[System.File] "%SystemRoot%\Panther\* [*]" "%SystemRoot%\Prefetch\* [*]" "%SystemRoot%\Tracing\* [*]" "%SystemRoot%\System32\LogFiles\* [*]" "%SystemRoot%\System32\wdi\sqm\* [*]" "%SystemRoot%\ime\IME$\* [*]" "%SystemRoot%\* [windowscodeintegrity.luacdf]" "%ProgramData%\* [windowscodeintegrity.luacdf]" "%ProgramFiles%\* [windowscodeintegrity.luacdf]" "%CSIDL_PROGRAM_FILESX86%\* [windowscodeintegrity.luacdf]" "%Public%\* [windowscodeintegrity.luacdf]" "%DEFAULTUSERPROFILE%\* [windowscodeintegrity.luacdf]" "%SystemRoot%\system32\migwiz\dlmanifests\* [*]" "%SystemRoot%\syswow64\migwiz\dlmanifests\* [*]" "%SystemRoot%\system32\migwiz\ReplacementManifests\* [*]" "%SystemRoot%\syswow64\migwiz\ReplacementManifests\* [*]" "%SystemDrive%\build\* [*]" "%SystemDrive%\InstalledRepository\* [*]" "%SystemDrive%\Packages\* [*]" "%SystemRoot%\system32\DriverStore\* [*]" "%SystemRoot%\system32\SMI\* [*]" "%SystemRoot%\servicing\* [*]" "%SystemRoot%\inf\nfssvr\$ [dsctrs.ini]" "%SystemRoot%\system32\$ [nfsmgmt.msc]" "%ProgramData%\Microsoft\Windows\GameExplorer\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]" "%ProgramData%\Microsoft\Windows\Start Menu\Programs\Games [Microsoft® Tinker™.lnk]" "%ProgramFiles%\Microsoft Games\Tinker [Microsoft® Tinker™.lnk]" "%ProgramFiles(x86)%\Microsoft Games\Tinker [Microsoft® Tinker™.lnk]" [System.Registry] "HKLM\Software\Microsoft\PowerShell\1\PowerShellSnapIns\IIsProviderSnapIn\* [*]" "HKLM\Software\Microsoft\Windows NT\CurrentVersion\SvcHost\ftpsvc\* [*]" "HKLM\System\CurrentControlSet\Services\EventLog\System\FTPSVC\* [*]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [AuthorizationAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [ErrorPagesAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [ConfigEditorAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [RequestFilteringAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [FastCgiAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [IisReportsAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [StaticIisReportsAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [RemoteManagementIisReportsAdminPackUIModule]" "HKLM\Software\Microsoft\WebManagement\Server\AdminPack [LogParserIisReportsAdminPackUIModule]" "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{7070D8E0-650A-46b3-B03C-9497582E6A74}\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UltSounds\* [*]" "HKLM\SOFTWARE\Classes\.HoldemSave-ms\* [*]" "HKLM\SOFTWARE\Classes\MicrosoftHoldEmSaveFile\* [*]" "HKLM\SOFTWARE\Microsoft\Assistance\Client\1.0\Namespaces\Windows\en-US\Titles [holdem]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\GameUX\Games\{8B415FB2-13D4-4419-83D3-07F0DF377A5E}\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\PropertySystem\PropertyHandlers\.HoldemSave-ms\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{BE800AEB-A440-4B63-94CD-AA6B43647DF9}\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{E31004D1-A431-41B8-826F-E902F9D95C81}\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{FFFEAFA1-75A5-40D5-923A-3782DF4B981D}\* [*]" "HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\DreamScene\* [*]" "HKLM\SOFTWARE\Classes\Interface\{FFFEAFA1-75A5-40D5-923A-3782DF4B981D}\* [*]" "HKLM\SOFTWARE\Classes\SystemFileAssociations\video\ShellEx\ContextMenuHandlers\DreamScene\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler [{E31004D1-A431-41B8-826F-E902F9D95C81}]" "HKLM\SOFTWARE\Classes\AppID\BdeHdCfg.exe\* [*]" "HKLM\SOFTWARE\Classes\AppID\{9E2BF908-7BAA-4ba5-B51E-20B11A1E321A}\* [*]" "HKLM\SOFTWARE\Classes\AppID\{d056ebce-e7e9-4994-a5e6-de59430306c1}\* [*]" "HKLM\SOFTWARE\Classes\AppID\{D620491F-6557-45ca-B781-0B69B34AFC54}\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{0C1037B2-0BC9-46a2-8DCC-64D7A542E4B8}\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{1A3B3A41-E996-4215-868F-4F1C6495BF5C}\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{9E2BF908-7BAA-4ba5-B51E-20B11A1E321A}\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{D620491F-6557-45ca-B781-0B69B34AFC54}\* [*]" "HKLM\SOFTWARE\Classes\CLSID\{EAA4C126-6DF4-4f8f-B101-CCEE45F70976}\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{1A3B3A41-E996-4215-868F-4F1C6495BF5C}\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-DrivePreparationTool/Admin\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-BitLocker-DrivePreparationTool/Operational\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{51bd93ee-1739-4261-b8e8-67970423a2a0}\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Applications\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Categories\Services\Games\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]" "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Extensibility\Entry Points\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]" "HKLM\Software\Microsoft\Windows\CurrentVersion\GameUX\Games\{47F97240-F857-4146-8F3D-7F16816BAE4E}\* [*]" "HKLM\Software\RegisteredApplications [Windows Mail]" "HKLM\Software\RegisteredApplications [Windows Mail (News)]" "HKLM\Software\Wow6432Node\RegisteredApplications [Windows Mail]" "HKLM\Software\Wow6432Node\RegisteredApplications [Windows Mail (News)]" "HKLM\Software\Classes\Microsoft Internet Mail Message\* [*]" "HKLM\Software\Classes\Microsoft Internet News Message\* [*]" "HKLM\Software\Classes\Wow6432Node\Microsoft Internet Mail Message\* [*]" "HKLM\Software\Classes\Wow6432Node\Microsoft Internet News Message\* [*]" [System.GAC] "[BDATunePIA,*]" "[ehCIR,*]" "[ehepg,*]" "[ehepgdat,*]" "[ehExtCOM,*]" "[ehexthost,*]" "[ehexthost32,*]" "[ehiActivScp,*]" "[ehiBmlDataCarousel,*]" "[ehiExtCOM,*]" "[ehiExtens,*]" "[ehiMsgr,*]" "[ehiiTV,*]" "[ehiPlay,*]" "[ehiProxy,*]" "[ehiReplay,*]" "[ehiTVDTVMusic,*]" "[ehiTVMSMusic,*]" "[ehiUPnP,*]" "[ehiUserXp,*]" "[ehiVidCtl,*]" "[ehiwmp,*]" "[ehiWUapi,*]" "[ehRecObj,*]" "[ehshell,*]" "[loadmxf,*]" "[mcepg,*]" "[mcglidhostobj,*]" "[mcplayerinterop,*]" "[mcstore,*]" "[mcstoredb,*]" "[mcupdate,*]" "[Mcx2Dvcs,*]" "[Microsoft.MediaCenter,*]" "[Microsoft.MediaCenter.BML,*]" "[Microsoft.MediaCenter.Interop,*]" "[Microsoft.MediaCenter.iTV,*]" "[Microsoft.MediaCenter.ITVVM,*]" "[Microsoft.MediaCenter.iTv.Hosting,*]" "[Microsoft.MediaCenter.iTV.Media,*]" "[Microsoft.MediaCenter.MHEG,*]" "[Microsoft.MediaCenter.Shell,*]" "[Microsoft.MediaCenter.Sports,*]" "[Microsoft.MediaCenter.TV.Tuners.Interop,*]" "[Microsoft.MediaCenter.Playback,*]" "[Microsoft.MediaCenter.UI,*]" "[SidebarGadget,*]" "[SonicMCEBurnEngine,*]" "[System.Web.Security.SingleSignOn,*]" "[System.Web.Security.SingleSignOn.resources,*]" "[System.Web.Security.SingleSignOn.ClaimTransforms,*]" "[Microsoft.Web.Security.SingleSignOn.Management.WS,*]" "[Microsoft.Web.Management.FtpRequestFiltering.dll,*]" "[Microsoft.Web.Management.FtpRequestFilteringClient.dll,*]" "[Microsoft.Web.Management.WebDAV,*]" "[Microsoft.Web.Management.WebDAVClient,*]" "[Microsoft.IIS.Powershell.Framework,*]" "[Microsoft.IIS.Powershell.Provider,*]" "[Microsoft.Web.FtpServer.dll ,*]" "[Microsoft.Web.Management.Ftp.dll,*]" "[Microsoft.Web.Management.FtpClient.dll,*] "[Microsoft.Web.Management.AdminPack.Client,*]" "[Microsoft.Web.Management.AdminPack.Server,*]" "[Microsoft.Web.Management.IisReports,*]" "[Microsoft.Web.Management.IisReports.Client,*]" [User.File] "%AppData%\Microsoft\Search\* [*]" "%USERPROFILE%\* [windowscodeintegrity.luacdf]" "%CSIDL_SENDTO% [compressed (zipped) folder.zfsendtotarget]" "%CSIDL_SENDTO% [desktop (create shortcut).desklink]" "%CSIDL_SENDTO% [desktop.ini]" "%CSIDL_SENDTO% [fax recipient.lnk]" "%CSIDL_SENDTO% [mail recipient.mapimail]" "%CSIDL_PROGRAMS%\accessories\accessibility [desktop.ini]" "%CSIDL_PROGRAMS%\accessories\accessibility [magnify.lnk]" "%CSIDL_PROGRAMS%\accessories\accessibility [narrator.lnk]" "%CSIDL_PROGRAMS%\accessories\accessibility [on-screen keyboard.lnk]" "%CSIDL_PROGRAMS%\accessories\accessibility [utility manager.lnk]" "%CSIDL_PROGRAMS%\accessories\communications [desktop.ini]" "%CSIDL_PROGRAMS%\accessories\communications [network connections.lnk]" "%CSIDL_PROGRAMS%\accessories\system tools [desktop.ini]" "%CSIDL_PROGRAMS%\accessories\system tools [lock.lnk]" "%CSIDL_PROGRAMS%\accessories\system tools [log off.lnk]" "%CSIDL_PROGRAMS%\accessories\system tools [msdt.lnk]" "%CSIDL_PROGRAMS%\accessories\system tools [power.lnk]" "%CSIDL_PROGRAMS%\accessories\system tools [show desktop.lnk]" "%CSIDL_PROGRAMS%\accessories [command prompt.lnk]" "%CSIDL_PROGRAMS%\accessories [desktop.ini]" "%CSIDL_PROGRAMS%\accessories [help.lnk]" "%CSIDL_PROGRAMS%\accessories [notepad.lnk]" "%CSIDL_PROGRAMS%\accessories [run.lnk]" "%CSIDL_PROGRAMS%\accessories [synchronize.lnk]" "%CSIDL_PROGRAMS%\accessories [windows explorer.lnk]" "%CSIDL_PROGRAMS% [desktop.ini]" "%CSIDL_PROGRAMS% [set program access and defaults.lnk]" "%CSIDL_PROGRAMS% [turn uap settings on or off.lnk]" "%USERPROFILE%\AppData\Local\Microsoft Games\HoldEm [HoldEmSettings.dat]" [User.Registry] "HKCR\CLSID\{90873572-3128-48F3-BB1F-72FBADED669E}\* [*]" "HKCR\Microsoft.IIS.XPath\* [*]" "HKCR\CLSID\{33AE0740-1E97-4BA0-BB54-838AF28C26D1}\* [*]" "HKCR\Microsoft.IIS.AppHostConfigPathNavigator\* [*]"