If you're not able to discover and remove the malware - and it ain't
easy, these days - you'll have to re-build the workstation.

If it was my shop, and a client was opening thousands of connections, I
would take the machine offline (from the internet and the network)
immediately.
---
Leonard Grey
Errare humanum est

zaz wrote:
A client of ours has one XP workstation that is attempting to open thousands
of internet sessions. This has the affect of flooding the network with
unnessary traffic. This was causing the old Netgear router to crash and we
have replaced it with a more sophisticated Draytek which has identified this
XP machine as the source of the network traffic. We have put a restriction
on their router to prevent this machine from opening up too many connections,
which helps the other users on their network, but this machine needs to be
stopped from doing this.

I have used the usual suspects (Process Explorer, Auto Runs, AVG,
MalwareBytes), but am unable to find the culprit on the machine that is
causing the problem. Can anyone suggest other utilities, procedures to go
through that might help. Other than rebuilding the machine?