0

On Windows 8.1, the system was using a lot of RAM without me running any programs. I had 4 GB of RAM and upon startup almost 2.5 GB were already used. Following the steps described here Windows using too much RAM, how to diagnose resource hog, I have managed to update or uninstall several obsolete drivers, but still, the CM31 (Registry) processes and MmSt (?) keep taking a lot of RAM.

Here is a screenshot from poolmon: Here is a screenshot from poolmon

I suppose I could still work with the first five entries.

I have also used xperf, but it led me nowhere Xperf screenshot

What can I do about CM31 and how could I clear more RAM? Registry defragmentation didn't help. EDIT: Procexp overview

Joe Doe
  • 103
  • 5
  • 1
    Please supply an overview of your running processes. TaskManager or ProcessExplorer. CM31 and MMST are Windows system components working on behalf of other processes. Without any other information on what you are running we can't make any guess at what is going on. – Tonny Dec 25 '17 at 12:06
  • @Tonny I have added a procexp overview – Joe Doe Dec 25 '17 at 14:24
  • [CM31 tag is used by Windows when loading profile hive during boot](https://superuser.com/a/1174512/174557) – magicandre1981 Dec 25 '17 at 15:37
  • @magicandre1981, thanks. Is there something I can do about its size? I didn't find any answers... – Joe Doe Dec 26 '17 at 11:00
  • Can you explain why you think empty RAM is a *good thing*? It generally isn't - the system works faster when recently used & potentially 'next to be used' items are already there. – Tetsujin Dec 26 '17 at 12:02
  • how large is your user registry ntuser.dat? – magicandre1981 Dec 26 '17 at 13:08
  • @Tetsujin, empty RAM is a good thing in cases when you need it to be of use for other applications. Used RAM is bad in cases applications like faulty drivers of malware occupy it instead of applications that actually need it. At least, that is my take. – Joe Doe Dec 26 '17 at 21:07
  • @magicandre1981, it's 7 MB. – Joe Doe Dec 26 '17 at 21:08
  • how large are the system related registry hives (those ones are stored in C:\Windows\System32\config)? – magicandre1981 Dec 27 '17 at 15:45
  • @magicandre1981 the largest are: SOFTWARE : 100 MB, COMPONENTS 76 MB, SYSTEM 11 MB. – Joe Doe Dec 29 '17 at 13:02
  • ok, [capture a boottrace](https://superuser.com/a/976646/174557) in WPRUI.exe, select "Pool Usage" and Registry IO to capture pool and registry activity. zip the generated ETL as 7z and share the 7z via OneDrive. – magicandre1981 Dec 29 '17 at 15:35
  • @magicandre1981, thanks! I haven't tried this one yet. I do not use OneDrive, but here is a google drive link. The password is Atlas456. https://drive.google.com/open?id=10bfEhv3AMlCQDh9Kac9WK8Nph707hWDN – Joe Doe Jan 02 '18 at 09:18
  • I can't see any CM31 usage in the trace (I get warnings that events are lost, so maybe the CM31 data are lost ). I see that the loading of driver vflt (Shrewsoft Lightweight Filter ??) causes a 100s delay during boot. remove this and capture a new trace, maybe this new trace includes all data – magicandre1981 Jan 02 '18 at 17:17
  • @magicandre1981 Here it is. Strangely enough, it is ten times the size. https://drive.google.com/open?id=1JZVuKdkt_NARCBCrm6T_mktDzjgQh_v_ – Joe Doe Jan 02 '18 at 20:54
  • this time I see that data but only 134MB usage. I also can't see the registry hive operation (only query/open of keys). run this command: **xbootmgr -trace boot -traceFlags BASE+CSWITCH+POOL+REGISTRY+REG_HIVE -stackwalk PoolAlloc+RegHiveInit+RegHiveLink** to capture the hive information – magicandre1981 Jan 03 '18 at 17:25
  • I looked at the disk IO activity and saw that 3rd party drivers from Easus backup are involved during load of the hive. maybe this causes the higher usage. so use the 50/50 way (disable half of 3rd party tools, look if issue occurs, if yes, disable again of of remaining drivers , if it is fixed, enable 50 of the prev disabled drivers) until you see which driver/software causes it – magicandre1981 Jan 03 '18 at 18:46
  • @magicandre1981 Thanks again. While I have tried tinkering with the loaded drivers, I have twice ended with a system restore (I was disabling only third party drivers, ofc) so I would prefer not doing that. However, I have the trace on this link: https://drive.google.com/open?id=1YwvOaXwPxNvRqsCl-zBrkPLOKPx9gFrC – Joe Doe Jan 07 '18 at 21:24
  • ok, \SystemRoot\System32\Config\SOFTWARE is 100MB but the interesting thing is \??\C:\Windows\AppCompat\Programs\Amcache.hve gets also loaded via CM31 tag allocation. so do you run later a lot of apps in compatibility mode? – magicandre1981 Jan 08 '18 at 16:38
  • @magicandre1981 No, none. Or at least none I would know of... – Joe Doe Jan 08 '18 at 17:50
  • https://drive.google.com/open?id=1WHokSvsnxjPbKm4tA_nni0KIKIu2p4j0 - rammap when most of applications is off. Might be relevant – Joe Doe Jan 08 '18 at 20:54
  • according to the picture the usage is expected. there is no real issue of your system. that is the usage. in Win10 1803, the usage will be reduced by putting it into a [registry process](https://winaero.com/blog/registry-process-windows-10/) – magicandre1981 Jan 09 '18 at 16:20

1 Answers1

1

The memory usage of the CM31 tag is normal for Windows. To see how Windows uses the pool you need to install the Windows Performance Toolkit, which is part of the Windows 10 SDK (which also works on Windows 8.1).

enter image description here (all other entries can be unselected)

Now open a cmd.exe as admin and run this command:

xbootmgr -trace boot -traceFlags BASE+CSWITCH+POOL+REGISTRY+REG_HIVE -stackwalk PoolAlloc+RegHiveInit+RegHiveLink

This reboots Windows and captures the Pool usage during boot.

After Reboot make a double click on the generated ETL file to open the ETL in Windows Performance Analyzer (WPA.exe) and move Registry Hive graph to Analysis pane:

enter image description here

Here you see which hives get loaded via CM31 tag:

enter image description here

enter image description here

enter image description here

enter image description here

So Windows loads software, drivers, user registry hive and also a hive for application compatibility settings (C:\Windows\AppCompat\Programs\Amcache.hve).

To improve the performance of your PC, add more RAM, 4GB is really low end today, there are already Android phones which 6GB RAM. To improve boot speed replace the slow ST3250410AS drive with a SSD.

magicandre1981
  • 97,301
  • 30
  • 179
  • 245
  • Well, I guess that is as far as we have got. I understand that 1 GB is normal. Thank you for your help. – Joe Doe Jan 09 '18 at 18:05