What is the RID on the account?
So can you run this command from a elevated cmd prompt
C:\>wmic useraccount get name,sid
So you notice the Administrator RID the number on the end after the - is 500, this is the built in account. You can not delete this account.. So your saying this tool created an account, you sure it just didn't reset the password on the built in account.
If you run the command above you should get the SID of all the accounts on the machine. You can snip out the meat of the SID for privacy concerns, I am just curious if this was created account or the built in one.. Or your thinking its coming back if they named it admin or something and your seeing the administrator account. If its recreating the account then the RID would change also.
So if you run command, then delete the account - does it have the same RID (the last number after the -) Like my account budman is 1000, this was the first account created. If I delete budman, and create a new budman that rid would be different.. So example, created a test account
see the RID of 1003, then deleted it and created account with same name test and the RID is now 1004