Month: April 2014

The problem is this: how to get used hard drive space, and then find out how long it will take to transfer data to a particular USB drive.

I was able to get capacity and free space (see script at bottom)…which I then used to calculate used space.

I needed to convert the used hard drive numbers that looked something like these:

4000000000/800000000 = 5 minutes (which is an estimated 4GB/5 min)
2000000000/800000000 = 2.5 minutes
1000000000/800000000 = 1.25 minutes

They needed to be much shorter, usable numbers for a customer-facing splash screen I was working on.

The minutes reflect how long it takes to copy X amount of files (based upon bytes)
to an external USB drive. Note, I was using the robocopy command.

The idea was to take a user’s used hard drive space (which was going to be backed up)
and divide that by an estimated value (which equates to 1 minute of transfer time per 800000000 bytes [roughly]).

Of course, the returned number looked something like this 15.327642384678236.

My VBScript to drop everything after the decimal looks like this

‘Perform basic division to return time in minutes
strMinutes = strUsedSpace / 8000000000
str = strMinutes
strMinutes = Left(str, InstrRev(str, “.”)-1)

 

Returning drive capacity and free space to calculate used space

If you want to see how I was returning drive capacity and free space, take a look here:

My Batch File

setlocal enabledelayedexpansion

rem sets drive letter
set DLetter=c

rem returns drive capacity
set count=1
for /f “delims=” %%a in (‘wmic volume where “driveLetter=’%DLetter%:'” get capacity’) do (
if !count!==2 set strCAP=%%a
set /a count+=1
)

rem returns drive freespace
set count=1
for /f “delims=” %%a in (‘wmic volume where “driveLetter=’%DLetter%:'” get freespace’) do (
if !count!==2 set strFS=%%a
set /a count+=1
)

echo %strCAP%
echo %strFS%
echo %strCAP%>capacity.txt
echo %strFS%>freespace.txt

Something important to acknowledge is that the above works for Windows 7. For Windows 7, to return capacity and free space, you would have to use the fsutil command:

set count=1
for /f “tokens=1,2,3,4,5,6 delims= ” %%a in (‘fsutil volume diskfree d:’) do (
if !count!==2 set strCAP=%%f
set /a count+=1
)

ping -n 4 127.0.0.1>nul
cls
Echo Loading Backup Software…
rem returns drive freespace
set count=1
for /f “tokens=1,2,3,4,5,6,7 delims= ” %%a in (‘fsutil volume diskfree d:’) do (
if !count!==1 set strFS=%%g
set /a count+=1
)

echo capacity is %strCAP%
echo freespace is %strFS%
pause

Note, I did start off only using the batch file to do all the calculations, but soon realized that there are severe limitations in calculations where batch files can only handle 32-bit integers.

The error: Invalid Number. Numbers are limited to 32-bits of precision.

The differences are in how negative numbers are parsed, and also how overflow and invalid number errors are handled. It appears there is one set of rules for SET /A, and another set of rules used by all other contexts. To make matters worse, SET /A behavior on XP is different than the more modern Windows versions (Vista onward).

Just remember, if you have really large numbers you want to use in calculations, switch to another language.

In the HTML add tags
<blink>THIS IS BLINKING</blink>

In an onload in vbscript, javascript, body, etc. add this
startBlink()

Near the bottom, above the closed body tag, add this code
<script type=”text/javascript”><br /><br /><br /> function blinkIt() {<br /><br /><br /> if (!document.all) return;<br /><br /><br /> else {<br /><br /><br /> for(i=0;i<document.all.tags(‘blink’).length;i++){<br /><br /> s=document.all.tags(‘blink’)[i];<br /><br /> s.style.visibility=(s.style.visibility==’visible’) ?’hidden’:’visible’;<br /><br /> }<br /><br /> }<br /><br /> }<br /><br /> function startBlink() {<br /><br /> if (document.all)<br /><br /> setInterval(“blinkIt()”,750)//1000 is the speed of the blink<br /><br /> }<br /><br /> </script>

Win XP

@echo OFF
netsh firewall add allowedprogram “c:\\program files\\Skype.exe” skype enable >nul
netsh firewall add portopening tcp 139 “File And printer Sharing” >nul
netsh firewall add portopening tcp 445 “File And printer Sharing” >nul
netsh firewall add portopening tcp 137 “File And printer Sharing” >nul
netsh firewall add portopening tcp 138 “File And printer Sharing” >nul
netsh firewall add portopening tcp 5900 vnc5900 >nul
netsh firewall add portopening tcp 5800 vnc5800 >nul
netsh firewall add allowedprogram “C:\\Program Files\\UltraVNC\\winvnc.exe” winvnc.exe >nul
netsh firewall add allowedprogram “C:\\Program Files\\UltraVNC\\vncviewer.exe” vncviewer.exe >nul
Echo Done!
pause

 

Win 7

@echo off
:: This command demonstrates the use of a whitelist.
:: All of the IP addresses we want to grant access to are explicitly listed.

netsh advfirewall firewall set rule name=”TEST – allow incoming” dir=in new name=”TEST – allow incoming” dir=in action=allow program=”C:\This is a test\Test.exe” remoteip=61.0.0.4,72.87.0.5,127.0.0.1-127.0.0.2,127.0.0.4-127.0.0.5

:: This command demonstrates the use of a blacklist.
:: All of the IP addresses we want to grant access to are explicitly not listed.
netsh advfirewall firewall set rule name=”TEST – block outgoing” dir=out new name=”TEST – block outgoing” dir=out action=block program=”C:\This is a test\Test.exe” remoteip=0.0.0.0-61.0.0.3,61.0.0.5-72.87.0.4,72.87.0.6-127.0.0.0,127.0.0.3,127.0.0.6-255.255.255.255

@echo off
cls
goto Choices

REM use this command to determine what the adapter index number is
REM wmic nic get name, index
:Top
choice /c:123456
If ERRORLEVEL == 6 goto Enable_Wireless_Disable_LAN
If ERRORLEVEL == 5 goto Enable_LAN_Disable_Wireless
If ERRORLEVEL == 4 goto Disable_Wireless
If ERRORLEVEL == 3 goto Disable_LAN
If ERRORLEVEL == 2 goto Enable_Wireless
If ERRORLEVEL == 1 goto Enable_LAN
goto EOF

:1
:Enable_LAN
wmic path win32_networkadapter where index=9 call enable
goto :EOF

:2
:Enable_Wireless
wmic path win32_networkadapter where index=7 call enable
goto :EOF

:3
:Disable_LAN
wmic path win32_networkadapter where index=9 call disable
goto :EOF

:4
:Disable_Wireless
wmic path win32_networkadapter where index=7 call disable
goto :EOF

:5
:Enable_LAN_Disable_Wireless
wmic path win32_networkadapter where index=9 call enable
goto :4

:6
:Enable_Wireless_Disable_LAN
wmic path win32_networkadapter where index=7 call enable
goto :3
:Choices
echo 1 Enable LAN
echo 2 Enable Wireless
echo 3 Disable LAN
echo 4 Disable Wireless
echo 5 Enable LAN / Disable Wireless
echo 6 Enable Wireless / Disable LAN
goto Top
:EOF

I was reading an article on the Microsoft-Yahoo “marriage” in the New York Times on the impact of recruiting for the two companies and came across the following statistics on Google: “(Google)…receives more than 20,000 resumes a week, or two every minute, according to Sunny Gettinger, a Google spokeswoman.” From another paper, there was a record high of 70,000 resume received in one week! Here

Now that’s a lot of resumes.

That’s about 2,800 resumes or so a day! And, according to this paper, Google receives over a million resumes a year: What does it take to get a job at Google?

An interesting comparison is Yahoo receives 12,000 resumes a week: Yahoo

If you get prompted to enter the BitLocker key or password during boot, it may be because the TPM owner is missing or not configured. This is how you force BitLocker to Set Ownership and make sure you’re using the TPM in the first place:

(1) Enable TPM in the BIOS
Access the BIOS and Enable TPM, and then Activate it (if available).

* Important note: if the BIOS isn’t up-to-date, there is a good chance that TPM will not work at all.

Run the following commands from an admin prompt:

(2) Turn on the TPM
manage-bde -tpm -TurnOn

(3) Takes ownership
manage-bde -tpm -takeownership MakeUpAPassword

(4) Adds protectors to the TPM
manage-bde -protectors -add C: -tpm

(and, manage-bde -on c: -s to enable BitLocker, if it isn’t enabled)

(if you are backing up BitLocker passwords—and you should be—manage-bde -protectors -get c: -type recoverypassword)

 

Other things (related to BitLocker)

Why are you being prompted for a password?

00 – Machine was shut down incorrectly (holding the power in or lockups)
01 – Some type of bootable device/disc is in the USB/DVD-ROM
02 – BIOS lost TPM ownership information
03 – Hard drive is failing
04 – BIOS settings have been reset, upgraded, or power glitches like brownout/blackouts have affected booting
05 – Hard drive letter, formatting, or configuration has changed in some way (MBR was updated)
06 – The TPM has been cleared or TPM information lost
07 – New recovery info has been generated and TPM needs to be updated

* Now, if everything fails, you could just have a bad BIOS or TPM chip, and you may have to use an external USB drive or unencrypted partition on your hard drive to store the .BEK.

* add BEK to another drive: manage-bde -protectors -add c: -rp -rk DRIVE_LETTER:\

Reference

http://technet.microsoft.com/en-us/library/dn466538.aspx#BKMK_SetOwnership

Windows BitLocker Drive Encryption Information

The system boot information has changed since BitLocker was enabled.

You must supply a BitLocker recovery password to start this system…

Use GPEdit to skip this prompt. Uncheck all but PCR 11.

This is the command line you would use to install Skype silently:

SkypeSetupFull.exe /VERYSILENT /SP- /NOCANCEL /NORESTART /SUPPRESSMSGBOXES /NOLAUNCH

If you need to copy data between Windows systems but have limited bandwidth—and don’t want to consume all the data pipe—ROBOCOPY has a useful switch which allows you to throttle bandwidth.

The switch is /IPG (Inter Packet Gap). There’s a formula for calculating the gap (in milliseconds) which is most appropriate for use depending upon your available bandwidth:

The following formula expresses the delay (D, in milliseconds) required to simulate a desired bandwidth (BD, in kilobits per second), over a network link with an available bandwidth of BA kbps:

 

 

So, for example, on a 4Mbps line, you could throttle down a copy to use a maximum of 2Mbps by using the /IPG:125 switch.

This document describes how to remove the Symantec Endpoint Protection 12.1 client from Windows Vista, Windows 7, and Windows 2008 based operating systems, both x86 (32 bit) and x64 (64 bit), manually. Upon completion of this manual uninstallation, the computer must be restarted one final time, in addition to any steps which require a restart.

1. Warning !

The manual removal steps outlined below can disable any other Symantec products that are installed on the computer. It is recommended that all Symantec products be uninstalled by using Add or Remove Programs before starting this process. Manual uninstall via file removal and registry manipulation should only be attempted as a last resort after first running traditional removal through Add or Remove Programs, and if that does not work, by using CleanWipe.

Not all files, folders, registry keys, or registry values may be present. If an entry does not exist, move on to the next one.

 

2. Log on as Administrator, Back up the Windows registry

Manual removal of Symantec Endpoint Protection must be done from the Administrator account. Before you begin this procedure, back up the Windows registry.

 

3. To allow Symantec Endpoint Protection services to be configured

1.) Right-click the Symantec Endpoint Protection icon in the lower right corner of the screen, and click Open Symantec Endpoint Protection.
2.) In the left pane, click Change Settings.
3.) In the right pane, click Client Management > Configure Settings.
4.) On the Tamper Protection tab, uncheck Protect Symantec security software from being tampered with or shut down.
5.) Click OK.
6.) Close Symantec Endpoint Protection.

 

4. To stop Symantec Endpoint Protection

1.) Click Start > Run.
2.) Type msconfig, and click OK.
3.) On the Services tab, uncheck the following (not all may be present):
4.) Symantec Management Client
5.) Symantec Network Access Control
6.) Symantec Endpoint Protection
7.) Click OK.
8.) Click Start > Run.
9.) Type regedit and click OK.
10.) Navigate to the following key:
11.) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SepMasterService
12.) Change the Start value to 4.
13.) Repeat step 8 for the following keys:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmcService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNAC
Restart the computer.
After you restart the computer, a message appears. Check the box and click OK.

 

5. Remove the Teefer driver (may not be present):

Click Start > Run.
Type regedit, and click OK.
Navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}
Find the keys that have a value of ComponentId that is set to symc_teefer2, and update the value of Characteristics to 40000.
Navigate to the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network
Delete the value Config.
Exit the Windows Registry Editor.
Click Start > Settings > Control Panel > Network Connections.
Click a connection.
In the dialog, click Properties.
Select Teefer Driver, and click Uninstall.
Repeat these steps for each Network Connection.
Restart the computer.

 

6. To remove Symantec Endpoint Protection from the registry

Click Start > Run.
Type regedit, and click OK.
In the Windows registry editor, in the left pane, delete the following keys if they are present. If one is not present, proceed to the next one.

HKEY_CURRENT_USER\Software\Symantec\Symantec Endpoint Protection
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BHDrvx86
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\IDSVix86
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NAVENG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NAVEX15
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SepMasterService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SmcService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SNAC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SnacNp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SRTSP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SRTSPX
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SyDvCtrl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SymDS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SymEFA
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SymEvent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SymIRON
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SYMNETS
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SysPlant
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Teefer2

Go to HKEY_LOCAL_MACHINE\SOFTWARE, and delete the following keys if they are present:

\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Microsoft\Windows\CurrentVersion\App Paths\Smc.exe
\Microsoft\Windows\CurrentVersion\Controls Folder\Display\shellex\PropertySheetHandlers\LDVP Shell Extensions
\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
\Symantec\Symantec Endpoint Protection
\Microsoft\Windows\CurrentVersion\Uninstall\SevInst

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps, and delete the value SAVCE.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432node, and delete the following keys if they are present:

\Microsoft\Security Center\Monitoring\SymantecAntiVirus
\Microsoft\Windows\CurrentVersion\App Paths\Smc.exe
\Microsoft\Windows\CurrentVersion\Controls Folder\Display\shellex\PropertySheetHandlers\LDVP Shell Extensions
\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SEP
\Symantec\Symantec Endpoint Protection
\Microsoft\Windows\CurrentVersion\Uninstall\SevInst

Go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432node\Symantec\InstalledApps, and delete the value SAVCE.
Go to HKEY_CLASSES_ROOT, and delete the following keys if they are present:

\*\Shellex\ContextMenuHandlers\LDVPMenu
\AppID\Cliproxy.dll
\AppID\HPPProtectionProviderUI.dll
\AppID\PatchWrap.exe
\AppID\ProtectionUtil.dll
\AppID\SavMainUI.dll
\AppID\SavUI.exe
\AppID\SmcGui.exe
\AppID\SymNAPSHAgent.dll
\AppID\{163A15AA-F8B0-4A44-8B5D-8C40F9B46E66}
\AppID\{2E259067-4D17-4873-9D0E-BC56A2A99124}
\AppID\{4D87269F-49AB-4095-93FF-52DAD221149E}
\AppID\{4E9AEDCC-5516-41CC-AF40-2740C2310662}
\AppID\{5C2FCE47-AC1E-43D5-8E5C-038570953896}
\AppID\{610056EB-8561-4720-9C05-8E8C368E8779}
\AppID\{6425FB43-BE2A-4AC9-9B70-1C18807882D1}
\AppID\{7BC12215-782A-4031-A4D2-3770336543C9}
\AppID\{7F9D125B-D23F-4275-8656-931F712092A7}
\AppID\{CA39D995-ACA4-42B1-AABA-0C77EF20F785}
\cliproxy.objects
\cliproxy.objects.1
\Cliproxy.ScanManagerCOMCallback
\Cliproxy.ScanManagerCOMCallback.1
\CLSID\{083684A2-47AB-4839-A3B3-8109F4266B29}
\CLSID\{09FA8089-EE3E-4362-B8C0-1B0F4FD0505D}
\CLSID\{0E4ACE4C-DB4D-42C4-83A6-9A71D9C2CC1C}
\CLSID\{0F0E0EE0-760F-11D2-8E55-72C9EE000000}
\CLSID\{173883C3-C6CF-4D17-9889-CDC51DCFF5E1}
\CLSID\{17DE501A-6AD7-488C-9045-29FACC2262EF}
\CLSID\{1CDDD0B9-03AA-4442-9A5B-AC98086513E1}
\CLSID\{1FBEF3C8-45A0-42E0-8C68-681C4EB26DF7}
\CLSID\{26AFF61A-3282-4915-92C6-DCD3DB29BD5C}
\CLSID\{2707AAC5-C268-11D1-8263-00A0C95C0756}
\CLSID\{2707AAC6-C268-11D1-8263-00A0C95C0756}
\CLSID\{28FE5CD9-272D-442D-BA16-822126FCBD00}
\CLSID\{2AA55A10-1373-499B-8485-561006D1A1B0}
\CLSID\{2AE1F986-F3C3-4EF3-95DF-ED32AFE49510}
\CLSID\{2E76B2BF-C603-11D1-826C-00A0C95C0756}
\CLSID\{2E76B2C0-C603-11D1-826C-00A0C95C0756}
\CLSID\{2E76B2C3-C603-11D1-826C-00A0C95C0756}
\CLSID\{2E76B2C4-C603-11D1-826C-00A0C95C0756}
\CLSID\{314F8196-D31F-456B-BAA6-0A87FEEC20E4}
\CLSID\{327C5962-08E2-4EC6-A21A-340838D6EDB5}
\CLSID\{35AF7390-D827-4C1C-B7E0-8A26EC695AF5}
\CLSID\{3839D6F2-9AC5-4F95-9A47-504FB453ACBD}
\CLSID\{3DA06333-6CF3-499D-83AE-804CB32863AA}
\CLSID\{40C57BF5-CA86-11D1-B782-00A0C99C7131}
\CLSID\{40C57BF6-CA86-11D1-B782-00A0C99C7131}
\CLSID\{4128E694-4BB9-11D1-8190-00A0C95C0756}
\CLSID\{4128E695-4BB9-11D1-8190-00A0C95C0756}
\CLSID\{425DC6B2-28B6-41D2-AE94-0CE5E1CE7D9F}
\CLSID\{43943CCA-883C-11D1-83A4-00A0C9749EEF}
\CLSID\{4572031A-44ED-411B-9254-76449055D796}
\CLSID\{47D635E3-9D14-40C9-A28C-64C2AA7AF647}
\CLSID\{4B37F436-A1C7-43D6-8B48-2578BFB82F9C}
\CLSID\{4DEF8DD1-C4D1-11D1-82DA-00A0C9749EEF}
\CLSID\{501F9014-F64A-49AD-A36D-CB8F722D3739}
\CLSID\{536604C2-B82E-11D1-8252-00A0C95C0756}
\CLSID\{536604C3-B82E-11D1-8252-00A0C95C0756}
\CLSID\{57BAFF80-7818-4874-9D14-0AEC89E8E713}
\CLSID\{592DC44C-4977-11D1-818D-00A0C95C0756}
\CLSID\{592DC44F-4977-11D1-818D-00A0C95C0756}
\CLSID\{5CEC0E13-CF22-414C-8D67-D44B06420FC1}
\CLSID\{62C95F44-F1B4-4460-A190-E0402B887BFF}
\CLSID\{661CE64B-B9C4-40A0-A935-8A7A512CC794}
\CLSID\{6C393196-AEEB-4CB0-8F8E-72EFC4C2C1CA}
\CLSID\{6CAD485D-61FD-4989-8BE1-22BFDBD4260B}
\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}
\CLSID\{6F129A02-26F1-4AFB-80C4-8D0073EA2679}
\CLSID\{72864BE2-6234-45AA-952D-00C10C34BEEE}
\CLSID\{72E2440E-EBEA-49E6-A185-1BE03F723E28}
\CLSID\{74F8002D-2DF2-479E-80B9-AF7AC93DF4A7}
\CLSID\{7F365837-F578-11D1-B7B2-00A0C99C7131}
\CLSID\{7F365838-F578-11D1-B7B2-00A0C99C7131}
\CLSID\{7FBB7DCB-FF3D-467E-8962-7F1F58DE5B50}
\CLSID\{84AC6BE7-8CF2-4E67-A80E-32ACD3D7C381}
\CLSID\{8630F7C0-73E6-4C27-80AF-6ED3A7152194}
\CLSID\{8BEEE74D-455E-4616-A97A-F6E86C317F32}
\CLSID\{8F6F6788-4009-11D1-8184-00A0C95C0756}
\CLSID\{91581CB1-0E7B-11D1-9D93-00A0C95C1762}
\CLSID\{921BD9FB-4963-11D1-818D-00A0C95C0756}
\CLSID\{94A95A15-EA82-46F5-B5BF-1176F6D77DF7}
\CLSID\{94BFEEF1-3EAD-41E2-86FC-E1502DB9CB06}
\CLSID\{98694799-6891-4FD7-A91D-FB43B78AEC8C}
\CLSID\{9A4A52A6-7B83-403D-A6C9-1C8A492687CD}
\CLSID\{A1987DB8-9F0D-47D1-80C9-DFCE76260841}
\CLSID\{A302D4CF-8AAD-4B44-ADDE-7D1630CF6C37}
\CLSID\{A5C06558-65A3-472D-A950-B5E3324A85C7}
\CLSID\{AB08D3A3-260C-4CAB-BC71-8784DF963C8F}
\CLSID\{AB124073-6726-461F-B219-BBD3E6DE19E1}
\CLSID\{ABBAB8BD-E4F1-11D1-A42C-00A0C9A243C6}
\CLSID\{ABBAB8BE-E4F1-11D1-A42C-00A0C9A243C6}
\CLSID\{AC0A837D-9BE0-49A4-9495-582AFB88A673}
\CLSID\{AE78D5A2-46A3-43BB-A166-1B0018F0F21B}
\CLSID\{AEF1A62D-7C44-4985-9388-E9EE70F6CCFE}
\CLSID\{AFBBB9C6-8A99-11D1-8892-0080C75FFCC4}
\CLSID\{AFBBB9C7-8A99-11D1-8892-0080C75FFCC4}
\CLSID\{B1E8CB59-77C3-4A8D-9B0D-73A1F71C71A8}
\CLSID\{B91B0CAE-D866-11D1-B78C-00A0C99C7131}
\CLSID\{BC66531F-3136-46B0-9FEA-AC2AB3B7CF66}
\CLSID\{BE70B0B7-25AF-46E2-AF30-ED4EBBC1F149}
\CLSID\{BEE62D80-4A07-11D1-818E-00A0C95C0756}
\CLSID\{C05C035C-9C26-4F1E-B8BB-13F847313208}
\CLSID\{C0C14422-4924-41B9-971A-030CB1119C3B}
\CLSID\{C859248A-513E-11D1-8194-00A0C95C0756}
\CLSID\{C859248B-513E-11D1-8194-00A0C95C0756}
\CLSID\{C904B403-EA5E-48AB-99B6-F5A6EAD6D908}
\CLSID\{CCD1C6CC-DCA5-448E-8C35-3BA8C6FBF99D}
\CLSID\{CED1DFB3-4A7D-463F-985C-DBF75C52680B}
\CLSID\{D4268CC3-BE07-4B6F-8364-B853D09FF3BD}
\CLSID\{DEB07E48-ABCF-48AA-9B43-97E45D338C50}
\CLSID\{DEDC07E8-EE02-4AB9-8DE3-15808156CB49}
\CLSID\{E17664B2-DFBE-4654-8E40-672EC40C0276}
\CLSID\{E25C22E6-78BD-45F9-88D2-6DF7A580E400}
\CLSID\{E381F1C0-910E-11D1-AB1E-00A0C90F8F6F}
\CLSID\{E59CB7FB-1C4E-4733-BBBD-29F3D366BAFD}
\CLSID\{E7329452-FE39-4129-AB0F-5F8FD0AC628C}
\CLSID\{E99BD5E1-FD77-4142-94DC-2BA6057951B3}
\CLSID\{EE68EAFC-BF28-4017-8A92-D17DACF0B459}
\CLSID\{F20393E2-7481-49A3-8543-0268AA252EA8}
\CLSID\{F32F2026-8607-11D1-8892-0080C75FFCC4}
\CLSID\{F32F2027-8607-11D1-8892-0080C75FFCC4}
\CLSID\{F32F202A-8607-11D1-8892-0080C75FFCC4}
\CLSID\{F32F202B-8607-11D1-8892-0080C75FFCC4}
\CLSID\{F50BD50D-952E-4C4E-BF0E-C435015C6ADD}
\CLSID\{FC894628-B91D-11D1-8254-00A0C95C0756}
\CLSID\{FC894629-B91D-11D1-8254-00A0C95C0756}
\CLSID\{FD49B8C4-41FE-498D-95A0-BD12BADE43A9}
\CLSID\{FF1C1AB8-C27D-11D1-8263-00A0C95C0756}
\CLSID\{FF1C1AB9-C27D-11D1-8263-00A0C95C0756}
\Drive\shellex\ContextMenuHandlers\LDVPMenu
\EXCHNGUI.ExchngUICtrl.1
\Folder\ShellEx\ContextMenuHandlers\LDVPMenu
\FwsCtrl.BrowserProtection
\FwsCtrl.BrowserProtection.1
\FwsCtrl.CAutoprotectFw
\FwsCtrl.CAutoprotectFw.1
\FwsCtrl.CCmcManagement
\FwsCtrl.CCmcManagement.1
\FwsCtrl.CNACProtection
\FwsCtrl.CNACProtection.1
\FwsCtrl.FwsProtectionProvider
\FwsCtrl.FwsProtectionProvider.1
\FwsCtrl.IpsProtection
\FwsCtrl.IpsProtection.1
\FwsCtrl.NACProtectionProvider
\FwsCtrl.NACProtectionProvider.1
\HPPProtectionProviderUI.BASHProtection
\HPPProtectionProviderUI.BASHProtection.1
\HPPProtectionProviderUI.HPPProtectionPr
\HPPProtectionProviderUI.HPPProtectionProvider.1
\INETMAILUI.InetMailUICtrl.1
\Installer\Products\9488817E81CADEA4081E1969AF75C7F9
\Installer\UpgradeCodes\20A7FB42A06BB49448A397B3CB77ED4D
\Interface\{002E704B-6E16-40EA-AEBA-E858BCA82B89}
\Interface\{0579533D-B27A-4637-87EB-91DC6BA312B4}
\Interface\{11442D72-F6E6-402F-935D-259A138CDE24}
\Interface\{11D8A19E-B7BA-46EE-BCB7-4A8A741CAC2F}
\Interface\{1297D925-FC7C-4201-A721-EE628C757C1A}
\Interface\{26AFF61A-3282-4915-92C6-DCD3DB29BD5C}
\Interface\{2843A4DD-917F-4322-B5AA-5A262CAE143D}
\Interface\{2E9218D3-0CF5-4502-B308-63AC5EE5D137}
\Interface\{3CE447DF-10EC-4852-ACDA-617BFC495716}
\Interface\{3DF841FB-5316-48B4-B78A-AA62200897D3}
\Interface\{45389BB6-6A0A-41AE-8044-6B0FDDEC87CC}
\Interface\{4631BA12-67C1-4A91-9D98-BC74B0E5A716}
\Interface\{4D7099CB-24F4-4502-B317-56E0EDD3D378}
\Interface\{4DD8D82B-432C-40EF-9788-853452C20168}
\Interface\{501F9014-F64A-49AD-A36D-CB8F722D3739}
\Interface\{536604C0-B82E-11D1-8252-00A0C95C0756}
\Interface\{536604C1-B82E-11D1-8252-00A0C95C0756}
\Interface\{587162BB-EB25-423C-BE97-EFE38BB0A2AE}
\Interface\{633A25E8-4FFE-4BD5-BCBF-61B31D7FDDF3}
\Interface\{646C8A12-4A6B-425C-97F4-C22DDA93B744}
\Interface\{667C382E-70C4-45FA-9E01-9EB0B956AB3C}
\Interface\{6DEE0551-3EE6-4F3A-B420-48EBABA110CB}
\Interface\{7006BA9F-5D2C-4344-A3C9-9F82ADDF1A73}
\Interface\{888B91C3-9CC9-42E2-A085-0633B463FC13}
\Interface\{979920CF-81B8-4C1A-988F-15355AE8AD64}
\Interface\{A2B69D18-A0A3-45EC-8517-053075BD4D90}
\Interface\{A9CC9305-0A30-4015-92A0-0711EE24E720}
\Interface\{B473C0DD-AF12-4C13-9036-25D2BDCA2859}
\Interface\{B53FDB2B-BEBC-4502-BED2-26479677146C}
\Interface\{C05C035C-9C26-4F1E-B8BB-13F847313208}
\Interface\{C181575D-C0D6-4E1F-B517-0E2C3C312E4B}
\Interface\{CB4EB90C-FDA1-485A-ACB2-50D4804EA169}
\Interface\{CD653B9D-F5A3-4F91-A3BE-16B209E29339}
\Interface\{D0FE7F2E-0090-4237-9EA9-C432D661FF0A}
\Interface\{D57906B2-AA5D-4CFC-8728-296D0186776E}
\Interface\{D5B84A4F-1EB8-4C86-B6F9-3DA46B59891B}
\Interface\{D76F0CF0-AB6C-4604-8B1B-5CC305D5C289}
\Interface\{D7BD6E18-9468-42F5-9CAE-19B3164F635F}
\Interface\{D8ACF3FA-B1FD-ADB4-8660-6CAEF999B999}
\Interface\{D8FCD44A-B1FD-ABB4-8660-9C0EF889B752}
\Interface\{E4866660-DB82-4233-99A2-03F25C895214}
\Interface\{E7329452-FE39-4129-AB0F-5F8FD0AC628C}
\Interface\{EAA6B14E-CA51-4DAB-8049-96B243BD7F6E}
\Interface\{F0576720-A999-4A71-8ADE-61C621ED8407}
\Interface\{F672352D-267F-4E95-BD6F-9EB0D5791963}
\Interface\{FC2D4656-887F-474B-9A49-4FCEFD470DB4}
\Interface\{FED18B74-E38E-4738-B882-0FF8D74ABEB3}
\LDDATETIME.LDDateCtrl.1
\LDDATETIME.LDStaticDateTimeCtrl.1
\LDDATETIME.LDTimeCtrl.1
\LDVPCTLS.LDVPActionsCtrl.1
\LDVPCTLS.LDVPEditCtrl.1
\LDVPCTLS.LDVPExtensionsCtrl.1
\LDVPCTLS.LDVPResultsCtrl.1
\LDVPCTLS.LDVPVirusDetailsCtrl.1
\LDVPDLGS.LDVPAboutDlgCtrl.1
\LDVPDLGS.LDVPCompressedCtrl.1
\LDVPDLGS.LDVPEmailNotifySettingsCtrl.1
\LDVPDLGS.LDVPMessageConfigCtrl.1
\LDVPDLGS.LDVPSchedule2Ctrl.1
\LDVPDLGS.LDVPSchedule3Ctrl.1
\LDVPDLGS.LDVPScheduleCtrl.1
\LDVPDLGS.LDVPStorageViewCtrl.1
\LDVPDLGS.LDVPThreatExclusionsDlgCtl.1
\LDVPUI.LDVPUICtrl.1
\PatchWrap.PatchWrapper
\PatchWrap.PatchWrapper.1
\ProtectionUtil.ProtectionCollection
\ProtectionUtil.ProtectionCollection.1
\ProtectionUtil.ProtectionProviderColl.1
\ProtectionUtil.ProtectionProviderCollec
\ProtectionUtil.Protection_GUID_Contai.1
\ProtectionUtil.Protection_GUID_Containe
\ProtectionUtil.StatusFinder
\ProtectionUtil.StatusFinder.1
\ProtectionUtil.StatusProblem_Autoprot.1
\ProtectionUtil.StatusProblem_Autoprotec
\ProtectionUtil.StatusProblem_BashError
\ProtectionUtil.StatusProblem_BashError.1
\ProtectionUtil.StatusProblem_Containe.1
\ProtectionUtil.StatusProblem_Container
\ProtectionUtil.StatusProblem_DAError
\ProtectionUtil.StatusProblem_DAError.1
\ProtectionUtil.StatusProblem_DAOff
\ProtectionUtil.StatusProblem_DAOff.1
\ProtectionUtil.StatusProblem_Definiti.1
\ProtectionUtil.StatusProblem_Definition
\ProtectionUtil.StatusProblem_DefsCorr.1
\ProtectionUtil.StatusProblem_DefsCorrup
\ProtectionUtil.StatusProblem_HostInte.1
\ProtectionUtil.StatusProblem_HostIntegr
\ProtectionUtil.StatusProblem_NetworkA.1
\ProtectionUtil.StatusProblem_NetworkAcc
\ProtectionUtil.StatusProblem_NetworkQ.1
\ProtectionUtil.StatusProblem_NetworkQua
\ProtectionUtil.StatusProblem_Provider.1
\ProtectionUtil.StatusProblem_ProviderAu
\ProtectionUtil.StatusProblem_ProviderEr
\ProtectionUtil.StatusProblem_ProviderOf
\ProtectionUtil.StatusProblem_RebootPending
\ProtectionUtil.StatusProblem_RebootPending.1
\ProtectionUtil.StatusProblem_Trialwar.1
\ProtectionUtil.StatusProblem_TrialwareE
\Rtvscan.CSavInfo
\Rtvscan.CSavInfo.1
\Rtvscan.CSavQuarantine
\Rtvscan.CSavQuarantine.1
\Rtvscan.MailScanEngine
\Rtvscan.MailScanEngine.1
\Rtvscan.ResultsViewCOMCallback
\Rtvscan.ResultsViewCOMCallback.1
\Rtvscan.ScanManagerService
\Rtvscan.ScanManagerService.1
\Rtvscan.VirusFoundCOMCallback
\Rtvscan.VirusFoundCOMCallback.1
\SavMainUI.ConfigureableScanCollection
\SavMainUI.ConfigureableScanCollection.1
\SavMainUI.SavAutoprotectExchange
\SavMainUI.SavAutoprotectExchange.1
\SavMainUI.SavAutoprotectFilesystem
\SavMainUI.SavAutoprotectFilesystem.1
\SavMainUI.SavAutoprotectInternetEmail
\SavMainUI.SavAutoprotectInternetEmail.1
\SavMainUI.SavAutoprotectNotes
\SavMainUI.SavAutoprotectNotes.1
\SavMainUI.SavConfigureableScan
\SavMainUI.SavConfigureableScan.1
\SavMainUI.SavProtectionProvider
\SavMainUI.SavProtectionProvider.1
\SavMainUI.SavQuarantineItem
\SavMainUI.SavQuarantineItem.1
\SavMainUI.SavQuarantineItemCollection
\SavMainUI.SavQuarantineItemCollection.1
\SavMainUI.TamperProtectionProvider
\SavMainUI.TamperProtectionProvider.1
\SavMainUI.TamperProtectProcess
\SavMainUI.TamperProtectProcess.1
\SavUI.ActionableAlertCOMAdapter
\SavUI.ActionableAlertCOMAdapter.1
\SavUI.ResultsViewCOMAdapter
\SavUI.ResultsViewCOMAdapter.1
\SavUI.VirusFoundCOMAdapter
\SavUI.VirusFoundCOMAdapter.1
\SEP.AV.ScanDlgs
\SEPOutlookAddin.OutlookAddin
\SEPOutlookAddin.OutlookAddin.1
\Shelsel2.Shelsel2
\Shelsel2.Shelsel2.1
\Symantec.IPS.WebProtection
\Symantec.IPS.WebProtection.1
\SymNAPSHAgent.CSymNAPSHAgentComponentInfo
\TypeLib\{1708F2CA-DCD5-4492-8260-FC9F58358478}
\TypeLib\{1C68BD0A-0264-4D90-904E-69D63F9090FC}
\TypeLib\{2149B26D-55C9-4DC3-BD03-B982AAA1733A}
\TypeLib\{2707AAC2-C268-11D1-8263-00A0C95C0756}
\TypeLib\{2E76B2B4-C603-11D1-826C-00A0C95C0756}
\TypeLib\{536604BF-B82E-11D1-8252-00A0C95C0756}
\TypeLib\{592DC449-4977-11D1-818D-00A0C95C0756}
\TypeLib\{69A9E691-DD09-4DBD-BBE1-BB63B8BE2652}
\TypeLib\{6F952B50-BCEE-11D1-82D6-00A0C9749EEF}
\TypeLib\{7F1806A6-1864-4697-A06B-E36F41D75DEF}
\TypeLib\{9D75182B-19F7-469B-83CB-180FE3338F33}
\TypeLib\{A559E5DA-F585-4590-AAC4-E00737E19425}
\TypeLib\{C0155A1A-11F1-4178-BE82-32FA1BB6AA5D}
\TypeLib\{E8996CAF-8E36-4818-948E-5C627388056F}
\TypeLib\{F32F2023-8607-11D1-8892-0080C75FFCC4}
\TypeLib\{FAD5CC54-0E68-11D1-9D91-00A0C95C1762}
\TypeLib\{FF1C1AB5-C27D-11D1-8263-00A0C95C0756}
\VpshellEx.VpshellEx
\VpshellEx.VpshellEx.1

Go to HKEY_LOCAL_MACHINE\SOFTWARE\Classes, and delete the keys listed in step 8.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node, and delete the keys listed in step 8.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432node\Classes, and delete the keys listed in step 8.
Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, and click the Uninstall registry key to select it.
On the Edit menu, click Find.
Type symantec, and click Find Next.
Look for any values that appear in the right pane that includes the word Symantec, in a key that is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.
If the key that is selected is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, delete the key (in the left pane) – it will be an 24 letter/number alphanumeric “GUID” surrounded by {} brackets. Repeat the search.
If the key that is selected is not in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, continue to the next step.
Remove any values with “Symantec” in the path from the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls

Use Edit > Find to search for any instances of the following strings, and delete any registry values that contain them or have the string as the name:

Vpshell2
VpShellEx
VpshellRes

 

7. To find and remove the product GUID

In the Windows registry editor, go to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\
Click Products to highlight it.
On the Edit menu, click Find.
Type Symantec Endpoint Protection.
Click Find Next.
A value appears in the right pane that includes the words Symantec Endpoint Protection, in a key named “InstallProperties”. The “InstallProperties” key resides within another key whose name is a hexadecimal string. This hexadecimal string is the product GUID.
Use Edit > Find to search for any instances of the product GUID, and delete any registry values that contain it or have the string as the name.

 

8. To restore default Windows network settings

Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetworkProvider\HwOrder.
Edit the ProviderOrder value to take out SnacNp from the list.
Repeat step 2 for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetworkProvider\Order.
Go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP.
In the 13 key, delete the following values:
ConfigUIPath
IdentityPath
InteractiveUIPath
Path
Rename the ConfigUIPathBackup, IdentityPathBackup, InteractiveUIPathBackup, and PathBackup values to ConfigUIPath, IdentityPath, InteractiveUIPath, and Path respectively.
Repeat steps 5 and 6 for the 25, 26, and 4 keys.
Delete the key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\PPP\EAP\88.

 

9. To remove Symantec Endpoint Protection files and folders

Restart the computer into Safe Mode. To enter Safe Mode on Windows Vista and Windows 7, read the Microsoft article Start your computer in safe mode.
In Safe Mode, log on as the Administrator account.
Delete the following files and folders. If a file or folder is not present, proceed to the next one.
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection
If you installed Symantec Endpoint Protection in a different folder, delete that folder instead.
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
C:\Users\All Users\Symantec
C:\ProgramData\Symantec
C:\Windows\System32\drivers\SEP
Go to %systemdrive%\System Volume Information.
Right-click EfaData, click Properties, and uncheck Read-only.
Delete EfaData.
Delete the following driver files in both C:\Windows\System32\drivers and C:\Windows\SysWOW64\drivers. In all cases delete the files with the extensions .sys, .cat, and .inf with the following prefixes:
SEP
SYMEVENT
SysPlant
Teefer
WGX
Delete the following driver files in both C:\Windows\System32 and C:\Windows\SysWOW64:
FwsVpn.dll
SysFer.dll
snacnp.dll
SysFerThunk.dll
SymVPN.dll
Go to C:\Windows\Installer\.
For each file in C:\Windows\Installer, right-click the file and click Properties.
On the Summary tab, check to see whether the file was created by Symantec. If it was, delete the file.
Repeat steps 10 and 11 for every file in the folder.

 

10. To remove the Teefer driver

Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
Type pnputil -e to list the Symantec drivers in the driver store.
Type pnputil -f -d oem.inf to remove Symantec drivers from driver store, where is a number corresponding to one of the Symantec drivers listed in the previous step.
Type exit to close the command prompt.
In the Windows registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}.
Delete any keys that have a value of ComponentId that is set to symc_teefer2.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}.
Delete any keys that have a name containing SYMC_TEEFERMP.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88424-7515-4c03-82e6-71a87abac361}.
Delete any keys that have a name containing SYMC_TEEFERMP.
Close the Windows Registry Editor.
In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with “teefer” in them.
Delete any network adapters to which teefer was attached.
This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
Restart the computer into normal mode.

 

11. Restart the computer

You must restart the computer again in order to ensure that all changes have been made.

WMIC USERACCOUNT WHERE “Name=’username'” SET PasswordExpires=FALSE

The value for the home page is stored in the registry.

In the registry

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
“Start Page”=”http://www.stackoverflow.com/”

With a command

REG ADD “HKCU\Software\Microsoft\Internet Explorer\Main” /V “Start Page” /D “http://www.eddiejackson.net/” /F

Scripted

@echo off
set key=”HKCU\Software\Microsoft\Internet Explorer\Main”
set value=”http://eddiejackson.net/”
set data=”%1″
reg.exe add “%key%” /v “%value%” /d “%data%” /f