I hadn’t used PCFlank in a while and ran the gambit. One (targa3) made my program turn unresponsive – easily got out and that was that. Later a netstat showed I was connected to their IP (not the case after I left - always netstat after surfing). Killed that socket, ran AV scan – nothing. Ran a full TDS3 scan and turned up two new hidden ADS “mailto” streams – one tracing to a series of AOL mail relays and other to an office near Hong Kong. Killed these - rescanned, good – rebooted & rescanned, good. Picked up a spy there. Can preclude other sources since it That visist was right after I updated and fully checked the system, it was clean. The magical connection to their IP and finding these hidden streams is suspicious. Got to respect the power of TDS. Wouldn’t have found the little snoops without it. Is it possible someone found a way to use their site as vehicle? Or likely a remnant in one of the exploits used for testing? Either way, it didn't fool TDS3.