There is a shortcut in the Startup folder with this as the command line it runs. I've deleted the shortcut and it just reappears within seconds. Rename it and a new one reappears within seconds.
I also found a batch file in my users\me\local folder. The commands it runs is
echo x4SZRj8VY37HCvczeQ9 start "QevslvDchtWcI59vUY1" "%LOCALAPPDATA%\9d9b\505f.3f751"
I see this being run when the computer boots. It's called by a shortcut names "d178". I see the command window for a short time during the boot process. I've scanned the file "505f.3f751", it comes up no infections so far.
If anyone has any ideas on what these are that would be cool. I haven't tried a boot into safe mode yet to see what happens then. I probably will soon.