Registry entry question

Hi all. I found some registry entries that make me a little bit worried. Can you please check out the picture and information i gathered and also go to the same key on your windows 10 pc and check if you have the same keys.




And also this part in WMI key in registry all of this that i shown you in picture is in the WMI key, its related to WMI and WMI can be used to hack people. What is that Wifi key in WMI? I dont even use wifi i dont have wifi.


Windows 10 Pro X64 OS Build 19045.2251

- - - Updated - - -

Here is another picture, it can also be related to nvidia melanox OS. This is someone that has installed this into my PC i have not done this!! Big red flag!!
What the F is going on.



- - - Updated - - -

And then we have these keys that seems to be related to REMOTE Display! Like someone can see my display remotely! And i cannot disable it, it just resets every time i restart my PC. I opened up CMD and did gpupdate /force after i changed the registry key to disable, but it did not revert so i guess its not a group policy that reverts it? Is it even possible to see change in registry by doing gpupdate if its a group policy?

And this key i found called "Workerdd" i also found it in Terminal Server in registry also, like its related to connecting to my display/monitor, its in a key that is called "Video" in Terminal Server.

Workerdd key in service


Workerdd found in Terminal Server in key "Video" connected to the path of workerdd in service key that you saw in my picture above.




- - - Updated - - -

Paul Black said:

Hello @BlackVen0m,

I have just looked at my Registry for you and I have ALL the entries [ Default ] for Autologger as per your screenshot.

The only action I take with regard to Autologger, is to delete the AutoLogger-Diagtrack-Listener.etl file if it exists. It can be found here > %ProgramData%\Microsoft\Diagnosis\ETLLogs\AutoLogger\.

I hope this helps.

Thank you. Can you please check my update, where i write about Attach to desktop remote display and workerdd part i wrote about., and see what you think.

They're just potential flags in case automatic provisioning needs to make 'case' judgements. For example.

Code:

Case Wi-Fi
Don't delete the Wi-Fi enablement services

Case USB keyboard
Don't disable USB to save power 'cos user won't be able to type

Case USB mouse
Don't disable USB to save power 'cos mouse will be deadified

WMI runs a scan to check whether true/false decisions need to be made so as to NOT bork your system...

Calm....

Or delete the entries and let Windows just bork away based on lack of knowledge of your system.

(On the other hand, I really don't see why, for example, Microsoft needs to interrogate and store the information about every make, model, serial no., filesystem and capability of every USB stick I may insert... so I disable that information gathering as much as possible to prevent any potential upload of data that is nobody's business but my own. )

RickC said:

They're just potential flags in case automatic provisioning needs to make 'case' judgements. For example.

Code:

Case Wi-Fi
Don't delete the Wi-Fi enablement services

Case USB keyboard
Don't disable USB to save power 'cos user won't be able to type

Case USB mouse
Don't disable USB to save power 'cos mouse will be deadified

WMI runs a scan to check whether true/false decisions need to be made so as to NOT bork your system...

Calm....

Or delete the entries and let Windows just bork away based on lack of knowledge of your system.

(On the other hand, I really don't see why, for example, Microsoft needs to interrogate and store the information about every make, model, serial no., filesystem and capability of every USB stick I may insert... so I disable that information gathering as much as possible to prevent any potential upload of data that is nobody's business but my own. )

Thank you. Can you please check my update, where i write about Attach to desktop remote display and workerdd part i wrote about., and see what you think.

How do i disable as much as possible? Can you show me?

- - - Updated - - -

RickC said:

They're just potential flags in case automatic provisioning needs to make 'case' judgements. For example.

Code:

Case Wi-Fi
Don't delete the Wi-Fi enablement services

Case USB keyboard
Don't disable USB to save power 'cos user won't be able to type

Case USB mouse
Don't disable USB to save power 'cos mouse will be deadified

WMI runs a scan to check whether true/false decisions need to be made so as to NOT bork your system...

Calm....

Or delete the entries and let Windows just bork away based on lack of knowledge of your system.

(On the other hand, I really don't see why, for example, Microsoft needs to interrogate and store the information about every make, model, serial no., filesystem and capability of every USB stick I may insert... so I disable that information gathering as much as possible to prevent any potential upload of data that is nobody's business but my own. )

By the way, i disabled WMI. And windows works but some stuff stopped working but its nothing special. I guess its safer having it disabled preventing any possible exploits by hackers?

BlackVen0m said:

Can you please check my update, where i write about Attach to desktop remote display and workerdd part i wrote about., and see what you think.

I have no idea what workerdd is.

BlackVen0m said:

By the way, i disabled WMI. And windows works but some stuff stopped working but its nothing special. I guess its safer having it disabled preventing any possible exploits by hackers?

All you are doing is gradually crippling your system.

RickC said:

I have no idea what workerdd is.



All you are doing is gradually crippling your system.

Its enabled again.