Probably one of the most used utilities for checking and configuring Windows startup problems has got to be msconfig.exe. But how useful is it really? After a bit of research on my own part, I've found it is useful for identifying common startup locations. But what about all the other startup locations malware and other hard to find programs start from? Well here is a list of registry keys that I have found Msconfig to check.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Load
Besides the outdated files (win.ini, system.ini, etc) and the services this is a very small registry list. Autoruns from Sysinternals can find around 30+ not including services and outdated files. It also comes with some good command line options. Almost any startup program manager can find dozens more than msconfig. That should make you think twice about msconfig.
Wednesday, May 2, 2007
Sunday, April 29, 2007
PendingFileRenameOperations
Well this is my first blog ever. Yes...in my life. I've been into computers for a couple years now, about half of my life lol, and I've found and had many good idea and tweaks for problems. So I've decided to start documenting some of them right here and now. I don't really plan on blogging about anything in specific as I'm always going from one thing to the other so I hope who ever is reading gets something out of it. Constructive comments are always welcome. I enjoy learning and hearing what others have to say. With that said I will start with my first tip.
The title of this blog is PendingFileRenameOperations (a registry key name). But it really has much more to do with than with that. Since I'll be talking about the registry I will start with saying if your a beginner of have never edited the registry your should begin with a backup of it first. That can be done by simple creating a restore point, using the Windows backup tool in your accessories, manually copy/moving registry files, reg.exe, or exporting. Below are Microsoft links describing backup procedures.
http://support.microsoft.com/kb/322756- WinXP, 2003, Vista
* Exporting/Importing can sometimes cause access errors because some a few registry keys may be in use by a process so its best to use another method. Also, this article does not apply to ME or 9x users.
If you have ever installed a program you have probably seen a message after or before an installation saying a reboot is required. Have you ever wondered why? Or have just been like..."Man this sucks, I want to play Doom now"? Well there is one registry key causing this and its...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
* The Key will not exist unless there is a pending operation.
Its a multi-string value that says look, when the computer is restarted rename or delete these files. Why must it be restarted? Because the files are in use! So you start thinking what about those access denied errors I sometimes get preventing me from deleting my own files? Well this key has nothing to do with that but can be used to fix it. I'll explain.
The PendingFileRenameOperations key gets queried at boot when only important processes are needed allowing you to delete the file or folder giving you the error. The value of the key may look similar to this example.
\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\_iu14D2N.tmp
or
\??\path to original file!\??\path to replacement file
In my first example there is no replacement file, so the file is deleted. However, this is the tricky part, there must be two nulls at the end of the string to have it be deleted. Well Multi-Strings do not except null strings (blank lines). So you must right click PendingFileRenameOperations and select Modify Binary Data. When the edit binary box pops up you will need to add 3 pairs or zeros to the end of the hex (no text just 0-9 A-F) in the center. Once that is done click OK and you have just done what the editor won't usually allow. Now, when you reboot your inaccessible file will now be deleted. This enabled me to delete a hard link to software.log. A file that can't even be accessed in Windows or by any other methods that usually allow you to get access to a locked file. Don't ask why I hard linked to it ;).
In the second example you would replace "path to original file" with of course the filename and its path, !\??\ is a separator, and I think you can guess the rest. The file will be moved if your first path and second path is different and renamed depending on the name of the destination file.
If your getting any of the following errors this may help with installation problems as well. In the case of any of these you would just delete PendingFileRenameOperations.
"The Windows Installer Service could not be accessed"
"Windows Installer Service couldn’t be started"
"Could not start the Windows Installer service on Local Computer. Error 5:"
PendingFileRenameOperations can also be used to defer reboots after installations. You could export the key install whats needed then import when your ready to reboot. This link has a good idea on it.
http://www.myitforum.com/articles/6/view.asp?id=8833
The program WhyReboot is great for showing if you have any pending operations and it displays what they are. It checks PendingFileRenameOperations and I believe the HKLM\Software\Microsoft\CurrentVersion\RunOnce and HKCU\Software\Microsoft\CurrentVersion\RunOnce keys, which do about the same thing.
The title of this blog is PendingFileRenameOperations (a registry key name). But it really has much more to do with than with that. Since I'll be talking about the registry I will start with saying if your a beginner of have never edited the registry your should begin with a backup of it first. That can be done by simple creating a restore point, using the Windows backup tool in your accessories, manually copy/moving registry files, reg.exe, or exporting. Below are Microsoft links describing backup procedures.
http://support.microsoft.com/kb/322756- WinXP, 2003, Vista
* Exporting/Importing can sometimes cause access errors because some a few registry keys may be in use by a process so its best to use another method. Also, this article does not apply to ME or 9x users.
If you have ever installed a program you have probably seen a message after or before an installation saying a reboot is required. Have you ever wondered why? Or have just been like..."Man this sucks, I want to play Doom now"? Well there is one registry key causing this and its...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\PendingFileRenameOperations
* The Key will not exist unless there is a pending operation.
Its a multi-string value that says look, when the computer is restarted rename or delete these files. Why must it be restarted? Because the files are in use! So you start thinking what about those access denied errors I sometimes get preventing me from deleting my own files? Well this key has nothing to do with that but can be used to fix it. I'll explain.
The PendingFileRenameOperations key gets queried at boot when only important processes are needed allowing you to delete the file or folder giving you the error. The value of the key may look similar to this example.
\??\C:\DOCUME~1\Owner\LOCALS~1\Temp\_iu14D2N.tmp
or
\??\path to original file!\??\path to replacement file
In my first example there is no replacement file, so the file is deleted. However, this is the tricky part, there must be two nulls at the end of the string to have it be deleted. Well Multi-Strings do not except null strings (blank lines). So you must right click PendingFileRenameOperations and select Modify Binary Data. When the edit binary box pops up you will need to add 3 pairs or zeros to the end of the hex (no text just 0-9 A-F) in the center. Once that is done click OK and you have just done what the editor won't usually allow. Now, when you reboot your inaccessible file will now be deleted. This enabled me to delete a hard link to software.log. A file that can't even be accessed in Windows or by any other methods that usually allow you to get access to a locked file. Don't ask why I hard linked to it ;).
In the second example you would replace "path to original file" with of course the filename and its path, !\??\ is a separator, and I think you can guess the rest. The file will be moved if your first path and second path is different and renamed depending on the name of the destination file.
If your getting any of the following errors this may help with installation problems as well. In the case of any of these you would just delete PendingFileRenameOperations.
"The Windows Installer Service could not be accessed"
"Windows Installer Service couldn’t be started"
"Could not start the Windows Installer service on Local Computer. Error 5:"
PendingFileRenameOperations can also be used to defer reboots after installations. You could export the key install whats needed then import when your ready to reboot. This link has a good idea on it.
http://www.myitforum.com/articles/6/view.asp?id=8833
The program WhyReboot is great for showing if you have any pending operations and it displays what they are. It checks PendingFileRenameOperations and I believe the HKLM\Software\Microsoft\CurrentVersion\RunOnce and HKCU\Software\Microsoft\CurrentVersion\RunOnce keys, which do about the same thing.
Subscribe to:
Posts (Atom)