ComboFix 10-04-15.05 - Owner 04/16/2010 20:57:26.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.766.366 [GMT -4:00]
Running from: J:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bOxxl.jpg
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\n61mkNOn.jpg
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\Nbmb7.jpg
c:\documents and settings\Owner\Local Settings\Temporary Internet Files\xY4b0km.jpg
c:\recycler\S-1-5-21-3951799384-1846226851-3539390815-1003
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-03-17 to 2010-04-17 )))))))))))))))))))))))))))))))
.
2010-04-17 00:04 . 2010-04-17 00:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-04-16 00:38 . 2010-04-16 13:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ifshstvie
2010-04-15 23:31 . 2010-04-16 00:36 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-14 20:43 . 2010-04-14 20:43 -------- d-----w- C:\$AVG
2010-04-11 17:02 . 2010-04-11 17:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-11 17:02 . 2010-04-11 17:02 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-11 17:01 . 2010-04-11 17:01 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-04-11 17:01 . 2010-04-16 23:50 -------- d-----w- c:\windows\system32\drivers\Avg
2010-04-11 17:01 . 2010-04-11 17:01 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-04-11 17:00 . 2010-04-11 17:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-11 16:59 . 2010-04-11 16:59 -------- d-----w- c:\program files\AVG
2010-04-11 16:58 . 2010-04-11 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 00:40 . 2010-01-17 03:06 -------- d-----w- c:\documents and settings\Owner\Application Data\U3
2010-04-15 23:38 . 2010-02-09 00:23 410 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2010-04-14 20:40 . 2010-04-14 20:40 4076824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-04-14 20:40 . 2010-04-14 20:40 2059544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-04-14 20:40 . 2010-04-14 20:40 1274136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-04-14 20:40 . 2010-04-14 20:40 1598744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgssie.dll
2010-04-14 20:40 . 2010-04-14 20:40 1515224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgwd.dll
2010-04-14 20:40 . 2010-04-14 20:40 598296 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgsrmx.dll
2010-04-14 20:40 . 2010-04-14 20:40 4250976 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-04-14 20:40 . 2010-04-14 20:40 313112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avglogx.dll
2010-04-14 20:39 . 2010-04-14 20:39 459544 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcclix.dll
2010-04-14 20:39 . 2010-04-14 20:39 556824 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchjwx.dll
2010-04-14 20:39 . 2010-04-14 20:39 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchsvx.exe
2010-04-14 20:39 . 2010-04-14 20:39 301336 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgchclx.dll
2010-04-14 20:34 . 2010-04-14 20:34 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-04-14 20:34 . 2010-04-14 20:34 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-04-11 17:07 . 2010-01-10 03:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-11 17:06 . 2010-04-11 17:06 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-11 16:44 . 2010-01-10 04:22 -------- d-----w- c:\program files\Symantec
2010-04-11 16:41 . 2010-01-10 04:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-30 04:46 . 2010-01-10 03:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-01-10 03:15 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-25 23:31 . 2010-01-10 04:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-13 03:37 . 2010-01-11 23:27 30304 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 12:38 . 2010-01-09 04:31 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2010-01-09 04:29 78336 ------w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2010-01-09 04:28 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2010-01-09 04:31 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-04 19:01 . 2003-03-18 22:20 1060864 ----a-w- c:\windows\system32\MFC71.DLL
2010-03-04 19:01 . 2003-03-18 21:14 503808 ----a-w- c:\windows\system32\MSVCP71.DLL
2010-03-04 19:01 . 2003-02-21 05:42 348160 ----a-w- c:\windows\system32\MSVCR71.DLL
2010-03-02 11:45 . 2010-03-02 11:45 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM
2010-02-24 12:31 . 2010-01-09 04:30 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 18:04 . 2010-04-11 17:18 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-16 13:19 . 2010-01-09 04:30 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2010-01-10 04:01 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2010-01-09 04:28 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2010-01-09 04:31 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-17 17:42 . 2010-01-17 17:42 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"HostManager"="c:\program files\Common Files\AOL\1263097960\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 67584]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-01-10 98304]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2010-1-10 1742384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-11 17:02 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1263097960\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/11/2010 1:00 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/11/2010 1:02 PM 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [4/11/2010 1:00 PM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [4/11/2010 1:00 PM 308064]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [1/9/2010 11:30 PM 311568]
R3 IPN2120;INPROCOMM IPN2120 Wireless LAN Card Driver;c:\windows\system32\drivers\i2120ntx.sys [1/10/2010 12:52 AM 116224]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [4/11/2010 1:01 PM 369920]
S3 S3chipid;S3chipid;\??\c:\docume~1\Owner\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys --> c:\docume~1\Owner\LOCALS~1\Temp\{2B43252C-A1E3-4C47-927C-9F2C276D3515}\S3chipid.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.excite.com/
uInternet Connection Wizard,ShellNext = hxxp://www.excite.com/
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e6olufv8.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.excite.com/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -
HKU-Default-Run-scnhsfpo - c:\documents and settings\Owner\Local Settings\Application Data\ifshstvie\lvhsixstssd.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-04-16 21:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x830BAAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7654fc3
\Driver\ACPI -> ACPI.sys @ 0xf7467cb8
\Driver\atapi -> atapi.sys @ 0xf74077b4
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80576ce8
NDIS: INPROCOMM IPN2120 Wireless LAN Card -> SendCompleteHandler -> NDIS.sys @ 0xf72ceba0
PacketIndicateHandler -> NDIS.sys @ 0xf72dbb21
SendHandler -> NDIS.sys @ 0xf72b987b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(700)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(5740)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\SOUNDMAN.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\progra~1\COMMON~1\AOL\126309~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\126309~1\EE\AOLServiceHost.exe
.
**************************************************************************
.
Completion time: 2010-04-16 21:17:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-17 01:17
Pre-Run: 69,511,704,576 bytes free
Post-Run: 70,802,968,576 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 9B4516B9975F4AAB173B797BA0947F09