If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
Hi,
I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks |
Ads |
#2
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
Jeff wrote:
Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul |
#3
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
I just measure my system32 file and it is 800mb !
What can I look out for to delete? and what is NTRGOPT ? Any advice please Paul. "Paul" wrote in message ... Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul |
#4
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
joe wrote:
I just measure my system32 file and it is 800mb ! What can I look out for to delete? and what is NTRGOPT ? Any advice please Paul. You've got to be joking. Is that even possible ? You sure it isn't some smaller number ? http://en.wikipedia.org/wiki/Windows_registry Windows NT-based operating systems %SystemRoot%\System32\Config\ (On my machine, that is C:\WINDOWS\system32\config directory) These are my current file sizes. Filename Size SAM – HKEY_LOCAL_MACHINE\SAM 24KB SECURITY– HKEY_LOCAL_MACHINE\SECURITY 256KB SOFTWARE– HKEY_LOCAL_MACHINE\SOFTWARE 13824KB SYSTEM– HKEY_LOCAL_MACHINE\SYSTEM 8704KB DEFAULT– HKEY_USERS\.DEFAULT 260KB Make sure you're looking in the right directory. The files listed are my "live" files. There is another (empty) set for emergencies. It is even possible, you won't be able to list C:\WINDOWS\system32\config right now. My setup is nice and insecure. I use FAT32, and I'm not having a problem getting to that directory. *Please*, don't muck with the registry unless all other options are been thoroughly discussed. Just because there is some tool called NTRGOPT, doesn't mean we all have to use it. If you want to play registry roulette, at least make sure you have a "bare metal recovery" kind of backup stored somewhere safe. It is possible to use Recovery Console and System Restore to restore some sanity to your system, but the process would not be a lot of fun. Some people don't have a Recovery Console, and some have turned off their System Restore. Making a fresh backup, may require less research to do yourself. Just to give an analogous example, I was looking in a Firefox directory the other day, and saw some large sqlite files. I found a thread that discussed the VACUUM option for scrunching the files. I made a *copy* of one file, and worked on it in another directory. Sure enough, the tool mentioned did make a significant improvement. Then, I did some more reading, which warned that the procedure did not re-index the database, after removing stale entries. And that some people broke their Firefox after attempting the procedure. So just because you see a quick mention of a miracle tool, look for info about what the downside might be of using it. Database files have structures inside, and you have to know how to properly preserve what is in there. Any mistake, and you're going to need to know how to use Recovery Console and System Restore, or your "bare metal" restore capability. (There are other ways to back up the registry, but you could easily spend a whole working day learning about this stuff. My experience is, to leave well enough alone.) I can find an NTREGOPT here (8 letters). I wonder if this is the tool ? There is plenty of good info here. http://www.larshederer.homepage.t-online.de/erunt/ http://www.larshederer.homepage.t-on...t/ntregopt.txt Good luck and stay safe, Paul "Paul" wrote in message ... Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul |
#5
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
It's an application that optimizes the registry.
Look it up (NTREGOPT) in some search engine and you will find it. It took my 200+mb system file down to 8mb. However, you might need to run it in safe mode. Good luck. "joe" wrote: I just measure my system32 file and it is 800mb ! What can I look out for to delete? and what is NTRGOPT ? Any advice please Paul. "Paul" wrote in message ... Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul . |
#6
|
|||
|
|||
the system file is growing -could the culprit be internet explorer
Question -- is the proc mon the same as the process explorer? I have the
sysinternals process explorer -- I am not sure whether this is the same thing... I suspect that it could be internet explorer8 related. After I wrote my original question I noticed that the system file grew a bit. It grew from 8mb to 11mb Then I optimized again and brought it down. Have you heard of something like this? Thanks "Paul" wrote: Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul . |
#7
|
|||
|
|||
the system file is growing -could the culprit be internet explorer
Jeff wrote:
Question -- is the proc mon the same as the process explorer? I have the sysinternals process explorer -- I am not sure whether this is the same thing... I suspect that it could be internet explorer8 related. After I wrote my original question I noticed that the system file grew a bit. It grew from 8mb to 11mb Then I optimized again and brought it down. Have you heard of something like this? Thanks I'm using IE6, and my registry files are on a diet :-) If you know it is IE8, then you should be able to find it all that much faster with ProcMon. ProcMon is not the same thing as Process Explorer. Look in the Sysinternals utilities list, and you'll find it soon enough. ProcMon http://technet.microsoft.com/en-ca/s.../bb896645.aspx Here, you can watch a program messing about with something in the file system. http://images.ask-leo.com/2009/procmon_initial.png Here, you can see some registry operations, being done by the program that happens to use those keys. http://www.leeholmes.com/blog/conten...post_click.gif It is a powerful tool, that I still don't completely understand. When I look at how many things it claims to have captured, I have trouble understanding what it's done with all of them :-) You could set up two filter conditions. Look for a process name that matches the name used by IE8. And for that, maybe you can get a hint from Task Manager or even Process Explorer. Remember to type the name completely, including the .exe on the end. I made that mistake when playing with it an hour ago - forgot the .exe and was staring at a blank output as a result. The second thing might be to look for an operation that starts with "Reg", if you just want to see register operations in the filtered output. In the example here, I think I'm seeing read operations, rather than writes. You'd really need to see a complete list of the procedure names, to get a better handle on what to look for. http://www.leeholmes.com/blog/conten...post_click.gif Once you know what key is involved, or what it is writing or updating, you might be better able to craft a search command to find other people with the same problem. Right now, if I enter a few terms to describe your problem, all I'm getting as results, is adverts for registry cleaners... Boo, hiss. Paul |
#8
|
|||
|
|||
the system file is growing -could the culprit be internet expl
Thanks.
When I get home from work I will start with this and perhaps find the culprit! The "internet explorer8" suspect is just a gut feeling (since it works pretty lousy on my computer anyway, unfortunately). Perhaps I am right. So far I am succeeding in fixing this issue. I left my computer at home on WITHOUT internet explorer running -- and I will check it's "temperature" (a joke) and see whether the system file grew. I appreciate your comments and I will use the proc mon and perhaps be able to make a judgment soon enough. "Paul" wrote: Jeff wrote: Question -- is the proc mon the same as the process explorer? I have the sysinternals process explorer -- I am not sure whether this is the same thing... I suspect that it could be internet explorer8 related. After I wrote my original question I noticed that the system file grew a bit. It grew from 8mb to 11mb Then I optimized again and brought it down. Have you heard of something like this? Thanks I'm using IE6, and my registry files are on a diet :-) If you know it is IE8, then you should be able to find it all that much faster with ProcMon. ProcMon is not the same thing as Process Explorer. Look in the Sysinternals utilities list, and you'll find it soon enough. ProcMon http://technet.microsoft.com/en-ca/s.../bb896645.aspx Here, you can watch a program messing about with something in the file system. http://images.ask-leo.com/2009/procmon_initial.png Here, you can see some registry operations, being done by the program that happens to use those keys. http://www.leeholmes.com/blog/conten...post_click.gif It is a powerful tool, that I still don't completely understand. When I look at how many things it claims to have captured, I have trouble understanding what it's done with all of them :-) You could set up two filter conditions. Look for a process name that matches the name used by IE8. And for that, maybe you can get a hint from Task Manager or even Process Explorer. Remember to type the name completely, including the .exe on the end. I made that mistake when playing with it an hour ago - forgot the .exe and was staring at a blank output as a result. The second thing might be to look for an operation that starts with "Reg", if you just want to see register operations in the filtered output. In the example here, I think I'm seeing read operations, rather than writes. You'd really need to see a complete list of the procedure names, to get a better handle on what to look for. http://www.leeholmes.com/blog/conten...post_click.gif Once you know what key is involved, or what it is writing or updating, you might be better able to craft a search command to find other people with the same problem. Right now, if I enter a few terms to describe your problem, all I'm getting as results, is adverts for registry cleaners... Boo, hiss. Paul . |
#9
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
joe wrote:
I just measured my system32 file and it is 800MB! What can I look out for to delete? and what is NTRGOPT? Any advice please Paul. My "System32" FOLDER is 1.2 GB.. my "System" file is 8.25 MB.. Perhaps you're mixing apples32 with oranges. -- Joe =o) |
#10
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
I have checked and rechecked. My Windows/system32 folder is 800mb. The list
of folders and files is so long I cannot even send a screen shot. Is there somewhere I can find out what should be there and what can be deleted?? "Paul" wrote in message ... joe wrote: I just measure my system32 file and it is 800mb ! What can I look out for to delete? and what is NTRGOPT ? Any advice please Paul. You've got to be joking. Is that even possible ? You sure it isn't some smaller number ? http://en.wikipedia.org/wiki/Windows_registry Windows NT-based operating systems %SystemRoot%\System32\Config\ (On my machine, that is C:\WINDOWS\system32\config directory) These are my current file sizes. Filename Size SAM – HKEY_LOCAL_MACHINE\SAM 24KB SECURITY– HKEY_LOCAL_MACHINE\SECURITY 256KB SOFTWARE– HKEY_LOCAL_MACHINE\SOFTWARE 13824KB SYSTEM– HKEY_LOCAL_MACHINE\SYSTEM 8704KB DEFAULT– HKEY_USERS\.DEFAULT 260KB Make sure you're looking in the right directory. The files listed are my "live" files. There is another (empty) set for emergencies. It is even possible, you won't be able to list C:\WINDOWS\system32\config right now. My setup is nice and insecure. I use FAT32, and I'm not having a problem getting to that directory. *Please*, don't muck with the registry unless all other options are been thoroughly discussed. Just because there is some tool called NTRGOPT, doesn't mean we all have to use it. If you want to play registry roulette, at least make sure you have a "bare metal recovery" kind of backup stored somewhere safe. It is possible to use Recovery Console and System Restore to restore some sanity to your system, but the process would not be a lot of fun. Some people don't have a Recovery Console, and some have turned off their System Restore. Making a fresh backup, may require less research to do yourself. Just to give an analogous example, I was looking in a Firefox directory the other day, and saw some large sqlite files. I found a thread that discussed the VACUUM option for scrunching the files. I made a *copy* of one file, and worked on it in another directory. Sure enough, the tool mentioned did make a significant improvement. Then, I did some more reading, which warned that the procedure did not re-index the database, after removing stale entries. And that some people broke their Firefox after attempting the procedure. So just because you see a quick mention of a miracle tool, look for info about what the downside might be of using it. Database files have structures inside, and you have to know how to properly preserve what is in there. Any mistake, and you're going to need to know how to use Recovery Console and System Restore, or your "bare metal" restore capability. (There are other ways to back up the registry, but you could easily spend a whole working day learning about this stuff. My experience is, to leave well enough alone.) I can find an NTREGOPT here (8 letters). I wonder if this is the tool ? There is plenty of good info here. http://www.larshederer.homepage.t-online.de/erunt/ http://www.larshederer.homepage.t-on...t/ntregopt.txt Good luck and stay safe, Paul "Paul" wrote in message ... Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul |
#11
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
On Dec 14, 11:44*am, "joe" wrote:
I have checked and rechecked. My Windows/system32 folder is 800mb. The list of folders and files is so long I cannot even send a screen shot. Is there somewhere I can find out what should be there and what can be deleted?? You are truly blessed to have a windows\system32 folder that is only 800MB. |
#12
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
Why is this a problem? My system32 folder is 972MB. Then again, my
system *file* (which is in the config folder which is in the system32 folder) is 5.9MB. Are you confusing the system file with the system32 folder? I think part of the confusion is you and Paul are not talking about the same folder! He's talking about the config folder (one folder that is part of the much larger system32 folder). You're talking about the entire system32 folder. joe wrote: I have checked and rechecked. My Windows/system32 folder is 800mb. The list of folders and files is so long I cannot even send a screen shot. Is there somewhere I can find out what should be there and what can be deleted?? "Paul" wrote in message ... joe wrote: I just measure my system32 file and it is 800mb ! What can I look out for to delete? and what is NTRGOPT ? Any advice please Paul. You've got to be joking. Is that even possible ? You sure it isn't some smaller number ? http://en.wikipedia.org/wiki/Windows_registry Windows NT-based operating systems %SystemRoot%\System32\Config\ (On my machine, that is C:\WINDOWS\system32\config directory) These are my current file sizes. Filename Size SAM – HKEY_LOCAL_MACHINE\SAM 24KB SECURITY– HKEY_LOCAL_MACHINE\SECURITY 256KB SOFTWARE– HKEY_LOCAL_MACHINE\SOFTWARE 13824KB SYSTEM– HKEY_LOCAL_MACHINE\SYSTEM 8704KB DEFAULT– HKEY_USERS\.DEFAULT 260KB Make sure you're looking in the right directory. The files listed are my "live" files. There is another (empty) set for emergencies. It is even possible, you won't be able to list C:\WINDOWS\system32\config right now. My setup is nice and insecure. I use FAT32, and I'm not having a problem getting to that directory. *Please*, don't muck with the registry unless all other options are been thoroughly discussed. Just because there is some tool called NTRGOPT, doesn't mean we all have to use it. If you want to play registry roulette, at least make sure you have a "bare metal recovery" kind of backup stored somewhere safe. It is possible to use Recovery Console and System Restore to restore some sanity to your system, but the process would not be a lot of fun. Some people don't have a Recovery Console, and some have turned off their System Restore. Making a fresh backup, may require less research to do yourself. Just to give an analogous example, I was looking in a Firefox directory the other day, and saw some large sqlite files. I found a thread that discussed the VACUUM option for scrunching the files. I made a *copy* of one file, and worked on it in another directory. Sure enough, the tool mentioned did make a significant improvement. Then, I did some more reading, which warned that the procedure did not re-index the database, after removing stale entries. And that some people broke their Firefox after attempting the procedure. So just because you see a quick mention of a miracle tool, look for info about what the downside might be of using it. Database files have structures inside, and you have to know how to properly preserve what is in there. Any mistake, and you're going to need to know how to use Recovery Console and System Restore, or your "bare metal" restore capability. (There are other ways to back up the registry, but you could easily spend a whole working day learning about this stuff. My experience is, to leave well enough alone.) I can find an NTREGOPT here (8 letters). I wonder if this is the tool ? There is plenty of good info here. http://www.larshederer.homepage.t-online.de/erunt/ http://www.larshederer.homepage.t-on...t/ntregopt.txt Good luck and stay safe, Paul "Paul" wrote in message ... Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul |
#13
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
Hi,
OK these are the processes that are creating registry entries: (1) lsass.exe (located, did a search) in windows/system32 and in windows/servicepackfiles/i386 (2) Explorer.exe (3) IExplorer.exe (4) services.exe (5) vsmon.exe (6) WLLoginProxy.exe Any ideas how to stop this? Thanks, Jeff "Paul" wrote: Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul . |
#14
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
So, what's the problem with the machine anyway? You said earlier that
the windows/system32/config/system file was 200MB. This is a registry file, it's the system hive, represented in the registry by the HKEY_LOCAL_MACHINE\SYSTEM key. You said that you ran NTRegOpt and that the file was compacted to about 8MB, so how big is it now? Registry hives are dynamic, they grow and shrink in size, it's normal. When NTRegOpt is run it will almost always tell you that it can reduce the size of the registry by a few percents. Please don't confuse this thread anymore than it already is by going on a tangent about the size of the WINDOWS/system32 folder! Lets stick to the C:\WINDOWS\system32\config folder and its contents and see what is going on there, the rest of the sytem32 folder has nothing to do with the registry. Give us the size of the SYSTEM hive and lets see if there is really something going on with its size. If the windows/system32/config/system *file* is indeed rapidly growing to an astronomical size of 200 or 800MB then there definetly is something wrong! Others have given you suggestions as to what might be causing this, I'm not a betting man but I would bet 1% of the pot on a virus and the other 99% on that oft misbehaving vsmon. John Jeff wrote: Hi, OK these are the processes that are creating registry entries: (1) lsass.exe (located, did a search) in windows/system32 and in windows/servicepackfiles/i386 (2) Explorer.exe (3) IExplorer.exe (4) services.exe (5) vsmon.exe (6) WLLoginProxy.exe Any ideas how to stop this? Thanks, Jeff "Paul" wrote: Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul . |
#15
|
|||
|
|||
the systemn file (windows/system32/config/system) is growing
Thanks for your comment. I did not intend for others to discuss the size of
their directories, and I can't take the blame for this. However, it was suggested that I use the procmon to see what processed are adding keys to the registry and this is what I did and wat I mentioned in the previous reply. Currently the size of the system hive is 8704KB. However, it was 16MB when I came home and I reduced it to 8704 using NTREGOPT. It grows when the machine is left on. I would appreciate advice on how to check whether the problem is in some misbehaving vsmon or something else. I have ran spybot, superantispyware, prevx and have the McAfee Total Protection Service running -- I get no real indication of a virus. Again, I would appreciate any advice on how to proceed, and I am sorry that the thread took some interesting directions -- not to my desire. Thanks for your response. "John John - MVP" wrote: So, what's the problem with the machine anyway? You said earlier that the windows/system32/config/system file was 200MB. This is a registry file, it's the system hive, represented in the registry by the HKEY_LOCAL_MACHINE\SYSTEM key. You said that you ran NTRegOpt and that the file was compacted to about 8MB, so how big is it now? Registry hives are dynamic, they grow and shrink in size, it's normal. When NTRegOpt is run it will almost always tell you that it can reduce the size of the registry by a few percents. Please don't confuse this thread anymore than it already is by going on a tangent about the size of the WINDOWS/system32 folder! Lets stick to the C:\WINDOWS\system32\config folder and its contents and see what is going on there, the rest of the sytem32 folder has nothing to do with the registry. Give us the size of the SYSTEM hive and lets see if there is really something going on with its size. If the windows/system32/config/system *file* is indeed rapidly growing to an astronomical size of 200 or 800MB then there definetly is something wrong! Others have given you suggestions as to what might be causing this, I'm not a betting man but I would bet 1% of the pot on a virus and the other 99% on that oft misbehaving vsmon. John Jeff wrote: Hi, OK these are the processes that are creating registry entries: (1) lsass.exe (located, did a search) in windows/system32 and in windows/servicepackfiles/i386 (2) Explorer.exe (3) IExplorer.exe (4) services.exe (5) vsmon.exe (6) WLLoginProxy.exe Any ideas how to stop this? Thanks, Jeff "Paul" wrote: Jeff wrote: Hi, I recently asked why my system file is 200mb -- I used your advice and used NTRGOPT and this brought it down to about 8mb. Now I notice that my system file is gradually growing again. Wen I use NTREGOPT it comes back down, but this is not a permanent solution. What can I do to keep the file from growing? How can I check what is happening? I looked in error logs and system logs and there is nothing listed at the time that the file was modified. I appreciate your help with this. Thanks Process Monitor http://technet.microsoft.com/en-ca/s.../bb896645.aspx Run it and set the filter condition to "Operation" "begins with" "reg" and apply. ProcMon will undoubtedly log a lot of extraneous activity, but if the bloat is as bad as you describe, there should be lots of the bad operations occurring. That might be the dominant, or virtually only, activity going on with the registry. Like maybe 99% of the entries you log, will be the bad thing happening. Sysinternals also has a forum area, and if you use a search engine that can be pointed at a single host (altavista.com), you can search the site for better instructions than I can give, for the best way to set up ProcMon. http://forum.sysinternals.com/ http://forum.sysinternals.com/forum_topics.asp?FID=19 (ProcMon) Another word of warning. Sysinternals programs play with the innards of Windows OSes. If you're using AV software, the instant you start programs like ProcMon, the AV software can get in a fight with ProcMon (freeze city). That used to happen on my other computer, which was running Kaspersky. I used to sort the AV programs on that computer, into "freeze" and "don't freeze" folders, to make it easier to figure out which Sysinternals programs were safe to run. So the first time you try it, quit any other programs first, just to be on the safe side. You don't want to lose any edit sessions you might have open. Good luck, Paul . . |
|
Thread Tools | |
Display Modes | |
|
|