Unknown service

dockerthedog

Weaksauce
Joined
Feb 15, 2006
Messages
75
After being afflicted with the deactivation bug, I reinstalled Win 10 Pro before finding out it was a bug. No biggie as I needed to do it anyway. Now, while checking running services and processes, I noticed one named YellowProdSSF.exe. I've never seen it before that I can recall and google offers 0 returns. The service can't be stopped. This is the path.
C:\Program Files (x86)\Common Files\YellowProdSSF\YellowProdSSF.exe -service

Any ideas?
 

Tawnos

2[H]4U
Joined
Sep 9, 2001
Messages
3,807
Is there signing info on the file, what other software do you have installed?
 

dockerthedog

Weaksauce
Joined
Feb 15, 2006
Messages
75
No signing info I can find and I used the Media Creation tool from Microsoft. Nothing special on software, Steam, Avast, and games from steam. I think I'm going to just do another reformat.
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
16,765
No signing info I can find and I used the Media Creation tool from Microsoft. Nothing special on software, Steam, Avast, and games from steam. I think I'm going to just do another reformat.
the system you are making the image on is clean, no malware?
 

dockerthedog

Weaksauce
Joined
Feb 15, 2006
Messages
75
It was a fresh reformat using a usb made with the media creation tool, downloaded from Microsoft. Only thing I've installed since is Steam, Avast free, and some steam games. I find it odd there are literally 0 returns for it on Google, well, this post is there now, but that's it. And drivers, Mobo from Asus and gpu from Nvidia
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
16,765
It was a fresh reformat using a usb made with the media creation tool, downloaded from Microsoft. Only thing I've installed since is Steam, Avast free, and some steam games. I find it odd there are literally 0 returns for it on Google, well, this post is there now, but that's it. And drivers, Mobo from Asus and gpu from Nvidia
yeah it is weird but I meant the computer you use to make the usb image is clean, not the one you are reloading. if you reload and its still there then I guess its part of the new image. and if you do only install windows and see if its there.
 

dockerthedog

Weaksauce
Joined
Feb 15, 2006
Messages
75
Yeah, it was clean as far as Avast was concerned. I just ran Malwarebytes and it hit on the file as Malware. Here's a bit of the log. No idea where the heck it came from. It's litterally a day old install and everything was downloaded from manufacturer sites, i.e. Nvidia, Asus, etc.

-Scan Details-
Process: 1
Adware.IStartSurf, C:\PROGRAM FILES (X86)\COMMON FILES\YELLOWPRODSSF\YELLOWPRODSSF.EXE, No Action By User, [635], [595711],1.0.7789

Module: 1
Adware.IStartSurf, C:\PROGRAM FILES (X86)\COMMON FILES\YELLOWPRODSSF\YELLOWPRODSSF.EXE, No Action By User, [635], [595711],1.0.7789

Registry Key: 3
PUP.Optional.SpecialSearchOffer.ShrtCln, HKU\S-1-5-21-3548051569-3773726782-4067284284-1001\SOFTWARE\SpecialSearchOffer, No Action By User, [5516], [405205],1.0.7789
Adware.IStartSurf, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YellowProdSSF, No Action By User, [635], [595711],1.0.7789
Adware.SearchProvide, HKU\S-1-5-21-3548051569-3773726782-4067284284-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\mpicjgpamgcnpiacdciefbgahmkhhogc, No Action By User, [356], [500746],1.0.7789

Registry Value: 1
Adware.SearchProvide, HKU\S-1-5-21-3548051569-3773726782-4067284284-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|mpicjgpamgcnpiacdciefbgahmkhhogc, No Action By User, [356], [500746],1.0.7789

Registry Data: 0
(No malicious items detected)
 

dockerthedog

Weaksauce
Joined
Feb 15, 2006
Messages
75
Well, Malwarebytes seems to have gotten it. It's no longer running in services and the folder is now gone. Still going to reformat cause I never trust these cleaner programs :)
 

pendragon1

Fully [H]
Joined
Oct 7, 2000
Messages
16,765
huh. there ya go. maybe its something goofy in the asus stuff or a malicious in-page ad.
 

dockerthedog

Weaksauce
Joined
Feb 15, 2006
Messages
75
Not sure. I'd like to think a manufacturers page is safe. Ugh, such a pain to reformat. I still stick to the only the destination hdd (well, M.2) and a single video card adding the rest of the crap, second 1070, game SSD's and storage Hdd, later. Then installing drivers one at a time. I really need to be more active one here!
 
Top