Solved

Workplace Porn Monitoring Software Info

Posted on 2008-10-20
16
1,125 Views
Last Modified: 2013-12-12
Please be gentle here, this is a serious question.

I work for a large financial company, and have a company laptop.
Recently - AT HOME I used my computer for personal web browsing - and out of pure stupidity- I clicked on a link on you tube that looked "interesting". anyway, after one click to the next to the next I ended up seeing you tube edited to avoid showing nudity video clips of titles containing "xxx", "boobs", you get the idea.
Since they don't show nudity I stupidly figured it's ok, then found out that some links - open up new websites which show full nudity and some xxx.
It was a stupid moment of indiscretion that turned into 2 hours of "curiousity".

Now am I fried?

I haven't yet docked my computer at work, I've decided to take personal vacation days until I can figure out what to do.
I can wipe my hard drive clean and reimage the computer, but is it already too late? Does the monitoring software identify bad words, images and on the spot remotely sent flags to a central server - or does it only scan when I'm attached to the work network?
How can I tell?
Any idea?
How can I even tell what they are using and what they could/have already flagged?
0
Comment
Question by:cgott42
16 Comments
 
LVL 13

Expert Comment

by:Brum07
Comment Utility
Did you use your own internet link?

If so then there should not be an issue as long as you clear the browser cache as most monitoring programs record the address when you actually request it not after but it does depend on the software used.

I would be very surprised if anything has been logged.

Hope this puts your mind at ease slightly.
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
Sounds to me like a job for:

http://www.ccleaner.com/


CCleaner is a freeware system optimization, privacy and cleaning tool. It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space. It also cleans traces of your online activities such as your Internet history. Additionally it contains a fully featured registry cleaner. But the best part is that it's fast (normally taking less than a second to run) and contains NO Spyware or Adware! :)

---

As long as they didn't install some monitoring software on your laptop that keeps it's own database this should do it.

---

Tolomir
0
 

Expert Comment

by:Cook77
Comment Utility
If you can see that "intresting" content at home you aren't behind the corporate proxy! If its correct the IT guys can't see what you do at home over the Internet. But, if the IT guys installed a 'reporting' program on your laptop you has been caught. But anyway if I'm at you situation I clean the browser history and cache and cookies as well and think about a story by hoax mail what I got or whatever! :)

Good luck man!
0
 

Author Comment

by:cgott42
Comment Utility
Brum07:  I'm not clear on what you're asking.  re: my own internet link.  I just typed in www.youtube.com then a few clicks, and few search words, and clicks and boom.
Tolomir- thanks I will try that.

Cook77- I think you've hit it on the head.  This has me worried.  Is there a way to tell if they have installed "reporting" software that would have flagged my activity and sent a report that night from my pc to their server?

I don't think I have a story to make up - as I did type in search words to find more info on the models that I saw on the youtube page. i.e. It'd be worst if I was caught and then tried to lie - only to be caught in the lie.

Is there a way to detect if they have reporting software?
Now I'm even more worried.
0
 

Author Comment

by:cgott42
Comment Utility
Tolomir- I just ran ccleaner.
now the question is how to find out if they have reporting software on my laptop.
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
hmmm

hijackthis scan and upload here

http://www.merijn.org/programs.php#hijackthis



0
 

Author Comment

by:cgott42
Comment Utility
Tomomir:
I've attached the hijackthis.log file
hijackthis.log
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
Ok this is the sort list.

There are enough tracking tools, but it seems to be performance related or windows log file collecting.

Nothing pr0n scanning though

[?] - C:\Program Files\Objective Software\EventMaster\EventMaster.exe

[?] - C:\Program Files\Objective Software\MessageMaster\MessageMasterRelay3.exe

[?] - C:\WINDOWS\TEMP\JGE888.EXE

[?] - C:\Program Files\ESI\WIPushUser.exe

[?] - C:\Program Files\ESI\ShutMon.exe

[?] - O4 - HKLM\..\Run: [PushUser] C:\Program Files\ESI\WIPushUser.exe 10 PushUser.lst

[?] - O4 - HKLM\..\Run: [ShutMon] C:\Program Files\ESI\ShutMon.exe

[?] - O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\Aurilium Sound Agent 2\805cpl.exe

[?] - O4 - HKCU..PoliciesExplorerRun: [1] \endberm.netSysVolendberm.netscriptsLogonScr.exe /mode:AfterDesktop

[?] - O4 - HKCU\..\Policies\Explorer\Run: [2] C:\Program Files\ESI\LogonScrLocal.exe

[?] - O4 - S-1-5-18 Startup: Advanced Print Screen.lnk = ? (User 'SYSTEM')

[?] - O4 - .DEFAULT Startup: Advanced Print Screen.lnk = ? (User 'Default user')

[?] - O4 - Startup: WindowsEnabler400.LNK = C:\Program Files\WindowsEnabler400\WindowsEnabler400.exe

[?] - O16 - DPF: {2DAD3559-2923-4935-AD49-B673D2539944} (IASRunner Class) - http://www-307.ibm.com/pc/support/acpir.cab

[?] - O16 - DPF: {3D3BF1F8-9696-4A5E-B4F1-49101C997B70} (VaxSIPUserAgentCAB Control) - http://labs.jaduka.com/VaxSIPUserAgentCAB.cab

[?] - O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx

[?] - O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = endberm.net

[?] - O17 - HKLM\Software\..\Telephony: DomainName = endberm.net

[?] - O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = endberm.net

[?] - O20 - Winlogon Notify: AwayNotify - C:\Program Files\Lenovo\AwayTask\AwayNotify.dll

[?] - O23 - Service: Energy Star(TM) EZ GPO Power Management Configuration Tool (EPA_GPO_PMService) - TerraNovum - C:\WINDOWS\system32\PMService.exe

[?] - O23 - Service: ObjSoft EventMaster (EventMaster) - Objective Software, Inc. - C:\Program Files\Objective Software\EventMaster\EventMaster.exe

[?] - O23 - Service: ObjSoft MessageMaster Relay 3 (MessageMasterRelay3) - Objective Software, Inc. - C:\Program Files\Objective Software\MessageMaster\MessageMasterRelay3.exe

[?] - O23 - Service: OPNET Application Capture Agent - Unknown owner - C:\Program Files\OPNET\AppCapture3.1\op_capture_server.exe

[?] - O23 - Service: WinINSTALL Scheduler (WinINSTALLScheduler) - VERITAS Software Corporation - C:\WINDOWS\system32\sswschnt.exe

Open in new window

0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
could you give prevx scan a try please.

http://www.prevx.com/freescan.asp
0
 

Author Comment

by:cgott42
Comment Utility
thanks, here's the prevx scan log
PrevxCSIScan.log
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
ok so prevx says everything is fine?
0
 

Author Comment

by:cgott42
Comment Utility
Was that a typo (the question mark) or are you asking me (cuz I dunno).
i.e. Does it show that there aren't any reporting services running.
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
Nope, I wanted to be sure that you got no malware on the computer. there is this C:\WINDOWS\TEMP\JGE888.EXE file I find suspicious.

---

I cannot (using the hijackthis log) identify any reporting software.

As said, there is a lot or reporting software installed but that seems to be only for performance monitoring not for content scanning.


0
 
LVL 27

Accepted Solution

by:
Tolomir earned 500 total points
Comment Utility
Does the prevx scan result look like this?

Status:CLEAN

prevx.jpg
0
 

Author Comment

by:cgott42
Comment Utility
yes, says, status - clean.
0
 

Author Closing Comment

by:cgott42
Comment Utility
Thank you for your help and time checking the logs.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
The viewer will learn how to set up a document for the web and print and the recommended PPI for printing.
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now