What is this internet activity on my HP?

Page 1 of 2 12 LastLast

  1. Posts : 60
    Win 7 Ultimate 64 bit
       #1

    What is this internet activity on my HP?


    On a HP desk top at screwy times of the day and night this activity is recorded. And what is this IP address that is referred to? It is not MY Modems IP adress 24.0.187.75

    Starting: hpslpsvc32.dll
    20120511225823:0003B91E4:0001(0000-0000)(2204)+++ From: c:\program files\hp\digital imaging\bin
    20120511225823:0003B97F2:0001(0000-0000)(2204)+++Command Line: C:\Windows\system32\svchost.exe -k HPService
    20120511225823:0003B9D38:0001(0000-0000)(2204)+++ File Size: 634880
    20120511225823:0003BA22D:0001(0000-0000)(2204)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
    20120511225823:0003BA7FF:0001(0000-0000)(2204)+++ Built on: Oct 16 2008 18:22:43
    20120511225823:0003BAE4D:0101(0000-0000)(2204)+++ PID: 2196 HPSLPSVC0182.log (C:\Windows\system32\svchost.exe )
    20120511225823:0003E0D19:0001(0000-0000)(2204){Loaded 0 devices}
    20120511225823:00042526D:0201(0000-0000)(2356)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=192.168.2.5 Type=6>
    20120511225823:000427B5B:0101(0000-0000)(2356)<FOUND 1 connected adapter(s), error=0>
    20120511225823:0004460F5:0001(0000-0000)(2356)<Monitoring adapter ip=192.168.2.5, subnet=192.168.2.0/24 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
    20120511225823:000450A8A:0001(0000-0000)(2528)Heartbeat event initialized for subnet=192.168.2.0/24
    20120511225823:000459F0C:0101(0000-0000)(2356)<STARTED manager for(192.168.2.0/24)>
    20120511225823:00045CBDE:0101(0000-0000)(2356)<FOUND 1 connected adapter(s)>
    20120511225823:00045EC26:0001(0000-0000)(2532)<MONITORING subnet 192.168.2.0/24 on LOCAL ADDRESS 192.168.2.5>
    20120511225823:0004613DD:0101(0000-0000)(2356)<STARTED MANAGER FOR OFF-SUBNET 2560>
    20120511225823:000462AD3:0001(0000-0000)(2560)<MONITORING OFF-SUBNET>
    20120511225823:0004639C5:0101(0000-0000)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
    20120511225823:00046435C:0101(0000-0000)(2532)<FINISHED STARTUP for 192.168.2.5>
    20120511225823:000470D8B:0001(0000-0000)(2548)Heartbeat event initialized for subnet=
    20120511225824:0005659B1:0101(0001-0001)(2560)<FINISHED STARTUP for OFF_SUBNET>
    20120511225824:000566635:0101(0001-0000)(2560)<SERVICE STARTUP FINISHED in 1700 mSec>
    20120511225829:0000976E9:0101(0006-0004)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
    20120512004422:00030AF67:0101(6369-0002)(2356)<IP ADDRESS TABLE CHANGED>
    20120512004422:00030CF87:0101(6369-0000)(2356)<IP CHANGE NOTIFICATION SCHEDULED>
    20120512004422:00031ACA3:0101(6369-0000)(2356)<RESCAN SUBNETS> S=1, R=0
    20120512014735:000777FE4:0001(0162-3792)(5452)<MONITORING OFF-SUBNET>
    20120512014739:0001D6701:0001(0166-0000)(2204)Media sense re-started
    20120512014739:0001FE678:0101(0166-0000)(2356)<RESUMING>
    20120512014739:00022BB9E:0101(0166-0000)(2356)<RESCAN SUBNETS> S=0, R=1
    20120512014739:00024148B:0001(0166-0000)(2204)Already awake
      My Computer


  2. Posts : 60
    Win 7 Ultimate 64 bit
    Thread Starter
       #2

    Also, there is actually two other IP adresses that this mysterious activity uses. I don't have them to paste right now but i will later. And the above c/p is one of 200+ logged activities of this type!

    If this is an "UP and UP" activity( as compared to someone hacking into my machine I don't know either way that is why I'm asking?) of an HP machine why is it an HP acivity at all?
      My Computer


  3. Posts : 60
    Win 7 Ultimate 64 bit
    Thread Starter
       #3

    additional info


    OK here is some additional info:

    these are the IP's I mentioned . . . .
    my IP: 174.57.91.xxx last three octets are deleted on purpose

    suspicious #2 IP: 68.37.228.207 (text c/p below shows location also see attached pic 205)

    suspicious #3 IP:
    69.248.177.14

    This comes from a windows temp directory, and it seems as though it is automatically recorded in files like this HPSLPSVC0205.log c/p

    20120614150401:0003CCB01:0001(0000-0000)(2320)+++ Starting: hpslpsvc32.dll
    20120614150401:0003E5381:0001(0000-0000)(2320)+++ From: cprogram files\hp\digital imaging\bin
    20120614150401:0003FA6E8:0001(0000-0000)(2320)+++Command Line: CWindows\system32\svchost.exe -k HPService
    20120614150401:00040FB03:0001(0000-0000)(2320)+++ File Size: 634880
    20120614150401:00041C6EC:0001(0000-0000)(2320)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
    20120614150401:000427EF4:0001(0000-0000)(2320)+++ Built on: Oct 16 2008 18:22:43
    20120614150401:000435E39:0101(0000-0000)(2320)+++ PI 2312 HPSLPSVC0205.log (CWindows\system32\svchost.exe )
    20120614150401:00044EA1A:0001(0000-0000)(2320){Loaded 0 devices}
    20120614150401:00046EAC3:0201(0000-0000)(3012)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=68.37.228.207 Type=6>
    20120614150401:00047CBF3:0101(0000-0000)(3012)<FOUND 1 connected adapter(s), error=0>
    20120614150401:000482D41:0001(0000-0000)(3012)<Monitoring adapter ip=68.37.228.207, subnet=68.37.228.0/23 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
    20120614150401:0004905B7:0101(0000-0000)(3012)<STARTED manager for(68.37.228.0/23)>
    20120614150401:000499B13:0001(0000-0000)(3016)Heartbeat event initialized for subnet=68.37.228.0/23
    20120614150402:0004A5405:0001(0000-0000)(3020)<MONITORING subnet 68.37.228.0/23 on LOCAL ADDRESS 68.37.228.207>
    20120614150402:0004B10E5:0101(0000-0000)(3012)<FOUND 1 connected adapter(s)>
    20120614150402:0004B1909:0101(0000-0000)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]
    20120614150402:0004B24CF:0101(0000-0000)(3020)<FINISHED STARTUP for 68.37.228.207>
    20120614150402:0004B2CBA:0001(0000-0000)(3024)Heartbeat event initialized for subnet=
    20120614150402:0004B3526:0001(0000-0000)(3028)<MONITORING OFF-SUBNET>
    20120614150402:0004B3CC4:0101(0000-0000)(3012)<STARTED MANAGER FOR OFF-SUBNET 3028>
    20120614150403:0005A8612:0101(0001-0001)(3028)<FINISHED STARTUP for OFF_SUBNET>
    20120614150403:0005AA263:0101(0001-0000)(3028)<SERVICE STARTUP FINISHED in 1467 mSec>
    20120614150408:0000E5C10101(0006-0005)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]

    that was only part of a 27kb log file.

    see attached screen shot logrecords.jpg of temp files (hplog files) and see the screen shot 205log.jpg of the section of that log file pasted above from HPSLPSVC0205.log.


    Attached Thumbnails Attached Thumbnails What is this internet activity on my HP?-logrecords.jpg   What is this internet activity on my HP?-205log.jpg  
    Last edited by pclaptop23; 23 Aug 2012 at 01:51. Reason: double posted one ip addy
      My Computer


  4. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #4

    Host name:
    c-24-0-187-75.hsd1.nj.comcast.net


    Country:
    United States



    B Class:
    24.0.0.0 - 24.0.255.255


    Region:
    NJ


    City:
    Franklinville


    Latitude:
    39.6193

    Some people report that its also HP checking and calling home.
      My Computer


  5. Posts : 60
    Win 7 Ultimate 64 bit
    Thread Starter
       #5

    OK, but why would HP digital imaging be going OUT of my HOME network 174.57.91.xxx to the internet to other IP addresses (24.0.187.75, 68.37.228.207, 69.248.177.14)to see if there were new printers on the network?

    How many different "HP" homes is MY computer calling out to? and how come they are all in Franklinville, about 5 miles from where I actually live?
    Last edited by pclaptop23; 23 Aug 2012 at 01:52.
      My Computer


  6. Posts : 60
    Win 7 Ultimate 64 bit
    Thread Starter
       #6

    Is it possible that someone(unknown to me) has added these IP addys as networked stations/clients/VPN and the HP query is including them as well regardless of the distance/location??
      My Computer


  7. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #7

    Any thing is possible. If it was me I would go into msconfig Start Up and make sure nothing is checked except my security, keyboard, and mouse. Then go into Services lower left corner and put a check mark in Hide All Microsoft Services. What ever is left only have your Security checked. Reboot. This should stop HP calling home except when you tell it to.
    All this does to all those things you have un-checked is telling them not to start at boot and run in the background. They will start up when you or Windows choose them to. i.e. tick on them.
    Then go int the HP photo program and make sure nothing is set to auto do anything. You will tell it when and what to do.Reboot. Then check again in msconfig and HP to make sure your new setting stayed as you made them.
      My Computer


  8. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #8

    If you really want to clean up that HP mess we got people here that can guide you through this.

    Clean Reinstall - Factory OEM Windows 7
      My Computer


  9. Posts : 60
    Win 7 Ultimate 64 bit
    Thread Starter
       #9

    Thanks Layback, I believe I have had an intrusion and a backdoor hack of my computer. Some files were removed and others were hidden and I'm trying to eliminate possibilities.

    Indeed, if this is just HP "PHONING HOME" then I have to look elsewhere! I just wish there was a way that a whois or IPtrace could take me farther than JUST the internet provider of that/those IP addresses!

    thanks again, PCLaptop
      My Computer


  10. Posts : 25,847
    Windows 10 Pro. 64/ version 1709 Windows 7 Pro/64
       #10

    To check for a back door hacker.
    Windows Defender Offline

    To remove a virus and to get rid of all that HP garbage my post #8
    What security programs do you use?
      My Computer


 
Page 1 of 2 12 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 06:05.
Find Us