I'm a bit perplexed by this one. I checked my firewall at around 1900hrs (kerio 2.1.5) and found in the connected ports list Gallys.nastydollars.com as a connected port (2x) but no traffic, no trojans, no worms ,no virus. I performed multiple checks using my onboard virus and trojan protection/scanners (the usual Spybot,ad-aware, avg, hi-jack this bho demon,msconfig plus Trend Housecall, Pest Patrol and am currently running a Security Space scan. I am behind a nat router. I have tried netstat and this shows the connection but again no traffic has occurred. I have after a re-boot found no trace of this connection but I did notice in the earlier check of the firewall that the connection occurred at 12.49 today but no sign of anything created or modified at that time is evident. Could this have been a TSR event that was cleared by the re-boot? Was there a .js or .vb sitting in memory, holding the connection? Has anyone experienced anything similar? I was reading some Blogs at around that time so contamination would have been via my actions but as I say, there seems to have been no interaction across the net and no install requests for activex content etc. -- "Whale Oil Beef Hooked." "Lu Tze."