New
#70
That makes sense an come to think of it it did slow down after a Mbam update....thanks for that heads up.
That makes sense an come to think of it it did slow down after a Mbam update....thanks for that heads up.
I got an error with the Powershell script.
PS C:\WINDOWS\system32> wevtutil el | Foreach-Object {wevtutil cl "$_"} Failed to clear log Microsoft-Windows-USBVideo/Analytic.
The instance name passed was not recognized as valid by a WMI data provider.
hi @Brink
this should work for Microsoft-Windows-LiveId , to clean the log
might you please check and confirm ?
cheers
@echo off
net stop NcdAutoSetup
net stop netprofm
net stop NlaSvc
net stop EventLog
ping 1.1.1.1 -n 1 -w 1500 > nul
del /f /q /a %windir%\System32\winevt\Logs\*.* > nul
net start NcdAutoSetup
net start netprofm
net start NlaSvc
net start EventLog
for /f %%a in ('WEVTUTIL EL') do WEVTUTIL CL "%%a" > nul
Again, I wanted to delete all files in %windir%\System32\winevt\Logs\*.*
Naturally, Need firstly should be stopped netprofm & NlaSvc services, then the EventLog service. But sometimes netprofm & NlaSvc services can't stopped. Error: 1061.
I found a solution: Forced terminate of services. (Caution: Can cause unknown problems.)
Thanks Rishi in StackOverflow for the Powershell command trick.
Now, my final CleanEventViewerFiles.bat:
@echo off
net stop NcdAutoSetup /Y
net stop netprofm /Y
net stop NlaSvc /Y
net stop EventLog /Y
powershell -c "$ServicePID = (get-wmiobject win32_service | where { $_.name -eq 'NcdAutoSetup'}).processID; taskkill /f /pid $ServicePID"
powershell -c "$ServicePID = (get-wmiobject win32_service | where { $_.name -eq 'netprofm'}).processID; taskkill /f /pid $ServicePID"
powershell -c "$ServicePID = (get-wmiobject win32_service | where { $_.name -eq 'NlaSvc'}).processID; taskkill /f /pid $ServicePID"
powershell -c "$ServicePID = (get-wmiobject win32_service | where { $_.name -eq 'EventLog'}).processID; taskkill /f /pid $ServicePID"
ping 1.1.1.1 -n 1 -w 1500 > nul
del /f /q /a %windir%\System32\winevt\Logs\*.* >nul 2>nul
del /f /q /a %windir%\System32\WDI\LogFiles\*.* >nul 2>nul
net start NcdAutoSetup
net start netprofm
net start NlaSvc
net start EventLog
REM Recreating .EVTX files...
for /f %%a in ('WEVTUTIL EL') do WEVTUTIL CL "%%a" >nul 2>nul
pause
Last edited by pureocean; 22 Jul 2020 at 15:26. Reason: CODE tag replaces QUOTE