I pulled up my Task Manager today and found that out of my 16GB of RAM, 14.5GB was "in use".
Naturally, I switch to the Processes tab, click "show processes by all users", and sort by Working Set – only to find that all the processes listed in Task Manager together only use up ~3GB of RAM. I've also tried Process Explorer, which doesn't give me any new information.
What's eating up almost 11GB of RAM?
I found one tool – RAMMap – which tells me that 11GB of RAM is being used by "Paged Pool". What is this used for? How can I find out what caused it to spike up so high and stay high?
Best Answer
Same problem here. I found that these instructions for finding the issue with non-paged pool also work for paged pool.
This requires installing a 2gb windows driver kit package from Microsoft. I'm not sure if visual studio is necessary, even though the Microsoft installation directions say it is.
If you have windows 10, and want to avoid installing that massive package, I have created a zip file containing just the poolmon.exe and a shortcut that runs it using the "-b" option. According to Microsoft, the exe is standalone and should work. I don't know if the exe works with other Windows OS versions. The exe is from "WDK for Windows 10, version 1709"
poolmon.exe -b. You can do this from the command prompt or the shortcut I provided in the zip file. Or create a new shortcut to poolmon.exe and in "properties" put the full "target" address in quotes and add " -b" after it, without quotes. The "-b" is important because it organizes the list according to the most bytes used.You should get results that look like this: poolmon -b results
As you can see, in my case, the tag for the process using 7.2 gb of Paged Pool is "AvN".
cd C:\Windows\System32\driversThenfindstr /s (Tag) *.syswhere (Tag) is your tag from the left-most column in poolmon. It is very important that capitalization is exact.Here are my results from command prompt, with one mistake where I did not correctly capitalize AvN. results from findstr
From this I can see that the tag "AvN" belongs to a driver called "avgMonFlt.sys". From a google search it seems that "avgMonFlt.sys" belongs to "AVG Antivirus Free". If I find that file in explorer, and look at the properties, under the "details" tab it gives me the name of the product "AVG Internet Security System" file description, Copyright owner, and other information. The "Digital Signatures" tab shows me who the signer is.
In most cases simply updating the driver will solve the issue. If an update isn't available, uninstalling the driver may be necessary. At the very least, you have identified the faulty driver and use that information to find a solution.
I actually haven't fixed this problem yet. I may just need to uninstall "AVG Antivirus" and get a different antivirus, or I may need to simply uninstall and reinstall. I just recently repaired it, as well as updating it, before this problem occurred. I will update this answer with my results.