the isp needs to be more forthcoming, they know the machine i.d.
i suspect they dont want to reveal just how much they can log for the government.

get the log from them - see how often it happens like hourly or daily etc.

now the bad news.
thanks to microsoft pushing for the UEFI standard, it's possible the shitware is installed in the bios or it's secret partition on the primary drive!!!

it's also possible but unlikely that it's installed in the router.

Thank you! Will review.

In one my testing of unwanted connection of various os and device, I use some stanalone fully isolated laptop like wifi hotspot with wireshark monitoring........... http://www.youtube.com/watch?v=oi2VOkPITqQ Maybe you can do same, to disconnect tested computer and via usb wificard conect to wireshark hotspot... you give very little information about what number of computer is in network and what information (ip, address...) you collect from isp... the program in case of detection of network connectivity usualy send request to try connect to desired server...

Depending who owns the Internet Router,either you or the SP can log onto device and run 'Packet Capture' depending on the router.
It should be discovered where high utilization is being ran & the type of traffic, which in turn will help you track down the dodgey device.

Once resolved, maybe worth investing in a Firewall or investigate your loophole in the network after..

Happy Hunting.

If your router has the capability to show you every device on your network then start looking at that particular device that has a lot of traffic more than other devices on the network beyond that I really do not know what else to suggest or recommend

Or find a very good anti virus program and run it several times on each machine's hard drive ( preferably on another computer that you know that is not infected with a virus and just run the anti virus software on just the computer's hard drive so all files can be scanned not just some of them just like you flash drives and back in the day with floppy disks ) and you might find which computer it is but if your internet provider has contacted you I would suspect that maybe all of your computers on that network might be compromised and or infected with it virus ( one note not all antivirus software are the same some are better than others )

One note I have read somewhere that depending on what type of virus or malware it is even formatting the hard drive may not help because it goes deeper than just the hard drive I personally do not how true this is

I firmly believe that if you do not need to be hooked to internet to complete your tasks at hand do not be hooked to the internet because now days you have to worry about being hacked or malware and being held for ransom money to me it not worth it

I have battery testing machine that I refuse to hook to a computer that has access to internet because of these issues that I have mentioned above

If I can not do what I need to do on a tablet I really do not need to do it
If my tablet gets hacked I will reformat it back to the factory settings like you bought it from the store and if does not work properly after that I will destroy it so it can not do anymore harm to anyone else

I have a new computer to download software for my battery testing machines on different computers and later on do 3D cad drawing for my 3D printer maybe later on this year I hope to get back into drawing components that I need to make

pc's are compromised by design,
you can secure some of them but not all.

firstly the bios may have malware like "computrace" hidden in it - that can edit both windows AND linux to insert itself into the harddrive at boot!
then if it's an intel system you have the Management Engine in the chipset itself that runs in standby and has full acess to the drives, ram and networking!!
MEcleaner can rip it out of some systems but not all.
the ME cannot be seen by the o.s. because it runs on a seperate microcontroller that is not linked to the cpu!

AMD?
who knows - i have no idea what AGESA can do!

For a difficult virus, you really need to try one or more bootable "rescue" disks (I'm old, its USBs now) as some viruses can hide while running / intercept the actions of an AV program