The players are: Windows XP-SP3, IE-v8, Avast. I usually use Opera, but to help a friend I had to use IE. So I allowed it in the firewall and was checking the log to recheck if my old rules still valid. I turned on some logging, see attached. In IE the home page was google search page, not my Opera speed dial, so I had to type in the Wilders URL. In Opera I have never seen the ports I put red rectangles on - 18821 and 7754. They were not used for DNS. I know that 27275 is avast proxy port for some game stuff so the tunnel is properly blocked in this instance, but those two are baffling and are present all the time on every site I tried. What was going on? What's IE doing besides it's normal cache where local and remote computer ports are equal?