New
#11
I'm also suspicious of that one.
If he runs the standalone sweep, I suspect that this one could be caught. The standalone sweep doesn't boot up into his win 7 but rather into a ram disk Pre-execution Environment version of Win 7 running only on the ram disk. Thus the win 7 on the hard disk can be checked without "alerting' the malware.
Also autoruns would cast some light on that one as to whether it is "verified" and the source.