Agreed and that's what's so weird about this. I don't see the SYSTEM32 subfolder for system32, system is set to show invisible files. Neither of the two flagged files (rtl8187.sys and rtl8187B.sys) appear to exist anywhere either. There is a rtl8187se.sys in my system32 folder, but no additional SYSTEM32 subfolder where the supposedly infected files exist. Any ideas as to why this would identify a folder and files that don't exist? Or if they do why I can't see them even though system is set to show invisible files? Looking up rtl8187se.sys it appears to be a realtek networking driver. It's a Gateway preconfigured machine so I'm assuming if it's necessary Gateway put it there. Also, does that registry data mean anything? Thanks for any additional guidance.