Windows XP Bloated Or I have malware/Virus??

I

imzjustplayin

[H]ard|Gawd
Joined
Jan 24, 2006
Messages
1,171
http://pics.bbzzdd.com/users/imzjustplayin/WTFBloatbbq.png

To use the URL, be sure to paste the Link DIRECTLY into your browser to view.


If you need a downsized resolution of the picture, I'll provide one. The reason I did this is to show that the screen shots were taken at the same time with the same amount of processes running.

How is it that I only have 780MB of physical ram available yet the process tab says I'm using 23.384MB of ram...?? "system cache' wouldn't account for it since it says that the system cache usage is at 390MB and since 390.764+780.584 != 1048.044

So what's the deal? I've tried process explorer but it doesn't reveal the missing 267MB of ram! And the people on the anandtech forums are convinced that there is nothing wrong here... :mad:
 
did you run Ad-Aware? did you run a virus scan with NOD32?


check your PM
 
I run kaspersky antivirus but for the screen cap, it's disabled. I've run MS antispyware and adaware with latest definitions, they never find anything..
 
Next time you need to post a screeen shot, use ALT+PrintScreen instead of just PrintScreen. That'll get only the window which has focus instead of your whole desktop, and will spare us seeing your NSFW background.

Memory management in Windows isn't simple. There are many different states for memory, beyond simply "used" and "free". What you see in Task Manager is something between a lie (because some columns aren't correctly labelled) and a simplification (because end-users generally don't really need to understand all the gritty details).

So the short answer is that you're adding up the wrong numbers. While the numbers presented by Task Manager are useful for simple troubleshooting, they don't provide a precise view of what's going on with each process. Or, more accurately, the information for each process in the "processes" tab shows what's happening with each process but don't show what's happening in interactions between each process -- and therefore can't be used to generate aggregate information about the system as a whole

The long answer is available in the Windows Internals book; read Chapter 7.
 
MaXimus666 said:
what about your startup apps/ what about teh drivers?
Click to expand...
If you look at the picture, you'll see that if anything has started up, it has been closed. The only thing I can think of, like you mentioned would be drivers but I'm not sure what I'd do about that since I'd need them. I don't believe I'm running any drivers that I'm not suppose to/uneeded/legacy and or unused etc..
 
mikeblas said:
Next time you need to post a screeen shot, use ALT+PrintScreen instead of just PrintScreen. That'll get only the window which has focus instead of your whole desktop, and will spare us seeing your NSFW background.
Click to expand...
LOL :D
 
Note that I have updated my previous post with an explanation.
 
mikeblas said:
Next time you need to post a screeen shot, use ALT+PrintScreen instead of just PrintScreen. That'll get only the window which has focus instead of your whole desktop, and will spare us seeing your NSFW background.

Memory management in Windows isn't simple. There are many different states for memory, beyond simply "used" and "free". What you see in Task Manager is something between a lie (because some columns aren't correctly labelled) and a simplification (because end-users generally don't really need to understand all the gritty details).

So the short answer is that you're adding up the wrong numbers. While the numbers presented by Task Manager are useful for simple troubleshooting, they don't provide a precise view of what's going on with each process. Or, more accurately, the information for each process in the "processes" tab shows what's happening with each process but don't show what's happening in interactions between each process -- and therefore can't be used to generate aggregate information about the system as a whole

The long answer is available in the Windows Internals book; read Chapter 7.
Click to expand...

If you're talking about 'System Cache', that doesn't work either as system cache added to the available ram wouldn't add up to what is being used. 267MB of ram being used when practically nothing is running sounds like bloat to me.
 
It looks normal to me.

You may be confused between memory that's in use and memory that's being reserved for cache. XP on bootup takes a chunk of memory and sets it aside for cache. It's reserved but not necessarily being used. Unfortunately XP's task manager sucks for illustrating this properly.
 
imzjustplayin said:
If you're talking about 'System Cache', that doesn't work either as system cache added to the available ram wouldn't add up to what is being used. 267MB of ram being used when practically nothing is running sounds like bloat to me.
Click to expand...
Turn off disk caching and suffer then. You'll change your tune really quickly. :D
 
pxc said:
Turn off disk caching and suffer then. You'll change your tune really quickly. :D
Click to expand...

If this is *really true* and its infact explaining WHY I'm missing 200MB+ of ram, then why is it that in windows 98, it's generally faster than windows XP? Yet it doesn't use nearly as much ram as XP does... Anyways if you read carefully, you'd see that if you add together the 'System Cache' and the amount of available physical ram, you'd see that it would not add up to the total amount of physical ram in the system. So therefore system cache is non-issue, the issue at hand however is the fact that I've got 267MB of unaccounted for ram usage and I'm not sure where to begin looking for it.
 
imzjustplayin said:
If you're talking about 'System Cache', that doesn't work either as system cache added to the available ram wouldn't add up to what is being used. 267MB of ram being used when practically nothing is running sounds like bloat to me.
Click to expand...
I'm talking about memory usage. Your conditional makes me wonder if you didn't understand my response; if there's something I can clarify, then please let me know.

Again, the problem is that you're adding up the wrong numbers. The number that Task Manager reports as "System Cache" is not the size of the system file system cache. It's the size of the system working set plus the size of the standby list.

System cache, plus the working sets for all your processes, plus available memory do not add up to your physical memory because the quantities aren't meant to be added and cross-checked.

A process' working set, for example, includes its shared pages. These are pages that exist only once in physical memory but are mapped into the VM space of each process. If FOO.EXE and BAR.EXE both load SOME.DLL, then the read-only pages for SOME.DLL are in physical memory once, but the size of the pages counts towards the working set of FOO.EXE and BAR.EXE both. If you add the working set sizes of those two applications together, you've got a number that's bigger than the actual amount of memory they're really using.
 
mikeblas said:
I'm talking about memory usage. Your conditional makes me wonder if you didn't understand my response; if there's something I can clarify, then please let me know.

Again, the problem is that you're adding up the wrong numbers. The number that Task Manager reports as "System Cache" is not the size of the system file system cache. It's the size of the system working set plus the size of the standby list.

System cache, plus the working sets for all your processes, plus available memory do not add up to your physical memory because the quantities aren't meant to be added and cross-checked.

A process' working set, for example, includes its shared pages. These are pages that exist only once in physical memory but are mapped into the VM space of each process. If FOO.EXE and BAR.EXE both load SOME.DLL, then the read-only pages for SOME.DLL are in physical memory once, but the size of the pages counts towards the working set of FOO.EXE and BAR.EXE both. If you add the working set sizes of those two applications together, you've got a number that's bigger than the actual amount of memory they're really using.
Click to expand...

This makes a bit more sense, so in a nutshell, all the info in the system cache is in the virtual memory space (therefore pagefile and physical ram) and moves back and forth between the physical memory space and the pagefile depending on requests/usage etc..? So looking at system cache is like looking at the commit charge because it shows memory usage for both physical memory and the pagefile?
 
imzjustplayin said:
So looking at system cache is like looking at the commit charge because it shows memory usage for both physical memory and the pagefile?
Click to expand...
Commit charge shows a reservation in the pagefile, not usage of the page file.

I think you might be more confused than I can help you. You should read the book I referenced. The XP resource kit also has some explanations that will help you.
 
mikeblas said:
Commit charge shows a reservation in the pagefile, not usage of the page file.

I think you might be more confused than I can help you. You should read the book I referenced. The XP resource kit also has some explanations that will help you.
Click to expand...
????

"reservation"? Whats the point of reserving that space if you're not going to use it, now THAT is confusing.
 
Your link doesn't work, even a c/p. Anyone care to imageshack it, or supload?
 
imzjustplayin said:
"reservation"? Whats the point of reserving that space if you're not going to use it, now THAT is confusing.
Click to expand...

The simple version is that space in the page file is reserved before it is used. That way, the OS can respond to a page fault very quickly: it is guaranteed to have space available in the PF, and know where it is. Nothing is written to the PF until the page is actually faulted out. What if a page fault happened and the OS had to walk around a bunch of lists, looking for free spots? What if the free spots weren't in a row? And so on; reservations provide an optimization and a guarantee.

It's not much different than reserving a hotel room. You might call and cancel, but when you're tired you know exactly where you can go to get a place to stay.

But if you want the details, read the books I've recommended to you. They'll explain it.

Your link doesn't work, even a c/p. Anyone care to imageshack it, or supload?
Click to expand...
The link is a mess. The forum abbreviates the URL because it is long, so you have to right-click, copy the shortcut, then paste it.

Here is text that you can copy and paste and it will work:
http://pics.bbzzdd.com/users/imzjustplayin/WTFBloatbbq.png
 
You must log in or register to reply here.
Back
Top