Npcap Didn't Seem to Completely Uninstall

[drewwebber23]

Hi All,

I have an issue that I've been troubleshooting for some time. I installed the latest available Nmap which came with npcap-0.99-r2. I ended up installing these things, but it seems like the npcap-0.99-r2 is still hanging around somehow and I just can't seem to get things cleaned back up. I tried to run my installation of Wireshark, but during this, it tells me that I can't install WinPCAP because npcap-0.99-r2 is already installed.

Attached image "Wireshark Install_Npcap Error.PNG" shows this.

If I got to my programs in order to Uninstall npcap, I do in fact see this program listed, but if I run the Uninstallation from here, it tells me that the "uninstall.exe" does not exist.

Attached image "Npcap Uninstallation Error.PNG"

The error message is valid. If I go to "C:\Program Files", I don't see any "npcap" directory here, so obviously the underlying "uninstall.exe" can't be found where it would be expected.

I have since tried also installing a newer version of Npcap (npcap-0.99-r7) to see if that might overwrite some stuff and get me in better shape. I've run the "npcap-0.99-r7.exe" as both normal, and as Administrator. In both instances, it comes up with a box stating "Npcap 0.99-r2 exists on this system. Replace with Npcap 0.99-r7?". After I hit "Yes" to confirm this, then nothing happens, even after leaving for multiple hours or trying this multiple times.

It's like my PC is stuck in some kind of limbo where I don't actually have npcap-0.99-r2 in order to run my captures, but enough of my PC thinks that I do to where I can't install anything else to get myself in working order. If anybody could supply some suggestions or help, that would be seriously appreciated.

I am running on Windows 10 Pro (64-bit).

[dmiller-nmap]

I'm sorry to hear you've had trouble. I'm not sure exactly why Npcap wasn't completely removed, but reinstalling ought to be able to replace the partial install with a functioning one. Since it isn't working, can you provide some diagnostic info so we can see how to improve our installer?

• Directory listing of the Npcap install directory (usually C:\Program Files\Npcap\)
• Output of DiagReport.bat from that directory, if it is present
• Copy of install.log from that directory, if it is present.

Even if you can't provide any of this info, you should be able to get the installer working by doing the following:

1. Close all programs that might be using Npcap, such as Wireshark or Nmap.
2. Remove wpcap.dll, packet.dll, and the Npcap directory from C:\Windows\System32\ and C:\Windows\SysWOW64\
3. Download and run the Npcap 0.99-r7 installer again.

[drewwebber23]

@dmiller-nmap - Thanks for getting back to me on this. There is a solid chance that there was some kind of error on my side which caused things to get into this state, so I definitely can't say that your installer/uninstaller need any improvement, I just wasn't able to figure out what I did wrong. With this being said, I no longer had any C:\Program Files\Npcap\ directory in order to grab information for you.

However, I have since been able to get around this issue and get where I need to be. As I showed in my screenshots above, I was trying to "Uninstall" using the Apps & Features tool within Windows 10. However, I later went into the full "Uninstall or change a program" utility that you would be used to using from Windows 7, and by doing the "Uninstall" here, it allowed me to get things cleaned up. It still gave me an error about not finding the directory or any "uninstall.exe" to use, but it also gave me a prompt asking if I just wanted to clean things up. I can't remember the exact wording, but after I said yes, this time npcap-0.99r2 was gone from my computer (I'm thinking when I hit yes, Windows went in and cleaned up the registries pointing to that finally).

After this, I re-ran the installation of npcap-0.99r7 and this time, it went through without a hitch and I'm back in working order. I'm sorry I should have updated and closed this thread out sooner, but I forgot I posted it honestly. Once again, there is a solid chance I did something dumb and incorrect in my own process here, I just can't think of what that might be.