Troubleshoot Windows 7 x64 Memory leak?

[simmerskool]

Briefly explain your current issue(s)

memory leak

Steps taken to resolve, but have been unsuccessful

checked resource monitor

running win7x64 with 32 gb ram. fresh reboot the mem usage is about 3.5 gb, ie, my normal. Typically, I only reboot when necessary, I often let it run days on end. Last few days I noticed that when I came back to pc in the morning, the physical mem being used was 26 gb as viewed from killswitch, then confirmed with win7 resource monitor. But scanning the list of running processes nothing jumped out at me as hogging ALL that memory. Overnight, basically I closed most if not all apps, so I would expect pc to be using minimal resources. CPU is hardly used. I rebooted in the morning to "fix" the issue, and it reboots using about 3.5 gb mem. with chrome open to post this it is currently using 4.5 gb mem. When I looked at it last night before bed after having been used all day, it was around 7 gb. So then what happens overnight to jump it up to 26 gb of used mem? I think this is relatively new. No new installs lately, other than perhaps browser extensions and chrome was closed overnight. Is this indicative of some app with memory leak that is not obvious (to me) from resource monitor, or perhaps indicative of some very well hidden malware?? Is there a better app to track or highlight / log memory usage overnight? thanks.

 

[TairikuOkami]

RAMMap - Windows Sysinternals - you can also try ProcessExplorer or ProcessHacker.



If it is caused by non-paged pool, it might be a driver leaking, updating it should solve it.

 

[simmerskool]

RAMMap - Windows Sysinternals - you can also try ProcessExplorer or ProcessHacker.

View attachment 191417

If it is caused by non-paged pool, it might be a driver leaking, updating it should solve it.

thanks, I'll take a look at RAMMap. What I hope to do is log memory activity overnight, and then read the log next day and see if it pinpoints me to the problem. I did some "research" this afternoon, and mostly suggested running win7 system perfmon.exe, which I opened but I have to play with it some more to better understand it's logging capabilities. The more I focus on the memory, the more it seems to stay stable around 4 gb.

 

[simmerskool]

RAMMap - Windows Sysinternals - .

running RAMmap, lots of good info, but seems not to log (??) but I saved its data for a baseline value and if and when I see massive spike in used RAM I'll run it again and try to compare. thanks. and still looking into perfmon.exe.

 

[AtlBo]

Left mine on one night with an ad video playing in a tab. Woke up and the virtual memory error box was showing and the PC was using 100% of the RAM (8 GB). I closed that tab, and that problem stopped. I would say it was a Chrome thing that time as in maybe Chrome continually requested RAM for the looping video without clearing the previous.

I think it's mostly apps that cause the problem. I had the same thing happen with HWiNFO hard drive gadget. It continually logged data and placed it in RAM memory, even though the gadget only needed like 5 seconds of the data for the display. I don't see how someone can write an app like that and not notice that problem...oh well...

 

[simmerskool]

Left mine on one night with an ad video playing in a tab. Woke up and the virtual memory error box was showing and the PC was using 100% of the RAM (8 GB). I closed that tab, and that problem stopped. I would say it was a Chrome thing that time as in maybe Chrome continually requested RAM for the looping video without clearing the previous.

I think it's mostly apps that cause the problem. I had the same thing happen with HWiNFO hard drive gadget. It continually logged data and placed it in RAM memory, even though the gadget only needed like 5 seconds of the data for the display. I don't see how someone can write an app like that and not notice that problem...oh well...

could be, but... when I leave the pc at night for overnight, I check to make sure chrome is not running, also not running on network in the background, at least I do not see a trace of it I often start a screen saver, standard win7 scr on system. meanwhile, I think I figured out how to log memory usage overnight with perfmon.exe. I had to run it as admin, then the selections I needed came to light. curious to see if it was one big spike or many many small incremental increases over 8 hours. most likely it will not happen tonight

 

[AtlBo]

That really is a crazy amount of memory being used on your PC . I was actually wondering if it's possible to add so much memory that nothing could possibly use it all. Never had a PC with more than 8 GB. Yet the HWiNFO gadget kind of convinced me that rising RAM usage over time is on a programmer instead of MS...always an app leak of some kind. Looking forward to hearing what caused that much RAM usage in your case with it being so much. I have looked at this very closely a few times over the past 3 years although not recently...

 

[yitworths]

You may use data collector set to track memory usage along with cpu usage.

tbh I'm little confused by your post. The high memory usage occurs only when you put your pc into idle mode. Can it be because of some scheduled tasks which are meant to run when you pc is idle? but to gobble up 26 damn gb ain't normal at all. We need a little bit more info. While this much ram usage was detected by you, did you check the system processes/services also? tbh till now, I'm not considering it as memory leak. That doesn't mean I'm discarding the possibilities of it.

you may try to disbale screensaver as many apps/programs detect pc's idle mode based upon screensaver.

 

[TairikuOkami]

One bad piece of code and the software will leak. You can always use one of those as a workaround.

CleanMem Free/Pro or Mem Reduct

Cleanmem was originally designed for Firefox, because of its memory leaks.

 

[simmerskool]

One bad piece of code and the software will leak. You can always use one of those as a workaround.
CleanMem Free/Pro or Mem Reduct
Cleanmem was originally designed for Firefox, because of its memory leaks.

I will look at CleanMem & Mem Reduct, but may not need them, as I may have found the cause &/or leak.
It appeared to be a slow steady leak or RAM usage increase, but most noticeable (to me) overnight but was probably happening all the time over the past few days, and either I did not notice or the memory got reset by other than reboot, but reboot certainly did reset it to baseline 3.5 gb.
The usage mostly going to paged_pool (sorry if I'm using some incorrect terminology -- I thought my notes were better ). Skimming the data (without a deeper analysis) culprit was most likely Hemidal Pro. I started running Heimdal about 3 months ago, (ForgottenSeer 58943 said something nice about it) it does some web filtering and also looks for updates for certain apps. It looks like it found something to update, I was running in SUA with some other lockdowns and it looks like Heimdal was continually (slowly) trying to DL and update the app it found but it could not fully DL and install, and instead of giving my a clear alert, it kept chugging away in the background. If you open Heimdal, you see the problem, but the systray icon appears normal, and I did not look there until this morning. I think the memory usage had only been happening for a couple of days. I like to think I'd notice a continuing issue like that. My current hardware is strong enough, I did not notice any slowdowns. I'm not bad mouthing Heimdal, I'm neutral about it, but not really sure that I need its web filtering here, and its systray icon leaves something to be desired. I made some tweaks to Heimdal, and it should become obvious by tomorrow morning if that was THE problem, or if I need to review the perfmon log in more detail (to see if I can understand it and if the answer is there). For now, it seems obvious that Heimdal continually trying to DL & install when it could not was the "leak"

 

[ForgottenSeer 58943]

There is a bug in the release version of Heimdal that can 'sometimes' cause this but it's quite rare.

A quick and dirty solution is to make sure to install Heimdal with the desktop icon. Then double click the icon. It will unload Heimdal, then reload the drivers from scratch (which likely got hung) and re-push the application updates properly. The problem should go away after you do this. Over the long term, go into settings, tick off 'download release candidates' and Heimdal will give you an RC that has this bug fixed from what I hear.

 

[simmerskool]

There is a bug in the release version of Heimdal that can 'sometimes' cause this but it's quite rare.

A quick and dirty solution is to make sure to install Heimdal with the desktop icon. Then double click the icon. It will unload Heimdal, then reload the drivers from scratch (which likely got hung) and re-push the application updates properly. The problem should go away after you do this. Over the long term, go into settings, tick off 'download release candidates' and Heimdal will give you an RC that has this bug fixed from what I hear.

rare unless it's happening to you The lo-tech answer (before seeing ForgottenSeer 58943's post was) I uninstalled Heimdal Pro and my "leak" seems to be gone.

 

[simmerskool]

Update: about a week after it was obvious that Heimdal Pro was "leaking" here, and after I uninstalled it, seeing leaks stop & running mostly ms resource monitor to see what's happening, I ran comodo killswitch 10.2.0.6526 last night overnight, say 6 to 8 hours and found that it also eats up physical memory, prior to opening killswitch, win7 was using about 3.2 gb total ram, in the morning 16 gb (or about 50% of available physical memory) was used with nothing else running. A few nights I only ran ms resource monitor and tcpview and memory usage stayed constant around 3 gb total memory used. I have cleanmem app but have not tried it yet. I'll give process hacker a try and see how it does with ram.

 

[LDogg]

That's a bit worrying!

~LDogg

 

[Yellowing]

Could it be Superfetch? It is a windows service/function. (I don't know if it was with windows 7, but 10 does have it) It writes data from the most used application into RAM (But only if there's enough free) to make them start faster when you start them. (Google it)
Try deactivating that if you have it.

Ever thought about changing to Windows 10, btw? Pro is just 5€ right now on Amazon.

 

[yitworths]

Could it be Superfetch? It is a windows service/function. (I don't know if it was with windows 7, but 10 does have it)

yea,windows 7 does have superfetch.

Ever thought about changing to Windows 10, btw? Pro is just 5€ right now on Amazon.

Probably, it's not about d price. simmerskool may be concerned about privacy.

 

[Yellowing]

Simplewall has an easy feature that blocks all known spying windows IPs

 

[yitworths]

Simplewall has an easy feature that blocks all known spying windows IPs

Cortana does collect various info even after getting disabled. Spying is hard coded in windows X. & regarding simplewall, yea it's a great product to control network traffic. but problem is microsoft does send some amount of data during update & till now we don't have enough data in public about that. windows X is privacy nightmare.

 

[TairikuOkami]

Could it be Superfetch?

I have seen a test once, where even disabling the service was not good enough, you had to actually change settings to disable it.

reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnablePrefetcher" /t REG_DWORD /d "0" /f
reg add "HKLM\System\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters" /v "EnableSuperfetch" /t REG_DWORD /d "0" /f

Cortana does collect various info even after getting disabled.

You can always remove it, but since 1803, it also breaks right click taskbar and systray menu along with Start. MS sure makes it difficult to get rid off.

but problem is microsoft does send some amount of data during update & till now we don't have enough data in public about that.

I do not have a single Windows process allowed, so unless it is hardcoded into internet protocols, it is should not.
One guy tried to prove, that even when windows firewall blocks everything, 10 still leaks, but it proved to be fake.

 

[Yellowing]

I do not have a single Windows process allowed

No updates? That is bad.
How do you stay up-to-date? :X3: