Note from Wildstar: this document was imperfectly reformatted from a very messy text file. The information is good, but it’s not pretty to look at! Manually Uninstalling a Corrupt Installation of Symantec/Norton Products.Repairing a Corrupt/Broken XP SP2 Version of Windows Installer/msiexec.By Aaron Wood - 12/3/2004 Feel Free to re-publish or modify the information for your needs. Just give me credit if you wish to use this information on your web sites as this was a pain in the ass to figure out. Norton SystemWorks 2005 - Standard Edition used as the example in this paper. Norton SystemWorks includes the following Products:
The unofficial title of this paper is: "The Official 'How To Repair your XP SP2 Box from Buggy, poorly tested Symantec Products that lock down your XP Box' paper."(This paper can be used as a 'how to' guide to repair your Windows Installer/msiexec or as toilet paper if you need it) IntroI created this document as a guide for others who are experience problems with their XP SP2 Box when attempting to install Norton/Symantec Products or dealing with broken or corrupt installations following the installation of Windows XP SP2 over their currently installed Norton Products. What I found in my tests/trials is that the Symantec products seem to cause the Microsoft Windows Management Interface (WMI) to remove all permissions and access from even the Local Aministrator and essentially put the XP SP2 into a lockdown of Programs, processes and permissions. To me it's very similar to the way ZoneAlarm puts a computer into Lockdown when it 'Protects the Client' from unauthorized program access or execution. I haven't determined what, how, or even when this lockdown happened, I'm just providing a fix for all those people I've noted in Newsgroups and other boards that are having a problem with their Symantec Installs and Windows Installer on XP SP2. If I were to make an educated guess, I would say that something with XP SP2's new 'Data Execution Prevention' (DEP) Feature and the Norton/Symantec installation process puts the XP computer into a lockdown. I haven't read all the Microsoft Public information regarding DEP so, at this point in my investigation, my deduction is nothing more than a 'best guess'. I have links at the bottom of this paper about DEP if anyone wants more information regarding this new feature in XP SP2. From what I have read on the public MS sites, XP SP2 includes a new version of Windows Installer (3.0 if memory serves) that is installed as part of the XP SP2 Service Pack installation process. Unfortunately, XP SP2 Windows Installer Redistributables are not available to the public at this time. (From what I've read on the MS Public Web site, it is available in the XP SP2 SDK) Regardless, this puts customers with XP SP2 Windows Installer issues in a bit of a Bind. I believe I have discovered an additional troubleshooting step that people can try to repair their Windows Installer issues. These Steps should be performed when all the steps in the MS KB Article "How to Resolve Common 'Windows Installer' Problems" has been followed (a link is at the bottom of the page) and exhausted. *********** Scope ***********The Scope of this paper is to: Provide a guide (not hard directions) that people can follow to remove most if not all traces of the Norton/Symantec Products on XP SP2. This guide was created after exhausting most, if not all, of Symantec's and Microsoft's KB articles (most of which don't work or even exist IMO) on how to Uninstall Symantec's products from an XP SP2 box. Provide a manual workaround for people who are not only unable to install Norton/Symantec Products but to provide another alternate solution to repair people's XP SP2 Windows Installer issues. ***************** Disclaimer *****************Please note that this is only a guide and you should take precautions and steps to back up your work before beginning any of the steps I have described below. As previously stated, these directions were preformed on a clean XP SP2 install. Symantec's SystemWorks 2005 was installed over XP SP2. Furthermore, I did quite a few tests as well as flattening and rebuilding my XP Box from the ground up so all of the Symptoms noted below are the results of my tests. I would also recommend not attempting to use most of Symantec's KB articles on how to uninstall their products on XP SP2 as they clearly lack the correct steps for customers to remove the product from their XP SP2 machines. There are a very few Symantec articles I would recommend using for this process and I will note them in the directions accordingly or in the reference section at the bottom of this paper. These directions are for the technically minded so If you don't know your way around the registry or don't feel comfortable tweaking your operating system in this manner, please do not attempt these steps. If you do perform these steps, you do so at your own risk and cost. This paper is just a documentation of the steps I took to repair my Machine. Contents:Section 1 - Preparation for the Uninstall/Install/Repair Process This section covers the steps I took before I beginning the tweakage of my operating system. Section 2 - Manual Uninstall of Symantec's SystemWorks 2005 - Standard Edition These are the steps I took to remove a corrupt installation of Symantec products from my computer. Section 3 - WMI Lockdown workaround for Norton/Symantec and Windows Installer issues This section covers how to workaround the WMI 'Lockdown' and get your operating system back. References Section 1 - Preparation for the Uninstall/Install/Repair ProcessOne thing to keep in the back of your head is that you will need to reboot your XP SP2 box after EVERY single point in the Symantec install/uninstall/upgrade process. ****First, make sure your computer is off the network when you perform these steps**** The Steps in Section 3 involve the stopping of the WMI service (winmgmt). Thw WMI service has a dependency on the XP 'Security Center' Service. This means that both services will stop as a result of Stopping the WMI Service. ****Secondly, BACK UP YOUR REGISTRY BEFORE YOU BEGIN!!!**** You're going to be doing a lot of Registry hacking so you will need to in the very least back up your HKLM hive. Here's how (you must have administrator/backup privileges to do this): 1) Click 'Start'->'Run' 2) In the space provided type (without the quotes 'regedit') 3) Right-Click on 'My Computer' and select 'Export'. 4) Enter the file name you would like to call this file and save it. It's going to take a quite a while to create this file so don't interrupt it. Make sure you back up the ENTIRE registry!!! ++++++++++++++++++++++++++++++++++ Step 1 - Download Symantec Patches Before you begin, download any Symantec Updates for your product. Download for SystemWorks 2005 Standard Edition: ftp://ftp.symantec.com/public/english_us_canada/linked_files/nsw/patchNSW-std.exe ++++++++++++++++++++++++++++++++++ Step 2 - For ZoneAlarm Users - If you are Running Zone Alarm Firewall Products on your XP Box, Temporarily Disable 'Protect the Client' option on your firewall until the uninstall, patch, and/or install process is completed. - If you're running both the XP and Zone Alarm Firewall, disable the XP Firewall. ++++++++++++++++++++++++++++++++++ Step 3 - Disable System Restore If there's one thing that I agree with Symantec on is to disable your System Restore Service until you are sure that there aren't any viruses on your computer. The last thing you want is to have a restore point that contains viruses. %SystemRoot%\system32\services.msc Find the System Restore Service, select the properties, stop and disable the service until this process is completed and you have verified that you do not have any viruses on your computer. ++++++++++++++++++++++++++++++++++ Step 4 - Modify XP SP2 boot.ini - If you have the '/noexecute=optin' option in your boot.ini file, run the Steps noted in the 'Workaround' Section of this article to temporarily disable XP SP2's new 'Data Execution Prevention' (DEP) Feature. Ignore the rest of the article but use the steps in the 'Workaround' section to disable/re-enable the DEP Feature in XP SP2. http://support.microsoft.com/default.aspx?scid=kb;en-us;873155 MAKE SURE YOU ARE NOT CONNECTED TO THE INTERNET WHILE PERFORMING THIS Uninstall/Reinstall Process!!! Section 2 - Manual Uninstall of Symantec's SystemWorks 2005 - Standard EditionSymptoms, error messages and other observations of the problems I saw: Microsoft Windows XP SP2 Symptoms:You may receive some or all of these messages during the process of installing your Symantec product on Windows XP2 SP2.
Event Log Errors Related to this issue:
Symantec Related SYMPTOMS:You get the following errors in Norton/Symantec Products no matter where the Norton program files are located (CD, Hard drive, network, Web download). You may receive one, a few, or all of the errors noted below:
XP Event Log Errors:
Other Symantec/Norton symptoms include:
Section 2 - Manual removal of Norton/Symantec Products from your XP SP2 Computer=================================================== Step 1 - Uninstalled Programs via the Control Panel =================================================== - Removed All Symantec/Norton Programs from 'Add or Remove Programs' in the Control Panel The Programs to uninstall are: checkIt Diagnostics (Optional Uninstalled with no issues) LiveReg LiveUpdate Norton SystemWorks 2005 - Rebooted - Tried installing SystemWorks 2005 again. - Install Failed due to programs that were still active so I went deeper into the operating system to remove the programs. ======================================= Step 2 - Stopped All Norton/Symantec Services ======================================= Stopped the following Services:
============================================================= Step 3 - Manually Deleted Symantec Program Related Directories ============================================================= Manually Deleted the following directories:
============================================================= Step 4 - Manually Deleted Software/Program Settings in the Registry ============================================================= Deleted the HKLM\Software\Symantec regkey Deleted the HKLM\Software\Smith Micro regkey (This is the Optional CheckIt Diagnostics Program Registry Key) ============================================================= Step 5 - Manually Deleted Symantec Related Services in the Registry ============================================================= Removed the following keys under HKLM\SYSTEM\CurrentControlSet\SERVICES (Note: Not all of the keys existed but they may appear depending on what Version and Type of Symantec's are installed. The Optional CheckIt Diagnostics is not installed as a Service.) ccEvtMgr ccPwdSvc ccSetMgr navapsvc NAVENG NAVEX15 NPDriver NPFMntor NProtectService SAVRT SAVRTPEL SAVScan SBService SDDriver SNDSRvc SPBBCDDrv SPBBCSvc Speed Disk Service Symantec Core LC symdns symevent symfw symids symlcbrd symndis symredir symredrv symtdi ============================================================= Step 6 - Manually Removed Symantec Related Programs that start up at OS Boot/Login ============================================================= Removed any of the following registry entries from (Note: not all of the keys existed but they may depend what is installed) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ccApp ccRegVfy GhostStartTrayApp AcctMgr Norton SystemWorks NAV Cfgwiz symdns symevent symfw symids symlcbrd symndis symredir symredrv symtdi SBBCDrv SYMDNS SYMDISCO SAVRTPEL sndmon.exe ========================================== Step 7 - Manually Deleted Symantec Related Drivers ========================================= Within the following directory: C:\Windows\System32\Drivers I deleted: qdfsdrv.sys symdns.sys symevent.sys symfw.sys symids.sys symlcbrd.sys symndis.sys symredir.sys symredir.sys symredrv.sys symtdi.sys NPDriver.sys One good thing about this is that you can hover your mouse over the driver in question and the properties of the Symantec drivers will appear stating whether or not it's from Symantec. If it states the Driver is from Symantec, delete it. Otherwise, leave it alone. ============================================================= Step 8 - Removing Symantec Products from the Windows Installer Database ============================================================= If at this point, Symantec Setup is detecting programs still installed on your computer download and install the Windows Installer Clean Up Utility and Remove the following programs: ccCommon Internet Worm Protection Norton AntiVirus 2005 Norton AntiVirus Parent MSI Norton CleanSweep Norton SystemWorks (1.0) Norton systemWorks 2005 (8.2.0.6) Norton Utilities Norton WMI Update NSW_DMR_COLLECTION SPBBC Symantec Network Drivers Update Symantec Script Blocking Installer SymNet This is probably the only KB Article I would Recommend everyone looking to Symantec's site for references as they have a list of programs installed by the various types and versions =============================== Step 9 - Deleting %Temp% Files =============================== Regarding Symantec's statements about blowing away all the contents of your %TEMP% directory as stated in this article... ...is utter crap. Don't ever delete everything in the temp directory. In this day and age many other non-Symantec products write install/patch/uninstall logs to this directory. If you needed to call a non Symantec Product support professional and you blew away directories that will be needed to troubleshoot a given issue, you'd be up the proverbial creek without a paddle. Anyways, here's a list Symantec related %TEMP% directory files you can delete: Norton Systemworks 2005*.log NGBINST.log msicu.log LSinstall.log *.tmp SymSCLiveupdate.dat symcprop.dat ssaliveupdate.dat prescan.log SND*.log ============================================================= Step 10 - If the Symantec Services are STILL installed at this point..... ============================================================= If services are still present on your computer after removing them from the registry and rebooting your computer, use SC.exe from the command line to remove the following Norton/Symantec services: SERVICE_NAME: ccEvtMgr SERVICE_NAME: ccPwdSvc SERVICE_NAME: ccSetMgr SERVICE_NAME: navapsvc SERVICE_NAME: NPFMntor SERVICE_NAME: NProtectService SERVICE_NAME: SAVScan SERVICE_NAME: SBService SERVICE_NAME: SNDSrvc SERVICE_NAME: SPBBCSvc SERVICE_NAME: Speed Disk service SERVICE_NAME: Symantec Core LC At this point Symantec's SystemWorks 2005 should be completely removed enough for the SystemWorks Setup Program to be able run a fresh install. However, there's one more thing to do before re-installing SystemWorks....... Section 3 - WMI Lockdown workaround for Norton/Symantec and Windows Installer issuesLong Story short, I found the root of all the problems I had (and I'm betting that everyone else is having too) on my XP Box. Since the WMI Control (and many other parts of the Operating System) were getting 'Access Denied' errors I decided to try delete and restore my WMI settings based on something I tried on a Win 2K3 Domain Controller at work. Take a look at this article: http://www.microsoft.com/technet/scriptcenter/resources/wmifaq.mspx#EGAA Scroll down to the Section entitled "Rebuild the Repository". These are the steps I took to re-enable WMI and evetually my operating system. The first thing I did before starting these sets of directions is I ran the following command from the command prompt: msiexec /unreg This Unregisters the Windows Installer for repair and refreshing purposes and is one of the steps taken when attempting to repair a Windows Installer installation (see the 'References' Section at the end of this paper for more information). + Next I Followed the first set of directions for the 'AutoRecover' of the WMI. + Once I completed these steps, I right-clicked WMI Control within Computer Management (compmgmt.msc) and selected properties. The WMI Control refreshed and repopulated. If You get prompted to re-register products that you recognize, click yes. As a result, not only was I able to successfully install, configure, and update my XP box, but my Windows Installer/msiexec worked once again! =========== Sidenote =========== Regarding Symantec's Article about the Windows Installer: http://service1.symantec.com/SUPPORT/sharedtech.nsf/docid/2004071407423813?Open&src=hot&docid=2002071915240913&nsf=sharedtech.nsf&view=docid&dtype=&prod=Norton%20SystemWorks&ver=2005&osv=&osv_lvl= Regarding the Reinstall of the MS Windows Installer Util, these processes will not work on XP SP2 as the service pack updated the Windows Installer to a new version. Furthermore, there is not an Updated version of Windows Installer for XP SP2 (the Redistributable) currently available on the MS Public Web Site (the Exception is to Download the Mammoth SDK for SP2). I would suggest following the troubleshooting steps in this article before proceeding to something as complex as what I just described. http://support.microsoft.com/default.aspx?scid=kb;en-us;555175 Remember to re-enable all the services, processes, and programs you turned off or modified! Cheers! Aaron Wood awood7@msn.com ReferencesMicrosoft Referenceswindows XP Newsgroups: http://www.microsoft.com/windowsxp/expertzone/newsgroups.mspx XP SP2's Data Execution Prevention Feature: http://support.microsoft.com/default.aspx?scid=kb;en-us;875352 http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2mempr. mspx How to edit the Boot.ini in Windows XP - KB Article: http://support.microsoft.com/kb/289022 "0x80070005: Access is denied" error message when you create a scheduled task in Windows XP Service Pack 2 or Windows XP Tablet PC Edition 2005: http://support.microsoft.com/default.aspx?scid=kb;en-us;884573 How to Resolve Common 'Windows Installer' Problems: http://support.microsoft.com/default.aspx?scid=kb;en-us;555175 Windows Management Interface Frequently Asked Questions: http://www.microsoft.com/technet/scriptcenter/resources/wmifaq.mspx Code Access Security for WMI: http://support.microsoft.com/default.aspx?scid=kb;en-us;823915 Securing a Remote WMI Connection: Windows Installer Clean Up Utility http://support.microsoft.com/default.aspx?scid=kb;en-us;290301 Symantec ReferencesHow To Install Norton SystemWorks 2005: Reinstalling your Symantec program after a failed installation or after you see error messages: Using the Microsoft Windows Installer Cleanup Utility to remove Symantec Products: Obtaining the Microsoft Installer Cleanup Utility: Removing Norton SystemWorks 2005 in Windows XP/2000 after Add/Remove Programs does not work |
|
Wildstar Consulting
8842 - 204th Street
Langley, BC V1M 1E6
Canada
(604) 888-5730