group policy and programs reroute registry run a muck

[Dreadcaller]

I cant run anything outside the box they closed me in. I'm stuck with policy that even hilary clinton would feel bad having i will need more than regular help on this i don't think I can explain the amount of permissions issues i have in this whole forum. if anyone has the time to help with this ..... i'm out of fixes nothing i can do stops it.

 

[TwinHeadedEagle]

[MANDATORY] Preparation Guide Before Requesting Malware Removal Help

 

[Dreadcaller]

after i have tried to remove the crypto or encrypttion return files i have failed. I did my best too. If you are still willing to help me I have a fresh set of files. My windows was reset but i have managed to I think make this beast only manageable for a short time.

 

[TwinHeadedEagle]

Your computer seems clean now. What is the problem?

 

[Dreadcaller]

Sunday, September 24, 2017 7:46:18 PM
Administrative privileged user logged on.
Parsing template C:\Windows\inf\defltbase.inf.
----Configuration engine was initialized successfully.----

----Reading Configuration Template info...


----Configure User Rights...
SeImpersonatePrivilege must be assigned to administrators. This setting is adjusted.
SeImpersonatePrivilege must be assigned to SERVICE. This setting is adjusted.
Configure S-1-5-32-546.
remove SeInteractiveLogonRight.
Configure S-1-5-32-547.
remove SeNetworkLogonRight.
remove SeSystemtimePrivilege.
remove SeRemoteShutdownPrivilege.
remove SeIncreaseBasePriorityPrivilege.
remove SeInteractiveLogonRight.
remove SeProfileSingleProcessPrivilege.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-32-581.
remove SeNetworkLogonRight.
remove SeChangeNotifyPrivilege.
remove SeInteractiveLogonRight.
remove SeIncreaseWorkingSetPrivilege.
remove SeTimeZonePrivilege.
Configure S-1-5-19.
remove SeIncreaseWorkingSetPrivilege.
Configure S-1-5-20.
Configure S-1-5-32-544.
add SeRemoteInteractiveLogonRight.
remove SeIncreaseWorkingSetPrivilege.
Configure S-1-5-32-551.
add SeNetworkLogonRight.
add SeChangeNotifyPrivilege.
add SeBatchLogonRight.
Configure S-1-5-32-559.
add SeBatchLogonRight.
Configure S-1-5-32-545.
add SeUndockPrivilege.
add SeTimeZonePrivilege.
Configure S-1-1-0.
remove SeInteractiveLogonRight.
remove SeShutdownPrivilege.
remove SeRemoteInteractiveLogonRight.
Configure S-1-5-6.
Configure S-1-5-21-1581074486-2788444649-3155340798-501.
add SeInteractiveLogonRight.
add SeDenyNetworkLogonRight.
add SeDenyInteractiveLogonRight.
Configure S-1-5-90-0.
add SeIncreaseBasePriorityPrivilege.
Configure S-1-5-32-555.
add SeRemoteInteractiveLogonRight.
Configure S-1-5-80-0.
add SeServiceLogonRight.
Configure S-1-5-80-3139157870-2983391045-3678747466-658725712-1809340420.
add SeSystemProfilePrivilege.

User Rights configuration was completed successfully.


----Configure Group Membership...
Configure Users.
add INTERACTIVE.
add Authenticated Users.

Group Membership configuration was completed successfully.


----Configure Registry Keys...

Configuration of Registry Keys was completed successfully.


----Configure File Security...

File Security configuration was completed successfully.


----Configure Security Policy...
Configure password information.
Administrator account is disabled.
Guest account is disabled.

System Access configuration was completed successfully.
LSA anonymous lookup names setting : existing SD = DA;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17)(A;;0x801;;;AC)(A;;0x801;;;S-1-15-2-2).
LSA anonymous lookup names setting : computed SD = DD;;0x800;;;AN)(A;;0xf1fff;;;BA)(A;;0x20801;;;WD)(A;;0x801;;;AN)(A;;0x1000;;;LS)(A;;0x1000;;;NS)(A;;0x1000;;;S-1-5-17)(A;;0x801;;;AC)(A;;0x801;;;S-1-15-2-2).
Configure LSA anonymous lookup setting.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Configure machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Configure machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Configure machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Configure machine\software\microsoft\windows\currentversion\policies\system\scforceoption.
Configure machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Configure machine\software\microsoft\windows\currentversion\policies\system\undockwithoutlogon.
Configure machine\software\policies\microsoft\windows\safer\codeidentifiers\authenticodeenabled.
Configure machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Configure machine\system\currentcontrolset\control\lsa\crashonauditfail.
Configure machine\system\currentcontrolset\control\lsa\disabledomaincreds.
Configure machine\system\currentcontrolset\control\lsa\everyoneincludesanonymous.
Configure machine\system\currentcontrolset\control\lsa\fipsalgorithmpolicy\enabled.
Configure machine\system\currentcontrolset\control\lsa\forceguest.
Configure machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Configure machine\system\currentcontrolset\control\lsa\nolmhash.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymous.
Configure machine\system\currentcontrolset\control\lsa\restrictanonymoussam.
Configure machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Configure machine\system\currentcontrolset\control\session manager\kernel\obcaseinsensitive.
Configure machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Configure machine\system\currentcontrolset\control\session manager\protectionmode.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionpipes.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanserver\parameters\restrictnullsessaccess.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Configure machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Configure machine\system\currentcontrolset\services\ldap\ldapclientintegrity.

Configuration of Registry Values was completed successfully.
Configure log settings.

Audit/Log configuration was completed successfully.


----Configure available attachment engines...

Configuration of attachment engines was completed successfully.


----Un-initialize configuration engine...

 

[Dreadcaller]

my settings keep rolling back . And when I reboot my pc even just use standard shutdow, when i login my changes are never made. something don't jive. Every time I change the settings to my security or even the time on my pc nothing sticks, I'm in admin privilages when I make the changes...

 

[TwinHeadedEagle]

I don't think I can help you with this.