[Version] Signature="$Chicago$" Provider=Nobody [DefaultInstall] AddReg=UnhookRegKey DelReg=del [UnhookRegKey] HKLM, Software\CLASSES\batfile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\comfile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\exefile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\piffile\shell\open\command,,,"""%1"" %*" HKLM, Software\CLASSES\regfile\shell\open\command,,,"regedit.exe "%1"" HKLM, Software\CLASSES\scrfile\shell\open\command,,,"""%1"" %*" HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Shell,0, "Explorer.exe" HKLM, software\microsoft\ole, EnableDCOM,0, "Y" HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusDisableNotify,0x00010001,0 HKLM, SOFTWARE\Microsoft\Security Center,FirewallDisableNotify,0x00010001,0 HKLM, SOFTWARE\Microsoft\Security Center,AntiVirusOverride,0x00010001,0 HKLM, SOFTWARE\Microsoft\Security Center,FirewallOverride,0x00010001,0 HKLM, SYSTEM\ControlSet001\Control\Lsa, restrictanonymous, 0x00010001,0 HKLM, SYSTEM\ControlSet002\Control\Lsa, restrictanonymous, 0x00010001,0 HKLM, SYSTEM\CurrentControlSet\Control\Lsa, restrictanonymous, 0x00010001,0 HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden, CheckedValue,0x00010001,0 [del] HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableRegistryTools HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\System,DisableCMD HKCU, Software\Microsoft\Windows\CurrentVersion\Policies\Explorer,NoFolderOptions HKLM, SOFTWARE\Microsoft\Windows\CurrentVersion\Run,ctfmon.exe HKLM, SYSTEM\ControlSet001\Services\kernelx86 HKLM, SYSTEM\ControlSet002\Services\kernelx86 HKLM, SYSTEM\CurrentControlSet\Services\kernelx86 HKLM, SYSTEM\CurrentControlSet\Services\mojbtjlt HKLM, SYSTEM\ControlSet001\Services\mojbtjlt HKLM, SYSTEM\ControlSet002\Services\mojbtjlt HKLM, SYSTEM\ControlSet001\Services\Passthru HKLM, SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate, DoNotAllowXPSP2 HKLM, SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate HKLM, SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ctfmon.exe