Why would explorer.exe request and outbound HTTP connection on port 80-83 ?

-{ Quote: "Why would explorer.exe request and outbound HTTP connection on port 80-83 ?" }-
Strange as explorer.exe needs no connection to the Internet at all. So block it, but if it is not located in the 'c:\windows\' folder...
-{ Quote: "explorer.exe is a process which is registered as a trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system" }-

Virus with same name: W32.MyDoom.B

Narrowed it down. The second I go to do a search for files, I get a popup
from my firewall saying that explorer.exe is looking for an outbound TCP connection to sa.windows.com. I modified the rule to block this. I also noticed that there were some UDP connections from this exec to my router using ports
1040, 1041, 1043, 1149, 1900 at various times.

There is virtually never any reason to allow explorer.exe outbound access. In rare cases it will try to, but you should be able to block it permanently, in most cases without issues.

Block it. It does not need internet access. (Unless there is some kind of search for file on the internet type of thing, but that is not needed)

Alphalutra1

-{ Quote: "Narrowed it down. The second I go to do a search for files, I get a popup
from my firewall saying that explorer.exe is looking for an outbound TCP connection to sa.windows.com. I modified the rule to block this. I also noticed that there were some UDP connections from this exec to my router using ports
1040, 1041, 1043, 1149, 1900 at various times." }-Explorer will try and connect out when performing a search, you can block this.

The UDP you mention, this looks like Explorer is attempting SSDP discovery(uPnP) to your router, if you do not use the SSDP service, (SSDP(uPnP) is capable of opening ports in the router, so it is best to disable if you do not use this),... you can disable this by going to "start / run" in the window that appears type "services.msc" (without the ""),... in the services window that appears, look down the list until you find "SSDP discovery service",.. double left click to bring up the properties window,.. click "stop" and then change the startup type to "disabled"

-{ Quote: "Explorer will try and connect out when performing a search, you can block this.
.. you can disable this by going to "start / run" in the window that appears type "services.msc" (without the ""),... in the services window that appears, look down the list until you find "SSDP discovery service",.. double left click to bring up the properties window,.. click "stop" and then change the startup type to "disabled"" }-

Thanks for the tip. A little off topic. I did notice 'Remote Access Connection Manger' and 'Remote Procedure Call (RPC)' services also running. Any concerns there ? Is there a sticky somewhere where the more 'dangerous' services are identified ?

-{ Quote: "Thanks for the tip. A little off topic. I did notice 'Remote Access Connection Manger' " }-If you disable this, it may cause you problems.
-{ Quote: "and 'Remote Procedure Call (RPC)' services also running." }-DO NOT DISABLE If you disable this it WILL cause you a lot of problems.
-{ Quote: "Is there a sticky somewhere where the more 'dangerous' services are identified ?" }-What is your O.S.?

-{ Quote: "What is your O.S.?" }-

XP SP2

-{ Quote: "XP SP2" }-Have a look at this site (http://www.theeldergeek.com/services_guide.htm) it will give you an idea of what the windows services do,... and if they are really needed. Do take care with what services you stop/disable

In addition to the search assistant connection, Explorer will also make connections to check digital certificates.
Right click a signed file and check details for a digital signature to see this.
Connection to crl. microsoft, versign, and comodo .net for instance.

-{ Quote: "In addition to the search assistant connection, Explorer will also make connections to check digital certificates.
Right click a signed file and check details for a digital signature to see this.
Connection to crl. microsoft, versign, and comodo .net for instance." }-
Thanks for that info, learned again something.

-{ Quote: "Have a look at this site (http://www.theeldergeek.com/services_guide.htm) it will give you an idea of what the windows services do,... and if they are really needed. Do take care with what services you stop/disable" }-

Thanks for everyones input