No, doesn't ring any bells. I noticed that it first started out creating temp files in the users temp directory. When I deleted those while watching process explorer it started to create the qsp files in the windows/temp folder. Symantec finds it the files and now quarantines them, but I cannot discover the source. I am now running another antivirus check in safe mode over night to see if that shows up anything.