svchost: corrupted/injected modules?

Hi,

Has anyone seen this before?

Svchost (local service network restricted: dhcp, sec center, win audio, events) upon a soft reboot immediately after surfing, loaded files from

system32\en-US\*.mui (s)
system32\drivers

The drivers were all "relocated dlls" of services/functions related to remote connections, and many already disabled on my system:

RDP (terminal svcs)
nwifi.sys
wwansvc.sys
vhdmp.sys
vdrvroot.sys
disk.sys
http.sys
cttune.exe
(and many more)


This appeared for duration 30 minutes after soft boot, then suddenly disappeared, replacing suspect files with more normal dlls from correct system32 folder. Memory resident? I was able to get 2/3 of files in screenshots, but not all.

Scanned comp Htmnpro, MBam, *nothing* is ever found even with KRD and Avira Rescue. Firewall w/ hips did not alert on any of this.

sample screenshots: