Fixlist - Inner-Ad5606 ; rifteyy.org

How to use this fixlist
1. Click Download as fixlist.txt (or copy and save manually as fixlist.txt - not fixlist.txt.txt)
2. Place the file in the same folder as FRST.exe / FRST64.exe
3. Save all open work and close all applications - FRST may close running programs and unsaved work will be lost
4. Run FRST as Administrator and click Fix
5. Post the content of Fixlog.txt back in the thread

Warning: Only run a fixlist prepared specifically for your system. Running someone else's fixlist will not work effectively even if you have similiar infection symptoms and may cause removal of legitimate entries or even system damage.

Start::
SystemRestore: On
CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [RTHDVCPL] => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s (No File)
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 1
HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate: Restriction <==== ATTENTION
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mscontainer.lnk [2026-03-14] <==== ATTENTION
Task: {8B096442-B3AC-40D1-B944-9BD9022A0EBD} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem47.0.7703.3{47263A17-2D66-43B9-9692-30514D0C1AEC} => C:\Windows\system32\conhost.exe [1003520 2026-02-28] (Microsoft Windows -> Microsoft Corporation) -> --headless %SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe -NoP -ExecutionPolicy Bypass -WindowStyle Hidden -Command "sal psv1 C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe; .(gal ?rm) 45.10245905/load | .('ROGieROGx'.Replace('ROG', ''))}" <==== ATTENTION
Task: {1C296408-0161-4A53-8648-AE4E28F3BE18} - System32\Tasks\Microsoft\Windows\Clip\ClipESU => %SystemRoot%\system32\clipesu.exe  (No File)
Task: {290C488E-EBCE-4FCA-ACD4-405105497BBA} - System32\Tasks\Microsoft\Windows\Clip\ClipESUConsumer => %SystemRoot%\system32\ClipESUConsumer.exe  -evaluateEligibility (No File)
Task: {0C3800B1-B3D0-4738-9996-704404819907} - System32\Tasks\Microsoft\Windows\Clip\ClipESUConsumerProcessECUpdate => %SystemRoot%\system32\ClipESUConsumer.exe  -persistEligibilityStatus (No File)
Task: {E0FF133E-AFE9-4068-89CC-A05F29869BCF} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder => %SystemRoot%\system32\ClipESUConsumer.exe  -postProcessPreOrder (No File)
Task: {FA56DC8F-3FC5-4A19-ADC7-95C3A79205D7} - System32\Tasks\Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund => %SystemRoot%\system32\ClipESUConsumer.exe  -processRefund (No File)
Task: {CE15006F-E42F-4017-A719-49D36303581E} - System32\Tasks\Microsoft\Windows\Clip\EnableClipESU => %SystemRoot%\system32\clipesu.exe  -e (No File)
Task: {E88D9B2C-DDEA-47B2-9582-085153004DB5} - System32\Tasks\Microsoft\Windows\Location\Notifications => %windir%\System32\LocationNotificationWindows.exe  (No File)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe  (No File)
Task: {CAB76809-EDC0-40D2-A888-AD9BEDF4E88A} - System32\Tasks\Microsoft\Windows\UNP\RunUpdateNotificationMgr => %windir%\System32\UNP\UpdateNotificationMgr.exe  (No File)
Task: {05D43658-1414-4B2F-9F52-29BABA2A2B00} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe  /RunOnAC RebootDialog (No File)
Task: {C741C114-0364-4EFC-9097-B259F0FCC8F9} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe  /RunOnBattery RebootDialog (No File)
Task: {F3E6E7ED-A196-4E44-8803-55FAB3AD4E29} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe  (No File)
Task: {0F4C8156-A444-4115-9D2E-F46098DF0895} - System32\Tasks\OneDrive Reporting Task-S-1-5-21-2977618056-1424593733-763983003-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  /reporting (No File)
Task: {F860D32D-8695-4001-8BEA-C426AAD28A5C} - System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2977618056-1424593733-763983003-500 => %localappdata%\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe  (No File)
Task: {F60DE1B2-6314-4F23-9474-7C9814DB1DB1} - System32\Tasks\Windows Perflog => C:\Windows\system32\conhost.exe [1003520 2026-02-28] (Microsoft Windows -> Microsoft Corporation) -> --headless powershell.exe -NoProfile -ExecutionPolicy Bypass -WindowStyle Hidden -Command "sal psv1 $env:SystemRoot\System32\WindowsPowerShell\v1.0\powershell.exe; .(gal ?rm) 45.10245905/load | .('ROGieROGx'.Replace('ROG', ''))" <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
S2 SunshineService; C:\Program Files\Sunshine\tools\sunshinesvc.exe [X]
S2 mbamchameleon; \SystemRoot\System32\Drivers\MbamChameleon.sys [X]
2026-03-14 13:34 - 2026-03-14 13:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resident Evil HD REMASTER [GOG.com]
2026-03-13 23:37 - 2026-03-13 23:37 - 000000000 ____D C:\Users\User\AppData\Roaming\RenPy
2026-03-13 23:37 - 2026-03-13 23:37 - 000000000 ____D C:\Users\User\AppData\Roaming\com_app_rest
2024-11-20 21:07 - 2024-11-20 21:07 - 000000048 ____R () C:\Users\User\AppData\Local\7A8E381A7A653FF14AFC90D6B7BDBD1B
2025-08-19 19:03 - 2025-10-15 18:46 - 000000032 _____ () C:\Users\User\AppData\Roaming\msregsvv.dll
2026-03-13 23:37 - 2026-03-13 23:37 - 000414552 _____ (Safer Networking Ltd.) C:\ProgramData\NexusFab.exe
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive6] -> {9AA2F32D-362A-42D9-9328-24A483E2CCC3} =>  -> No File
ShellIconOverlayIdentifiers-x32: [ OneDrive7] -> {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} =>  -> No File
ContextMenuHandlers1: [Kaspersky Standard 21.23] -> {D9041D61-FA30-46C1-9E66-79BF99026645} =>  -> No File
ContextMenuHandlers2: [Kaspersky Standard 21.23] -> {D9041D61-FA30-46C1-9E66-79BF99026645} =>  -> No File
ContextMenuHandlers4: [Kaspersky Standard 21.23] -> {D9041D61-FA30-46C1-9E66-79BF99026645} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
CustomCLSID: HKU\S-1-5-21-2977618056-1424593733-763983003-1001_Classes\CLSID\{0002DF01-0000-0000-C000-000000000046}\localserver32 -> "C:\Users\User\AppData\Local\360extremebrowser\Chrome\Application\360extremebrowser.exe" => No File
CustomCLSID: HKU\S-1-5-21-2977618056-1424593733-763983003-1001_Classes\CLSID\{0e065295-40e5-fbff-a113-a775a5c84d70}\localserver32 -> "C:\Program Files (x86)\Steam\steamapps\common\DSX\Main\DSX.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2977618056-1424593733-763983003-1001_Classes\CLSID\{13357088-9834-0409-1600-134951500000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2977618056-1424593733-763983003-1001_Classes\CLSID\{2db59e37-0d0f-9458-c133-85e699bb3bdd}\localserver32 -> "C:\Program Files (x86)\Razer\Razer Axon\RazerAxon.exe" -ToastActivated => No File
CustomCLSID: HKU\S-1-5-21-2977618056-1424593733-763983003-1001_Classes\CLSID\{38142727-3008-9161-1521-349515000000}\localserver32 -> "C:\Program Files\Adobe\Acrobat DC\Acrobat\ADNotificationManager.exe" -ToastActivated => No File
AlternateDataStreams: C:\ProgramData\DP45977C.lfl:677104FCAA [2594]
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`bfjhjkiihj [0]
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`pgyjhjiiiio [0]
AlternateDataStreams: C:\ProgramData\Reprise:jhqduwvxlctbqqijsf`usjbm`vovtfe.qpsu.obnfjhjkiihj [0]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epic Games Launcher.lnk:BE32D07BC5 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:BE800952D3 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint.lnk:1DC1525F34 [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher.lnk:104946E0EA [2594]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business.lnk:7D9589121D [2594]
AlternateDataStreams: C:\Users\Public\Shared Files:VersionCache [8150]
AlternateDataStreams: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Asphalt 9: Legends.lnk [3544]
C:\ProgramData\Reprise
C:\GOG Games\resident\Free Files Downloaded

EmptyTemp:
End::