[System.File]
"%SystemRoot%\Panther\* [*]"
"%SystemRoot%\Prefetch\* [*]"
"%SystemRoot%\Tracing\* [*]"
"%SystemRoot%\System32\LogFiles\* [*]"
"%SystemRoot%\System32\wdi\sqm\* [*]"
"%SystemRoot%\ime\IME$\* [*]"
"%SystemRoot%\* [windowscodeintegrity.luacdf]"
"%ProgramData%\* [windowscodeintegrity.luacdf]"
"%ProgramFiles%\* [windowscodeintegrity.luacdf]"
"%CSIDL_PROGRAM_FILESX86%\* [windowscodeintegrity.luacdf]"
"%Public%\* [windowscodeintegrity.luacdf]"
"%DEFAULTUSERPROFILE%\* [windowscodeintegrity.luacdf]"
"%SystemRoot%\system32\migwiz\dlmanifests\* [*]"
"%SystemRoot%\syswow64\migwiz\dlmanifests\* [*]"
"%SystemRoot%\system32\migwiz\ReplacementManifests\* [*]"
"%SystemRoot%\syswow64\migwiz\ReplacementManifests\* [*]"
"%SystemDrive%\build\* [*]"
"%SystemDrive%\InstalledRepository\* [*]"
"%SystemDrive%\Packages\* [*]"
"%SystemRoot%\system32\DriverStore\* [*]"
"%SystemRoot%\system32\SMI\* [*]"
"%SystemRoot%\servicing\* [*]"
"%SystemRoot%\inf\nfssvr\$ [dsctrs.ini]"
"%SystemRoot%\system32\$ [nfsmgmt.msc]"
"%ProgramData%\Microsoft\Windows\GameExplorer\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]"
"%ProgramData%\Microsoft\Windows\Start Menu\Programs\Games [Microsoft® Tinker™.lnk]"
"%ProgramFiles%\Microsoft Games\Tinker [Microsoft® Tinker™.lnk]"
"%ProgramFiles(x86)%\Microsoft Games\Tinker [Microsoft® Tinker™.lnk]"

[System.Registry]
"HKLM\Software\Microsoft\PowerShell\1\PowerShellSnapIns\IIsProviderSnapIn\* [*]"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost\ftpsvc\* [*]"
"HKLM\System\CurrentControlSet\Services\EventLog\System\FTPSVC\* [*]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [AuthorizationAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [ErrorPagesAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [ConfigEditorAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [RequestFilteringAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [FastCgiAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [IisReportsAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [StaticIisReportsAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [RemoteManagementIisReportsAdminPackUIModule]"
"HKLM\Software\Microsoft\WebManagement\Server\AdminPack [LogParserIisReportsAdminPackUIModule]"

"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7070D8E0-650A-46b3-B03C-9497582E6A74}\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltSounds\* [*]"
"HKLM\SOFTWARE\Classes\.HoldemSave-ms\* [*]"
"HKLM\SOFTWARE\Classes\MicrosoftHoldEmSaveFile\* [*]"
"HKLM\SOFTWARE\Microsoft\Assistance\Client\1.0\Namespaces\Windows\en-US\Titles [holdem]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{8B415FB2-13D4-4419-83D3-07F0DF377A5E}\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.HoldemSave-ms\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{BE800AEB-A440-4B63-94CD-AA6B43647DF9}\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{FFFEAFA1-75A5-40D5-923A-3782DF4B981D}\* [*]"
"HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\DreamScene\* [*]"
"HKLM\SOFTWARE\Classes\Interface\{FFFEAFA1-75A5-40D5-923A-3782DF4B981D}\* [*]"
"HKLM\SOFTWARE\Classes\SystemFileAssociations\video\ShellEx\ContextMenuHandlers\DreamScene\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler [{E31004D1-A431-41B8-826F-E902F9D95C81}]"
"HKLM\SOFTWARE\Classes\AppID\BdeHdCfg.exe\* [*]"
"HKLM\SOFTWARE\Classes\AppID\{9E2BF908-7BAA-4ba5-B51E-20B11A1E321A}\* [*]"
"HKLM\SOFTWARE\Classes\AppID\{d056ebce-e7e9-4994-a5e6-de59430306c1}\* [*]"
"HKLM\SOFTWARE\Classes\AppID\{D620491F-6557-45ca-B781-0B69B34AFC54}\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{0C1037B2-0BC9-46a2-8DCC-64D7A542E4B8}\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{1A3B3A41-E996-4215-868F-4F1C6495BF5C}\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{9E2BF908-7BAA-4ba5-B51E-20B11A1E321A}\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{D620491F-6557-45ca-B781-0B69B34AFC54}\* [*]"
"HKLM\SOFTWARE\Classes\CLSID\{EAA4C126-6DF4-4f8f-B101-CCEE45F70976}\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{1A3B3A41-E996-4215-868F-4F1C6495BF5C}\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-DrivePreparationTool/Admin\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-DrivePreparationTool/Operational\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{51bd93ee-1739-4261-b8e8-67970423a2a0}\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Applications\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Categories\Services\Games\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Entry Points\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]"
"HKLM\Software\Microsoft\Windows\CurrentVersion\GameUX\Games\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]"
"HKLM\Software\RegisteredApplications [Windows Mail]"
"HKLM\Software\RegisteredApplications [Windows Mail (News)]"
"HKLM\Software\Wow6432Node\RegisteredApplications [Windows Mail]"
"HKLM\Software\Wow6432Node\RegisteredApplications [Windows Mail (News)]"
"HKLM\Software\Classes\Microsoft Internet Mail Message\* [*]"
"HKLM\Software\Classes\Microsoft Internet News Message\* [*]"
"HKLM\Software\Classes\Wow6432Node\Microsoft Internet Mail Message\* [*]"
"HKLM\Software\Classes\Wow6432Node\Microsoft Internet News Message\* [*]"


[System.GAC]
"[BDATunePIA,*]"
"[ehCIR,*]"
"[ehepg,*]"
"[ehepgdat,*]"
"[ehExtCOM,*]"
"[ehexthost,*]"
"[ehexthost32,*]"
"[ehiActivScp,*]"
"[ehiBmlDataCarousel,*]"
"[ehiExtCOM,*]"
"[ehiExtens,*]"
"[ehiMsgr,*]"
"[ehiiTV,*]"
"[ehiPlay,*]"
"[ehiProxy,*]"
"[ehiReplay,*]"
"[ehiTVDTVMusic,*]"
"[ehiTVMSMusic,*]"
"[ehiUPnP,*]"
"[ehiUserXp,*]"
"[ehiVidCtl,*]"
"[ehiwmp,*]"
"[ehiWUapi,*]"
"[ehRecObj,*]"
"[ehshell,*]"
"[loadmxf,*]"
"[mcepg,*]"
"[mcglidhostobj,*]"
"[mcplayerinterop,*]"
"[mcstore,*]"
"[mcstoredb,*]"
"[mcupdate,*]"
"[Mcx2Dvcs,*]"
"[Microsoft.MediaCenter,*]"
"[Microsoft.MediaCenter.BML,*]"
"[Microsoft.MediaCenter.Interop,*]"
"[Microsoft.MediaCenter.iTV,*]"
"[Microsoft.MediaCenter.ITVVM,*]"
"[Microsoft.MediaCenter.iTv.Hosting,*]"
"[Microsoft.MediaCenter.iTV.Media,*]"
"[Microsoft.MediaCenter.MHEG,*]"
"[Microsoft.MediaCenter.Shell,*]"
"[Microsoft.MediaCenter.Sports,*]"
"[Microsoft.MediaCenter.TV.Tuners.Interop,*]"
"[Microsoft.MediaCenter.Playback,*]"
"[Microsoft.MediaCenter.UI,*]"
"[SidebarGadget,*]"
"[SonicMCEBurnEngine,*]"

"[System.Web.Security.SingleSignOn,*]"
"[System.Web.Security.SingleSignOn.resources,*]"
"[System.Web.Security.SingleSignOn.ClaimTransforms,*]"
"[Microsoft.Web.Security.SingleSignOn.Management.WS,*]"
"[Microsoft.Web.Management.FtpRequestFiltering.dll,*]"
"[Microsoft.Web.Management.FtpRequestFilteringClient.dll,*]"
"[Microsoft.Web.Management.WebDAV,*]"
"[Microsoft.Web.Management.WebDAVClient,*]"
"[Microsoft.IIS.Powershell.Framework,*]"
"[Microsoft.IIS.Powershell.Provider,*]"
"[Microsoft.Web.FtpServer.dll ,*]"
"[Microsoft.Web.Management.Ftp.dll,*]"
"[Microsoft.Web.Management.FtpClient.dll,*]   
"[Microsoft.Web.Management.AdminPack.Client,*]"
"[Microsoft.Web.Management.AdminPack.Server,*]"
"[Microsoft.Web.Management.IisReports,*]"
"[Microsoft.Web.Management.IisReports.Client,*]"

[User.File]
"%AppData%\Microsoft\Search\* [*]"
"%USERPROFILE%\* [windowscodeintegrity.luacdf]"
"%CSIDL_SENDTO% [compressed (zipped) folder.zfsendtotarget]"
"%CSIDL_SENDTO% [desktop (create shortcut).desklink]"
"%CSIDL_SENDTO% [desktop.ini]"
"%CSIDL_SENDTO% [fax recipient.lnk]"
"%CSIDL_SENDTO% [mail recipient.mapimail]"
"%CSIDL_PROGRAMS%\accessories\accessibility [desktop.ini]"
"%CSIDL_PROGRAMS%\accessories\accessibility [magnify.lnk]"
"%CSIDL_PROGRAMS%\accessories\accessibility [narrator.lnk]"
"%CSIDL_PROGRAMS%\accessories\accessibility [on-screen keyboard.lnk]"
"%CSIDL_PROGRAMS%\accessories\accessibility [utility manager.lnk]"
"%CSIDL_PROGRAMS%\accessories\communications [desktop.ini]"
"%CSIDL_PROGRAMS%\accessories\communications [network connections.lnk]"
"%CSIDL_PROGRAMS%\accessories\system tools [desktop.ini]"
"%CSIDL_PROGRAMS%\accessories\system tools [lock.lnk]"
"%CSIDL_PROGRAMS%\accessories\system tools [log off.lnk]"
"%CSIDL_PROGRAMS%\accessories\system tools [msdt.lnk]"
"%CSIDL_PROGRAMS%\accessories\system tools [power.lnk]"
"%CSIDL_PROGRAMS%\accessories\system tools [show desktop.lnk]"
"%CSIDL_PROGRAMS%\accessories [command prompt.lnk]"
"%CSIDL_PROGRAMS%\accessories [desktop.ini]"
"%CSIDL_PROGRAMS%\accessories [help.lnk]"
"%CSIDL_PROGRAMS%\accessories [notepad.lnk]"
"%CSIDL_PROGRAMS%\accessories [run.lnk]"
"%CSIDL_PROGRAMS%\accessories [synchronize.lnk]"
"%CSIDL_PROGRAMS%\accessories [windows explorer.lnk]"
"%CSIDL_PROGRAMS% [desktop.ini]"
"%CSIDL_PROGRAMS% [set program access and defaults.lnk]"
"%CSIDL_PROGRAMS% [turn uap settings on or off.lnk]"
"%USERPROFILE%\AppData\Local\Microsoft Games\HoldEm [HoldEmSettings.dat]"

[User.Registry]
"HKCR\CLSID\{90873572-3128-48F3-BB1F-72FBADED669E}\* [*]"
"HKCR\Microsoft.IIS.XPath\* [*]"
"HKCR\CLSID\{33AE0740-1E97-4BA0-BB54-838AF28C26D1}\* [*]"
"HKCR\Microsoft.IIS.AppHostConfigPathNavigator\* [*]"