SEARCH

How-To Geek

Lesson 5: Using Process Monitor to Troubleshoot and Find Registry Hacks

Every time you would click to Change so you could remove it, you’d get an error that said “An error occurred while trying to uninstall AwfulApp. It may have already been uninstalled. Would you like to remove AwfulApp from the Programs and Features list?”.

That would have been great, except we then got an error that said “You do not have sufficient access to remove OutfoxTV from the Programs and Features list. Please contact your system administrator.”

The first thing to do was try the uninstall process again with Process Monitor running, which captured an enormous amount of data. This time we decided to use the Find feature (CTRL + F) to quickly find what we were looking for in the list. You could also use a Filter if you wanted, but this seemed simple, and luckily it worked the first time.

After taking a look at the first item in the list, we noticed an error: Windows was attempting to access the registry keys related to the uninstaller, but they weren’t actually in the registry in the first spot that Windows was looking. If you look a couple of keys down though, you’ll see a RegOpenKey event with a SUCCESS result for something under HKLM\Software\Wow6432Node.

Doing a search by that registry key very quickly landed us at the source of the problem: an ACCESS DENIED message when Windows tried to do the cleanup for the list using the RegDeleteKey operation. Interesting!

The first thing to do was use the Jump To feature to find the key in the registry and take a look.

Sure enough, look at all those registry keys over there! No wonder it is still appearing in the list.

Just to be sure, we opened up the C:\Program Files\ directory to see if any of the files were still around, but clearly the app had been wiped off the PC already.

The solution was very simple: we just manually deleted the registry key that Windows had problems deleting. If we had received an access denied message, we could have used the Permissions setting to make sure that we have access and tried again.

Luckily the delete worked immediately, and our Uninstall Programs list was now clear.

These are just a few of the many ways that you can use Process Monitor – it is an extremely important and useful utility that will take some time to master, but once you do, it can really help you solve many problems.

Next Lesson

Starting on Monday with the next lesson, we’ll examine many of the other utilities in the SysInternals Toolkit, including some of the powerful command line tools.

 

    Continue Reading »
  • Prev
  • 1
  • 2

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 03/28/14

Enter Your Email Here to Get Access for Free:

Go check your email!