Or maybe it's just a hacker using Norton? A picture is worth a thousand words, so here's some screenshots from my Sygate firewall for the security experts to peruse. The last picture is the "proof". Look in the bottom right hand corner -- the words "mimic a DOS" are words that I had just used in an email. Here are the background facts: 1) I have Firefox and Internet Explorer open, running Windows XP. 2) I just started using Internet Explorer today. 3) I have Norton AV on my system, but I let it expire months ago. 4) I used FireFox to send an email via an online email service. 5) Right after sending the email, Sygate popped up the alert. My interpretation is that Norton or the hacker needs to load the DLL's in order to steal my email. Maybe they've been using FireFox to do it in the past, and now that I have the IE browser open, they want to use it as well. I read that Norton phones home with all the sites you visit, but I don't think they're allowed to make copies of what you write. What do you think?