Alice.
When Carol sent coins to Alice it was a Pay2PubKeyHash transaction. The address Alice gave Carol contains the PubKeyHash. So the output of Carol's txn (called PkScript) contains only the PubKeyHash.
When Alice spends that txn she needs to include in the input (ScriptSig) the PubKey which hashes to the PubKeyHash in the prior txn.
When Carol sent coins to Alice it was a Pay2PubKeyHash transaction. The address Alice gave Carol contains the PubKeyHash. So the output of Carol's txn (called PkScript) contains only the PubKeyHash.
When Alice spends that txn she needs to include in the input (ScriptSig) the PubKey which hashes to the PubKeyHash in the prior txn.
So in this transaction,
90db022100e2ac980643b0b82c0e88ffdfec6b64e3e6ba35e7ba5fdd7d5d6cc8d25c6b241501 is Alice's public key.
And in the output ,
the <pubkeyhash> 404371705fa9bd789a2fcd52d2c580b65d35549d should be the receiver Bob's public key hash?
But the script will verify if <pubKeyHash> is the hash of <pubKey>. How can Alice's public key relate to Bob's, they won't match right?