What is this internet activity on my HP?

[pclaptop23hour]

On a HP desk top at screwy times of the day and night this activity is recorded. And what is this IP address that is referred to? It is not MY Modems IP adress 24.0.187.75

Starting: hpslpsvc32.dll
20120511225823:0003B91E4:0001(0000-0000)(2204)+++ From: c:\program files\hp\digital imaging\bin
20120511225823:0003B97F2:0001(0000-0000)(2204)+++Command Line: C:\Windows\system32\svchost.exe -k HPService
20120511225823:0003B9D38:0001(0000-0000)(2204)+++ File Size: 634880
20120511225823:0003BA22D:0001(0000-0000)(2204)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
20120511225823:0003BA7FF:0001(0000-0000)(2204)+++ Built on: Oct 16 2008 18:22:43
20120511225823:0003BAE4D:0101(0000-0000)(2204)+++ PID: 2196 HPSLPSVC0182.log (C:\Windows\system32\svchost.exe )
20120511225823:0003E0D19:0001(0000-0000)(2204){Loaded 0 devices}
20120511225823:00042526D:0201(0000-0000)(2356)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=192.168.2.5 Type=6>
20120511225823:000427B5B:0101(0000-0000)(2356)<FOUND 1 connected adapter(s), error=0>
20120511225823:0004460F5:0001(0000-0000)(2356)<Monitoring adapter ip=192.168.2.5, subnet=192.168.2.0/24 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
20120511225823:000450A8A:0001(0000-0000)(2528)Heartbeat event initialized for subnet=192.168.2.0/24
20120511225823:000459F0C:0101(0000-0000)(2356)<STARTED manager for(192.168.2.0/24)>
20120511225823:00045CBDE:0101(0000-0000)(2356)<FOUND 1 connected adapter(s)>
20120511225823:00045EC26:0001(0000-0000)(2532)<MONITORING subnet 192.168.2.0/24 on LOCAL ADDRESS 192.168.2.5>
20120511225823:0004613DD:0101(0000-0000)(2356)<STARTED MANAGER FOR OFF-SUBNET 2560>
20120511225823:000462AD3:0001(0000-0000)(2560)<MONITORING OFF-SUBNET>
20120511225823:0004639C5:0101(0000-0000)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
20120511225823:00046435C:0101(0000-0000)(2532)<FINISHED STARTUP for 192.168.2.5>
20120511225823:000470D8B:0001(0000-0000)(2548)Heartbeat event initialized for subnet=
20120511225824:0005659B1:0101(0001-0001)(2560)<FINISHED STARTUP for OFF_SUBNET>
20120511225824:000566635:0101(0001-0000)(2560)<SERVICE STARTUP FINISHED in 1700 mSec>
20120511225829:0000976E9:0101(0006-0004)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
20120512004422:00030AF67:0101(6369-0002)(2356)<IP ADDRESS TABLE CHANGED>
20120512004422:00030CF87:0101(6369-0000)(2356)<IP CHANGE NOTIFICATION SCHEDULED>
20120512004422:00031ACA3:0101(6369-0000)(2356)<RESCAN SUBNETS> S=1, R=0
20120512014735:000777FE4:0001(0162-3792)(5452)<MONITORING OFF-SUBNET>
20120512014739:0001D6701:0001(0166-0000)(2204)Media sense re-started
20120512014739:0001FE678:0101(0166-0000)(2356)<RESUMING>
20120512014739:00022BB9E:0101(0166-0000)(2356)<RESCAN SUBNETS> S=0, R=1
20120512014739:00024148B:0001(0166-0000)(2204)Already awake

 

[pclaptop23hour]

Also, there is actually two other IP adresses that this mysterious activity uses. I don't have them to paste right now but i will later. And the above c/p is one of 200+ logged activities of this type!

If this is an "UP and UP" activity( as compared to someone hacking into my machine I don't know either way that is why I'm asking?) of an HP machine why is it an HP acivity at all?

 

[Fardringle]

What are you using to log this information (just curious)?

It looks to me like the HP Digital Imaging Service (hpslpsvc32.dll) is periodically scanning your local network looking for any changes to the IP address of your HP network printer(s).

 

[unokitty]

On a HP desk top at screwy times of the day and night this activity is recorded. And what is this IP address that is referred to? It is not MY Modems IP adress 24.0.187.75

ARIN reports that that IP address (24.0.187.75) is owned by:

Comcast Cable Communications, Inc.
1800 Bishops Gate Blvd
Mt Laurel, NJ

_____________________________________________________

For the remainder, does that text come from a log file that you are finding in your Windows temp directory?

As Fardringle pointed out, you have an HP service running. (hpslpsvc32.dll).

A guess at a solution.

I would open up my control panel go into Admin Tools/Computer Management/Services and look for a service named something like "HP Network Devices Support." And I would change its start up type from automatic to either manual or disabled.

Best of luck,
Uno

 

[mammador]

which IP address? you're citing several.

 

[pclaptop23hour]

OK here is some additional info:

mammador these are the IP's Mentioned . . . .
my IP: 174.57.91.xxx last three octets are deleted on purpose

suspicious #2 IP: 68.37.228.207 (text c/p below shows location also see attached pic 205)

suspicious #3 IP: 69.248.177.14

unokitty . . . . Yes this comes from a windows temp directory

fardringle . . . . It seems as though it is automatically recorded in files like this HPSLPSVC0205.log c/p

20120614150401:0003CCB01:0001(0000-0000)(2320)+++ Starting: hpslpsvc32.dll
20120614150401:0003E5381:0001(0000-0000)(2320)+++ From: c:\program files\hp\digital imaging\bin
20120614150401:0003FA6E8:0001(0000-0000)(2320)+++Command Line: C:\Windows\system32\svchost.exe -k HPService
20120614150401:00040FB03:0001(0000-0000)(2320)+++ File Size: 634880
20120614150401:00041C6EC:0001(0000-0000)(2320)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
20120614150401:000427EF4:0001(0000-0000)(2320)+++ Built on: Oct 16 2008 18:22:43
20120614150401:000435E39:0101(0000-0000)(2320)+++ PID: 2312 HPSLPSVC0205.log (C:\Windows\system32\svchost.exe )
20120614150401:00044EA1A:0001(0000-0000)(2320){Loaded 0 devices}
20120614150401:00046EAC3:0201(0000-0000)(3012)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=68.37.228.207 Type=6>
20120614150401:00047CBF3:0101(0000-0000)(3012)<FOUND 1 connected adapter(s), error=0>
20120614150401:000482D41:0001(0000-0000)(3012)<Monitoring adapter ip=68.37.228.207, subnet=68.37.228.0/23 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
20120614150401:0004905B7:0101(0000-0000)(3012)<STARTED manager for(68.37.228.0/23)>
20120614150401:000499B13:0001(0000-0000)(3016)Heartbeat event initialized for subnet=68.37.228.0/23
20120614150402:0004A5405:0001(0000-0000)(3020)<MONITORING subnet 68.37.228.0/23 on LOCAL ADDRESS 68.37.228.207>
20120614150402:0004B10E5:0101(0000-0000)(3012)<FOUND 1 connected adapter(s)>
20120614150402:0004B1909:0101(0000-0000)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]
20120614150402:0004B24CF:0101(0000-0000)(3020)<FINISHED STARTUP for 68.37.228.207>
20120614150402:0004B2CBA:0001(0000-0000)(3024)Heartbeat event initialized for subnet=
20120614150402:0004B3526:0001(0000-0000)(3028)<MONITORING OFF-SUBNET>
20120614150402:0004B3CC4:0101(0000-0000)(3012)<STARTED MANAGER FOR OFF-SUBNET 3028>
20120614150403:0005A8612:0101(0001-0001)(3028)<FINISHED STARTUP for OFF_SUBNET>
20120614150403:0005AA263:0101(0001-0000)(3028)<SERVICE STARTUP FINISHED in 1467 mSec>
20120614150408:0000E5C1D:0101(0006-0005)(3020)[SENDING MULTICAST REQUEST->68.37.228.0/23]

that was only part of a 27kb log file.

see attached screen shot logrecords.jpg of temp files (hplog files) and see the screen shot 205log.jpg of the section of that log file pasted above from HPSLPSVC0205.log.

oops just realized I cant post pics!

 

[Fardringle]

OK here is some additional info:
fardringle . . . . It seems as though it is automatically recorded in files like this HPSLPSVC0205.log c/p

That confirms what I said earlier. It's just the HP network discovery tools periodically scanning your network for changes. It doesn't hurt anything, and you actually want it if you have an HP printer (or other HP device) that is attached directly to the network in case that printer's IP address changes. If you don't have anything like that, then you can safely disable - or set to manual - the "HP Digital Imaging Service" and the "HP Network Devices Support" services in the Control Panel>Services applet.

 

[pclaptop23hour]

OK, but why would HP digital imaging be going OUT of my HOME network 174.57.91.xxx to the internet to other IP addresses (24.0.187.75, 68.37.228.207, 69.248.177.14)to see if there were new printers on the network?

 

[AnonymouseUser]

OK, but why would HP digital imaging be going OUT of my HOME network 174.57.91.xxx to the internet to other IP addresses (24.0.187.75, 68.37.228.207, 24.0.187.75)to see if there were new printers on the network?

Both of those IP addresses (you listed one twice) are owned by Comcast. Is that possibly their DNS servers? If so, then the HP software is probably just doing a daily check for software updates. If you want, you can most likely disable it in the HP settings somewhere.

 

[pclaptop23hour]

Thanks for reply, I double posted one of the IP addys. in the 200+ log files there is another but I couldn't find it to repost it now.

The IP's being traced show that they are owned by Comcast, but they are in a GROUP of IP's owned by comcast. A whois or IP trace will only take you as far as the IP provider. Try it on your own IP! I do believe, (if the IP provider was queried by a legal entity) that IP Provider could divulge EXACTLY who owns that address!

And while I believe that ONE of them COULD be a DNS server, both of them in the same little town???

If I could have posted the screen shot of the logfile records jpeg you would see that this "software update" check is happening 2- 3 times PER day?

Again thanks for your input, I wish there was a way to COMPLETELY trace the IP to the actual owner and not the provider!

 

[pclaptop23hour]

found the other IP 69.248.177.14

 

[pclaptop23hour]

To give you an idea how I've come to this point, I've got a 320 gb hd and windows is only seeing 50 gb! I was getting a message "HD is full"! Can't be! I opened the PC case, looked at HD, and it is printed on HD case label "320 gb"

I used Paragon Partition Mgr and Ontrack Data Recovery to find out that 236gb has been un-partitioned to something other than NTFS or FAT, (Win 7 doesn't even see this 236gb) and that Ontrack found 671 files in there that pertain to evidence and documents and pictures and mpg videos for a current ongoing MAJOR LAWSUIT!

Now I'm pretty damn sure this HD did NOT come from the factory with 236 gb un-accessable, and I'm just as sure that those 671 files weren't there from the factory as well!

thanks pcplatop