Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winpcap error

Started by nordvark , Jun 21 2015 12:32 AM

  • Please log in to reply

#1
nordvark
Posted 21 June 2015 - 12:32 AM

nordvark

    Member

  • Member
  • PipPipPip
  • 558 posts

Hi, I'm currently in Geek uni and looking at a FRST log file from a win7 pro 64 pc and under system errors is listed

 

The WinPcap Packet Driver (NPF) service failed to start due to the following error:
%%2

 

I do not believe this is a malware issue, but guessing it might be yet another lingering relic from my trial of "Private Internet Access" a vpn service which has left mess everywhere.

 

A little research has revealed there is 3 entries for winpcap in the registry under services/npf, and the path shown is Windows/sys32/drivers/npf.sys. That file does not exist on 3 of my win7 pc's. Im now assuming when I uninstalled (haha) private internet access it took the file out without taking the corresponding regfiles. 

 

Does my theory stand up? and thanks

 

PS: this is not a practice log question of any sort.


Edited by nordvark, 21 June 2015 - 12:40 AM.

  • 0

Advertisements

#2
azarl
Posted 21 June 2015 - 02:50 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

Winpcap is not part of WIndows. It's used by network applications that require packet capture, filtering and injection (Wireshark uses it I think). If you have no apps that use it, you can uninstall


  • 0

#3
Ztruker
Posted 21 June 2015 - 02:47 PM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts

Web page for it is here: http://www.winpcap.org/


  • 0

#4
nordvark
Posted 21 June 2015 - 04:58 PM

nordvark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts

Winpcap is not part of WIndows. It's used by network applications that require packet capture, filtering and injection (Wireshark uses it I think). If you have no apps that use it, you can uninstall

Theres nothing to uninstall, never had wireshark. Im thinking it was part of Private internet access, but then I dont know for sure. I have since backed up and removed the registry references to it. Will watch for a while before deleting the reg backups.

 

I see youre involved in the malware side of things here even though im yet to inflict myself upon you. Can I ask what maybe a stupid question? Even though Im currently working with otl and hjt logs, I have however been playing with frst logs to look at the differences. I notice with frst logs there are the latest 10 errors listed in a logfile. Is there a way to clear those errors from the pc to start fresh. With regard to the winpcap error, there is no reference i can find of it in my event viewer logs.

 

Thank you.


  • 0

#5
nordvark
Posted 21 June 2015 - 05:09 PM

nordvark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts


Web page for it is here: http://www.winpcap.org/

Thank you for the link, although I did look at the site before deciding to backup and remove the registry entries for winpcap.

 

I also found this link supposedly listing all applications that use it WinPcap · Links Dont know how accurate that list is but Ive never used any of the listed software. The only network scanning tool I ever use is a portable app called netscan because I have an extensive wired home network and sometimes I need to remind myself of an IP.

 

Thanks again


  • 0

#6
azarl
Posted 22 June 2015 - 01:25 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

Theres nothing to uninstall, never had wireshark. Im thinking it was part of Private internet access, but then I dont know for sure. I have since backed up and removed the registry references to it. Will watch for a while before deleting the reg backups.

 

Winpcap  usually has it's own uninstaller
 

I see youre involved in the malware side of things here even though im yet to inflict myself upon you. Can I ask what maybe a stupid question? Even though Im currently working with otl and hjt logs, I have however been playing with frst logs to look at the differences. I notice with frst logs there are the latest 10 errors listed in a logfile. Is there a way to clear those errors from the pc to start fresh. With regard to the winpcap error, there is no reference i can find of it in my event viewer logs.
 
Thank you.

 

Take a look at http://www.sevenforu...all-events.html


  • 0

#7
Ztruker
Posted 22 June 2015 - 08:46 AM

Ztruker

    Member 5k

  • Technician
  • 7,091 posts

Post #7 in that thread provides a little batch file that clears all event viewer areas. Works great.


  • 0

#8
nordvark
Posted 22 June 2015 - 08:19 PM

nordvark

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 558 posts

 

Post #7 in that thread provides a little batch file that clears all event viewer areas. Works great.

 

Thank you both, even though I couldn't see a relationship in any event logs clearing them also removed removed them from a fresh FRST scan.

 

Thank you both, slowly learning. :spoton:


  • 0

#9
azarl
Posted 23 June 2015 - 01:58 AM

azarl

    GeekU Admin

  • Community Leader
  • 25,310 posts

Me too :lol:


  • 0
Back to Windows Vista and Windows 7 · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Retired Forums
  3. Windows Vista and Windows 7

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP