Last week, I was working on writing a comparative analysis of various anti-virus products. As a part of my review, I had to install each product and put it through several tests. After I was finished testing a product, I would uninstall it so that it would not interfere with the next product being tested.
Something happened to me that maybe you have experienced: one of the products didn't contain an uninstall option. I checked the Add/Remove Programs applet, but it offered no help.
My challenge was to figure out how to uninstall it. Assuming that the product I was testing must be fairly crude since it didn't have an uninstaller, I tried to erase the program's folder beneath C:Program Files. After removing the application's folder, I rebooted the machine and the application appeared to have been removed. I decided to go ahead and install the next application that I was testing.
However, the installer informed me that the previous program was still installed on my system and that I would not be allowed to install this application until I removed the previous application.
Modify the registry—with care
With a deadline looming, I had no choice but to figure out a way of manually uninstalling the application. I resorted to modifying the registry.
Any time that you modify the registry, there are risks involved. If you modify the registry incorrectly, you can destroy Windows and/or your applications. For this reason I recommend that you back up your system before you try any of these techniques.
Normally when you install a program, Windows will automatically create an uninstall entry in the Windows registry. You can find these keys at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall. Beneath the Uninstall container are many sub-containers, each pertaining to a specific application. The container names are in hexadecimal format, but you can easily tell which program is associated with a container by clicking on the container and looking at the DisplayName value in the column to the right.
In many cases, if you need to manually get rid of a program you can delete the program's container beneath the Uninstall container. If that doesn't work, there are a few other places that you should look in the registry.
If portions of the program automatically execute when Windows loads, then look in the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run container. This container lists most of the programs that Windows executes at boot time. You can usually determine which Run entries pertain to the program that you are trying to get rid of by looking at the path displayed in the value's Data column. While you are at it, you should also check the RunOnce, RunOnceEx and RunServices containers for references to the program.
The next place to look for program fragments is in HKEY_LOCAL_MACHINE\SOFTWARE. Typically, each software manufacturer will create a container beneath the SOFTWARE container. This container is typically named after the manufacturer. The manufacturer would then create another sub-container baring the name of the program. For example, imagine that TechTarget was in the software publishing business and produced an application named Annoying Program. If the developers followed normal naming conventions and programming practices then there would be a registry key with a name like HKEY_LOCAL_MACHINE\SOFTWARE\TechTarget\AnnoyingProgram If you wanted to get rid of the program, then you would delete the AnnoyingPorgram container from the registry.
Depending on how invasive the application is, it may also write values into the user portion of the registry. If you look at the HKEY_USERS portion of the registry, you will see that there is a container representing each local user account. Again, the container names are in hexadecimal format. If you expand a user's container, though, it will have its own Software container beneath it. Some software manufacturers will create a sub key bearing their name and another sub key bearing the product name beneath the software key.
Some applications, especially anti-virus programs, tend to run sub-components as system services. Before you can remove a service, you must know the service's name. You should be able to determine the name by browsing through the Service Control manager and looking at the description of each service. Once you know the name of the service that you want to get rid of, then navigate through the registry to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services. The Services container contains a sub container for each of the machine's services. Just delete the container pertaining to the service that you want to remove.
The techniques that I have shown you should remove all but the most stubborn applications. Occasionally an application will register a file extension. For example, the PPT file extension is usually registered to Power Point. It usually doesn't cause any problems if you leave file extensions registered, but if you do want to get rid of a registration then navigate through the registry to HKEY_CLASSES_ROOT. Just beneath HKEY_CLASSES_ROOT will be a sub container for each registered file extension. Simply find the extension that you want to de-register and delete its container.
The top 10 tips of 2005
Tip #1: How to change the Windows XP Product Activation Key Code
Tip #2: Create a bootable USB flash drive -- in a flash!
Tip #3: Create a bootable Windows Server 2003 CD
Tip #4: 8 common causes for 'delayed write failed' errors
Tip #5: Ultimate boot CD packs in recovery, repair utilities
Tip #6: Install Windows Server 2003 silently
Tip #7: Uninstall 'stubborn' programs
Tip #8: What to do when your hard drive fails
Tip #9: Windows XP and Windows Server 2003 volume shadow copy service
Tip #10: 'Unlocker' reveals processes that lock files
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. Brien has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer he has written for Microsoft, CNET, ZDNet, TechTarget, MSD2D, Relevant Technologies and other technology companies. You can visit Brien's personal Web site at www.brienposey.com.
Dig Deeper on Microsoft Windows XP Pro