What the ff....

SwampThing

Anyone any ideas here. I get 300+ pings in CoD and look at this...

C:\>ping www.boards.ie

Pinging www.boards.ie [82.195.136.36] with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 82.195.136.36:
	Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\>tracert www.boards.ie

Tracing route to www.boards.ie [82.195.136.36]
over a maximum of 30 hops:

  1	<1 ms	 1 ms	 1 ms www.xxx.yyy.zzz
2	 *	 *		*	 Request timed out.
  3	 *	 ^C
C:\>

Firewall turned off - IOLBB, XP SP2. Surfing is fine. I'm blaming this for my crappy pings to game servers. Anyone? Thanks.

www.irishisptest - 240kbps down, 100kbps up - I'm on a 1024/128 line!!!

AdMMM

Im going to hazard a guess that you may be infected with some spy/malware.

SwampThing

Possible. What tools would you recommend for detection/removal?

AdMMM

I'd recommend using

Microsoft AntiSpyware - http://www.microsoft.com/athome/security/spyware/software/default.mspx

AdAware - http://lavasoft.de

Spybot Search And Destroy - http://www.safer-networking.org/en/download/

Do a full scan using those 3 (not all at the same time) and you'll weed out the majority of your infected files.

Also, don't forget http://windowsupdate.microsoft.com to download Security patches and the like.

SwampThing

Thanks. Where's the best place to post a HijackThis log?

zAbbo

A linux newb getting pwned by windows ?

SwampThing

Is that the most intelligent thing you can think of posting bazH?

AdMMM

Well you may as well post it up here...

SwampThing

I think it's OK tbh, but here it is anyway...

Logfile of HijackThis v1.99.1
Scan saved at 23:52:07, on 06/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nfscsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\WINDOWS\system32\devldr32.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\Program Files\Esker\Common\ESLCBcst.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NET Traffic Meter\NET Traffic Meter.exe
H:\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O1 - Hosts: 194.125.74.162 oldfile
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp_9028.dll' missing
O12 - Plugin for .zip: c:\PROGRA~1\PKWARE\PKZIPP\nppkzip.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: Esker License Control (EskerLicenseControl) - Esker S.A. - C:\Program Files\Esker\Common\ESLCBcst.exe
O23 - Service: Esker FTPD (ftpds) - Esker - C:\PROGRA~1\TUN\TCPW\WFTPDSNT.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Esker LPD (lpds) - Esker - C:\PROGRA~1\TUN\TCPW\WLPDSNT.EXE
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Esker NFSD (nfsds) - Esker - C:\PROGRA~1\TUN\TCPW\WNFSDSNT.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR1\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Esker NFS, Network Provider (TunNfsNP) - Unknown owner - C:\WINDOWS\system32\nfscsrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe

SwampThing

I still can't ping/tracert to anything. The question is, should I be able to ping/tracert to external sites?

AdMMM

This may be your problem regarding not being able to ping other sites to rectify it do the following:

Go to the set-up of your router @ 192.168.1.1 . Once you're in, click on Security, now unselect the PING option and update the settings

Restart your modem and you should now be able to ping sites!

However, that wouldnt explain why you are pinging 300 to CoD servers. Did you always ping that high to them? or is it only recently?

SwampThing

You little beaut!. Thanks - pings/tracert sorted. I even remember turning the bloody things on!

As for CoD - It's recent enought that I could get between 50 & 60ms responses from a few servers (jolt.co.uk) but in the past 3/4 weeks it's chronic!

Of couse Sods Law has just been enforced. The fastest ping to a CoD server now is 68 (reported from within CoD). If I ping the server ip address from command prompt...

C:\>ping 84.244.130.44

Pinging 84.244.130.44 with 32 bytes of data:

Reply from 84.244.130.44: bytes=32 time=73ms TTL=53
Reply from 84.244.130.44: bytes=32 time=70ms TTL=53
Reply from 84.244.130.44: bytes=32 time=68ms TTL=53
Reply from 84.244.130.44: bytes=32 time=75ms TTL=53

Ping statistics for 84.244.130.44:
	Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
	Minimum = 68ms, Maximum = 75ms, Average = 71ms

C:\>

Reasonable enough.

Maybe Esat have signed up several thousand subscribers in Naas in the past 3 weeks!

Edit...
And just to top it off - irishisptest results - 479kbps up/ 82kbps down - terrible!!

jonski

Do you use a firewall , if so , which one ?

Also is this a constant problem through out the day or only at certain times ?

And while you have the high ping to servers , what is your dos ping ?

Have reasons for above questions ..................

optiplexgx270

those pings to boards are ****e!

causal

I don't think he was pinging boards at: ping 84.244.130.44 - it seems to be some Dutch hosting company, maybe there's a game server hosted there?

(Pinging www.boards.ie [82.195.136.36])

causal

Cabaal

optiplexgx270 wrote:

those pings to boards are ****e!

Excellent job reading his post, its a CoD server not boards.ie
:rolleyes:

SwampThing

Yeah, it's a CoD server. Thanks for the help.

optiplexgx270

SwampThing wrote:

Yeah, it's a CoD server. Thanks for the help.

Oops well the pings are still poor just checked them . Dono where i got boards from

oh btw Swamp that shell script you sent me (the second one) didnt work :mad: it crashed out after creating 32000 accounts.

SwampThing

optiplexgx270 wrote:

oh btw Swamp that shell script you sent me (the second one) didnt work :mad: it crashed out after creating 32000 accounts.

It could be a integer size limit in the shell.

I'll have a look today and update if I find anything. :mad:

SwampThing

Right opti, I've tried that on RHES 3 - no problems. It merrily counts all the way to 60000.

What OS are you using?

optiplexgx270

RedHat 9

Moriarty

Problem resolved, take your loonix problems elsewhere please