On a couple of our laptops a mystery account has shown up as being created. The format of the account is always the same, 12 characters long, the first 6 is always lower case and the last 6 is upper case as shown in images. I cannot find anything in the Event Viewer relating to the account being created or it doing anything. Our main concern is that the account is part of the Administrator group. Any ideas to find out what it is and when it was created. Now all of our computer, laptops and servers are all IBM and I came across the article below, which sounds like our issue. With there being a hidden installer account but what we are seeing is the account comiong and going randomly within a week. And ontop of it, we install Windows XP SP2 from scartch.