Question Unexpected Installation of Universal Holtek RGB DRAM Open When I Got Home

[ReveurGAM]

Two days ago, I installed the demo version of 3DMark. Yesterday, I installed the PCMark demo, too. Then, I bought the discounted bundle of 3D-, PC- and VRMark on Steam and installed those. This morning, I uninstalled the demos as well as Armoury Crate, which is nerfing my Noctua iPPC fans' RPMs.



When I came home a little while ago, the title was what I saw.

I do not have any RGB DRAM. I didn't run any installations prior to leaving. I was trying to get the benchmarks installed in 3DMark because none were installed, but it stalled at 0% so I closed it before I left.



I have no idea why that installation popped up. Please advise.

Windows 11

 

[hotaru.hino]

I see this thread has been posted verbatim on at least two other places.

In any case, it may have come with one of the things you've installed or had installed.

 

[ReveurGAM]

I see this thread has been posted verbatim on at least two other places.

In any case, it may have come with one of the things you've installed or had installed.

Yes, I generally post to all 3 forums because I've noticed that different forums have different levels of response on different topics. And, also, casting a wider net allows me to get more complete info. There is no rule against that, is there?

 

[Ralston18]

Seconding @hotaru.hino: likely came along with something else that was installed. That is a very common occurence that happens all too often.

And that also included some piggy back code that added the installation .exe to Task Manager > Startup or perhaps slipped the installation into Task Scheduler.

So the installation/re-installation would run at every boot or when triggered by other system events and actions.

Key is to discover what/where/how "Universal Holtek RGB Dram" is being initialized or otherwise reinstalled.

Take some time to look in Task Manager and in the Startup tab in particular.

Likewise take a look in Task Scheduler.

You may be able to directly identify the offending application.

Or it may be hidden in some manner with a false or misleading name. May even appear as a legitmate application. Just "not quite" if you read carefully.

Another tool you can use is Process Explorer (Microsoft, free).

FYI:

https://learn.microsoft.com/en-us/sysinternals/downloads/process-explorer

Some unknown or unexpected background process warrants investigation.

No need to take any immediate actions. Once the applicable culprits are discovered then they can be dealt with as appropriate.

You do not want to inadvertantly delete some necessary code.

Or download some "fix it" utility that will likely appear no matter what problem is being dealt with.

And do stay out of the Registry. Registry edits are a last resort and only should be done after a full system backup that includes the Registry itself.

See what you can find. Post accordingly.

 

[ReveurGAM]

Thanks for the additional input, @Ralston18 . You rock!
Just to be clear (because someone on BC was confused), I aborted the installer.
I don't see anything (not even something suspicious) in my startups: AMD Noise Suppression; Acronis Scheduler Service Helper, TIB Mounter Module & True Image for Sabrent; Cloudflare WARP; Intel Graphics Command Center Startup Task; Power Automate Desktop; Radeon Software Startup Task; RealTek HD Audio Universal Service; Seagate Toolkit; and Windows Security Notification Icon.

What I see in Task Scheduler doesn't seem like a problem, but I'm not sure about some of them, such as StartCNBM, StartAUEP, ModifyLinkUpdate and USER_ESRV_SVC_QUEENCREEK. The last one runs Wscript.exe //B //NoLogo of ...\Intel\SUR\QUEENCREEK\task.vbs. I think that's related to Energy Star?

I didn't see anything obvious in Task Manager but there's so much going on in there anyways! I did find the Asus Fan Controller Service that's been nerfing my Noctua iPPCs (different thread).

I only go into the registry when I know what I'm doing. And, if I don't but I'm malware hunting, I back it up, first.

Actually, I have something exploiting Chromium on my system, but even the Malwarebytes Root Admin (Advanced Setup) couldn't help me get rid of it. It affects Brave, Chrome and Edge, but not Firefox (but I don't like Firefox).