michael stump You are absolutely correct.
Oh and one more thing: NEVER clean an infected workstation. Get rid of it, or if the incident requires it, establish a chain of custody and allow law enforcement to take ownership of it. Truly insidious malware can't be cleaned. Best to start from scratch.
In an Incident Handling class I learnt "Game Over": once a computer is infected, no matter it's a computer at home, a workstation at work, a server in the data center, it's game over. I wonder how many organization actually follow this best practice.