Hi,
Did as was instructed, but after double clicking the batch file it gave me a black screen with...paraphrasing:
Could not find c:\windows\system32\stu2.exe
'pauseDel' is not recognized as internal or external command, operable program or batch file.....................

when I checked system 32, I did not see a "Stu" file, but there was a userinit file.....I think that is good?
Here is the Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:42:06 PM, on 12/6/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://excite.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe
O23 - Service: VIPRE Antivirus + Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe

--
End of file - 1326 bytes
Thanks,,,,,,george

Hi, George... I don't know how pauseDEL got into that last batch command... .. it should have had just pause as the second command. But no matter. And i did not see where stu2.exe got deleted in our procedure...
Any further occurrences of the two trojans?

Hi,
I ran Malwarebytes full scan this morning and No trojan.agent appeared.
Should i run it in safe mode with files "not hidden"? or anything else...
Thanks
George

I would be satisfied, george, with where you are at now. The hidden files thing is just a presentation option for explorer... it does not actually set attributes on a file that are not already there. Other pgms can see them. Do a quick scan in safe mode if you wish, but any keys present would be found in normal mode; you would be hoping to spot a rootkit only that had not started up.

Hi,
Did another scan last night and nothing appeared..thank you, again, very, very much. I really appreciate your time and effort!. Have a great day.
George

You are welcome, George.
Please go Start, Run, and type or paste in:
combofix /u
-this will remove combofix and its quarantine folder with malware contents.