Apologies for the delay returning to your question - it's a nuisance having to work...
Not wanting to contradict previous advice you've received, I checked your malware topics, and your malware helper also feels that it should be sufficient to do the restore without also having to reformat the drive beforehand. A reformat in Windows XP style particularly would have no effect - Windows prior to Vista does not overwrite the drive even doing a full format.
If you wanted to be super-sure, you could use a utility like Active Killdisk to wipe the drive first, then do the restore again, but I'm not sure you would gain anything.
I think it will be more important to convince the operator of the system that a computer being used for business purposes must not be compromised by insecure activities. If this resulted in the bank account being emptied, or all the customers being scammed, the consequences could be very serious.
One factor in how best to proceed is what service pack level the system is restored to, which will be shown in My Computer/Properties. The higher the service pack, the less will need to be done before the system is safe to go on-line.
If it is SP3, you can go online and do updates once an Anti-Virus is installed. If it is SP2 or earlier, it needs to be brought up to SP3 using the installer or installers downloaded using another system.
I believe MS Security Essentials is a satisfactory AV, but I have known of it causing slow startup and lagging when used with XP, and I prefer the free Avast for my own purposes. I also like SuperAntiSpyware for malware scanning, but the free version doesn't monitor the system, you need to scan periodically or if something seems suspicious. There are numerous free security applications mentioned in this topic:http://www.bleepingcomputer.com/forums/topic3616.html
The Windows XP firewall is workable, but if a system may be prone to compromise, a more robust firewall could be advisable. The disadvantage of this is that a third-party firewall will normally ask the operator questions about what to allow, and a not-so computer literate user may not know how to reply. This can end up in less protection if everything ends up being allowed anyway, because the user finds blocking things may stop needed software from working.
Comodo has a reputation for being one of the best free firewalls, and it watches for unsafe actions that malware uses such as code injection that can escape other monitoring. But a while back Comodo did lose favor over difficulty preventing it from installing some toolbars, if I remember correctly, so I'm no longer familiar with it. I also liked Outpost Free firewall, but that has just ceased being supported by the developer. Zone Alarm is a long-standing favorite with many people.
You can purchase security suites from numerous respectable sources, but I'm not sure if they give greater protection, or how much. Any protection can fail at some time, especially if the computer gets used in a way that makes it extra vulnerable.
Edited by Platypus, 15 October 2010 - 05:15 AM.