Go Premium for a chance to win a PS4. Enter to Win


I'm being gaslighted; need to figure out what's been done to my computer and who the phantom administrator is...

Posted on 2017-07-16
Medium Priority
Last Modified: 2017-08-11
Over the course of 5 years, my marriage has deteriorated considerably due to my spouse's extreme secretiveness (he's a quad Scorpio, for those in the know).  Recently, I needed a new laptop so he purchased one at Costco for me but after much digging around, I have found that not only am I not the administrator of my own damn laptop, but there are 3 other "users" showing up that have access to a network that I am excluded from.  In addition to that, everyone else belongs to a workgroup and a homegroup that I am refused access to.  I can't begin to express the depth of my anger but I assure you it is off the charts.

My spouse claims complete and utter ignorance, yet makes no effort to look into it and is not even remotely concerned about the situation.  Clearly, he is suspect.  I don't know crap about computers but I'm not an idiot, either.  I confiscated his laptop and refuse to give it back to him until I figure it out.  Problem is that I'm running out of time (I've decided to move out and divorce him) but I can't give up until I get answers.  It is literally killing me.  Anyway, if someone - anyone - can help me identify what I'm seeing, I would be beyond grateful.  I just want to move on with my life but I need closure desperately.  This man is trying to alter my reality with his gaslighting, completely disregarding how damaging it is to one's psyche.

I can get a list of downloaded programs - all done over a 24-hour period - that might point the way to a more enlightened individual.  Please, someone help me.

**I should also add that we have Century Link and it appears that my IP address is being used as a DMZ Host, whatever that is.  I'm wondering if he is involved with Torrents, live interactive webcam situations or internet groups of some sort.
Question by:Michele McWilliams
  • 3
  • 2
  • 2
  • +6
LVL 99

Assisted Solution

by:John Hurst
John Hurst earned 500 total points (awarded by participants)
ID: 42218504
I have found that not only am I not the administrator of my own laptop, but there are 3 other "users" showing up that have access to a network that I am excluded from

I am only going to address the issue I quoted here. Get a set of Windows 10 Recovery Media from the seller / vendor, reimage the machine and start again. That is what I would do so as to be able to use your own laptop.
LVL 20

Assisted Solution

Alan earned 500 total points (awarded by participants)
ID: 42218511

If you have reason to believe that your machine has software on it that you don't trust, I strongly recommend you backup all your data (or at least anything that you don't want to lose), image the machine (just in case you ever need to get it back to the current position), and then wipe it completely, and start from scratch with a clean install.

You say you don't know much about computers, so that might all sound quite intimidating.  If so, perhaps you have someone you do trust that could assist you with it (I would suggest 'assist' rather than let someone else do it all for you), or if not, maybe take it to a business that can help.  You might even find that you have some sort of 'support package' from the retailer (not sure who CostCo are, but presumably they are a retailer).

Good luck,

LVL 21

Expert Comment

ID: 42218620

I Also suggest to start from scratch with a clean install to make sure your system is clean.
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

LVL 32

Accepted Solution

masnrock earned 1000 total points (awarded by participants)
ID: 42219015
All of the advice above is basically the only way you're going to be able to trust your system again. What isn't being pointed out is the fact that if you do that and require the information for legal purposes later, you would've lost that data. Given your situation, I won't be surprised if you're going to need to preserve the data on the system, so I would highly recommend that you work on finding a computer forensics expert in coordination with the legal assistance that you seem to be needing for your delicate situation. You will lose access to the system for a while and may be better off getting another laptop to use in the meanwhile.
LVL 35

Expert Comment

ID: 42219402
i would buy a 1TB usb disk with a backup program included  and a 64 GB usb 3.1 stick. then move the notebook to a place where there is no wifi and clone the disk and make backup of all your data. then go to a friend and download the .iso of your windows version (you have Windows?) and copy it to the usb stick. log-in to your notebook (still you shouldn't be connected to your home wifi and better to no wifi at all). then get the Windows key from your current System if you don't have it somewhere. see at https://www.howtogeek.com/206329/how-to-find-your-lost-windows-or-office-product-keys/ for info.

you then should be able to access the .iso and use it like a DVD drive. use the windows setup from there. it will guide you to installing a clean system or would restore a clean recovery of your system if available at the disk. in both cases you would loose all personal data which is not backup'd.

LVL 10

Expert Comment

ID: 42219765
Costco has some of the best return policies around.
Screen shots of the network settings, and user accounts may be useful.
Most Win computers have provisions for a factory reinstall, out of the box condition.
Make and model and OS version would be useful for more complete answers.
LVL 99

Expert Comment

by:John Hurst
ID: 42219766
We have all suggested reimaging your computer. Back up first, of course, as we all do. Any feedback?
LVL 31

Expert Comment

ID: 42219939
If you have the Costco account, take it back and tell them things aren't working.  You'll get the full original price back.  If you need to keep the data for forensics, buy a new disk drive, swap out the disk in the Costco laptop.  Save the disk in a lockbox or a safe deposit box that only you have access.  Do not use the disk. if you need it as evidence.  Return the laptop and switch it or get a different one.  That should be much easier and definitely much quicker than re-imaging it.

Expert Comment

by:Network Zero
ID: 42222438
I would just use the computer offline and dig into as much information as you can find:

If you can get into "C:\Users" you should be able to see the folder of these people using your computer - also the modified time will show you an approximate time of when these people logged into your machine.

DMZ's are created when you want to complicate directly to the internet - most commonly for gaming. You can send over a list of the programs so I can check.

You can take the computer in to have the hard drive removed and get all the information if you want to start over just back up and reload windows.

Author Comment

by:Michele McWilliams
ID: 42226850
Sorry, everyone.  Our internet service was conveniently cut-off for the past couple of days.  Thank you for all the suggestions and for taking the time to respond to my situation.  I have purchased a Seagate external hard drive to back-up my system and then I will be wiping it clean and reinstalling.  

Network Zero, you understand my need to know.  I have been seriously digging around and everything I find seems to validate my suspicions, yet my spouse is vehemently denying knowing anything about it.  Keep in mind that I found a document outlining the contract with CenturyLink with his name on it and the website showing the modem stats is accessible to both of us so I can see the changes that were done to it.  We are also getting phone calls from numbers that are VOIP-related.  In addition to everything else I have, his bank account shows monthly charges of a little over $100 a month is "duesposted", which is a privacy-site for billing.  I believe it's for sex-cam interactive sites, and I believe his computer is set up for that, but there are groups involved so it could be one big circle-jerk for all I know.  Or something more sinister like the trading of illegal images, etc.  Either way, my computer is involved and I really need to get to the bottom of it.

Anyway, under "Network" is computer "Michele", and beneath that is 2 folders: "f" and "users".  The "f" folder is available for me to view sometimes and at other times, I get a message saying the network is restricted and I don't have access to it.  This is when I believe these groups have taken over my computer.  I have screenshots of the message if anyone needs to see them.  Under "users" besides me, there are 4 other "users" showing under my name:  darkd, default, default1 and public.  My Microsoft account was hacked and the password changed twice so they are all up in that, too.  Anyway, under "users" in "Properties", these groups have access to all of my files
default account
Distributed COM users
Event log readers
Performance log users
Performance monitor users
Remote management users
System managed accounts group

Another thing to consider is that he claims he has no cell phone, has never used Skype, Chat or IM, has only one email account that I have access to.  Deleted files shows a lot of Skype use, mobile apps, WinMail usage, offline storage, Microsoft email accounts with advanced security, online dating apps and sex-cam sites.  Also - and I can't remember the exact reason - but I got the impression that there is another OS on his laptop running Windows 7 (the main OS is Windows 10) that has a quick-switch feature, as well as very circumspect ways of launching it.  Does any of this sound plausible?  Please let me know Network Zero, before I keep rambling on.  And thank you so much for the additional assistance.
LVL 99

Expert Comment

by:John Hurst
ID: 42226852
Or something more sinister like the trading of illegal images, etc.  Either way, my computer is involved and I really need to get to the bottom of it.

I have purchased a Seagate external hard drive to back-up my system and then I will be wiping it clean and reinstalling.

Backup the drive as you suggest, format fully, and reinstall Windows.  Now see if the issues stop - They should stop. Do NOT connected this machine to your home / spouse's network. Get your own internet plan until you can determine was is going on.
LVL 31

Expert Comment

ID: 42226886
Hire someone.
LVL 20

Expert Comment

ID: 42250783
EE has requested that this question be closed.

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

885 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question