OK, stealth is the only option. The first requirement is a safe place for communicating, researching, and downloading stuff. Doing that on a compromised machine is most likely pointless. I know nothing about parental monitoring software. But one could get a good sense of its universe from searching.[0] Task Manager shows what's running, but Process Explorer is much more informative.[1] It doesn't require installation, or admin rights to run, and one can run it from a USB flash drive. Its use will be logged, of course, but at least it won't show up as an installed program. Right click on processes of interest, and select Properties. The Environment tab shows where logs etc might be found. The TCP/IP tab shows network activity and remote IPs/hosts. If there is stuff that requires admin rights to see, and there is some private time, booting with a Linux LiveCD would be useful. makeuseof recommends Hiren’s BootCD, The Ultimate Boot CD, and Knoppix.[2] If there's no evidence of sophisticated efforts, it might be worth using Portable VirtualBox[3,4] and a Ubuntu VM with LUKS.[5] However, using Portable VirtualBox would likely require admin rights to install drivers. It's fairly trivial to get admin rights in Windows.[6] And one could reverse all changes after installing drivers needed for Portable VirtualBox. But consequences of discovery might be painful. [to be continued] [0] https://search.disconnect.me/searchTerms/serp?search=46415e34-ef20-48fd-96b3... [1] https://technet.microsoft.com/en-us/sysinternals/bb896653.aspx [2] http://www.makeuseof.com/tag/5-best-rescue-disks-windows-system-restore/ [3] http://www.vbox.me/ [4] http://www.howtogeek.com/188142/use-portable-virtualbox-to-take-virtual-mach... [5] http://mirror.pnl.gov/releases/14.04/ubuntu-14.04.2-desktop-i386.iso [6] http://www.pcworld.com/article/2039773/regain-your-pcs-administrator-rights-...