Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What is this internet activity on my HP?


21 Aug 2012   #1

Win 7 Ultimate 64 bit
 
 
What is this internet activity on my HP?

On a HP desk top at screwy times of the day and night this activity is recorded. And what is this IP address that is referred to? It is not MY Modems IP adress 24.0.187.75

Starting: hpslpsvc32.dll
20120511225823:0003B91E4:0001(0000-0000)(2204)+++ From: c:\program files\hp\digital imaging\bin
20120511225823:0003B97F2:0001(0000-0000)(2204)+++Command Line: C:\Windows\system32\svchost.exe -k HPService
20120511225823:0003B9D38:0001(0000-0000)(2204)+++ File Size: 634880
20120511225823:0003BA22D:0001(0000-0000)(2204)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
20120511225823:0003BA7FF:0001(0000-0000)(2204)+++ Built on: Oct 16 2008 18:22:43
20120511225823:0003BAE4D:0101(0000-0000)(2204)+++ PID: 2196 HPSLPSVC0182.log (C:\Windows\system32\svchost.exe )
20120511225823:0003E0D19:0001(0000-0000)(2204){Loaded 0 devices}
20120511225823:00042526D:0201(0000-0000)(2356)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=192.168.2.5 Type=6>
20120511225823:000427B5B:0101(0000-0000)(2356)<FOUND 1 connected adapter(s), error=0>
20120511225823:0004460F5:0001(0000-0000)(2356)<Monitoring adapter ip=192.168.2.5, subnet=192.168.2.0/24 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
20120511225823:000450A8A:0001(0000-0000)(2528)Heartbeat event initialized for subnet=192.168.2.0/24
20120511225823:000459F0C:0101(0000-0000)(2356)<STARTED manager for(192.168.2.0/24)>
20120511225823:00045CBDE:0101(0000-0000)(2356)<FOUND 1 connected adapter(s)>
20120511225823:00045EC26:0001(0000-0000)(2532)<MONITORING subnet 192.168.2.0/24 on LOCAL ADDRESS 192.168.2.5>
20120511225823:0004613DD:0101(0000-0000)(2356)<STARTED MANAGER FOR OFF-SUBNET 2560>
20120511225823:000462AD3:0001(0000-0000)(2560)<MONITORING OFF-SUBNET>
20120511225823:0004639C5:0101(0000-0000)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
20120511225823:00046435C:0101(0000-0000)(2532)<FINISHED STARTUP for 192.168.2.5>
20120511225823:000470D8B:0001(0000-0000)(2548)Heartbeat event initialized for subnet=
20120511225824:0005659B1:0101(0001-0001)(2560)<FINISHED STARTUP for OFF_SUBNET>
20120511225824:000566635:0101(0001-0000)(2560)<SERVICE STARTUP FINISHED in 1700 mSec>
20120511225829:0000976E9:0101(0006-0004)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
20120512004422:00030AF67:0101(6369-0002)(2356)<IP ADDRESS TABLE CHANGED>
20120512004422:00030CF87:0101(6369-0000)(2356)<IP CHANGE NOTIFICATION SCHEDULED>
20120512004422:00031ACA3:0101(6369-0000)(2356)<RESCAN SUBNETS> S=1, R=0
20120512014735:000777FE4:0001(0162-3792)(5452)<MONITORING OFF-SUBNET>
20120512014739:0001D6701:0001(0166-0000)(2204)Media sense re-started
20120512014739:0001FE678:0101(0166-0000)(2356)<RESUMING>
20120512014739:00022BB9E:0101(0166-0000)(2356)<RESCAN SUBNETS> S=0, R=1
20120512014739:00024148B:0001(0166-0000)(2204)Already awake

My System SpecsSystem Spec
.

21 Aug 2012   #2

Win 7 Ultimate 64 bit
 
 

Also, there is actually two other IP adresses that this mysterious activity uses. I don't have them to paste right now but i will later. And the above c/p is one of 200+ logged activities of this type!

If this is an "UP and UP" activity( as compared to someone hacking into my machine I don't know either way that is why I'm asking?) of an HP machine why is it an HP acivity at all?
My System SpecsSystem Spec
22 Aug 2012   #3

Win 7 Ultimate 64 bit
 
 
additional info

OK here is some additional info:

these are the IP's I mentioned . . . .
my IP: 174.57.91.xxx last three octets are deleted on purpose

suspicious #2 IP: 68.37.228.207 (text c/p below shows location also see attached pic 205)

suspicious #3 IP:
69.248.177.14

This comes from a windows temp directory, and it seems as though it is automatically recorded in files like this HPSLPSVC0205.log c/p

20120614150401:0003CCB01:0001(0000-0000)(2320)+++ Starting: hpslpsvc32.dll
20120614150401:0003E5381:0001(0000-0000)(2320)+++ From: cprogram files\hp\digital imaging\bin
20120614150401:0003FA6E8:0001(0000-0000)(2320)+++Command Line: CWindows\system32\svchost.exe -k HPService
20120614150401:00040FB03:0001(0000-0000)(2320)+++ File Size: 634880
20120614150401:00041C6EC:0001(0000-0000)(2320)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
20120614150401:000427EF4:0001(0000-0000)(2320)+++ Built on: Oct 16 2008 18:22:43
20120614150401:000435E39:0101(0000-0000)(2320)+++ PI 2312 HPSLPSVC0205.log (CWindows\system32\svchost.exe )
20120614150401:00044EA1A:0001(0000-0000)(2320){Loaded 0 devices}
20120614150401:00046EAC3:0201(0000-0000)(3012)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=68.37.228.207 Type=6>
20120614150401:00047CBF3:0101(0000-0000)(3012)<FOUND 1 connected adapter(s), error=0>
20120614150401:000482D41:0001(0000-0000)(3012)<Monitoring adapter ip=68.37.228.207, subnet=68.37.228.0/23 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
20120614150401:0004905B7:0101(0000-0000)(3012)<STARTED manager for(68.37.228.0/23)>
20120614150401:000499B13:0001(0000-0000)(3016)Heartbeat event initialized for subnet=68.37.228.0/23
20120614150402:0004A5405:0001(0000-0000)(3020)<MONITORING subnet 68.37.228.0/23 on LOCAL ADDRESS 68.37.228.207>
20120614150402:0004B10E5:0101(0000-0000)(3012)<FOUND 1 connected adapter(s)>
20120614150402:0004B1909:0101(0000-0000)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]
20120614150402:0004B24CF:0101(0000-0000)(3020)<FINISHED STARTUP for 68.37.228.207>
20120614150402:0004B2CBA:0001(0000-0000)(3024)Heartbeat event initialized for subnet=
20120614150402:0004B3526:0001(0000-0000)(3028)<MONITORING OFF-SUBNET>
20120614150402:0004B3CC4:0101(0000-0000)(3012)<STARTED MANAGER FOR OFF-SUBNET 3028>
20120614150403:0005A8612:0101(0001-0001)(3028)<FINISHED STARTUP for OFF_SUBNET>
20120614150403:0005AA263:0101(0001-0000)(3028)<SERVICE STARTUP FINISHED in 1467 mSec>
20120614150408:0000E5C10101(0006-0005)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]

that was only part of a 27kb log file.

see attached screen shot logrecords.jpg of temp files (hplog files) and see the screen shot 205log.jpg of the section of that log file pasted above from HPSLPSVC0205.log.




Attached Thumbnails
What is this internet activity on my HP?-logrecords.jpg   What is this internet activity on my HP?-205log.jpg  
My System SpecsSystem Spec
.


22 Aug 2012   #4

Windows 7 Pro. 64/SP-1
 
 

Host name:
c-24-0-187-75.hsd1.nj.comcast.net


Country:
United States



B Class:
24.0.0.0 - 24.0.255.255


Region:
NJ


City:
Franklinville


Latitude:
39.6193

Some people report that its also HP checking and calling home.
My System SpecsSystem Spec
22 Aug 2012   #5

Win 7 Ultimate 64 bit
 
 

OK, but why would HP digital imaging be going OUT of my HOME network 174.57.91.xxx to the internet to other IP addresses (24.0.187.75, 68.37.228.207, 69.248.177.14)to see if there were new printers on the network?

How many different "HP" homes is MY computer calling out to? and how come they are all in Franklinville, about 5 miles from where I actually live?
My System SpecsSystem Spec
22 Aug 2012   #6

Win 7 Ultimate 64 bit
 
 

Is it possible that someone(unknown to me) has added these IP addys as networked stations/clients/VPN and the HP query is including them as well regardless of the distance/location??
My System SpecsSystem Spec
22 Aug 2012   #7

Windows 7 Pro. 64/SP-1
 
 

Any thing is possible. If it was me I would go into msconfig Start Up and make sure nothing is checked except my security, keyboard, and mouse. Then go into Services lower left corner and put a check mark in Hide All Microsoft Services. What ever is left only have your Security checked. Reboot. This should stop HP calling home except when you tell it to.
All this does to all those things you have un-checked is telling them not to start at boot and run in the background. They will start up when you or Windows choose them to. i.e. tick on them.
Then go int the HP photo program and make sure nothing is set to auto do anything. You will tell it when and what to do.Reboot. Then check again in msconfig and HP to make sure your new setting stayed as you made them.
My System SpecsSystem Spec
22 Aug 2012   #8

Windows 7 Pro. 64/SP-1
 
 

If you really want to clean up that HP mess we got people here that can guide you through this.

Clean Reinstall - Factory OEM Windows 7
My System SpecsSystem Spec
23 Aug 2012   #9

Win 7 Ultimate 64 bit
 
 

Thanks Layback, I believe I have had an intrusion and a backdoor hack of my computer. Some files were removed and others were hidden and I'm trying to eliminate possibilities.

Indeed, if this is just HP "PHONING HOME" then I have to look elsewhere! I just wish there was a way that a whois or IPtrace could take me farther than JUST the internet provider of that/those IP addresses!

thanks again, PCLaptop
My System SpecsSystem Spec
23 Aug 2012   #10

Windows 7 Pro. 64/SP-1
 
 

To check for a back door hacker.
Windows Defender Offline

To remove a virus and to get rid of all that HP garbage my post #8
What security programs do you use?
My System SpecsSystem Spec
Reply

 What is this internet activity on my HP?




Thread Tools



Similar help and support threads for2: What is this internet activity on my HP?
Thread Forum
Program needed to track/log Explorer's internet activity System Security
Router internet light keeps flashing even if there is no activity Network & Sharing
Windows Update internet activity Windows Updates & Activation
stealth internet activity Network & Sharing
Stumped with internet activity Network & Sharing
Sleep (S3) Delayed On Internet Activity? General Discussion

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:37 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33