That also rather depends on the scan settings, as I'm not sure .msi files are considered archive files and not unpacked for scanning by default or Self-extracting win32 executables, which would be unpacked for scanning by default.
The file detected pcftofon.exe is effectively within two archives, the Data1.cab, which is within the x-Win32-7.1.msi file, so is pretty inert.
This is supposedly a font converter and it may be its actions which could be considered suspicious and why it is picked up by a generic signature, Win32: malware-gen (the -gen at the end), which are more prone to FP.
Do you actually know what this .msi file is, does this ring any bells,
http://www.starnet.com/xwin32kb/Silent_installs_or_push_deployments ?
However, the one in the system restore, restore point is one and the same file (just given a different file name).
If you can extract the pcftofon.exe file using something like 7zip, then you could confirm the detection:
You could also check the offending/suspect file at:
VirusTotal - Multi engine on-line virus scanner and
report the findings here, post the URL in the Address bar of the VT results page. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.
Create a folder called
Suspect in the
C:\ drive. Now exclude that folder in the
File System Shield, Expert Settings, Exclusions, Add, type (or copy and paste)
C:\Suspect\* That will stop the File System Shield scanning any file you put in that folder.
Do
So if you can ex