I made a clean installation that took ~20min. New Modern UI..nice..polished desktop, speed,..nice too. Memory usage at start-up was similar as with Win7 (~1GB of total 4GB) but now the story begins. When I started to copy big files around LAN (ISO files, AVI,..), torrents,.. memory usage started to constantly grow. The new task manager was showing that the non-paged memory pool raised very fast; memory usage stopped at ~3.6GB and then machine started to crawl. Only restart helped every-time. The problem was always reproducible.
Just Chrome browser and MS Word were running most of the time..memory usage 3.5GB !?!?!
I suspected some third-party network driver is reason for this. I used the tool “poolmon.exe” (part of Windows Driver Kit) to find out which driver is causing the memory leak (link1, link2, link3). Poolmon.exe showed that non-paged memory grows constantly when copying big files (few 100MB). The driver tag found by poolmon.exe was “Wfpn” and findstr found “netio.sys” that is the part of Win8 core networking subsystem. Therefore, one of network related driver is a problem, so let’s find which one.
Laptop has intergrated gigabit NIC from Realtek (RTL8168) so I tried to update it:
1. installed Win7 drivers (Win8 still not supported) from HP official site -> memory leak remains;
2. installed Win8 latest drivers from Realtek -> memory leak remains;
I even disabled LAN interface and tried WLAN only -> still memory leak.
Therefore, the culprit is not NIC/WLAN driver at all. The next step was booting machine in “safe mode with networking” and I was surprised - no more memory leaks!! I made a list of loaded network drivers (using DriverView) and compared it with the list of drivers in normal boot. The following kernel drivers were not loaded in safe mode:
- lltdio.sys,
- mslldp.sys,
- Ndu.sys,
- rspndr.sys,
- srv.sys,
- srv2.sys,
- srvnet.sys,
- wanarp.sys.
After disabling Ndu.sys (Windows Network Data Usage Monitoring Driver) with Autoruns and performing normal boot - voila memory leak has gone!!!!
Ndu driver was introduced with Win8 and is actually quite buggy in combination with RTL8168 NIC. Microsoft should fix that in some SP...let's hope soon.
I wonder if anyone else has encountered a similar memory leak?
