There are a lot of variants of the Winfixer spyware. Some of them are easy to remove by booting into safe mode and running Spybot or Adaware.
I encountered a very persistent version recently. The symptoms are:
1) wsup.exe and wtoolsa.exe are always running in the task manager. When you end either process it just restores itself.
2) Wintools always loading when checked with msconfig.
3) Unable to delete the BHOs by using Hijackthis. They keep coming back.
4) Unable to rename or delete the c:\program files\common files\wintools folder. It says that access is denied or that another process is running.
The only procedure that worked for me was to install the 14-day demo version of the great Ewido program at http://www.ewido.net. After installation ewido was able to catch and deactivate the Wtools spyware programs long enough for me to delete the wintools folder.
After that it was an easy matter of cleaning up msconfig and deleting all instances of “wintools” in the registry.