Yesterday, WinPatrol detected that a process has enlisted itself on my Scheduled Tasks startup items. It was called WUDFHost.exe. I viewed the details and it said it was a component from Microsoft. So I dismissed it.
Some hours later, I rebooted. I noticed that my C:\ drive space usage have added about 2Gb Gb, which was odd because I haven't installed anything (in fact, I was trying to remove Java) and all my file operations were currently being held on D:\. I remembered to check out WUDFHost.exe and found that it was indeed an MS file and that it normally resides on C:\Windows\system32. I checked my C:\Windows\system32 and there was indeed my WUDFHost.exe. Then I checked the file that WinPatrol detected and it was placed in C:\Program Files (x86)\Common Files\Windows Driver Foundation. I immediately scanned that file with Norton 2012 and Malwarebytes (not at the same time, of course). They didn't think it was a threat. I then sandboxed my system just to see if any significant change will occur. There was none. So I rebooted my computer again, renamed the WUDFHost.exe in C:\Program Files (x86)\Common Files\Windows Driver Foundation and somehow I got back about 1GB of my C:\ disk space.
It's probably just nothing, but I can't leave it alone as I am getting paranoid now. What is it doing on my C:\Program Files (x86)\Common Files\Windows Driver Foundation folder? Is it safe? I can't delete it because it might actually turn out to be important. So I'll wait for some answers. For now, I'll leave under a different name.
NOTE: The WUDFHost.exe in C:\Windows\system32 and the one from C:\Program Files (x86)\Common Files\Windows Driver Foundation have different file sizes.
Some hours later, I rebooted. I noticed that my C:\ drive space usage have added about 2Gb Gb, which was odd because I haven't installed anything (in fact, I was trying to remove Java) and all my file operations were currently being held on D:\. I remembered to check out WUDFHost.exe and found that it was indeed an MS file and that it normally resides on C:\Windows\system32. I checked my C:\Windows\system32 and there was indeed my WUDFHost.exe. Then I checked the file that WinPatrol detected and it was placed in C:\Program Files (x86)\Common Files\Windows Driver Foundation. I immediately scanned that file with Norton 2012 and Malwarebytes (not at the same time, of course). They didn't think it was a threat. I then sandboxed my system just to see if any significant change will occur. There was none. So I rebooted my computer again, renamed the WUDFHost.exe in C:\Program Files (x86)\Common Files\Windows Driver Foundation and somehow I got back about 1GB of my C:\ disk space.
It's probably just nothing, but I can't leave it alone as I am getting paranoid now. What is it doing on my C:\Program Files (x86)\Common Files\Windows Driver Foundation folder? Is it safe? I can't delete it because it might actually turn out to be important. So I'll wait for some answers. For now, I'll leave under a different name.
NOTE: The WUDFHost.exe in C:\Windows\system32 and the one from C:\Program Files (x86)\Common Files\Windows Driver Foundation have different file sizes.
My Computer
At a glance
Windows 7 Professional x64 | Windows ME | Win...Intel Mobile Core 2 Duo SU7300 @ 1.30GHz3 GB HDDR3 411MHzMobile Intel 4 Series Express Chipset Family
- Computer Manufacturer/Model Number
- ASUS UL80A
- OS
- Windows 7 Professional x64 | Windows ME | Windows 8 Dev Preview
- CPU
- Intel Mobile Core 2 Duo SU7300 @ 1.30GHz
- Motherboard
- ASUSTeK Computer Inc. UL80A (Socket 478)
- Memory
- 3 GB HDDR3 411MHz
- Graphics Card(s)
- Mobile Intel 4 Series Express Chipset Family
- Sound Card
- Realtek High Definition Audio
- Monitor(s) Displays
- AU Optronics B140XW02 V1
- Screen Resolution
- 1366x768
- Hard Drives
- 500GB internal
320GB external
- Keyboard
- cheap keyboard
- Mouse
- cheap mouse