BleepingComputer.com: Securing--Used Computer New to Me

Hi folks,

Great site! Been real helpful so far.

I just bought a used Lenovo ThinkPad T60 Intel Dual Core 2 ghz, 3gig ram (for $280 USD (Feb 2011), which I hope was a good deal) running Windows XP sp2.

The purchase did not include any OS disks, no reinstall, no restore, no nothing. But, the former owner sold it freshly wiped with XP Home sp2.

I do not currently own any OS disks, Windows XP or otherwise.

MY QUESTION: Can I ever be sure the former owner didn't leave behind some password grabbing, bank-account hacking malware?

These are the steps I have taken so far:

Changed Admin password
Downloaded and ran: Avira anti virus, free home use--all OK
Downloaded and ran: Malwarebytes' anti-malware--all OK
Downloaded and ran: CCleaner--checked the startup programs--all OK, registry cleaned OK
Downloaded and ran: WinPatrol--all OK
Updated Windows: licensed confirmed, fully updated to XP Pro sp3
Went to blackviper.com: tweaked services per his recommendations including turning off all remote access, terminal services, telnet, etc.
Downloaded and ran: TCPView--less certain here, but everything seems OK

I think the computer is now as safe as possible, as safe as randomly clicking on any unknown website.

Can I start using my computer now?

Thanks in advance for any thoughts on this matter.

Edit: Moved topic from Am I hacked? What do I do? to the more appropriate forum. ~ Animal

Ahhh...what forum did you move it to?

I found it; it's now under 'Am I infected, What do I do?'

Seems like you were pretty diligent with your approach. To be truly sure, though, you can use a firewall that does outbound program monitoring.

Then if there is something that is sending data, it will trigger the firewall and ask if you want to allow it. By looking at the filename and examining it, you can then determine what you want to do.

Thanks Grinler for your comments, and the compliment. It was diligent, wasn't it? Certainly took awhile.

Since I posted I also added SuperAntiSpyware and Comodo Firewall (stand alone).

Everything looks OK, but I had one question. All those outbound 'safe' svchost.exe's, couldn't there be some malicious code hiding in one of those?

Anything is possible, but you should check the services running under svchost to be sure by using this guide:

http://www.bleepingcomputer.com/tutorials/list-services-running-under-svchost.exe-process/

Thanks for the link.

That, I believe, is the final piece of the puzzle--Process Explorer. Now, nothing will happen on this machine with out me knowing about it.

I should get a job doing this

Good luck!