First attempt at Hijack this (expert help for a beginner please)

[Travisss1313]

I have recently encountered a problem, my task manager and regedit will close within a second. I saw other people have had this problem. I downloaded to hijackthis program that others have said to do, i fixed the processes that i saw that mathed to DIY file in the forums here somewhere. here is a copy of my hjt scan, help is very much appreciated. Thanks.

 

[RealBlackStuff]

Boot in Safe Mode
Switch off System Restore
Press ctrl/alt/del and in Taskmanager try to stop:
WINRAR32.EXE
touristart.exe
bootoxk.exe

Next, run Hijackthis on its own and let it 'fix':
C:\WINDOWS\system32\WINRAR32.EXE <<== Fake !! >>
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vwvortex.com/
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O4 - HKLM\..\Run: [touristart.exe] C:\WINDOWS\system32\touristart.exe
O4 - HKLM\..\Run: [bootoxk.exe] C:\WINDOWS\system32\bootoxk.exe
O4 - HKLM\..\Run: [Winrar Compression Utility] WINRAR32.EXE
O4 - HKCU\..\Run: [touristart.exe] C:\WINDOWS\system32\touristart.exe
O4 - HKCU\..\Run: [bootoxk.exe] C:\WINDOWS\system32\bootoxk.exe
O4 - HKCU\..\RunOnce: [Winrar Compression Utility] WINRAR32.EXE

When done, delete the bold files.
Boot normal.
When all is OK, start System Restore.

 

[Travisss1313]

Thank you very much. This will not damage my WinRar program at all? And mt deleating bold files, do you mean search for them and delete them manually?

Ok, i did all taht in safe mode and everything seems to be working normall again. Thanks a lot! here is the new hjt summary.

also, how can i deleat the C:/ type processes at the top of the summary, that dont show up on the actual scan? or do i need not worry about those.

 

[RealBlackStuff]

winrar.exe is the real program, WINRAR32.EXE is not.

In Windows Explorer, make sure that the option to "show all files and folders, including hidden and system" is turned on.
Or see here how to do that: http://www.bleepingcomputer.com/forums/tutorial62.html

In Explorer, go to C:\WINDOWS\system32\ all files are in there, delete them manually.
Then immediately empty your Recycle Bin.