peculiar infection

Hi all,
I've got a strange infestation here. What a stupid thing started it. Yet, I feel like I'm on the forefront of something new.

The only real search that works for me is wmcagent -- but none of those results help.
symptoms:
in user\appdata\local are a few new folders - they have no owner, the admin can't takeown on them, and they can't be explored. "Access Denied"
proceexp. shows a process (CWCERAHSvc.exe) running under services.exe in SAFE mode too.
Outside of safemode what has been running is mbrixwk.exe. Another exe is addenda.
oh, and rosenquist. None of these get google hits. none of them can be killed "Access Denied"

A search for each of them via RegEdit turned up numerous entries (some in the firewall rules). Deleted all entries, reboot etc. no change.

Malwarebytes full scan turned up stuff -- but none of it with those keywords. Windows Defender found nothing.

There was an entry in the menu:Startup named "presuming" and another, as i recall, redundantly named "presumingpresuming".

Besides today's carnival the machine could use a reinstall of WOS anyway -- but hah! I can't find the disc. So I ordered a new 7Pro disc (yeah the infected is a 7HP install)

I wouldn't be writing if I'd found the disc. Now that I am its as much a curiosity as a desire to be clean.

I'm not a guru of internals but I find it peculiar how files can hide in inaccessible folders with no obvious reference to where they get started and can start in safe mode too.

oh there's another exe which seems to be at the tail end of the process tree VSMCEWU.exe. when connect to the 'net I'll end up with about 7 of these, one will take 20+cpu, the others .5 to 2. I forgot to search the reg for that. will do, but I doubt, at this point, it'll help whether I find it or not.

the lack of public search hits makes me wonder if this a nice new flavor infection

any insights would be avidly read, any potential solutions greatly appreciated.
Thanks all.

forgot to say System Restore will not start via any user/method. Just a brief "hourglass"/circle then nothing.

A first point of investigation could be to search for those processes in the standard autorun locations, to monitor what process launches them and track back to the root of the problem.

I don't see anything specially peculiar with this pattern, pretty much what many viruses do to disguise themselves. But it could be part of some other software installed (particularly poor behaved). I strongly doubt this is a brand new class of viruses, most likely is a new virus (copied from another one) or a simple rename or even the work of a polimorphic infection. An antivirus scan could be of some use (specially the offline ones) or to submit some suspect files to VirusTotal could help too.

In any case, if an infection is confirmed, the best course of action is a clean install, more considering you don't mind a reinstall and have a disk on its way. Keep an image of it if you want to satisfy curiosity, so you can do a "post-mortem" analisys, but I would stop using the system for anything unless it's aimed at finding the cause and only then, if it happens to be a poor program as the root cause.

Try to boot your computer with Linux. Then you should be able to get into the folders and see whats in it. And If you delete something, back it up in Zip/rar files so you can restore it if needed... and if there is a virus then you can submit it to Symantec or to another company for analysis.

thanks for the advice everyone. I'm still in process with Malwarebytes. their effort(s) so far haven't isolated the prob. ran a fixlist and adware. adware found stuff but nothing named in my OP. rebooted and OP named stuff came right back up. I heard back from MBAM about the results: the (they're calling it) rootkit got to the fixlist before the MBAM module that wanted to use it for scanning (I presume) could. This is way beyond my whitehat height. Cool stuff and I'd love to see it cured (its been probably 10 years or more since I picked up a rootkit). I'm standing by ready to wipe in a new install. Speaking of reinstalling OS I posted an unrelated win7forum query if anybody is interested in taking a lookWin7Pro disc wont read or boot...
thanks again.

It sound quite strange and I highly doubt that it's really a rootkit. You're using 64 bit Windows, and driver signature enforcement should prevent any rootkit from running. It's not 100% impossible, but unlikely enough to not to seriously consider it. A normal virus or a rogue program is far more likely.

Anyway, go ahead and nuke the system. Like with any infection, a full reinstall of the OS is the only way to clean it and be safe again. Don't bother with antiviruses.