CWS Re-Infection Executables

I'm not sure if this is the right place to post this, but I have what might sound like a stupid question that I'm wondering about and I haven't been able to find any documentation. I am repairing a system that had quite a bit of spyware on it, and when I was checking something in the owner\Documents & Settings folder\Application data\ I happened to see a folder named 'iefeatsl' which I know is a CoolWebSearch variant. The folder contained the files: msiesh.new and submit2.exe. I looked in the msiesh.new with my viewer and it's the {FD9BC004} .dll that I'm assuming is not yet executed.

When a CWS infection is executed does it also install pre-defined setup files or folders like this that would install a new infection based on a trigger from a given infection that is removed? Also, do they always use a [filename]2.exe pattern or is it random? Because I found another lone executable named TestManager2.exe that was in the the same Docs & Settings\ owner\App Data folder but was in Microsoft\Installer\{E47EA4D...}. I've followed all the CWS information links and read everything by Merijn but I may have missed it and it sure would help me. Thanks.