hihi.. i posted this on the lavasoft bbs, but it seems they can't find out what's wrong.. i hope you can help. quite suddenly one day, tcpview showed me connecting out to www14.dixiesys.com, through very many connections, as if i was being flooded. it happened periodically, and was becoming annoying, so i make a Tiny firewall rule to block all connections to that site. and clicked on log when this rule is applied. when i looked in the log, it said that iexplore.exe was the program trying to connect out, but of course was blocked. it seems to happen from any port (and always to port 80), but there is a pattern that with each blocked attempt, iexplore tries to connect to dixiesys from a higher port until it eventually gives up... until the next time. i ran the cleaner and TDS, but found nothing. i posted a startuplist to the lavasoft bbs, and there was nothing suspicious there. i also run adsgone, which changes the HOSTS file, and so i thought maybe it was showing up as dixiesys because i had it blocked. but no, it wasn't there, so i added it. besides, when that happens, the IP listed is the localhost, not this other strange one. today i decided to make a web block rule in my router also for the word dixiesys. ... on a -possibly- unrelated issue, the log in the status window of my router often lists SYN floods and SMURF attacks. this seems to happen especially just after someone connects to the router from the LAN. sorry for long post... but, any advice?