Run the cleanup script with the following syntax: cleanpcwmi.vbs computername UserID The following are required: 1) Admin rights on the target host to be cleaned. 2) A UNC network share on which you can save files. If you want to use html, ftp, etc., it would work, but the script would have to be updated to do that. 3) WMI needs to be enabled on the host to be cleaned. 4) PSEXEC in your PATH. It was designed to help clean a computer after a "minor" or "medium" infection has done something, and the offending executable(s) has/have been stopped and deleted. The goal is to make it much easier to remove files where those viruses can and do stash themselves, but the system has not been designated for either a forensic analysis or reinstalling the OS. The scripts work on any computer with WMI running. This means WinNT4 (even Win98 if you have it...), up to Win7/Win2008, and likely Win8, unless the syntax has changed for the commands used on Win8. The script waits until each WMI command issued is complete before it moves on to the next. It uses the SYSTEM account to run the batch script so it can clean out everything not locked. That's why it needs PSEXEC in your path, which allows this. It logs everything, then renames the log file and uploads it to a folder called \SCRIPTS\LOGS on the network share, so those two folders will have to be created ahead of time. It deletes the log file and the script from the remote host, then disconnects the network drive mapping before it's done. This is why the script should likely not be run *against* the same machine it's started from.. ;) It cleans up the following: A) In the user profile specified: 1) temp files 2) Google Chrome, Firefox, and IE cache files and folders 3) Oracle JRE cache 4) Adobe and Macromedia Flash cache 5) 'garbage' files, left over from failed application management 6) does a DIR of all EXE and DLL files to the logfile, which should never be there B) In the system: 1) empties the Recycle Bin 2) empties the System Restore points (malicious files can restore themselves from this folder) 3) empties the Prefetch folder 4) empties the Network and System profiles 5) empties the Temp folder 6) empties the dllCache (malicious files can store themselves here) 7) empties Volume Shadow copies (malicious files can store themselves here) 8) empties all .tmp, .dmp, .old, etc. files in the Windows and subfolders 9) empties all files except the "normal" ones from the \drivers\etc folder 10) removes some hard-coded registry entries. Can be REMmed out or replaced as needed 11) Stops some processes. They can be REMmed out and easily replaced by ones that kill all web browser and Office tasks before the cleanup takes place.