Hi ya'll, First off, in case you need to know, I have a Dell Inspiron laptop with DSL and it runs WindowsXP. My son was using my computer in ways I had no clue of. He had put on some sort of ghost program so everything he did was hidden. Security logs showed he would log on for 6 seconds and then sign off. He had a limited account with controlled access by my settings on my computer, and yet he was able to download and change program settings. He denies doing anything and says that I am "paranoid". Thanks to the security group here, I did a clean windows reinstall, so whatever he had on here is gone. But he is claiming innocence, that he never used the computer except to check email. I am trying to figure out some "proof" to be able to stand up to him with (I am a wuss). When I was figuring out something was wrong, I noticed that the registry listed both administrator and administrators. When I did a safe mode boot, "administrators" would show up with the icon of a kid on a skate board, yet every other administrator icon I have seen that's by default is the chess pieces. When I would try and enter the tech areas of Dell from his account, I couldn't access them, and yet he had all sorts of temp files from them. When I did the clean reboot, I kept a couple files that showed that he changed some settings in July. The reason I kept them is that they had the same date as most files that had to do with configuration did. I also know that whatever he had on here, it took up so much space that I kept running out of virtual memory. I decided that he had a partition when I (a) found a short cut to command prompt in his documents, and (b) when I ended up in this weird twilight zone kind of place with a safe boot one time. He and the administrator with the skateboard were the only 2 that existed in this other area. I was crying and asking if he knew what I could do to get my stuff back, and all he did was look at me with a flat face and tell me that I could get the pictures of my grandson back from my son again, so it wasn't a big deal. I took it to a computer person and she said I had a spy program on called hotkey, and that she had taken it off. She told me she couldn't tell where it came from or when it was put on, yet she also told me a half a dozen times that she couldn't believe how fast I had found it. I am just really confused, is there any chance he is telling the truth and he never did anything but use his limited account to check emails Can a limited user turn off all the history/cookies local settings type stuff, because he had absolutely none of that in his local settings. The local settings had lots of users, there was:me, administrator, administrators, NT local, NT authority, Default user, All users, and me. The computer is only used by my son and myself. The guest account is turned off. Does any of this sound as suspicious to anyone else as it does me? Does XP come with a ghost program (I think it was called GhostPad, and it was in the gtny folder, which I assumed was a normal folder in XP. Any help would be SOoooooooooooooooo appreciated. My son has been out of town with his job (yes, he is an adult, but he was so into porn stuff, that it got bad enough I put him on the limited account, as I wont have porn in my house) but gets home tonight. I need some sort of ammunition or I am sunk. Thanks for any help at all that ya'll can give me, just`i PS-I dont know if this means anything, but the security guys had me put zone alarm on for a firewall, and there was a computer that kept trying to get access to mine, until I finally told zone alarm to deny them always.