Dustin wrote:

>Doubtful rootkit is present...
>Wish I could have seen that box man.

I wish I saved an image of it now for analysis.

Making matters worse is I can't find the notes. I wrote down the .exe
name and 3 files it created.

Okay, I'll try again. Please tell me your method for documenting stuff
and the order you look for things. Since this was my first 'malware
research', I was playing it all by best guesses and happenstance.

I was just looking at running processes and services from "all users",
and examined the ones I didn't recognize. I found the .exe when I got
the pop-up, ran taskman and right clicked the "Windows Anti-Spyware" and
go to file location. It brought me to the download directory, but was
not there. I had not yet set Windows to show hidden and system files,
but when I did, there they were. I killed the .exe just to begin to see
the damage. If I didn't the pop-up would not allow me to get anything
done, it was very persistent.