Memory Usage High

I have a Windows 7 HE SP1 OS and I recently noticed a lot of lagging going on. I suspected something was up with my memory for which I have 16gb available.

I brought up Resource Monitor and found two instances of rundll32.exe running, always at the very top with high memory usage. Commit Usage was around 5,424,200 (kb) and the Used Physical Memory graph was always showing 100%.

I have Process Explorer from Sysinternals and started it up to do some investigating. Sure enough, the same two rundll32.exe instances were sitting at the top here as well. They don't seem to use a lot of CPU attention but they do seem to take up a lot of the memory. Anyway, here is what I found;

Runudll32.exe is Microsoft Corp, path:C:\Windows\System32\rundll.exe, and is being called for by explorer.exe (parent) to run a HP printer dynamic link library module HPStatusBL.dll ("Print Driver Status Business Logic") which from what I can find maintains "Print Driver Status". I also verified that I have the most current version so that shouldn't be an issue unless...that IS the issue!

I wasn't sure if I could or even should try renaming HPStatusBL to "old" to keep it from loading so I just started out shutting down my printer, taking it off-line, no change. I also checked out all my printer drivers against HP and everything seems to be up to date. Eventually, I shut everything down and logged out of my user account and then logged back in. This worked in that the two instances were not hogging up memory but were reloaded/called for. It just seems that as time goes by (idle time), I start noticing the lag and when I check things out, sure enough, there they are, back at the top.

I might be looking at this all to simplistic and it might not even have anything to do with HPStatusBL.dll, it just looks like everything is pointing that direction. I guess I'm just looking to see if anyone else might have had some experience with this and what they might have found out. I don't want to keep logging out or even get rid of my printer as a last resort but I do need to figure out something, this is kind of a nuisance . I've searched around the internet and don't seem to find anything of any substinance. So anyway, thanks for any input.

 

Rundll32.exe is a component of Windows . It loads and runs 32-bit DLLs.
However, some malware use the same name to disguise itself.
Open Control Panel > Folder Options > View and ensure no files are hidden.
Then search for Rundll32.exe and post the result(s).

 

Here is a user guide on https://www.howtogeek.com/howto/windows-vista/what-is-rundll32exe-and-why-is-it-running/

 

"Then search for Rundll32.exe and post the result(s)." - Wasn't quite sure how to post the results of my search so I posted a screen capture! Also, I verified no hidden files in Folder Options!

Hey wile e, that site goes through Process Explorer pretty good. That was just about the process I took to see what was being loaded and whether it was a legitimate process. By all indications, it looks like nothing is out of the ordinary, except the high memory usage. Interestingly enough, I noticed that the article talked as though that at any time, I could have many rundll32 process's listed but currently, I only see these 2, both for the HP dll.

 

The screen capture shows the Rundll32.exe files are in the correct locations.
Post a screenshot of Task Manager Process tab.

 

Agreed

 

Process tab!

 

That's more than 10 GB of memory just for those two services.
Just to be sure...
Right-click the first Rundll32.exe and click Go to Service(s). Make a note of the service(s). (Scroll down to ensure you get them all.)
Then do the next Rundll32.exe.

 

OK, so what am I looking for. In Task Manager, under the processes tab, I go down till I see the rundll32's and right click on each one, but they both jump me over to the Services tab, nothing is different with each, they both show the same amount of services running and stopped. But then again, any process I right-click on and select go to services does the same thing...from what I can see!

 

Possible workaround: prevent the HP bloatware from auto-starting, run it manually when (if?) needed (but it might reinstate triggers on start). Autoruns should pinpoint the triggers (Scheduled Tasks?) but try the HP options/preferences first, or see if you can uninstall the offending module via Add/Remove.

 

Look at what services are highlighted.

 

OK, I ran Autoruns by sysinterals and found both instances of the rundll32 running HPStatusBL.dll. In Autoruns, it described the dll as monitoring ink levels! I went through all the HP installed software to determine if there was a way to have it NOT monitor ink levels, no such luck. Since it seems to only get used when you open HP Toolbox from the installed software, and I never monitor my ink levels this way, I decided to "uncheck" one of the instances in Autoruns and log out/in and bring up task manager again. this time, no instance of any rundll32's running HPStatusBL.dll. Right now, I'm running use memory at 3.17gb steady 19% as opposed to 98%...fantastic!

Just out of curiosity, I ran everything I could think of with my printer, even go online and check out the ink levels and everything is still functioning as it should. Guess I'll monitor this for a while and see how things go but I think the memory issue has been resolved for the time being.

BTW Eldon, nothing under the services tab was highlighted.

Thanks for all your help on this, all three of you!

 

Keep an eye on your Temp folder for out of the ordinary items.I see you had Tim W looked at your scans in the malware forum.

To get to your temp folder.Click on start menu in the search bar Type %temp% this will bring the temp folder up in the list.Most of the stuff in the temp folder can be removed.It's mostly junk files.This is where most malware tends to hide.

All so Keep an eye on your %appdata% folder as well.

 

Well yeah, but this is my personal desktop build, hence the signature and that last "Read & Run Me" was a Laptop I was looking at for a friend of mine. As a matter of fact, I will be bringing that Laptop back, probably to this "Software" part of the forum because I can't get that thing to even start windows now.

But thanks for the info, I appreciate your additional concern!

 

I'm dumbstruck by why HPStatusBL.dll would require more than 10 GB of memory.
I wonder if it's because 32-bit DLLs are being called on a 64-bit system in this instance?

 

I'm not sure why it was hogging like that either but I know it wasn't always doing that. I just started noticing the lagging in applications on my desktop just recently and thats what prompted the investigation.

What caused me some concern with this issue was why it was running two instances of it at the same time at around the same memory usage. In autoruns, one was labeled "HP Envy 5660 series", which is the product name and the other instance was labeled "HP6A2F8D" which I'm not sure what that is. But, when I look at this printers icon in Devices and Printers, it's labeled, "HP6A2F8D (HP ENVY 5660 series). And then, like you said, why would even one instance take that much memory...5gb?

 

I just searched "HP6A2F8D" and zero results!
Just a guess... Maybe the two instances of Rundll32.exe calling the same DLL for the same software resulted in them "fighting" one and another which resulted in the massive memory usage.

Fortunately you fixed a major problem.
We'll add this one to the list of "Great Unsolved Mysteries of Windows."

 

Yeah, I searched for that too and found nothing. I noticed that it did bring up mostly HP stuff with mostly foreign links. It could be that HP attached this "nomenclature" specifically for the retail store it was to be sold in. I know manufacturers do that for WalMart, so that WM can announce they have the cheapest prices, but their products were produced, just for them, stripped down to the bare bones, no accessories.

Well I'll tell you this, my computer is running great right now, no lag, no stutter, just quick and snappy! But hey, you folks at MG lead me to the solution. I thought I had exhausted my search and needed some fresh eyes and minds to assist, and it worked...thanks again!