Here's a twist, just ran a memory scan from TDS-3 app menu bar item, System testing >> Memory scan and received this message window: TDS has located a Trojan running alive in memory! Process details Alarm: RAT.GIP 1.x ProcID: 2256 Filename: IEXPLORE.exe Crogram Files\Internet Explorer\IEXPLORE.EXE Pressed ignore. Running W2K a nd have been bombarded recently with virus laden emails. Deleted affected email account name and emails started to attack one of two remaining addresses. Is this possibly related or just false alarm? Properties of file and location appear correct. Any help greatly appreciated. PS Went to pcflank and it showed port 25685 closed, others stealthed. Mentioned "Moonpie" Trojan Rat 1 and "server.exe". Did search on hard drive and registry, not found.