I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
ESPI11.DLL – Trojan SuspiciousFile removal
File | MD5 | Virus Alias |
---|---|---|
ESPI11.DLL | c594f94e3e7fa163ef529d341d2d691c | Trojan SuspiciousFile |
ESPI11.DLL size: 122880 bytes
ESPI11.DLL hash: C594F94E3E7FA163EF529D341D2D691C
Created files:
%Temporary Internet Files%\Content.IE5\1HVEIEYW\dnserrordiagoff_webOC[1]
%Temporary Internet Files%\Content.IE5\8OZFYSFM\dnserrordiagoff_webOC[1]
%SysDir%\ESPI11.dll
Autostart registry keys:
HKLM\System\CurrentControlSet\Services\WinSock2\ESPI11\1001: 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000006600020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192E9030000010000000000000000000000000000000000000000000000000000000000000002000000020000001000000010000000010000000600000000000000000000000000000000000000000000004D00530041004600440020005400630070006900700020005B005400430050002F00490050005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
HKLM\System\CurrentControlSet\Services\WinSock2\ESPI11\1002: 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000906020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192EA0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000200000011000000000000000000000000000000BBFF0000000000004D00530041004600440020005400630070006900700020005B005500440050002F00490050005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
HKLM\System\CurrentControlSet\Services\WinSock2\ESPI11\1003: 2553797374656D526F6F74255C73797374656D33325C6D7377736F636B2E646C6C000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000090602000000000000000000000000000C000000A01A0FE78BABCF118CA300805F48A192EB0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000300000000000000FF0000000000000000000000BBFF0000000000004D00530041004600440020005400630070006900700020005B005200410057002F00490050005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
HKLM\System\CurrentControlSet\Services\WinSock2\ESPI11\1004: 2553797374656D526F6F74255C73797374656D33325C7273767073702E646C6C00000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000926020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AEC0300000100000084F8A7067CF8A70688F9A706DAA460751C090000683C5F75B0F9A706060000000200000010000000100000000200000011000000000000000000000000000000BBFF00000000000052005300560050002000550044005000200053006500720076006900630065002000500072006F0076006900640065007200000001000000E4FBA7060100000038DA1F03000000000DF6907C80F9A7060000000000F9A7063CF6907C41F6907C0000000080F9A7060DF6907CDCF8A7062CF9A70648F9A70600E9907C48F6907CFFFFFFFF41F6907C3E6ADD77776ADD77803C5F75B0090000B009000088011C00B009000080F9A70640000000000000000000000008000800803C5F755C004400650076006900630065005C007B00350043004100460037003900460033002D0037004200330039002D0034003600350033002D0039004400440042002D003400380033003400310039004400320033004300310032007D00000033003400310039004400320033004300310032007D000000A7069B6CDD77C0F9A7066610917CBB01917C58FDA70618700902100000007A8B6175856BDD77B0040000F4F9A7066610917CBB01917C0100000058FDA70604000000000000000000B5004CFAA7066610917CBB01917C0100000058FDA7066610917CBB01917C000000000000000058000000BB01917C0100000058FDA70601000000000000002800000040380702D4F1A7060000000090470702E8B9190390011C000000000045004D005C00430075007200720065000C0000001C00000088011C000000B5006610917C6610917C
HKLM\System\CurrentControlSet\Services\WinSock2\ESPI11\1005: 2553797374656D526F6F74255C73797374656D33325C7273767073702E646C6C00000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000006620020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AED0300000100000088011C0000001C0008000000000000008CFBA7062C08917C00001C00060000000200000010000000100000000100000006000000000000000000000000000000000000000000000052005300560050002000540043005000200053006500720076006900630065002000500072006F00760069006400650072000000D8381203000000001000000050FBA70698011C000000000098470702F8011C00F4FBA706D038120368FBA7060000000004000000D038120300001C000000B50000000000900922032C08917C00001C006109917C08061C003D00917C7838120300000000080000000000B50058FDA706C0BC14030300000098092203030000000000000078381203D0011C00800822038073F60158021C00E8B61103102F14030000000010000000E8B611030E0000000300000000000150C8900C03180000008808220300001C00703812035C011C0088011C0002000000F0B61103C0041C0000001C009A6D0101943812036000000058021C0000000000800822033CFCA706160A917C020000008008220300001C00480522030000000010FDA7062C08917C00001C006109917C08061C003D00917C78CEFD01000000000CE007020000B5000D0000004805220300000000000000001C09000000000000500522030000000000000000000000001C090000DCFCA706C0041C001C090000020000000300000050052203C0041C0078CEFD01380300000CE007020C000E006C565F7500000000ACFCA7060CE007020000000078CEFD0104FDA7063CF6907C41F6907C78CEFD01000000000CE00702E0FCA706
HKLM\System\CurrentControlSet\Services\WinSock2\ESPI11\FileName: %WinDir%\System32\ESPI11.dll
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem: 433A5C57494E444F57535C73797374656D33325C4553504931312E646C6C006C6C000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000006600020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192E9030000010000000000000000000000000000000000000000000000000000000000000002000000020000001000000010000000010000000600000000000000000000000000000000000000000000004D00530041004600440020005400630070006900700020005B005400430050002F00490050005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem: 433A5C57494E444F57535C73797374656D33325C4553504931312E646C6C006C6C000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000906020000000000000000000000000008000000A01A0FE78BABCF118CA300805F48A192EA0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000200000011000000000000000000000000000000BBFF0000000000004D00530041004600440020005400630070006900700020005B005500440050002F00490050005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem: 433A5C57494E444F57535C73797374656D33325C4553504931312E646C6C006C6C000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000180000000000000000000000090602000000000000000000000000000C000000A01A0FE78BABCF118CA300805F48A192EB0300000100000000000000000000000000000000000000000000000000000000000000020000000200000010000000100000000300000000000000FF0000000000000000000000BBFF0000000000004D00530041004600440020005400630070006900700020005B005200410057002F00490050005D0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem: 433A5C57494E444F57535C73797374656D33325C4553504931312E646C6C006C00000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000926020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AEC0300000100000084F8A7067CF8A70688F9A706DAA460751C090000683C5F75B0F9A706060000000200000010000000100000000200000011000000000000000000000000000000BBFF00000000000052005300560050002000550044005000200053006500720076006900630065002000500072006F0076006900640065007200000001000000E4FBA7060100000038DA1F03000000000DF6907C80F9A7060000000000F9A7063CF6907C41F6907C0000000080F9A7060DF6907CDCF8A7062CF9A70648F9A70600E9907C48F6907CFFFFFFFF41F6907C3E6ADD77776ADD77803C5F75B0090000B009000088011C00B009000080F9A70640000000000000000000000008000800803C5F755C004400650076006900630065005C007B00350043004100460037003900460033002D0037004200330039002D0034003600350033002D0039004400440042002D003400380033003400310039004400320033004300310032007D00000033003400310039004400320033004300310032007D000000A7069B6CDD77C0F9A7066610917CBB01917C58FDA70618700902100000007A8B6175856BDD77B0040000F4F9A7066610917CBB01917C0100000058FDA70604000000000000000000B5004CFAA7066610917CBB01917C0100000058FDA7066610917CBB01917C000000000000000058000000BB01917C0100000058FDA70601000000000000002800000040380702D4F1A7060000000090470702E8B9190390011C000000000045004D005C00430075007200720065000C0000001C00000088011C000000B5006610917C6610917C
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem: 433A5C57494E444F57535C73797374656D33325C4553504931312E646C6C006C00000000000000000400000074C7A87700BE0702FFFFFFFF88860A0300000000CC1600008006000080060000000000009600090020000C02D0F7210378011C0004B1EFCD0000000054010000000000000400000074C7A8773011D801FFFFFFFF88860A0300000000CD1600008006000080060000000000008D0009002F000802D0F7210378011C0000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000006620020000000000000000000000000008000000E0A9609D7A33D011BD880000C082E69AED0300000100000088011C0000001C0008000000000000008CFBA7062C08917C00001C00060000000200000010000000100000000100000006000000000000000000000000000000000000000000000052005300560050002000540043005000200053006500720076006900630065002000500072006F00760069006400650072000000D8381203000000001000000050FBA70698011C000000000098470702F8011C00F4FBA706D038120368FBA7060000000004000000D038120300001C000000B50000000000900922032C08917C00001C006109917C08061C003D00917C7838120300000000080000000000B50058FDA706C0BC14030300000098092203030000000000000078381203D0011C00800822038073F60158021C00E8B61103102F14030000000010000000E8B611030E0000000300000000000150C8900C03180000008808220300001C00703812035C011C0088011C0002000000F0B61103C0041C0000001C009A6D0101943812036000000058021C0000000000800822033CFCA706160A917C020000008008220300001C00480522030000000010FDA7062C08917C00001C006109917C08061C003D00917C78CEFD01000000000CE007020000B5000D0000004805220300000000000000001C09000000000000500522030000000000000000000000001C090000DCFCA706C0041C001C090000020000000300000050052203C0041C0078CEFD01380300000CE007020C000E006C565F7500000000ACFCA7060CE007020000000078CEFD0104FDA7063CF6907C41F6907C78CEFD01000000000CE00702E0FCA706
Detected by UnHackMe:
ESPI11.DLL
Default location: %SYSDIR%\ESPI11.DLL
Dropper information:
MD5: 5608dd2afabffc6f40147ad1e42ef170
File size: 1440768 bytes