I have been able to capture one of these beasts on a test PC (Vista 32 EN, SP1).  Here's what I've found so far:

It does seems to randomize the last characters of the filenames it creates.  So far they've started with hjgru*.dll or dat pretty consistently.

They cause services to fail on startup after the machine is fully infected.  At first you can log in but eventually even safe mode will fail.

I've used UBCD, Avira boot CD and several Linux boot CD's to mount the file system (NTFS) and attempt to delete the file.  no dice.  It does a nice job of protecting itself.

Avira was able to see the files as a threat but could not remove them.

NAV Corp Edition (latest) did not detect the threat as it loaded.  NAV was unable to scan the PC from any mode once it was infected.  DAT's are fully up to date.

I was eventually able to wipe the files using RootReveal and HiJack this from safe mode.  Service still seems to be present but doesn't appear to load.  

After wiping via RootReveal, the files do not return.  However, the service still appears when scanned.  It does not show in MSConfig, etc.  

I'm still concerned that the service appears to be present.  But with its files (payload) missing it doesn't do much.  I'm also worried it has them squirreled away in a driver cache or temp file somewhere.

Ran a full scan with NAV corp after getting the files cleaned.  NAV did not find any problems.

Appears to be cleaned.  But not sure.

Need some logs?

[edit: edited title to reflect message.]