wudfsvc WINDOWS DRIVER FOUNDATION uses too much memory

[samhfoley]

Virus/Malware? SVCHOST SVCHOST is always running #2 on task manager, just behind FIREFOX using roughly 200,000K (but 0% CPU) I am not sure what the deal is. The PID is 372 and when I choose "go to service" it shows that it is
wudfsvc WINDOWS DRIVER FOUNDATION - USER MODE DRIVER FRAMEWORK


What is this? Virus? Malware?? I never recall seeing it in Task Manager before and certainly not this high on the memory usage scale.

Here is my Hijack This report if it's of any use.... Thanks in advance for any insights.

Sam


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:17:22 PM, on 6/22/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Program Files (x86)\Jugaari\Jaadu VNC Connect\JaaduConnect.exe
C:\Program Files (x86)\gPhotoShow\ControlSS.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: gPhotoShow Toolbar Helper - {B7E02222-F5F3-4581-BBF3-F071B9B5A2CC} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: gPhotoShow Toolbar - {08908347-2115-4D2C-95D6-FEFBDDB6EF7E} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [JaaduVNCConnect] "C:\Program Files (x86)\Jugaari\Jaadu VNC Connect\JaaduConnect.exe" -autostart
O4 - HKCU\..\Run: [ControlSSaver] C:\Program Files (x86)\gPhotoShow\ControlSS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{460A2B0B-4097-44EC-B019-ABC2027105C0}: NameServer = 192.168.3.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{460A2B0B-4097-44EC-B019-ABC2027105C0}: NameServer = 192.168.3.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASUS System Control Service (AsSysCtrlService) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: DVM Meta Data Export Service (MDES) - DeviceVM - C:\ASUS.SYS\CONFIG\DVMExportService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SlingAgentService - Sling Media Inc. - C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10373 bytes

 

[Tews]

Svchost.exe" (Generic Host Process for Win32 Services) is an integral part of Windows OS. It cannot be stopped or restarted manually. This process manages system services that run from dynamic link libraries (files with extension .dll). Examples for such system services are: "Automatic Updates", "Windows Firewall", "Plug and Play", "Fax Service", "Windows Themes" and many more.

At startup, Svchost.exe checks the services portion of the registry and constructs a list of services that it needs to load. Under normal conditions, multiple instances of Svchost.exe will be running simultaneously. Each Svchost.exe session can contain a grouping of services, so that many services can be run depending on how and where Svchost.exe is started. This allows for better control and debugging.

If the process svchost.exe uses high cpu resources, it is mostly due because the service "Automatic Updates" is downloading some new Windows update. But having a 99% or 100% cpu usage could be caused by downloads due of some hidden malware on your computer. Some malware like the Conficker worm changes the Windows Registry so that svchost loads the malware .dll file. In this case you only see the authentic svchost.exe process in the task manager...

source...

 

[samhfoley]

Right now it is using 0% CPU, just shows 218,000K memory usage. No windows updates are downloading right now. How can I check if something odd is afoot?

 

[Greg S]

Right now it is using 0% CPU, just shows 218,000K memory usage. No windows updates are downloading right now. How can I check if something odd is afoot?

I wouldn't say it's Malware etc.. but something seems out of whack.



Is WDF the only service listed with this particular svchost.exe process?

 

[samhfoley]

how can I see that dialog box pop up like in your attachment? I can only see mine like this...


Also the PID has changed. It was originally 372 and it is now 980

 

[samhfoley]

in this forum a user said he disabled his WINDOWS DRIVER FOUNDATION permanently with no issues....

http://www.sevenforums.com/general-...drive-foundation-service-slowing-startup.html

What do you think?

I tried disabling all non windows services at startup and that did not affect the problem, it still existed at the same levels.

 

[Greg S]

in this forum a user said he disabled his WINDOWS DRIVER FOUNDATION permanently with no issues....

http://www.sevenforums.com/general-...drive-foundation-service-slowing-startup.html

What do you think?

I tried disabling all non windows services at startup and that did not affect the problem, it still existed at the same levels.

If in that post you are referring to user WHS then yes, I would try that first. I would disable it and go about normal activities and see what happens before permanently disabling. The PID will change numbers upon restarting of the process. The tooltip in my screenshot comes from the task manager addon Prio - Priority Saver

If you disable it, make sure you disable the WDF service and not the svchost.exe process. As you can see from my earlier screenshot, that particular svchost process hosts quite a few Win 7 services.

 

[samhfoley]

What do you mean by WHS? I am a bit confused. I thought we were talking about WINDOWS DRIVER FOUNDATION or wudfsvc. Please be a bit more specific as I am unsure what you are referring to. Thanks

 

[Nem]

He's talking about a member of this forum named whs.

 

[samhfoley]

LOL, OK that makes sense. **slapping myself upside the head

 

[samhfoley]

disabling WINDOWS DRIVER FOUNDATION did not solve the issue, the SVCHOST is still running 210,000K I have a more detailed screenshot now thanks to Prio - Priority Saver What do you think?

 

[Greg S]

disabling WINDOWS DRIVER FOUNDATION did not solve the issue, the SVCHOST is still running 210,000K I have a more detailed screenshot now thanks to Prio - Priority Saver What do you think?

Disable each listed one at a time and see which one frees up the most memory. Right click that svchost.exe and in the context menu there is an item Go to Service. If you have Process Explorer you should be able to see which one is taking the most mem with out disabling them all one at a time.

 

[Jacee]

Would you mind finding this file C:\Windows\system32\srvany.exe and uploading it to Virus Total and have it scanned, please.
VirusTotal - Free Online Virus and Malware Scan

Do you know what Service this is for? Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

I'm not finding much about the KMService

 

[samhfoley]

Jacee,

Funny thing is when I did a search of my C drive just now I got 0 results back for srvany.exe

 

[samhfoley]

wait, now here is is, I have 64 bit OS so it was in another folder. Here are the results
File srvany.exe received on 2010.06.23 17:54:37 (UTC)
Current status: finished
Result: 0/41 (0.00%)

Compact
Print results

​

Antivirus Version Last Update Result a-squared 5.0.0.30 2010.06.23 - AhnLab-V3 2010.06.23.01 2010.06.23 - AntiVir 8.2.4.2 2010.06.23 - Antiy-AVL 2.0.3.7 2010.06.23 - Authentium 5.2.0.5 2010.06.23 - Avast 4.8.1351.0 2010.06.23 - Avast5 5.0.332.0 2010.06.23 - AVG 9.0.0.836 2010.06.23 - BitDefender 7.2 2010.06.23 - CAT-QuickHeal 10.00 2010.06.23 - ClamAV 0.96.0.3-git 2010.06.23 - Comodo 5195 2010.06.23 - DrWeb 5.0.2.03300 2010.06.23 - eSafe 7.0.17.0 2010.06.23 - eTrust-Vet 36.1.7661 2010.06.23 - F-Prot 4.6.1.107 2010.06.22 - F-Secure 9.0.15370.0 2010.06.23 - Fortinet 4.1.133.0 2010.06.23 - GData 21 2010.06.23 - Ikarus T3.1.1.84.0 2010.06.23 - Jiangmin 13.0.900 2010.06.15 - Kaspersky 7.0.0.125 2010.06.23 - McAfee 5.400.0.1158 2010.06.23 - McAfee-GW-Edition 2010.1 2010.06.23 - Microsoft 1.5902 2010.06.23 - NOD32 5223 2010.06.23 - Norman 6.05.10 2010.06.23 - nProtect 2010-06-23.02 2010.06.23 - Panda 10.0.2.7 2010.06.23 - PCTools 7.0.3.5 2010.06.23 - Prevx 3.0 2010.06.23 - Rising 22.53.02.04 2010.06.23 - Sophos 4.54.0 2010.06.23 - Sunbelt 6494 2010.06.23 - Symantec 20101.1.0.89 2010.06.23 - TheHacker 6.5.2.0.303 2010.06.23 - TrendMicro 9.120.0.1004 2010.06.23 - TrendMicro-HouseCall 9.120.0.1004 2010.06.23 - VBA32 3.12.12.5 2010.06.23 - ViRobot 2010.6.21.3896 2010.06.23 - VirusBuster 5.0.27.0 2010.06.23 - Additional information File size: 8192 bytes MD5 : 4635935fc972c582632bf45c26bfcb0e SHA1 : 7c5329229042535fe56e74f1f246c6da8cea3be8 SHA256: abd4afd71b3c2bd3f741bbe3cec52c4fa63ac78d353101d2e7dc4de2725d1ca1 PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x204F
timedatestamp.....: 0x3EA0A111 (Sat Apr 19 03:06:25 2003)
machinetype.......: 0x14C (Intel I386)

( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1850 0x1A00 5.90 15e98b94442b1f91f87ade4cf12eff4a
.data 0x3000 0x84 0x200 0.10 f240843d2fbe96bfb6d862c6c366d5a1

( 0 imports )


( 0 exports )
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ThreatExpert: ThreatExpert Report ssdeep: 96:8ldfxd/yKaP64DMI1XT3kaiyMlH38ZldnXFADkYLyAFdfcdTbGu00C:mSP64DMI1DkHMZ36kYLxFdfcdnGu00C sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD : - RDS : NSRL Reference Data Set

 

[samhfoley]

disabling WINDOWS DRIVER FOUNDATION did not solve the issue, the SVCHOST is still running 210,000K I have a more detailed screenshot now thanks to Prio - Priority Saver What do you think?

Disable each listed one at a time and see which one frees up the most memory. Right click that svchost.exe and in the context menu there is an item Go to Service. If you have Process Explorer you should be able to see which one is taking the most mem with out disabling them all one at a time.

I stopped all the services one at a time and the one that reduced the most memory was Superfetch. I don't know if this is relevant or not, but I just sent back a faulty SSD HDD and copied a disk image onto a 150GB Raptor HDD until the RMA comes back. What can I do about Superfetch?

 

[Greg S]

Jacee,

Funny thing is when I did a search of my C drive just now I got 0 results back for srvany.exe

srvany.exe - srvany, Service Any, Delete and Removal Information!

It appears a normal MS thingy. Neither of the two mentioned are being hosted by your svchost.exe. On a sidenote, what are the two extra titlebar buttons in your screenshot?

 

[whs]

What do you mean by WHS? I am a bit confused. I thought we were talking about WINDOWS DRIVER FOUNDATION or wudfsvc. Please be a bit more specific as I am unsure what you are referring to. Thanks

LOL, I think I posted at one time that I disable the service in "Services" (you have to then do a reboot). It is always getting into the way of WMP - makes the cursor permanently flicker and uses a lot of CPU time - at least in my case. But that only happens when I have a USB stick with data attached. I think it is trying to sync WMP files with the USB stick.
I have not noticed any negative effects when the Driver Foundation is disabled - neither in Vista nor in Win7.

 

[samhfoley]

Jacee,

On a sidenote, what are the two extra titlebar buttons in your screenshot?

Those are from a program called Ultrmon which lets me toggle things between my 2 monitors and also gives me a taskbar on both monitors

 

[Greg S]

What do you mean by WHS? I am a bit confused. I thought we were talking about WINDOWS DRIVER FOUNDATION or wudfsvc. Please be a bit more specific as I am unsure what you are referring to. Thanks

LOL, I think I posted at one time that I disable the service in "Services" (you have to then do a reboot). It is always getting into the way of WMP - makes the cursor permanently flicker and uses a lot of CPU time - at least in my case. But that only happens when I have a USB stick with data attached. I think it is trying to sync WMP files with the USB stick.
I have not noticed any negative effects when the Driver Foundation is disabled - neither in Vista nor in Win7.

Good info whs about the WMP conflict. I do not have it disabled but it's good to keep in mind for a just in case. About your name mixup, I was trying to let the user know if you have disabled it with no ill effects, that you were very trustworthy but it didn't come out right,lol.