Jump to content

Event Viewer Error: The performance strings in the Performance registry value is corrupted

FranceBB

By FranceBB
in Windows XP

 Share

Recommended Posts

Dixel

Dixel

Posted
Posted
8 hours ago, FranceBB said:

Excellent program, I disabled the performance counters on everything. Thank you guys! :)

You're welcome! Did you check the result manually?

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger]

"Status"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Audio]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\Circular Kernel Context Logger]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\DiagLog]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Application]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Microsoft-Windows-Backup]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-Security]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\NBSMBLOGGER]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\NtfsLog]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\PEAuthLog]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\RAC_PS]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\RdrLog]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\TCPIPLOGGER]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog]

"Start"=dword:00000000

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WFP-IPsec Trace]

"Start"=dword:00000000

 

 

3
Link to comment
Share on other sites

Dixel

Dixel

Posted
Posted
On 5/23/2024 at 4:06 AM, jaclaz said:

Exctrlst:

https://techcommunity.microsoft.com/t5/ask-the-performance-team/two-minute-drill-disabled-performance-counters-and-exctrlst-exe/ba-p/374538

https://www.softpedia.com/get/System/System-Info/Extensible-Counter-List.shtml

jaclaz

jaclaz, unfortunately the programme doesn't disable SCM logger, ideas?

1
Link to comment
Share on other sites
Dixel

Dixel

Posted
Posted

Oh, and just noticed EtwRTNT Kernel Logger.etl is pretty much intact and the log file has grown to approx. 10mb, all after I ran the programme on a new OS installation.

3
Link to comment
Share on other sites
dmiranda

dmiranda

Posted
Posted (edited)

There are a number of ways in which those counters are entwined with the work of core apps of an all including OS (office suite, internet explorer and media player, games, you name it). Also on checking registry tweaks, booting arrangements, overclocking and such. So I concur with @jaclaz in not closing them all. I will instead go counter by counter and see what affects the behavior of a still effective OS, for desktop, (but increasingly no for internet, expert office suite, and python reliant applications). The surplus fun some of us get just for the heck of it. Hell! I own it.

https://www.youtube.com/watch?v=VRfoIyx8KfU

 

Edited by dmiranda
Link to comment
Share on other sites
Dixel

Dixel

Posted
Posted
3 hours ago, dmiranda said:

There are a number of ways in which those counters are entwined with the work of core apps of an all including OS (office suite, internet explorer and media player, games, you name it). Also on checking registry tweaks, booting arrangements, overclocking and such.

I wrote I tried the programme on a clean, new OS install. There's nothing on it, simply nothing, except the OS components themselves.

5 hours ago, Dixel said:

I ran the programme on a new OS installation.

 

3
Link to comment
Share on other sites
FranceBB

FranceBB

Posted
  • Author
Posted

Well I got rid of them all (including the OS ones) and my XP is still going strong, so I don't really think there's any adverse effect in getting rid of them.

Link to comment
Share on other sites
dmiranda

dmiranda

Posted
Posted (edited)

Yeah, if I were to start afresh (I won't), these counters do nothing (I can see) on performance. Maybe the opposite. I would then disable and would re-enable some required for my apps, including office for find and replace, excel is some complex formulas, etc, as I find issues.

But I'm on non-vanilla XP, and closing some of those counters generates issues.

Edited by dmiranda
Link to comment
Share on other sites
Saxon

Saxon

Posted
Posted
On 5/23/2024 at 10:06 AM, jaclaz said:

Exctrlst:

https://techcommunity.microsoft.com/t5/ask-the-performance-team/two-minute-drill-disabled-performance-counters-and-exctrlst-exe/ba-p/374538

https://www.softpedia.com/get/System/System-Info/Extensible-Counter-List.shtml

jaclaz

Good programme, but I'm still getting these logs, they accumulate to 8-9mb in about 4 hours after reboot, soon after reboot they're about 256kb.

 

LOGS.png

2
Link to comment
Share on other sites
  • 2 weeks later...
Dixel

Dixel

Posted
Posted
On 5/27/2024 at 3:50 AM, FranceBB said:

Well I got rid of them all (including the OS ones) and my XP is still going strong, so I don't really think there's any adverse effect in getting rid of them.

Please run cmd as admin, then enter the command 

logman query -ets

It must show zero loggers. If it shows some are still running, the programme doesn't work as expected.

logman query -ets.png

Link to comment
Share on other sites
FranceBB

FranceBB

Posted
  • Author
Posted

Thank you Dixel!

There's unfortunately one entry despite having unticked everything with the program posted before:

K73Z6vD.png

I went on to check the registry at the path you highlighted, namely

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger

but under WMI there's only Security, there's no "Autologger". Weird. O_o

CLsqGEK.png

 

Link to comment
Share on other sites
Dixel

Dixel

Posted
Posted
5 hours ago, FranceBB said:

Thank you Dixel!

There's unfortunately one entry despite having unticked everything with the program posted before:

K73Z6vD.png

I went on to check the registry at the path you highlighted, namely

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger

but under WMI there's only Security, there's no "Autologger". Weird. O_o

CLsqGEK.png

 

You're welcome, FranceBB! It would be a bit naive to think Microsoft will publicly share a programme that switches off all logging that easily. For me, after I ran the programme, the two pesky ones was there.

Namely, SCM and ETW. But it's on Vista. I had to dig them up manually. 

WUDFTrace is related to logging up drivers' activities. It's not in "security" group. It doesn't run on Vista by default. Did you debug drivers, by any chance?

https://learn.microsoft.com/en-us/windows-hardware/drivers/wdf/debugging-umdf-2-0-drivers

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...