Disable the Performance Logs and Alerts service.
smlogsvc.exe = Performance Logs and Alerts Service
Programs such as EasyCleaner can create Perflib_Perfdataxxx.dat files.
Here's more than you may want to know.
Perflib stands for Performance Library. Perfdata stands for Performance
Data.
The %SystemRoot%\System32\Perflib_Perfdataxxx.dat files are created by the
System Monitor. And/or
%userprofile%\Local Settings\Temp\Perflib_Perfdataxxx.dat.
or
C:\Documents and Settings\Your Name Here\Local
Settings\Temp\Perflib_Perfdataxxx.dat. When you shutdown normally, the file
should be deleted.
If you have an abormal shutdown, these files can become orphaned, and
accumulate on your computer.
Under some yet to be determined circumstances, these files can become
orphaned during normal operation.
The Windows Performance tool is composed of two parts: System Monitor and
Performance Logs and Alerts. With System Monitor, you can collect and view
real-time data about memory, disk, processor, network, and other activity in
graph, histogram, or report form.
To open Performance...
Start | Run | Type: perfmon.msc | Click OK
You can view this by opening the Task Manager. The Performance tab displays
a dynamic overview of your computer's performance, such as CPU and various
kinds of memory usage.
Also caused by:
Rundll32.exe advapi32.dll,ProcessIdleTasks
Event ID: 1000
Event Source: LoadPerf
Perflib_Perfdataxxx.dat Files Accumulate Under %SystemRoot%\System32
http://support.microsoft.com/default.aspx?scid=kb;en-us;285798
What are the %SystemRoot%\System32\Perflib_Perfdataxxx.dat files?
http://www.jsiinc.com/SUBG/TIP3300/rh3343.htm
-----
prflbmsg.dll = Perflib Event Messages
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
Value Name: Logging Directory
Data Type: REG_SZ
Value Data: C:\WINDOWS\system32\WBEM\Logs\
Value Name: Repository Directory
Data Type: REG_EXPAND_SZ
Value Data: %SystemRoot%\system32\WBEM\Repository
Value Name: Working Directory
Data Type: REG_EXPAND_SZ
Value Data: %SystemRoot%\system32\WBEM
---
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib
Description
The Perflib subkey stores configuration data for the Windows Performance
Library, which collects and organizes data for performance tools, such as
System Monitor.
In addition to entries, the Perflib subkey contains a Language-code subkey
for each spoken language you configure for Windows 2000. The Language-code
subkey stores performance counter names and their descriptions in the
specified language. The Language-code subkey is named for the language code
for that language. For example, the counters and descriptions for the
English language are stored in a subkey named 009, the language code for
English (United States).
from...
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/regentry/12014.asp
---
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application
Value Name: Sources
Data Type: REG_MULTI_SZ
Value Data: Perflib
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application\Perflib
Value Name: EventMessageFile
Data Type: REG_MULTI_SZ
Value Data: %SystemRoot%\System32\prflbmsg.dll
--
Hope this helps. Let us know.
Wes
MS-MVP Windows Shell/User
In
