link to comment
Share on other sites

uTorrent checks your internet (external) ip. If you've port forwarded and not firewalled, then the test should pass ok.

You may have more than your router blocking uTorrent.

Does your modem contain a mini-router and/or firewall of its own that needs to be configured or disabled?

Are you running any software firewalls? (...often hidden in antivirus/antispyware products now!)

Link to comment
Share on other sites

As far as I know anything firewall-ish should be allowing utorrent.

I have Norton 360 where utorrent is allowed. I also have Lavasoft adaware.

My modem is webstar EPX2203. I don't know much about configuring either routers or modems. As for the router I have followed all the portforward.com guides. Modem is like a mystery wrapped in a riddle to me.

Link to comment
Share on other sites

Norton may allow uTorrent incoming and outgoing access to the internet, but not allow internet incoming access to uTorrent. :P

I did web searches (mostly using GOOGLE) for webstar EPX2203, but couldn't turn up proof it was a modem-router.

This leaves only Norton and possibly windows firewall as likely blocking uTorrent causes.

...Or maybe you could try Process Explorer and/or HijackThis! as described in the 1st link in my signature?

There is bad commercial software which may also interfere with uTorrent. :(

Link to comment
Share on other sites

Well... Hmm. My norton died and I shut down the windows firewall and still the same. Here's a hijack log:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:53:44, on 2008-07-20

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

C:\Program\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\ps2.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\QuickTime\QTTask.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Windows Media Player\WMPNSCFG.exe

C:\Program\DNA\btdna.exe

C:\WINDOWS\System32\PAStiSvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\Program\uTorrent\uTorrent.exe

C:\Program\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=SV_SE&c=Q404&bd=pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program\Winamp Toolbar\winamptb.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\NppBho.dll

O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program\Winamp Toolbar\winamptb.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: (no name) - {97679B95-E8D6-4F90-AB58-0CB97407053F} - C:\WINDOWS\System32\gebyx.dll (file missing)

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: HP-vy - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program\HP\Digital Imaging\bin\HPDTLK02.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Norton-werkbalk weergeven - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program\Delade filer\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program\Winamp Toolbar\winamptb.dll

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\imfmi.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [Orb] "C:\Program\Winamp Remote\bin\OrbTray.exe" /background

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program\Windows Media Player\WMPNSCFG.exe

O4 - HKCU\..\Run: [bitTorrent DNA] "C:\Program\DNA\btdna.exe"

O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe

O4 - HKCU\..\Policies\Explorer\Run: [{7CB8D062-07CF-1053-0902-04030504002e}] "C:\Program\Delade filer\{7CB8D062-07CF-1053-0902-04030504002e}\Update.exe" mc-110-12-0000272

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKAL TJÄNST')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~4\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Öppna på ny flik i bakgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/229?695b1c7a918f4df88953e95c71b93e77

O8 - Extra context menu item: Öppna på ny flik i förgrunden - res://C:\Program\Windows Live Toolbar\Components\sv-se\msntabres.dll.mui/230?695b1c7a918f4df88953e95c71b93e77

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab

O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{A2031F14-C307-41BC-A6B7-F05147C76A0F}: NameServer = 192.168.0.1

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: gebyx - C:\WINDOWS\System32\gebyx.dll (file missing)

O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program\Delade filer\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\VAScanner\comHost.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\Program\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\Program\MYWEBS~1\bar\4.bin\mwssvc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program\Delade filer\Symantec Shared\CCPD-LC\symlcsvc.exe

--

End of file - 9634 bytes

Link to comment
Share on other sites

Signs of malware infection here:

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {97679B95-E8D6-4F90-AB58-0CB97407053F} - C:\WINDOWS\System32\gebyx.dll (file missing)

O3 - Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - (no file)

O20 - Winlogon Notify: gebyx - C:\WINDOWS\System32\gebyx.dll (file missing)

O20 - Winlogon Notify: winjgf32 - winjgf32.dll (file missing)

Partial (failed?) uninstall here?:

O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\Program\MYWEBS~1\bar\4.bin\mwssvc.exe (file missing)

Link to comment
Share on other sites

You seem to have overlooked these

O4 - HKLM\..\Run: [Cryptographic Service] C:\WINDOWS\System32\imfmi.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

rather illegitimate processes.

Also, for the record MyWebSearch isn't always badware... the site zwinky (tween hangout) requires it to actually run the site. Though it does appear perhaps someone tried an incomplete removal. When you try to remove MWS from the control panel it guides you through the process.

Link to comment
Share on other sites

I think it's more of a "I got to the root problem instead of listing all which is wrong". I consider ALL processes running from \system32 to be suspect unless they pass MS verification for starters. Process Explorer would also give up more information on those processes while running.

In this day-and-age, all the "suites" as-packaged are junk, in my opinion --too many background processes. All you SHOULD need is regular scanning (with the Windows Scheduler, which noone uses) by a program BEST at each type of vulnerability/problem.

Link to comment
Share on other sites

Here's what my firewall in the router looks like. Since I don't get it at all (well, I get the concept but how to do stuff with it I don't). Could this be messing it up? It's not my router so I don't know much about it.

(Edit: I tried downloading the large test file on bttorrent, or whatever the site was called. It was a 15 MB file and I didn't even see the progressbar. It was done pretty much when I clicked it.)

fwall.jpg

Link to comment
Share on other sites

Enable + Allow checked.

Forward from source WAN (all ip addresses)

...to destination LAN to your computer's LAN ip address on both TCP and UDP (UDP is only needed if you use DHT).

The port range is only the 1 listening port you use in uTorrent.

Probably for the best to ALWAYS have this enabled.

Check FILTERS (on the left side of your screenshot) for any possible blocking filter rules that may be blocking uTorrent.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...