Laptop Crippled

Got a laptop here that has been rendered useless.

Upon starting up I open services tab in task manager and see that almost every service is stopped. Can't run any programs or connect to the internet.

I boot the thing in safe mode and try selective startups, activating services manually etc. etc. Reverts back upon reboot. System restore doesn't work either.

Found this place with a google search and tried all the things in the "If you have infection issues start here first.." thread. Being able to run these only in safe mode, got limited results. The only things I was able to do was CCleaner, ATF and Hijackthis. Also without internet access, I was unable to update anything.

Here is the HJT report, seems short (because of safe mode??)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:30 AM, on 07/08/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Safe mode

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\helppane.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = )
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [SmoothView] %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [00TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

--
End of file - 4506 bytes

any ideas? Thanks

Run the scan only in hijack this and fix these items:



Then boot into normal mode again and try the internet.

When you try to run malwarebytes, and superantispyware, what happens? Error message? Does it close automatically?...

The items you told me to fix were all URL's. I manually removed them from my post since I'm not allowed to post them.

In normal mode malwarebytes says it's already running, there is a process in task manager to confirm that, but does nothing at all. Tried ending the process so I could try to restart it and got a hang with 100% CPU. Had to do a hard shut down. Superantispyware does nothing either, get the spinning circle mouse pointer for a few seconds and then it stops.

I was able to download the update files from this computer and manually update malwarebytes and superantispyware using a usb drive. Again in safe mode since it won't even detect USB in normal mode.

In normal node literally nothing works. Almost every service is stopped so any program I try to start says dependencies needed aren't running.

Here are my logs form malwarebytes and superantispyware. Again in safe mode......

Malwarebytes' Anti-Malware 1.46


Database version: 4363

Windows 6.0.6001 Service Pack 1 (Safe Mode)
Internet Explorer 8.0.6001.18928

07/08/2010 1:31:46 PM
mbam-log-2010-08-07 (13-31-46).txt

Scan type: Full scan (C:\|)
Objects scanned: 234616
Time elapsed: 52 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




SUPERAntiSpyware Scan Log


Generated 08/07/2010 at 01:42 PM

Application Version : 4.41.1000

Core Rules Database Version : 5324
Trace Rules Database Version: 3136

Scan type : Complete Scan
Total Scan Time : 00:41:58

Memory items scanned : 331
Memory threats detected : 0
Registry items scanned : 7789
Registry threats detected : 0
File items scanned : 28737
File threats detected : 17

Adware.Tracking Cookie
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@doubleclick[1].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@msnonecare.112.2o7[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@2o7[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@ad.yieldmanager[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@adinterax[1].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@atdmt[1].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@bluestreak[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@bs.serving-sys[1].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@casalemedia[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@content.yieldmanager[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@content.yieldmanager[3].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@serving-sys[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@msnportal.112.2o7[1].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@msnservices.112.2o7[2].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@questionmarket[1].txt
C:\Users\brad\AppData\Roaming\Microsoft\Windows\Cookies\Low\brad@richmedia.yahoo[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@2o7[2].txt


thanks for looking into it.