Hey guys, I hope someone can give me some insight to this. I've tried reading everything I can find, and nothing really addresses the issue.

I have Windows XP Pro, with 512Mb ram. When I boot up everything is normal, and I have very little running on the machine. The paging file/commit charge starts at about 230/1245.

Over the course of 24 hours (without the computer being touched), it will slowly climb and eventually break 1245M and I get the "Virtual Memory too low" error.

I immediately started looking for applications with memory leaks, but found nothing. After running over night, there are 38 processes running, here are the top 3 memory users:
Process: - Private Bytes (VM Size): - Working Set (Mem USage)
Rtvscan.exe (Symantec AV) - 50,700 - 41,700
msnmsgr.exe - 23,018 - 12,500
explorer.exe - 27,076 - 27,125

As you can see, nothing seems out of the ordrinary, but the CommitCharge/Paging file is currently at 987M/1245M

Any ideas would help....Thanks
-Eric

did u set the charge to let windows manage , both visual effect and pagefile , how big is the hdd.

did u set the charge to let windows manage , both visual effect and pagefile , how big is the hdd.

Hey, thanks for the response.

Yes, Windows is set to manage the paging file and visual effects. The paging file is 768Mb, and the HD is 60Gigs (40Gigs free).

Its really confusing me, thanks in advance for the help :)

-Eric

there is your problem, the commit charge is set to 200+ yet you have a pagefile 700 +. increase the commit charge to something like 1.5g/3g.

PS is the page file on the same hdd as the operating system.

there is your problem, the commit charge is set to 200+ yet you have a pagefile 700 +. increase the commit charge to something like 1.5g/3g.

PS is the page file on the same hdd as the operating system.

Yes the pagefile is on the same HD as the OS. The Commit Charge is set to 1245M, Page file 768Mb, and RAM 512Mb. Isnt that the norm (commit charge=Ram+Page file size?). It was never touched, its the OS default.

My desktop is set to the same values, and it works fine.

-Eric

the comit charger is the max the system will set asside for the page file, notice it says pagefile/commit charge you need to go into the systems properties>advance tab> performance settings button>advance and set the min and max for the page file.

Um, ok... what should I set them to. As I said, they are the same values as my desktop PC, and they are running identical software/OS, with identical amounts of RAM and HD space. Only one has a problem though. My concern is that even if I increase the size of the paging file, it doesn address the issue of the commit charge constantly growing. It just means it will take longer to generate a low VM error.

increase to 1G at least,,,,,,,,,,,,are u running VMware on this PC.....

increase to 1G at least,,,,,,,,,,,,are u running VMware on this PC.....

I can increase to 1Gig, I'll do that now, but its still growing constantly. I have had nothing running but this IE window to communicate, and it has grown from 250/1245 to 480/1245, and its still steadily getting bigger.

No VMWare running.

if u set a min /max and it grows even without any new processes or software running. u must have a trojan /virus.

Ya, thats what I was affraid of, but I cannot find one anywhere. I have ran 3 different Spyware scans, 4 different AV scans, and they're all turning up nothing.

Hey, thanks for your help and suggestions. I finally found the source of the problem. It was something called windows/system32/dllhst3g.dll that was causing the leak. It said it was a legit dll from microsoft (its not). It was running within svchost.exe (did not show any signs of a memory leak - peaked at 11M).
After deleting that file, all is well again (24 hours, still at 267/1245M commit charge).

Hope this wasnt a complete waste of peoples time, and it can eventually help someone else who runs into it.

-Eric

yeah that DLL is spyware. Run a full antivirus and spyware scan

I ran FULL system AV scans with: Symantec Corperate, Bit Deffender, AVG, PC Cillin, and EZ Armor... all turned up nothing.

Ran full spyware scans with spybot, adaware, and an online trendmicro's housecall... all nothing.

So I'm not sure where the file came from, or why it wasnt being picked up, but... as I said, all is well now :)

Wierd. Might want to run a HijackThis Log and post it here anyway, well take a look

:)

I ran FULL system AV scans with: Symantec Corperate, Bit Deffender, AVG, PC Cillin, and EZ Armor... all turned up nothing.

Ran full spyware scans with spybot, adaware, and an online trendmicro's housecall... all nothing.

So I'm not sure where the file came from, or why it wasnt being picked up, but... as I said, all is well now :)

Since all of these methods failed. How did you actually find the file dllhst3g.dll? Also, I had the same file and deleted it from the system and the dll cache and I got a message from Windows XP saying other files were no longer certified and to insert my system disk. I did this but nothing seem to be copied. Did you get a similar message?

Thanks :)

Dave, the legitimate file is dllhst3g.exe, malware is dllhst3g.dll.
Check that you do have the valid one, if not, then insert your cd, run sfc /scannow.

I ran microsofts "process explorer", originally developed by wintools I believe. Literally started going file by file through SVCHost... looking for anything that was not legitimate. Eventually found that file, did a little research and deleted. I'm sure there is a better way, but when all of the previous scans failed, it was sort of a last resort for me. Hope it helps... and Gerbil is right about the legit/illegit files... you have to be very careful deleting files, they are designed too look like legitimate windows files.

Dave, the legitimate file is dllhst3g.exe, malware is dllhst3g.dll.
Check that you do have the valid one, if not, then insert your cd, run sfc /scannow.

yes, thats an excellent idea. you can run the command without tje cd but some really crafty viruses also can modify the dll cache, so using the cd is essential. just type the command in to the run box. close all other applications while it is running. it is a silent process. reboot afterwards

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.