Run the cleanup script with the following syntax:

	cleanpcwmi.vbs computername UserID

The following are required:

1) Admin rights on the target host to be cleaned.
2) A UNC network share on which you can save files. If you want to use html,
   ftp, etc., it would work, but the script would have to be updated to do
   that.
3) WMI needs to be enabled on the host to be cleaned.
4) PSEXEC in your PATH.

It was designed to help clean a computer after a "minor" or "medium"
infection has done something, and the offending executable(s) has/have been
stopped and deleted. The goal is to make it much easier to remove files
where those viruses can and do stash themselves, but the system has not been
designated for either a forensic analysis or reinstalling the OS.

The scripts work on any computer with WMI running. This means WinNT4 (even
Win98 if you have it...), up to Win7/Win2008, and likely Win8, unless the
syntax has changed for the commands used on Win8.

The script waits until each WMI command issued is complete before it moves
on to the next.

It uses the SYSTEM account to run the batch script so it can clean out
everything not locked. That's why it needs PSEXEC in your path, which allows
this.

It logs everything, then renames the log file and uploads it to a folder
called \SCRIPTS\LOGS on the network share, so those two folders will have to
be created ahead of time.

It deletes the log file and the script from the remote host, then
disconnects the network drive mapping before it's done. This is why the
script should likely not be run *against* the same machine it's started
from.. ;)

It cleans up the following:

A) In the user profile specified:
	1)  temp files
	2)  Google Chrome, Firefox, and IE cache files and folders
	3)  Oracle JRE cache
	4)  Adobe and Macromedia Flash cache
	5)  'garbage' files, left over from failed application management
	6)  does a DIR of all EXE and DLL files to the logfile, which should
	    never be there

B) In the system:
	1)  empties the Recycle Bin
	2)  empties the System Restore points (malicious files can restore
	    themselves from this folder)
	3)  empties the Prefetch folder
	4)  empties the Network and System profiles
	5)  empties the Temp folder
	6)  empties the dllCache (malicious files can store themselves here)
	7)  empties Volume Shadow copies (malicious files can store
	    themselves here)
	8)  empties all .tmp, .dmp, .old, etc. files in the Windows and
	    subfolders
	9)  empties all files except the "normal" ones from the \drivers\etc
	    folder
	10) removes some hard-coded registry entries. Can be REMmed out or
	    replaced as needed
	11) Stops some processes. They can be REMmed out and easily replaced
	    by ones that kill all web browser and Office tasks before the
	    cleanup takes place.