+ 0 Votes First, find who the IP address belongs to robo_dev 6 years ago go to www.arin.net and enter the IP in the search box. Next, goto the IP address via the web browser and see what's there. If it's a server in south Hackistan, then your suspicions are valid. using netstat -an (from command prompt in Windows), you can see if there is an active session to that IP. A free sniffer such as Ethereral or Wireshark will allow you to do protocol analysis and see what type of communication is happening with that address. + 0 Votes Process Explorer Aakash Shah 6 years ago By system processes, do you mean svchost? If so, you can use Process Explorer to peek inside svhost to see what is running inside it. Here is an article by Mark Russonvich from Sysinternals/MS that explains how to search for malware on computers: http://www.microsoft.com/emea/spotlight/sessionh.aspx?videoid=359 This site has a video that talks abotu advanced malware cleanup. You may find the tips it uses to be quite helpful. + 0 Votes Try the Zonealarm Firewall mjd420nova 6 years ago I use Zonealarm from Zonelabs to track every incoming and outgoing program. The only way this won't work is if the offending program is using IE, but it will still identify which program is attempting to send out info. + 0 Votes TCPView from Sysinternals Aakash Shah 6 years ago Download TCPView from Sysinternals (now Microsoft): http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx This will allow you to see what connections are being made, who the connection is being made to and what program is making these requests. Good luck!