Redirect Help!

jcb33

jcb33

jcb33

Soldato
Joined
11 Apr 2003
Posts
4,175
Location
Notts
Hi all, I have a problem, nearly every single .co.uk website I visit I get the following message:

Unable to connect

Firefox can't establish a connection to the server at www.sedoparking.com.
Click to expand...

There are only a few .co.uk sites I can visit, this being one of them (Thank fully) If I try to ping this site, or any other I can visit, the proccess times out, however If I ping any site I get the error message from I get the following IP returned:

216.93.180.64
Click to expand...

I have had no problems before, and it seems to have started up tonight, however as my pc has been sat waiting to be unpacked for the past few days I know I have contracted nothing... I am at uni on student networks.

I have ran Ad-Aware, and Spybot, with no luck, as well as clearing my HOSTS file.

Here is my HiJackThis Log, if anyone can help I will be very gratefull.

Thanks,
Jcb33!

Logfile of HijackThis v1.99.1
Scan saved at 23:46:25, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\WiFiConnector\NintendoWFCReg.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JASONG~1\LOCALS~1\Temp\Rar$EX00.109\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Run Nintendo Wi-Fi USB Connector Registration Tool.lnk = C:\Program Files\WiFiConnector\NintendoWFCReg.exe
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1182893899140
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Click to expand...
 
I can't see anything dodgy with that list. Someone else might know more than me though.

If you run Firefox, go to Tools>Options>Advanced>Network tab. Click on Settings in Connection area. What is Firefox set to? Direct connection, auto detect proxy, manual proxy or auto config proxy URL?
 
Try news.bbc.co.uk, theregister.co.uk, google.co.uk. Do any of them work? Can you try this with IE and any other browser you have? I'd like to work out if its your PC/network or Firefox with the problem.
 
Is it the same with IE?

What do you get with start, run, cmd, nslookup [inset a site that doesn't work]?
 
theregister and google.co.uk both work, news.bbc.co.uk however does not, I get the same in each browser.
 
You should get something like this:

Non-authoritative answer:
Name: newswww.bbc.net.uk
Address: 212.58.226.20
Aliases: news.bbc.co.uk
Click to expand...

The output from ipconfig /all might be useful too - how are you connected to the network?
 
tolien said:
Is it the same with IE?

What do you get with start, run, cmd, nslookup [inset a site that doesn't work]?
Click to expand...

C:\Documents and Settings\Jason Gunn>nslookup news.bbc.co.uk

Server: secure.pavilion-connexionx.co.uk
Address: 10.3.7.254

Non-authoritative answer:
Name: news.bbc.co.uk
Address: 216.93.180.64
 
Hmm I'm not tolien but the secure.pavilion-connexionx.co.uk/10.3.7.254 looks like the cause.

I recognise 10.3.7.254 as something my Uni runs so perhaps the Uni servers are mis-directing the traffic tolien?
 
tolien said:
You should get something like this:



The output from ipconfig /all might be useful too - how are you connected to the network?
Click to expand...

Im connected via a LAN port in my wall, ipconfig info:

Ethernet adapter Hamachi:

Connection-specific DNS Suffix:
IP Address: 5.175.59.168
Subnet Mask: 255.0.0.0
Default Gateway:

Ethernet adapter Local Area Connection 3:
Media State: Media disconnected

Ethernet adapter Wireless Network Connection:
Media State: Media disconnected

Ethernet adapater Local Area Connection:

Conneciton-specific DNS Suffix: pavilion-connexions.coluk
IP Address: 10.3.1.108
Subnet Mask: 255.255.248.0
Default Gateway: 10.3.7.254
 
10.3.7.254 is an RFC 1918 IP - non-routable for internal networks, so it might not be the same thing you're thinking of.

Control Panel -> Network Connections -> right click Local Area Connection -> Properties -> TCP/IP -> Properties button. Are both set to Obtain an IP address/DNS server address automatically?
 
sidethink said:
You also appear to be running a Hamachi VPN client - can you try disconnecting that and see what happens?
Click to expand...

That wont be causing the problem as it is not active, I only use it to create virtual LANs on the net. This is realy frustrating not being able to access sites :(
 
Do you know anyone that's on the same network?
Alternatively, you could speak to the network support, and ask why their DNS seems to be giving dud answers.
 
Why don't you report it, you really should not be touching the uni network unless you are an admin of the network?
 
tolien said:
Do you know anyone that's on the same network?
Alternatively, you could speak to the network support, and ask why their DNS seems to be giving dud answers.
Click to expand...

I have just spoken to some friends, and they are having the same problem, being directed to the same page which does not load.... So looks like its out of my hands *Growls* I will go and report it tomorow!

*Update* Just went and they were open, they said they are aware of the problem and it should be fixed by tomorow, if not come back again and they will see what they can do, its their normal fobbing off but I will give them the benifit of the doubt!

Thanks to everyone for your help! Also if you have any advice I could pass on to the network admin I would be greatfull! Thanks!
 
Last edited:
jcb33 said:
its their normal fobbing off but I will give them the benifit of the doubt!
Click to expand...

I'm sorry but technicians don't fob users off. Sometimes you can't explain to an end user whats going on so they say they are dealing with it and they are aware of whats going on.

I am sorry but I work in that environment and it is very hard to judge a persons knowledge to how much you can tell them. I don't care if someone had knowledge in IT but I still won't tell them the exact problem or fix, I would just tell them were working on it. Infact this has happened before with me and it was that there was a rogue dns server on the network.

So bare that in mind next time you come accross a technician.
 
You must log in or register to reply here.
Back
Top Bottom