I searched the forum for pe.exe and ended up posting a comment to an old discussion on upnpclient. Great, I have at least two problems... Today I believe I visited a nasty website. Firefox (1.01) blocked it's attempt to run a potentially malicious program, but I suspect it left me a gift. Just a little later when I went to run Control Panel, Process Guard intercepted something called ps.exe trying to run, and anytime I now try to run CP it somehow wants to also start ps.exe. I disallowed it (and I'm not even a brain surgeon) and took a look at it over in my \system32\ subdirectory, where it and a couple of it's buddies - ps.bat and ps - had an install date of today. Each time I delete them then start Contro Panel they are reinstalled to the same directory and ps.exe tries to run. Google shows nothing of value on this, and neither Norton, LavaSoft, A Squared nor MS Malware beta see it as a problem. The one line in the batch file is "C:\WINDOWS\system32\ps.exe" > "C:\WINDOWS\system32\ps" - the quotes are a part of the actual statement in the file. Anyone else run into this puppy? If it's legit I don't understand why I have not sen it before, nor do I understand it's behaviour, so I suspect its a nasty. And for the heck of it, has anyone identified what the heck upnpclient (stress "client" this is NOT the upnp service WXP normally comes with) is all about?