All the svchost.exe processes came back as Verified (Microsoft Windows Component Publisher).
Probably means their real, so good news here.
When I added the columns for send and receive bytes, etc., some of those processes got numbers, others remained blank.
Ones that are blank aren't doing anything on the network, ones that are are the ones to keep your eye on as they might be phoning home.
I can't object to a good cleaning, but when this problem first occurred, I tried that with the tools I was using then -- MSSE, Malwarebytes, and Spybot Search and Destroy. They found nothing, or nearly nothing, and had no effect on the intermittent problem. But I'm willing to try again. Which tools do you recommend?
By cleaning i meant removing hardware and cleaning it with electronic contact cleaner or in a pinch you can use rubbing alcohol or zippo fuel as well as reseating all hardware a feu times, didn't mean clean as is looking for virus/malware action with software.
Remember to let the computer dry some depending what you use to clean things with, some of the liquids can catch fire with one spark, best to let it dry before powering up the computer, depending what you use this doesn't take long in any case.
After that the next faze is to stress test the computer to see if a clean changed anything, main problem you have from what i understand is the computer is unstable.
After that if its still a problem i would under-clock the system as well as put the bios in to safe mode, this is to check for electromigration, you see as different parts of the computer get old sometimes they cant hold the same speed that they one were able to hold, giving a little more volts or slowing em down a little or better cooling are the ways to fix this problem, or just out right changing parts.
Remember when you do this to remove the power cord from the computer and wait 10 sec before touching anything and to touch the computer case one with your finger so as to remove static from your body.
At the same time look for any sines of damage to anything as well as check for bad caps.
btw in your netstat pics you have something called capturescreenshot.exe port 80 ip 18.104.22.168
Don't know what that douse but it seems like Google Inc spyware to me and i relly don't like what its called, you all so have a lot of stuff running in your network stack including but not limited too the scary net-bios ports.
If your not sharing files on a network "lan" i would recommend you turn the ports 137,138,138,445 off, their like hacker city ports.
Was wondering as well what firewall are you using ?
As well this might be of some use to you seeing as your still in winxp as i am.
Edited by shadow_647, 29 December 2016 - 11:42 PM.