I'm trying to fully uninstall HikVision SADP (an IP camera discovery & initial configuration tool) because it isn't working properly and I want to reinstall it cleanly.
The installation path C:\Program Files (x86)\SADP\SADP now contains exactly one file: a copy of npf64.sys, which is a kernel-mode driver component of WinPCap from Riverbed Technology. (Most likely SADP used this driver as part of its network search functionality).
The rest of SADP has been uninstalled but I can't delete this file. When I try, Windows first asks me to elevate to Admin, and then complains that the file is open in "another program":
I've used Sysinternals Process Explorer's handle search tool to try to identify the program which is using the file, but it cannot locate any handles pointing to npf64.sys. I also tried sysinternals' handle.exe utility, which also cannot find any references.
PS C:\Users\me> C:\sysinternals\handle -a "npf64.sys"
Nthandle v4.11 - Handle viewer
Copyright (C) 1997-2017 Mark Russinovich
Sysinternals - www.sysinternals.com
No matching handles found.
PS C:\Users\me> C:\sysinternals\handle -a "npf"
Nthandle v4.11 - Handle viewer
Copyright (C) 1997-2017 Mark Russinovich
Sysinternals - www.sysinternals.com
No matching handles found.
I do see a registry key which references this file:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF
And more similar references under HKEY_LOCAL_MACHINE\SYSTEM\Setup\FirstBoot\Services\NPF
Can I simply delete these two registry keys (HKLM\SYSTEM\CurrentControlSet\Services\NPF and HKLM\SYSTEM\Setup\FirstBoot\Services\NPF) which reference this file and reboot, or is there some other approach I should use to clean them up more safely?
I already ran the SADP uninstaller which claimed to have uninstalled the software, but obviously relics have been left behind.
NPF does not appear in the Windows Services MMC snap-in.
