WiniFighter resisting everything

I'm infected with WiniFighter, and so far nothing has worked.

I just updated and ran Advanced System Protector. It unearthed a couple bugs, but WiniFighter is still here. Malwarebytes can't launch. Adaware tells me "Failed to connect to service." Worst of all, HiJack This won't launch either. As with Adaware, I get the hourglass symbol for just a second, and then even that disappears.

Hello, can you rename HijackThis to winlogon.exe and see if it runs.

I don't think so. It's possible I'm not doing it correctly, but I went to the Trends Micro folder, and there was only one file in there, which I dutifully renamed. Still, the $&#% thing won't launch.

Incidentally, I tried this with Anti-Malware too. In another thread I saw a recommendation to rename mbam to winlogon.exe. However, there too, no joy.

See if you can download this:

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.
  

I saved it onto Desktop and ran it, but the logfile never pops up. Perhaps not coincidentally, I get this pop-up warning from Advanced System Protector when I run it:

"Detected As: PSW-Stealer.passwordspro.t
Category: Password Hijacker
File Path: c:\docume~1\jason\locals~1\temp\rarsfx1\eds.exe"

Then it offers to upgrade me to the Pro version of their software.

Hello.
See if you can run this.
http://www.sendspace.com/pro/dl/932rpd

Do a system scan with logfile and see if the log opens.

I can't believe this! The program downloaded fine, launched in a new window, began a scan with logfile, and ... poof! It just disappeared. I repeated and it did this again. AAAARRRGGHH!

Hello.

Please download Ice Sword from HERE[LIST=1]

Are you able to extract and run it?

Yes, it worked!! Now what should I do?

• Open the Ice Sword folder and then launch IceSword.exe.
  
• Then look in the left hand bottom of the program and press "Registry"
  
• When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  
• Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key in bold:
  
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  
  
• Now look in the right side pane for two run values that are just random numbers.
  
• Once you have found the value(s), right click it and press "Delete"
  
• Okay the prompt and close IceSword.
  

See if you can run Hijack This now.

So far, no. There wasn't anything there that was just a random string of numbers. Something looked close to that, so I deleted it, but it didn't make me able to run Hijack This.

Now all that's left is:

(Default)
Advanced System Protector
iTunes Helper
Quick Time Task
Sound Max
Sound Max PnP
SynTPEnh
SynTPLpr

Hello.
Lets look under the opposite hive.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

What's under that one?

Aha! The last item on the list was WiniFighter, so I deleted it. However, still can't run Hijack This.

The remaining items on the list are:

(Default)
ctfmon.exe
MicrosoftUpdate
puncxyfv.exe

Delete this one too:

puncxyfv.exe

• Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
  Link 1
  Link 2
  
• Double click DDS.scr to run.
  
• When complete, two logs will open. Save both of the report to your Desktop.
  
• Copy and paste DDS.txt back here, I don't need to see attach.txt.