I'm not sure I had a virus, but at this point, I would have to say that the odds are in favor of it. I noticed that of 3 machines, only one had a dozen or more instances of svchost.exe. In fact, on the other 2, there were no instances at all. So I formatted the drive and reinstalled W7. But before the updates were done, i used IE to dl firefox. A couple hours later I happen to look at taskmanger and there are those svchost pgms again. So I format and reinstall again, but this time do all the updates first before even enabling the ethernet card (i turned it on to dl the updates and off while they were being installed). Now when I check, not a single svchost is running. I should also mention that after the first install, FF was acting weird, telling me that it was running in "safe mode" - whatever that is. the only way I could have gotten infected again was through a hole in IE. But even that blows my mind because that means that these guys must be sitting on every IP address out there like hungry dogs. I still have some more software to install before the 2 installs are exactly comparable, but I don't think anything I have left will be needing a dozen instances of svchost. edit: oh, the reason I was in taskmanager was because MSE found a virus in a file on the drive I just formated and it was in an IE directory and related to FF. That together with the litter of svchost pgms made think something was definitely amiss.