Account keeps rebuilding itself on XP

Posted on 2011-10-26
Last Modified: 2012-05-12
I have an HP computer running windows XP Media Center.  Something happened and instead of the user booting up to HP_Administrator account as usual, he was booting up to an account HP_Administrator.MINEMINEMI.   I ran combofix and Malewarebytes multiple times.   Deleted multiple threats, but now those two apps come back saying it is runing clean.   But everytime I bootup it goes to the HP_Administrator.MINEMINEMI account.   SO I went to Safe Mode went to Administrator Account and deleted the HP_Administrator.MINEMINEMI.  BUt everytime I reboot into regular mode, it recreates the HP_Administrator.MINEMINE<MI account.  How do I stop this from happening?
Question by:syssolut
    LVL 10

    Expert Comment

    I would advise you download a program from called "Autoruns"

    This way you can check what is causing the start up issues.

    Be careful, these tools are very powerful
    LVL 87

    Assisted Solution

    Don't use the administrator account as a standard account. Rather create a new user account with a complete new name (like the name of the user of that PC. Then logon to that account and set it up the way you need it. Then delete the administrator account, and if the minemineme still exists also that one, when deleting make sure you also select to delete all files and folders in that account (back needed files up or copy them to the new account or to the public folder area before deleting the accounts).

    When done reboot, create a new Administrator Account, give it a good password. After that change the user's main user account to a standard, not administrator's account, but keep on using that one as the main account.
    LVL 22

    Expert Comment

    by:Dr. Klahn
    Suggest you run the Symantec online virus scanner using Internet Explorer.  It is amazingly slow to load, taking up to an hour the first time around, but it finds things other virus scanners do not.
    LVL 1

    Assisted Solution

    it's seem you have issue with current account

    to solve it just create anther username let's say it admin1

    give it administrator rights then login using admin1

    remove all old profiles (after you copy your files) then remove all users too.

    restart your machine

    login using admin1 again then create anther username (as you like) with rights you want

    login using that username and confirm is things good or still pointing to anther profiles.


    Author Comment

    I went in and ran Symantec online scanner, nothing, the computer is clean.   I went in and created a new account and tried to delete the old HP_Administrator but it says I cannot even though I am signed in under the new account with admin rights.   It says I cannot dete the "stub_data".   Access is denied.  There is also the normal account of Administrator that shows up under Safe Mode.   As for the HP_Administrator account, I was able to delete it under User Accounts with all it's files, but it still shows up under Explore and I cannot delte it.  The error message above shows up.   Any ideas?   Or am I going to have to copy files and restore to factory fresh?
    LVL 87

    Expert Comment

    Try deleting it in while safe mode.
    LVL 19

    Accepted Solution

    What you see is that you are not logged in under a different account, but a different profile.
    From what you mention i guess that your computer name is MINEMINEMI

    You have created a user account called HP_Administrator; Normally this user account gets a profile called HP_Administrator. But if the profile gets corrupted in some way (rights are removed, ntuser.dat has the wrong owner etc) a new profile is created with the computer name appended, thus the HP_Administrator.MINEMINEMI *profile* associated to the HP_Administrator *account*.

    Now that you have created a new account with a new profile you should be able to delete the old profile. Make sure in explorer - Folder and search options - View you enable "Show hidden files, folders and drives". In permissions of the folders you cannot delete (Properties - Security - Advanced - Owner) make yourself the owner of that folder and subfolders

    Author Closing Comment

    Thanks, the MINEMINEMI was the computer name as you said.  I did create a new account and delete that one account so now it just boots automatically to the new account.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
    Envision that you are chipping away at another e-business site with a team of pundit developers and designers. Everything seems, by all accounts, to be going easily.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    745 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now