How to find and delete multiple Windows registry entries?

I need to clean the Windows registry after manually removing a program. What I need to do is following.

1. Find all keys, values, and data containing "something".
2. Delete all keys, values, and data matching the description.

Can I use the Reg command in CMD for this somehow?

By "something" in this case, I mean "office12".

Solution 1:

Try Powershell:

Get-ChildItem -path HKLM:\ -Recurse | where { $_.Name -match 'office12'} | Remove-Item -Force

This will traverse recursively throw HKEY_LOCAL_MACHINE and delete all matching keys. More info here

Solution 2:

I think an application called RegScanner can help you, although as noted in other answers, it might not be exactly what you want to do with your registry, so use it with care.

For more destructive power, you can use PsExec with it, e.g.

C:\progs\PsExec.exe -i -d -s c:\progs\regscanner-x64\regscanner.exe

which will make it run as SYSTEM user. If you still can't delete some registry keys, this article explains how to edit permissions on registry keys.

Solution 3:

Like I said in the comment, you can delete registry keys all you want, either using the command prompt, or manually with Regedit. Now, the big problem is your first point.

1. Find all keys, values, and data containing "something".

Unless you were monitoring / auditing the registry when you installed the program (and assuming the happy scenario the program didn't add registry keys at runtime, if so you would need to monitor the registry from start to finish), the program might have added keys to the registry in non-obvious places.

Most programs add their registry keys in the HKEY_CURRENT_USERS\Software or in HKEY_LOCAL_MACHINE\Software in a dedicated branch (I'm looking at wxMaxima, for instance, located in the first path). If you deleted the corresponding branch you could in theory delete all keys associated with the program. However, some programs might alter something somewhere on the rest of the registry, and that doesn't have a good rule of thumb.

If, on the other hand, you did monitor everything, then reversing the changes is trivial (because you know what were they). I suppose you could reinstall the program on a virtual environment and monitor there. In theory you would receive the same results.

From reading the REG help, no option is available to do what you propose on 1. What REG QUERY does is to check the values inside a registry key. To paste a usage:

C:\Documents and Settings\User>reg query HKCU\Software\wxMaxima

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\wxMaxima
    ShowTips    REG_DWORD       0x1
    tipNum      REG_DWORD       0xb
    pos-x       REG_DWORD       0xfffffffc
    pos-y       REG_DWORD       0xfffffffc
    pos-w       REG_DWORD       0x408
    pos-h       REG_DWORD       0x2ea
    pos-max     REG_DWORD       0x1
    lastPath    REG_SZ  (some random path)
    maxima      REG_SZ  C:\Maxima\\bin\maxima.bat
    parameters  REG_SZ  -X '--dynamic-space-size 1000'
    fontSize    REG_DWORD       0xc
    mathFontsize        REG_DWORD       0xc
    matchParens REG_DWORD       0x1
    showLong    REG_DWORD       0x0
    fixedFontTC REG_DWORD       0x1
    changeAsterisk      REG_DWORD       0x0
    enterEvaluates      REG_DWORD       0x0
    saveUntitled        REG_DWORD       0x1
    openHCaret  REG_DWORD       0x0
    defaultPort REG_DWORD       0xfaa
    usejsmath   REG_DWORD       0x1
    keepPercent REG_DWORD       0x1
    pos-restore REG_DWORD       0x0
    language    REG_DWORD       0x0
    fontEncoding        REG_DWORD       0x0

HKEY_CURRENT_USER\Software\wxMaxima\AUI

HKEY_CURRENT_USER\Software\wxMaxima\RecentDocuments

HKEY_CURRENT_USER\Software\wxMaxima\Style

HKEY_CURRENT_USER\Software\wxMaxima\Wiz

I'm looking for solutions. One I found involves exporting the Registry to a text file and from there filter the results.