I have a NT4 domain with 10 subnets geographically seperated connected by frame relay. Each of these locations has several xp pro machines. While watching the firewall logs I have noticed a lot of udp port 138 traffic originating from almost all of these xp machines. The traffic is attempting to reach port 138 on non-existant servers on the network. The servers they are trying to reach did exist at one time (3 or more years ago). I have checked wins to ensure there are no entries for these servers and there are no entries. The odd thing is that it only comes from xp machines, the nt, 9x machines (75% of the pcs on the network) do not have this problem. Any ideas as to why this happening? Thanks!