Perflib_perfdata_xxx.dat

[Guest]

A few days ago, I noticed this "Perflib_perfdata_xxx.dat"file residing
in my temp folder located in c:\documents and Settings \User Name \ Local
Settings \ temp \ that I cannot delete. I tried Safe Mode as well as a
couple of other utilities

I also noticed that the XX changes every time when I boot up.

It is apparently related to some kind of 'orphan' left over from an event.
(I did have an unintentional power interruption before this file appears.
While MS KB offers help suggesting adding a Command in a logon script, but
this only applies to Win XP Pro and I only have Win Home.
Any help would be appreciated.

 

[Guest]

One of your Administrative Tools is "Performance". Turn off performance
logging.

 

[Guest]

I have already tried this, even with the 'Performance' tab disabled, the file
keeps coming back with every boot up.

 

[Wesley Vogel]

Disable the Performance Logs and Alerts service in Services.msc.

smlogsvc.exe = Performance Logs and Alerts Service

Programs such as EasyCleaner can create Perflib_Perfdataxxx.dat files.

Here's more than you may want to know.

Perflib stands for Performance Library. Perfdata stands for Performance
Data.

The %SystemRoot%\System32\Perflib_Perfdataxxx.dat files are created by the
System Monitor. And/or
%userprofile%\Local Settings\Temp\Perflib_Perfdataxxx.dat.
or
C:\Documents and Settings\Your Name Here\Local
Settings\Temp\Perflib_Perfdataxxx.dat. When you shutdown normally, the file
should be deleted.

If you have an abormal shutdown, these files can become orphaned, and
accumulate on your computer.

Under some yet to be determined circumstances, these files can become
orphaned during normal operation.

The Windows Performance tool is composed of two parts: System Monitor and
Performance Logs and Alerts. With System Monitor, you can collect and view
real-time data about memory, disk, processor, network, and other activity in
graph, histogram, or report form.

To open Performance...
Start | Run | Type: perfmon.msc | Click OK

You can view this by opening the Task Manager. The Performance tab displays
a dynamic overview of your computer's performance, such as CPU and various
kinds of memory usage.

Also caused by:
Rundll32.exe advapi32.dll,ProcessIdleTasks
Event ID: 1000
Event Source: LoadPerf

Perflib_Perfdataxxx.dat Files Accumulate Under %SystemRoot%\System32
http://support.microsoft.com/kb/285798

What are the %SystemRoot%\System32\Perflib_Perfdataxxx.dat files?
http://www.jsiinc.com/SUBG/TIP3300/rh3343.htm
-----

prflbmsg.dll = Perflib Event Messages

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\CIMOM
Value Name: Logging Directory
Data Type: REG_SZ
Value Data: C:\WINDOWS\system32\WBEM\Logs\

Value Name: Repository Directory
Data Type: REG_EXPAND_SZ
Value Data: %SystemRoot%\system32\WBEM\Repository

Value Name: Working Directory
Data Type: REG_EXPAND_SZ
Value Data: %SystemRoot%\system32\WBEM
---

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib

Description
The Perflib subkey stores configuration data for the Windows Performance
Library, which collects and organizes data for performance tools, such as
System Monitor.

In addition to entries, the Perflib subkey contains a Language-code subkey
for each spoken language you configure for Windows 2000. The Language-code
subkey stores performance counter names and their descriptions in the
specified language. The Language-code subkey is named for the language code
for that language. For example, the counters and descriptions for the
English language are stored in a subkey named 009, the language code for
English (United States).
from...
http://www.microsoft.com/resources/documentation/Windows/2000/server/reskit/en-us/regentry/12014.asp
---

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application
Value Name: Sources
Data Type: REG_MULTI_SZ
Value Data: Perflib

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application\Perflib
Value Name: EventMessageFile
Data Type: REG_MULTI_SZ
Value Data: %SystemRoot%\System32\prflbmsg.dll

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Guest]

Pretty strange all right. Almost sounds like you are 'rolling back' to a
previous registry. (last known good config). If Westly's links don't help,
you could try making some change in the registry, and restarting to see if it
rolled back. (If so, of course, you are getting some variation on 'restart on
error')

 

[Guest]

Thank you very much for a vey detailed description of the issue on hand. I
have checked my registry and come up with the following discrepancies

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application
Value Name: Sources
Data Type: REG_MULTI_SZ
Value Data: Perflib
(WSH
WMIAdapter
WmdmPmSN
WLTRYSVC
WinMgmt
Winlogon
Windows Product Activation
Windows 3.1 Migration
WebClient
VSS
VBRuntime
usnsvc
Userinit
Userenv
UploadM
System.ServiceModel.Install 3.0.0.0
System.ServiceModel 3.0.0.0
System.Runtime.Serialization 3.0.0.0
System.IO.Log 3.0.0.0
System.IdentityModel 3.0.0.0
SysmonLog
SpoolerCtrs
Software Restriction Policies
Software Installation
ServiceModel Audit 3.0.0.0
SecurityCenter
SclgNtfy
SceSrv
SceCli
safrslv
SAFrdms
Remote Assistance
PerfProc
PerfOS
PerfNet
Perfmon
Perflib
PerfDisk
Perfctrs
Offline Files
Oakley
ntbackup
NeroCheck
MSSQLSERVER/MSDE
MsiInstaller
MSDTC Client
MSDTC
mnmsrvc
Microsoft.Transactions.Bridge 3.0.0.0
Microsoft (R) Visual C# 2005 Compiler
MDC8021X
LoadPerf
LiveUpdate
idsvc
HelpSvc
Folder Redirection
File Deployment
EventSystem
ESENT
EAPOL
DrWatson
DiskQuota
crypt32
COM+
COM
Ci
Chkdsk
ccSvcHst
ccEvtMgr
CardSpace 3.0.0.0
Automatic LiveUpdate Scheduler
AutoEnrollment
Autochk
ASP.NET 2.0.50727.0
ASP.NET 1.1.4322.0
Application Management
Application Hang
Application Error
apphelp
..NET Runtime Optimization Service
..NET Runtime 2.0 Error Reporting
..NET Runtime
Application)

My entries are in ( ) which are sigificantly different than yours and
appear to be the culprit.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application\Perflib
Value Name: EventMessageFile
Data Type: REG_MULTI_SZ (Reg_Expand_SZ)
Value Data: %SystemRoot%\System32\prflbmsg.dll

Under this entry, the only differnce is' Reg_Expand_SZ' instead of
'REG_MULTI_SZ .'

Please advise whether I should proceed to make the changes.

 

[Wesley Vogel]

Cal,

I only included the things that had anything to do with Perflib under the
key...
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\

Obviously, there is a lot more stuff there.

As far as this goes....
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\
Application\Perflib
Value Name: EventMessageFile
Data Type: REG_MULTI_SZ
Value Data: %SystemRoot%\System32\prflbmsg.dll

The Data Type: REG_MULTI_SZ is *NOT* correct. REG_EXPAND_SZ *IS* what it
should be.

I created that post on 25 May 2004 and you are the first one to spot that
mistake. I know how I goofed it up, I just copied and pasted the Data
Type from the key listed above that one in my post and never fixed it, or
even noticed it. But that doesn't help you any.

As you can see, what you thought was causing your problem, were errors on my
part. Sorry. Do not make any registry changes concerning those two items.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In