Solution
Warning: These removal steps can disable other Symantec products that are installed on the computer. It is recommended that all Symantec products be uninstalled by using Add or Remove Programs before starting this process.
Log on as Administrator
Manual removal of Symantec Endpoint Protection must be done from the Administrator account. To enable the Administrator account, read the following document from the Microsoft Knowledge Base: Enable and Disable the Built-in Administrator Account.
When the Administrator account is enabled, log on to that account.
Stop Symantec Endpoint Protection
Click Start > Run.
Type msconfig
Click OK.
On the Startup tab, uncheck Symantec Security Technologies.
In the Services tab, uncheck the following (not all may be present):
Symantec Event Manager
Symantec Settings Manager
LiveUpdate
Symantec Management Client
Symantec Network Access Control
Symantec Endpoint Protection
Click OK, and then restart the computer.
After the computer starts up, an alert appears. Check the box and click OK.
Remove the Teefer2 driver
Click Start > Settings > Control Panel > Network Connections.
Click a connection.
In the dialog, click Properties.
Select Teefer2 Driver and click Uninstall.
You will need to repeat these steps for each Network Connection.
Restart the computer.
Remove Symantec Endpoint Protection from the registry
Click Start > Run.
Type regedit and Click OK.
In the Windows registry editor, in the left pane, delete the following keys if they are present. If one is not present, proceed to the next one.
HKEY_CLASSES_ROOT\*\Shellex\ContextMenuHandlers\LDVPMenu
HKEY_CURRENT_USER\Software\Symantec\Symantec Endpoint Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Sygate Technologies, Inc.
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\InstalledApps, SAVCE value only
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection
HKEY_LOCAL_MACHINE\SOFTWARE\Whole Security
HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\LiveUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SevInst
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\VirtualDeviceDrivers
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccEvtMgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ccSetMgr
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\eeCtrl
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EraserUtilRebootDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LiveUpdate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVENG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NAVEX15
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SmcService
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNAC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SnacNp
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SPBBCDrv
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSP
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPL
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SRTSPX
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symantec AntiVirus
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SymEvent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMREDRV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SYMTDI
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Teefer2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wps
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpsHelper
HKEY_LOCAL_MACHINE\SYSTEM\Symantec
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ccSvcHst
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\LiveUpdate
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SescLU
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Symantec AntiVirus
Navigate to the following key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
Select Uninstall.
Select Edit
Click Find.
Type symantec
Click Find Next.
A value appears in the right pane that includes the word Symantec, in a key that is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall.
If the key that is selected is still in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, delete the key (in the left pane), and then repeat the search.
If the key that is selected is not in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, continue to the next step.
Remove any values with "Symantec" in the path from the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDlls
Search for the following strings, and delete any registry keys that contain them:
331D64B67B1D6024FAD99FA7FAAE8F3
Vpshell2
VpShellEx
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\.
Under the following registry keys, delete the registry key 12AD9A2D657B7654F96A2EA43F3166B3:
0E3118066B3FEE6C0AF18C3B9B1A1EE8
2A31EAB9FA7E3C6D0AF18C3B9B1A1EE8
6EC3DF47D8A2C9E00AF18C3B9B1A1EE8
7ABFE44842C12B390AF18C3B9B1A1EE8
C9AE13788D0B61F80AF18C3B9B1A1EE8
DA42BC89BF25F5BD0AF18C3B9B1A1EE8
Remove Symantec Endpoint Security files and folders
Restart the computer into Safe Mode. To enter Safe Mode on Windows Vista and Windows 7, read the Microsoft article Start your computer in safe mode.
In Safe Mode, log on as the Administrator account.
Delete the following files and folders. If a file or folder is not present, proceed to the next one.
C:\Program Files\Symantec\Symantec Endpoint Protection (Or the appropriate directory if you installed in a different one)
C:\Program Files\Symantec\LiveUpdate (Or the appropriate directory if you installed in a different one)
C:\Program Files\Symantec\ (Or the appropriate directory if you installed in a different one)
C:\Program Files\Common Files\Symantec Shared
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Symantec Endpoint Protection
C:\ProgramData\Symantec
Delete the following driver files in C:\Windows\System32\drivers. In all cases delete the files with the extensions .sys, .cat, and .inf with the following prefixes:
Coh_Mon
SrtSp
SrtSp64
SrtSpl
SrtSpl64
SrtSpx
SrtSpx64
SymDns
SymDns64
SymEvent
SymEvent64x86
SymFw
SymIds
SymNdis
SymNdisv
SymRedir
SymRedrv
SymTdi
SysPlant
Teefer2
Wgx
WpsDrvnt
WpsHelper
Delete the following driver files in both C:\Windows\System32 and C:\Windows\SysWOW64:
BugslayerUtil.dll
Cba.dll
FwsVpn.dll
Loc32Vc0.dll
MsgSys.dll
Nts.dll
Pds.dll
SysFer.dll
SymVPN.dll
Go to C:\Windows\Installer\.
For each file in C:\Windows\Installer, right-click the file and select Properties.
On the Summary tab, check to see whether the file was created by Symantec. If it was, delete the file.
Repeat steps 6-9 for every file in the folder.
Remove the Teefer driver
Click Start > Search, type cmd, and press Ctrl+Shift+Enter to start a command prompt with Administrator privileges.
Type pnputil -e to list the Symantec drivers in the driver store.
Type pnputil -f -d oem<n>.inf to remove Symantec drivers from driver store, where <n> is a number corresponding to one of the Symantec drivers listed in the previous step.
Type exit to close the command prompt.
In the Windows registry editor, navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}.
Delete any keys that have a value of ComponentId that is set to symc_teefer2mp.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}.
Delete any sub keys that have a name containing SYMC_TEEFER2MP.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses\{cac88424-7515-4c03-82e6-71a87abac361}.
Delete any sub keys that have a name containing SYMC_TEEFER2MP.
Close the Windows Registry Editor.
In the Device Manager (devmgmt.msc), go to Network Adapters, and delete all entries with "teefer" in them.
Delete any network adapters to which teefer was attached.
This causes the adapters to be reinstalled. This step must be done in order for there to be network connectivity after you restart the computer.
Restart the computer into normal mode.