Just bought used computer--secure?

[AreaMan]

Hi folks,

Great site! Been real helpful so far.

I just bought a used Lenovo ThinkPad T60 Intel Dual Core 2 ghz, 3gig ram (for $280 USD (Feb 2011), which I hope was a good deal) running Windows XP sp2.

The purchase did not include any OS disks, no reinstall, no restore, no nothing. But, the former owner sold it freshly wiped with XP sp2 installed.

I do not currently own any appropriate OS disks, so I can't start from scrath like I'd prefer..

MY QUESTION: Can I ever be sure the former owner didn't leave behind some password grabbing, bank-account hacking malware?

These are the steps I have taken so far:

Changed Admin password
Updated Windows: license confirmed, fully updated to XP Pro sp3
Searched multiple forums for related posts
Downloaded and ran: Avira anti virus, free home use--all OK
Downloaded and ran: Malwarebytes' anti-malware--all OK
Downloaded and ran: CCleaner--checked the startup programs--all OK, registry cleaned OK
Downloaded and ran: WinPatrol--all OK
Went to blackviper.com: tweaked services per his recommendations including turning off all remote access, terminal services, telnet, etc.
Downloaded and ran: TCPView--less certain here, but everything seems OK
Downloaded and ran: HiJack This--unknown file in Winsock LSP, but suggested to be harmless

I think the computer is now as safe as possible (with the exception of that unknown file), as safe as randomly clicking on any website.

Can I check my bank account now?

Thanks in advance for any thoughts on this matter.

 

[johnb35]

Whats the name of the unknown file in winsock? There are a lot of valid files that show up here.

Most likely you are fine. As far as reinstallation cd's, most laptops have a recovery partition on the hard drive that you boot into and it restores the computer to when you bought it. However, if the guy used his own reinstallation media to install windows then legally he is required to give that to you.

 

[jamesd1981]

if you have no reinstall media use a free program called MACRIUM REFLECT

it will create an image of you windows install and you can restore this image at anytime using the boot cd it directs you to create

 

[AreaMan]

Thanks John and James.

Here is that unknown winsock file:

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

 

[johnb35]

Thats a valid file. Providing you know how to read the log or you got help with the rest of the hijackthis log, you are good to go.

 

[AreaMan]

Thanks again John.

There were two little things that raised my suspicions above healthy paranoia. One, the NTDetect.com file is just hanging out in the open (my computer-->local disk (c-->and there it is); moving that cost me a couple hours. And two, the first time I went to Start Menu-->Run the dialog box was already filled out with 'regedit'.

 

[linkin]

That's normal, windows is set to remember what someone last typed into the run box. You can clear such things with CCleaner.

 

[dellxps420]

That's normal, windows is set to remember what someone last typed into the run box. You can clear such things with CCleaner.

i think thats a good thing or unless mate your watching porn on your pc and your parents use that computer lmfaoo.

 

[linkin]

Hence, CCleaner exists

 

[johnb35]

Thanks again John.

There were two little things that raised my suspicions above healthy paranoia. One, the NTDetect.com file is just hanging out in the open (my computer-->local disk (c-->and there it is); moving that cost me a couple hours. And two, the first time I went to Start Menu-->Run the dialog box was already filled out with 'regedit'.

If you go back to it and if regedit is still there, it will load the last spot where the last person access the registry. He may have changed the registered user or something.

 

[gamblingman]

I found this, which I would suggest you read AND print. Its a Lenovo Support page which covers some of what you have been wondering, its just a little more product-specific including the ThinkPad T60.

Lenovo Support - How to use the pre-boot service partition to recover your software .

And like johnb35 said, the guy you bought it from is required to give you the system disks, if he had them in the first place. Though, he may have just reinstalled it from the recovery partition. If you want the disks, Lenovo will most likely just send them to you for free, contact them and see what they'll do. If you do contact Lenovo for the disks, ask for the disks you can reinstall the OS from as well as the disk(s) to run the diagnostic/repair tools and the system utilities.

If it were me, I would reinstall fully... just to be on the safe side.