Can't Load Webpages Due To A Sync Attack On My Pc.

First of all i am glad to become part of the majorgeeks community, even when i am not exactly a geek nor i pretend to be . Thanks in advance to all for reading this post and for the help you guys/girls can give me.

It happens that everytime i browse on certain pages, like msdn,hotmail, myspace, facebook, yahoo,etc the pages dont load properly, showing a messy rendered html page, or no content at all on them.

All started sometime ago i noticed that i had a weird socket active using the netstat -ab command, again everytime i browsed to any page, the socket looked like this:

TCP mypc:1027 weird-reverse-dns:80 ESTABLISHED 600
[iexplore.exe]

So i downloaded a sniffer called xnetstat, and set a rule to kill the connection everytime it attempted to send a sync packet to start the three way handshake connection protocol. Thats when the messy load of certain pages started, multiple sync packets were then sent by the intruder to random ports of my computer that resulted in the incorrect rendering of those pages, I noticed that the last octect of the intruding IP changed as each connection was killed also i mapped the ports of the intruder and turned out that it had some linux ports opened, what lead me to think that it was/is a linux server with a pool of IP's available that were used accordingly to perform the attack.

Thinking about being infected by spyware, i low level formatted my hard disk, reinstalled the windows and when i got connected to the internet the problem started again.

I downloaded a firewall called comodo setting some rules specifically built for the intruder ips range on all the possible protocols, and also set some filters on my router specifically to discard any packets going/comming for it, but yet the problem continued, it would not let me to update my avg virus database either ussing the same method but this time bombing the svchost.exe with packets when attempts to connect with the updating server, i am not updating my windows since i reinstalled it because i am afraid of being redirected from the update servers for a malicious purpose, even when the intruder can't establish a connection due to the effective firewall protection but as i explained still performs the packets flood successfully.

I am wondering how is tracking me down to perform the attack, considering that my ISP provider uses dynamic IPs, i think its ussing either my network card or router MAC to identify me everytime i get online, just to try i have disabled the NetBios over TCP/IP protocol but doesn't work.

I have set also some filter rules set on my router set for the intruding IP's range too but they aren't working either.

I have been reading a lot in order to solve the problem but i cant fix it and i thought that it matches the behaviour of a sync attack, so i was wondering if you guys could please help me, i do study using my computer and is important for me.

Again thank you very much for helping me out, i do appreciate it.