i m using nod32 3.0.414.0 RC1 today when i run omnipeek, i found that there is an http connection to joy4host.com which was resolved from this ip address 126.96.36.199 i m not opening that website in internet explorer so i run port explorer from diamond cs i can't find anything there i lookup that address in google n found that that webpage is connected with a TR/agent.baf.1 i check the port which is connected to that site by using wireshark i found that the port is 2037 i used a lot of programs to catch it red-handed but i found that it just connects to that website for a very short time or may b just a ping. i don't know but i found that it is connected by Nod32 finally in sysinternals tcpview may b i can find it in other programs if i wait for it to show up the fact is why would nod32 connect such a website? is it not joy4host? if not what is that site? nod32.com? is it wrongly resolved by omnipeek? waiting for ur answers.