• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0

Quick Question: yelbijko.exe???

5 posts in this topic


Hey, me again...

Cleaning cousins HP Pavilion a420n from Best"est"buy, ran HiJackThis, came across


O4 - HKLM\..\Run: [75586473] C:\Windows\System32\yelbijko.exe


what is this crazy thang? I'll post the HiJackThis log... its a mess, I know. This one stumped me though. Thanks...





Logfile of HijackThis v1.97.7

Scan saved at 4:50:44 PM, on 7/2/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)


Running processes:












C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe





C:\Program Files\Multimedia Card Reader\shwicon2k.exe



C:\Documents and Settings\Owner\Application Data\eber.exe


C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\MSN\MSNCoreFiles\MSN.EXE

C:\Program Files\MSN\MSNIA\msniasvc.exe

C:\Program Files\MSN\MSNIA\WA\ClientSideProxy.exe


C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\Owner\Desktop\HijackThis.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://us10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-us10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-us10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;;<local>

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://us10.hpwis.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1B7D753B-1981-4bd2-91F3-6D055EE113A0} - C:\WINDOWS\System32\NDrv.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe

O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe

O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe


O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe

O4 - HKLM\..\Run: [75586473] C:\WINDOWS\System32\yelbijko.exe

O4 - HKLM\..\Run: [Microsoft Updates] wkssvr.exe

O4 - HKLM\..\Run: [Microsoft Update] wudmate.exe

O4 - HKLM\..\Run: [Microsoft Restore] scrgrd.exe

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\RunServices: [Microsoft Updates] wkssvr.exe

O4 - HKLM\..\RunServices: [Microsoft Update] wudmate.exe

O4 - HKLM\..\RunServices: [Microsoft Restore] scrgrd.exe

O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"

O4 - HKCU\..\Run: [Microsoft Updates] wkssvr.exe

O4 - HKCU\..\Run: [Microsoft Update] wudmate.exe

O4 - HKCU\..\Run: [Notn] C:\Documents and Settings\Owner\Application Data\eber.exe

O4 - HKCU\..\Run: [Microsoft Restore] scrgrd.exe

O4 - HKCU\..\Run: [NDrv] C:\WINDOWS\System32\NDrv.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: View Original Image - C:\program files\msn\msnia\wa\getoriginal.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Research (HKLM)

O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{033421DD-B3DA-481C-9922-2273B67FC45A}: NameServer =

O17 - HKLM\System\CS1\Services\Tcpip\..\{033421DD-B3DA-481C-9922-2273B67FC45A}: NameServer =

Share this post

Link to post
Share on other sites

Ok, you have several entries there that shoudln't be.


Please follow these instructions.




Download and install Ad-aware found here: http://www.lavasoftusa.com/support/download/

After installing you need to download all updates for it. Use the Globe Icon in the program, and "Connect" to download latest Reference-file. Please update it before you scan with it then fix all it finds.

Now do the following:


- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Scanning Engine:

check: "Unload recognized processes during scanning."


- Under Ad-aware 6 > Settings (Gear at the top) > Tweaks > Cleaning Engine:

Check: "Let Windows remove files in use after reboot."


Press "Scan Now"


- Check option "Use Custom scanning options"

- Check option "Activate In-Depth Scan"

- Press "Select drives\folders to scan"

- Select the active partition which is usually C:


Now press "Next" to let Ad-aware scan your drives...

It will find a number of "bad" files and registry keys. Click 'Next' again

Right-click in that pane and choose "select all"


If it finds "bad" files and registry keys, press "Next" again

It will ask you whether you'd like to remove all checked items. Click OK.


Finally, close Ad-Aware, and reboot.

That ought to get rid of most of your spyware.







Go to start >Run and paste this in:

%Userprofile%\Local Settings\Temp folder

It will open your temp folder.

Go to the toolbar>Edit>Select All

Then go back to File>Delete


Then get an online virus scan here: http://housecall.trendmicro.com/ Please select the Autoclean option when prompted.

or here: http://www.pandasoftware.com/activescan/



After This, Reboot and Post a Fresh HijackThis log.

And well take it from there =)

Share this post

Link to post
Share on other sites

Yes, as of when I did this, I had ran Ad-Aware with newest update, CWShredder, Spyboy, Symantec AV, and was now on to HiJackThis. The owner of the computer still has Dialup and has never updates the XP OS so all those security holes were still there. The computer wreaked of the Sasser worm, several others and many bots/malware. This was the only enrty I could not find info on.

O4 - HKLM\..\Run: [75586473] C:\Windows\System32\yelbijko.exe

NOTHING. I removed it and tested the system... all seems to work well. I assume it was trash. Either way, gone now. Keep me updates if anyone else sees or hears of this. Like I said, google found no hits relating to this at all. Thanks!



Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0