The latest example of this is SDNTC.EXE. This is Norton Speed Disk. SDNTC.EXE on the desktop that showed up was a dummy file and somehow System Works is now pointed to it instead of the version in Program Files. I copied the version in Program Files to the desktop and it works fine now. I also protected it with Process Guard. I think the instructions suggested reinstalling the firewall and then protecting it in Process Guard. I will do this soon, but this was a work around for now. After I understand what is going on better I might rebuild everything and protect. I want to learn more before I do that though. Do you know what might be causing dummy executable files to show up on my desktop like this? I have had others.