I had a popup from my firewall saying rundll32.exe was trying to connect to IP address '''85.10.195.247'''. I looked in Task Manager & saw this was being initiated by '''C:\Users\*username*\Appdata\Local\uniNetdsc\i18mapIde.dll'''. I looked at msconfig and saw it was starting with argument '''rundll32.exe "C:\Users\*username*\AppData\Local\uniNetdsc\i18mapIde.dll",dbcfgplugin MSNapiEnum'''. I noticed that the file creation date for '''i18mapIde.dll''' was today, but I have not installed anything. I looked up the IP address & it is owned by '''your-server''''' dot '''''de''' & read that they have been host to malware & dubious practises, such as spam attacks. When I ended the rundll process I was still unable to delete the dll because it was in use by Firefox. I closed Firefox & deleted it. At the time the dll appeared I had Firefox open, but was reading & not browsing . This leads me to believe that one of the extensions I have installed has downloaded & installed the dll today. The dll itself contains no information & Googling each of the arguments produced no results. Does anyone know any more about this? I have these extensions installed: * Always on Top * CookieCuller * CSS Usage * deskCut * Download Sort * DownloadHelper * Firebug * Firecookie * FireQuery * FireRainbow * GoogleEnhancer * Greasemonkey * Html Validator * HttpFox * IE Tab+ * Inline Code Finder for Firebug * Launchy * Menu Editor * Page Speed * Personal Menu * Save Link * Tab Mix Plus * Thumbs * ViewInFirefox * Web Developer * Yslow I have a few more that are disabled, so I assume they would not be able to do this.