Finally, I ran HijackThis and started going through the log manually and found the little stinker. Here's the line item from the log.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\itbotr\cmqfsftav.exe
Had HijackThis take that entry out of the registry, rebooted and all is well.
So, it looks like this is a brand new name for the executable. I'm not a regular in the malware community, so I don't know the "official" channels for sharing this info. Just spreading the word, to help support the folks that make these great tools and the community.
Edited by Orange Blossom, 06 March 2010 - 07:03 PM.
Move to AII. ~ OB