@ECHO OFF
ECHO ==================================================================
ECHO REMSAV-ALL-190.BAT
ECHO ------------------------------------------------------------------
ECHO Sophos Anti-Virus 4/5/6/7.x -- Removal Script V1.90 (Test Release)
ECHO Copyright (c) 2007, Sophos Plc, http://www.sophos.com
ECHO. 
ECHO 		DO NOT DISTRIBUTE WITHOUT THE PRIOR CONSENT OF
ECHO 			SOPHOS TECHNICAL SUPPORT.
ECHO.
ECHO NOTE: Please make a full backup of the computer before you continue.
ECHO.
ECHO    Do NOT run this script on computers with the following:-
ECHO    -- Small Business Edition
ECHO    -- Enterprise Console
ECHO    -- EM Library
ECHO    -- PureMessage
Echo.
ECHO Script intended for use on Windows 2000/XP/2003/Vista ONLY.
ECHO. 
ECHO Press Ctrl-C to Cancel.
ECHO ==================================================================
ECHO.
Pause
CLS

ECHO Checking Requirements...
if exist "%PROGRAMFILES%\Sophos\Enterprise Console" (
	Echo.
	Echo Enterprise Console found, aborting script.
	Echo.
	pause
	Exit
)

if exist "%PROGRAMFILES%\Sophos\PureMessage" (
	Echo.
	Echo PureMessage found, aborting script.
	Echo.
	pause
	Exit
) 

if exist "%PROGRAMFILES%\Sophos Enterprise Manager" (
	Echo.
	Echo EM Library found, aborting script.
	Echo.
	pause
	Exit
) 
if exist "%PROGRAMFILES%\Sophos\SCC" (
	Echo.
	Echo SBE found, aborting script.
	Echo.
	pause
	Exit
) 

if exist "%PROGRAMFILES%\Sophos\Sophos Client Firewall" (
	Echo.
	Echo Sophos Client Firewall found, aborting script.
	Echo.
	pause
	Exit
) 

ECHO Completed.

ECHO.
ECHO Checking for Vista (1)...
ver|find "Version 6.0" >NUL
if %errorlevel% equ 0 (
	Echo.
	Echo Found: Changing UAC mode to silent...
	ECHO REGEDIT4 > %temp%\sopuac.reg
	ECHO. >> %temp%\sopuac.reg
	ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] >> %temp%\sopuac.reg
	ECHO "ConsentPromptBehaviorAdmin"=dword:00000000 >> %temp%\sopuac.reg
	regedit /S %temp%\sopuac.reg >NUL 2>NUL
	ECHO Completed.
) ELSE (Echo Vista not found.)

ECHO.
ECHO Killing Active Sophos Processes...
TASKKILL /F /IM "Almon.exe" >NUL 2>NUL
TASKKILL /F /IM "ICMON.exe" >NUL 2>NUL
Echo Completed.

ECHO.
ECHO Performing Regular Uninstall...
MSIEXEC /X {15C418EB-7675-42be-B2B3-281952DA014D} /qn 2>NUL
MSIEXEC /X {C12953C2-4F15-4A6C-91BC-511B96AE2775} /qn 2>NUL
MSIEXEC /X {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} REBOOT=SUPPRESS /qn 2>NUL
MSIEXEC /X {034759DA-E21A-4795-BFB3-C66D17FAD183} REBOOT=SUPPRESS /qn 2>NUL
MSIEXEC /X {FF11005D-CBC8-45D5-A288-25C7BB304121} /qn 2>NUL
"%PROGRAMFILES%\Sophos Sweep for NT\Setup.exe" -ni -force -remove 2>NUL
ECHO Completed.

ECHO.
ECHO Performing MSI Cleanup On Sophos Components...
"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {15C418EB-7675-42be-B2B3-281952DA014D} >NUL 2>NUL
"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {09C6BF52-6DBA-4A97-9939-B6C24E4738BF} >NUL 2>NUL
"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {C12953C2-4F15-4A6C-91BC-511B96AE2775} >NUL 2>NUL
"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {FF11005D-CBC8-45D5-A288-25C7BB304121} >NUL 2>NUL
"%PROGRAMFILES%\Windows Installer Clean Up\MSIZAP.EXE" tw {034759DA-E21A-4795-BFB3-C66D17FAD183} >NUL 2>NUL
Echo Completed.

ECHO.
ECHO Constructing Registry Keys For Removal...
ECHO Completed.

ECHO REGEDIT4 > %TEMP%\SOTMP.REG
ECHO. >> %TEMP%\SOTMP.REG

REM ====** Registry Keys marked for Removal **=====================================================================

REM === MSI Installer GUIDs ===
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Products\AD957430A12E5974FB3B6CD671AF1D38] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_CLASSES_ROOT\Installer\Features\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\Features\AD957430A12E5974FB3B6CD671AF1D38] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_CLASSES_ROOT\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\AD957430A12E5974FB3B6CD671AF1D38] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\AD957430A12E5974FB3B6CD671AF1D38] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\E932B7952303A1943A2218777329E5A8] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\0D6888B32A8929940ACA98A3DEBB94B4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A2ECF5789F971654CBB5476964870E94] >> %TEMP%\SOTMP.REG

ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\25FB6C90ABD679A499936B2CE47483FB] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BE814C515767eb242B3B829125AD10D4] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\2C35921C51F4C6A419CB15B169EA7257] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D50011FF8CBC5D542A88527CBB031412] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\AD957430A12E5974FB3B6CD671AF1D38] >> %TEMP%\SOTMP.REG

REM === Sophos Application Settings ===
ECHO [-HKEY_CURRENT_USER\Software\Sophos] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\Software\Sophos] >> %TEMP%\SOTMP.REG

REM === Sophos Uninstall Keys ===
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15C418EB-7675-42be-B2B3-281952DA014D}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C12953C2-4F15-4A6C-91BC-511B96AE2775}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FF11005D-CBC8-45D5-A288-25C7BB304121}] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{034759DA-E21A-4795-BFB3-C66D17FAD183}] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVONACCESS] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Sophos Message Router] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\Sophos Anti-Virus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

REM === Sophos Services Set01 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVOnAccess] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SAVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Set02 === 
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SAVONACCESS] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Set02 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Sophos Message Router] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\Sophos Anti-Virus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
       
REM === Sophos Services Set02 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVOnAccess] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SAVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Set03 === 
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SAVONACCESS] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Set03 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Sophos Message Router] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\Application\Sophos Anti-Virus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
       
REM === Sophos Services Set03 ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SAVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SAVOnAccess] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SAVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG

REM === Sophos Legacy Services Current=== 
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVONACCESS] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVADMINSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVONACCESS_CONTROL] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVONACCESS_FILTER] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SAVSERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_AGENT] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_AUTOUPDATE_SERVICE] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SOPHOS_MESSAGE_ROUTER] >> %TEMP%\SOTMP.REG

REM === Sophos Event Log Registration Current ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Sophos Message Router] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SophosAntiVirus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Sophos Anti-Virus] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG

REM === Sophos Services Current ===
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVAdminService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\ControlControlSet\Services\SAVOnAccess] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess Control] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess Filter] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVService] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Agent] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos AutoUpdate Service] >> %TEMP%\SOTMP.REG
ECHO [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Message Router] >> %TEMP%\SOTMP.REG

REM === Sohos 4.x Removal ===

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] >> %TEMP%\SOTMP.REG
echo "Sweep95"=%nulvar% >> %TEMP%\SOTMP.REG
echo "InterCheckMonitor"=%nulvar% >> %TEMP%\SOTMP.REG
echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] >> %TEMP%\SOTMP.REG
echo "Sweep95"=%nulvar% >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VxD\Sophos ICSTATIC] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Sophos-Sweep95] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Sophos-SweepNT] >> %TEMP%\SOTMP.REG
echo [-HKEY_CURRENT_USER\Software\Sophos\SweepNT] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SweepNT] >> %TEMP%\SOTMP.REG
echo [-HKEY_USERS\.DEFAULT\Software\Sophos\SweepNT] >> %TEMP%\SOTMP.REG

REM === CurrentControlSet ===

echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\SweepNT] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Control] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Filter] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\InterCheck Support 12] >> %TEMP%\SOTMP.REG

echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Control] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Filter] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\InterCheck Support 12] >> %TEMP%\SOTMP.REG

echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_CONTROL] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_FILTER] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_INTERCHECK_SUPPORT_12] >> %TEMP%\SOTMP.REG

echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MEMSWEEP] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SWEEPNET] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SWEEPSRV.SYS] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SWEEPUPDATE] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWEEPNET] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWEEPSRV.SYS] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SWEEPUPDATE] >> %TEMP%\SOTMP.REG

REM === ControlSet001 ===

echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\SweepNT] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Control] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Filter] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\InterCheck Support 12] >> %TEMP%\SOTMP.REG

echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Control] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Filter] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\InterCheck Support 12] >> %TEMP%\SOTMP.REG

echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_CONTROL] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_FILTER] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_INTERCHECK_SUPPORT_12] >> %TEMP%\SOTMP.REG
       
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SWEEPNET] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SWEEPSRV.SYS] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SWEEPUPDATE] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SWEEPNET] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SWEEPSRV.SYS] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SWEEPUPDATE] >> %TEMP%\SOTMP.REG

REM === ControlSet002 ===

echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\SweepNT] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Control] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Filter] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\System\InterCheck Support 12] >> %TEMP%\SOTMP.REG

echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Control] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Filter] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\InterCheck Support 12] >> %TEMP%\SOTMP.REG

echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_CONTROL] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_FILTER] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_01] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_02] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_03] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_04] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_05] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_06] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_07] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_08] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_09] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_10] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_11] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_INTERCHECK_SUPPORT_12] >> %TEMP%\SOTMP.REG
       
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MEMSWEEP] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SWEEPNET] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SWEEPSRV.SYS] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SWEEPUPDATE] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SWEEPNET] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SWEEPSRV.SYS] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SWEEPUPDATE] >> %TEMP%\SOTMP.REG

REM === Remote Update Reg Entries ===

echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Remote Update] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CacheMgr] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CacheMgr] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CacheMgr] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CACHEMGR] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_CACHEMGR] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CACHEMGR] >> %TEMP%\SOTMP.REG
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Remote Update] >> %TEMP%\SOTMP.REG

REM === BOPS ===

echo [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] >> %TEMP%\SOTMP.REG
echo "AppInit_DLLs"=%nulvar% >> %TEMP%\SOTMP.REG

REM ==== AppInit_DLLs BACKUP ====
REGEDIT /E %temp%\AppInit_BAK.reg "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\"

REM === Remove InProgress (Suspended Installers)
echo [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Inprogress] >> %TEMP%\SOTMP.REG

REM ==============================================================================================================

ECHO.
ECHO Stopping Sophos Services...
net stop "Sophos Agent" >NUL 2> NUL
net stop "Sophos Anti-Virus" >NUL 2> NUL
net stop "Sophos Anti-Virus status reporter" >NUL 2> NUL
net stop "Sophos AutoUpdate Service" >NUL 2> NUL
net stop "Sophos Message Router" > NUL 2> NUL
net stop sweepupdate > NUL 2> NUL
net stop sweepnet > NUL 2> NUL
net stop "Sophos Cache Manager" > NUL 2> NUL
ECHO Completed.

ECHO.
ECHO Unregistering Sophos DLLs...

REM === Sophos Anti-Virus DLLs ===
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\BackgroundScanClient.exe"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVCleanupService.exe"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavMain.exe"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavProgress.exe"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\AuthorisedLists.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\BackgroundScanning.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\Categories.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ComponentManager.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\Configuration.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\DesktopMessaging.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\detoured.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\DriveProcessor.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\EEConsumer.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\FilterProcessors.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\FSDecomposer.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ICAdapter.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ICManagement.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ICProcessors.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\LegacyConsumers.dll""
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\Localisation.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\Logging.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\msvcp71.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\msvcr71.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\osdp.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\Persistance.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavAdapter.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVI.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVI0.dll" 
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SAVMSCM.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavNeutralRes.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavRes.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResChs.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResCht.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResDeu.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResEng.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResEsp.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResFra.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResIt.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavResJap.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavShellExt.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ScanEditExports.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ScanEditFacade.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ScanManagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\Security.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SIPSManagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SophtainerAdapter.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SystemInformation.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ThreatDetection.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\ThreatManagement.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\Translators.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\veex.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\Sophos Anti-Virus\VirusDetection.dll"

REM === SAV 4.x DLLs ===
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\ACCESSDT.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\DESKRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\ELOGRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\ICHKRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\ICMONRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\ICNTSYS.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\ICSTAT.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\MEADAPTER.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\NMSGRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\OSDP.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SAVI.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SAVIREG.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SAVMSCM.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SHRDRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SMTPRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SNMPPP.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SNMPRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SNMPWRAP.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SWEEPNT.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SWOUTPUT.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\SWOUTRES.DLL"
regsvr32 /u /s "%PROGRAMFILES%\Sophos Sweep for NT\VEEX.DLL"

REM === Sophos AutoUpdate DLLs ===
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\AUAdapter.dll"
::regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\boost_date_time-vc71-mt-1_32.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ChannelUpdater.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\cidsync.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\config.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\crypto.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\EECustomActions.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\inetconn.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\InstlMgr.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ispsheet.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\libcurl.dll"
::regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\libeay32.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\Logger.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\retailer.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\SAUConfigDLL.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\swlocale.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\xmlcpp.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\xmlparse.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\xmltok.dll"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ALMon.exe"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ALsvc.exe"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\ALUpdate.exe"
regsvr32 /u /s "%PROGRAMFILES%\Sophos\AutoUpdate\AUAdapter.exe"
ECHO Completed.


ECHO.
ECHO Deleting Sophos Services...
"%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavService.exe" /UnregServer >NUL 2>NUL
"%PROGRAMFILES%\Sophos\Sophos Anti-Virus\SavAdminService.exe" /UnregServer  >NUL 2>NUL
"%PROGRAMFILES%\Sophos\Remote Management System\ManagementAgentNT.exe" -uninstall >NUL 2>NUL
"%PROGRAMFILES%\Sophos\Remote Management System\AutoUpdateAgentNT.exe" -uninstall >NUL 2>NUL
"%PROGRAMFILES%\Sophos\AutoUpdate\ALSvc.exe" /UnregServer >NUL 2>NUL
"%PROGRAMFILES%\Sophos\Remote Management System\RouterNT.exe" -uninstall >NUL 2>NUL
sc delete sweepupdate >NUL 2>NUL
sc delete sweepnet >NUL 2>NUL
ECHO Completed.

Echo.
ECHO Removing Sophos Installed Files...
RD /S /Q "%PROGRAMFILES%\SOPHOS\AutoUpdate" >NUL 2>NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\Sophos Anti-Virus" >NUL 2>NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\Remote Management System" >NUL 2>NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS\" >NUL 2>NUL
RD /S /Q "%ALLUSERSPROFILE%\Sophos" >NUL 2>NUL
RD /S /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos" >NUL 2>NUL
RD /s /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos" >NUL 2>NUL
RD /s /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos Anto-Virus" >NUL 2>NUL
RD /S /Q "%ALLUSERSPROFILE%\Application Data\Sophos" >NUL 2>NUL
RD /S /Q "%USERPROFILE%\Application Data\Sophos" >NUL 2>NUL
DEL /F /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk" >NUL 2>NUL
RD /S /Q "%WINDIR%\Installer\{09C6BF52-6DBA-4A97-9939-B6C24E4738BF}" >NUL 2>NUL
RD /S /Q "%WINDIR%\Installer\{15C418EB-7675-42be-B2B3-281952DA014D}" >NUL 2>NUL
RD /S /Q "%WINDIR%\Installer\{C12953C2-4F15-4A6C-91BC-511B96AE2775}" >NUL 2>NUL
RD /S /Q "%WINDIR%\Installer\{FF11005D-CBC8-45D5-A288-25C7BB304121}" >NUL 2>NUL
RD /S /Q "%WINDIR%\Installer\{034759DA-E21A-4795-BFB3-C66D17FAD183}" >NUL 2>NUL
DEL /F /Q "%WINDIR%\System32\Drivers\savonaccesscontrol.sys" >NUL 2>NUL
DEL /F /Q "%WINDIR%\System32\Drivers\savonaccessfilter.sys" >NUL 2>NUL
DEL /F /Q "%WINDIR%\System32\drivers\savonaccess.sys" >NUL 2>NUL
RD /S /Q "%PROGRAMFILES%\SOPHOS Sweep for NT" >NUL 2>NUL
DEL /F /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\InterCheck Monitor.lnk" >NUL 2>NUL
DEL /F /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Startup\Remote Update Monitor.lnk" >NUL 2>NUL
DEL /F /Q "%ALLUSERSPROFILE%\Start Menu\Programs\Sophos\Remote Update Monitor.lnk" >NUL 2>NUL
DEL /F /Q "%USERSPROFILE%\Start Menu\Programs\Startup\Remote Update Monitor.lnk" >NUL 2>NUL
RD /S /Q "%PROGRAMFILES%\Sophos\Remote Update" >NUL 2>NUL
ECHO Completed.

REM === Remove the typical Sophos account/groups for Sophos AutoUpdate ===
ECHO.
ECHO Removing Sophos Accounts and Groups...
Net user SophosSAU%COMPUTERNAME%0 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%1 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%2 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%3 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%4 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%5 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%6 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%7 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%8 /DELETE >NUL 2>NUL
Net user SophosSAU%COMPUTERNAME%9 /DELETE >NUL 2>NUL

Net localgroup SophosAdministrator /DELETE >NUL 2> NUL
Net localgroup SophosOnAccess /DELETE >NUL 2> NUL 
Net localgroup SophosPowerUser /DELETE >NUL 2> NUL 
Net localgroup SophosUser /DELETE >NUL 2> NUL 
ECHO Completed.

ECHO.
ECHO Changing Ownership on SAVI...
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos /setowner=Administrators >NUL 2>NUL
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0000 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0001 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0002 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0003 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0004 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0005 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0006 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0007 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0008 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-0009 /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-000a /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-000b /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-000c /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-000d /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-000e /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-Adapter /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SAV-Info /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\SavAdminService /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\Sophos Anti-Virus" /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\Sophos Anti-Virus Daily" /setowner=Administrators >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg "HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\SAVI\Sophos Anti-Virus InterCheck" /setowner=Administrators >NUL 2>NUL 
ECHO Completed.
ECHO.

ECHO Changing Permissions on SAVI...
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0000 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0001 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0002 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0003 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0004 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0005 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0006 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0007 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0008 /GRANT=Everyone=F >NUL 2>NUL  
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-0009 /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-000a /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-000b /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-000c /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-000d /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-000e /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-Adapter /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SAV-Info /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\SavAdminService /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg "HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\Sophos Anti-Virus" /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg "HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\Sophos Anti-Virus Daily" /GRANT=Everyone=F >NUL 2>NUL 
"%PROGRAMFILES%\Windows Resource Kits\Tools\subinacl.exe" /nostatistic /keyreg "HKEY_LOCAL_MACHINE\Software\Sophos\SAVI\Sophos Anti-Virus InterCheck" /GRANT=Everyone=F >NUL 2>NUL 
ECHO Completed.
ECHO.

ECHO Deleting SAVI...
REG DELETE HKLM\Software\Sophos\SAVI /F > NUL 2> NUL
ECHO REGEDIT4 > %TEMP%\SOSAVI.REG
ECHO. >> %TEMP%\SOSAVI.REG
ECHO [-HKEY_LOCAL_MACHINE\Software\Sophos\SAVI] >> %TEMP%\SOSAVI.REG
REGEDIT /S %TEMP%\SOSAVI.REG >NUL 2>NUL
ECHO Completed.

Echo.
ECHO Removing Sophos Registry Keys...
SC create SopReg binpath= "cmd /K START /WAIT REGEDIT /S %TEMP%\SOTMP.REG" type= own type= interact > NUL
sc start "SopReg" > NUL
sc delete "SopReg" > NUL
REGEDIT /S %TEMP%\SOTMP.REG >NUL 2>NUL
ECHO Completed.

ECHO.
ECHO Checking for Vista (2)...
ver|find "Version 6.0" >NUL
if %errorlevel% equ 0 (
	Echo.
	Echo Found: Changing UAC back to alert mode...
	ECHO REGEDIT4 > %temp%\sopuac.reg
	ECHO. >> %temp%\sopuac.reg
	ECHO [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] >> %temp%\sopuac.reg
	ECHO "ConsentPromptBehaviorAdmin"=dword:00000002 >> %temp%\sopuac.reg
	regedit /S %temp%\sopuac.reg >NUL 2>NUL
	ECHO Completed.
) ELSE (Echo Vista not found.)

REM === Deletes Temp files ===
DEL /F /Q %TEMP%\SOTMP.REG >NUL 2>NUL
DEL /F /Q %TEMP%\SOPUAC.REG >NUL 2>NUL
DEL /F /Q %TEMP%\SOSAVI.REG >NUL 2>NUL

ECHO.
ECHO ====================================================
ECHO                Script Completed.
ECHO.
ECHO please reboot the computer and run this script again
ECHO to remove files that may currently be in use.
ECHO ====================================================
Echo.
Pause
EXIT