MBAM has been detecting a change in Broken.OpenCommand in my registry of by my desktop (WindowsXP) and my laptop (Windows 7). I checked the items found and clicked remove selected. If I repeat the scan immediately no threats are found. However if I repeat the scan later the same day the Broken.OpenCommand is found again. Registry Data Items Detected: 2 HKCR\scrfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: ("%1" /S) -> Quarantined and repaired successfully. HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE "%1") Good: (regedit.exe "%1") -> Quarantined and repaired successfully. Is the registry being reinfected by notepad.exe? I am using IOLO System Mechanic which has been reported to cause false positives for the Broken.OpenCommand, http://forums.malwarebytes.org/index.php?showtopic=110120. However after I disabled System Mechanics repair registry problems in automated tasks the Broken.OpenCommand keeps showing up in MBAM. Is Broken.OpenCommand a dangerous trojan as a number of websites say or is it "a shell context menu addition that allows you to open the registry editor by right-clicking on a .reg file. No idea why MBAM objected to the quotes around the regedit command; your existing entry was not broken", http://www.overclock.net/t/853237/what-are-broken-opencommand-s If it's a serious problem how can I clean my computers? Our university technical support said they could run ComboFix but would first backup my harddisk onto another disk in case ComboFix breaks anything. Steve