Freezing Laptop

What are the below folders for?

Code:

 
d-----w                 0 2013-12-30 13:11:11  C:\Users\wangjihua
d-----w                 0 2013-11-28 17:53:22  C:\Users\wangzhisong

Uninstall the below programs. If you do not find them or they will not uninstall, just keep going.
Ask Shopping Toolbar
Better Surf Plus
Java(TM) 6 Update 39
Media Buzz
Media Player
Media View
Media Viewer
Media Watch
Spybot - Search & Destroy
Yahoo! Software Update
Yahoo! Toolbar

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista or Win 7, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O2 - BHO: Ask Shopping Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" (file missing)
O2 - BHO: RichMediaViewV1release324 - {e675a651-5d9a-4cf4-8756-325bf67ca5a4} - C:\Program Files (x86)\RichMediaViewV1\RichMediaViewV1release324\ie\RichMediaViewV1release324.dll (file missing)
O3 - Toolbar: Ask Shopping Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ\Passport.dll" (file missing)
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

After clicking Fix, exit HJT.

Please download OTM by Old Timer and save it to your Desktop.

• Run OTM.exe by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).
• Copy the lines from the below codebox to the clipboard by highlighting ALL of them and pressing CTRL + C
  (or, after highlighting, right-click and choose Copy): Do not include the word Code: which is just a title line of
  the code box

Code:

:Processes
explorer.exe

:Services
APNMCP
gupdate
gupdatem
YahooAUService
 
:Files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655818274-1756423287-599237998-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3655818274-1756423287-599237998-1000UA.job
C:\Program Files (x86)\Mobogenie
C:\ProgramData\APN
C:\ProgramData\AskPartnerNetwork
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\MediaBuzzV1
C:\Program Files (x86)\MediaPlayerV1
C:\Program Files (x86)\MediaViewerV1
C:\Program Files (x86)\MediaViewV1
C:\Program Files (x86)\MediaWatchV1
C:\Program Files (x86)\RichMediaViewV1
C:\Users\User\AppData\Local\TBHostSupport
C:\Program Files (x86)\AskPartnerNetwork
C:\Program Files (x86)\RichMediaViewV1
C:\Users\User\AppData\Local\Temp\*.*

¤¤¤ Web browsers : 2 ¤¤¤
[PUP][CHROME:Addon] Default : Ask Toolbar [aaaaojmikegpiepcfdkkjaplodkpfmlo] -> FOUND
[PUP][CHROME:Addon] Default : MySearchDial [pflphaooapbgpeakohlggbpidpppgdff] -> FOUND

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e675a651-5d9a-4cf4-8756-325bf67ca5a4}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentVersion\Run]
"mobilegeni daemon"=-
"ApnTBMon"=-
[HKEY_LOCAL_MACHINE\software\Wow6432Node\microsoft\windows\currentVersion\Run]
"mobilegeni daemon"=-
"ApnTBMon"=-
[HKEY_USERS\S-1-5-21-3655818274-1756423287-599237998-1000\Software\Microsoft\Windows\CurrentVersion\run]
"Google Update"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{95CB64C3-65AD-45FA-8CBB-D5B85F7AE56F}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{EBBD73F5-7D87-449B-828F-B6B1084D8E55}]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{FA826356-5087-481A-8DC9-79E773F22198}]
:Commands
[purity]
[EmptyTemp]
[start explorer]
[Reboot]

• Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar
  ) and choose Paste.
• Now click the large http://forums.majorgeeks.com/chaslang/images/MoveIt!.png button.
• If OTM asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
• Close OTM.

Now navigate to the C:\_OTM\MovedFiles folder ( assuming your Windows drive is C). This is where your log will be
saved in the form of Date and Time mmddyyyy_hhmmss.log. Just look for the most recent .log file. Attach
this log file to your next message.

Now please download Junkware Removal Tool to your desktop.

• Shut down your protection software now to avoid potential conflicts.
• Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
• The tool will open and start scanning your system.
• Note: That JRT may reset your home page to a google default so you will need to restore your home page setting if this happens.
• Please be patient as this can take a while to complete depending on your system's specifications.
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
• Attach JRT.txt to your next message.

Now run the C:\MGtools\GetLogs.bat file by double clicking on it (Note: if using Vista, Win7 or Win8, don't double click, use right click and select Run As Administrator).

Then attach the below logs:

• the C:\_OTM\MovedFiles log
• the JRT.TXT log
• C:\MGlogs.zip

Make sure you tell me how things are working now!

 

You're welcome.

Then delete those two folders.

Not seeing any reasons for this that would be related to malware. I assume you are using Internet Explorer ? Try resetting it back to defaults.

Reset Internet Explorer 9, 10, and 11 to Defaults

Also try using another browser like Firefox or Chrome to see if it occurs with them too but make sure only one browser is ever opened at any time.

 

Okay I still do not think it is malware based on your current logs, but let's run one more scan.

Now download and save a copy of combofix.exe and save it directly onto your Desktop folder.

• Then right click on it and select Run As Administrator. Do not disturb it by clicking in the window that opens or it may stall.
• After it finishes, it may reboot your PC. Attach the C:\combofix.txt log that it creates.
• If after running Combofix you discover none of your programs will open up because you receive the following error:
  • Illegal operation attempted on a registry key that has been marked for deletion
• Then you will need to reboot your computer which will normally fix this problem.

 

No real malware issues there either.

Possibly a hardware problem of some sort, maybe over heating, maybe a memory issue, or maybe an issue related to Norton. Cannot say for sure. All I can say is based on your logs, it is not a malware issue. You can post in the Software or Hardware Forums to continue and possible run some other hardware tests on the PC ( like memory and hard disk tests....etc ).