A few days ago some small e-Commerce sites were compromised http://www.securityfocus.com/archive/75/455149 and were being used to distribute payloads for a Microsoft vulnerability, MS06-044 http://www.microsoft.com/technet/security/Bulletin/MS06-044.mspx.

That payload uses the XMLHttpRequest (used in AJAX applications) to download in the background two files: q2l.exe and q1.dll from http://***.cc/q/ to the Windows Temp directory: C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp (this directory is obtained from the Windows environment variable TEMP).