During the last week or so, I have noticed some strange behavior from both Firefox and Internet Explorer. I use the Kerio firewall with the sponge ruleset. Lately whenever I go to sites such as foxnews or myspace, I get a message from Kerio saying that my browser is trying to connect to IP 18.104.22.168/79. The ruleset I'm using identifies this IP block as being associated with CoolWebSearch and blocks the connection. I haven't experienced any form of browser hijacking and I've run CWShredder numerous times. I use the Hoster program to manage my hosts file. It keeps the file set to read only. This problem doesn't occur with all web sites and it doesn't always happen on sites like foxnews.com. When it happens there are many times where my browser will say that it can't connect at all and the site can't be displayed. Has anyone else encountered anything like this? Any suggestions? I would appreciate any feedback.