Hi folks, I'm a new user, just downloaded TDS-3 (demo). I am running a box with 98SE, DSL from SBC, NetGear router/firewall, Sygate Personal firewall Pro 5.1, Norton A/V 2003, and TrojanHunter 3.5. The last couple of days I've noticed a lot of activity on ports 137 and 138, plus someone is scanning my ports every 3 min. The scan began at port 2011 and currently stands at 2880. I ran TrojanHunter and Norton virus scans on my system - both say I'm clean. Still not convinced, I downloaded from G-Lock software their AA Network Tools kit and ran a port scan. AA tools tells me these ports are listening: 110 TCP ProMail; 137 UDP Chode Msinit; 138 UDP Chode; 139 TCP Chode God Messenger. I went to the Symantec site and ran an online virus scan: results were no infection. I decided to try TDS-3 based on its industrial strength reputation, configured it according to FanJ's "basic config" post, and TDS-3 also found no trojan infection. So, I'm not sure if I have Trojan infections, or if TDS-3 just can't find them because it's a demo. If I knew for sure the program is working I'd be more inclined to buy, because I like the fact that it can do so much more than TrojanHunter. Plus, I'd also feel better if I knew for sure that my system was clean. Until this week, my Sygate logs didn't show the activity that they're showing now, so I know something is in my system but I just haven't been able to catch it yet. Can anyone offer me some advice with this? Thank you in advance, and apologies for the long post.