Maybe it was a false positive by Norton if everything else including Norton is saying you are clean now but if you want piece of mind, you could post a HijackThis log in one of the forums that diagnosis those. I would also, when you are back up and running stay away from XoftSpy. They used to be on the rogue products list but were taken off according to the note on Eric Howe's list but I have seen a number of people still complaining about that product. Personally, I would not trust it.

If you decide to post a HJT log, this is how and where to do that. HijackThis is a great tool but is dangerous if used without knowing exactly what to delete with it so there are forums that have experts that have been trained in using it so I would suggest bring your log to one of them. Please be patient with whoever you bring your log to, they are very busy. You'll have to join whichever forum you decide to bring it to but that is not a big deal and is the same as joining CNET.

HijackThis download locations:

Current version of HijackThis is 1.99.1 (released Feb. 16, 2005)

Where to put and how to use HijackThis:

It is important that you run HijackThis.exe in its own folder so the backup files that HijackThis creates will not be accidentally deleted.

Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed on)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there, and double click to run it.

Click 'Scan' button. Click 'Save log' button. Save the 'hijackthis.log' in your desktop. Copy and paste the content of 'hijackthis.log' and post it at one of these forums. Just follow the links on these for HJT.

Other forums that offer HijackThis analysis can be found on this link in the recommended sites section on the left side of the page.