What is this internet activity on my HP?

Discussion in 'other security issues & news' started by pclaptop, Aug 21, 2012.

Thread Status:
Not open for further replies.
  1. pclaptop

    pclaptop Registered Member

    Joined:
    Aug 21, 2012
    Posts:
    10
    Location:
    USA
    On a HP desk top at screwy times of the day and night this activity is recorded. And what is this IP address that is referred to? It is not MY Modems IP adress 24.0.187.75


    Starting: hpslpsvc32.dll
    20120511225823:0003B91E4:0001(0000-0000)(2204)+++ From: c:\program files\hp\digital imaging\bin
    20120511225823:0003B97F2:0001(0000-0000)(2204)+++Command Line: C:\Windows\system32\svchost.exe -k HPService
    20120511225823:0003B9D38:0001(0000-0000)(2204)+++ File Size: 634880
    20120511225823:0003BA22D:0001(0000-0000)(2204)+++ Version: hpslpsvc32.dll 120.0.194.0 Release
    20120511225823:0003BA7FF:0001(0000-0000)(2204)+++ Built on: Oct 16 2008 18:22:43
    20120511225823:0003BAE4D:0101(0000-0000)(2204)+++ PID: 2196 HPSLPSVC0182.log (C:\Windows\system32\svchost.exe )
    20120511225823:0003E0D19:0001(0000-0000)(2204){Loaded 0 devices}
    20120511225823:00042526D:0201(0000-0000)(2356)<Using adapter at index A for [Local Area Connection](NVIDIA nForce 10/100 Mbps Ethernet ) IP=192.168.2.5 Type=6>
    20120511225823:000427B5B:0101(0000-0000)(2356)<FOUND 1 connected adapter(s), error=0>
    20120511225823:0004460F5:0001(0000-0000)(2356)<Monitoring adapter ip=192.168.2.5, subnet=192.168.2.0/24 at index A for NVIDIA nForce 10/100 Mbps Ethernet [status=1, flags=3e5] type=6>
    20120511225823:000450A8A:0001(0000-0000)(252:cool:Heartbeat event initialized for subnet=192.168.2.0/24
    20120511225823:000459F0C:0101(0000-0000)(2356)<STARTED manager for(192.168.2.0/24)>
    20120511225823:00045CBDE:0101(0000-0000)(2356)<FOUND 1 connected adapter(s)>
    20120511225823:00045EC26:0001(0000-0000)(2532)<MONITORING subnet 192.168.2.0/24 on LOCAL ADDRESS 192.168.2.5>
    20120511225823:0004613DD:0101(0000-0000)(2356)<STARTED MANAGER FOR OFF-SUBNET 2560>
    20120511225823:000462AD3:0001(0000-0000)(2560)<MONITORING OFF-SUBNET>
    20120511225823:0004639C5:0101(0000-0000)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
    20120511225823:00046435C:0101(0000-0000)(2532)<FINISHED STARTUP for 192.168.2.5>
    20120511225823:000470D8B:0001(0000-0000)(254:cool:Heartbeat event initialized for subnet=
    20120511225824:0005659B1:0101(0001-0001)(2560)<FINISHED STARTUP for OFF_SUBNET>
    20120511225824:000566635:0101(0001-0000)(2560)<SERVICE STARTUP FINISHED in 1700 mSec>
    20120511225829:0000976E9:0101(0006-0004)(2532)[SENDING MULTICAST REQUEST->192.168.2.0/24]
    20120512004422:00030AF67:0101(6369-0002)(2356)<IP ADDRESS TABLE CHANGED>
    20120512004422:00030CF87:0101(6369-0000)(2356)<IP CHANGE NOTIFICATION SCHEDULED>
    20120512004422:00031ACA3:0101(6369-0000)(2356)<RESCAN SUBNETS> S=1, R=0
    20120512014735:000777FE4:0001(0162-3792)(5452)<MONITORING OFF-SUBNET>
    20120512014739:0001D6701:0001(0166-0000)(2204)Media sense re-started
    20120512014739:0001FE678:0101(0166-0000)(2356)<RESUMING>
    20120512014739:00022BB9E:0101(0166-0000)(2356)<RESCAN SUBNETS> S=0, R=1
    20120512014739:00024148B:0001(0166-0000)(2204)Already awake


    Also, there is actually two other IP adresses that this mysterious activity uses/connects to. I don't have them to paste right now but i will later. And the above c/p is one of 200+ logged activities of this type!

    If this is an "UP and UP" activity( as compared to someone hacking into my machine I don't know either way that is why I'm asking?) of an HP machine why is it an HP acivity at all?
     
  2. cincinnatijack

    cincinnatijack Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    93
    To isolate this issue you can login to 192.168.2.5 or 120.0.194.0 and check that out. Please follow the steps given below:

    1. Open an Internet Explorer and type in "192.168.2.5" in the address bar without any quotation mark and press Enter.
    2. Click on Login, by default the password might be blank and click submit.
    3. Click on DHCP Client List on the left hand side of the page.
    4. You can view the Client name and the Client's MAC Address and the ip address which is connected to your router.

    Note : If that is a wireless client, you will have to enable the wireless security on your router. That will automatically get disconnected as soon as you enable the wireless security on your router.
     
  3. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,084
    192.168.2.5 appears to be the address assigned to the machine from which the log was taken. 120.0.194.0 appears to be the release number of hpslpsvc32.dll. Based on a quick search, hpslpsvc32.dll appears to be known as "HP Network Devices Support", it may implement SLP (https://en.wikipedia.org/wiki/Service_Location_Protocol), and it is likely related to HP printers with network interfaces.
     
Loading...
Thread Status:
Not open for further replies.