I was informed of CLIStart.exe being Fraud.VirusDoctor today upon boot. This file is part of my ATI graphics driver which I downloaded from Dell several months ago. I found ran a context menu scan on it from Windows Explorer and found that the detection was not based on signatures but heuristics.

If it helps to note my AV is avast! Professional. From Resident.log
Code:
3/28/2009 9:32:50 AM Allowed (based on user decision) value "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}" (new data: "") added in Browser Helper Object!
3/28/2009 9:32:56 AM Allowed (based on user decision) value "AirShare" (new data: ""C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\AirShareInstaller.exe" 0;1;1;1.6.65;C:\Program Files\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A91000000001}\;") added in System Startup global entry!
3/28/2009 9:33:19 AM Allowed (based on user decision) value "AirShare" (new data: "") deleted in System Startup global entry!
3/29/2009 11:48:45 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "") deleted in Desktop settings!
3/29/2009 11:48:56 AM Allowed (based on user decision) value "scrnsave.exe" (new data: "C:\Windows\system32\AvastSS.scr") added in Desktop settings!
4/3/2009 11:33:38 AM Encountered and terminated Fraud.VirusDoctor in C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe!
I most recently updated Spybot late last night and I got the TeaTimer update March 13 according to the log. I will send an email with the detected file and full logs shortly.