M
mcleod5.9
Guest
<powershell remoting scripts, local security policies configured for all manner of remote access, my machines are part of a domain, I am the Administrator in name only, and I am denied access to most processes running when i try to run a dump file, disk usage is a constant spike and fall 65-100%, upon bootup i watch the spinning wheel for around 17min on a black screen name. I didint know deployment was even in existance until i found it in all 5 machines win7pro on 3 win10pro on 2. exact symptoms abound...registry entries being renamed and scattered and computer nodes all begining MININT and thousands of NT special logon entries in event viewer, as well as 26GB undiscoverable on hdd and ssd alike. ="ADBackupCommonName" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="ADBackupSrkPubDigest" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="LastPPIRequest" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="NoPPIClear" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="NoPPIProvision" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="NoResourceVirtualizationOnNextReboot" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="PPIVersion_Test" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="WindowsAIKHash" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="WindowsAIKBinding" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteValue name="WindowsAIKPub" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI"></deleteValue> <deleteKey path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI\Admin"></deleteKey> <deleteKey path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI\Endorsement"></deleteKey> <deleteKey path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI\HealthCert"></deleteKey> <deleteKey path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\WMI\User"></deleteKey> <deleteKey path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\KeyAttestationKeys"></deleteKey> <deleteKey path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\PlatformQuoteKeys"></deleteKey> <deleteKey path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TPM\ODUID"></deleteKey> </registryActions></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-IE-Sysprep" version="11.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x1600"></sysprepOrder><sysprepModule methodName="Sysprep_Generalize_IE" moduleName="$(runtime.system32)\iesysprep.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-Sysprep-SpWinSAT" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x1700"></sysprepOrder><sysprepModule methodName="Sysprep_Clean_WinSAT" moduleName="$(runtime.system32)\spwinsat.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-SQMApi" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0400"></sysprepOrder><sysprepModule methodName="SqmSysprepGeneralize" moduleName="sqmapi.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-Sysprep-SpNet" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x1800"></sysprepOrder><sysprepModule methodName="Sysprep_Generalize_Net" moduleName="$(runtime.system32)\spnet.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-Cryptography" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x1E00"></sysprepOrder><sysprepModule methodName="CAPISysPrep_Generalize" moduleName="$(runtime.windows)\system32\capisp.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-Sysprep-SpBcd" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x1F00"></sysprepOrder><sysprepModule methodName="Sysprep_Generalize_Bcd" moduleName="$(runtime.system32)\spbcd.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-PortableWorkspaces-SysPrep" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x2000"></sysprepOrder><registryActions> <deleteValue name="PortableOperatingSystem" path="HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control"></deleteValue> </registryActions></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-PnpSysprep" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0500"></sysprepOrder><sysprepModule methodName="Sysprep_Generalize_Pnp" moduleName="$(runtime.system32)\sppnp.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-NetworkProfile" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x2100"></sysprepOrder><sysprepModule methodName="NetworkListManager_Generalize" moduleName="$(runtime.system32)\nlmsprep.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-IPv4IPv6CoexistenceMigration" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0600"></sysprepOrder><sysprepModule methodName="IphlpsvcSysprepGeneralize" moduleName="$(runtime.system32)\iphlpsvc.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-COM-DTC-Runtime" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x2200"></sysprepOrder><sysprepModule methodName="SysPrepDtcGeneralize" moduleName="$(runtime.windows)\system32\msdtcprx.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-NcdAutoSetup" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0700"></sysprepOrder><sysprepModule methodName="NcdAutoSetup_Generalize" moduleName="$(runtime.system32)\NcdAutoSetup.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-Sysprep-MountPointManager" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0800"></sysprepOrder><sysprepModule methodName="Sysprep_Generalize_MountPointManager" moduleName="$(runtime.system32)\spmpm.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-Sysprep-SpOpk" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0100"></sysprepOrder><sysprepModule methodName="Sysprep_Generalize_Opk" moduleName="$(runtime.system32)\spopk.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-SQMApi" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="wow64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0400"></sysprepOrder><sysprepModule methodName="SqmSysprepGeneralize" moduleName="sqmapi.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Client-License-Platform-Service" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x3500"></sysprepOrder><sysprepModule methodName="ClipCleanUpState" moduleName="$(runtime.system32)\clipc.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-TerminalServices-RemoteConnectionManager" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0A00"></sysprepOrder><sysprepModule methodName="RCMSysPrepGeneralize" moduleName="$(runtime.system32)\setup\tssysprep.dll"></sysprepModule></imaging><imaging exclude=""><assemblyIdentity name="Microsoft-Windows-WwanUI" version="10.0.17134.1" publicKeyToken="31bf3856ad364e35" processorArchitecture="amd64" versionScope="NonSxS"></assemblyIdentity><sysprepOrder order="0x0B00"></sysprepOrder><registryActions> <deleteKey path="HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\MultiModeScenarios\LastKnownLocation"></deleteKey> </registryActions></imaging><imaging exclude=""><assemblyIdentity name="Windows-Defender-Service" version="1\\\\ I S e t t i n g s / K e y b o a r d F i l t e r / P r e d e f i n e d K e y F i l t e r s / B r o w s e r F a v o r i t e s Øÿÿÿvk  €   RequiresReboot ˆÿÿÿnk  £w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ÈŸ x ÿÿÿÿ ª $ 11693eee-5053-5f60-bb6c-715d2969b2cd àÿÿÿvk  €   Level àÿÿÿvk ª £   Path Pÿÿÿ/ P o w e r / P o l i c y / S e t t i n g s / P r o c e s s o r / S c h e m e P e r s o n a l i t y / P r o f i l e / S e t t i n g / P e r f D e c r e a s e T i m e 1 ˆÿÿÿnk %m¥w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ØŸ x ÿÿÿÿ œ $ 11a4bb45-43e1-5096-aafc-1523b7420b85 àÿÿÿvk  €   Level àÿÿÿvk œ ˆ¤   Path
More...
ÿÿÿ/ P o w e r / P o l i c y / S e t t i n g s / P r o c e s s o r / S c h e m e P e r s o n a l i t y / P r o f i l e / S e t t i n g / C P H e a d r o o m ˆÿÿÿnk ~ϧw¸ÞÓ 0 ÿÿÿÿÿÿÿÿ èŸ x ÿÿÿÿ R $ 11b4424e-6514-560b-ad0b-eb2588443996 àÿÿÿvk  €   Level àÿÿÿvk R ॠ  Path ¨ÿÿÿ/ P o l i c i e s / E x p e r i e n c e / A l l o w S y n c M y S e t t i n g s ˆÿÿÿnk  £w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ °¦ x ÿÿÿÿ ¢ $ 11b8dc54-f53d-5f86-b828-10c4823efcc9 ðÿÿÿÀ¦ ঠàÿÿÿvk  €   Level àÿÿÿvk ¢ §   Path Xÿÿÿ/ P o w e r / P o l i c y / S e t t i n g s / P r o c e s s o r / S c h e m e P e r s o n a l i t y / P r o f i l e / S e t t i n g / M a x F r e q u e n c y 1 ˆÿÿÿnk %m¥w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ¨ x ÿÿÿÿ  $ 11cfd3d3-1003-5aa3-a715-1227ddf40033 ðÿÿÿ0¨ P¨ àÿÿÿvk  €   Level àÿÿÿvk  p¨   Path 8ÿÿÿ/ P o w e r / P o l i c y / S e t t i n g s / D i s p l a y / S c h e m e P e r s o n a l i t y / D e f a u l t / S e t t i n g / A l l o w A d a p t i v e B r i g h t n e s s / A c V a l u e ˆÿÿÿnk n¨ w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ °© x ÿÿÿÿ Œ $ 122601ef-d093-575d-8fa4-73a3bb90d6f2 ðÿÿÿÀ© à© àÿÿÿvk  €   Level àÿÿÿvk Œ ª   Path pÿÿÿ/ C o n n e c t i v i t y P r o f i l e s / W i F i S e n s e / S y s t e m C a p a b i l i t i e s / C o e x i s t e n c e S u p p o r t ˆÿÿÿnk 1”¬w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ « x ÿÿÿÿ 4 $ 1263463e-4356-53ea-b261-636be75c5d1c ðÿÿÿ« 8« àÿÿÿvk  €   Level àÿÿÿvk 4 X«   Path Èÿÿÿ/ A c c o u n t s / A z u r e / A u t h o r i t y ˆÿÿÿnk Ü1ªw¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ¬ x ÿÿÿÿ X $ 12b8610c-6aef-5de7-b833-4fb15b7feef7 ðÿÿÿ¬ 8¬ àÿÿÿvk  €   Level àÿÿÿvk X X¬   Path ÿÿÿ/ P o l i c i e s / K i o s k B r o w s e r / B l o c k e d U r l E x c e p t i o n s ˆÿÿÿnk  £w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ 0 x ÿÿÿÿ ® $ 12e6743d-5da6-5c38-9bce-65247e241222 ðÿÿÿ@ àÿÿÿvk  €   Level àÿÿÿvk ® €   Path Hÿÿÿ/ P o w e r / P o l i c y / S e t t i n g s / P r o c e s s o r / S c h e m e P e r s o n a l i t y / P r o f i l e / S e t t i n g / P e r f A l l o w T h r o t t l i n g ˆÿÿÿnk Ü1ªw¸ÞÓ 0 ÿÿÿÿÿÿÿÿ °® x ÿÿÿÿ  8 $ 12f3cd3d-0959-5906-8e4a-91f36c72fec5 ðÿÿÿÀ® à® @¯ àÿÿÿvk  €   Level àÿÿÿvk 8 ¯   Path Àÿÿÿ/ U n i f i e d W r i t e F i l t e r / V o l u m e s Øÿÿÿvk  €   RequiresReboot ðÿÿÿx¯ ˜¯ àÿÿÿvk  €   Level àÿÿÿvk ² ˜°   Path ðÿÿÿȱ è± ðÿÿÿ0³ P³ ðÿÿÿ€´ ´ ðÿÿÿxµ ˜µ 0¶  hbin °  ˆÿÿÿnk  £w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ h¯ x ÿÿÿÿ ² $ 13247c24-9016-5e03-9799-45ecfa87fda5 Hÿÿÿ/ P o w e r / P o l i c y / S e t t i n g s / P r o c e s s o r / S c h e m e P e r s o n a l i t y / P r o f i l e / S e t t i n g / P e r f D e c r e a s e T h r e s h o l d ˆÿÿÿnk %m¥w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ¸¯ x ÿÿÿÿ ¦ $ 1330cc5f-54b8-5409-a720-34af5ab1aba5 àÿÿÿvk  €   Level àÿÿÿvk ¦ ²   Path Pÿÿÿ/ P o w e r / P o l i c y / S e t t i n g s / D i s k / S c h e m e P e r s o n a l i t y / D e f a u l t / S e t t i n g / M a x D i s k P o w e r / A c V a l u e ˆÿÿÿnk Ü1ªw¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ȯ x ÿÿÿÿ Ž $ 1348d3d6-134b-5eb8-8f89-96c44bf9aa0b àÿÿÿvk  €   Level àÿÿÿvk Ž p³   Path hÿÿÿ/ P r o v i s i o n i n g C o m m a n d s / P r i m a r y C o n t e x t / C o m m a n d / C o m m a n d C o n f i g / C o m m a n d F i l e ˆÿÿÿnk 1”¬w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ د x ÿÿÿÿ < $ 13a2c208-cb07-5510-8186-0313a9a51c59 àÿÿÿvk  €   Level àÿÿÿvk < À´   Path Àÿÿÿ/ H o t S p o t / D e d i c a t e d C o n n e c t i o n s ˆÿÿÿnk Ü1ªw¸ÞÓ 0 ÿÿÿÿÿÿÿÿ è¯ x ÿÿÿÿ  p $ 13afd0ac-5985-5b15-8c9e-64ca3deb4e78 àÿÿÿvk  €   Level àÿÿÿvk p ¸µ   Path ˆÿÿÿ/ S M I S e t t i n g s / K e y b o a r d F i l t e r / P r e d e f i n e d K e y F i l t e r s / A l t T a b Øÿÿÿvk  €   RequiresReboot ˆÿÿÿnk Ü1ªw¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ж x ÿÿÿÿ F $ 13da1b3f-1ac9-5f43-824a-cbdaaf1f652d ðÿÿÿච· àÿÿÿvk  €   Level àÿÿÿvk F ·   Path °ÿÿÿ/ P o l i c i e s / K i o s k B r o w s e r / B l o c k e d U r l s ˆÿÿÿnk n¨ w¸ÞÓ 0 ÿÿÿÿÿÿÿÿ è· x ÿÿÿÿ X $ 14060c9c-27e2-52ec-b863-b8bf95a7f272 ðÿÿÿø· ¸ àÿÿÿvk  €   Level àÿÿÿvk X 8¸   Path ÿÿÿ/ P o l i c i e s / C o n n e c t i v i t y / A l l o w V P N O v e r C e l l u l a r ˆÿÿÿnk Ü1ªw¸ÞÓ 0 ÿÿÿÿÿÿÿÿ ¹ x ÿÿÿÿ \ $ 142ab9ad-88f5-5584-9e56-b3170c75ba8e ðÿÿÿ ¹ @¹ àÿÿÿvk  €   Level àÿÿÿvk \ `¹   Path ÿÿÿ/ P o l i c i e s / K i o s k B r o w s e r / E n a b l e E n d S e s s i o nMore...