Problem with Unexpected Setup of Universal Holtek RGB DRAM Upon Returning Home
Problem with Unexpected Setup of Universal Holtek RGB DRAM Upon Returning Home
Last week I added the demo of 3DMark and the next day I did the same for PCMark. Then I purchased a discounted set of 3D-, PC- and VRMark on Steam and installed those too. This morning I removed the demos along with Armoury Crate, which was affecting my Noctua iPPC fans' performance. When I got home, the titles were what I saw. I don’t have any RGB DRAM and didn’t run any updates before leaving. I was trying to install benchmarks in 3DMark since none were there, but it froze at 0% so I stopped before leaving. I’m not sure why the installation appeared. Please help.
Yes, I usually share in all three forums since I've observed varying response rates across topics. Also, expanding the search helps me gather more comprehensive details. Isn't that right?
Seconding
@hotaru.hino
: likely came along with something else that was installed. That is a very common occurence that happens all too often.
And that also included some piggy back code that added the installation .exe to Task Manager > Startup or perhaps slipped the installation into Task Scheduler.
So the installation/re-installation would run at every boot or when triggered by other system events and actions.
Key is to discover what/where/how "Universal Holtek RGB Dram" is being initialized or otherwise reinstalled.
Take some time to look in Task Manager and in the Startup tab in particular.
Likewise take a look in Task Scheduler.
You may be able to directly identify the offending application.
Or it may be hidden in some manner with a false or misleading name. May even appear as a legitmate application. Just "not quite" if you read carefully.
Another tool you can use is Process Explorer (Microsoft, free).
FYI:
https://learn.microsoft.com/en-us/sysint...s-explorer
Some unknown or unexpected background process warrants investigation.
No need to take any immediate actions. Once the applicable culprits are discovered then they can be dealt with as appropriate.
You do not want to inadvertantly delete some necessary code.
Or download some "fix it" utility that will likely appear no matter what problem is being dealt with.
And do stay out of the Registry. Registry edits are a last resort and only should be done after a full system backup that includes the Registry itself.
See what you can find. Post accordingly.
Thanks for the update,
@Ralston18
You did a great job!
To confirm (since a few folks on BC were puzzled), I stopped the installer.
In my startups I still don’t notice anything unusual—no red flags, not even suspicious items.
AMD Noise Suppression; Acronis Scheduler Service Helper, TIB Mounter Module & True Image for Sabrent; Cloudflare WARP; Intel Graphics Command Center Startup Task; Power Automate Desktop; Radeon Software Startup Task; RealTek HD Audio Universal Service; Seagate Toolkit; and Windows Security Notification Icon appear normal.
What I see in Task Scheduler seems fine, but some entries like StartCNBM, StartAUEP, ModifyLinkUpdate, and USER_ESRV_SVC_QUEENCREEK raise questions. The last one runs Wscript.exe //B //NoLogo of ...\Intel\SUR\QUEENCREEK.task.vbs—probably tied to Energy Star?
In Task Manager I didn’t spot anything obvious, but with all the activity going on, it’s hard to rule anything out.
I also found the Asus Fan Controller Service affecting my Noctua iPPCs in a separate thread.
I only edit the registry when necessary.
😉
When I’m not sure, I back up first—especially if I’m chasing malware.
Also, I have an exploit for Chromium, but even Malwarebytes Root Admin (Advanced Setup) didn’t remove it. It impacts Brave, Chrome, and Edge, but not Firefox (which I don’t use).