Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What is this internet activity on my HP?

21 Aug 2012   #1
pclaptop23

Win 7 Ultimate 64 bit
 
 
What is this internet activity on my HP?

On a HP desk top at screwy times of the day and night this activity is recorded. And what is this IP address that is referred to? It is not MY Modems IP adress 24.0.187.75

Starting: hpslpsvc32.dll
20120511225823:0003B91E4:0001(0000-0000)(2204)+++ From: c:\program files\hp\digital imaging\bin
20120511225823:0003B97F2:0001(0000-0000)(2204)+++Command Line: C:\Windows\system32\svchost.exe -k HPService
20120511225823:0003B9D38:0001(0000-0000)(2204)+++ File Size: 634880
20120511225823:0003BA22D:0001(0000-0000)(2204)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
20120511225823:0003BA7FF:0001(0000-0000)(2204)+++ Built on: Oct 16 2008 18:22:43
20120511225823:0003BAE4D:0101(0000-0000)(2204)+++ PID: 2196 HPSLPSVC0182.log (C:\Windows\system32\svchost.exe )
20120511225823:0003E0D19:0001(0000-0000)(2204){Loaded 0 devices}
20120511225823:00042526D:0201(0000-0000)(2356)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=192.168.2.5 Type=6>
20120511225823:000427B5B:0101(0000-0000)(2356)<FOUND 1 connected adapter(s), error=0>
20120511225823:0004460F5:0001(0000-0000)(2356)<Monitoring adapter ip=192.168.2.5, subnet=192.168.2.0/24 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
20120511225823:000450A8A:0001(0000-0000)(2528)Heartbeat event initialized for subnet=192.168.2.0/24
20120511225823:000459F0C:0101(0000-0000)(2356)<STARTED manager for(192.168.2.0/24)>
20120511225823:00045CBDE:0101(0000-0000)(2356)<FOUND 1 connected adapter(s)>
20120511225823:00045EC26:0001(0000-0000)(2532)<MONITORING subnet 192.168.2.0/24 on LOCAL ADDRESS 192.168.2.5>
20120511225823:0004613DD:0101(0000-0000)(2356)<STARTED MANAGER FOR OFF-SUBNET 2560>
20120511225823:000462AD3:0001(0000-0000)(2560)<MONITORING OFF-SUBNET>
20120511225823:0004639C5:0101(0000-0000)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
20120511225823:00046435C:0101(0000-0000)(2532)<FINISHED STARTUP for 192.168.2.5>
20120511225823:000470D8B:0001(0000-0000)(2548)Heartbeat event initialized for subnet=
20120511225824:0005659B1:0101(0001-0001)(2560)<FINISHED STARTUP for OFF_SUBNET>
20120511225824:000566635:0101(0001-0000)(2560)<SERVICE STARTUP FINISHED in 1700 mSec>
20120511225829:0000976E9:0101(0006-0004)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
20120512004422:00030AF67:0101(6369-0002)(2356)<IP ADDRESS TABLE CHANGED>
20120512004422:00030CF87:0101(6369-0000)(2356)<IP CHANGE NOTIFICATION SCHEDULED>
20120512004422:00031ACA3:0101(6369-0000)(2356)<RESCAN SUBNETS> S=1, R=0
20120512014735:000777FE4:0001(0162-3792)(5452)<MONITORING OFF-SUBNET>
20120512014739:0001D6701:0001(0166-0000)(2204)Media sense re-started
20120512014739:0001FE678:0101(0166-0000)(2356)<RESUMING>
20120512014739:00022BB9E:0101(0166-0000)(2356)<RESCAN SUBNETS> S=0, R=1
20120512014739:00024148B:0001(0166-0000)(2204)Already awake


My System SpecsSystem Spec
.

21 Aug 2012   #2
pclaptop23

Win 7 Ultimate 64 bit
 
 

Also, there is actually two other IP adresses that this mysterious activity uses. I don't have them to paste right now but i will later. And the above c/p is one of 200+ logged activities of this type!

If this is an "UP and UP" activity( as compared to someone hacking into my machine I don't know either way that is why I'm asking?) of an HP machine why is it an HP acivity at all?
My System SpecsSystem Spec
22 Aug 2012   #3
pclaptop23

Win 7 Ultimate 64 bit
 
 
additional info

OK here is some additional info:

these are the IP's I mentioned . . . .
my IP: 174.57.91.xxx last three octets are deleted on purpose

suspicious #2 IP: 68.37.228.207 (text c/p below shows location also see attached pic 205)

suspicious #3 IP:
69.248.177.14

This comes from a windows temp directory, and it seems as though it is automatically recorded in files like this HPSLPSVC0205.log c/p

20120614150401:0003CCB01:0001(0000-0000)(2320)+++ Starting: hpslpsvc32.dll
20120614150401:0003E5381:0001(0000-0000)(2320)+++ From: cprogram files\hp\digital imaging\bin
20120614150401:0003FA6E8:0001(0000-0000)(2320)+++Command Line: CWindows\system32\svchost.exe -k HPService
20120614150401:00040FB03:0001(0000-0000)(2320)+++ File Size: 634880
20120614150401:00041C6EC:0001(0000-0000)(2320)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
20120614150401:000427EF4:0001(0000-0000)(2320)+++ Built on: Oct 16 2008 18:22:43
20120614150401:000435E39:0101(0000-0000)(2320)+++ PI 2312 HPSLPSVC0205.log (CWindows\system32\svchost.exe )
20120614150401:00044EA1A:0001(0000-0000)(2320){Loaded 0 devices}
20120614150401:00046EAC3:0201(0000-0000)(3012)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=68.37.228.207 Type=6>
20120614150401:00047CBF3:0101(0000-0000)(3012)<FOUND 1 connected adapter(s), error=0>
20120614150401:000482D41:0001(0000-0000)(3012)<Monitoring adapter ip=68.37.228.207, subnet=68.37.228.0/23 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
20120614150401:0004905B7:0101(0000-0000)(3012)<STARTED manager for(68.37.228.0/23)>
20120614150401:000499B13:0001(0000-0000)(3016)Heartbeat event initialized for subnet=68.37.228.0/23
20120614150402:0004A5405:0001(0000-0000)(3020)<MONITORING subnet 68.37.228.0/23 on LOCAL ADDRESS 68.37.228.207>
20120614150402:0004B10E5:0101(0000-0000)(3012)<FOUND 1 connected adapter(s)>
20120614150402:0004B1909:0101(0000-0000)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]
20120614150402:0004B24CF:0101(0000-0000)(3020)<FINISHED STARTUP for 68.37.228.207>
20120614150402:0004B2CBA:0001(0000-0000)(3024)Heartbeat event initialized for subnet=
20120614150402:0004B3526:0001(0000-0000)(3028)<MONITORING OFF-SUBNET>
20120614150402:0004B3CC4:0101(0000-0000)(3012)<STARTED MANAGER FOR OFF-SUBNET 3028>
20120614150403:0005A8612:0101(0001-0001)(3028)<FINISHED STARTUP for OFF_SUBNET>
20120614150403:0005AA263:0101(0001-0000)(3028)<SERVICE STARTUP FINISHED in 1467 mSec>
20120614150408:0000E5C10101(0006-0005)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]

that was only part of a 27kb log file.

see attached screen shot logrecords.jpg of temp files (hplog files) and see the screen shot 205log.jpg of the section of that log file pasted above from HPSLPSVC0205.log.




Attached Thumbnails
-logrecords.jpg   -205log.jpg  
My System SpecsSystem Spec
.


22 Aug 2012   #4
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Host name:
c-24-0-187-75.hsd1.nj.comcast.net


Country:
United States



B Class:
24.0.0.0 - 24.0.255.255


Region:
NJ


City:
Franklinville


Latitude:
39.6193

Some people report that its also HP checking and calling home.
My System SpecsSystem Spec
22 Aug 2012   #5
pclaptop23

Win 7 Ultimate 64 bit
 
 

OK, but why would HP digital imaging be going OUT of my HOME network 174.57.91.xxx to the internet to other IP addresses (24.0.187.75, 68.37.228.207, 69.248.177.14)to see if there were new printers on the network?

How many different "HP" homes is MY computer calling out to? and how come they are all in Franklinville, about 5 miles from where I actually live?
My System SpecsSystem Spec
22 Aug 2012   #6
pclaptop23

Win 7 Ultimate 64 bit
 
 

Is it possible that someone(unknown to me) has added these IP addys as networked stations/clients/VPN and the HP query is including them as well regardless of the distance/location??
My System SpecsSystem Spec
22 Aug 2012   #7
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

Any thing is possible. If it was me I would go into msconfig Start Up and make sure nothing is checked except my security, keyboard, and mouse. Then go into Services lower left corner and put a check mark in Hide All Microsoft Services. What ever is left only have your Security checked. Reboot. This should stop HP calling home except when you tell it to.
All this does to all those things you have un-checked is telling them not to start at boot and run in the background. They will start up when you or Windows choose them to. i.e. tick on them.
Then go int the HP photo program and make sure nothing is set to auto do anything. You will tell it when and what to do.Reboot. Then check again in msconfig and HP to make sure your new setting stayed as you made them.
My System SpecsSystem Spec
22 Aug 2012   #8
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

If you really want to clean up that HP mess we got people here that can guide you through this.

Clean Reinstall - Factory OEM Windows 7
My System SpecsSystem Spec
23 Aug 2012   #9
pclaptop23

Win 7 Ultimate 64 bit
 
 

Thanks Layback, I believe I have had an intrusion and a backdoor hack of my computer. Some files were removed and others were hidden and I'm trying to eliminate possibilities.

Indeed, if this is just HP "PHONING HOME" then I have to look elsewhere! I just wish there was a way that a whois or IPtrace could take me farther than JUST the internet provider of that/those IP addresses!

thanks again, PCLaptop
My System SpecsSystem Spec
23 Aug 2012   #10
Layback Bear

Windows 7 Pro. 64/SP-1
 
 

To check for a back door hacker.
Windows Defender Offline

To remove a virus and to get rid of all that HP garbage my post #8
What security programs do you use?
My System SpecsSystem Spec
Reply

 What is this internet activity on my HP?




Thread Tools





Similar help and support threads
Thread Forum
BSOD crashes on internet activity randomly
Hi, I am new here and have a problem with my custom build pc that crashes randomly the last few months, maybe it began after the installation of Windows 8 on my pc (now back on W7 though, hoped it would fix the crashes). The crashes seem to happen when I am using a program that requires my...
BSOD Help and Support
A way to trigger the restart of a program if no internet activity
Good Day I was searching google and other websites for a solution. My problem is my vpn program stops sending and receiving data(Not Hanging) ramdomly. Then i need to manually stop and start the connection in the vpn program.The vpn program have the option of starting the connection on start up....
General Discussion
Program needed to track/log Explorer's internet activity
I'm trying to solve a problem that I've posted earlier but getting no responses. The Reliability Monitor only connects to Microsoft when Explorer has full access. I'm trying to just limit its access for Reliability Monitor. So I though maybe there is a program that can track what...
System Security
stealth internet activity
64 bit Windows 7 home premium Every now and then there is considerable activity whenever the modem is connected, even though I am doing nothing, even if the browser is not running. I need to know how to find out what is using the connection. I have automatic updates turned off for everything...
Network & Sharing
Stumped with internet activity
Hi everyone, I recently upgraded to windows 7 64bit about 3 weeks ago from windows vista, and i've been having difficulty connecting to my wireless router. It either goes extremely slow, or does not connect whatsoever. When I look at the connectivity for the router, it says the signal strength is...
Network & Sharing

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 20:49.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App