Print Thread
cheshire_man
Tried it again, the same.
Started in Safe mode and to my surprise it came up with User login screen, myself (the only user on the PC) and one called DRAWDE. I had no idea what DRAWDE was so when the PC had started looked in Control Panel / Users, no sign of an alien user. Searched the Registry for DRAWDE, no sign.
So becoming somewhat bemused I went into Control Panel / Administrative Tools / Computer Management. Under Local Users and Groups I found 'drawde' (together with my own account, Guest, ASPNET, SUPPORT_388945a0, HelpAssistant - the last 2 were disabled). The description for 'drawde' said 'Built-in account for administering the computer/domain'. Being somewhat bemused, rather than deleting the user I disabled it and then rebooted.
It started fine and has been ok all day, including a reboot just now, to check.
It occurred to me that DRAWDE is an anagram of ADWARE and made we wonder whether it's crept in by some unwanted activity. I ran Superantispyware and Malwarebytes. The first found Adware tracking cookies, which it deleted but these are "usually" harmless. Malwarebytes reported two registry key infections:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.Any thoughts on what may be going on?
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.
For background I rebuilt the complete system last December and have been the only user.
Tony
