I am rephrasing and maybe better placing an unanswered thread. My AV often reports my windows 7 ultimate 64 service files, such as winmon.exe or or service.exe requesting opened TCP connections along with a number of .DLL filkes, and then times they are flagged as heuristic behavior modification, however i know many of those are undeletable, due to windows security replacing them as soon as they are noticed to be missing and in another thread it was also indicated that these must be deleted from three places at once almost to actually prevent those from being instantly replaced, this explains maybe why i get this repeatedly immediately after boot up, but after five or some times it slows down to now and then... still quite a hassle to stop on start up.
It all depends on what they are and to whom they're phoning home.
Download HijackThis from http://www.trendmicro.com and install it. In Windows 7, right click and RunAs Administrator then carefully comb through the entries under the 023 section. Tick to remove anything you don't like the look of and restart after letting the programme do its job. It's also a good source of information in the 04 section as to what starts up when the system comes on - better than msconfig, in fact.