Problem resolving likley infected machine
Any suggestions to help with a likely infected machine short of re-formatting the disk. Wireshark capture on tcp port 25 still shows that SMTP and TCP packets – indicating spam. This is after cleaning machine with Malwarebytes, F-secure, windows defender and ESET internet security. TP Link wireless adapter also uninstalled and resetted.
Wireshark is unlikely to help apart from confirming the suspected malware traffic exists or not. Note that depending on what email clients are on the machine, SMTP traffic could be expected. To see what processes are using port 25 try a tool such as the SysInternals ProcMon. Use of ProcMon is off-topic for this site.
Hello gjmart,
Like grahamb pointed out Wireshark will only tell you if you still have suspect software. The thing is that you need is to figure out what process on each system is sending out the traffic. ProcMon is indeed a good tool but I also recommend you to have a look at SysInternals sysmon. It will give you good logs. After you have a couple of hours of logs have a look for what applications/scripts opened the ports and investigate those.
Grahamb is right in the fact the use of these tool is of topic but we don't want you to be stuck so if you need a site that can help you further, let us know.