What's suddenly eating my memory in Windows XP?

I am currently using a Dell PC I got about 2-1/2 years ago. It’s running on a 3.06 GHz Pentium 4 with 1GB of memory.

Up until recently (about a month and a half ago or so), the most I’ve ever used (going by the Task Manager indicator) of that 1GB of memory has been around 750MB. After logging in and having all my crap start up (Norton AntiVirus, Konfabulator, Palm Hotsync, Earthlink clients, VPN clients, blah blah blah) I would end up at about 460MB.

So about two months ago, I noticed my PC taking a loooong time to start up after logging in, and sluggish behavior in opening or switching between apps. A check on the Task Manager showed that my memory used was nearly 1.5GB. Whoa!

Even right after startup upon logging in, I was at 1.2GB, without starting any other application.

I couldn’t figure out what was going on by looking at the process list in Task Manager, so I used System Restore to restore my system to March 1st. Upon restarting after the restore, things were back to normal: 460MB used after starting, and general use topping out at around 600MB of memory tops.

But then, the next time I had to shut down and restart the machine, there I was again with the 1.2GB hit on startup!

I’ve since determined the following:
[ul][li]If I use System Restore to go back to, say, April 15th, I get the 1.2GB profile on startup.[/li][li]If I use System Restore to go back to March 1st, I get the memory profile I expect…[/li][li]…But, this is only true for the first bootup after the restore. [/li][li]Even if I do nothing other than immediately reboot my computer after logging in after restoring (to 01-Mar), I get the 1.2GB profile.[/li][/ul]

I’m tempted to just back up my data files and flatten my computer with an OS reinstall, but that would easily take me close to a whole day to get all my apps and preferences set up again from scratch.

Are there any suggestions from anyone on how to proceed? I have Norton AntiVirus running and it has not picked up anything, nor is there anything particularly suspicious in my process list, except possibly more instances of SVCHOST.EXE than I remember seeing before.

read the sticky

Plus, what you describe doesn’t add up. You say you only have 1 GB of memory, but then say that Task Manager is saying it is chewing up 1.5 GB.

That said, I endured a Svchost.exe worm (or whatever it was) in the distant past. It was a terrible ordeal. Not to dampen your prospects, but I had to reinstall Windows. goodluck.

Which one? The one with the checklist of suggested things to mention? I think I mentioned all the pertinent ones… I’m pretty sure I have some kind of virus or trojan in my system, it’s not a hardware or application setup thing, and I’m hoping someone can point me to a resource on how to track it down. I’m pretty technically savvy (Bachelor’s in CS, have worked 14 years as a programmer, and have built most of my own PCs from parts since 1995, including a Linux server) but not in the areas of networking or security.

That’s why things are going so slowly. The OS is having to use swap space on the disk (virtual memory) to keep up with the demand.

That’s the step I am prepared to take, but hopefully I can dodge it…

This sounds exactly like you have picked up a virus, worm or trojan, and the thing is still active. It probably exists in your March image and activates on a certain date - April 1st I imagine. You could test this by changing the bios date to March 2nd and then restoring to the March 1 image.

I’d run at least 3 different AV apps and 3 different spyware apps. If that picks up nothing, it’s re-install time. And you’ll need to check into your AV and firewall protections, they’re obviously not working as well as you need.

I presume you have backed up youe data already? ;j

What AV/spyware apps are recommended?

I already have Norton AntiVirus, which came with my system, and it has not found anything. I’ve Googled for spyware/virus detectors and removers, but since I’m not familiar with any of the names (and somewhat paranoid at this point), I’m suspicious that at least some of the sites that get turned up may actually be programs that INSTALL agents of destruction on my computer while simulating some kind of scan. And wolf-in-sheeps-clothing fears aside, I still don’t know which ones are comprehensive and reliable. MacAfee maybe?

As for my firewall, I’m relying on the built-in firewall provided by my Linksys router that I have connected to my cable modem. I’m not familiar with firewall settings, though, nor what the default settings would be on my router. (I assume it’s on by default, which may not be a good assumption since I had to turn on WEP encryption for my wireless network on the same device…)

What’s a good site for a primer on firewall configs and issues?

As for Antivirus, there are two free AV clients that I consider to be much better than Norton or McAfee clients for their reliability, low performance hits, and ease-of-use:

-Avast (www.avast.com) - very user friendly and thorough. You’ll need to register to receive a free serial key

-AVG Free (free.grisoft.com) - this one gets installed on all my business clients’ machines (well, the paid version anyways).

You should also check out the free home scan at http://housecall.trendmicro.com/
There are a number of resources on the web that provide tutorials for tracking down memory leaks, but I don’t have time to search for them now. You can always go to the Windows Task manager and see whether a specific service is eating a ton of memory. You can also lookup a utility called poolmon.exe (which I believe is included as a separate add-on in the Windows XP CD), though it’s more of an advanced user utility.

Ultimately, you may find it easiest to just reformat and start from scratch. You’d ideally install just the core operating system and then download the drivers, rather than doing a Dell disk restore (and reloading all of Dell’s junk software in the process).

I should also mention that you should be using a software firewall on your computer. The built-in Windows XP firewall is somewhat decent, but you may want to check out the free version of ZoneAlarm. There’s a link to it here