WUDFHost.exe in the wrong folder: Is it a disguised infection?

Yesterday, WinPatrol detected that a process has enlisted itself on my Scheduled Tasks startup items. It was called WUDFHost.exe. I viewed the details and it said it was a component from Microsoft. So I dismissed it.

Some hours later, I rebooted. I noticed that my C:\ drive space usage have added about 2Gb Gb, which was odd because I haven't installed anything (in fact, I was trying to remove Java) and all my file operations were currently being held on D:\. I remembered to check out WUDFHost.exe and found that it was indeed an MS file and that it normally resides on C:\Windows\system32. I checked my C:\Windows\system32 and there was indeed my WUDFHost.exe. Then I checked the file that WinPatrol detected and it was placed in C:\Program Files (x86)\Common Files\Windows Driver Foundation. I immediately scanned that file with Norton 2012 and Malwarebytes (not at the same time, of course). They didn't think it was a threat. I then sandboxed my system just to see if any significant change will occur. There was none. So I rebooted my computer again, renamed the WUDFHost.exe in C:\Program Files (x86)\Common Files\Windows Driver Foundation and somehow I got back about 1GB of my C:\ disk space.

It's probably just nothing, but I can't leave it alone as I am getting paranoid now. What is it doing on my C:\Program Files (x86)\Common Files\Windows Driver Foundation folder? Is it safe? I can't delete it because it might actually turn out to be important. So I'll wait for some answers. For now, I'll leave under a different name.

NOTE: The WUDFHost.exe in C:\Windows\system32 and the one from C:\Program Files (x86)\Common Files\Windows Driver Foundation have different file sizes.

I don't see a "Windows Driver Foundation" folder on a couple of PC's I looked at.

Did you by any chance install the "Windows Driver Kit (WDK)" on your PC?

@David, no I did not install Windows Driver Kit.

@Jacee, I don't have Logitech software.

OK
i google'd "Windows Driver Foundation" and it led me down that path...
WDK is for driver developers, so that seemed odd to me.

I'm not sure why you have the "Windows Driver Foundation" folder...
maybe someone else will know what/when/why it's created.

David, thank you for looking into this. It's also very odd to me, especially because it just popped up all of a sudden (the fact that WinPatrol detected it all of a sudden).
I am not sure if this is relevant, but since you mentioned WDK, I remember that I installed ASUS Control Deck (a program that sets up screen brightness, volume, power plan). I can't say it's connected to WUDFHost.exe because I didn't pay attention to the time between its installation and the WUDFHost.exe detection. Any thoughts?

Can you look in the "Windows Driver Foundation" folder and see if anything looks like something you know about to try and figure out where this folder came from?

i.e. Maybe you'll see something for "ASUS" .

Can you post a screen print of that folder showing what's in there?
Especially Application and Application extension files (.exe and .dll)?

You can look at datetime in explorer for this folder and see if that rings a bell for something you installed, but datetime can be "misleading".

@David,
WUDFHost.exe is the only item inside that folder. There's no hidden dll or any other files. Its Date Modified, Date Created and Date Accessed all point to the same date: Mar. 4, 2012 (the same date WipPatrol has detected it).
I also uninsttalled ASUS Control Deck to test if it ill remove that WUDFHost.exe but it did not.


@A Guy,
Unfortunately, all of my restore points before Mar. 4, 2012 are now overwritten by new ones.
I submitted the file to Virus Total and here's the result: https://www.virustotal.com/file/5564...dffd/analysis/

I have an external hard drive connected all the time. I never plugged it on a different computer, so I can't think of a way it can get infected.



Here's an interesting bit though: When I scanned my system using Microsoft Security Essentials (with Norton and Malwarebytes disabled of course) it detected a file called KBDSMMSFI.dll which is a trojan Win32/Orsam!rts
I also scanned the suspicious WUDFHost.exe with MSE and it didn't think it's dangerous.
Since I'm running out of options and I am lost retracing my steps before the infection, I'll just revert to a backup I made last month. I'm very sure my system was clean then. I was hoping never to do it as I made a significant amount of configuration on my PC, but it's the only way to cure my paranoia.

Thanks to all who gave their time to help me out. :)