I am using windows 10.
While doing some checks I started to notice there are strange IP's (mostly registered to Sprint) connected under explorer.exe, the local ports are always different when the IP's come back around. I've come across these established connections through netstat commands, TCPview and system explorer.
explorer.exe 10.0.0.x:24744 - 220.127.116.11:http
explorer.exe 10.0.0.x:2965 - 18.104.22.168 port 80
sometimes a different such as 50 rather than 48 at the end
also often established under explorer.exe is xxx-xxx-xxx-xxx.deploy.static.akamaitechnologies.com:http which I don't like, but doesn't concern me as much.
when I did see a PID attached to these connections I could not find the matching PID in my processes. I scanned for hidden processes, which there are 1-3 hidden PIDs at different times, however non of those match either. I don't know how to figure out what these hidden PID's account for. I do my homework, but I still consider myself closer to a novice.
I tried blocking the IP within my firewall but still noticed the foreign IP afterwards.(it comes and goes and I've also seen a different suspicious IP)
I've scanned and cleaned my comp with malwarebytes, avast, iobit malware fighter, rogue killer, and iobit advanced system care.
Wish I did it sooner, but connecting to PIA vpn made these suspicious connections disappear.
I may be paranoid, but I'm worried I've got someone spying on me, and who knows what information they may have gathered by now.
The computer is not running slow, but there are some minor events, such as high CPU, or RAM, more than 1 instance of explorer.exe, and WMIprvSE.exe (under svhost, usually one in which jumps in cpu usage) TiWorker.exe and processes related to Zune folders seem odd too.. I do know these are legit but maybe not in my case?
I know there are other small things but I am trying not to fall asleep.
I just really want this figured out, it has been consuming my time, and I will very much appreciate any help!!