Tech Support Forum - View Single Post - TCP/IP and NetBT errors in Event Log

Gruzz · 12-11-2007, 01:45 PM

Hi, I'm hoping someone here can help.

First of all, appologies if this is not the best fourm for this problem. It is network related, but I'm not sure if it should go here or under Protocols or somewhere else.

Here is as much information as I can give right now:

I am using Windows XP Home Edition, SP2.

My desktop became infected with what is believed to be a keylogger last week. This appears to have been aimed specifically at users of Final Fantasy XI, and downloaded itself automatically via google ad banners on a web site related to the game. My Firewall did not let it talk to the internet once it was on my computer, but by then it seems the damage was done.

I have prevented the problem application from running at start up with SpyBotS&D and physically deleted it from my system. The registry entries for it still exist (I'm not computer literate enough to go poking around in my registry without guidance), but the app itself is not there to cause harm any more.

I have scanned my system with Spybot and also run HijackThis and reviewed the scan file for any similarly suspect applications in my registry. I can see nothing ammis now.

The problem I have is that this malware seems to have corrupted my TCP/IP protocol. Everything else on my PC appears to be running normally.

Upon turning my PC on, Windows takes a long time to finish loading, and does not show my network connection until several minutes after I can actually start using my descktop.

The connection claims to be connected to something (it's definitely plugged into my router), but my packets in/out stay at 0/0, and Task Manager says I have "No Active Network Adapters".

Igconfig will not run (with any options other than "?"). It returns an internal error stating that "The request is not supported" and "Unable to find host name".

So I had a look in my Event Log, and I get a series of driver errors, complaining that my TCP/IP service failed to start because "The specified driver is invalid".

The first error in the log upon booting up says "Initialization failed because the driver device could not be created", Source: NetBT, EventID: 4311.

I've tried to look for more information on this on various forums (including those here) but not really found anything that helps.

Further things I have tried:

Re-installed the network card drivers
Reset WINSOCK with: netsh int ip reset <log>
Rest TCP/IP stack with: netsh winsock reset catalog
Run WinsockXPFix

(Rebooting as required)

These have made no difference.

Is there a way for me to re-install these protocols/drivers in isolation? Or some other way to repair them? Given that everything else appears to be working I'd rather not face a re-install of Windows.

Any help or feedback would be most appreciated.

Many thanks,
G.

12-11-2007, 01:45 PM	#1 (permalink)
Gruzz Registered User Join Date: Dec 2007 Posts: 3 OS: XP Home Edition SP2	TCP/IP and NetBT errors in Event Log - connection to router unavailable Hi, I'm hoping someone here can help. First of all, appologies if this is not the best fourm for this problem. It is network related, but I'm not sure if it should go here or under Protocols or somewhere else. Here is as much information as I can give right now: I am using Windows XP Home Edition, SP2. My desktop became infected with what is believed to be a keylogger last week. This appears to have been aimed specifically at users of Final Fantasy XI, and downloaded itself automatically via google ad banners on a web site related to the game. My Firewall did not let it talk to the internet once it was on my computer, but by then it seems the damage was done. I have prevented the problem application from running at start up with SpyBotS&D and physically deleted it from my system. The registry entries for it still exist (I'm not computer literate enough to go poking around in my registry without guidance), but the app itself is not there to cause harm any more. I have scanned my system with Spybot and also run HijackThis and reviewed the scan file for any similarly suspect applications in my registry. I can see nothing ammis now. The problem I have is that this malware seems to have corrupted my TCP/IP protocol. Everything else on my PC appears to be running normally. Upon turning my PC on, Windows takes a long time to finish loading, and does not show my network connection until several minutes after I can actually start using my descktop. The connection claims to be connected to something (it's definitely plugged into my router), but my packets in/out stay at 0/0, and Task Manager says I have "No Active Network Adapters". Igconfig will not run (with any options other than "?"). It returns an internal error stating that "The request is not supported" and "Unable to find host name". So I had a look in my Event Log, and I get a series of driver errors, complaining that my TCP/IP service failed to start because "The specified driver is invalid". The first error in the log upon booting up says "Initialization failed because the driver device could not be created", Source: NetBT, EventID: 4311. I've tried to look for more information on this on various forums (including those here) but not really found anything that helps. Further things I have tried: Re-installed the network card drivers Reset WINSOCK with: netsh int ip reset <log> Rest TCP/IP stack with: netsh winsock reset catalog Run WinsockXPFix (Rebooting as required) These have made no difference. Is there a way for me to re-install these protocols/drivers in isolation? Or some other way to repair them? Given that everything else appears to be working I'd rather not face a re-install of Windows. Any help or feedback would be most appreciated. Many thanks, G.