Explorer.exe creating many internet connections to random ip addresses

I have a friend who received an email with a zip attachment about air line tickets.  I was able to scan the computer and remove the virus.  However now everytime he starts up his laptop, Explorer.exe runs at a hight cpu percent and there are over 100 connections to random IP addresses.  Their status is either established, time_wait, or Close_wait.  

His system is running windows 7 home premium.

On occasion, after arount 15minutes, the process will end, and system idle will be over 90%.  On most occasions it never ends.

I have disabled all startup entries, processes not microsoft, and have disabled hidden startup's with sysinternals autoruns program.

When I boot to safemode, the same thing happens.  

Not sure what to do next.  I have used Kaspersky's cd scanner too.  No virus was detected.
rrinconesAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
aadihConnect With a Mentor Commented:
If the problem happened recently (1-2 days), restore your PC to an earlier time by booting up in safe mode with command prompt and typing rstrui.exe to restore.

Scan with:

(1) Malwarebytes Antimalware (free).

(2) TDSSKiller (free).

(3) Malwarebytes AntiRootkit (Beta) (free).
0
 
David KrollCommented:
What did you use to remove the virus?  I would definitely run a full scan with Malwarebytes.
0
 
rrinconesAuthor Commented:
I scanned with malwarebytes twice.  1st scanned resulted in 33 registry entries, 8 values, 15 folders, and 57 files, detected with items such as funmoods, whitesmoke, visual bee.  

2nd scan had 1 detection from vid-saver.

Prior to scanning, I went to add remove programs and uninstalled several free programs and toolbar addons.

I will try system restore.  I will have to remove those programs again, but I will check for internet connections prior to removing the programs.

By the way, there are 4 instances of explorer.exe running, each using 20 to 40 % of cpu.  And the dll's are for various programs.
0
Building an Effective Phishing Protection Program

Join Director of Product Management Todd OBoyle on April 26th as he covers the key elements of a phishing protection program. Whether you’re an old hat at phishing education or considering starting a program -- we'll discuss critical components that should be in any program.

 
rrinconesAuthor Commented:
Ive been monitoring explorer.exe with process explorer from sysinternals.  Every 10 minutes or so, all the dll's will end at the same time, then startup again after a few seconds.
0
 
LeeTutorretiredCommented:
I've requested that this question be deleted for the following reason:

The question has either no comments or not enough useful information to be called an "answer".
0
 
rrinconesAuthor Commented:
Sorry about the late update.  tdsskiller did the trick. after scanning the pc, no more internet ports opened up on their own.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.