http://www.mcse.ms/message1765635.html
Also, a lot of forums suggest "Hijack This"
Yes, I used Hijackthis, too, at the behest of the man on the other end of the phone. That was how we found out where the malware was. However, as the "winfixer" was uninstalled, it installed yet another piece of it, which Nortons did find and removed. Something called "blackbox" something or other.