ERUNT vs Registry Backup?

Backing up the Registry is important, especially if you’re going to try a Controversial Registry Cleaner.

ERUNT  (readme) sounds great as a registry backup because it backups up the actual FILES rather than the “contents” of your Registry.  Many programs backup the contents and to restore is awkward and might not work.  But with ERUNT, if your system does not boot (and thus many other backup/restore methods are unavailable) you can use the venerable COPY dos command to restore. Or the ERDNT.EXE in the backup dir can do it for you.

But (who’s “Windows Repair (All In One)” is recommended on and which I’ve used twice with splendid success) also has a Registry Backup:

It talks about 2 possible problems with ERUNT

  1. not backing up other users, just the current one.
  2. perhaps invalidating other programs’ handles (presumably to the registry)

Quoting that page:

A lot of registry backup programs use the RegSaveKey API, such as ERUNT. When using the API you can only backup loaded registry files. [Only the current user’s registry NTUSER.DAT file is loaded, and so only it is backed up. -MM] – Registry Backup uses the volume shadow copy service instead. This allows perfect backups of the registry files and all profiles on the system.

Quote From Microsoft:

“Applications that back up or restore system state including system files and registry hives should use the Volume Shadow Copy Service instead of the registry functions.”

“Using RegSaveKey together with RegRestoreKey to copy subtrees in the registry is not recommended. This method does not trigger notifications and can invalidate handles used by other applications.”

By using the Volume Shadow Copy instead of the RegSaveKey API this registry backup program is safer to use.

Is Registry Backup really safer than ERUNT, as its author claims? I’m not sure i *want* to trigger those notifications when i’m backing up the registry. That’s nobody’s business, right? But what about that “invalidate handles used by other applications”? I can see that might be a problem when *restoring* using RegRestoreKey–maybe that doesnt trigger the handle. But on save? Who needs to see that? Or is Micro$oft just trying to make sure *their* digital eyes see everything, even saves?

On the 2nd issue, the backing up of other users registry files is valid, ERUNT even says so.


How to Backup the Windows Registry at


Program Uninstallers (Programs that uninstall other programs)


“Uninstallers” are programs that uninstall other programs, like Windows “Add or Remove Programs” or “Programs and Features” does.  These programs are replacements for Windows “Add or Remove Programs” or “Programs and Features”.

My fav is ZSoft Uninstaller.

CAVEAT: ZSoft Uninstaller and another popular choice, “Total Uninstall” both have what’s called a “snapshot method.”  The “snapshot method” works by taking a picture of your registry and your files before and after the install of a program.  So, yes, you have to be alert to this before you install the program.  If your program is already installed, you have to use ZSoft’s more benign method, or Revo Uninstaller (which i also like and used for a while).

I think Steven Avery at phrased it extremely well:

1) One caution on the snapshot method.  Installs sometimes go ahead and install .Net components or Visual Basic or Visual C++ or maybe other semi-system components, perhaps Java as well.  A snapshot method would by default go back and try to undo those parts of the install, which can cause problems.

My take — note carefully during the install whether anything like this occurs and if so — note this carefully where you won’t forget (perhaps a dummy folder name) — the simplest is uninstall in the more generic Revo-style way, rather than the snapshot way. Or if you do the snapshot method anyway, come up with your plan on how to handle this.  (e.g. Java is less of a problem because you could use JavaRa and then reinstall).  However I think you would normally simply not use the snapshot method if such external components are installed. Some of our accomplished Total Commander users might share with us their experiences on this aspect.

That aside, ZSoft Uninstaller can be very helpful in cleaning up after an install.  Revo Uninstaller can do this too.  I ALWAYS check to make sure what I’m deleting is ok to delete.  When in doubt, i leave it.  So this feature is for somewhat advanced users.

I also think Steven Avery (still at gave a really good summary of the options available:

Uninstaller roundup, with the emphasis on 3 solid in-depth programs.

Revo Uninstaller, Total Uninstaller and ZSoft Uninstaller.

And 7 more down below.  Half of the 10 are freeware.  Ok, on recount there are 11, 6 free, but we can consider FARR a special case. From the System Restore thread :

Revo Uninstaller  (no forum)

is very good, far, far better than Windows Add/Remove (its a shell around Add/Remove, giving additional features and better searching.) And it is what I use, although I rarely uninstall.

If you ever need to have “closest to 100%” uninstallation then you go to :

Total Uninstall – powerful installation monitor and advanced uninstaller – $30
Last Freeware Version

And the third major player.

ZSoft – freeware
Zsoft Uninstaller  (10/2007)

Here are solid discussions of the three, with some other mentions.…index.php?showtopic=15858
Total Uninstall or Revo Uninstaller, Which is best (which should i keep) (Piriform Forums)

Best Free Program Un-installer – Gizmo…windows_systems_on_the_g/
Clean Windows Systems on the Go with Revo Uninstaller Portable…_crapware_from_your_pc-2/
ZSoft Uninstaller Removes Crapware from Your PC

(Note the developer’s informative comments at bottom, acknowledging lacks as well as new features. I’ll chop ’em up.)

“Total Uninstall … takes snapshots before and after …the best way … ZSoft Uninstaller can do this too … Revo searches for leftovers .. the current version of ZSoft Uninstaller doesn’t do this …the newest beta … does have this feature – search the desktop, start-menu, send-to menu, application data folder, ‘application main folder’, and registry for leftovers (if you tell it to)”

The problem with Total Uninstall (which I used awhile) and any before-and-after-snapshot style is that it can make the installation far more cumbersome.  Who wants to do that for anything but the most complicated installs ? (Maybe some sort of Visual Studio or Dreamweaver or a complicated virtual sandbox pseudo-defense system.)  Or an install that you really have doubts about.  (Does TU work very well in a simple no-snapshot mode ?  Dunno, there are a couple of reviews on onsite and here and there.) With Revo and ZSoft around for free .. most don’t want to purchase a program that is only marginally better.  However, since you may only want a Total in specialty cases, the humoungous installs,  it might be good to at least have the last freeware Total version ready, or use ZSoft snapshot.

Note that ZSoft is used in both modes, so if he is truly enhancing his “clean-up after” mode, as in the comments above, ZSoft becomes a very interesting freeware alternative.  I haven’t checked for any comparisons after his new release went the post-remove cleanup route.  Maybe in his forum there are some discussions.

In here I have included most of the dedicated Donationcoder uninstaller threads for a couple of years, but there are some goodies around 2005-2006, especially about Total Uninstaller.

Seven more with solid reps:

farruninstall – FarrUninstall plugin for Find and Run Robot
FARR Uninstall Plug

MyUninstaller – Nirsoft (freeware)
My Uninstaller – Donationcoder 2008/02
Remove Item In “Add/Remove Programs” 03/2009

Absolute Uninstaller – Glarysoft – freeware

Safarp – Open Source – Freeware (2005) – lite, fast
Forum –  some activity 2007-2008

Advanced Uninstaller Pro – $40

Your Uninstaller – $40 (bundle deal some like)
Your Unistaller 2008 just released.

Uninstall Tool – $25…=show_page&name=utool

Smarty Uninstaller – $20


As I rethought this, I made my own decision (sort of a recommendation).  Everyone should consider having two programs handy.  One like Revo for the basic uninstall situation.  Revo is the unqualified leader, ZSoft is just trying now to be right there in the mix, and a bunch of others are definitely very good, with their own style and advantages, if you are using them and happy — clap your hands. You can stick with them fine.  Even Windows Add/Remove alone is .. usually .. sometimes .. ok.  Most of this is not mission critical.

And in the back holster we have the snapshot program.
Which generally is either :

Total Uninstall $30
Total Uninstall Last Free Version

(Putting aside some possible techie possibilities that are less automated like RegShot, that might be helpful, at least for visibility.  And  probably for some people the two programs will be one.  ZSoft being the only one, perhaps, with both snapshot for the toughies .. and post-dinner cleanup for the regular .. a feature which many like .. and also free.)

You may use this snapshot install-uninstall once every few months, or never, but when you get that humoungous program that you are taking on a demo, or that problematic program that you want to try out .. the one that is known to leave hundreds of registry entries and little .dlls everywhere .. then you load up TU or ZSoft !

So we have successfully bifurcated the uninstalling suggestions !

Steven Avery

« Last Edit: April 02, 2009, 01:00:24 PM by Steven Avery »


“Uninstaller Roundup – Revo – Total – ZSoft & the less magnificent seven” at

“Best Free Program Uninstaller” at

How to uninstall Symantec Endpoint Protection v11 WITHOUT the uninstall password

Symantec Endpoint Protection (SEP) aims to protect very, very well.  To that end, it embeds itself into the Operating System very deep, and in many places, and in many ways.  Unfortunately, this slows down your computer, especially if it’s old, eg an old Windows XP computer.

It is also why SEP comes with an uninstall password.

Note that SEP is usually installed by a business who will install a central server (SEPM) and then regular SEP on all their clients (laptops, desktops).  So let’s say your company lets you keep your laptop.  Well how are you going to get that SEP off there?  It wont keep working forever.

There are various ways i found on the net.

Before doing anything make an image of your hard drive, so you can restore (Important!) if things go horribly wrong

Here are methods i found:

  1. Try the default password symantec.From
  2. HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\AdministratorOnly\Security\UseVPUninstallPassword

    Set to 0 to disable.


  3. HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

    Change the value for SmcGuiHasPassword from 1 to 0


  4. HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

    delete the smcexit key


  5. HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC

    look for smcinstdata key; delete it


  6. Manually change the Policy:  Click HELP AND SUPPORT -> TROUBLESHOOT -> Export the Policy from Policy Profile to an .xml file.
    Edit the .xml file to set

    AdminPassword ExitNeedPassword, UINeedPassword, ImportExportNeedPassword, UninstallNeedPassword

    Set the Value as “0”.  Re-import.

    from here:

  7. cmd line smc -stop to stop the service after removing password
  8. When the password comes up, use Task Manager -> Processes (or Sysinternals Process Explorer) to kill the msiexec.exe process.From:


Methods for uninstalling Symantec Endpoint Protection



How to map disk drive names in Device Manager to volume letters like C: E: F: G:

When you go into Device Manager and click on Disk drives you see entries like

Maxtor 7Y250M0



[FYI all those “0” are zeros -MM]

But it doesnt tell what driver letter, eg C:, D:, E:, F: etc it is.

There happens to be an excellent question and answer about this (by the same person) on

The short answer is there’s a “Volumes” tab in disk drive device properties.

The long answer is:

  1. Once you’re already in Device Manager with Disk drives expanded,
  2. Right-click on a disk drive device and select “Properties”.
  3. Click the “Volumes” tab
  4. Click the “Populate” button.
  5. The drive letter like F: should appear under the “Volume” column in the lower half of the dialogue box.

That’s the drive letter for that device.

Or, you can do it from “My Computer” or “Windows Explorer” :

  1. Double click on “My Computer” or Start -> Programs -> Windows Explorer or Start -> Run -> explorer
  2. Navigate to “My Computer” or “Computer” (showing the list of drives with their drive letters)
  3. Right-click on a drive (it doesnt matter which one), and select “Properties”
  4. Select “Hardware” tab
  5. Click on one of the drive device names (you have to do this for every name, in turn)
  6. Click the “Properties” button (yes you’re now in the Properties of the Properties–welcome to Windows)
  7. Click the “Volumes” tab
  8. Click the “Populate” button.
  9. The drive letter like F: should appear under the “Volume” column in the lower half of the dialogue box.

If you’re trying to map a particular drive letter, like C: to its device name, you will have to keep repeating these steps from step 5, trial and error fashion, for each drive device name until you find the one that has volume C:.

I’ll post pictures here of each step if i get the time.

For reference, “jabloomf’s” concise posts from :


jabloomf asked on 2/12/2010 3:57:32 AM

Matching drive Letter with physical drive

I know there must be a simple way of doing this. I have 5 SATA drives on my Windows 7 system. The boot drive (C:) and another drive (E:) are 150 GB WD Raptors. The two Raptors are connected to the mobo’s [motherboard’s] SATA1 and SATA4. But how can I tell whether the C: drive is on either SATA1 or SATA4? All in can see in the Device Manager is the drive S/Ns. In disk management, all I can see are the drive letters and the drive type, but not the S/N. I know that I could power down, unplug one of the drives from the mobo and see what happens when I reboot, but I was wondering if there was some way to find out from the OS.

The only other way I decided that it might be possible to find out is to use the BIOS to examine the S/Ns and try booting from each drive using the BIOS and see what happens.

And his answer:


jabloomf replied on

Thanks, but I figured it out a different way, in case anyone is interested. You click on the drive Properties from the Windows Explorer. Then you click on the Hardware tab and click on the drive caption. For a 150 GB WD Raptor the caption (or name) looks something like:

WDC WD1500AHFD000RAR4 ATA Device

Then click the Properties button and then the Volumes tab. Then populate the Volumes and you have a match of the drive caption and the drive letters. The drive caption is also shown in the BIOS, so you can confirm that you’ve matched the correct physical drive with both the drive letters and the SATA port.


Is ‘RegSeeker’ a good, safe tool?

The whole issue of Registry Cleaners is controversial.  ‘RegSeeker’ is one such tool.  On whether it’s safe, i will quote an expert who’s opinion i trust [from a forum entry entitled “WinUtilities 9 Free]:

Another good one is RegSeeker. You can comfortably wipe out a whole OS with this one without even trying. Not quite as effective as Darik’s Boot, but you get the picture

This is their slogan:
“RegSeeker is a perfect companion for your Windows registry”

What they don’t say is that after using it you likely won’t have any registry left for it to be friends with


RegSeeker might have its uses, but its danger outweighs its usefulness for all but expert users.

Are “Registry Cleaners” safe? Effective?

You can almost view “Registry Cleaners” as the FDA views products.

For Medicine the FDA requires the product to be both safe AND effective. “Effective” means it has to actually help.

For Supplements the FDA only requires the product to be safe.  What this rule means is that according to the FDA companies can legally sell sugar pills (ie, supplements that do nothing) as long as they are safe.

And with Registry Cleaners both questions are relevant

  • safety
  • effectiveness


As for safety, let me quote an expert who’s opinion i trust.  He is, as you’ll see, very safety conscious.  [from a forum entry entitled “WinUtilities 9 Free]:

I have never used any such combo utilities like the ones mentioned on this thread, so I don’t have any idea about them. I have never used registry cleaners, and I don’t intend to use them in the future too. I always see registry cleaning as a process, which has quite a lot of risk involved [emphasis mine -MM], and I think users would be better off without using it.

I like to keep my system clean though, and I don’t like useless things lying around. Once, I had just out of curiosity used CCleaner registry cleaner tool, just to analyze and see what it finds. There were many entries there, for which the corresponding program had been uninstalled. I was tempted to use the cleaner that time, but I decided the risk would not be worth it.

For system tune up, I use CCleaner everyday (without the registry cleaner). I sometimes use disk defragment, but the frequency of using is very low. I sometimes use registry defrag, but only very rarely.

I know MC [another expert i trust -MM] does not use registry cleaner, and advises against it. He does not even use a file cleaner like CCleaner .

Amongst file cleaners too, I only trust CCleaner. I find it very safe. All other file cleaners, look like CCleaner anyways, and some of them can bring down your system, by cleaning important system files.

For average users, I would advise not using registry cleaner at all. Using CCleaner, and disk defragment would be enough. I haven’t used any combo utilities till now, so I don’t know what all is there in them… but I think individual software are there, which perform the job better in that category, like junk cleaning, or managing start up programs.




And yet, here is another post that represents several users’ experience [from a comment to a article entitled “Best Free Registry Cleaner”]:

So I tried [Wise Registry Cleaner and] my whole system snapped to life!

I have no doubt that this kind of result is possible.  It is not at all guaranteed.  There are many things that can slow down a system.  But one of the things is “hooks” installed that point to programs that dont exist.

Eg you might install Some Cool Program, and when you do, it auto-detects that .xyz file is being used, and does something useful.  But if you uninstall Some Cool Program, then the hook that detects .xyz file might accidentally left behind.  Then every time you access .xyz file, Windows spends time trying to find that program, and it doesnt exist.  This can take noticeable time.  Small increments of time that happen repeatedly until you notice that your system is responding slowly.

So a SAFE Registry Cleaner can speed up your system, if you happen to be suffering from that particular problem.

Better SAFE than fast, however.

Before trying a Registry Cleaner, backup your registry, or, to be even safer, get a second disk (another computer, 2nd disk installed, external drive) and use my fav Paragon Backup & Recovery Free to make a backup image of your hard drive. Find that program at’s article entitled “Best Free Drive Imaging Program”

How to manually uninstall Symantec Endpoint Protection v11

This is a quote from which i found precisely here:

It is VERY long and detailed.

A good use of this information (other than to actually manually uninstall it) is to check afterwards for what’s left over.  Also see “Backup” below, eg “ConfigUiPathBackup” cuz those get REPLACED not just deleted.


How to manually uninstall Symantec Endpoint Protection client from Windows 2000, XP and 2003, 32-bit Editions

Article:TECH102261  | Created: 2007-01-30  | Updated: 2012-03-28  | Article URL
Article Type
Technical Solution




How do I manually remove Symantec Endpoint Protection client from 32-bit versions of Windows 2000, XP and 2003?


This document addresses removal of Symantec Endpoint Protection from Windows 2000, XP, and 2003. For instructions on removing the software from Windows Vista, see the document How to manually uninstall Symantec Endpoint Protection client from Windows Vista 32-bit.

Only an administrator account with FULL administrative privileges can proceed with these removal instructions. One restart is required to complete product removal.

WARNING: This manual removal document is to be used only if you don’t have any other Symantec Products installed on the computer. This process may cause other Symantec products (such as Symantec Endpoint Protection Manager) to stop working properly.

WARNING: In the next steps you edit the Windows registry. Back up the registry before you make any changes to it, because incorrect changes to the registry can result in permanent data loss or corrupted files. Modify or delete only the registry keys that are specified. For instructions, see the document How to back up the Windows registry.

Step 1: Stop Services

  1. Click Start > Run.
  2. Type smc -stop and click OK.
  3. Click Start > Run.
  4. Type services.msc and click OK.
  5. Right-click on each service and select Stop:
    • Symantec Endpoint Protection
    • Symantec Event Manager
    • Symantec Network Access Control
    • Symantec Settings Manager
    • Windows Installer

  6. Right-click on the Windows Installer service and select Properties.
  7. Under “Startup type” select Disabled from the drop-down menu and click OK. This service is enabled again at the end of these instructions.
  8. Close the Services window.

Step 2: End Task on Process

  1. Open Task Manager.
  2. Click Start > Run.
  3. Type taskmgr.exe and click OK.
  4. Right-click on the ccApp.exe process and select End Process.

Step 3: Open the Registry Editor (Please note: If a registry entry is not present, skip to the next one)

  1. Click Start > Run
  2. Type regedit.exe and click OK.
  3. Delete the following key(s):
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\LDVPMenu
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ccSvcHst.exe
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\ProtectionUtil.DLL
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CcErrDsp.ErrorDisplay
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CcErrDsp.ErrorDisplay.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CcWebWnd.ccWebWindow
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CcWebWnd.ccWebWindow.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cliproxy.objects
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\cliproxy.objects.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Cliproxy.ScanManagerCOMCallback
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Cliproxy.ScanManagerCOMCallback.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\LDVPMenu
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.CAutoprotectFw
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.CAutoprotectFw.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.CCmcManagement
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.CCmcManagement.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.CNacManagement
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.CNacManagement.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.FwsProtectionProvider
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\FwsCtrl.FwsProtectionProvider.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPProtectionProviderUI.HPPProtection
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPProtectionProviderUI.HPPProtection.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPProtectionProviderUI.HPPProtectionPr
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\HPPProtectionProviderUI.HPPProtectionProvider.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\03E4A8BF51994184DA9F240ED0F9CDD3
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\03E4A8BF51994184DA9F240ED0F9CDD3
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\20A7FB42A06BB49448A397B3CB77ED4D
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PatchWrap.PatchWrapper
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PatchWrap.PatchWrapper.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.ProtectionCollection
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.ProtectionCollection.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.ProtectionProviderColl.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.ProtectionProviderCollec
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.Protection_GUID_Contai.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.Protection_GUID_Containe
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusFinder
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusFinder.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_Autoprot.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_Autoprotec
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_Containe.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_Container
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_Definiti.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_Definition
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_HostInte.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_HostIntegr
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_NetworkA.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_NetworkAcc
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_NetworkQ.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_NetworkQua
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_Provider.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_ProviderAu
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_ProviderEr
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ProtectionUtil.StatusProblem_ProviderOf
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.CSavInfo
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.CSavInfo.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.CSavQuarantine
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.CSavQuarantine.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.OEMSettingsManager
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.OEMSettingsManager.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.ResultsViewCOMCallback
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.ResultsViewCOMCallback.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.ScanManagerService
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.ScanManagerService.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.VirusFoundCOMCallback
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Rtvscan.VirusFoundCOMCallback.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.ConfigureableScanCollection
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.ConfigureableScanCollection.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectExchange
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectExchange.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectFilesystem
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectFilesystem.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectInternetEmail
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectInternetEmail.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectNotes
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavAutoprotectNotes.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavConfigureableScan
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavConfigureableScan.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavProtectionProvider
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavProtectionProvider.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavQuarantineItem
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavQuarantineItem.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavQuarantineItemCollection
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.SavQuarantineItemCollection.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.TamperProtectionProvider
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.TamperProtectionProvider.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.TamperProtectProcess
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavMainUI.TamperProtectProcess.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavUI.ResultsViewCOMAdapter
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavUI.ResultsViewCOMAdapter.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavUI.VirusFoundCOMAdapter
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SavUI.VirusFoundCOMAdapter.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SepLuCallback.SepLuCallbackHandler
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SepLuCallback.SepLuCallbackHandler.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.AvLuCallback
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.AvLuCallback.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.ContentUpdateManager
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.ContentUpdateManager.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.MonikerInfo
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.MonikerInfo.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.MonikerInfoCollection
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.MonikerInfoCollection.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.SepContentService
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SescLu.SepContentService.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shelsel2.Shelsel2
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Shelsel2.Shelsel2.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.ControlEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.ControlEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.ErrorEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.ErrorEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.MountEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.MountEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.NonViralEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.NonViralEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.StateChangeEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.StateChangeEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.ViralEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\srtsp32.ViralEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManager
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.EventManager.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.LogManager.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccEvtMgr.ModuleManager.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.ProviderProxy.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccProSub.SubscriberProxy.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetEvt.SettingsChangeEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.CommonClient.ccSetMgr.SettingsService.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SSHelper
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SSHelper.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCallbackManager.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stCheckForUpdates.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stDisScriptEngine.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHost.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stHostCatalog.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetBatchGet.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetConnParms.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetGetFile.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stInetTransferItem.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLog.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stLUProgressCallback.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatch.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stPatchCatalog.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.stSettings.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiProviderProxy.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Symantec.SymNeti.SymNetiSubscriberProxy.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.AlertEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.AlertEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.LocationChangeEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.LocationChangeEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.LocationEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.LocationEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.LogEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.LogEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.NetworkChangeEvent
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SymNeti.NetworkChangeEvent.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VpshellEx.VpshellEx
    • HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VpshellEx.VpshellEx.1
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\ccSvcHst

  4. Browse to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Exchange\Client\Extensions and delete the following values in the right pane:

      • Outlook Setup Extension”=”4.0;Outxxx.dll;7;000000000000000;0000000000;OutXXX
      • Symantec AntiVirus Outlook Protection”=”4.0;C:\Program Files\Common Files\Symantec Shared\vpmsece.dll;1;00000011111

  5. Delete the following key(s):
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\ccApp.exe
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Smc.exe
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Controls Folder\Display\shellex\PropertySheetHandlers\LDVP Shell Extensions
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\20A7FB42A06BB49448A397B3CB77ED4D
    • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\03E4A8BF51994184DA9F240ED0F9CDD3
  6. Browse to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete the following value in the right pane:

      • ccApp”=”C:\Program Files\Common Files\Symantec Shared\ccApp.exe\
  7. Browse to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellExtensions\Approved and delete the following value in the right pane:

      • {8BEEE74D-455E-4616-A97A-F6E86C317F32}”=”LDVP Shell Extensions
  8. Search all subkeys below HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Delete any associated subkeys that reference: “Symantec Endpoint Protection”.
  9. Delete the following key(s):
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Common Client

    • Optional: (Not deleting these values does not prevent re-installation)
      Browse to the following key:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps and delete the following values in the right pane:
      • AMSUsageCount
      • COHDataDIR
      • COHDIR
      • GEH
      • IPSEngine
      • MSL
      • SAV Install Directory
      • SAVCE
      • Savrt
      • SavSubmissionEngine
      • SavSubmissionEngineData
      • SPBBC
      • SRTSP
      • SRTSPQuarantine
      • SyKnAppS
      • SymNetDrv
      • VP6ClientInstalled
      • VP6UsageCount
    • Delete the following key(s):
      • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\PatchInst
      • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec AntiVirus
      • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccEvtMgr
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ccSetMgr
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antivirus
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Symantec Antvirus
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COH_Mon
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccEvtMgr
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSvcHst
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Symantec AntiVirus
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SRTSP
      • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SRTSPL

    • Optional:
      • Browse to the following key:
      • Change the “AttachWhenLoaded” value to 0 (zero)
  10. Browse to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\13 and delete the following values in the right pane:

      • ConfigUiPath
      • IdentityPath
      • InteractiveUIPath
      • Path
  11. Now rename and remove the “Backup” portion from the following values so that the values match those deleted from the preceding step.
      • ConfigUiPathBackup
      • IdentityPathBackup
      • InteractiveUIPathBackup
      • PathBackup

        Note: If the “Backup” entries do not exist, please re-create the appropriate values as follows (the values are of type Expandable String Value):
        ConfigUiPath = %SystemRoot%\system32\rastls.dll
        IdentityPath = %SystemRoot%\system32\rastls.dll
        InteractiveUIPath = %SystemRoot%\system32\rastls.dll
        Path = %SystemRoot%\system32\rastls.dll

  12. Browse to the following key:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\25 and delete the following values in the right pane:

      • ConfigUiPath
      • IdentityPath
      • InteractiveUIPath
      • Path
  13. Now rename the following files by removing the “Backup” portion from the name so that the values match those deleted from the preceding step.
      • ConfigUiPathBackup
      • IdentityPathBackup
      • InteractiveUIPathBackup
      • PathBackup

        Note: If the “Backup” entries do not exist, please re-create the appropriate values as follows (the values are of type Expandable String Value):
        ConfigUiPath = %SystemRoot%\system32\rastls.dll
        IdentityPath = %SystemRoot%\system32\rastls.dll
        InteractiveUIPath = %SystemRoot%\system32\rastls.dll
        Path = %SystemRoot%\system32\rastls.dll

  14. Delete the following key:
  15. Delete the following key(s):
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmcService
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNAC
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnacNp
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSP
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPL
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPX
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec AntiVirus
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysPlant
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPS
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpsHelper

Step 4: Restart the Computer
Restarting the computer is REQUIRED at this time.

Step 5: Restore Network Adapters

  1. Right-click on My Network Places and click Properties.
  2. Right-click on the network adapter and click Properties.
  3. If the “Teefer2 Driver” is listed under “This connection uses the following items:”, then select the “Teefer2 Driver” and click the Uninstall button to remove the driver.
  4. Click Close to close dialog box.
  5. Right-click on the adapter Connection and select Repair. (Only available on Windows XP and 2003)
  6. Repeat this process for each affected network adapter.

NOTE: The Teefer2 driver no longer shows under network adapter properties as of mr3.  To remove Teefer2 for mr3 and later please see the following article.
Step 6: Folder and File System Cleanup

  1. Open Windows Explorer and browse to \Documents and Settings\All Users\Application Data\Symantec folder and delete the following subfolders:
    • SavSubEng
    • SPBBC
    • SyKnAppS
    • Symantec AntiVirus Corporate Edition
  2. Open the “SRTSP” folder and delete all files and subfolders within this directory except for the “SrtETmp” folder.
  3. Browse to\Documents and Settings\All Users\Start Menu\Programs and delete the “Symantec Endpoint Protection” folder.
  4. Browse to\Program Files\Symantec and delete the Symantec Endpoint Protection folder.

    Note: If Symantec Endpoint Protection was migrated from a previous version, the folder name is “Symantec Client Security” or “Symantec AntiVirus” and needs to be deleted from the
    \Program Files location.

  5. Browse to\Program Files\Common Files\Symantec Shared folder and delete the following subfolders:
    • COH
    • Global Exceptions
    • MSL
    • SAVSubmissionEngine
    • SPBBC
    • SPManifests
    • SRTSP
  6. Browse to\Windows\system32\drivers folder and delete the following files:
    • COH_Mon.inf
    • COH_Mon.sys
    • srtsp.inf
    • srtsp.sys
    • srtspl.inf
    • srtspl.sys
    • srtspx.inf
    • srtspx.sys
    • symdns.sys
    • symfw.sys
    • symids.sys
    • symndis.sys
    • symndisv.sys
    • SymRedir.inf
    • symredrv.sys
    • symtdi.sys
    • SysPlant.sys
    • teefer2.sys
    • WPSDRVnt.sys
    • WpsHelper.sys

Step 7: Reset Service

  1. Click Start > Run.
  2. Type services.msc and click OK.
  3. Right-click on the Windows Installer service and select Properties.
  4. Under “Startup type” select Manual from the drop-down menu and click OK.
  5. Close Services.

This document is available in the following languages:


Legacy ID


Article URL
Terms of use for this information are found in Legal Notices

Firefox menu-less, unsizable windows–Annoying–Prevent them!

Sometimes you’ll get a window which has no features. No menu bar.  No scroll bars.  Can’t be re-sized. No close button. No reload/refresh button.  No File -> Print.  No File -> Print Preview.  That can be annoying.  You can prevent that (at least some of the time).

The following solution worked for me, 4/2/2013 on the website That website had a “Listen Now” link which opened a new, feature-less (ie, features disabled) window.

  1. In the address bar, type about:config
  2. It will warn you saying, “This might void your warranty!” and “You should only continue if you are sure of what you are doing.”about_config_warningMake sure you only change what’s discussed in this post.  Go ahead and click the “I’ll be careful, I promise” button.  Again, make sure you only change what’s discussed in this post.
  3. Type “dom” into the search bar.  That’s probably enuf to reveal the settings below.  If not, type more, like “dom.disable” or “dom.disable_window”.  Do not type the double quotes into the search bar.
  4. Right click the one(s) you want and click Toggle, to set them from false to true.  That might be a little confusing.  You’re turning on the disable.  And you’re disabling (preventing) the webpage from disabling features (like menu).  You’re disabling the disablers.  It can be confusing.
  5. You then have to re-do the click that opened the annoying window.
  6. You might want to then turn it back to false, so all the rest of your browsing will stay the same.  Or maybe you like having this new-found control 😉

Quoting my source

Prevent websites from disabling new window features

This article describes how to prevent websites from disabling certain new window features by changing the related Firefox or Mozilla Suite preference setting.

Web pages can disable a number of features in new windows opened via JavaScript. The new window or “popup” may not be resizable and other features such toolbars may be missing, as discussed here. Advanced users can prevent these features from being disabled by editing configuration via the user.js file or in about:config. For example, you can set the dom.disable_window_open_feature.resizable preference to “true” to prevent popup window resizing from being disabled, so that you can resize popup windows that may open too small. Other “dom.disable_window_open_feature.*” preferences are listed below:

(From the About:config entries article, under DOM.)

Meaning of Values (all these values are type “Boolean”)
Web page authors can disable many features of a popup window that they open. Setting these preferences to true will override the author’s settings and ensure that that feature is enabled and present in any popup window.
dom.disable_window_open_feature.close: Prevents the close button from being disabled.
dom.disable_window_open_feature.directories: Prevents the bookmarks toolbar from being hidden.
dom.disable_window_open_feature.location: Prevents the address bar from being hidden
dom.disable_window_open_feature.menubar: Prevents the menubar from being hidden.
dom.dom.disable_window_open_feature.minimizable: Prevents popup window minimization from being disabled.
dom.disable_window_open_feature.personalbar: Prevents the bookmarks toolbar from being hidden.
dom.disable_window_open_feature.resizable: Prevents popup window resizing from being disabled.
dom.disable_window_open_feature.scrollbars: Prevents the scrollbars on a popup from being disabled.
dom.disable_window_open_feature.status: Prevents the status bar from being hidden.
dom.disable_window_open_feature.titlebar: Prevents the title bar from being hidden.
dom.disable_window_open_feature.toolbar: Prevents the navigation toolbar from being hidden. (eg the favorite and reload buttons, and the history drop-down menu)

See also



Continue reading