Won't pickup DHCP address

[JohnB]

I am fixing a computer for a friend. The PC is running XP Pro, SP2. It was
infected with a bunch of viruses. After a lot of research, the fix turned
out to be something called SDfix.exe. The computer uses McAfee and all it
was doing was deleting viruses by the thousands.... over and over. Then I
ran the SDfix and all that stopped. There were no more problems, except
one; the computer will not get a DHCP address from the router. I can put
in a static IP address and it works fine. Put it back to DHCP and it
doesn't get an address. I tried resetting the IP static using netsh. That
didn't work.

Has anyone seen this before? This is not a router issue.
Any ideas would be appreciated.
Thanks.

 

[V Green]

Google for "winsock fix" and see if any of
that applies to you.

 

[David H. Lipman]

From: "JohnB" <[email protected]>

| I am fixing a computer for a friend. The PC is running XP Pro, SP2. It was
| infected with a bunch of viruses. After a lot of research, the fix turned
| out to be something called SDfix.exe. The computer uses McAfee and all it
| was doing was deleting viruses by the thousands.... over and over. Then I
| ran the SDfix and all that stopped. There were no more problems, except
| one; the computer will not get a DHCP address from the router. I can put
| in a static IP address and it works fine. Put it back to DHCP and it
| doesn't get an address. I tried resetting the IP static using netsh. That
| didn't work.
|
| Has anyone seen this before? This is not a router issue.
| Any ideas would be appreciated.
| Thanks.
|

I'll bet the PC was infected with non-viral malware and not "viruses".

Many forms of adware/spyware insert a Layered Service Provider (LSP) into the Windows
Sockets (WINSOCK) and if you remove the malware but not the LSP you break the IP stack.

Set the PC's IP statically. If it does not access the Internet then you know the above is
true.

The following tool is effective in fixing WINSOCK.
LSPFix -- http://www.cexx.org/LSPFix.exe

 

[JohnB]

Yeah, that is exactly the case; if I set a static IP address, along with IP
addresses for DNS, everything is fine.

I'll try the WINSOCK fix now.

 

[JohnB]

I just tried that tool, and that reported that there aren't any problems
with the WINSOCK. I found another page that said to run MSinfo32, and you
could check the status of WINSOCK with that, it it's fine there too.

But I agree, that the malware changed something that has affected DHCP on
this PC.

 

[R. McCarty]

Run Services.Msc and check that the DHCP Service is set to start
Automatically and that it's current state is "Started".

 

[JohnB]

Checked that... it is set to Automatic, and was started.
I also read something about trying to delete the driver for the NIC, and
then re-install it. That didn't work either.

 

[R. McCarty]

Purge/Clear your System/Application event log and then immediately
reboot the PC and then re-check both logs. Hopefully you'll get an
idea of what is wrong from any Errors & Warnings that are logged.

 

[JohnB]

I get nothing in the application log and, in the Security log I get one
event: 1007
And any Googling on that only points to problems with the DHCP server.
As I said, if I put in a static IP, it works. It's definitely not the
router. Have several other computers using it with no problem.

 

[R. McCarty]

Assume you did an IPConfig/FlushDNS on the problematic PC.
Also what does the Router log indicate for DHCP license's that
are in use ? I've seen this problem if someone configures the router
to use only a narrow available IP assignment table. ( sort of a
makeshift Security setup ).

 

[JohnB]

I've rebooted - same as flushing dns entries. It's not the router. I have
2 working routers. It doesn't work on either of them But thanks for the
suggestions.
This sure is a strange one.

 

[R. McCarty]

One last suggestion - Uninstall TCP/IP protocol from the
NIC, reboot and Re-install.

Beyond that it's like you said.

 

[JohnB]

I wish I could. Unfortunately, TCP/IP can't be uninstalled. The button is
grayed out. And Microsoft states that it is because "TCP/IP is an integral
part of XP". All they suggest is to reset the stack with Netsh, which I've
already done.

But thanks for the suggestions.

 

[pcbutts1 [MS MVP]]

Use my Winsock Repair network tool. It is not the same as the LSP fix and
not the same as the netsh winsock reset command. Download it here
http://pcbutts1.com/downloads/tools/tools.htm

 

[JohnB]

I downloaded it and took a look at your batch file. All it does is reset
the stack using Netsh, which as I said, I've already done. I noticed you
did a reboot after the reset, and I hadn't rebooted after the reset I did,
so I ran your batch file but... same result, no connectivity.
Just for grins I downloaded and installed SP3, but that didn't help either.

 

[David H. Lipman]

From: "JohnB" <[email protected]>

| I just tried that tool, and that reported that there aren't any problems 't
| with the WINSOCK. I found another page that said to run MSinfo32, and you
| could check the status of WINSOCK with that, it it's fine there too.
|
| But I agree, that the malware changed something that has affected DHCP on
| this PC.
|

Maybe I didn't state it well. Sorry.
If you set the IP stack statically and you can get on the Internet then then you didn't have
to use LSPFix as the IP stack isn't broken.

I also see that it was suggested to check the state of the DHCP Client Service and it was
started OK.

I also see the suggestion to remove the TCP/IP protcol and reboot and that you could not.

Here I suggest moving the NIC to a different PCI slot. I relaize that if the NIC is
embedded on the motherboard you can't do this. If this is the case I suggest installing a
NIC on the PCI bus and see if you get get a TCP/IP address lease.

 

[JohnB]

Unfortunately, I don't have a spare NIC. But I honestly don't think that
would make any difference, since the existing NIC works just fine when it's
set to static IP.

 

[R. McCarty]

Have you tried removing all the LACs that are associated with the
NIC from the Registry ?, reboot and see if a newly created one
will configure with DHCP ?

They can be found at:
HKLM\System\CurrentControlSet\Control\Network
*Usually indented 2 levels below the first GUID, identified with the
Connection Sub-Key. Remove the GUID directly above the
Connection key to remove the LAC.

 

[JohnB]

Tried that. Didn't work either.

Have you tried removing all the LACs that are associated with the
NIC from the Registry ?, reboot and see if a newly created one
will configure with DHCP ?

They can be found at:
HKLM\System\CurrentControlSet\Control\Network
*Usually indented 2 levels below the first GUID, identified with the
Connection Sub-Key. Remove the GUID directly above the
Connection key to remove the LAC.

 

[Calab]

Unfortunately, I don't have a spare NIC. But I honestly don't think that
would make any difference, since the existing NIC works just fine when
it's set to static IP.

Just saw this thread, so I may have missed something...

Currently you work fine when set with a static IP, but don't work when
trying to obtain a dynamic IP?

Connected directly to your ISP, or are you getting the IP from your router?

When you run IPCONFIG /ALL what is your MAC address?