The suspcicious activity which made me believe this was when my firewall alerted me that several programs were trying to connect to a multicast ip. Mainly Azureus and my F@H cores. (The cores should NEVER try to access the net) A couple of the times that I blocked it, another program instantly tried to access the same ip. I know a lot of rootkits access multicast to help limit their bandwidth.

I am afraid I am still a novice and can't understand any logfiles.
I have tried many rootkit scanners and they either didn't find anything or I couldn't make heads or tails of the analysis

Anyhow please help. Which programs log should I post? Or should I take other steps first.

Cheers Blue.

Here's what I suggest that you do. You may have malware or possibly even a rootkit, but we should start at the beginning, and diagnose all problems. To get started, I recommend that you follow CastleCops' Malware Removal and Prevention procedure, a new system CastleCops devised to enable users to either partially, or fully clean their systems without the direct aid of an expert.

You will find the Malware Removal and Prevention Procedure here:

http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Introduction

If that doesn't fix the problem, then go to this Forum, read the instructions at the top of the page carefully:

/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

Follow these instructions:

/t102301-Hijackthis_Guidelines_Read_Before_Posting.html

and one of CC's trained 1st Responders or Security Experts will help you. If they determine that you do have a rootkit that requires our assistance, you will then be referred back to this forum for more help. This way, you can have your system comprehensively and systematically cleaned of all malware and rootkits if there are any.

You might also want to read this to learn more about rootkits:

http://wiki.castlecops.com/Rooting_Out_the_Dangers:_Rootkit_Removal_for_Beginners