Mentioned at the end of my previous rant, if the spyware loads in safe mode, you'll have to boot to "Safe mode with command prompt."

First, boot to regular GUI safemode and copy all of your spyware tools from a CD to the machine. Run HijackThis and see which malicious DLLs are attached to the fundamental services like Winlogin. Also HijackThis and Process Explorer will show you hidden processes that Task Manager can't, so make note of those.

Then reboot to safe mode command prompt, and start HijackThis. It loads graphically (like everything else will) so use its Run ability to browse directory trees to your other spyware tools.

My Winlogin cleaning notes are not on hand, but here's a start. Since you know the malicious DLL and EXE names, find and delete them. You may need to access the Services portion of the registry (I think it's triplicated, so check each one). Remove references to the bad files and, possibly, recreate good references to the real files by retyping the info from a known good computer.

Cleaning spyware by hand is fun. Too bad it's so well hidden that I don't see it anymore.