View Full Version : System State Keeps Getting Bigger!

02-14-2004, 07:33 AM
I am using Windows 2000 Pro & XP Pro

Whenever I backup the System State it gets much larger than it was (even though I have incremental checked in Options). Starting out at ~300MB, the next one may be double that size - without installing any programs, etc.

I have RestoreIT installed (similar to GoBack, but only makes another Restore Point at boot up) and the Restore Points get very large (some as large as 500MB - supposed to be MUCH smaller).

The System State problem started before installing RestoreIT (installed in 2000 & XP), and it occurs in both 2000 & XP.

02-14-2004, 09:33 AM
This could be caused by file "bloat" = ever more [new] files being added to your HDD with exponential growth [100,200,400,800 files per day].
The other possibility is that the total number of files is fairly static or of straight line growth [100 more files per day say], but the file contents are changing. Every time the file contents change the archive bit is set in the file properties. All these are backed up during incremental backup.

A program like "Disk Frontier" http://dl.winsite.com/bin/downl?500000031670 would help you study the space occupied by your files. You could note the total and see if it grows over time and if so by how much.
It will also display at the top of the list the greatest space hoggers.

On my system Zone Alarm stores ever increasing numbers of files in "C:\Windows\Internet Logs". Some of these are text logs that ZA keeps producing in ever increasing numbers. At the moment these occupy 63MB, but I've seen them at 250MB. ZA can be configured to stop making these. Go to "ZA>Alert Logs>Advanced>Log Archive Setting" & untick "Archive Log Text Files Daily".
See this http://www.pcguide.com/vb/showthread.php?s=&threadid=26130&highlight=ZA for details of how to delete all the files and begin again.

You could use the "Find" facility to search for all files "Modified During the Previous Day" and look for clues there.

Another one to look at is the "Temporary Internet Files" folder and its contents. The amount of space allocated can be limited by an appropriate configuration setting. Go to "IE>Tools>Internet Options>Temporary Internet Files>Settings" and set "Amount of disk space to use" to 50MB.
Every website you visit produces yet more files and apparently there is little point to this unless you have a slow modem connection and need to use the saved info [for making the web pages display] to avoid downloading it. This low figure means only the latest pages are retained and the old ones deleted.

02-14-2004, 10:44 AM
A backup of 'system state' is supposed to backup only the system registry,COM+ Class Registration database,files under Windows File Protection, and boot files. Just guessing here, may be this type of backup always backsup the full registry as it would seem that incremental backup will only work with data files where it is possible to set the archieve attribute. For windows xp, 'system restore' is a better option than doing a 'system state' backup.

RestoreIT makes incremental backups by taking a snapshot at the boot up time or at any time specified by you. The restore points start from 1kb and rapidly grows according to your usage of the system, but it will stay within the allocated partition size. Nothing wrong in it, what you can do is to delete some of the older restore points and create a fresh one. I have used it for sometime, a nice, cute program, saved me a couple of times. :) Only drawback is if your MBR is screwed, you cannot use this program to restore/revert your system.

02-14-2004, 11:19 AM
The AVG Rescue Disk is a special diskette where the most important parts of your computer’s boot up data will be saved. In this backup diskette, the contents of the Partition Table [aka MBR], Boot sectors and some other internal data will be saved. These areas are often targets of computer virus attacks and their damage can (and mostly will) cause the malfunction of the whole operating system – your computer cannot be started.

Repairing such destruction can be very difficult job. But if you have a backup copy, restoring the damaged areas is easy and safe.

In addition to the backup copy of the system areas there is a special AVG-SOS program stored on the rescue disk to handle the saved data.

It all depends what software & hardware you have available to you for making backups.
I use “Simple Backup” and CD-RW disks because I only have a 10 GB & 1.2 GB HDD’s and therefore only need a total of 18 CD-RW’s as follows:
A) 1.4 GB C: partition = two backups [which leap-frog so that the old becomes the new], each 2 CD-RW’s.
B) 1.2 GB [old HDD] D: physical drive = 1 backup of 2 CD-RW.
C) 8 GB E: partition = 1 backup of 12 CD-RW’s.

I can backup [and also restore] each partition or physical drives separately.
If/when I re-format & restore the C: drive, then all the data, like My Documents etc, moved to other partitions remains unaffected.

The easy way to recover from all software [including configuration] problems [without even having to discover the cause], is:

1) As you proceed forward in time, make backups of everything on your C: drive.
Do this at regular intervals, particularly before making software changes [un/installing programs or changing configuration] and keep a log of all this.
2) When you hit trouble caused by a bad configuration change and no hardware or software changes have been made, use "scanreg /restore" [in Win98] to restore a previous good configuration.
3) When the trouble involves more than just the configuration, but involves the files [including the configuration perhaps] but no harware has been changed [this is important because the software must match the hardware], then:
Re-format the C: drive and restore your latest good backup.
The software will "jump back" to the way it was when the PC worked.
If this doesn’t fix things, then it probably is not a software problem but a hardware problem

It helps if you keep the C: drive "lean & mean".
I move as much as possible off the C: drive [and keep it as small as possible].
The "Windows" & "Program Files" folders account for 95% of the used space on my C: drive.
All the data that changes day by day are re-homed on another physical drive [although another partition would do].
When I "jump back" I still have up to date:
a. My Documents.
b. E-mails for all identities.
c. Internet Explorer Favourites.
d. Temporary Internet Files.
e. I have recently found a way to re-home the [Win98] Microsoft Address Book as shown here http://tinyurl.com/2adxv . As shown there, use the key “HKEY_CURRENT_USER\Software\Microsoft\WAB\WAB4\Wab FileName” to specify its new address. [Its normal home address [in Win98] is C:\WINDOWS\Application Data\Microsoft\Address Book.]

02-14-2004, 04:07 PM
Thanks for your replies. I check the size of my C: and D: drive regularly (my two OSs). They are not getting larger. I keep all my personal data on E: and F: drives.

How can the System State greatly increase in size (by hundreds of MBs) each time I back it up if the size of the drive is the same? I have to delete the System State before backing it up each time so it will be the normal size.

Also, I have contacted Farstone (RestoreIT) and their tech agreed that the regular Restore Points are not supposed to be huge (some as large as 800MB - no way). There are Static Restore Points which are a clone of your system, but I am not using those.

Right now I have several RPs which are around 30MB (too large), then 830MB, 28MB. They don't know what's causing this (they are working on it). It sure seems related to the System State problem.

02-14-2004, 05:43 PM
I'm not sure what you mean by "System State".
Do you mean the total space occupied by all files on the PC?
When you say "Size of the drive", do you mean the total occupied space on by files [on any particular drive/partition]?
When talking about the C: and D: drives [the occupied space], you say "they are not getting larger".
I take this to mean that the space occupied by files is not increasing.
Yet you say the "System State" [space occupied] has greatly increased each time you back it up.
What I think you mean is that the "Incremental Backup" size has increased each time.
You could have a situation [and probably do] where the occupied space is [practically] static/unchanging/not increasing, but the incremental backups are increasing each time.
All this means is that [some of the] files are being altered/modified in some way and that the total space occupied by such files is of ever increasing size.
This could be produced by ever increasing NUMBERS of files being modified OR:
the files which are being modified are continually increasing in SIZE.
Think of it like this:
Imagine that some information was being added to files, so that the files were increasing in size.
Every time the info is added to the files, the files are modified.
So they have their archive bit set, and are then added to the incremental backup.
But they are all bigger this time round than they were the last.
So the incremental backup is bigger [what it was last time plus the increase].
Yet the total space occupied only increases by the increase in the incremental backup between last time and this.

The other alternative is that the NUMBERS of files being modified is increasing.
For example:
Take the temporary Internet Files:
If you visit a website and there is a change to the file for that site, then that file gets included in the incremental backup.

What you should be looking for is files that are either being ADDED to the file system OR:
if they are not being added, are THEY being MODIFIED?
and if they are being modified, are they being INCREASED IN SIZE?

You believe that these files are a part of the set included in the backup of system files used to create a restore point.

02-14-2004, 06:39 PM
As shanmuga mentioned, the System State (can be backed up in Windows 2000 and XP - go to System Tools in the Programs menu, click on Backup) is made up of System registry, COM+ Class Registration database, files under Windows File Protection, and boot files. This is only a fraction of the OS.

I should have defined what I meant by the size of each drive. I meant the Used space. It remains about the same, since I save all my data to other paritions. The System State backup shouldn't be greatly increasing in size (as are the RestoreIT Restore Points also). Something is wrong. I don't modifiy hardly any files in the OS every day.

02-14-2004, 07:40 PM
This may be a bit of a longshot, but have you run a set of security scans?? If not, a deep antivirus scan with an updated antivirus followed by an updated Spybot and/or AdAware scan would probably be a good idea.

02-14-2004, 09:10 PM
I used the "Find" facility to search for files modified within the last day.
There were quite a number of Windows files in the list.
The swap file = win386.swp
user.dat & system.dat
a couple of ".cab" files in the sysbckup folder
a few ".tmp" files.
Nothing that I'd expect to be 100's of MB [with the possible exception of the swap file].

02-15-2004, 06:48 AM
I scanned my systems with Ad-aware, Search & Destroy, Panda Anti-virus Titanium, Housecall on-line scanner. All spyware/adware removed, no viruses found.

A file named titjobs.exe causes problems. Whenever I right click a file to scan it for viruses there is another titjobs.exe under Processes in the Windows Task Manager (and they always cause the CPU usage to stay at 100%, even though I am not scanning any more files).

titjobs.exe is a file under Panda Titanium, in Program Files. If click End process for this file/s the CPU usage is again normal. If I rename itPanda cannot be used to scan files for viruses.

Too many titjobs.exe under "Processes", and eating up memory, System State backups too big - any correlation? Disableing Panda doesn't help with the backup problem.

02-15-2004, 07:23 AM
At this site http://www.panda-titanium.com/ i got:

"A great feature of Panda Antivirus Titanium is that it automatically updates the virus signature files every time you go onto the Internet."

So if these files are modified every time you go on the web, then they will be included in the incremental backup.
You'd need to disable Panda then make an incremental backup, then wait a day or so and make another to see if it has helped.

It looks like titjobs.exe isn't closing down when it is finished and when you begin another scan it opens a 2nd process.
You need to fix that methinks.
How about uninstalling and reinstalling it?
Or uninstall and install AVG instead?

02-15-2004, 07:55 AM
"Disableing Panda doesn't help with the backup problem."

One big problem with AVG is that it does not auto-update. You need to have your PC booted up at the same time every day for it to update. And it doesn't remove viruses when it finds them (it tells you to run a full scan). Avast has an extremely high user rating at download.com, but it also does not remove or rename viruses automatically. Does let you delete them etc. when it informs you.

02-15-2004, 09:03 AM
AVG includes "Update Manager" which I have configured to check for updates as oftem as I think sensible. If updates are available it downloads them automatically.

I've also tested AVG with simulated viruses and it removed them to the "Virus Vault" to make the PC safe.

No infection has ever got through to my system.

User Confirmation

·Confirmation- if checked, every attempt to work with infected objects (files, floppies, etc.) will be stopped and a warning message will appear. In other cases, no message will be displayed and use of the infected object will be disabled (the system will give an access error message).

·Ask What To Do Next- if you selected the checkbox for the Confirmation field, this parameter determines that you choose to be able to work with infected files.

AVG Control Center - Scheduler Settings
Control tests in AVG for Windows can be scheduled.
Running scheduled tests is done by the AVG Control Center - it monitors scheduled conditions and activates tests.

02-15-2004, 03:10 PM
Is this the free version of AVG? If so they sure have this well hidden.
The free versions I have used only allow updating at a prescibed time of day.

Thanks for bringing this up. I hope the free version has these features.
It's hard to break away from Panda though. Those daily updates are rather attractive. I guess it's time to reinstall it and see if titjobs gets any better.

02-15-2004, 04:14 PM
This was the free version when I got it, I don't know if the same version is on offer now in all regions, but I've no reason to think otherwise.

It can be configured to check for updates at any time of day I choose.
I either type in the hours and minutes or use the up/down arrows.

The update configuration page is really easy to find.
Right-click on the icon in the system tray and click "Run AVG Control Center".
There are 5 tabs.
Click on the "Update Manager" tab and the update configuration settings are right there.
One of them is "Update if the Database is older than", and the unit of time is "days".
The minimum setting is 1.
Hence 1 day is the smallest update interval.

02-15-2004, 04:37 PM
I know about the daily update setting. That's what I was complaining about. You can't set it to just plain update when one is available. Has to be a certain time.

Will it really auto delete a virus without doing a full scan?

Vic 970
02-15-2004, 05:28 PM
QUOTE You can't set it to just plain update when one is available. Has to be a certain time.

the update manager is user set to check for updates, (otherwise it wouldn't know) start time is user set, as is number of days, plus "if unsuccessful try again in " number of days.
if there is an update it will d/l it. otherwise it reports that it is 'up to date'

I have mine set for 14 days, but usually do it manually.

02-15-2004, 05:52 PM
It doesn't need to scan the whole system [although it will, if you ask it to, when you specify].
It scans each e-mail when you try to open it and before it actually is opened and if an infection is found it isolates it in the virus vault.
It scans each e-mail when you attempt to send it but before it is sent and will not send it if infected, but isolates it. It certifies each outgoing e-mail as having been checked for viruses.
It scans each file when you attempt to use it, but before processed and isolates it if infected.

Infections which are put in the virus vault are encrypted so they become harmless. These are then detected [and noted] by the server when an update is run. I imagine that AVG use the information thus gained to more effectively counteract the threat posed by infective agents.

AVG supply a LOT of very useful information in the downloaded help program.