tech-addict
July 16th, 2005, 07:53 PM
IE has never wanted these hooks before, (registered PG user since version 1.x) Suddenly out of nowhere it wants them and without out them, IE starts crashing ? Suspicious :-\
Nothing really has changed on my PC in the last several months.
I dont use IE very often, only on sites that I know should be safe. 8) Otherwise I'm using firefox most of the time.
Sat 16 - 17:22:46 [EXECUTION] "c:\program files\internet explorer\iexplore.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ "c:\program files\internet explorer\iexplore.exe" ]
Sat 16 - 17:27:46 [GLOBAL HOOK] [3488] was blocked from creating a global MSGFilter hook
Sat 16 - 17:29:08 [EXECUTION] "c:\windows\system32\mobsync.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\svchost.exe" [1184]
[EXECUTION] Commandline - [ mobsync.exe -embedding ]
Sat 16 - 17:32:47 [EXECUTION] "c:\windows\system32\taskmgr.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ c:\windows\system32\taskmgr.exe ]
Sat 16 - 17:46:14 [EXECUTION] "c:\windows\system32\wuauclt.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\svchost.exe" [1360]
[EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[550]susds74636b09bba2334591e027934a3ac6b4 ]
Sat 16 - 17:49:56 [EXECUTION] "c:\program files\nsclean\boclean\boc4upd.exe" was allowed to run
[EXECUTION] Started by "c:\progra~1\nsclean\boclean\boc412.exe" [512]
[EXECUTION] Commandline - [ c:\progra~1\nsclean\boclean\boc4upd.exe /bocauto /silent ]
Sat 16 - 18:00:01 [EXECUTION] "c:\program files\common files\kav shared files\avpupd.exe" was allowed to run
[EXECUTION] Started by "c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpcc.exe" [2092]
[EXECUTION] Commandline - [ "c:\program files\common files\kav shared files\avpupd.exe" /with_avpcc /ipcservname=avpcc_ipc_serv_name_000002 ]
Sat 16 - 18:07:58 [GLOBAL HOOK] [3488] was blocked from creating a global MSGFilter hook
Sat 16 - 18:09:17 [EXECUTION] "c:\program files\internet explorer\iedw.exe" was allowed to run
[EXECUTION] Started by "c:\program files\internet explorer\iexplore.exe" [3488]
[EXECUTION] Commandline - [ "c:\program files\internet explorer\iedw.exe" -h 728 ]
Sat 16 - 18:09:23 [EXECUTION] "c:\windows\system32\dwwin.exe" was allowed to run
[EXECUTION] Started by "c:\program files\internet explorer\iexplore.exe" [3488]
[EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -x -s 1420 ]
Sat 16 - 18:09:43 [EXECUTION] "c:\windows\system32\drwtsn32.exe" was allowed to run
[EXECUTION] Started by "c:\program files\internet explorer\iexplore.exe" [3488]
[EXECUTION] Commandline - [ c:\windows\system32\drwtsn32 -p 3488 -e 980 -g ]
Sat 16 - 18:16:30 [GLOBAL HOOK] [2744] was blocked from creating a global MSGFilter hook
Sat 16 - 18:17:20 [EXECUTION] "c:\program files\internet explorer\iexplore.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ "c:\program files\internet explorer\iexplore.exe" ]
Sat 16 - 18:17:28 [GLOBAL HOOK] [3444] was blocked from creating a global MSGFilter hook
Sat 16 - 18:27:11 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" c:\program files\processguard\logs\pglog_07_2005.txt ]
Now you're probably wondering why IE has 3 PID's (3488, 2744, 3444) thats because I had more than one instance of it open (6 total), the one's that crashed (global hooks denied) were sitting on "relatively respectable" websites one being hxxp://support.radioshack.com/
another was eBay, the other one was an item description page on eBay.
So I don't think those sites are trying something underhanded, but you never know.. their site could be compromised by an outside entity :lurking:
PC activity "possibly related" at time that hook requests started.
Time log entry of: Sat 16 - 17:29:08 was when I was saving a favorite to be viewed offline (tech info at radioshack) Now that is something I very rarely do, and the last time I did it (several months ago) I didn't remember mobsync.exe starting, so I opened task manager to take a look at what was going on. (mobsync.exe is normal, I remembered after looking at taskman)
Then by the looks of it, my system wanted to check for updates (inopportune time to do that huh' :P ) Shortly thereafter more global hook requests (I always deny, having never once allowed hooks for anything, NEVER.) No problems before with denying them on anything.
The global MSGFilter is what worries me, possibly something trying to intercept (log then pass on / modify on the fly) messages the OS uses to carry out functions? or... ?
OK, I tried to provide as much info as I could about this incident, hopefully someone can shed some light on this situation for me.
Well does anything sound / look suspicious to any of you ?
TIA ;)
Nothing really has changed on my PC in the last several months.
I dont use IE very often, only on sites that I know should be safe. 8) Otherwise I'm using firefox most of the time.
Sat 16 - 17:22:46 [EXECUTION] "c:\program files\internet explorer\iexplore.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ "c:\program files\internet explorer\iexplore.exe" ]
Sat 16 - 17:27:46 [GLOBAL HOOK] [3488] was blocked from creating a global MSGFilter hook
Sat 16 - 17:29:08 [EXECUTION] "c:\windows\system32\mobsync.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\svchost.exe" [1184]
[EXECUTION] Commandline - [ mobsync.exe -embedding ]
Sat 16 - 17:32:47 [EXECUTION] "c:\windows\system32\taskmgr.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ c:\windows\system32\taskmgr.exe ]
Sat 16 - 17:46:14 [EXECUTION] "c:\windows\system32\wuauclt.exe" was allowed to run
[EXECUTION] Started by "c:\windows\system32\svchost.exe" [1360]
[EXECUTION] Commandline - [ "c:\windows\system32\wuauclt.exe" /runstoreascomserver local\[550]susds74636b09bba2334591e027934a3ac6b4 ]
Sat 16 - 17:49:56 [EXECUTION] "c:\program files\nsclean\boclean\boc4upd.exe" was allowed to run
[EXECUTION] Started by "c:\progra~1\nsclean\boclean\boc412.exe" [512]
[EXECUTION] Commandline - [ c:\progra~1\nsclean\boclean\boc4upd.exe /bocauto /silent ]
Sat 16 - 18:00:01 [EXECUTION] "c:\program files\common files\kav shared files\avpupd.exe" was allowed to run
[EXECUTION] Started by "c:\program files\kaspersky lab\kaspersky anti-virus personal pro\avpcc.exe" [2092]
[EXECUTION] Commandline - [ "c:\program files\common files\kav shared files\avpupd.exe" /with_avpcc /ipcservname=avpcc_ipc_serv_name_000002 ]
Sat 16 - 18:07:58 [GLOBAL HOOK] [3488] was blocked from creating a global MSGFilter hook
Sat 16 - 18:09:17 [EXECUTION] "c:\program files\internet explorer\iedw.exe" was allowed to run
[EXECUTION] Started by "c:\program files\internet explorer\iexplore.exe" [3488]
[EXECUTION] Commandline - [ "c:\program files\internet explorer\iedw.exe" -h 728 ]
Sat 16 - 18:09:23 [EXECUTION] "c:\windows\system32\dwwin.exe" was allowed to run
[EXECUTION] Started by "c:\program files\internet explorer\iexplore.exe" [3488]
[EXECUTION] Commandline - [ c:\windows\system32\dwwin.exe -x -s 1420 ]
Sat 16 - 18:09:43 [EXECUTION] "c:\windows\system32\drwtsn32.exe" was allowed to run
[EXECUTION] Started by "c:\program files\internet explorer\iexplore.exe" [3488]
[EXECUTION] Commandline - [ c:\windows\system32\drwtsn32 -p 3488 -e 980 -g ]
Sat 16 - 18:16:30 [GLOBAL HOOK] [2744] was blocked from creating a global MSGFilter hook
Sat 16 - 18:17:20 [EXECUTION] "c:\program files\internet explorer\iexplore.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ "c:\program files\internet explorer\iexplore.exe" ]
Sat 16 - 18:17:28 [GLOBAL HOOK] [3444] was blocked from creating a global MSGFilter hook
Sat 16 - 18:27:11 [EXECUTION] "c:\windows\system32\notepad.exe" was allowed to run
[EXECUTION] Started by "c:\windows\explorer.exe" [1308]
[EXECUTION] Commandline - [ "c:\windows\system32\notepad.exe" c:\program files\processguard\logs\pglog_07_2005.txt ]
Now you're probably wondering why IE has 3 PID's (3488, 2744, 3444) thats because I had more than one instance of it open (6 total), the one's that crashed (global hooks denied) were sitting on "relatively respectable" websites one being hxxp://support.radioshack.com/
another was eBay, the other one was an item description page on eBay.
So I don't think those sites are trying something underhanded, but you never know.. their site could be compromised by an outside entity :lurking:
PC activity "possibly related" at time that hook requests started.
Time log entry of: Sat 16 - 17:29:08 was when I was saving a favorite to be viewed offline (tech info at radioshack) Now that is something I very rarely do, and the last time I did it (several months ago) I didn't remember mobsync.exe starting, so I opened task manager to take a look at what was going on. (mobsync.exe is normal, I remembered after looking at taskman)
Then by the looks of it, my system wanted to check for updates (inopportune time to do that huh' :P ) Shortly thereafter more global hook requests (I always deny, having never once allowed hooks for anything, NEVER.) No problems before with denying them on anything.
The global MSGFilter is what worries me, possibly something trying to intercept (log then pass on / modify on the fly) messages the OS uses to carry out functions? or... ?
OK, I tried to provide as much info as I could about this incident, hopefully someone can shed some light on this situation for me.
Well does anything sound / look suspicious to any of you ?
TIA ;)