Please be advised: any indication of malware that you're seeing on your end may

1. Please be advised: any indication of malware that you're seeing on your end may not make it to us due to security restrictions that are already active on your computer. UAC is particularly robust, and although it can be bypassed, it strictly punishes malware that isn't properly encoded and is capable of stopping malicious software from reaching out to the internet.
2.  
3. I would recommend looking into the TOR traffic we've detected. The events started around 07/12/18 at approximately 04:38 UTC from the source IP of 10.10.27.254. This continues until 07/13/18 around 05:34 UTC. This is outgoing activity, so it could indicate that someone is employing TOR in the form of TORBrowser (arguably it's most consumer-friendly form).
4.  
5. It's important to remember that TOR traffic is not, in and of itself, an indicator of malicious intent. It's a viable way of maintaining an amount of anonymity on the internet, and could be currently employed in support of legitimate purposes.
6.  
7. ON MALWARE
8.  
9. From what you're saying, it sounds like you've discovered some indications of malware on your machine. I'd like to look into any indications I can find on my end -- all I'll need to get started is a timeframe. Can you tell me approximately when your firewall detected the malware? The timestamp it supplies should be sufficient to get us headed in the right direction to chase this down and make sure you're taken care of.
10.  
11. In the meantime, here's some general recommendations on dealing with malware.
12.  
13. Recommendations for dealing with potential Malware:
14.  
15. Create a bit-stream image of the affected hard drive in its current state, and store that image in a safe location. If further action against the source is possible, this step will be very important later on. Create a separate image for investigation purposes if necessary, and conduct all investigations in secured Virtual Machine environments with no network access.
16.  
17. Scan and clear the device of malware. If possible, document pertinent information during this phase, as it may assist in determining the source of the malware.
18.  
19. Re-image the device to a known good image or backup.
20.  
21. It's important to understand that it's possible malware may have spread to other devices on the network, if you have indeed been infected. Regular scanning and updating should provide you with a reasonably difficult attack surface to external threats, and could assist in detecting further infection in this case, but escalated vigilance may be necessary.
22.  
23. Please reach out if you have any questions regarding any of this, and thanks for your continued patience. I understand how frustrating this can be but will be here to help you through it to the best of my ability.