Finally, I ran HijackThis and started going through the log manually and found the little stinker. Here's the line item from the log.
C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\itbotr\cmqfsftav.exe
Had HijackThis take that entry out of the registry, rebooted and all is well.
So, it looks like this is a brand new name for the executable. I'm not a regular in the malware community, so I don't know the "official" channels for sharing this info. Just spreading the word, to help support the folks that make these great tools.
Edited by Brian Surratt, 06 March 2010 - 05:39 PM.