Not what you are looking for? Ask the experts!
NIS History has started showing two odd entries virtually nonstop
NIS 220.127.116.11, Windows 7. I have long had a program called Hot Keyboard Pro, that allows extensive creation of customized keyboard shortcuts to perform actions of my choosing.
Last night I happened to look at NIS' Full History for an unrelated issue, and noticed that, starting about an hour before I checked, I keep getting the following firewall "information" entries repeated as a pair (i.e, same second). This pair of entries recurs seconds to minutes apart, NON-STOP (and it's still happening):
An instance of C:\Program Files (x86)\HotkeyboardPro\HkHook64.exe" is preparing to access the internet.
An instance of C:\Windows\System32\Conhost.exe " is preparing to access the internet.
If I turn off Hot KeyBoard Pro (just to test...I NEED that program!), both entries stop appearing, but then restart when I turn Hot Keyboard Pro back on (it normally runs nonstop).
HkHook64.exe is NOT the main Hot Keyboard Pro progam file (that is hotkeyb.exe). I wrote the program creator, Imposant, and they said:
"HKHook64.exe is Hot Keyboard 64 bit hook process. It does nothing but passes keyboard and mouse events from 64 bit processes to 32 bit Hot Keyboard executable. It does not access internet in any way, nor the HkHook64_45.dll (which is loaded by HkHook64.exe) does. HkHook64.exe is only 2560 bytes long (without digital signature), it imports KERNEL32.dll and HkHook64_44.dll only, so it technically cannot access the internet."
They also asked which firewall I'm using, and what exactly "preparing to access the internet" means. I haven't mentioned Conhost.exe to them yet, because I didn't notice until later that a Conhost.exe entry always appears at the same time an a HkHook64 entry.
So, can anyone help me out here? At least with the most basic question of what "preparing to access the internet" actually means? (And of course any other ideas/suggestions you have!) I should note that I have the same program on another pc (that also has NIS), and the same exact situation is occuring there. So I doubt it has anything to do with malware, although I ran a full system scan on both machines "just in case" and they came up clean. I did a slew of Windows Updates about 10 hours before the issue started, but I temporarily "system restored" to before that point, but the virtually nonstop HkHook64.exe and Conhost.exe entries kept coming. And there were no updates to HotKeyboard recently.
EDIT: I just noticed that Full History has 300 of the entires about HkHook64.exe (just from the last hour alone!), and that every time a new one appears the oldest one drops off -- even though for other things Full History goes back far further in time. I see the same pattern for the Conhost.exe entries. This makes me wonder if maybe the problem has actually been going on a lot longer than I realize, given I check my Full history only very infrequently. (I also clarified some points above.)