Another unusual activity post

Hi, I have some concerning activity that I could use some help with. I run X-NetStat Pro and it’s telling me that several files are connecting to the same IP address every 10 minutes or so. Not sure about the exact time, but it is several times a hour. The files are kernel32.dll, lsass,exe, spoolsv.exe, and svchost.exe. The connections are not very long. Most are outgoing except I just witnessed kernel32.dll taking 80 bytes on the inbound side from the same IP address. This is the first time I’ve seen it incoming.

I tried using VisualRoute to see if it was Microsoft or something legit like that, but VisualRoute returns no information for the IP and I find that strange as well because I’ve never seen VR fail like that.

The IP address is Does it look familiar to anyone? Is it legit? I’ve used Comodo to block all incoming and outgoing for spoolsv.exe. The other processes I’m not too sure I can block. You see I Remote Desktop into this machine in my garage from a computer on the second floor of my home. I don’t know what blocking traffic to lsass.exe or svchost will do to my Remote Desktop connection.
Kernell32.dll just connected outbound to the same IP again using 96 bytes.

Any help you guys could give me would really be appreciated.

Ok, Comodo’s Active Connections window is showing that svchost.exe is doing a ICMP to

I looked up that IP address with CQcounter Whois look up and finds that is part of the IP range of ISP Rackspace Hosting in Atlanta.(USA). Does that name mean anything to you?

What are the paths to kernel32.dll, lsass,exe, spoolsv.exe, and svchost.exe? Those are the names of system files and as such should be in \windows\system32\ folder.