detect changes made to windows 7 pc

Posted on 2011-10-31
Last Modified: 2012-05-12
i had to hand my laptop over to my customers IT dept to install vpn, on my personal laptop.

i don't trust anyone, and this technician took my computer to his office for nearly a hour.

vpn is working great, but i'd like to know if any other system changes were made.

any tips/tricks to audit my laptop, and learn of anything else that this technician may have done?  honestly, i just want to make sure no keyloggers, intentional spyware was installed.  call me a freak, i just know how easy a system can be comprimised.

Question by:sknoll84
    LVL 6

    Accepted Solution

    In the search menu type in Event Viewer< administrative actions log will be one of the displays.
    You will be able to see what if any changes have been done to your computer.  Our IT dept. is know for installing "stuff" that they don't tell the end user that they installed.  By opening up event view you will be able to tell what action were taken by your IT dept.
    LVL 77

    Expert Comment

    by:David Johnson, CD, MVP
    restore your system from a backup once the job is done.  If you don't trust the company that you are outsourcing for then leave..
    LVL 3

    Expert Comment

    The tech installed more than the VPN.
    The tech erased Event Log entries.

    Since you did not take a registry snapshot or system restore/image before releasing custody, you cannot know.  If you cannot trust the tech,you cannot trust Event Viewer.
    LVL 3

    Expert Comment

    All due respect to D_May's excellent suggestion, but the Event Viewer is NOT a 100% effective method for detecting a malevolent act.  At a minimum, the Windows Event Log can be suspended - preventing the collection of data.  Else, individual logs can be modified to hide any single act or group of actions.

    If I was motivated to illegally install something on someone's PC, there would be no evidence available in the Event Logs.

    In an atmosphere where you suspect that such a malevolent act was performed, the Event Viewer does not come close to providing any warranty to the contrary.

    It's like the day after a thunderstorm - the sidewalk is dry.  You cannot conclude from that evidence that it did not rain.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Suggested Solutions

    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
    In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
    This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    8 Experts available now in Live!

    Get 1:1 Help Now