224.0.0.22, pretty happening

a zonealarm pop-up said-
win32pad tried to access the internet, destination ip - 224.0.0.22
i asked the question at the win32pad forum, and it's definitely not meant to do this.
shortly after this, taskeng.exe did the same thing,same ip destination

something in my computer is disguising itself by using legitimate names of programs, and is trying to access the internet?

 

Well starting from 224.0.0.0 is Multicasting and usually if you have one machine you can block these packets...IGMP.

To set your mind at rest scan with an antimalware or look at your computer with autoruns, process explorer and tcpview if your confident to do that.

 

I have a similar issue, different IP range. What programs are doing it depend on what I have installed. Thought it might be related to the conficker worm but unsure.
I have a different security setup than 4 months ago and the behavior continued with new programs.
In my situation I found out that something was taking over any windows component that can inject into any process, attaching to this component and injecting into winlogon, servicehost and so on.

Possible it creates a hidden device to run from.

I had been using SIW but that started reporting bogus results, not working.
Even Netstat wouldn't report properly.

Start your browser opening multiple different addresses, 10 or so.
You should see them with netstat.

This confirmed for me that something fishy was going on but I never did pin it down. If it can subvert netstat and SIW then I think tcpview wouldn't be much help.