After a few hours on the net I studied my event log and I found this suspect Event log. 04/25/02 5:43 454k.anmys.ca W3SVC1 WWW-2K WWW-2K.mycomputer.com 80 GET /SCRIPTS../../../WINNT.SYSTEM32/CMD.EXE / c+dir+c:\ 200 730 484 2 1+www.mysite.com MOZILLA/4.0+(compadible;+ MSIE+5.0; =win=NT) What Is that and is it dangerous it seems to me that someone probed my C dirve.