Fix result of Farbar Recovery Scan Tool (x64) Version: 28-06-2016
Ran by STEVE (2016-06-29 12:23:11) Run:1
Running from C:\Users\STEVE\Desktop\FRST
Loaded Profiles: STEVE (Available Profiles: STEVE)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {32F5906F-C607-4E38-B841-778F70DAD154} - System32\Tasks\{F21F738D-ED35-4539-BD07-306E0425CBA2} => pcalua.exe -a C:\Users\STEVE\Downloads\LeagueofLegends_EUNE_Installer_9_15_2014.exe -d C:\Windows\SysWOW64 -c /groupsextract:100;101;102; /out:"C:\Users\STEVE\AppData\Roaming\Riot Games\League of Legends\prerequisites" /callbackid:4476
Task: {F3885606-77CA-47A9-BF7E-742E0850EE49} - System32\Tasks\STEVE => /c REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /f /v STEVE /t REG_SZ /d "explorer.exe hxxp://kb-ribaki.org"
HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\...\Run: [STEVE] => explorer.exe hxxp://kb-ribaki.org
HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\...\Run: [safe_urls768] => C:\Users\STEVE\AppData\Roaming\Browser-Security\s768.exe [2548944 2016-06-20] ()
AppInit_DLLs: prio.dll => C:\Program Files\Prio\prio.dll [17264 2012-11-08] (O&K Software)
AppInit_DLLs-x32: prio32.dll => C:\Program Files\Prio\prio32.dll [15216 2012-11-08] (O&K Software)
FF user.js: detected! => C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\xdt2bnbq.default-1457814960153\user.js [2016-06-25]
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
S3 esgiguard; \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-06-24] ()
S3 EsgScanner; C:\Windows\SysWOW64\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
C:\Windows\System32\DRIVERS\EsgScanner.sys
2016-06-25 00:21 - 2016-06-25 00:21 - 00002288 _____ C:\Users\STEVE\Desktop\SpyHunter.lnk
2016-06-25 00:21 - 2016-06-25 00:21 - 00000000 ____D C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2016-06-25 00:21 - 2016-06-25 00:21 - 00000000 ____D C:\Users\STEVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-06-25 00:21 - 2016-06-25 00:21 - 00000000 ____D C:\Program Files (x86)\Enigma Software Group
2016-06-25 00:20 - 2016-06-25 00:20 - 43123559 _____ C:\Users\STEVE\Downloads\SpyHunter PRO 4.17.6.4336.rar
2016-06-25 00:20 - 2015-10-31 16:18 - 00000000 ____D C:\Users\STEVE\Downloads\SpyHunter PRO 4.17.6.4336
RemoveDirectory: C:\Program Files (x86)\Enigma Software Group
HOSTS:
EmptyTemp:
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{32F5906F-C607-4E38-B841-778F70DAD154}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{32F5906F-C607-4E38-B841-778F70DAD154}" => key removed successfully
C:\Windows\System32\Tasks\{F21F738D-ED35-4539-BD07-306E0425CBA2} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F21F738D-ED35-4539-BD07-306E0425CBA2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{F3885606-77CA-47A9-BF7E-742E0850EE49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F3885606-77CA-47A9-BF7E-742E0850EE49}" => key removed successfully
C:\Windows\System32\Tasks\STEVE => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\STEVE" => key removed successfully
HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\Software\Microsoft\Windows\CurrentVersion\Run\\STEVE => value removed successfully
HKU\S-1-5-21-3752283675-2823485076-2424835410-1000\Software\Microsoft\Windows\CurrentVersion\Run\\safe_urls768 => value removed successfully
"prio.dll" => Value data removed successfully.
"prio32.dll" => Value data removed successfully.
C:\Users\STEVE\AppData\Roaming\Mozilla\Firefox\Profiles\xdt2bnbq.default-1457814960153\user.js => moved successfully
SpyHunter 4 Service => Service stopped successfully.
SpyHunter 4 Service => service removed successfully
esgiguard => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
EsgScanner => service removed successfully
EsgScanner => service not found.
C:\Windows\System32\DRIVERS\EsgScanner.sys => moved successfully
C:\Users\STEVE\Desktop\SpyHunter.lnk => moved successfully
C:\Windows\AF54923662584AC6A0435B5B89C6EB61.TMP => moved successfully
C:\Users\STEVE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter => moved successfully
C:\Program Files (x86)\Enigma Software Group => moved successfully
C:\Users\STEVE\Downloads\SpyHunter PRO 4.17.6.4336.rar => moved successfully
C:\Users\STEVE\Downloads\SpyHunter PRO 4.17.6.4336 => moved successfully
"C:\Program Files (x86)\Enigma Software Group" => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14858389 B
Java, Flash, Steam htmlcache => 400503914 B
Windows/system/drivers => 62577601 B
Edge => 0 B
Chrome => 0 B
Firefox => 385152336 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 35152 B
systemprofile32 => 692 B
LocalService => 132244 B
NetworkService => 692 B
STEVE => 4243132226 B

RecycleBin => 0 B
EmptyTemp: => 4.8 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 12:24:09 ====