(svchost.exe ->) (Solanki Piyushkumar -> ) C:\Users\Public\Documents\Windows\IntuitDownloadManager.exe Unlock: C:\Users\Public\Documents\Windows\IntuitDownloadManager.exe C:\Users\Public\Documents\Windows\IntuitDownloadManager.exe CreateDummy: C:\Users\Public\Documents\Windows\IntuitDownloadManager.exe HKLM-x32\...\Run: [Immunet Protect Iptray] => "C:\Program Files\Immunet\7.5.8.21178\iptray.exe" (No File) HKLM\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (No File) HKLM\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-3259427507-1055586877-3198061443-1001\...\Run: [QuickBooks for Windows] => C:\Users\Public\Documents\Windows\IntuitDownloadManager.exe [95080 2022-09-24] (Solanki Piyushkumar -> ) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IntuitDownloadManager.lnk [2022-11-21] ShortcutTarget: IntuitDownloadManager.lnk -> C:\Users\Public\Documents\Windows\IntuitDownloadManager.exe (Solanki Piyushkumar -> ) Task: {3ABBB444-6BCB-448F-9772-8232965A2E85} - \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance -> No File <==== ATTENTION Task: {901A3E09-DD28-4C4E-8801-C8824C51B691} - \Lenovo\ImController\TimeBasedEvents\10a8f074-22a1-4370-bb82-5ecf54dbf8e3 -> No File <==== ATTENTION Task: {9429409C-F658-481F-82D4-73CE86F835F6} - \Lenovo\ImController\Lenovo iM Controller Monitor -> No File <==== ATTENTION Task: {A0D16F44-B686-46CA-A6A1-7F0CDC72B3EC} - \Lenovo\ImController\TimeBasedEvents\196a1ff6-3590-426e-8989-7fe35d618f54 -> No File <==== ATTENTION Task: {AAA6E0C5-BBE9-449F-88ED-BF7E02C56709} - \Lenovo\ImController\TimeBasedEvents\46ca8c6b-2524-462b-866f-89d8b584add8 -> No File <==== ATTENTION Task: {B8D79FD1-0201-43C5-B4D0-0F22A5EFBD98} - \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask -> No File <==== ATTENTION Task: C:\Windows\Tasks\EPSON ET-2760 Series Update {7804B21A-373A-468A-A7B1-6F428643C8AB}.job => C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSS3E.EXE:/EXE:{7804B21A-373A-468A-A7B1-6F428643C8AB} /F:UpdateWORKGROUP\DESKTOP-E2I7FB8$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi Edge Extension: (URL Safety) - C:\Users\Sue\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\plkaklmpcfkechocmkmhjheonopjbnpo [2022-11-10] S2 EpsonCustomerResearchParticipation; "C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe" [X] S2 ImControllerService; %SystemRoot%\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe [X] S3 MicrosoftEdgeElevationService; "C:\Program Files (x86)\Microsoft\Edge\Application\108.0.1462.46\elevation_service.exe" [X] CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{1B3210AF-E236-46D4-83EF-6421F2FF543C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{1E78DD72-771E-42BF-8B4B-363CEB18E07B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTVIEW.OCx => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{22664BE2-0806-4BA4-8643-DE40C9149176}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{2A9EBDB5-0600-4E8C-B910-4001BEB2DD8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{349D777D-F7A2-4AAE-967F-A54F05A7FF3B}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBFinder.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{38F58721-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\COMObjectFactory.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{38F58742-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{38F58743-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{38F58744-5F93-11D5-9F94-0008C7AA5BD9}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{5249684A-D7A2-4DBE-94F4-B90923A7BC64}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{61B76A32-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{61B76A34-6422-11D5-A590-0050DABD6B8C}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{70478C56-E77F-4134-B3E3-3B18EE036D71}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{A14A674B-E0BE-48C1-BAB2-6ACBA33CA8CF}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\qfill.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{A58C4EAB-2DB8-445E-9CAE-2AE197A5C708}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{BCD594EA-15C3-4FD8-B92B-114BB9694537}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCtrIPMDS2.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{CE18240D-F3F8-43AE-9EA0-A0DC85A95375}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{D9BC6FA1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{D9BC6FA3-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{D9BC6FA5-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{D9BC6FA6-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\GraphSeriesCol.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{D9BC6FC1-A54B-11D4-A516-0050DA68678D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\ViewSrcColumns.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{E6E4DF8B-17CE-43ED-B2C7-2CE10457552D}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{E7D2D0F6-B754-438D-B5C9-BF848D311A0F}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\QBDTRatios.dll => No File CustomCLSID: HKU\S-1-5-21-3259427507-1055586877-3198061443-1001_Classes\CLSID\{F9EF917A-E55E-4242-B205-E778395AC313}\InprocServer32 -> C:\Program Files\Common Files\Intuit\QuickBooks\BbfDepCalc.ocx => No File FirewallRules: [{82331809-63A0-49F2-9DCF-4F5D31D6030E}] => (Allow) C:\Users\Public\Documents\Windows\IntuitDownloadManager.exe (Solanki Piyushkumar -> ) FirewallRules: [{982F8AF2-2C81-4C00-AB06-E0117B5BC8EE}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\108.0.1462.46\msedgewebview2.exe => No File FirewallRules: [TCP Query User{9524BB9E-4F42-4C9C-B737-D27F2115ED93}C:\users\sue\appdata\local\logmein rescue applet\lmir099f3001.tmp\lmi_rescue_srv.exe] => (Allow) C:\users\sue\appdata\local\logmein rescue applet\lmir099f3001.tmp\lmi_rescue_srv.exe => No File FirewallRules: [UDP Query User{2CF7B6A6-F56A-4519-A9BC-8A88C6007279}C:\users\sue\appdata\local\logmein rescue applet\lmir099f3001.tmp\lmi_rescue_srv.exe] => (Allow) C:\users\sue\appdata\local\logmein rescue applet\lmir099f3001.tmp\lmi_rescue_srv.exe => No File CMD: DISM /Online /Cleanup-Image /RestoreHealth CMD: SFC /scannow CMD: findstr /c:"[SR]" \windows\logs\cbs\cbs.log CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" Reboot: