"whois" using my connection

I have searched in vain and have not located a tool/utility to determine what process/service is dominating my slow dial up connection bandwidth. So much so that I can barely browse or get mail. I have ZA, AVG av/sw. SW blaster, spybot, SW terminator etc. and have run complete scans w/o finding any problems.
I have turned off ALL auto update options in every process (including Windows) that I am aware of. I turn off BITS then re-boot. I then dial my ISP and without any apps running, I turn on BITS and the download begins. I use What'sRunning 2.0 (great utility) hoping to find an answer but tracing the parents from the culprit svchost process brings me all the way back to "system" (kernel I presume) process #4 which is a deadend. Btw if the author of What'sRunning is listening, . So whatever the process, it must have started moons ago (I say that because this has been going on for the last 3 days) and is hiding as one of the gazillion "system" processes/services and if and when I find this @#^&$% I will Kill it.
I have traced the host IP address to a number of Web hosting farms such as Global and MaiTech (which are used by MS and other big SW houses) and even called them to ask what vendor/client is assigned the IP addresses linked back to them and they will not divulge that info...must be a law against this.
I know I can leave BITS turned off but auto updates are convenient.
Thanks for any help you can give me...Bill

 

try using HijackThis

 

Hijack this isn't gonna help them unless they can figure it out on there own, if you wish help from the malware team here, you need to do the following http://forums.majorgeeks.com/showthread.php?t=35407 then post for help.

 

Helps if i read his ENTIRE post

I thought there was a process on his computer he was trying to figure out what it was.

 

I am sincerely sorry for posting w/o researching your rules of the road.

 

Thanks Halo...I must be missing something but, Netlimiter "monitor" didn't supply info on a "parent" application name/PID or a file name associated with the connected svchost process. It's aggrivating because it just won't quit if I leave BITS on.
Sorry Colemanguy, it's on to your suggestion although after reading the procedure, I will be at it for a few days/nights.
Thanks again, Bill

 

Oh and i didn't mean anything to you for not knowing the rules, but the other person suggesting hijack tihs without procedure. Good luck with the malware thread, they are great people there.