cucumberwhite123120

Thank you so much Kevin, I really appreciate the speedy responses and especially the help you provided. Now I have one less thing to worry about, thank you!

Everything seems fine thus far, I am just concerned with potential keylogging of the sort, but if nothing was picked up I suppose I can rest easy. Thanks!

I've attached the fixlog. As always, many thanks! Fixlog.txt

Appreciate the swift response, here are the logs. Thank you FRST.txt Addition.txt

Fixlog.txt Hello again, Sorry for the wait, Sophos AV finally finished and picked up 0 threats, great! Here is the fixlog.txt Thank you!

Thank you so much for the response! Sophos sure is going to take a long long time, the progress bar hasn't budged in half an hour. Will update immediately when it is finished.

Hello, due to my own stupidity, I was infected with malware recently. The notable .exes that I remember are weather.exe (adware?), and maskVPN, along with many changes to my windows task folder. I also dug around and see what folders and files were added/modified at the time of the attack. I followed some of the steps mentioned in similar scenarios, by first doing a malwarebyte scan including rootkit, and then adwcleaner, followed by Farbar Recovery Scan Tool. I will attach some of the files down below. Sorry I am not technological sound but after the scans were completed here are the files I did not recognize that still exist, I made sure that they were created around the same time the malware was installed: In my System32/Tasks folder, I noticed many windows task files randomly named. Examples are "godfathers" "titans" "stir" "odorous_gears" A folder named maskVPN was found somewhere which I deleted. A folder created during the time of attack named Python was found somewhere which I deleted. A folder containing weather.exe was found and deleted. (This was what caught my attention initially, as when I tried clicking the uninstall.exe in this unknown program, led to some audio adware) A folder named "CLR Security Config" and security.config.cch inside it, under AppData/Roaming/Microsoft Among those folders, there were also many "intermission.exe" scattered around. Even after the scans, I still see a folder located in my System32/DriverStore/FileRepository called oemvista.inf_amd64_a572b7f20c402d28 was created during the attack. Inside contained "oemvista.PNF" "oemvista.inf" "tap0901.sys" But I could not delete it because "You require permission from SYSTEM to make changes to this folder" This folder above is related to maskVPN I believe because in Windows>INF, setupapi.dev.log, I found a log of when maskVPN device installed, and it created/altered folders above. I will attach that part of the log below. Please check! I also noticed that when I checked my windows defender, in App and browser control, the setting "Check apps and files" is greyed out and selected at "Off" out of the three "Block" "Warn" "Off". I could not change it to "Block" due to "This setting is managed by your administrator" I'm afraid that it had made many changes to my PC including the registry. I've attached 2 Malwarebyte scans because the first I closed before it was properly finished. I also attached adwCleaner logs and FRST and Addition. Any help will GREATLY be appreciated, thank you so much in advance! First Malwarebyte Scan.txt Second malwarebyte scan.txt AdwCleaner[S00].txt AdwCleaner[C00].txt setupapi.dev.log.txt FRST.txt Addition.txt