Welcome to Ebugg-i.com

Thanks for coming to Ebugg-i.com.

Ad blocker detected


Our website is made possible by displaying online advertisements to our visitors. We need to pay our bills (hosting charges) and we can't do that for free. Please consider supporting us by disabling your ad blocker on our website and whitelist our website.
Please disable ad blocker and reload this web page
Close this message

[Answering] How can I use PowerShell to Remove "Ghost" (Old Hidden) VMware Network Adapters in Windows 7?

Posted on: Jun 26 2014 Category :Windows > Win7networking Views: 1199 | Subscribe


We recently upgrade the virtual hardware of some of our VMware VM's running Windows 7. One side-effect is that in Windows on these machines, an instance of the NIC from the previous version of virtual hardware remains, as a hidden device. This can be easily found manually on a machine by enabling Device manager to show hidden devices (registry and a menu option - View...Show Hidden Devices). You can then just right-click on the device in question and uninstall.

The problem here, like in so many other tasks, is that you may have multiple instances, on multiple machines. We had just that, and in scouring the internet for a PowerShell only script to resolve the issue, I could not find one. Therefore, I've written my own.

This exact script is only seeking out VMware "VMXNET3" nic cards, but could be easily adapted to find Ghost NIC's for a different vendor using my example. There are also some commented lines left in to aid you as an example of how you can test the various queries in your own environment, on a test machine, before a full-blown deployment. 

NOTE: Please try this out (at your own risk - I am not responsible for how this works out for you), and please vote for my answer to this dilemma if this helped you. I'd appreciate it after all of the sweat the script took to crank out. Thanks!

P.S. This script, of course, requires that Powershell is installed and enabled on the target computer. It then must be run as System - In our environment it is being remotely pushed through a software delivery systems, which runs this scrpt as system.

THE SCRIPT:

CLS

#Querying WMI for Ghost NICs and Returning Criteria...

 Write-Host "VMware Ghost NIC Remover" -Foreground GREEN Write-Host "Author: Octavio Serpa AKA Octavio-Admin" Write-Host "Copyright Octavio Serpa - Octavio-Admin - 2014" Write-Host ""

 Write-Host "Checking Powershell Version" -Foreground Yellow $host.version Write-Host ""

 Write-Host "Searching for Ghost NIC's" -Foreground Yellow $Ghosts = gwmi win32_NetworkAdapter | ?{$_.Description -like "vm*" -and $_.Installed -like "True" -and $_.MACAddress -eq $null} $Ghosts | Select-Object Name,DeviceID   If ($Ghosts -NE $NULL)  {  Write-Host "One or more ghost NIC'S do exist on this machine. Script will continue..." -foreground RED  Write-Host ""      }   else  {  Write-Host "No ghost NIC's Found :) - Exiting..." -Foreground Green  Write-Host ""      EXIT 0  }

#Using Criteria to Obtain the GUID of each Ghost NIC  Write-Host "Getting NIC Variables" -Foreground Yellow

 foreach ($_ in $Ghosts) {      $DID = $_.DeviceID

  If ($DID -NE $NULL)  {  Write-Host "The NIC DID: $DID"  }   else  {  Write-Host "$DID is NULL - Exiting..."  EXIT 666  }

  if($DID -NOTLIKE "1*")    {   Write-Host "Adding additional 0 to registry lookup since the DID is just one character..." - foreground yellow   Write-Host ""    $NICREG = Get-ItemProperty "hklm:SYSTEMCurrentControlSetControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}00$DID"   }   ELSE

   {   $NICREG = Get-ItemProperty "hklm:SYSTEMCurrentControlSetControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}0$DID"   }   $GUID = $NICREG.NetCfgInstanceId  Write-Host "The NIC GUID: $GUID"

                $PNPDID = $NICREG.DeviceInstanceID  $PNPDID = $PNPDID.Trimstart("PCIVEN_15AD&DEV_07B0&SUBSYS_07B015AD&REV_01")  Write-Host "The truncated PNPDevice ID is $PNPDID"  Write-Host ""

  Write-Host "Searching for Registry Keys that match NIC GUID: $GUID" -Foreground Yellow    $NICREGPATH = @(1..50)

  foreach ($_ in $NICREGPATH)

   {   $TESTREG = Test-Path "HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionNetworkCards$_" -Verbose

   if($TESTREG -EQ $FALSE)

    {    #Write-Host ""    #Write-Host "FALSE: HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionNetworkCards$_ DOES NOT EXIST" -Foreground RED         }     ELSE

    {    #Write-Host "True - NIC $_ Exists" -Foreground Green

    $NICID = $_    

    $SubPath1 = 'HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionNetworkCards'+$NICID    #Write-Host "The Sub-Key Path To Query = $SubPath1"

    $SubPath2 = 'HKLM:SOFTWAREWow6432NodeMicrosoftWindows NTCurrentVersionNetworkCards'+$NICID    #Write-Host "The Sub-Key Path To Query = $SubPath2"

    $NICProperties = Get-ItemProperty $SubPath1    #$NICProperties

    $Match = $NICProperties.ServiceName        #$Match        foreach ($_ in $Match) {        #Write-Host "The NIC GUID found in this registry key is: $_" -Foreground Yellow    #Write-Host ""      if($_ -NE $GUID)

    {    #Write-Host "NO MATCH - THIS NIC HAS NOT BEEN TOUCHED" -Foreground GREEN                                #Write-Host ""    }

    ELSE     {    Write-Host "MATCH - Registry Entries for this NIC will be DELETED" -Foreground RED      Remove-Item $SubPath1 -Recurse  -ErrorAction SilentlyContinue    Remove-Item $SubPath2 -Recurse  -ErrorAction SilentlyContinue      $CCS = @("ControlSet001", "ControlSet002")

    foreach ($_ in $CCS) {

     $CCS = $_

     $reg1 = 'HKLM:SYSTEM' + $CCS + 'Services'+$GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose             $reg1 = 'HKLM:SYSTEM' + $CCS + 'ServicesTcpipParametersAdapters'+$GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose          $reg1 = 'HKLM:SYSTEM' + $CCS + 'ControlDeviceClasses{ad498944-762f-11d0-8dcb-00c04fc3358c}##?#PCI#VEN_15AD&DEV_07B0&SUBSYS_07B015AD&REV_01#$PNPDID#{ad498944-762f-11d0-8dcb-00c04fc3358c}#'+$GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose         $reg1 = 'HKLM:SYSTEM' + $CCS + 'ControlNetwork{4D36E972-E325-11CE-BFC1-08002BE10318}'+$GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose      $reg1 = 'HKLM:SYSTEM' + $CCS + 'servicesJNPRNAParametersAdapters' + $GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose

     $reg1 = 'HKLM:SYSTEM' + $CCS + 'servicesNetBTParametersInterfacesTcpip_' + $GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose

     $reg1 = 'HKLM:SYSTEM' + $CCS + 'servicesPschedParametersNdisAdapters' + $GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose      $reg1 = 'HKLM:SYSTEM' + $CCS + 'servicesTcpipParametersAdapters' + $GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose

     $reg1 = 'HKLM:SYSTEM' + $CCS + 'servicesTcpipParametersDNSRegisteredAdapters' + $GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose      $reg1 = 'HKLM:SYSTEM' + $CCS + 'servicesTcpipParametersInterfaces' + $GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose      $reg1 = 'HKLM:SYSTEM' + $CCS + 'servicesWfpLwfParametersNdisAdapters' + $GUID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose

                                         if($DID -NOTLIKE "1*")

                                         {              $reg1 = 'HKLM:SYSTEM' + $CCS + 'ControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}00' + $DID                         Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose       }        ELSE

       {       $reg1 = 'HKLM:SYSTEM' + $CCS + 'ControlClass{4D36E972-E325-11CE-BFC1-08002BE10318}0' + $DID       Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose       }

     $reg1 = 'HKLM:SYSTEM' + $CCS + 'EnumPCIVEN_15AD&DEV_07B0&SUBSYS_07B015AD&REV_01' + $PNPDID     Remove-Item $reg1 -Recurse  -ErrorAction SilentlyContinue -verbose     }    }    }

                                } 

    }

}

#This is our Success check at the end Write-Host "" Write-Host "Searching for any remaining Ghost NICs:" -Foreground Yellow

          $Ghosts = gwmi win32_NetworkAdapter | ?{$_.Description -like "vm*" -and $_.Installed -like "True" -and $_.MACAddress -eq $null}

 $Ghosts | Select-Object Name,DeviceID    If ($Ghosts -NE $NULL)  {  Write-Host "There is still at least one ghost NIC present. The remover script may not be functioning correctly. Please contact Octavio-Admin on Microsoft Technet Forums with any questions" -foreground RED  Write-Host ""  EXIT 666  }   else  {  Write-Host "No ghost NIC's Found :) - Exiting..." -Foreground Green  Write-Host ""      EXIT 0  }




Post your comments/solution

Get email updates. Virus Removal Tips, News, How to, Threat Alerts.

Bitdefender Antivirus for Mac and PC

Leave a comment!