renew IP fails after system restore

[Aqueous]

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

 

[Bob Lin \(MS-MVP\)]

We need to upgrade the NIC driver. But since we can't access the Internet,
try to setup static IP address (you can refer to Mac) to access the
Internet. Please post back.

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[Aqueous]

Bob, I'm real novice but... i got the ip from the mac, set that as the
static ip on the pc, added the subnet mask from the mac too. that is as far
as i got, no internet connection yet. but the local area connection icon in
network connections is solid. i await instructions.

 

[Rich/rerat]

Aqueous,
One of those system restore Discs should have the drivers for hardware for your
PC. Check through them.

--
Add MS to your News Reader: news://msnews.microsoft.com
Rich/rerat
(RRR News) <message rule>
<<Previous Text Snipped to Save Bandwidth When Appropriate>>


I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

 

[nass]

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

Adding to Bob good advice, you said a restore disks. I will take it as
Destructive Restore procedure.

what you are getting now is Automatic Private IP Addressing (APIPA) , it
means you don't have connection set up or the PC doesn't talk to the Modem.

So, you need to set up the Broadband or treat it as a new installation , by
installing the software and follow the wizard. Also if your ISP given you the
setting like User name/Password...etc.

But can you do this before trying the set up wizard. Right click the LAN
connection and select Properties, select TCP/IP inertnet protocol and click
on the properties button.

Under general Tab make sure the check Radio button for the following is
checked:

(*) Obtain an IP address automatically


(*) Obtain DNS server address automatically.

Then Click on Alternate Configuration Tab and make sure this Radio button
checked:
(*) Automatic private IP address

Click [OK] and reboot your machine.

Do you get a connection.

 

[Jack [MVP-Networking]]

Hi
Are connected directly to a Modem, or a Modem/Router?
Could be that you lost the ISP authentication scheme.
Jack (MS, MVP-Networking)

 

[Aqueous]

Thanks Rich/, Do you mean use internet explorer to see the files? Can you
suggest what i should be looking for? there are 12 disks. i only had to use
first one, and it autoran into a wizard.

 

[Aqueous]

Thank you nass,
the properties were originally as you described them, but at suggestion of
Bob i changed to static IP, which resulted in the broken icon disappearing
but still limited or no connection. I just did as you suggested and switched
back to DHCP, which returned the broken sign. I returned to the static IP and
broken sign disappeared.
I attempted to re-install software from ISP, which switched settings to DHCP
but failed to find connection and offers no further tips. broken sign is
back.

i know the connection is good as i can plug the ethernet into my mac and it
works.
I await further thoughts.

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

Adding to Bob good advice, you said a restore disks. I will take it as
Destructive Restore procedure.

what you are getting now is Automatic Private IP Addressing (APIPA) , it
means you don't have connection set up or the PC doesn't talk to the Modem.

So, you need to set up the Broadband or treat it as a new installation , by
installing the software and follow the wizard. Also if your ISP given you the
setting like User name/Password...etc.

But can you do this before trying the set up wizard. Right click the LAN
connection and select Properties, select TCP/IP inertnet protocol and click
on the properties button.

Under general Tab make sure the check Radio button for the following is
checked:

(*) Obtain an IP address automatically


(*) Obtain DNS server address automatically.

Then Click on Alternate Configuration Tab and make sure this Radio button
checked:
(*) Automatic private IP address

Click [OK] and reboot your machine.

Do you get a connection.

 

[nass]

Try to make NIS allow the network/Ethernet connection by opening the NIS
firewall and assign the connection as trusted.

Open a run command and type these commands:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your system. Does it help.

Download this software on USB stick or CD and install it, run a complete scan.
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Let us know your progress.

Also. as per "Bob" instructions, can you provide us the Ipconfig /all output
if the above didn't help.

Thank you nass,
the properties were originally as you described them, but at suggestion of
Bob i changed to static IP, which resulted in the broken icon disappearing
but still limited or no connection. I just did as you suggested and switched
back to DHCP, which returned the broken sign. I returned to the static IP and
broken sign disappeared.
I attempted to re-install software from ISP, which switched settings to DHCP
but failed to find connection and offers no further tips. broken sign is
back.

i know the connection is good as i can plug the ethernet into my mac and it
works.
I await further thoughts.

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

Adding to Bob good advice, you said a restore disks. I will take it as
Destructive Restore procedure.

what you are getting now is Automatic Private IP Addressing (APIPA) , it
means you don't have connection set up or the PC doesn't talk to the Modem.

So, you need to set up the Broadband or treat it as a new installation , by
installing the software and follow the wizard. Also if your ISP given you the
setting like User name/Password...etc.

But can you do this before trying the set up wizard. Right click the LAN
connection and select Properties, select TCP/IP inertnet protocol and click
on the properties button.

Under general Tab make sure the check Radio button for the following is
checked:

(*) Obtain an IP address automatically


(*) Obtain DNS server address automatically.

Then Click on Alternate Configuration Tab and make sure this Radio button
checked:
(*) Automatic private IP address

Click [OK] and reboot your machine.

Do you get a connection.

 

[Rich/rerat]

Aqueous,
It should be on a disc that has drivers on the label. It might be with the one
that says Modem or Networking applications/drivers. I am not familar with HP
products. You may need to pop each disc in the CD/DVD-ROM, and see what is
available on each one of them.

You should first check and make sure that you have all the drivers installed
that you need for your PC.

Control Panel> Systems> Hardware tab> Device Manager> Make sure that there are
no Yellow marks next to a device. Look under Networking and see if you have the
driver installed for the device there, should be something like:
Broadcom440x 10/100 Integrated Controller (PC's Brand may be different.)

--
Add MS to your News Reader: news://msnews.microsoft.com
Rich/rerat
(RRR News) <message rule>
<<Previous Text Snipped to Save Bandwidth When Appropriate>>


Thanks Rich/, Do you mean use internet explorer to see the files? Can you
suggest what i should be looking for? there are 12 disks. i only had to use
first one, and it autoran into a wizard.

 

[Aqueous]

resetting winsock did not help, but thanks for the suggestion.

got this from malwarebytes scan, perhaps you can help me interpret it- to my
inexpert eye nothing here would explain the problems, they seem old and
benign, but would you advise i remove these items anyway?

i realize you said to do a complete scan, but this is a quick one as a first
pass. would you still advise a complete scan? I would do that overnight if
so. in the meantime i am still looking for solutions...

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/12/2009 6:38:00 AM
mbam-log-2009-04-12 (06-37-50).txt

Scan type: Quick Scan
Objects scanned: 97976
Time elapsed: 39 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\RegSweep (Rogue.RegSweep) -> No action taken.
C:\Program Files\RegSweep\Microsoft.VC80.MFC (Rogue.RegSweep) -> No action
taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups (Rogue.RegSweep) -> No action taken.

Files Infected:
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_37_56 AM_921.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_38_12 AM_562.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups\2007-08-21_18-38-47.reg (Rogue.RegSweep) -> No action taken.
C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job (Rogue.RegSweep) -> No action
taken.

Try to make NIS allow the network/Ethernet connection by opening the NIS
firewall and assign the connection as trusted.

Open a run command and type these commands:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your system. Does it help.

Download this software on USB stick or CD and install it, run a complete scan.
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Let us know your progress.

Also. as per "Bob" instructions, can you provide us the Ipconfig /all output
if the above didn't help.

Thank you nass,
the properties were originally as you described them, but at suggestion of
Bob i changed to static IP, which resulted in the broken icon disappearing
but still limited or no connection. I just did as you suggested and switched
back to DHCP, which returned the broken sign. I returned to the static IP and
broken sign disappeared.
I attempted to re-install software from ISP, which switched settings to DHCP
but failed to find connection and offers no further tips. broken sign is
back.

i know the connection is good as i can plug the ethernet into my mac and it
works.
I await further thoughts.

:

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

Adding to Bob good advice, you said a restore disks. I will take it as
Destructive Restore procedure.

what you are getting now is Automatic Private IP Addressing (APIPA) , it
means you don't have connection set up or the PC doesn't talk to the Modem.

So, you need to set up the Broadband or treat it as a new installation , by
installing the software and follow the wizard. Also if your ISP given you the
setting like User name/Password...etc.

But can you do this before trying the set up wizard. Right click the LAN
connection and select Properties, select TCP/IP inertnet protocol and click
on the properties button.

Under general Tab make sure the check Radio button for the following is
checked:

(*) Obtain an IP address automatically


(*) Obtain DNS server address automatically.

Then Click on Alternate Configuration Tab and make sure this Radio button
checked:
(*) Automatic private IP address

Click [OK] and reboot your machine.

Do you get a connection.

 

[nass]

I advise you to run a Full scan with malwarebytes.

registry cleaner
http://www.malwarebytes.org/malwarenet.php?name=Rogue.RegSweep

Then download this tool and run it.
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Download this WinsockFix and execute it:
http://www.nasstec.co.uk/downloads/winsockfix.exe

Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting or you can send it to me on my email
provided at the bottom:
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

Can you please send me a copy at (e-mail address removed)
,remove the obvious to email me.

resetting winsock did not help, but thanks for the suggestion.

got this from malwarebytes scan, perhaps you can help me interpret it- to my
inexpert eye nothing here would explain the problems, they seem old and
benign, but would you advise i remove these items anyway?

i realize you said to do a complete scan, but this is a quick one as a first
pass. would you still advise a complete scan? I would do that overnight if
so. in the meantime i am still looking for solutions...

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/12/2009 6:38:00 AM
mbam-log-2009-04-12 (06-37-50).txt

Scan type: Quick Scan
Objects scanned: 97976
Time elapsed: 39 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\RegSweep (Rogue.RegSweep) -> No action taken.
C:\Program Files\RegSweep\Microsoft.VC80.MFC (Rogue.RegSweep) -> No action
taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups (Rogue.RegSweep) -> No action taken.

Files Infected:
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_37_56 AM_921.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_38_12 AM_562.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups\2007-08-21_18-38-47.reg (Rogue.RegSweep) -> No action taken.
C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job (Rogue.RegSweep) -> No action
taken.

Try to make NIS allow the network/Ethernet connection by opening the NIS
firewall and assign the connection as trusted.

Open a run command and type these commands:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your system. Does it help.

Download this software on USB stick or CD and install it, run a complete scan.
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Let us know your progress.

Also. as per "Bob" instructions, can you provide us the Ipconfig /all output
if the above didn't help.

Thank you nass,
the properties were originally as you described them, but at suggestion of
Bob i changed to static IP, which resulted in the broken icon disappearing
but still limited or no connection. I just did as you suggested and switched
back to DHCP, which returned the broken sign. I returned to the static IP and
broken sign disappeared.
I attempted to re-install software from ISP, which switched settings to DHCP
but failed to find connection and offers no further tips. broken sign is
back.

i know the connection is good as i can plug the ethernet into my mac and it
works.
I await further thoughts.


:



:

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

Adding to Bob good advice, you said a restore disks. I will take it as
Destructive Restore procedure.

what you are getting now is Automatic Private IP Addressing (APIPA) , it
means you don't have connection set up or the PC doesn't talk to the Modem.

So, you need to set up the Broadband or treat it as a new installation , by
installing the software and follow the wizard. Also if your ISP given you the
setting like User name/Password...etc.

But can you do this before trying the set up wizard. Right click the LAN
connection and select Properties, select TCP/IP inertnet protocol and click
on the properties button.

Under general Tab make sure the check Radio button for the following is
checked:

(*) Obtain an IP address automatically


(*) Obtain DNS server address automatically.

Then Click on Alternate Configuration Tab and make sure this Radio button
checked:
(*) Automatic private IP address

Click [OK] and reboot your machine.

Do you get a connection.

 

[Aqueous]

I can look a the disks but there are hundreds of files and follders with
obscure file names, and disks have no descriptive labels. i dont know what
to look for.

There are no yellow flags, and the local area driver has the green icon that
suggests it is working. I'll post a cumulative message elsewhere in this
thread. still hoping for help...

 

[Aqueous]

Here is what I have tried so far without luck:
created a static ip: this stopped broken icon on network connection and it
says connected but there is no access to the internet. Returned to auto
detect.
Reinstalled network adapter software drivers by uninstalling and reboot.
(there was no yellow mark, only the green icon indicating ok)
Used ipconfig/release and renew: “an error occurred whle renewing interface
local area connection2 unable to contact your DHCP server. Request has timed
out.
Checked TCP/IP settings/properties. All on auto.
Set LAN to autodetect.
Disabled firewall.
Disabled all Norton functions. There is nothing else that seeks to make a
connection far as I know.
Reset winsock catalog
Ran malwarebytes scan. Result posted separately. Nass post suggests run
additional deep cleaning, will do so overnight.

Only remaining advice from HP:

http://h10025.www1.hp.com/ewfrf/wc/...us&docname=c00055392#c00055392_WIN98TCP_reset

is to contact isp for port settings and put them into the firewall, but
this information is going to be hard to obtain (time warner support, well…)
and I am guessing fruitless given nothing changes when I drop both the
windows and NIS FW completely. Also I don’t know how to deal with port
settings.

Current ipconfig:

Windows IP config
Host name: mxetc
Primary dns suffix: (blank)
IP routing enabled: N
Wins proxy enabled: N
Ethernet adapter local area connection 2:
Connection-specific DNS suffix: (blank)
Description: realtek RTL8139/810x family fast Ethernet nic
Physical address: 00-15-f2-2a-d8-e1
Dhcp enabled Y
Autoconfig enabled Y
Autoconfig IP addresss 169.254.xxx.xxx
Subnet mask 255.255.0.0
Default gateway: (blank)

let me knolw if there is other info you were looking for. thanks to all.

 

[Aqueous]

cable modem, no router. authentication scheme?

Hi
Are connected directly to a Modem, or a Modem/Router?
Could be that you lost the ISP authentication scheme.
Jack (MS, MVP-Networking)

 

[Aqueous]

Full scan with malwarebytes produced no new entities. Avast yielded two:
"fiile c:\program files\updates from HP\9972322\program\Interop.SHDocvw.dll
is infected by win32:adware-gen" and "c:\system
volumeinformation\_restore{a2578cba-012a-4ee9-9e3d-27d3f494a2b6\rp5\a0001126.dll " ditto.

I will "move to chest". and i removed all the rogue files reported by prior
scan by malwarebytes.
will post when i have performed the remaining tasks.

i have to say i am surprised this has yielded any result and quite grateful
that you have directed me to take these steps. hope the end is in sight.

I advise you to run a Full scan with malwarebytes.

registry cleaner
http://www.malwarebytes.org/malwarenet.php?name=Rogue.RegSweep

Then download this tool and run it.
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Download this WinsockFix and execute it:
http://www.nasstec.co.uk/downloads/winsockfix.exe

Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting or you can send it to me on my email
provided at the bottom:
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

Can you please send me a copy at (e-mail address removed)
,remove the obvious to email me.

resetting winsock did not help, but thanks for the suggestion.

got this from malwarebytes scan, perhaps you can help me interpret it- to my
inexpert eye nothing here would explain the problems, they seem old and
benign, but would you advise i remove these items anyway?

i realize you said to do a complete scan, but this is a quick one as a first
pass. would you still advise a complete scan? I would do that overnight if
so. in the meantime i am still looking for solutions...

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/12/2009 6:38:00 AM
mbam-log-2009-04-12 (06-37-50).txt

Scan type: Quick Scan
Objects scanned: 97976
Time elapsed: 39 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\RegSweep (Rogue.RegSweep) -> No action taken.
C:\Program Files\RegSweep\Microsoft.VC80.MFC (Rogue.RegSweep) -> No action
taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups (Rogue.RegSweep) -> No action taken.

Files Infected:
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_37_56 AM_921.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_38_12 AM_562.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups\2007-08-21_18-38-47.reg (Rogue.RegSweep) -> No action taken.
C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job (Rogue.RegSweep) -> No action
taken.

Try to make NIS allow the network/Ethernet connection by opening the NIS
firewall and assign the connection as trusted.

Open a run command and type these commands:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your system. Does it help.

Download this software on USB stick or CD and install it, run a complete scan.
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Let us know your progress.

Also. as per "Bob" instructions, can you provide us the Ipconfig /all output
if the above didn't help.

:

Thank you nass,
the properties were originally as you described them, but at suggestion of
Bob i changed to static IP, which resulted in the broken icon disappearing
but still limited or no connection. I just did as you suggested and switched
back to DHCP, which returned the broken sign. I returned to the static IP and
broken sign disappeared.
I attempted to re-install software from ISP, which switched settings to DHCP
but failed to find connection and offers no further tips. broken sign is
back.

i know the connection is good as i can plug the ethernet into my mac and it
works.
I await further thoughts.


:



:

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

Adding to Bob good advice, you said a restore disks. I will take it as
Destructive Restore procedure.

what you are getting now is Automatic Private IP Addressing (APIPA) , it
means you don't have connection set up or the PC doesn't talk to the Modem.

So, you need to set up the Broadband or treat it as a new installation , by
installing the software and follow the wizard. Also if your ISP given you the
setting like User name/Password...etc.

But can you do this before trying the set up wizard. Right click the LAN
connection and select Properties, select TCP/IP inertnet protocol and click
on the properties button.

Under general Tab make sure the check Radio button for the following is
checked:

(*) Obtain an IP address automatically


(*) Obtain DNS server address automatically.

Then Click on Alternate Configuration Tab and make sure this Radio button
checked:
(*) Automatic private IP address

Click [OK] and reboot your machine.

Do you get a connection.

 

[Aqueous]

i have taken these steps and sent HJT report to your email. thank you again,
and i await your next recommendation.

I advise you to run a Full scan with malwarebytes.

registry cleaner
http://www.malwarebytes.org/malwarenet.php?name=Rogue.RegSweep

Then download this tool and run it.
Download Avast Cleaner (offline scanner) from here:
http://www.avast.com/eng/avast-virus-cleaner.html

Download this WinsockFix and execute it:
http://www.nasstec.co.uk/downloads/winsockfix.exe

Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting or you can send it to me on my email
provided at the bottom:
When all else fails, HijackThis v2.0.2
(http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

Can you please send me a copy at (e-mail address removed)
,remove the obvious to email me.

resetting winsock did not help, but thanks for the suggestion.

got this from malwarebytes scan, perhaps you can help me interpret it- to my
inexpert eye nothing here would explain the problems, they seem old and
benign, but would you advise i remove these items anyway?

i realize you said to do a complete scan, but this is a quick one as a first
pass. would you still advise a complete scan? I would do that overnight if
so. in the meantime i am still looking for solutions...

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 2

4/12/2009 6:38:00 AM
mbam-log-2009-04-12 (06-37-50).txt

Scan type: Quick Scan
Objects scanned: 97976
Time elapsed: 39 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 5
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\RegSweep (Rogue.RegSweep) -> No action taken.
C:\Program Files\RegSweep\Microsoft.VC80.MFC (Rogue.RegSweep) -> No action
taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log
(Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups (Rogue.RegSweep) -> No action taken.

Files Infected:
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_37_56 AM_921.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Log\2007 Aug 22
- 08_38_12 AM_562.log (Rogue.RegSweep) -> No action taken.
C:\Documents and Settings\HP_Owner\Application Data\RegSweep\Registry
Backups\2007-08-21_18-38-47.reg (Rogue.RegSweep) -> No action taken.
C:\WINDOWS\Tasks\RegSweep Scheduled Scan.job (Rogue.RegSweep) -> No action
taken.

Try to make NIS allow the network/Ethernet connection by opening the NIS
firewall and assign the connection as trusted.

Open a run command and type these commands:
ipconfig /flushdns click [OK]
ipconfig /renew click [OK]
netsh winsock reset click [OK]
Reboot your system. Does it help.

Download this software on USB stick or CD and install it, run a complete scan.
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Let us know your progress.

Also. as per "Bob" instructions, can you provide us the Ipconfig /all output
if the above didn't help.

:

Thank you nass,
the properties were originally as you described them, but at suggestion of
Bob i changed to static IP, which resulted in the broken icon disappearing
but still limited or no connection. I just did as you suggested and switched
back to DHCP, which returned the broken sign. I returned to the static IP and
broken sign disappeared.
I attempted to re-install software from ISP, which switched settings to DHCP
but failed to find connection and offers no further tips. broken sign is
back.

i know the connection is good as i can plug the ethernet into my mac and it
works.
I await further thoughts.


:



:

I cannot renew my IP address, i cannot get a default gateway or DNS server. I
have broadband, ethernet from the cable modem, which works fine on the mac i
hooked it to so i can write this. The IP is in range of 169.254.xxx. I
think that is not what it is supposed to be?
Background: XP crashed with a bad kernel32, gdi32 driver, and maybe others
after running chkdsk for routine maintenance. This is an OEM machine but i
got a set of system restore disks from HP and ran standard system restore
which brought back data files and allowed XP to boot. I uninstalled Norton
2005 which is what showed up after the restore, and installed NIS2009,
plugged in the ethernet, and tried to run live update when i found no
internet connection. I dont see how any files could already be corrupted as
this is supposed to be like a new install. but something is wrong. I am
trying to get help from HP but perhaps someone here has insight.
I need help getting to the Internet so I can download updates etc, and maybe
find out the source of the whole problem if there was something got past
NIS...

Adding to Bob good advice, you said a restore disks. I will take it as
Destructive Restore procedure.

what you are getting now is Automatic Private IP Addressing (APIPA) , it
means you don't have connection set up or the PC doesn't talk to the Modem.

So, you need to set up the Broadband or treat it as a new installation , by
installing the software and follow the wizard. Also if your ISP given you the
setting like User name/Password...etc.

But can you do this before trying the set up wizard. Right click the LAN
connection and select Properties, select TCP/IP inertnet protocol and click
on the properties button.

Under general Tab make sure the check Radio button for the following is
checked:

(*) Obtain an IP address automatically


(*) Obtain DNS server address automatically.

Then Click on Alternate Configuration Tab and make sure this Radio button
checked:
(*) Automatic private IP address

Click [OK] and reboot your machine.

Do you get a connection.

 

[Bob Lin \(MS-MVP\)]

This how to may help.

How to assign static IP to Windows
http://www.howtonetworking.com/Networking/settcpip1.htm

--
Bob Lin, MS-MVP, MCSE & CNE
Networking, Internet, Routing, VPN Troubleshooting on
http://www.ChicagoTech.net
How to Setup Windows, Network, VPN & Remote Access on
http://www.HowToNetworking.com

 

[Aqueous]

I want to report how this was resolved. When nothing allowed the NIC to
update, Nass asked a question offline about the modem. I had of course
rebooted the modem from my end several times. It was working fine with a Mac
but not my PC. Could it be the modem, anyway? I contacted the service
provider. After some lengthy discussion they sent a refresh signal to the
modem from their end. My XP machine refreshed the IP and worked perfectly.
Something different in how the mac OS and XP deal with the connectivity?
Something odd at the provider end? Anything to do with my system restore or
is that a coincidence? Wish I knew. For the record, the ISP is TWC, and
this is a motorola cable modem. I encourage others not to make the same
assumption I did.