I need help with this Please.

I have been working on a problem for the last few days that I can't seem to resolve. I'd like some help with this please-
I have running AVG, Kerio firewall, Trojan Hunter Guard, SMC Barricade router with SPI, XP Pro SP2 patched.
I have run scans with ewido 4.0,Pest Patrol, Hijackthis, AVG, Spybot S&D, Bluelight root kit finder, Ad-Aware.
I have also gone over Hijack this log line by line, ran PurgeIE to delete all temp files, cookies, history, etc. I have seached the run area of registry, looked over running processes with a fine tooth comb, started and reviewed the windows firewall log.

Here's the problem: Watching netstat and Kerio I can see that when I am surfing, especially certain sites, my machine will connect(establish) to various Ip's in the 220.130.117.40-70 domain port: 80 Process ID=iexplore.exe opening from one to many ports briefly send/receive some bytes then go into timewait and disconnect. The IP translates to:
inetnum: 220.129.0.0 - 220.143.255.255
netname: HINET-NET
country: TW
descr: CHTD, Chunghwa Telecom Co.,Ltd.
descr: Data-Bldg.6F, No.21, Sec.21, Hsin-Yi Rd.
descr: Taipei Taiwan 100
admin-c: HN27-AP
tech-c: HN28-AP
status: ALLOCATED PORTABLE
changed: **********@twnic.net 20030611
mnt-by: MAINT-TW-TWNIC
source: APNIC

This has got me very nervous. The machine even connects to this site when the browser is not open, though a lot more infrequently. This behavior has me thinking this is some kind of keylogger/spyware that is reporting my browsing and who knows what else. Have I found something that is perfectly innocuous or what do I do from here? Kerio doesn't seem to be concerned. I searched the registry for 220 and found nothing. I looked at hosts files and found them without entries. This connection opens the most ports and connections with sites like my.yahoo and New York Times. Although like I said sometimes a connection is opened when the browser is not even open. Kerio put the word "radius" next to the connection one of the times this IP (220.137.117.55) logged a connection, but the rest of the times it was in the log it just put "http" next to it.
What is going on? ANY help would be appreciated, Thanks!

 

You could try ProcX from Ghost Security.It's freeware and excellent for looking at and/or terminating running processes.
It's available in this forum under "Ghost Security" category.

You could try another av program like AntiVir.
You can try an online scan like "House Call" from Trend Micro.

Hope this helps.