I'm using an ASUS Q502LA-BBI5T12 and running Windows 10.
The day before yesterday, my internet browser froze up followed by the rest of my programs, although I could still move my mouse. The screen eventually went black, again except for my mouse, forcing me to do a hard shutdown. To my knowledge, no new updates have been installed, and no new programs. The day before this happened, I unwittingly visited an infected site which tried to redirect my browser, so I'm worried something found its way in. I've experienced no freezing up since.
I immediately scanned with Avira, MBAM, and checked for corrupted files with the System File Checker and found nothing. Towards the end of the SFC scan (at 92%), I received a notification stating: "Check virus protection - Windows Defender and Avira Antivirus are both turned off. Tap or click to see installed antivirus apps. Security and Maintenance" When clicked, Avira seemed to be working fine, and Windows Defender has always been disabled. A second Avira scan in Safe Mode turned up nothing. Last, I checked the event log for a possible cause of the freezing up and found this event: 4118 Avira Antivirus. The only threads online I could find pertaining to it involved peoples' computers being infected with adware or trojans, which has me concerned.
The description for the event 4118 was: "EXCEPTION calling function IThread(ProtocolSrvConThread)::run() for the file unknown [ACCESS_VIOLATION Exception!! EIP = 0x72191561] Please inform Avira and submit the appropriate file!"
I can paste the entire event if needed, or post a screenshot.
While trying to make a backup using Cobian Backup as per the Preparation Guide, Avira alerted me of two files, one labeled "virus" and one labeled "suspicious". The virus listed was HEUR/Suspar.Gen and was found on my removable hard drive D, seemingly in the file created by Cobain Backup. The suspicious file listed was located in the C drive, AppData\Roaming\sp_data.sys. I was trying to make a backup copy of the C drive when these were found. The files seem to be in Avira's quarantine right now. I thought this might have solved my issue, but I've also noticed two or three extra COM Surrogate processes pop up in Task Manager when it's first opened, only to disappear when I try to view the file location. Sometimes one of the COM Surrogates will have my disk running at 100% for a few seconds after opening Task Manager, too. After the two file notifications from Avira, I scanned with MBAM and Avira and found nothing. Were the files caught by Avira false positives, or are the duplicate COM Surrogates normal?
I'm sorry for the wall of text, and I'd greatly appreciate any help because this whole thing has me worried sick.
Edited by roundrabbit, 27 October 2016 - 08:38 PM.