Windows 10: Strange Account I found in HKEY_USERS

I recently got a malware attack, luckily nothing bad happen, I resolved it, but when I go to regedit, I found these accounts in HKEY_USERS:S-1-5-18S-1-5-19S-1-5-20S-1-5-21-1822402108-566194498-1648361893-1001S-1-5-21-1822402108-566194498-1648361893-1001_ClassesThese are very strange, my laptop only have 2 accounts, I don't want to risk my laptop by removing them so I hope you guys can explain it for me,

:)

 

Strange Windows 10 User Account issue.

Unfortunately I had done those steps numerous reboots, it just, reappears for no good reason. The base account isn't even a Microsoft account, it's a local account.

I haven't quite tried the built in administrator account on W10, but so far in my experience on my own computer, the built in account seemed to have absolutely no more control than I did on my own.

It's just strange, I go in, it warns me twice about deleting the account, then it's gone. Reboot, and it's back?

EDIT: Just to specify, both command line and Netplwiz both say only HIS account exists on the computer, it doesn't list this rogue account. This is what I meant in my first post about the fact that even Windows doesn't seem to believe it exists, HALF the time. *Frown

 

Remove account

I suggest you backup your personalized files first before removing the account.
To delete an account, follow these steps:

1. Press WIN + X keys and click Command Prompt (Admin) from the menu.
2. Type the following command and press Enter. Replace test with the name of your sister's account. Code:

 

Microsoft account Sign in option under user account is not working

Hi NAvneet.

Many thanks for your help. But this didn't work.

Should I try the below procedure. Someone has suggested this method to similar query in other thread. Pls suggest:

Please follow the steps to enable the build in administrator and check if it helps:

• Use the power button on the sign-in screen to Shift+Restart. This will take you to the recovery boot menu.
  
• Click Troubleshoot, Advanced options, Startup settings. When given the choice of startup options, try booting the PC in
  Safe Mode with Command Prompt. If you can’t get there, skip to the next major step.
  
  • If you can get to a CMD window, enable the built-in administrator account:
    
    net user administrator /active:yes
    
  • Then restart and sign-in as the Administrator account.
  • Once in the Administrator account, open Regedit
    and go to the following key:
    
    HKEY_USERS\.DEFAULT\Software\Microsoft\IdentityCRL\StoredIdentities
  • Save a backup of the key: Export the StoredIdentities key to a .REG file on the desktop.
    
  • Then continue with step 4 below.
• Use boot media to access the recovery command prompt.
  
  • Start Regedit.
  • Select the HKEY_USERS key.
  • Click File, Load Hive. and go up in the file system to This PC. Then browse to this file and then click Open:
    
    C:\Windows\System32\config\DEFAULT
  • When prompted, name it “def”
  • Select this key:
    
    HKEY_USERS\def\Software\Microsoft\IdentityCRL\StoredIdentities
  • Save a backup of the key: Export the StoredIdentities key to a .REG file on the C:\ drive.
    
• Find the subkey under StoredIdentities that matches the name of the Microsoft Account.
  
• Delete the key.
• If you loaded the offline registry hive, go back up in the tree on the left and select “def”. Then click File,
  Unload hive. This option will only be available if “def” is selected.
  
• Restart the PC and test sign-in.
• Once done, you may need to Verify the account in Settings, Accounts in order for it to be fully usable in Windows again.
  
• If you used the built-in Administrator account to resolve the issue, please return it to the default disabled state to help keep the Computer secure. To do so follow the steps:
  net user administrator /active:no

Please create a new administrator account using the Microsoft Account and check.