[Riskware.Bitcoin won't get removed]

That was all. Thank you very much!

[Riskware.Bitcoin won't get removed]

Here you are

Quarantine.zip

[Riskware.Bitcoin won't get removed]

It seems to be fixed!!! Thank you very much! 

[Riskware.Bitcoin won't get removed]

Here ya go

Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Matty (12-04-2018 20:29:16) Run:1
Running from C:\Users\Matty\Documents
Loaded Profiles: Matty (Available Profiles: defaultuser0 & Matty & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:

Folder: C:\USERS\MATTY\APPDATA\LOCAL\ADOBE
Folder: C:\Users\Matty\AppData\Local\uTorrent

HKU\S-1-5-21-2766406951-2358876014-240483687-1001\...\RunOnce: [Application Restart #1] => C:\Users\Matty\AppData\Local\Vivaldi\Application\vivaldi.exe [921720 2017-06-21] (Vivaldi Technologies AS)
HKU\S-1-5-21-2766406951-2358876014-240483687-1001\...\RunOnce: [Application Restart #0] => C:\Users\Matty\AppData\Local\Vivaldi\Application\vivaldi.exe [921720 2017-06-21] (Vivaldi Technologies AS)

S2 a43f7eceaf48762e8e45f8af30279334; "C:\Program Files\a43f7eceaf48762e8e45f8af30279334\37f7a949f4a43f143323d36da1b3fcad.exe" [X]

Task: {2A924FD6-3FC0-48E7-9D8D-6B09F0E7E7F7} - System32\Tasks\{3110C9B6-D729-9846-56BA-53939BF12A8A} => C:\Users\Matty\AppData\Roaming\Euso.exe [1624-02-24] (Microsoft Corporation) <==== ATTENTION
Task: {9D1359C6-70F3-4158-955E-E5A24E084CAA} - \Microsoft\Windows\UNP\RunCampaignManager -> No File <==== ATTENTION
Task: {FB310302-8E79-4BF5-92E7-2FC358A006A2} - System32\Tasks\{1F414DB7-00AD-41DF-3E37-440215E6BE88} => C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe [1624-02-24] (Microsoft Corporation) <==== ATTENTION

AlternateDataStreams: C:\Users\Public\AppData:CSM [478]

FirewallRules: [{B90D7E91-2C38-492F-A3BB-F0A4599BD7DB}] => (Allow) C:\WINDOWS\SysWOW64\msiexec.exe
FirewallRules: [{33799184-8655-40F5-821B-0B62ABB24115}] => (Allow) C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe
FirewallRules: [{43CBDC0E-0EB9-405A-B801-A686EFA20997}] => (Allow) C:\Users\Matty\AppData\Roaming\Euso.exe

C:\82ace7d6-0197-474d-bf4b-a2043e72329b
C:\Program Files (x86)\letyshops Company
C:\Program Files\a43f7eceaf48762e8e45f8af30279334
C:\Users\Matty\AppData\Local\updater.log
C:\Users\Matty\AppData\Local\UserProducts.xml
C:\Users\Matty\AppData\Local\wbem.ini
C:\Users\Matty\AppData\Roaming\Euso.exe
C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe
C:\Users\Matty\AppData\Roaming\IVIxIII.exe
C:\WINDOWS\SysWOW64\conhost64.exe

EmptyTemp:
*****************

Processes closed successfully.
Error: (0) Failed to create a restore point.

========================= Folder: C:\USERS\MATTY\APPDATA\LOCAL\ADOBE ========================

====== End of Folder: ======

========================= Folder: C:\Users\Matty\AppData\Local\uTorrent ========================

====== End of Folder: ======

"HKU\S-1-5-21-2766406951-2358876014-240483687-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #1" => not found
"HKU\S-1-5-21-2766406951-2358876014-240483687-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Application Restart #0" => not found
"HKLM\System\CurrentControlSet\Services\a43f7eceaf48762e8e45f8af30279334" => removed successfully
a43f7eceaf48762e8e45f8af30279334 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A924FD6-3FC0-48E7-9D8D-6B09F0E7E7F7}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A924FD6-3FC0-48E7-9D8D-6B09F0E7E7F7}" => removed successfully
C:\WINDOWS\System32\Tasks\{3110C9B6-D729-9846-56BA-53939BF12A8A} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3110C9B6-D729-9846-56BA-53939BF12A8A}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9D1359C6-70F3-4158-955E-E5A24E084CAA}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D1359C6-70F3-4158-955E-E5A24E084CAA}" => removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB310302-8E79-4BF5-92E7-2FC358A006A2}" => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB310302-8E79-4BF5-92E7-2FC358A006A2}" => removed successfully
C:\WINDOWS\System32\Tasks\{1F414DB7-00AD-41DF-3E37-440215E6BE88} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{1F414DB7-00AD-41DF-3E37-440215E6BE88}" => removed successfully
C:\Users\Public\AppData => ":CSM" ADS removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B90D7E91-2C38-492F-A3BB-F0A4599BD7DB}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{33799184-8655-40F5-821B-0B62ABB24115}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{43CBDC0E-0EB9-405A-B801-A686EFA20997}" => removed successfully
C:\82ace7d6-0197-474d-bf4b-a2043e72329b => moved successfully
C:\Program Files (x86)\letyshops Company => moved successfully
"C:\Program Files\a43f7eceaf48762e8e45f8af30279334" => not found
C:\Users\Matty\AppData\Local\updater.log => moved successfully
C:\Users\Matty\AppData\Local\UserProducts.xml => moved successfully
C:\Users\Matty\AppData\Local\wbem.ini => moved successfully
C:\Users\Matty\AppData\Roaming\Euso.exe => moved successfully
C:\Users\Matty\AppData\Roaming\HdudhIlJBAu.exe => moved successfully
C:\Users\Matty\AppData\Roaming\IVIxIII.exe => moved successfully
C:\WINDOWS\SysWOW64\conhost64.exe => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 9723904 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 196891462 B
Java, Flash, Steam htmlcache => 63133693 B
Windows/system/drivers => 6079521 B
Edge => 4209142 B
Chrome => 191810794 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 15693 B
LocalService => 69632 B
NetworkService => 678956 B
defaultuser0 => 0 B
Matty => 1475297357 B
Administrator => 9342 B

RecycleBin => 95409708 B
EmptyTemp: => 1.9 GB temporary data Removed.

================================

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 12-04-2018 20:30:41)

Result of scheduled keys to remove after reboot:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\UNP\RunCampaignManager => could not remove. Access Denied.

==== End of Fixlog 20:30:41 ====

[Riskware.Bitcoin won't get removed]

Addition.txt

FRST.txt

[Riskware.Bitcoin won't get removed]

I actually can't open the link, anything with FRST in the URL or webpage and the virus shuts my browser down.

Edit: Restarted my PC and downloaded it, will post again with results

[Riskware.Bitcoin won't get removed]

Here you are, thank you for the reply

oh boy.txt

[Riskware.Bitcoin won't get removed]

Hi,

I managed to download a bitcoin miner while downloading mods for GTAV, and no matter how many times  I scan using malwarebytes it won't go. After the system restart it persists and slows my PC down so much that it struggles with even CS:GO. I can't download FRST or RogueKiller because as soon as I type it in any browser, the browser closes as if the malware is closing it before I can use either tool to kill it. 

Please end my suffering lol